Documentation
Changelog

FOSSBilling Changelog

Version 0.2.10 (1-26-2023)

This version comes with some bug fixes and security improvements, most notably with the Stripe payment adapter. As always, create a fully backup of your installation before updating and if possible perform tests outside of your live environment.

Security

  • The Stripe payment adapter has been updated to their latest SDK.
    • In the process, the adapter has been updated to have better payment status verification, preventing faked transactions from being accepted.
    • The latest version of the adapter also features a much prettier looking payment screen and now works with 3d secure authentication.
  • With previous behavior from BoxBilling, generated web server credentials were stored inside the database, this has now been replaced with the asterisks key, with the intention of the row being completely removed in the future. If you have a custom module that depended on this behavior, it will no longer work.

New Features

  • The back-end has been updated to support password resets, in the next update it will be exposed within the UI. Thank you, @wyntonfranklin
  • Added a check for the PHP version before the installation screen, as some people were trying to install on unsupported versions and were getting HTTP 500 errors.

Bug Fixes

  • On the admin login screen, we've added the version number when including the API.js file. This should help prevent issues related to cache.
  • Fixed issues when trying to assign staff permissions.
  • Fixed an issue with the test server connection button.
  • Fixed some bad HTML causing errors when entering the domain name when creating a new order.
  • Fixed an error that would be thrown if debug mode is turned on and a payment was made without the URL being set.

Changes

  • We've started to remove multi-selects from the admin panel in favor of check-boxes for improved usability.
  • Default modules labels are now translatable, helping to ensure that as much of the admin panel can be translated as possible.
  • Updated document URLs and enforced the FOSSBiling naming in a few areas.
  • Changed the way emails are prevented from sending with the demo module enabled.
  • Session save handlers will now only be set if headers haven't been sent.
  • Fixed some missing icons in the admin panel.

Version 0.2.9 (1-15-2023)

Bug Fixes

  • Fixed an issue with GET API requests within the admin panel.
  • Fixed the favicon on the admin login page.
  • Fixed typos in the FTP layer.
  • Fixed an issue when FOSSBilling would pass null to the markdown parser. (issue #701)

Changes

  • Properly check for the back-to-top element in the admin panel, avoids a error in the console, but it never caused any errors.

Version 0.2.8 (1-13-2023)

Security

  • Replaced the existing markdown parser with commonmark, which offers better compatibility with markdown and improved security features.

Bug Fixes

  • Fixed the breadcrumbs and page header with the custom pages module.
  • Fixed the period strings.
  • Fixed the email history templates being mixed up.
  • Fixed some issues with slashes being mixed when using Windows.
  • Fixed an issue with WHOIS update requiring extra fields.
  • Fixed deprecation warnings with PHP 8.1 and debug mode.
  • Fixed a typo with the 'theme does not exist' exception. Thank you to @rubenuijtdewilligen!
  • Fixed renewal failures not saving properly in the order history.
  • Fixed an issue with the forum builder modal. Thank you to @rubenuijtdewilligen!
  • Fixed some more issues with the API wrapper with some specific HTML input types.
  • Fixed replication of new CSS body classes and existing container classes

New Features

  • Added basic support for custom PDF invoice CSS.
  • Themes can now access the locale name without the ISO code.
  • Added support for a custom favicon path. Thank you @reynaldiarya!
  • Added support for payment gateways to be moved into their own sub-folder.

Changes

  • Remove dots from the Huraga public dashboard.
  • Updated login / signup / password reset styling.
  • Used Rector to modernize code for PHP 8.0.
  • Add CSS body classes to modules client HTML.

Dependencies

  • Bump postcss from 8.4.20 to 8.4.21

Version 0.2.7 (1-3-2023)

Happy new years from the FOSSBilling team! This release is focused on bug fixes, but does also introduce a Namecheap registrar adapter.

Bugfixes

  • Resolved issues related to the API wrapper submitting malformed JSON data.
  • Resolved a few minor issues with the CWP server manager
  • Replaced the way our 'custom and 'email' registrar adapters check for domain availability, this should resolve issues with some TLDs
  • Fixed issues with the order button CSS
  • Fixed issues when updating email templates

New Features

  • FOSSBilling now has a Namecheap registrar adapter! Huge thank you to @ashavolian on GitHub!

