Kloxo 6.1.12 - 03-mar-2012 ##################################
Bug #925 Advanced PHP Config page shows empty input fields
Bug #926 6.1.11 writes empty ipaddr into apache conf files, causing apache to fail.

Kloxo 6.1.11 released.

Important change:
Security #923 Remote Web Injection Vulnerability.

Regards,
Danny Terweij

Important to read for developers/contributors.

The current dev branch is from the old svn-trunk. Because it gives some problems and not following our own standards, we will change it soon.

What might going to happen:

Remove branch: dev
Create new branch: dev from master
At this point we can implement bugfixes because we can not do it now in a proper way.

What happens with the features from svn-trunk?
A Core member is going to import from svn-trunk only the new features to the dev branch.

If you are a Developer/Contributor then wait with making pull requests until we have the new dev branch.

Regards,
Danny.

GitHub¶

Kloxo source code is migrated to GitHub.com https://github.com/lxcenter/kloxo

Branches¶

• kloxo/master is imported from svn/kloxo/branches/6.1.x
• kloxo/dev is imported from svn/kloxo/trunk

Subversion¶

• SVN commit access is closed for Kloxo SVN.

Work in progress¶

• Redmine (project website) connector.
• Webpages updates (Wiki and others).
• And some more items.

Questions?¶

Ask them at the forum.

Dear Kloxo users,

The Core members agreed a new Coding and Release structure for Kloxo. HyperVM follows after this. Soon, in 2011 or at jan 01/02 2012 the Kloxo source code is going to be migrated to GitHub.

Everyone is allowed to Fork the Kloxo Source, make (Bug)Fixes, make Enhancements, make Features etc etc. But you have to follow the coding standards. Before your change will be approved (Pull Request), the Core members review your code, then Approve or Deny it.
Ofcourse when a Core member send in their Pull Request, another Core member has to approve it :)

Much more will be changed to standards in 2012.

Happy 2012!

Regards,
Danny Terweij

Dear reader,

If you are wondering why there were no Kloxo 6.1.8 and 6.1.9 releases, these were prematurely made available for update but withdrawn shortly after for further testing. A few servers may have updated automaticaly to these releases and we had to increment the version number to make sure these could update to the final version.

Kloxo 6.1.10 also includes a critical security fix that was reported by "Xarion" (fixed by Angel Guzman Maeso) and so we highly recommend you update. Due to a non-implemented function, running "/script/fixvpop" would reset "lxpopuser" mysql password to a default instead of random password. This security issue affects all versions prior to 6.1.10 (including LxAdmin) and may expose e-mail addresses if you have run this script before.

See the list of 6.1.10 Changes: http://project.lxcenter.org/projects/kloxo/versions/28
See the list of 6.1.9 Changes: http://project.lxcenter.org/projects/kloxo/versions/18
See the list of 6.1.8 Changes: http://project.lxcenter.org/projects/kloxo/versions/17

Please note that updating to Kloxo 6.1.10 may be longer than usual while it updates third-party scripts such as phpMyAdmin.

A side note: CentOS 4 is ending its life at 29 feb 2012 and we will remove its packages from our repository.
Quote from CentOS:

All users currently using CentOS-4 are advised to begin planning the
upgrade to CentOS-5 (EOL Date: March 31, 2014) or CentOS-6 (EOL Date:
November 30, 2017)

We would like to thank everyone involved in the Beta program and LxCenter Partners who made this release possible.

Kind Regards,
LxCenter Team

It is urgent to update your Bind Domain Name Service package now if your HyperVM/Kloxo uses Bind as Domain Name Server. It is a world wide request, there where already several attacks on major big DNS systems. If the attack is successfull then your DNS server does not serve any requests anymore so all your hosted domains will be un reachable.

CentOS 4: yum update bind
CentOS 5: yum update bind

CentOS 6: The new bind package is in the CR repo

BIND 9 Resolver crashes after logging an error in query.c
Summary:
Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST)" Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9. ISC is actively investigating the root cause and has produced patches which prevent the crash. Further information will be made available soon.

CVE: CVE-2011-4313
Document Version: 1.2.1
Posting date: 16 Nov 2011
Program Impacted: BIND
Versions affected: 9.4-ESV (all), 9.6-ESV (all), 9.7 (all), 9.8 (all)
Severity: Serious
Exploitable: Remotely

Dear intrested reader,

We are pleased to announce that Kloxo 6.1.7 is released. Altho it was delayed by a lot of months because Developers where on hollidays, sickness, pet issues and ofcourse their private lives :)

Here is the ChangeLog: http://project.lxcenter.org/projects/kloxo/versions/16
Here is the list of new features: http://wiki.lxcenter.org/Kloxo+6.1.7+new+features

We do not need 2 installer files anymore, it is combined as one. See also http://download.lxcenter.org/
Here is the change of the new installer: http://wiki.lxcenter.org/Kloxo+Installation+Guide

Please report any bugs or problems found with Kloxo 6.1.7 at the forum or the project website..

Kind regards,
LxCenter Team

Kloxo 6.1.7 Public Beta¶

As we get closer to a final release LxCenter invites everyone to try Kloxo 6.1.7 Beta.

It is very simple. Just run the commands below (as root) and update an existing Kloxo server or install from scratch following the Installation Guide in our wiki:

echo "209.40.203.218  download.lxcenter.org" >> /etc/hosts

/script/upcp

LxCenter does not recommend you run Beta releases in production servers.

Note Kloxo reports version 6.1.7 but there will always be a new update available. It is recommended you enable "Auto Update" under "General Settings" so you are always running the latest Beta release.

The last Beta release will remove the testing server from your "hosts" file and your Kloxo install becomes the final version.

Please, report bugs at the Kloxo Development forum.

You can see the bug fixes and new features in the roadmap. Please test each of them and add your comment to the issues.

Thank you for your support!

- LxCenter Team

Beta Testing¶

Beta testing is started. Currently we are at 6.1.7 Beta 2.

We might go to try also Public Beta testing so we can catch and fix any problems in the beta versions. After this we are going to create RC (Release Candidate) version(s).

For every translator, it is now time to send in updated or new translation files. We have added several new translation strings to be translated (Read this for how to check untranslated strings).

The releasedate of Kloxo 6.1.7 is before the end of this month.

GitHub¶

After the 6.1.7 release we go to migrate Kloxo to GitHub (HyperVM already migrated but not finished yet). More information will be presented next month.

Note¶

Stay tuned about the Public Beta testing case.

Regards,
Danny Terweij
LxCenter - System Operations