Server - [security] Fixed authenticated variable manipulation leading to SQL Injection. (Issue #599)
Server - [security] Fixed privilege escalation via mass assignment. (Issue #599)
Server - [security] Fixed systemic cross-site scripting (XSS). (Issue #599)
Version 4.5.0 (2023-04-19)
Server - [improvement] The settings now displays the timestamp of the last software update check.
Server - [bug] Fixed module settings page when the has no settings.
Version 4.4.0 (2023-03-09)
Server - [security] Updated to jQuery-UI v1.13.2. (Issue #561)
Both - [improvement] Added PHP 8.2 support. (Issue #558)
Server - [improvement] Added additional description of LDAP DN parameters. (Issue #563)
Server - [improvement] Added additional spacing to delete the button.
Server - [improvement] Added option to show/hide the server build icon per module.
Server - [improvement] Admin->Users & Groups no longer tries to resolve client IP. (Issue #530)
Server - [bug] Fixed AD authentication when not specifying a Search Start DN. (Issue #565)
Server - [bug] When the user is trying to add an object and their session timed out, the
user is returned to the login page.
Version 4.3.0 (2022-06-29)
Server - [improvement] Local auth now works even when LDAP auth is enabled. (Issue #546)
Server - [bug] Fixed PHP errors during installation process. (Issue #548)
Client - [bug] Fixed user grep when adding ssh user. (Issue #553)
Version 4.2.0 (2022-01-06)
Server - [improvement] Updated max_input_vars error message to include additional methods
of increasing the value.
Server - [improvement] Added database connection error during installation process to
provide better debugging ability.
Server - [improvement] Added setting to specify the Distinguished Name for the starting search
point when using LDAP group membership during authentication.
Server - [improvement] LDAP server connection tests occur before authentication.
Client - [bug] Fixed httpd2 and apache2 detection. (Issue #543)
Server - [bug] Removed password change form on authenticated user profile for LDAP users.
Server - [bug] Ports defined in the Settings can now be unset.
Server - [bug] Fixed minor CSS issues.
Version 4.1.2 (2021-10-27)
Server - [bug] Fixed login logo alignment.
Version 4.1.1 (2021-09-29)
Server - [bug] Fixed CSS for the tooltip in some windows.
Server - [bug] Fixed grabbable table rows so reordering now works. (Bug introduced
with jQuery upgrade)
Version 4.1.0 (2021-09-14)
Server - [security] Upgraded to jQuery 3.6.0. (Issue #525)
Server - [improvement] Updated UI to better show disabled buttons and fields.
Server - [improvement] LDAPS authentication no longer requires certificate inputs. (Issue #534)
Server - [improvement] Added a config check warning message.
Server - [bug] Fixed LDAP group authentication. (Issue #533)
Server - [bug] Fixed client serial number generations when using MySQL 8.x. (Issue #515)
Version 4.0.3 (2021-02-03)
Server - [security] Fixed a SQL injection issue with session variables.
(Found and reported by Niko K from Cure53)
Server - [security] unauthenticated clients can no longer view the dashboard.
(Found and reported by Niko K from Cure53)
Server - [security] Fixed a SQL injection issue with user and group edits.
Server - [bug] CSS tweaks.
Server - [bug] Changed SSH parameter to disable pseudo-tty allocation. (Pull #513)
Version 4.0.2 (2020-12-02)
Server - [bug] Fixed API key creation. (Issue #507)
Version 4.0.1 (2020-11-27)
Server - [bug] Fixed an issue where users could not be enabled or disabled.
Server - [bug] Users with permission to manage servers can now preview the
server configuration.
Server - [bug] Fixed upgrade process retry attempts.
Client - [bug] Fixed client cron entry when fullpath is not used.
Version 4.0.0 (2020-11-11)
Server - [security] Fixed an issue where unprivileged users could create
additional users with super-admin privileges.
