Softaculous

Topic : Webuzo 2.8.8 Launched

Posted By: salman on May 8, 2021, 3:32 pm

Hi,

The Webuzo Team has launched 2.8.8. The following is the list of changes :

1) [Security Fix] : Upgraded EXIM to the latest version to fix the 21 Nails vulnerability.

The upcoming version will bring some Improvements, features and changes.

Regards,The Webuzo Team

Edited by salman : May 8, 2021, 3:33 pm

Posted By: peopleinside on May 9, 2021, 11:09 am | Post: 1

Fix security issue is important so thanks for look about that. Exim is not the only component that currently in Webuzo has security update, I informed privately what else is probably vulnerable and need an update asap.
The issue on updating Exim with Webuzo is:
In the email update I receved Exim update was not mentioned.I loosed my Exim configuration, loosed Spamassasin.
I think it's really wrong to send an update that erase users configurations and settings without alert, without manual user update and without any backups.
Also after this nice Webuzo update all my email was broken: PHP, email client.
I had to log in into Webuzo than save again let's encrypt certificate email settings.

CSF aslo start to having issue after this new Webuzo nice update, now I get a warn by email when update cron is excecuted.

I work 1 hours today for try to fix all this issues. i need to resume an Exim configuration backup from my backup archivie to compare the new one ad re add custom settings.

I had to reinstall spamassasin and you never noticed me anyware I will have spamassasin off, Exim resetted, etc.

CSF is now giving an error that I get in the past, I followed every instruction you gived in the past for resolve this but nothing helped. My server went down again for fix all this issues.
Also you are releasing update that cause issues at the week end when the support is not avaiable.
Sorry but I get angry when I see all this issue created by a Webuzo update that is also lunched when no support will be avaiable.

An update of Webuzo should fix issues, vulnerability but not stop the email system from working or erase all user settings without a manual action by the user and possibility to get backup!

-----------------------
PeopleInside :angel:

Passionate Webuzo User

Posted By: peopleinside on May 10, 2021, 10:29 am | Post: 2

Emails stop to work because Exim configuration file was replaced so the let's encrypt certificate patch was no more correct in Exim config file.
Made a security update is good and it's important but not but not damaging and stop the services until an admin never fix this.
I discover is not possibile to choose manual update in Webuzo, I can just turn off auto-update and here there is no instruction that tell if I will be notified of a new Webuzo version and how to manually upgrading.
I'm very deluded by this experience where you push update and can broke email, apache or what you are erasing with that update.

I cannot be not able to login at PC and spent an hour for fix this issues created by the update... so today I want turn off Webuzo auto update because I do not trust anymore... but the only option I see is just specify to stop Webuzo updates and this is not what I wanna do.
I expect there are a setting for manual update Webuzo so when a new version is released, instead of auto update a visual notification on Webuzo is showed and an email is sent.

Loggin in into Webuzo and clicking the notification under the UI interface I expect is possibile upgrade Webuzo manully but seems is not possibile so
seems I can choose to have Webuzo updated or just not.
Bad. Bad.

-----------------------
PeopleInside :angel:

Passionate Webuzo User