Skip to content

v2.4.21 – v2.4.35 — 2026-04-21

15 releases in one day — grouped by area.

Extensions & Marketplace

  • In-place extension update flow (v2.4.22): Marketplace shows an "Update available" badge when the installed version differs from upstream. Update path stops the running extension, backs up the current directory, extracts the new tarball in place, sanitises stale socket paths, and restarts. On health-check failure the backup directory and old DB manifest are restored — admins never end up with a half-replaced install. extension_settings and the enabled flag are preserved; new manifest setting keys are seeded with their defaults.
  • Git-Deploy as a full marketplace extension (v2.4.25 + v2.4.26): removed from core, re-released as a standalone extension — SQLite-backed state, webhook receivers for GitHub/GitLab/Gitea (HMAC-validated), auto-deploy on push, rollback to any prior successful commit, pre-deploy command whitelist (composer/npm/yarn), 15 languages, per-repo webhook URL with rotatable secret.
  • Manifest sanitiser (v2.4.21): Freshly-installed extensions whose manifest still references /run/netcell/ socket paths (legacy upstream tarballs) are auto-rewritten to /run/enconf/ during extraction. Prevents health-check failures caused by stale upstream artefacts.
  • Extension permissions accept integer limits (v2.4.29): Package editor now persists max_git_repos and similar extension-declared limits in the extension_permissions JSONB alongside the perm_* booleans.

SSL & TLS

  • Reissue button works for ALL cert types (v2.4.33 + v2.4.35): The /ssl page's "Reissue" action now handles mail and panel certs too, not just site-bound ones. New agent endpoint POST /api/v1/ssl/force-renew runs certbot renew --force-renewal --cert-name <domain>; certbot's deploy hooks reload Postfix/Dovecot/nginx automatically.
  • TLS-Health probe more honest (v2.4.34): Mail certs (e.g. customer-mail.example.com) were falsely flagged as "wrong cert" because the probe hit port 443 — which serves the default vhost cert, not the mail cert. Server-level certs are now marked "Skipped" with a tooltip explanation instead of producing false positives.
  • Google Ads URL-spoofing rejection prevention (v2.4.27 + v2.4.28): nginx and Apache vhost templates now strip invisible Unicode format characters (Bidi overrides U+202C, Zero-Width Joiner family, BOM) from $request_uri. Stops Google Safe Browsing / Ads from scoring the domain as URL-spoofed when a search-result link carries one of these chars.
  • /ssl mobile-optimised (v2.4.33): Page header search takes full width on mobile, TLS-Health header stacks vertically below 768 px, both tables scroll horizontally instead of overflowing.

Domain & Site Robustness

  • Domain name validation on create (v2.4.23 + v2.4.24): isDomainValid() now runs in createDomain, createSite, and both alias-create paths. Stops malformed names like foo..com from passing DB insert and breaking the next nginx reload.
  • Alias delete cleans up shadow Domain row (v2.4.23): Alias creation writes a synthetic Domain row so the alias appears in SSL/Domain listings; delete used to skip the cleanup. Now scoped delete by (name, customer_id).
  • DNS patch errors logged instead of silently dropped (v2.4.23): applyAlias and applySubdomain ignored the DNSPatchRecords return value. Now WARN-logged with a hint that the subsequent ACME preflight will skip until DNS converges.

System & Operations

  • Apache visible in the Repair system (v2.4.30): New RepairApacheVhosts reconciler in Admin → Repair, plus orphan detection for stale /etc/apache2/sites-available/*.conf files (new agent endpoint POST /api/v1/system/apache-orphans). Cleanup action in the repair report with an ownership guard.
  • OPcache shows LIVE FPM data (v2.4.31): System-tab status view used to query the CLI context, which is always cold. Agent now uses cgi-fcgi against the shared FPM socket and reads the real pool stats. Falls back to CLI when no shared socket exists. libfcgi-bin added as an agent dependency.
  • PHP-FPM service failure email storms stopped (v2.4.31): Second orphan-pool sweep right after RunFPMMigration in the hardening migration — catches leftover pool configs that under race conditions caused the shared FPM service restart to collide with already-running per-customer services.
  • OPcache version dropdown is dynamic (v2.4.32): Frontend reads installed PHP versions from the agent (globs /etc/php/*/fpm/php-fpm.conf) instead of a hard-coded ['8.1','8.2','8.3','8.4'] list — now shows PHP 8.5 where installed and hides versions that aren't.

Bugfixes (user reports)

  • Subscription detail "Storage 0/5120 MB" (v2.4.29): used was hardcoded to 0 as a placeholder, and disk_usage_mb was missing from the API response. Wired up — now shows real usage (e.g. 2724 MB / 5120 MB).
  • Git-Deploy "New repository" modal crashed (v2.4.29): "n.map is not a function" — the sites API returns a paginated envelope {data: {data: [], total, page}}, the fetcher was treating r.data.data as the array. Now handles both shapes defensively.
  • max_git_repos package field wasn't persisted (v2.4.29): Package update handler's extension fallback only accepted perm_* booleans, dropping max_* integers silently. Now mixed-type JSONB; HasExtensionPermission is robust against non-bool values; new GetExtensionLimit helper for reading them back.
Home Extensions Partner Über uns Integration Kontakt Impressum Datenschutz AGB

© 2026 NetCell IT · Felix Netzel · In der Wüste 23a, 51381 Leverkusen