DocumentationChangelog

FOSSBilling Changelog

Below are the changelogs for all FOSSBilling releases ordered most recent to oldest.

Dates are displayed as MM-DD-YYYY.

Upcoming / preview release (TBD)

This FOSSBilling release adds support for PHP 8.4 and removes support for PHP 8.1.

🔐 Security

  • Debug logs now automatically mask some common parameters which are considered sensitive.
  • Delays have been added to help prevent email enumeration by monitoring timings with login attempts.

📈 Enhancements

  • The client area now supports a WYSIWYG editor for markdown content.
    • Warning: depending on how the theme is built, custom themes may require an update to function correctly with this change. (Related changes)
  • You no longer need to provide the title and conversion rate for currencies when adding them, these will be automatically populated when possible.
  • Updated the countries, phone code, and currency lists.
  • Added support for 1-click WHM logins.
  • Improved the styling of the signup section on the order screen.
  • GeoIP functionality has been upgrade.
    • FOSSBilling now includes ASN information.
    • There is now an IP address lookup page.
    • The previously existing IP address database has been replaced with a new one that’s under the CC0 license.
    • Country names from IP addresses will be shown in the current FOSSBilling language.
  • FOSSBilling’s routing has been slightly simplified, cleaned up, and enhanced.
    • The protocol is no longer hardcoded into the config file.
    • FOSSBilling is no longer dependant on webservers to handle custom pages rewriting and to write the request URL into the _URL GET parameter.

➕ New Features

  • FOSSBilling now includes a simple CLI interface.
  • FOSSBilling now has a built in configuration file for ddev, making local development a breeze.

🐛 Bug Fixes

  • The error handler has been updated to resolve an issue where it was possible for necessary classes to not be loaded if a fatal error occurred very early in the loader.
  • Fixed a bug on the client profile from an unclosed input element.
  • Fixed a bug with the client balance payment gateway.
  • Fixed a warning which was being generated by the Huraga theme settings.
  • Knowledge Base catagories and articles are now sorted a-z rather than by the order they were added.

📝 Changes

  • The fallback cron behavior is now automatically disabled for production installations to help reduce confusion.

0.6.22 (6-20-2024)

🐛 Bug Fixes

  • Fixed an issue where the PayPal payment gateway was referencing an undefined variable, causing invoices to not be automatically marked as paid.

0.6.21 (6-17-2024)

⚠️ Potentially Breaking Changes

  • The bb_ prefix has been removed from all IPN parameters.
    • FOSSBilling will continue to read from these parameters when supplied, making the likelyhood of breakage very low, however we suggest payment gateways update any hardcoded references to ensure future compatibility.
    • bb_invoice_id -> invoice_id
    • bb_gateway_id -> gateway_id
    • bb_redirect -> redirect
    • bb_invoice_hash -> invoice_hash

🐛 Bug Fixes

  • Fixed a bug which resulted in the client profile displaying either all or no parameters as required.
  • Fixed some typehints which could result in various errors.
  • Fixed references to undefined functions in the Plesk server manager.
  • Fixed a bug which caused the activity log to not use the configured retention length.
  • Fixed a missing closing tag on the order page which caused other page elements to be turned into a hyperlink.
  • Fixed a display bug with the “Document format” checkbox.

📈 Enhancements

  • Email activity log cleanup is now configured separately from other activity logs and can be disabled while enabling other automatic cleanup.
  • The internet.bs registrar is now able to check domains for transfer eligibility.
  • The order configuration screen has had significant visual improvements.
  • Lots of general code cleanup and improved code styling.

➕ New Features

  • Invoice number padding is now configurable.
  • You may now set a default note that will be added to all invoices.
  • When creating an invoice, you can now specify the quantity for items.

📦 Dependencies

  • Dompdf has been updated to version 3.0.0, adding support for CSS variables, CSS math functions, and other various improvements to rendering.

0.6.20 (4-11-2024)

🐛 Bug Fixes

  • Fixed Huraga still using the light mode logo when the dark mode theme was enabled.
  • Fixed the client profile page not correctly setting items as required.
  • Fixed some untranslatable strings.

📈 Enhancements

  • The final size of our vendor folder has been shrunk by about 5% by removing unneeded items that some dependencies shipped with.
  • The installer page will now provide info on why certain extensions are suggested.
  • FOSSBilling no longer depends on the GitHub API to check for new releases and now depends on api.fossbilling.org.
    • As part of this change, updates are now tagged with a required PHP version and updating will be prevented if this is not met by the current installation.

0.6.19 (4-03-2024)

🐛 Bug Fixes

  • Fixed a few locations in the Huraga theme where invoice database IDs were being displayed rather than the actual invoice number & series ID.
  • Huraga has been updated to remove some instances of hard-coded colors which caused bootstrap’s theming support to not function correctly.

📈 Enhancements

  • New orders for domain registrations / transfers will use the domain name for the order title, rather than the product title.
  • The knowledge base index page in Huraga will now display a tiled list of knowledge base categories rather than a long list of all knowledge base articles.
  • Now that Bootstrap theming works correctly in Huraga, we’ve added a configuration option to select which theme is enabled. Presently the only options are Bootstrap’s light & dark themes, however we want to introduce color themes in the future to allow better customization.
    • Feel free to suggest good color combinations so we can add new theme options based on them!

0.6.18 (3-26-2024)

⚠️If you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well for breaking changes.

➕ New Features

  • The DirectAdmin server manager now has support for 1-click logging in for clients.
  • When deleting an order, there is now a new checkbox to force the order to be deleted even if an error occurs. This may be useful for example if an order is removed on your control panel without the associated order in FOSSBilling being deleted.

🐛 Bug Fixes

  • We’ve made an adjustment to the update patching process to help mitigate cache related errors some users were seeing, especially with the last two updates.

0.6.17 (3-22-2024)

⚠️If you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well for breaking changes.

🐛 Bug Fixes

  • Fixed some routing errors in the previous update.
  • Fixed an undefined array key error that occurred when you didn’t manually specify a currency exchange rate data provider.