Other

  • Added a requirement check for the PHP XML extension
  • Added and improved inline PHPDocs for payment, registrar, and server adapters
  • Some minor fixes to the code and an increased scanning level from PHPStan
  • Dependency updates

Localization

  • FOSSBilling now targets 19 languages for localization
  • Overall, we are 22% translated into all translations

As always, if you'd like to contribute to the localization of FOSSBilling, join us at translate.fossbilling.org

Version 0.2.6 (12-28-2022)

Security

  • Introduce API wrapper for custom themes and modules to facilitate easier CSRF tokens (#612)
  • FOSSBilling will no longer provide a user's password to the account creation email.

Bugfixes

  • Fixed an issue with alias under Apache2 (#626)
  • Better handle php://input being empty when checking the CSRF token. (#626)
  • Fixed an issue with WHM/Cpanel server manager where you where not able to reuse existing packages as root user (#607)
  • Refactor loading locales (#623)
  • Update how we load available locale selection (#611)

Localization

  • Synced localization with Crowdin (Current status +/- 24% and 13 different languages)
    • Arabic, Egypt
    • Chinese Simplified)
    • Chinese Traditional
    • Dutch
    • French
    • Greek
    • German
    • Hebrew
    • Romanian
    • Spanish
    • Portuguese
    • Vietnamese

To help with the localization please join us on https://translate.fossbilling.org/ (opens in a new tab)

Other

  • Updated some dependencies.
  • Added some inline documentation to our code to help developers with more documentation in the works.

Version 0.2.5 (12-21-2022)

Security

  • Disable logging stack trace when debug mode is enabled (#618 #617)

Bugfixes

  • Create a alias for bb-ipn.php to prevent recurring payments from failing after upgrading from BoxBilling or FOSSBilling 0.1.x release (#605)
  • Change ApexCharts colors when switching to darkmode (#610)
  • Disable display errors before checking for a valid ssl certificate. (#604)

Other

  • Updated some dependencies.

Version 0.2.4 (12-16-2022)

Security

  • Added a new security mode and settings
    • These settings are located in the config.php file and allow you to fine tune some security related options.
    • The default settings are what we recommend.

Bug fixes

  • We've replaced the old gettext back end for translations. Translations should now work correctly for everyone.
  • Fixed issue with HestiaCP.
  • Cleanly handle no template being passed to the renderString function in the system module.
  • Fixed some issues with the client lookup.
  • The API should now return HTTP status codes depending on the result.
  • Fixed some missing icons with the custom pages module.
  • The auto updater will now destroy the current session, this should help prevent any odd issues after updates.
  • Fixed the missing CSRF token on the EU tax sync button.
  • Removed the option to ping sitemaps top Bing as they do not accept them anymore.
  • PDF invoices will now hide company / client details that are not set, rather than an empty line.

New Features

  • Set the default currency during installation
  • We've improved the "showcase" feature with Huraga, it now accepts markdown input and has multiple sizing options.
  • We've added some new events to be used in our demo module. (with a FOSSBilling demo coming soon)

Other

  • Updated some dependencies.
  • Significantly cleaned up the Huraga theme's dependencies, shrinking the overall theme size by about 5Mb.

Version 0.2.3 (12-8-2022)

Bug fixes

  • Fixed some minor issues with the admin theme styling
  • Hide the settings button for themes that don't have settings
  • Another fix to the CSRF protection

Version 0.2.2 (12-7-2022)

Bug fixes

  • Fixed more issues relating to the CSRF protection, including the checkout screen.

Version 0.2.1 (12-7-2022)

This is a hotfix to fix issues introduced by the new security features added in 0.2.0. (has changes from PR#545)

Version 0.2.0 (12-7-2022)

This release adds protection against CSRF attacks. This change will break outdated modules. It's highly discouraged to disable this protection, but if needed you can edit the CSRFPrevention value in your config.php file and set it to false.

Breaking Changes / Security

  • Implemented a token system to protect against CSRF attacks. outdated modules and themes will no longer work with this protection enabled.

Bug fixes

  • Fixed subscriptions with the PayPal payment adapter.
  • Properly fixed issues with the VestaCP and HestiaCP server managers.
  • The localization files have been synced with the source code and we've pre-translated a few popular languages using machine learning.
  • Fixed issues when trying to click the filter icon in the admin dashboard.

