Product update: Virtuozzo PowerPanel RTM Hotfix 8 (7.0.3-151)

Issue date: 2020-08-18

Applies to: Virtuozzo PowerPanel

Virtuozzo Advisory ID: VZA-2020-057

1. Overview

The update for Virtuozzo PowerPanel introduces a security fix, a new feature, and stability and usability fixes.

2. Security Fixes

[Moderate] PowerPanel web interface could be vulnerable to clickjacking. (PP-568)

3. New Features

Added support for sending virtual environment IP addresses to the legacy login form in HTTP GET requests. One can now address a VE by its IP address via a URL like https://<PowerPanel_addr>/login/ve/?host=<VE_IP_addr>. One can also specify the user name as username=<name>. (PP-561, PP-567)

4. Bug Fixes

Could not login to single virtual environments by hostname. (PP-558)
Missing the ability to update backup limits for VEs via vzapi. (PP-563)
URLs like https://<PowerPanel_addr>/login/<random> redirected to the VE login form. (PP-566)

5. Installing the Update

Install the update by running yum update vzapi-installer && vzapi-installer upgrade http://repo.virtuozzo.com/pp/releases/2.0/x86_64/os/Packages/p/pp-release-2.0.3-6.vl7.noarch.rpm.

The JSON file with the list of new and updated packages is available at JSON file.