0.6.16 (3-22-2024)

⚠️This release makes some changes to how FOSSBilling implements currency exchange rate data providers. We highly suggest validating your previous settings have correctly been migrated over.

⚠️If you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well for breaking changes.

➕ New Features

  • In the Huraga theme settings you may now configure various options for the requiring TOS / Privacy Policy acceptance on the signup and checkout pages.
  • FOSSBilling now supports multiple currency exchange rate data providers including automated exchange rate syncing out-of-the-box with zero setup. We suggest checking your previous configuration was correctly migrated during the update.
    • New FOSSBilling installations will automatically have exchange rates being synced with zero config needed.
    • Removed the European Central Bank as a data provider.
    • Added ExchangeRate-API as a data provider.
    • Restored support for currencylayer as a data provider.
    • Configurable sync frequency ranging from daily down to every minute (if cron is being run frequently enough). ExchangeRate-API also supports an “auto” mode which will intelligently sync only when new data is available, preventing excess API requests.

🐛 Bug Fixes

  • Minor fixes to prevent PHP deprecation errors.
  • Fixed an error that caused a 404 error code to be given for the FOSSBilling generated sitemap.xml file.
  • Adjusted the checkout logic to prevent possible accidental variable name conflicts between.
  • Fixed the missing margin for multiple product categories on the order screen.
  • getConfig in the Extension service will correctly add the ext array key when creating a new configuration.

📈 Enhancements

  • The default FOSSBilling themes will now automatically disable buttons to prevent duplicated clicks when performing API requests.
  • Many grammatical / wording issues have been resolved in FOSSBilling, about 10% of the translatable strings received changes.

🔐 Security

  • Increased the password hashing cost, improving password hash security.

📝 Changes

  • The official docker image has been upgraded to PHP 8.3 and the Imagick extension was removed as it has unresolved build issues.

0.6.15 (2-20-2024)

For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Added missing TLD validation for when a client attempts to bring their own domain.
  • Fixed the Resellerclub registrar integration.
  • Fixed a mistake which resulted in the throw away domain check duplicating a cache key used for the central alerts system.
  • Fixed the implementation of findAll in the Box_Database class.
  • Enabled the WYIWYG editor on the new KB article page.
  • The SSL redirect will be skipped if it’s missing required data, preventing PHP errors.
  • Fixed a mistake which resulted in search fields in the administrator panel being untranslated.

📈 Enhancements

  • Refactored the password generation function.
  • Errors when attempting to write the rotating logs will be silently caught and instead forwarded to the php_error.log file.
  • Removed some unused dependencies, stopped loading an unused twig extension.
    • If you had a custom template that was applying translations like so: {% trans %}Search:{% endtrans %}, this will now produce a fatal error. To be clear: this never worked to begin with.
  • We eliminated the manifest column in the extension table. Extension info such as the icon or description will no longer remain outdated until a module is uninstalled and then re-installed again.

➕ New Features

  • You may now configure the maximum age retention for activity logs in the DB. The default will be set to 90 days.

0.6.14 (2-9-2024)

For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Replaced the hard-coded TLDs in the embed module with ones that are queried via the API. It should now only display TLDs you are selling.
  • Fixed the Server_Account::getUsername(): Return value must be of type string, null returned error.
  • Resolved various PHP deprecation errors.

📈 Enhancements

  • The maintenance page got redesigned to use Bootstrap styling.

0.6.13 (2-2-2024)

For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Fixed an error introduced by a dependency update which caused translations to not work correctly.

0.6.12 (2-2-2024)

For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Fixed an error introduced in 0.6.10 when attempting to use an access hash with the WHM server manager.

0.6.11 (2-2-2024)

For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Fixed an SQL error that would appear if you tried to add a server without specifying the password length.
  • Cleaned up various PHP deprecation errors.
  • Fixed a mistake which resulted in PDFs not including a client’s city, state, zip-code, and country.
  • Slightly improved how the PDF footer interacts with a large invoice (~10+ items).
  • The DirectAdmin and Hestia server managers should now properly use a configured username prefix.

➕ New Features

  • You can now disable public tickets from under the “support” settings.

0.6.10 (1-22-2024)

This release of FOSSBilling includes some minor bug fixes and some new functionality to improve the stability and usability of the software.

For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Fixed a few minor issues with the FOSSBilling error page.
  • The HestiaCP integration will now prevent invalid usernames from being generated.
  • Fixed a bug that could occur when the WYSIWYG editor is loaded in the admin area with no text areas to attach to.
  • We’ve added a workaround to ensure that cart contents are no longer lost when logging in.

➕ New Features

  • FOSSBilling now includes a brand new FOSSBilling\Config class to handle interactions with the config file including reading from it, updating specific values, and dumping a new config to the config file. This is now used by default by all FOSSBilling code and should improve the reliability of FOSSBilling while providing an easier interface for developers to use.
    • This class handles interactions with properties via dot notation.
    • The config file is now pretty-printed to make manual edits much easier.
    • Default values are used when reading from the config file via the class which should eliminate undefined references that could sometimes occur after a minor error in the update process.
  • You may now specify the default network interface for FOSSBilling to use when making external network requests as well as see what IP address those requests will be coming from under the “network interface” tab in the system settings.
  • You may now specify the password length that will be generated for hosting accounts.
  • There’s now a debug_fingerprint config option which can be used to print debug info to the log file when a session fails the fingerprint check.

📈 Enhancements

  • We’ve enhanced our testing infrastructure to include tests performed against a live FOSSBilling installation, further reducing the possibility of regressions between releases. For now there are only 24 tests performed, however we will continue to expand these to provide more coverage over time.

🗑️ Deprecations

  • Deprecated accessing the config file via both the DI as well as directly including it into an array from PATH_CONFIG. Please instead use the FOSSBilling\Config class.

0.6.9 (1-8-2024)

This release incorporates some enhancements to the client area and some other minor improvements.