Both - [feature] Added support for user API keys. (Issue #289#327)
Server - [feature] Added support for MySQL SSL connections. (Issue #485)
Server - [improvement] CSS changes.
Server - [improvement] Added support for module settings to have sections.
Server - [improvement] Added support to define LDAPS certificate and CA
files in the settings. (Issue #500)
Server - [bug] Fixed PHP errors.
Version 3.5.7 (2020-03-04)
Server - [bug] Fixed user creation during installation. (Issue #478)
Client - [bug] Fixed text output wordwrapping.
Version 3.5.6 (2020-01-09)
Server - [bug] Fixed PHP fatal error when setting the server build/update flag
for server groups. (Issue #472)
Version 3.5.5 (2019-12-13)
Server - [security] Fixed an issue where non-privileged users could be escalated
to super-admin.
Server - [bug] New user passwords can be created with quotation marks.
Server - [improvement] Added support for manual software update checks.
Version 3.5.4 (2019-12-11)
Server - [bug] Fixed server configuration preview formatting when html is in
in the output.
Version 3.5.3 (2019-12-11)
Server - [bug] Fixed database installation and backup support for passwords
with quotation marks. (Issue #470)
Server - [security] Database backups no longer send the password to the command
line. (Issue #470)
Server - [bug] Fixed server configuration preview formatting when html is in
in the output.
Version 3.5.2 (2019-12-06)
Server - [bug] Fixed support for passwords with quotation marks. (Issue #469)
Server - [bug] Fixed branding image display in password reset emails.
Server - [improvement] Changed color of placeholder text. (Issue #371)
Version 3.5.1 (2019-10-16)
Client - [bug] Fixed parsing of the apache2 user on Debian systems. (Issue #462)
Version 3.5.0 (2019-10-01)
* Minimum PHP version is now 5.5 for the web server **
Server - [bug] Fixed PHP errors during installation process.
Server - [improvement] Popup windows are now draggable only by the title bar.
Server - [improvement] Refinements around grabbable rows.
Server - [bug] Configuration previews no longer process characters as html.
Server - [security] Fixed an issue where unauthenticated password resets could
occur. (Found and reported by Arturs Danilevics, Oskars Vegeris, and
Ivars Vids)
Both - [security] Fixed an issue where local privileges could be escalated
to root. (Found and reported by Arturs Danilevics, Oskars Vegeris, and
Ivars Vids)
Server - [security] Fixed an issue with password resets where local privilege
escalation and SQL injections could occur. (Found and reported by
Arturs Danilevics, Oskars Vegeris, and Ivars Vids)
Server - [security] Changed the default password reset expiration to 15 minutes.
Server - [security] Updated the user password hashing to a more secure algorithm.
(Found and reported by Arturs Danilevics, Oskars Vegeris, and Ivars Vids)
Server - [security] Fixed an issue where admin-servers.php was susceptible to
SQL injection. (Found and reported by Arturs Danilevics, Oskars Vegeris,
and Ivars Vids)
Server - [security] Ensured header() calls are not skipped. (Found and reported
by Arturs Danilevics, Oskars Vegeris, and Ivars Vids)
Server - [improvement] Updated .htaccess installation checks verbiage. (Issue #461)
Client - [bug] Fixed parsing of the apache2 user on Debian systems. (Issue #462)
Server - [improvement] CSS tweaks for shadow containers.
Client - [improvement] Added support to gather interface addresses.
Version 3.4.2 (2019-05-17)
Server - [bug] Fixed font-awesome graphics for offline installations. (Issue #441)
Version 3.4.1 (2019-03-20)
Server - [security] Fixed user management privileges so super-admins cannot
be added, modified, or deleted by less privileged users. (Issue #436)
Server - [bug] Fixed an issue where user groups could not be deleted.
Server - [bug] Fixed installs and upgrades with PHP 7.3.x. (Issue #436)
Server - [bug] Fixed PHP 7.3.x errors. (Issue #436)
Version 3.4 (2019-03-16)
Server - [improvement] Menu badge counts become 99+ when greater than 100.
