Product update: Virtuozzo PowerPanel RTM Hotfix 8 (7.0.3-151)¶
Issue date: 2020-08-18
Applies to: Virtuozzo PowerPanel
Virtuozzo Advisory ID: VZA-2020-057
1. Overview¶
The update for Virtuozzo PowerPanel introduces a security fix, a new feature, and stability and usability fixes.
2. Security Fixes¶
[Moderate] PowerPanel web interface could be vulnerable to clickjacking. (PP-568)
3. New Features¶
Added support for sending virtual environment IP addresses to the legacy login form in HTTP GET requests. One can now address a VE by its IP address via a URL like ‘https://<PowerPanel_addr>/login/ve/?host=<VE_IP_addr>’. One can also specify the user name as ‘username=<name>’. (PP-561, PP-567)
4. Bug Fixes¶
Could not login to single virtual environments by hostname. (PP-558)
Missing the ability to update backup limits for VEs via vzapi. (PP-563)
URLs like ‘https://<PowerPanel_addr>/login/<random>’ redirected to the VE login form. (PP-566)
5. Installing the Update¶
Install the update by running ‘yum update vzapi-installer && vzapi-installer upgrade http://repo.virtuozzo.com/pp/releases/2.0/x86_64/os/Packages/p/pp-release-2.0.3-6.vl7.noarch.rpm’.
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2020-057.json.