For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Fixed some minor front-end issues for the client area.
  • The WHM server manager now has additional checks to ensure invalid usernames won’t be generated.

📈 Enhancements

  • Improved the visual consistency of the client area.
  • The admin panel login page will now respect the choice between light & dark mode.
  • The side menu items in the client area will now be added to the mobile hamburger menu to ensure mobile users won’t have reduced functionality.
  • Some minor improvements to logging have been made.
    • Errors while trying to deliver emails are now sent to a new “email” log channel for easier visibility.
    • When a session fails the fingerprint check & is destroyed, a warning will be sent to the PHP error log.
  • Added a new config option to disable session fingerprinting.

0.6.8 (1-4-2024)

This is a minor update to address an issue with the installer and bring some quality of life improvements.

For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Fixed an issue in the installer where PATH_LOG was undefined.
  • Fixed the usage of placeholders in some exceptions, mostly in server managers.
  • The “I will use my existing domain and update nameservers” option will now be correctly displayed by default when there’s no option available to perform a registration.

📈 Enhancements

  • When manually selecting a language, the cookie created will now be valid for 365 days rather than only 7, preventing having to re-select the proper language frequently.

0.6.7 (12-31-2023)

This will be the last FOSSBilling release of 2023 and with it comes a handful of bug-fixes. We hope everyone had a great 2023 and that you’ll have an even better 2024!

For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Resolved an issue where using certain payment gateways would log out the client after the payment was completed.
  • Fixed how negative prices are displayed in the UI.
  • Disabled currency conversions for PDF invoices as the pricing on invoices is already converted.
    • If you are using a custom PDF invoice template, please be sure to replace money_convert with money to ensure you aren’t effected by this issue.

0.6.6 (12-28-2023)

This release brings some bugfixes, improved theming functionality, and a better update experience.

For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Email verification emails will now skip the email queue to ensure faster delivery.
  • Fixed a regression which caused the PDF invoices to only display the system’s default currency. If you are using a custom PDF template, please apply the changes in PR #2022
  • Added a workaround to ensure special characters such as single quotes (') in a payment gateway’s name won’t cause JS errors on the invoice page.

➕ New Features

  • Themes may now define default attributes that will be applied to rendered markdown content, improving their ability to customize the appearance of various aspects of FOSSBilling.
    • Our default themes are now using this to improve how tables, quotes, and images within markdown content renders on the page.
  • You may now use a html_custom folder within a theme to override any templates. This folder should be placed alongside the theme’s original html folder and will allow for easier customization of themes for end-users.
  • The update screen now displays the release notes for all versions you are upgrading through rather than the latest. For example, if upgrading from 0.6.2 to 0.6.5 it would display the changes for 0.6.3, 0.6.4, and 0.6.5 rather than only 0.6.5.
  • The update screen now displays when the last update check was performed, when the next one will be performed, and it now also allows you to manually perform a recheck.

📈 Enhancements

  • The update screen should now properly reflect when there’s no update available.

0.6.5 (12-26-2023)

This release brings further improvements to the 0.6.x releases in the form of bugfixes and minor enhancements.

For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Fixed the usage of product ordering slugs / URLs.
  • Fixed an error when searching transactions.
  • Disabled email DNS validation when logging in as it could prevent someone from updating their email address if it becomes invalid.
  • Fixed address formatting in the PDF footer.
  • Fixed a missing icon for domain management in the administrator panel.
  • Added a missing api-form class from the order screen, which resulted in account registrations to not use the API wrapper and instead display a JSON result on the screen.
  • Increased the maximum timeout for the WHM server manager to help resolve timeout issues with slow servers.
  • Fixed an outdated URL being used when trying to search KB articles.
  • Fixed a typo on the PDF templates.

📈 Enhancements

  • The default PDF template will now hide more items that aren’t set.
  • Some improvements have been made to logging, you’ll now find multiple folders under the data/log directory with each one being associated with a given logging channel. Each channel will have daily logs which will be rotated and retained for 90 days.

0.6.4 (12-17-2023)

This release resolves a few issues with the 0.6.x releases, improves compatibility with reverse proxies, and addresses two of the most commonly request enhancements for the order screen. For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Fixed the “Password confirmation required” message when registering on the order page.
  • Improved compatibility with reverse proxies by checking HTTP_X_FORWARDED_HOST.
  • Removed & replaced some broken jQuery code that caused an error when submitting public tickets.
  • Some minor PHP deprecation errors have been resolved.

📈 Enhancements

  • The currency selector has been moved to the top of the order page from the bottom.
  • The domain registration options will be correctly hidden on the order page when no domain registrar has registration enabled.

0.6.3 (12-14-2023)

This release resolves some bugs with the 0.6.x releases. For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Fixed the custom forms after the Huraga migration to Bootstrap 5.
  • Fixed a bug where some people would get an error similar to this in their administrator panel: Cannot assign null to property Server_Client::$company of type string
  • Reverted a pull request that had the unintended side-effect of renewal invoices duplicating the first line-item.

➕ New Features

  • Invoice PDFs may now be translated and have had a couple of minor improvements.

0.6.2 (12-12-2023)

This release resolves some bugs with 0.6.0 & 0.6.1. For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Fixed an issue that could result in the client search displaying null for clients without both a first and last name.
  • Fixed an issue with the new Huraga theme where the domain action wasn’t being updated on the order screen, preventing transfers from being used.
  • Fixed the title and folder name for the Serbian language.
  • Fixed a translation string in the Serbian language which bugged the coupon code button on the order screen.
  • Updated the post-install URL that’s given for the administrator panel.

0.6.1 (12-11-2023)

This release simply resolves two issues with 0.6.0 that were missed during testing. For those of you who are upgrading from versions older than 0.6.0, please check the changelog for that release as well as it included some major changes, including backwards-incompatible ones.

🐛 Bug Fixes

  • Fixed the currency selector in the new version of Huraga.
  • Migrated the “addons” template in the ordering process to Bootstrap 5 as that was missed during the original Huraga work.