Server - [improvement] Updating the core via the web interface no longer
requires config.inc.php to be writeable by the web server user.
Server - [improvement] Cleaned up redundant code.
Server - [bug] Fixed an issue where the installer would display a blank
grey screen. (Issue #417)
Server - [improvement] Added tooltip-copy CSS.
Server - [improvement] fM core and module server upgrade packages now use
the proxy server settings. (Issue #388)
Client - [feature] Added support for using a proxy server. (Issue #388)
Server - [improvement] Modules can no longer be upgraded if the minimum core
version is not installed.
Server - [improvement] CSS and icon changes.
Version 3.3 (2018-12-15)
Server - [bug] Properly support the OS icon for Raspbian.
Client - [improvement] Moved getInterfaceNames() to core.
Server - [improvement] CSS changes.
Server - [bug] Added missing select2 image.
Server - [bug] Fixed text.
Client - [improvement] Added function to detect if the client is a
Debian-based system.
Client - [bug] Suppressed crontab error during installation if the user
crontab does not exist.
Server - [improvement] Clears database result variable before use to provide
more accurate results.
Server - [improvement] Added Raspbian as a valid Debian-based system.
Server - [improvement] Added function to run remote commands via SSH or HTTP/S
as the server configuration case may be.
Client - [bug] Fixed support for non-standard server ports.
Version 3.2 (2018-10-26)
Server - [improvement] UI enhancements.
Server - [bug] Fixed client interaction 500 error codes.
Server - [bug] Fixed user additions to include comments.
Server - [improvement] Add support to get server list for any module.
Server - [improvement] User passwords can now be set by users granted with
the 'User Management' privilege. (Issue #416)
Client - [bug] Files are now chgrp'ed if available.
Server - [improvement] Added support for noscroll pages.
Version 3.1.1 (2017-12-18)
Server - [bug] Fixed username display in the Admin Logs. (Issue #405)
Version 3.1.0 (2017-12-13)
Server - [improvement] Added option to skip client file checks to the
runRemoteCommand() function.
Server - [improvement] Visually show disabled form buttons.
Server - [improvement] Additional blocks can now be placed on the left or right
of the table header.
Server - [improvement] Moved the grab CSS/JS to the core for other modules to use.
Server - [improvement] fm_logs now stores the username instead of userid.
Server - [improvement] Added support to explode module group IDs. (Issue #375)
Server - [improvement] Pagination is now displayed even with no items.
Client - [bug] Chown directories only if they exist.
Server - [improvement] Popup boxes now disable body scrolling.
Version 3.0.3 (2017-10-10)
Server - [bug] Fixed LDAP authentication with group memberships. (Issue #392)
Server - [improvement] The default Super Admin account can login even if LDAP
is configured.
Client - [bug] Ensure serial number is an integer at install. (Issue #232)
Both - [feature] Added no-update client installer parameter. (Issue #223)
Server - [feature] Added user group support. (Issue #211)
Server - [improvement] Upgraded to Font Awesome 4.4.0 and changed some icons.
Server - [improvement] Third-party resources now load locally. (Issue #244)
Server - [improvement] fM upgrades now give the option to backup the database.
Server - [bug] Fixed server group bulk actions. (Issue #256)
Server - [bug] Fixed intermittent login issues. (Issue #258)
Version 2.0.3 (2015-06-29)
Server - [bug] Fixed LDAP Group Attribute support. (Issue #226)
Server - [bug] Fixed module badge counts.
Version 2.0.2 (2015-05-27)
Server - [bug] Fixed password reset hint text. (Issue #212)
Client - [bug] Cron entries are now entered with full path when installer is
invoked with a relative path. (Issue #216)
Server - [bug] Fixed user creation when php-ldap is not installed. (Issue #212)
Version 2.0.1 (2015-05-03)
Server - [security] Unauthorized users can no longer see the server config
via the preview button. (Issue #210)
Server - [bug] Fixed client installation output formatting.
