Upcoming: v15.02 - VestaCP, Cyberpanel, Automatic Updates

[Aetherinox]

v15.02 Update

Just wanted to throw out a quick update, as to not confuse anyone. Originally, there were plans for the next major release to be v15.10, however, that has been shifted to v15.02. The reason for this is to keep up with the original versioning pattern that CSF had before. A simple increment for each release.

---

Cyberpanel

It appears that the developers over at Cyberpanel removed ConfigServer Firewall as their firewall solution. Which of course is expected since the developers for Cyberpanel figured that was the end of CSF. Plus, a new developer starts working on it, and I imagine there's trust concerns. It happens.

However, I will continue to support it. So if you'd like to opt and use CSF as your firewall instead of the new option, you have that choice.

Integration Fixed

I went over the code from the last few days and made sure that v15.02 fixes the issues with Cyberpanel integration, and it is currently operational again.

Installation is the same as before, much like everything else, and the same goes for updates. I tried to keep as much backwards compatibility as possible so that it's available for as many as possible.

---

VestaCP

VestaCP switched over to React in their v1.0.x release. This broke CSF's integration. You could still access the /list/csf page if you manually entered the URL, however, you would not see the VestaCP header.

This has since been fixed, but with a some notes to address

New Structure / Menu Button

VestaCP on React means that the templates are built and output as minified .js and .css files, instead of their original structure which consisted of simple PHP and HTML static files. This makes it significantly more difficult to modify the header to re-add CSF to the navigation menu. Along with a hash being assigned to each generated file, and not wanting to violate the purpose of that.

Unless we re-build the template ourselves, which seems like a drastic measure, the only other option is that I wrote up instructions on how to do it yourself which can be found at: https://docs.configserver.dev/install/install/#add-csf-to-vestacp-menu

This could easily be solved if the developers simply add a conditional menu item to their header template and build it, but VestaCP has been without updates for quite some time, and that leads me into the next point ...

Lack of Updates

CSF is about security, and not about making your attack surface larger. With this said, VestaCP has over 20 known vulnerabilities / exploits, and as much as I don't want to speak against software, I would highly recommend people re-consider if they want to use VestaCP at this moment in time. If VestaCP is updated in the future to address these issues, great. However, my logic is coming from a security stand-point, and ensuring that users don't open themselves up.

I'll continue to keep it operational, but I do not want to consume a lot of time on a product that doesn't seem to be getting support.

Header Integration

I have re-integrated the header menu into CSF for VestaCP, so you can now jump to other pages from the /list/csf page.

---

Dark Theme Users

The dark theme will be back. However, core functionality is a higher priority, and with several of the integrations not functioning properly, I chose to put the energy into that first. Bringing the dark theme back however, is definitely on the list.

I have re-implemented the footer that the original dark theme had, and re-added the Light / Dark theme switcher. I just haven't added the CSS classes yet. It requires a lot of careful work and testing to ensure I don't break the appearance of one integration, over a cosmetic feature that is a "nice to have", and not a necessity. I want to do things slow and right, and not throw out a lot at once and people start getting an unstable product.

This also includes the login interface that was originally part of this repository. It will definitely be returning.

---

Updates

As most already know, the update servers are back online. Everything is as it was with the original developer's website. I have added a help page to the download service:

• https://download.configserver.dev/help

I have also spoken to a few companies who reached out to me to offer services such as reputation identity which CSF originally had integration for. I have been working on that along with everything else. But the priority is using these services, and not having to jeopardize security or privacy. No data collection, no additional ports, etc.

---

Pre/Post Script Support

We have added Pre/post integration support. If you have existing scripts that you load with CSF, they will continue to work. No changes needed. It's just a built-in feature now. I have written documentation on how it works at:

• https://docs.configserver.dev/usage/prepost/

---

Additional Notes

This is already long enough, and there are a lot more things that were done in preparation for v15.02, but I have covered the main points. A change-log will list the rest once v15.02 releases.

However, CSF has long been an established and stable application, and I don't want to grind my foot on the gas and start changing that trajectory. If it's not broke, don't fix it. There are routes to making it even better, but the core functionality should not suffer. I still use this app every single day, and I wouldn't want it messed with in a dramatic way.

Contributing

A final thing to ensure the invitation is out there. I decided to do this on Github for

1. Transparency
2. Collaboration potential

There has been talk within the CSF community that others have been interested in throwing out ideas, and this repository is more than open to it. Code contributions are also welcome as long as it doesn't jeopardize the end-user by either opening them up or breaching privacy, and the code is logical, tested, and either solves a problem or adds benefit for the end-user. New features with a toggle / bool should be opt-in only, and not force the user into the feature without their knowledge.