0.6.0 (12-11-2023)

If you want a nice overview of the most exciting changes and some screenshots for this release, give a look at the FOSSBilling forum.

Important: This release has a lot of changes, many of which are breaking changes. Please review the entire release notes before updating, however the most critical things to note are as follows:

  • The staff permissions system has been redone to be more flexible and as a result permissions will need to be reconfigured after updating. Sorry!
  • Numerous breaking changes that effect theming. If you are using the Tide theme, it will not function correctly with this update. The developer has been informed that changes are needed and will hopefully publish a new release in the near future.
  • PHP 8.0 is no longer supported. As always, we follow the official PHP supported versions list which means PHP 8.1, 8.2, and 8.3 are all supported by FOSSBilling.
  • Some PHP constants have been renamed or removed.
  • The behavior of invoice numbering has changed and it is now continuous.
  • Direct browser access to PHP files is now blocked via the .htaccess to improve security.
    • This also applies to the cron.php file. If you are reliant on an external service to call this file via a URL, you will need to access the “Scheduled Tasks” settings, enable the guest API endpoint, and then update the URL on the external service to point to the one that’s provided on the settings page.
  • The ISPConfig and Virtualmin server managers have been removed from the application as they did not work. The associated files will be auto-deleted when performing an update as they could otherwise prevent aspects of the admin panel from functioning. They are now under new repositories and are open to external contributors who can maintain them.

📈 Enhancements

  • Optimizations throughout the application to improve the speed and reliability of FOSSBilling.
    • Emails are now queued and then sent via cron rather than being sent on-demand. The result is that many tasks including, but not limited to orders and ticket submissions are now 2-4 seconds faster for some installations.
    • Better use of caching in various places.
    • Improved handling of the autoloader FOSSBilling uses internally.
    • Extension configs are cached, saving the system from needing to pull them from the database and decode them each time it’s requested.
  • PDF Invoices have been improved.
  • The behavior of the “test email” button has been improved to only email the person who clicked it & to display errors on the front-end if any occur.
  • The “Huraga” client theme has been migrated to Bootstrap 5 to have a significantly more modern UI and has had many bug fixes.
  • On the development side of things, we’ve improved our workflows to provide better code coverage and catch more issues before they have the opportunity to make it into the main source code.
  • The Stripe payment adapter will now set the client’s name and email address, improving your dashboard analytics as well as improving Stripe’s ability to perform fraud detection.
  • The Extension Directory has been moved to a separate tab for both Payment Gateways and Domain Registrars.
  • Various improvements to the developer experience.
  • You may now configure the port for a hosting server during the initial setup process rather than after.
  • Client searching in the administrator panel now searches more fields.
  • The order is now made available to the registrar to allow them to use information from it for the domain creation process.
  • The birthday and document_nr are now set within Registrar_Domain_Contact to be used for identification with domain registrations.
  • The email queue behavior has been updated to more reliable, especially with situations such as brief outages preventing emails from sending correctly.
  • The Mass Mailer module now goes through the standard email queue rather than using the now removed queue module. This ensures more reliable and predicable behavior of the queue.
  • You man now view the current email queue from the email settings. This tab will list all emails queued to be sent including their recipient, creation date, subject, and the number of attempts done to send the email.
  • The requirements system has been reworked and will now list missing recommended extensions. Additionally, we’ve rechecked the system requirements and have properly documented them on the documentation.

➕ New Features

  • FOSSBilling will now display a little notification if an update is considered to be a major or minor patch to help people be aware of when significant changes have been done.
  • Company info and system version visibility through the API is now configurable.
  • Invoice PDFs can now have their HTML customized rather than just the CSS.
  • You can now update all orders associated with a downloadable product at once when uploading a new file.
  • Reoccurring pricing check-boxes are un-ticked by default and will be automatically ticked when a price is entered when configuring a product.
  • There is now a copy button for the order button example code.
  • You can now disable languages (translations) from within the FOSSBilling administrator panel.
  • FOSSBilling will no longer includes translations that are less that 25% complete and you can also view how complete any of the default translations are from within the administrator panel.
  • PDF Invoices can now include information such as banking info for billing and the same info can be added to the client area to make it more easily discoverable for clients.
  • You can now view the readme for items on the Extension Directory directly from within FOSSBilling.
  • The installer has been completely overhauled with a new design and to no longer rely on jQuery.
  • Added opt-in automated error reporting via Sentry.io to improve our ability to catch and fix bugs, give better technical support, and to improve the overall stability of FOSSBilling.
  • The Massmailer module will now allow you to preview the list of recipients for a message before sending it.
  • The API and Huraga theme have been updated to allow clients to choose if they’d like to pay with a subscription or a one-time payment. This is disabled by default via the theme settings.
    • Developers: When using the client/get_banklink API endpoint you may now pass allow_subscriptionwith a value of 0 as a GET parameter to instruct FOSSBilling to not create a subscription. If you don’t pass the parameter, the previous behavior of automatically using one when the payment gateway and invoice both support it will be used instead.
  • To help with development, FOSSBilling now includes a debug bar which will automatically be displayed with the APP_ENV environment key is set to dev
    • Theme creators: this must be added into your theme in order to rendered.
    • {{ DebugBar_renderHead() }} Should be added to the head of your base template
    • {{ DebugBar_render() }} should be added at the bottom on your template.
    • Our default themes already include these new additions.
  • Server managers may now implement SSO support to generate direct login links for clients. This has been implemented int into the Plesk server manager and will be added to others over time.

🔐 Security

  • The default .htaccess no longer allows direct access to PHP files. Only the few that are needed for functionality are allowed.
  • We’ve improved the HTTPS check and the behavior of how FOSSBilling enables secure cookies to be more opportunistic.
  • The staff permission system has been revamped to allow granular permission control with full support for custom modules to define permission keys. We’ve implemented some baseline options and will gradually fill out the permissions list for our default modules over time.
  • We have improved the behavior of the session expiration to behave more as one might expect.
  • FOSSBilling will now require authentication to view invoices, even when viewed directly using their unique hash. This may be disabled if you prefer.