Client - [bug] Sets correct file mode for sudoers files.
Server - [bug] Fixed CSS at login screen.
Version 2.0 (2015-04-27)
Server - [improvement] Updated pagination handling.
Server - [feature] Added ability to update all servers with a single click on
the top menu bar. (Issue #116)
Server - [improvement] Improved support for Admin Tools error messages.
Server - [improvement] Popup boxes are now draggable.
Server - [feature] Added framework for record searching. (Issue #149)
Client - [improvement] Added support for sudoers includedir parameter and no
longer disables requiretty and env_reset globally.
Server - [improvement] Skips apache rewrite module check for CGI/FCGI
implementations. (Issue #91)
Server - [feature] FM_NO_HTACCESS is now a supported defined constant to
remove .htaccess requirement. (Issue #73)
Server - [improvement] Updated help file.
Server - [bug] Installer now checks to ensure the database and records already
exist before running. (Issue #166)
Server - [improvement] Remove the Admin->Users menu item when authentication
is not used.
Server - [improvement] Fixed PHP session errors when no authentication is used.
Server - [bug] Fixed bulk action checkbox logic.
Server - [bug] Fixed PHP errors during user account window when using a module
other than fmDNS (introduced in 1.3).
Server - [feature] Added i18n support. (Issue #106)
Server - [bug] Fixed upgrade messages after facileManager is upgraded.
Server - [security] Added ability to enable/disable automatic client
registration in the database. (Issue #122)
Server - [bug] Fixed PHP error at login screen when session times out.
Server - [improvement] Upgraded to select2 3.5.2.
Server - [improvement] jQuery is now used to enable/disable users.
Server - [improvement] The installer and upgrader received a facelift.
Server - [bug] Fixed an issue where user permissions could not be removed when
editing a user account.
Server - [improvement] The installer now uses checkmarks instead of text.
Server - [improvement] Modules can now be managed in bulk.
Server - [improvement] The upgrader will now run the module upgrade routines.
Server - [improvement] Server config build previews now display line numbers
and highlight lines in question.
Server - [feature] User accounts can now be created from a user template.
Server - [improvement] LDAP user template can now be undefined which will deny
authentication. This is to add another level of user access control.
Server - [improvement] The installer provides the correct error message when
the database connection fails.
Server - [improvement] The installer now works with MySQL auto_increment_offset
that is greater than one.
Server - [improvement] Swapped /tmp for sys_get_temp_dir().
Server - [improvement] Incorporated mod_headers to save bandwidth.
Server - [improvement] SSH keys can now be saved if the file already exists.
Server - [improvement] Admin logs are now wordwrapped if the data is too long.
Both - [feature] Added ability to define the SSH user to use. (Issue #182)
Server - [improvement] Post-upgrade redirect goes to the dashboard instead of
the modules page.
Client - [improvement] Determines FQDN at install time. (Issue #192).
Version 1.3.1 (2014-11-10)
Client - [bug] Fixed issue where config file parameters are not found and an
empty value is returned. (Issue #163)
Server - [bug] Fixed database cleanup routine.
Version 1.3 (2014-09-17)
Server - [bug] Fixed config build errors and display issues.
Server - Added dependency check for posix php module.
Server - [bug] Fixed install wizard for database checks as databases could not
be created through the installer. (Issue #72)
Server - [bug] Fixed menu badge counts.
Server - [feature] Added support for select2 jquery.
Server - [improvement] Gave the popups a facelift.
Server - [bug] Fixed an issue where changing personal user profile would remove
all user permissions.
Server - [improvement] Pagination is now dynamic. (Issue #85)
Both - [feature] Added OS display support for Raspberry Pi. (Issue #108)
Server - [improvement] Added a check for the PHP filter module. (Issue #121)
Server - [improvement] Updated the login page.
