This update adds the ability to select the SSL key size and certificate locations, more control of which domains are disabled for exceeding the bandwidth limit, DNS client validation, and more control over backup error email reporting.
This version adds external commands for setting quotas, better Zones support, template user interface and creation improvements, control over the disabled website HTML and more.
This release removes a bunch of useless files in the HTML editor, which reduces the package size by several MB. It also fixes Postfix module bugs, and adds RHEL 5 and Debian 4.0 support.
This release cleans up the UI code in the Apache and Webmin Configuration modules to make them more themable, and fixes several bugs.
This new version improves the new mailbox and domain forms, and uses the DenyGroups SSHd directive to block logins by domain owners who don’t have a shell.
1.81 A Sendmail genericstable or Postfix canonical mapping file can be automatically updated with login name to email address mappings. This is useful for programs like Usermin, which can read such a file to work out From: addresses. The directory for Webalizer statistics can be set on the Apache Website Template page. Domain owners can be granted access to the Read User Mail module, for reading mailboxe’s mail. The port to use for normal and SSL virtual websites can now be set on the Apache Website Template page....
1.070 Fixed a security hole that could allow an attacker to lock valid users by sending a bogus username or password. Fixed a bug that stopped user limiting from working when Usermin was run from inetd. 1.080 Fixed a security hole in the maketemp.pl script, used to create the /tmp/.usermin directory at install time. If an un-trusted user creates this directory before Webmin is installed, he could create in it a symbolic link pointing to a critical file on the system, which would be overwritten when Usermin writes to the link filename (CVE bug CAN-2004-0559)....
1.140 Fixed a security hole that allowed any user to view the configuration of any module, even those that they should not have access to. Fixed a security hole that could allow an attacker to lock valid users by sending a bogus username or password. 1.150 Updated the setup.sh script to use MD5 password encryption by default, on systems where Perl supports it. Fixed a security hole in the maketemp....