🐛 Bug Fixes

  • Fixed an issue that prevented multiple toasts from appearing in the administrator panel.
  • Fixed a bug that resulted in add-ons getting separate invoices generated.
  • FOSSBilling will now prevent certain actions on orders with bad statuses.
  • Deletion of servers, hosting plans, and TLDs with active orders / products is now prevented.
  • The FOSSBilling installer will no longer display an error if the config.php file doesn’t exist & will correctly check that it is writable.
  • We’ve fixed the message on the dashboard that alerts the administrator if cron isn’t being run correctly.
  • Fixed an issue with the the Mass Mailer module’s send functionality.
  • Improved handling of situations where a client may be deleted while leaving their old tickets in place.
  • Fixed file action paths pointing to the wrong directory in the UpdatePather class.
  • When FOSSBilling is accessed via it’s API mode, PHP’s display_errors option will be disabled. Previously enabling debug mode had the chance to break API responses as the response may include a PHP error and therefore no longer have a valid JSON response and this change corrects that.
  • Fixed the filter options in the Massmailer module.
  • Added in prevention against recipients being duplicated when using the Massmailer module.
  • Fixed an issue where stock control could only be configured when using the “custom” product type.
  • Numerous minor bugs that have been caught via error reporting have been resolved.
  • Failed email deliveries will no longer result in an email being sent to the DB log multiple times.
  • FOSSBilling will now behave correctly for HEAD requests. Some uptime services such as updown.io use these request types to save bandwidth for both parties and starting with FOSSBilling version 0.6.0 this functionality should now work correctly.
  • Fixed an issue where the max uses for a promo code could not be changed after initial creation.
  • Fixed an issue that could happen type when attempting to delete orders for the API key product.

⚠️ Breaking Changes

  • You will need to re-configure staff permissions when updating due to the changes in how they are saved.
  • The invoice numbering has been modified to be continuous.
  • We have removed the following server managers from the core application since they did not work:
    • ISPConfig and Virtualmin.
    • Both have been moved to their own repositories on GitHub if someone else would like to maintain them.
  • We have removed the following Payment Gateways from the core application as we are unable to maintain them:
    • AliPay (Status unknown)
    • Interkassa (Reported non-functional)
    • Onebip (Status unknown)
    • WebMoney (Status unknown)
    • TwoCheckout (Reported working, will be added to the Extension Directory)
  • The KB and Support modules have been merged into one singular Support module. (See PR#1180 for changes)
  • Some of the constants have been renamed within FOSSBilling to remove references to BoxBilling:
    • BB_DEBUG -> DEBUG
    • BB_URL -> SYSTEM_URL
    • BB_MODE_API -> API_MODE
  • The following constants have been removed: BB_SSL and BB_URL_API.
  • Support for PHP 8.0 has been removed as it no longer is receiving security updates.
  • The queue module has been completely removed as it was somewhat incomplete and only being used by the Massmailer module.
  • getLoginUrl and getResellerLoginUrl for server managers now need to accept a new parameter which will either be null or a Server_Account object. This is provided for SSO support. If the system doesn’t want an SSO link, null will be passed.

📝 Changes

  • The “Remember me” check-boxes have been removed as they didn’t actually do anything.
  • Minor improvements to the developer workflow.
  • We’ve removed the messages that could appear when your FOSSBilling instance reported it’s version as 0.0.1.
  • We’ve removed the option to generate EU VAT rates as these values were hard-coded, making the option misleading and potentially confusing.

0.5.6 (9-28-2023)

Hello everyone, we realize a bug-fix release might not be what everyone was expecting to see after two months since 0.5.5 was published, however the next major FOSSBilling version (0.6.0) is taking a bit longer than expected as it’s going to be a pretty significant update and we felt like it was important to get this bug-fix release out to resolve some of the more problematic issues that existed with the older releases.

Thanks for the patience and we look forward to being able to release 0.6.0 in the near future with a lot of improvements, enhancements, and new features!

🐛 Bug Fixes

  • Fixed an issue that could cause a client to be redirected to the admin panel when paying with stripe.
  • Adjusted the session fingerprinting system to be more lenient when needed.
  • Fixed a handful of bugs with the Plesk integration.
  • Fixed some errors in some of the old database migration patches.
  • Fixed the price format system not working all of the time.
  • Fixed a bug with the tax support checkbox.
  • FOSSBilling will now cleanup a leftover account if a duplicated domain existed on the HestiaCP server when trying to setup an order.
  • Fixed a bug with the maintenance mode that could prevent some actions from being performed in the administrator panel.
  • Fixed issues with the client password reset workflow.
  • Fixed a problem where a newly created client wouldn’t be sent the email verification request.
  • Fixed a bug when staff members were creating tickets for clients.

0.5.5 (7-25-2023)

🔐 Security

  • FOSSBilling will now invalidate sessions for a given user when performing a password reset.

🐛 Bug Fixes

  • FOSSBilling will now configure the timezone when setting up PDO connections.
  • A handful of miscellaneous bugs have been fixed.
  • Toasts (notifications) in the admin panel have had their colors fixed when using dark mode.
  • Improved handling of deleted accounts with active sessions, avoiding “model not found” errors and instead sending the user to the login screen.
  • Fixed an issue where the update patcher would override the locale & timezone set in your config.php file.
  • We’ve increased the timeout when downloading FOSSBilling updates.

➕ New Features

  • We’ve changed how the email verification system works to resolve some flaws and oversights in it’s behavior.
    • Previously, FOSSBilling only checked if an email was valid when the client attempted to login and then prevented the login from being performed.
    • Now a client with an email that’s not yet validated may still login, however they will only be allow to: access their profile, update their information, and request the verification email to be resent.

📈 Enhancements

  • We’ve made a few small changes to the themes list to help improve visual consistency and slightly improve usability.