Server - [bug] Fixed SSL mixed content. (Issue #131)
Server - [improvement] Added a check for the PHP json module. (Issue #133)
Server - [feature] Supports additional configuration previews. (Issue #130)
Version 1.2.3 (2014-06-04)
Server - [feature] Client auto upgrade minimum version are now dynamic.
Client - [bug] Fixed client auto upgrades. (Issue #103)
Client - [bug] Fixed PHP errors.
Server - Added dependency check for posix php module.
Version 1.2.2 (2014-05-16)
Both - [bug] Fixed client upgrade errors. (Issue #94)
Version 1.2.1 (2014-05-15)
Both - [bug] Fixed client upgrade versioning. (Issue #93)
Version 1.2 (2014-05-14)
Server - Improved password strength settings description.
Server - Combined general and module settings in one menu.
Server - Added file extensions to all redirects and links.
Server - Changed font to Open Sans.
Server - CSS tweaks to improve UI on Linux systems. (Issue #86)
Server - [feature] Added framework for customizable UI record sorting for use
with all modules. (Issue #81)
Server - Cleaned up code.
Server - Help file links now open in the parent window instead of the popup.
Server - Created error page template.
Server - Added support for module options in fM options table.
Server - [feature] Redesigned how user capabilities are handled which also
supports user changes without the need for reauthentication.
Server - [bug] New user creations would not save the defined default module.
Server - Built-in users can edit more of their profile information.
Server - [feature] Added support for a flag to reset the authentication method
to 'none' in case of a lockout.
Server - [bug] Fixed a case where changing authentication method would throw
an error.
Both - Added file extensions to all redirects and links.
Server - [feature] Redesigned menuing platform for more flexibility. This
includes hiding menu items to users without proper access.
Server - [feature] Added functions to check for php max_input_vars. (Issue #87)
Server - Added help file link to issue tracker.
Version 1.1.2 (2014-04-03)
Server - [bug] Fixed password reset typo.
Server - [feature] Added favicon.
Server - [feature] Improved rewrite check. (Issue #76)
Version 1.1.1 (2014-03-24)
Server - [feature] Databases can now be created outside of the
installer. (Issue #72)
Server - Improved installer and upgrader error handling.
Server - [feature] Added function comments.
Server - [feature] Modules can now be uninstalled if they are deactivated and
there is an upgrade available.
Version 1.1 (2014-03-18)
Server - [feature] Updated menu navigation which also added visual badges that
require user attention.
Server - [feature] Updated some visual effects.
Server - [feature] Client installs now ensure the module is active before
continuing the installation process.
Client - [feature] Detects if PHP CGI is running instead of CLI. (Issue #45)
Server - [feature] Added scroll to top link.
Server - [feature] Checks for the required .htaccess file and attempts to create
it if missing.
Server - [feature] Added ability to update to non-stable releases.
Server - [feature] Updated settings pages jquery.
Both - [feature] Added support to auto-update client files. (Issue #53)
Client - [feature] Added an argument to display the version.
Version 1.0.2 (2013-12-31)
Server - [bug] Fixed issue where installer would report inability to write
the configuration file when the server directory had the
appropriate permissions.
Both - [bug] Fixed an issue where client installation would fail when
checking account details.
Version 1.0.1 (2013-12-24)
Client - [bug] Added more error handling in isolated install issues.
Server - [bug] Enabled update checks by default.
Version 1.0 (2013-12-16)
Server - Removed enable/disable option for template user accounts.
Server - [bug] Can no longer delete the active template user account.
Server - Updated css and jquery animations.
Server - [feature] User password strength is now selectable in the settings.
Server - Improved logging of settings changes.
Server - [feature] Customizable app update checks.
Server - CSS tweaks.
Server - [feature] fM software update checks are now customizable.
Server - [feature] User accounts can now set their default module to use.