New Features

  • Sever managers can now specify their own input fields, making the setup process a bit more intuitive.

Version 0.1.1 (12-3-2022)

This release is a quick hotfix to resolve some minor issues reported with version 0.1.0 (opens in a new tab)

New Features

  • Added an "about" tab

Bug Fixes

  • Fix issues with the "email" domain registrar adapter.
  • Fixed the income chart
  • Fixed typos
  • Fix misbehaving isPreviewVersion()
  • Fixed wrong source for the staff login logo
  • Use DejaVu Sans for PDF generation, this fixes issues with some Unicode characters
  • Corrected some of the icons in the dashboard

Version 0.1.0 (12-2-2022)

Note: this changelog is compared to BoxBilling version 4.22.1.5

Security

  • Don't send the admin password in plain text email.
  • Prevent cron from paying deposit invoices with credits
  • Use the cryptographically secure random_int()
  • Properly define password requirements and enforce it
  • Various security improvements
  • Sanitize and validate email addresses
  • Removed obsolete file manager. It had security vulnerabilities and many bugs.
  • Default config for nginx will now properly block direct access to sensitive files.

Bug Fixes

  • Fixed database port not being used during installation
  • Fixed database can't contain a hyphen
  • Fixed issues with Centova Cast module
  • Fixed issues with Plesk module
  • Fixed issues with the SolusVM module
  • Fixed bugs with the PDF generator
  • Improved support for SVG images with PDF generation
  • Fixed error with service domain manage page
  • Changed storage engine to InnoDB
  • General bugfixes and improved compatibility with the latest PHP versions
  • Fixed issue with the admin theme not changing
  • Fixed issues when trying to update a client that didn't have all the information set
  • Fixed issues with custom pages on nginx
  • Fixed issues when validating international domains
  • Fixed port selection with the Virtualmin manager
  • Fixed issues that could potentially cause FOSSBilling to infinitely attempt to resend emails if there is an error.
  • Fixed issues with both the VestaCP and HestiaCP integrations.
  • Prevent domain orders from being completed without selecting the "years"
  • Removed the "API" tab from the staff members list due to bugs and security concerns.

Breaking Changes

  • Dropped the forum module
  • Dropped the "BoxBilling" and "Bootstrap" themes
  • Rename templates to native Twig extension (.html.twig instead of .phtml)
  • Migrated to Twig version 3
  • Removed the "bb" prefix from folders and path variables.
  • The SolusVM and Centova Cast have been removed from the core software.

Refactors

  • Replaced TFPDF with dompdf for PDF generation
  • Refactor the OrderButton module to use more theme assets instead of overriding
  • Completely new admin theme
  • Completely rewritten the Plesk integration.

New Features

  • Introduced the ability for FOSSBilling to migrate configuration files. - This can be manually run from the "Update FOSSBilling" screen
  • Created a new validateAndSanitizeEmail tool.
  • FOSSBilling will automatically execute cron when you log into the admin panel (as long as it hasn't been executed in at least 15 minutes. Can be disabled via the disable_auto_cron option in the config file)
  • FOSSBilling will log a stack trace when an exception is thrown with debugging on. (log_stacktrace and stacktrace_length in the config file)
  • FOSSBilling has a new maintenance mode which can be configured and enabled via the config file.
  • FOSSBilling can now switch between release and preview branches for the automatic update tool.
  • FOSSBilling will display a helpful message if you are using Apache without a .htaccess file.
  • Added support for strikethrough in markdown. (~~strikethrough~~)
  • Added the custom invoice text to the PDF invoice.
  • Very basic support for an extension store inside of FOSSBilling.
  • Added a new setting for a dark variant of your companies logo that will be used with dark mode.

Other

  • Lots of dependency updates
  • Add 4 new events
  • Added HTTPS support to the DirectAdmin module
  • Pointed the update checker to the new repository
  • Code style improvements
  • Replaced references to BoxBilling
  • Improve nginx config
  • Various Changes to Defaults
  • Improved docker support
  • Default to Huraga Green
  • Replaced PT Sans with IBM Plex Sans
  • Renamed "blog" to "news"
  • Added toggles for the sidebar links to news and knowledge base
  • Rewrote emptyFolder() to be cleaner and simpler.
Last updated on January 27, 2023