0.5.4 (7-5-2023)

🔐 Security

➕ New Features

  • You can now whitelist IP addresses from rate-limiting using the rate_limit_whitelist configuration property.
  • Tables columns in the administrator panel may now be sorted by clicking on them.
  • FOSSBilling now includes a fallback option to apply patches after updating (Can be performed by navigating to example.com/run-patcher).
  • You may now optionally configure a username prefix when configuring server managers.

🐛 Bug Fixes

  • Fixed an issue when trying to reset purchased API keys from the administrator panel.
  • The admin theme dashboard will now correctly apply dark mode to the charts.
  • We’ve sped up how quickly the selected theme is applied within the admin panel, completely removing or reducing the “flash” that could be seen of the wrong theme mode. (Dark VS light mode)
  • 6 different search statements were being created incorrectly which resulting in errors when trying to search within the effected modules, this has been fixed.

📝 Changes

  • We’ve cleaned up the exception messages to help reduce the number of translatable strings and improve consistency.

0.5.3 (6-30-2023)

🔐 Security

🐛 Bug Fixes

  • We’ve fixed usage of dark-mode in the admin panel.

➕ New Features

  • FOSSBilling now includes a “API Key” product which can be used to sell API keys for use in your applications. Docs

0.5.2 (6-27-2023)

Just a minor bugfix release to address issues a handful of people saw.

🐛 Bug Fixes

  • We’ve adjusted the fingerprint weights to resolve some issues that were occurring, primarily when using a reverse proxy.
  • Fixed an issue where the config migrator would introduce the cookie_lifespan configuration property as a string instead of as an int. This issue only effected very old version of FOSSBilling or users who were using BoxBilling.
  • The installer will no longer attempt to detect and redirect to HTTPS as this functionality was causing issues with some server configurations.

➕ New Features

  • FOSSBilling will now use the cf-ipcountry header Cloudflare sends while creating fingerprints to further increase protection against session hijacking.
    • “IP Geolocation” must be enabled under Cloudflare’s “network” settings before this header is sent.

0.5.1 (6-23-2023)

This is a fairly minor release, with enhanced security, some bug-fixes, and new default email templates.

🔐 Security

  • Box_Session has been replaced with FOSSBilling\Session
    • Session IDs are now forcibly regenerated when logging in, preventing a session fixation vulnerability. Vulnerability report.
    • The BOXCLR cookie has been completely removed from within FOSSBilling.
    • Sessions are now destroyed when logging out.
    • Cron will automatically purge outdated sessions.
    • FOSSBilling now implements a simple fingerprinting method for sessions to help prevent against session hijacking.
      • Only hashes of the fingerprinted data are recorded, not the data itself.
  • We’ve added protection against certain twig filters that would allow remote code execution which could be exploited by anyone with access to either theme or email templates. (Vulnerability report)
  • The company signature will not longer be interpreted as HTML inside of the Huraga theme, as it could allow a malicious staff member to perform XSS against clients. (Vulnerability report)
  • The entropy for invoice and ticket hashes has been significantly increased.

🐛 Bug Fixes

  • We’ve fixes issues with both the option to disable client signups as well as preventing them from changing their email.
  • The order screen will no longer cause the Huraga layout to break.
  • Fixed a minor problem a handful of people got with the locale selector.
  • Fixed an issue where the API was looking for the wrong property name when trying to update the client’s city.
  • Added checks to prevent errors logged when FOSSBilling would try to access and undefined variable.

➕ New Features

  • We’ve replaced the default markdown email templates with ones that are HTML based and include some simplistic styling.
    • Existing FOSSBilling installations will need to manually reset existing templates in order for these new ones to be loaded.

0.5.0 (6-13-2023)

Important: We have changed the way update patches are performed. After updating, you MUST manually login to the administrator panel, navigate to the updater, and then use the “Apply Patches & Update Configuration” button. this will be automated going forward but must be done manually with this update.

Additionally: If you have any type of custom module, please read the Breaking Changes. Very nearly ALL custom modules will not work correctly in this release unless updated for it.

🔐 Security

  • Resolved an issue with the “Downloadable” product type that allowed orders to be downloadable without being activated. (Report on Huntr.dev)
    • Currently the description for this report is inaccurate, we are working with the security researcher and Huntr.dev administrators to get it updated.
  • Additional checks have been added to prevent add-ons from being ordered by themselves or for a product they are not valid for. (Report #1 and report #2)
  • Prevented an issue that allowed disabled products from being ordered. (Huntr.dev report)

➕ New Features

  • Introduced support for our “Central Alerts” system, allowing FOSSBilling to retrieve and display warnings associated with the currently running version.
  • We’ve introduced the usage of Monolog, splitting logging out into a handful of files to help keep logs more organized.
  • Our GitHub repository now runs automated spellchecks against changes to help prevent accidental spelling mistakes from being introduced into the application.
  • The old error page has been completely replaced and errors can now be assigned helpful links to help aid in debugging.
  • The API wrapper will now display a “spinner” on the page while waiting on an API request to complete, giving a visual indication that an action is being performed.
    • To use this, your custom theme will need to have a spinner-border class that implements the spinner animation. The API wrapper will automatic center it for you.
    • You can see this spinner in action inside of the administrator panel.

🐛 Bug Fixes

  • The WHM/cPanel server manger now correctly assigns a default port when you don’t manually specify it.
  • Fixed the link that can be used to view what emails a client has been sent.
  • Fixed an issue that could prevent you from updating an invoice if it’s approval status isn’t set.
  • We’ve fixed a few minor issues with the automatic language detection.
  • Multiple issues have been fixed with the orderbutton module.
  • The order screen will now correctly respect the product priority.
  • Resolved some minor PHP deprecation warnings.
  • Fixed a bug with the Namecheap registrar adapter that occurred when you had the Reseller ID set.
  • Fixed some SQL errors that could occur when updating a client.
  • FOSSBilling will now correctly prevent upgrade request tickets from being made for upgrades that are invalid for the associated product.
  • Fixed an issue that caused promotions to not properly be applied to the client balance, resulting in a negative balance.
  • FOSSBilling will now re-check the promotion validity before the checkout step is completed. This prevents instances where a promotion could be used after it was disabled as long as the promotion had already been applied to the cart.
  • The breadcrumbs on the Formbuilder module have been fixed and the overall layout has been slightly improved.