Server - [bug] Fixed an issue where clients would report as installed
when the installation was not complete.
Version 1.0-rc6-1 (2013-11-07)
Server - [bug] Fixed an issue were servers could not be added. (Issue #34)
Version 1.0-rc6 (2013-11-06)
Server - [feature] Server config builds now prompt for confirmation.
Server - [bug] Fixed installer password validity background display.
Server - [feature] Serial number generation now checks all module server tables
for unique values.
Server - [bug] Fixed some PHP errors.
Server - [bug] Ensures current module is active.
Client - [feature] Added install support for multiple modules.
Client - Improved Linux distro detection.
Version 1.0-rc5 (2013-10-16)
Server - [bug] Code clean up.
Server - [bug] Changed date items to date type.
Client - [bug] Fixed client sudoers line.
Server - [feature] Added more graphical elements.
Version 1.0-rc4 (2013-10-14)
Server - [bug] Fixed issue where modules could be 'upgraded' to an older version.
Server - [bug] Fixed issue with admin log searching.
Server - [feature] Module upgrades now inform user to upgrade client files
upon completion. (Issue #23)
Server - [feature] Added support to show/hide application errors.
Version 1.0-rc3 (2013-09-30)
Server - [bug] Improved validateNumber() javascript function.
Server - [feature] Added option to enforce HTTPS.
Version 1.0-rc2 (2013-09-18)
Server - [feature] Integrated installation and upgrade instructions into
the README. (Issue #18)
Server - [feature] Added additional OS-specific installation instructions.
(Issue #1)
Server - [feature] Updated some jquery functions.
Version 1.0-rc1 (2013-09-13)
Server - [feature] Added ability to change the displayed datetime format and
set the timezone.
Server - [feature] Added ad-hoc database backup functionality.
Server - [feature] Added LDAP authentication support. (Issue #10)
Server - [feature] Updated help files.
Version 1.0-b15 (2013-09-04)
Server - [feature] Added search capabilities to the admin logs page. (Issue #3)
Version 1.0-b14 (2013-09-03)
Server - [feature] Minor change to forgotton password email.
Server - [bug] Fixed an issue with module upgrades.
Server - [feature] Added more error checking.
Version 1.0-b13 (2013-08-28)
Server - [feature] Added Admin->Settings menu item to set authentication and
mailing methods.
Server - [feature] Can now disable authentication thus using only the default
super-admin user account.
Server - [feature] Set several tables to INNODB.
Server - [feature] Added support to email password reset links. (Issue #12)
Server - [feature] Added support for modules to have more granular user
permissions. (Issue #7)
Version 1.0-b12 (2013-08-23)
Server - [bug] Fixed database clean up bug.
Server - [feature] Supports pressing the ESC button to cancel a window.
Server - [bug] Fixed module installation output.
Server - [feature] Replaced logout button with account menu.
Server - [feature] Redesigned user management page.
Server - [security] Fixed an issue where user permissions could be removed
unintentionally during a password change.
Server - [security] Super-admins can no longer be demoted by non-super-admins
nor themselves. (Issue #11)
Server - [feature] Added option to enforce a user password change upon login.
Version 1.0-b11 (2013-08-21)
Server - [feature] Help now pops out.
Version 1.0-b10 (2013-08-14)
Server - [bug] Fixed post-upgrade redirection.
Version 1.0-b9 (2013-08-14)
Server - [feature] Decreased the update check interval.
Client - [feature] Added PHP version check.
Version 1.0-b7 (2013-08-13)
Server - [feature] Updated version checks.
Server - [bug] Improved installation to prevent duplicate entries.
Server - [feature] Improved application requirement checks. (Issue #1)
Server - [feature] Improved user creation and modification.
Version 1.0-b6 (2013-08-13)
Server - [feature] Added mod_rewrite check. (Issue #1)
Server - [bug] Fixed relative pathing issue.
Server - [feature] User no longer gets redirected to the dashboard after
authentication.