Webmin 1.550 and Usermin 1.470

Howdy all,

I’ve rolled out version 1.550 of Webmin and 1.470 of Usermin for all supported systems. The Webmin update includes a fix for an XSS security issue.

Changes since Webmin 1.540:

  • Fixed an XSS vulnerability in the Users and Groups module that can be triggered if an attacker has the ability to change the real name of a Unix user.
  • Added support for the Upstart boot system, seen on Ubuntu 10 and later.
  • Added the Test Zone Transfer button to the slave zone page in the BIND module, to check if zone transfers are possible or not.
  • Added the Sending Email page to the Webmin Configuration module, which controls how Webmin itself sends messages.
  • In the PHP Configuration module, added support for selecting the timezone on the Other Settings page, thanks to Matt Lewandowsky.
  • In the DHCP module, added a Module Config option to automatically refresh the lease list every few seconds, and a link to force a manual refresh.

Changes since Usermin 1.460:

  • Major dutch translation updates, thanks to Gandyman.
  • Added a checkbox (on by default) to not forward bounce emails, which can cause mail loops.
  • Text for mail filter rules that match on headers is now automatically escaped unless the new “Regular expression” box is checked, which makes creation of simple substring matching rules easier for users.

As always, problems should be reported in the ticket tracker. Since most of these are small changes, problems are not expected…but Upstart support is new, so there are possibly still bugs there.