📝 Changes

  • FOSSBilling will no longer attempt to email the administrator after the installation is first complete.
  • Removed getSettingsRoutes and hasSettingsRoutes from out modules as the front-end no longer used them.
  • When changing the password for a client with the WHM/cPanel server manager, the client’s DB password will also be updated.

📈 Enhancements

  • The ticket view has been cleaned up in the admin panel.

⚠️ Breaking Changes

  • Box_Di has been removed in favor of just using \Pimple\Container for typehints.
  • All FOSSBilling classes have been moved to the FOSSBilling namespace, removing the FOSSBilling_ prefix from the class name.
  • FOSSBilling classes now enable strict types.
  • Box\InjectionAwareInterface has been replaced with \FOSSBilling\InjectionAwareInterface. Almost ALL custom modules will be broken unless they are updated to reflect this change.

0.4.3 (4-25-2023)

Important This release migrates to using symfony/mailer for sending emails. For mostly everyone, this will improve reliability of the emails and allow us to more easily maintain that functionality, however it is important to note that FOSSBilling now requires the open_proc function when using sendmail as your transport. Please check the release notes below for further information on this change.

➕ New Features

  • FOSSBilling will now try to automatically detect the correct locale for users based on the browser’s HTTP_ACCEPT_LANGUAGE header. This option can be overridden with the language selector.
  • Server managers may now define a custom generateUsername function.
  • Custom themes may now gain access to the admin_default encore by setting use_admin_default_encore to true in their manifest file. This allows them to use JS and CSS from the admin theme.

📈 Enhancements

  • We have significantly cleaned up the CSS files for the admin_default theme. The outdated CSS from BoxBilling is now completely gone and we are now using slightly different autoprefixer rules. The resulting CSS is now roughly half of the size compared to FOSSBilling version 0.4.2
  • Cleaned up Huraga’s CSS to removed outdated browser prefixes. This removes a little over 1k lines of unneeded CSS.
  • The admin_default theme has had numerous improvements, including having some pages rewritten.
  • The SEO module has had a minor overhaul.
  • We’ve made many improvements to the translatable strings inside of FOSSBilling, fixing some poor grammar and lowering the word-count by roughly 700 words compared to 0.4.2.
  • We’ve migrated to using symfony/mailer to handle emails. This will make it much more straightforward for us to add support for new transport options while also improving reliability and maintainability for the email functionality.
    • If you have been using the sendmail transport, FOSSBilling now requires the open_proc function to be enabled. It should be by default in most installations, however some control panels or hosting providers may disable it.
    • The option to disable SSL/TLS has been completely removed.
      • You may use a custom mailer DSN with verify_peer set to 0 if you want to connect to a host with a self-signed certificate. An example and link to further documentation is available in the email settings page.
    • The SendGrid integration has been updated to use the symfony/mailer package and now uses an API key instead of a username and password. We are unsure if the previous integration worked correctly, but if you were using it you will need to update to using an API key.
    • The Box_Mail class has been completely replaced with a new FOSSBilling_Mail class and it is no longer available through the di.

🐛 Bug Fixes

  • The client profile page will now correctly respect what parameters you have configured as required.
  • We’ve fixed an issue that prevented you from editing a promotion period.
  • Fixed a bug that could prevent access to the MassMailer module.
  • The “bring your own domain” option will now work correctly if a client doesn’t enter a period into the TLD. (Both .com and com will work now)
  • Various fixes to the Direct Admin server manager.
  • Fixed an issue that could occasionally be seen where the next invoice number was being interpreted as a string rather than an integer.
  • Fixed the ResellerClub registrar’s HTTP response handling.
  • Fixed server manager logging.
  • Fixed an error that could be seen if you tried to create a client without selecting a group.
  • Fixed an issue that could give an SQL error when trying to cancel an invoice.

📝 Changes

  • The Box_Config class has been removed.
  • We’ve entirely removed the FTP layer from FOSSBilling as it was unused and likely broken.
  • We’ve removed http-client in favor of instancing the class directly.
  • The Box_Zip class has been removed in favor of directly calling the ZIP library.
  • Renamed the Box_Requirements and Box_Version classes to FOSSBilling_Requirements and FOSSBilling_Version.
  • Minor changes to reflect the Extension Store being renamed to Extension Directory.
  • We’ve removed a lot of functionality from the Box_Request class and have moved to using native PHP functionality.
  • Box_Tools has had a lot of functionality removed as it duplicated standard PHP functions.
  • System updated functionality has been moved from Extensions to System
  • Removed the Box_Cookie, Box_ExceptionAuth, and Box_Response classes.
  • Box_Extension has been replaced with ExtensionManager

0.4.2 (4-6-2023)

Important Due to issues related to sub-folders and additional complexity, we have decided to remove official support for FOSSBilling installations under sub-folders rather than sub-domains. Long term, we wish to bring back official support, however we give no timeline for this. This was previously announced on our forum.

🐛 Bug Fixes

  • Reverted the bugfix for sub-folder installations as it caused issues with other installation methods.

📈 Enhancements

  • We’ve improved the way localization is handled within twig, it will now respect the locale selected from within the dashboard. This allows clients to have dates translated into their locale.
  • Fixed the mobile responsiveness of the Fix order “history” tab.
  • Added badges to the dashboard to display the number of unpaid invoices, open tickets, etc.
  • We’ve applied a simple fix to change the text color of CKEditor (WYSIWYG editor) when dark mode is enabled.
  • Improved .htaccess rules to strengthen security, improve error handling, and to clean up some unnecessary rules.

