Product update: Virtuozzo PowerPanel RTM Hotfix 8 (7.0.3-151)

Issue date: 2020-08-18

Applies to: Virtuozzo PowerPanel

Virtuozzo Advisory ID: VZA-2020-057

1. Overview

The update for Virtuozzo PowerPanel introduces a security fix, a new feature, and stability and usability fixes.

2. Security Fixes

  • [Moderate] PowerPanel web interface could be vulnerable to clickjacking. (PP-568)

3. New Features

  • Added support for sending virtual environment IP addresses to the legacy login form in HTTP GET requests. One can now address a VE by its IP address via a URL like ‘https://<PowerPanel_addr>/login/ve/?host=<VE_IP_addr>’. One can also specify the user name as ‘username=<name>’. (PP-561, PP-567)

4. Bug Fixes

  • Could not login to single virtual environments by hostname. (PP-558)

  • Missing the ability to update backup limits for VEs via vzapi. (PP-563)

  • URLs like ‘https://<PowerPanel_addr>/login/<random>’ redirected to the VE login form. (PP-566)

5. Installing the Update

Install the update by running ‘yum update vzapi-installer && vzapi-installer upgrade http://repo.virtuozzo.com/pp/releases/2.0/x86_64/os/Packages/p/pp-release-2.0.3-6.vl7.noarch.rpm’.

The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2020-057.json.