Hi, i already started to update thirdparty software. A few already pushed to the public. But most stays at 90% and stays in the lxcenter-testing repository until i have finished all the updates. That way we all have more time to test the new versions before it goes to be pusched to the live repository.

I do build/rebuild everything against CentOS 5 32/64Bit in a most standard environment. That means, only CentOS 5 Base/Update, our own LxCenter repository and sometimes EPEL packages are used to build or rebuild the software.
That way we know for sure that Kloxo works for 100% in a stable environment with the released LxCenter packages.

For now i do only do thirdparty software updates for CentOS 5 32 and 64Bit. When done, i go work at the rebuilds for CentOS 6 32/64Bit where possible.

I strongly advice to disable INSTALLAPP.
I already disabled Horde webmail because its is old and has some security issues. The newest Horde versions can be used in our environment out of the box. Depends how easy Horde 4/5 can be reintegrated into Kloxo before it returns.
For the moment, Roundcube is the best and updated and stable one.

Ofcourse because of xmas days and newsyearseve, it might be the case that i start updating the packages in the first week of 2013. Unless somthing critical issue arrives :)

Anyway, keep me posted about new thirdparty versions in the existing issue. I can't monitor all the software vendors myself :)

Have a good xmas!

Kind Regards,
Danny Terweij

Hi all,

I'll be back active soon. Just for packages updates (RPM/thirdparty). If still nobody contributes to the project then what? Contributing is easy, everyone can do that if they know PHP programming. What holds people back is the question...

Anyway, real life comes first. Had a busy time. Still have not much time. Too much projects and other things, but some will end so let's update all the software packages :)

Regards,
Danny Terweij

p.s. not using Kloxo/HyperVM in production anymore as i stopped my Hosting Company. Still using Kloxo to play with at home inside a VM.
p.s. please donate if you can miss something. Every dollar is a dollar :) Maybe we can hire some coder in the future :P
p.s. when i am back, i have to read a lot emails from the past LOL

Kloxo 6.1.12 - 03-mar-2012 ##################################
Bug #925 Advanced PHP Config page shows empty input fields
Bug #926 6.1.11 writes empty ipaddr into apache conf files, causing apache to fail.

Kloxo 6.1.11 released.

Important change:
Security #923 Remote Web Injection Vulnerability.

Regards,
Danny Terweij

Important to read for developers/contributors.

The current dev branch is from the old svn-trunk. Because it gives some problems and not following our own standards, we will change it soon.

What might going to happen:

Remove branch: dev
Create new branch: dev from master
At this point we can implement bugfixes because we can not do it now in a proper way.

What happens with the features from svn-trunk?
A Core member is going to import from svn-trunk only the new features to the dev branch.

If you are a Developer/Contributor then wait with making pull requests until we have the new dev branch.

Regards,
Danny.

GitHub¶

Kloxo source code is migrated to GitHub.com https://github.com/lxcenter/kloxo

Branches¶

• kloxo/master is imported from svn/kloxo/branches/6.1.x
• kloxo/dev is imported from svn/kloxo/trunk

Subversion¶

• SVN commit access is closed for Kloxo SVN.

Work in progress¶

• Redmine (project website) connector.
• Webpages updates (Wiki and others).
• And some more items.

Questions?¶

Ask them at the forum.

Dear Kloxo users,

The Core members agreed a new Coding and Release structure for Kloxo. HyperVM follows after this. Soon, in 2011 or at jan 01/02 2012 the Kloxo source code is going to be migrated to GitHub.

Everyone is allowed to Fork the Kloxo Source, make (Bug)Fixes, make Enhancements, make Features etc etc. But you have to follow the coding standards. Before your change will be approved (Pull Request), the Core members review your code, then Approve or Deny it.
Ofcourse when a Core member send in their Pull Request, another Core member has to approve it :)

Much more will be changed to standards in 2012.

Happy 2012!

Regards,
Danny Terweij

Dear reader,

If you are wondering why there were no Kloxo 6.1.8 and 6.1.9 releases, these were prematurely made available for update but withdrawn shortly after for further testing. A few servers may have updated automaticaly to these releases and we had to increment the version number to make sure these could update to the final version.

Kloxo 6.1.10 also includes a critical security fix that was reported by "Xarion" (fixed by Angel Guzman Maeso) and so we highly recommend you update. Due to a non-implemented function, running "/script/fixvpop" would reset "lxpopuser" mysql password to a default instead of random password. This security issue affects all versions prior to 6.1.10 (including LxAdmin) and may expose e-mail addresses if you have run this script before.

See the list of 6.1.10 Changes: http://project.lxcenter.org/projects/kloxo/versions/28
See the list of 6.1.9 Changes: http://project.lxcenter.org/projects/kloxo/versions/18
See the list of 6.1.8 Changes: http://project.lxcenter.org/projects/kloxo/versions/17

Please note that updating to Kloxo 6.1.10 may be longer than usual while it updates third-party scripts such as phpMyAdmin.

A side note: CentOS 4 is ending its life at 29 feb 2012 and we will remove its packages from our repository.
Quote from CentOS:

All users currently using CentOS-4 are advised to begin planning the
upgrade to CentOS-5 (EOL Date: March 31, 2014) or CentOS-6 (EOL Date:
November 30, 2017)

We would like to thank everyone involved in the Beta program and LxCenter Partners who made this release possible.

Kind Regards,
LxCenter Team

It is urgent to update your Bind Domain Name Service package now if your HyperVM/Kloxo uses Bind as Domain Name Server. It is a world wide request, there where already several attacks on major big DNS systems. If the attack is successfull then your DNS server does not serve any requests anymore so all your hosted domains will be un reachable.

CentOS 4: yum update bind
CentOS 5: yum update bind

CentOS 6: The new bind package is in the CR repo

BIND 9 Resolver crashes after logging an error in query.c
Summary:
Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST)" Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9. ISC is actively investigating the root cause and has produced patches which prevent the crash. Further information will be made available soon.

CVE: CVE-2011-4313
Document Version: 1.2.1
Posting date: 16 Nov 2011
Program Impacted: BIND
Versions affected: 9.4-ESV (all), 9.6-ESV (all), 9.7 (all), 9.8 (all)
Severity: Serious
Exploitable: Remotely

Dear intrested reader,

We are pleased to announce that Kloxo 6.1.7 is released. Altho it was delayed by a lot of months because Developers where on hollidays, sickness, pet issues and ofcourse their private lives :)

Here is the ChangeLog: http://project.lxcenter.org/projects/kloxo/versions/16
Here is the list of new features: http://wiki.lxcenter.org/Kloxo+6.1.7+new+features

We do not need 2 installer files anymore, it is combined as one. See also http://download.lxcenter.org/
Here is the change of the new installer: http://wiki.lxcenter.org/Kloxo+Installation+Guide

Please report any bugs or problems found with Kloxo 6.1.7 at the forum or the project website..

Kind regards,
LxCenter Team