0.4.1 (4-4-2023)

🐛 Bug Fixes

  • Fixed an issue that prevented access to the administrator panel if FOSSBilling is installed on a sub-folder.
    • Important: this style of installation is highly discouraged. Please use a sub-domain instead.
  • Fixed an issue that prevented access to the administrator panel if the admin prefix was changed to no longer be /admin.
  • Fixed an issue with the .htaccess file that prevented access to payment gateway logos.
  • FOSSBilling now includes symfony/polyfill-intl-icu, which will be used as a polyfill if the intl extension is not installed & enabled in PHP.
    • This polyfill only supports the en locale, and is only being included to prevent FOSSBilling from being unusable without the intl extension. For full functionality, you should always ensure this extension is installed and enabled.

0.4.0 (4-3-2023)

⚠️ Breaking Changes

  • Both the client and admin change_password API endpoints now require password verification.

    • These are now the required parameters: current_password, new_password, and confirm_password.
  • jQuery has been updated to v3 from v1.7 for the administrator panel, and a lot of old jQuery plugins have been removed.

  • The bbmd twig filter has now been completely removed, the markdown filter should be used instead.

  • We’ve dropped official support for VestaCP due to its unmaintained status, if you use a fork of VestaCP that was using its server manager, you can find a backup of it here

  • We’ve moved all twig filters that were outside of their class back inside of it.

  • The bb_date and bb_datetime filters have been removed in favor of official twig filters that offer better i18n support.

    • With this, dates should now be translated to your locale.
    • For those of you with custom themes / modules, you need to perform these replacements:
    • bb_date => format_date
    • bb_datetime => format_datetime
  • Email templates will automatically be updated as part of the foss-update.php script.

  • Some configuration options in the config.php file have been changed or removed as part of the i18n efforts:

    • old (Default values shown):

      'timezone' => 'UTC',
      'locale' => 'en_US',
      'locale_date_format' => 'l, d F o',
      'locale_time_format' => ' G:i:s',
    • New (Default values shown):

      'i18n' => [
        'locale' => 'en_US',
        'timezone' => 'UTC',
      
        // Short names for formats (none, short, medium, long).
        // @see https://www.php.net/manual/en/class.intldateformatter.php
        'date_format' => 'medium',
        'time_format' => 'short',
      
        // Specifying a pattern will override the above date/time options.
        // @see https://unicode-org.github.io/icu/userguide/format_parse/datetime/#datetime-format-syntax
        'datetime_pattern' => '',
      ],
  • The guzzlehttp/guzzle dependency has been completely removed in favor of the symfony/http-client package.

  • We’ve completely removed the array_get function from the di. If you had a custom module, you should instead use a standard PHP ternary operator, which offers the same functionality while requiring less code and being easier to read for developers.

  • boxbilling.message is no longer available in the default admin theme. Custom modules should instead use fossbilling.message

🐛 Bug Fixes

  • Fixed the way email codes are generated.
  • Fixed the FormBuilder module.
  • Fixed broken Gravatars for the client ticket page.
  • Fixed an issue that could cause blank notifications.
  • Fixed an issue that prevented editing an IDN TLD.
  • Fixed some errors that could prevent PDF generation if debug mode is enabled.
  • Fixed some duplicated IDs on the Huraga settings page.
  • Fixed an issue that prevented clients from saving their profile changes.
  • The Virtualmin server manager has had some bugfixes.
  • We’ve fixed an issue with the twig number_filter filter that could prevent you from viewing a client’s profile in rare situations. (Issue #964)
  • Fixed Gravatars on the activities tab in the admin panel.
  • Fixed some payment and server manager exceptions that were broken after we made them translatable.
  • Fixed the currencylayer integration
  • Note: The API endpoint for currencylayer has been updated from https://api.currencylayer.com/live to https://api.apilayer.com/currency_data/live.
    • If you have an older account with currencylayer, you may need to create a new account through apilayer to ensure it works correctly.
    • Apilayer is now the owner of currencylayer and is maintaining two API endpoints for the service. When you create an account for currencylayer, you will be directed to the apilayer website, where you can find the new, updated API endpoint.
    • We are using the apilayer API endpoint as it offers new functionality and seems to be the preferred option by apilayer, the current owner of currencylayer.
  • Fixed an issue where the cart wasn’t remembering a selected period for a product.
  • Fixed content type header for the generated sitemap. (example.com/sitemap.xml)

📈 Enhancements

  • The date picker in the admin panel has been replaced with a newer, better-looking one.
  • The admin panel flag icons have been replaced with newer ones.
  • Module icons have been updated. (Note: this change will only take effect if you re-install modules)
  • We’ve replaced Gulp with Webpack Encore.
  • The extension store can now automatically install payment gateways.
  • Locale flags will be displayed in the admin panel language drop-down.
  • We’ve replaced the usage of Google fonts.
  • Improved the responsiveness of the admin panel.
  • The old search autocomplete JS has been replaced in the admin panel, improving functionality and styling.
  • Minor visual improvements to the client login page.
  • We’ve replaced a bunch of jQuery usage with vanilla JavaScript.
  • The WHM/cPanel Server Manager has been refactored, removing over two thousand lines of unused code.
  • Product categories and descriptions will now be displayed when ordering.
  • The color picker in the Administrator panel has been replaced with a newer, better one.
  • FOSSBilling will automatically redirect you to the login page after updating. (This will apply for future updates AFTER 0.4.0)
  • The option to update assigned server IPs has been made visible.
  • We’ve added in the symfony/http-client package and started to use that instead of curl calls, which improves compatibility.
  • The admin panel has had its layout significantly improved. It’s now much more responsive to different resolutions and the sidebar navigation has been replaced with a horizontal navbar.
  • The following modules have had their admin layouts reworked: Cookieconsent, Spamchecker, Formbuilder, Embed, Custompages, Massmailer, Orderbutton, Redirect, Redirect, SEO Tools, Staff, Theme, Wysiwyg.
  • We’ve cleaned up and fixed some inconsistencies in the admin_default theme.

➕ New Features

  • We’ve refactored the way payment gateway logos are loaded, so they now no longer need to be hard-coded into a theme’s CSS.
  • We’ve started implementing native JS modals for the Administrator panel, and have started using that instead of jQuery-based solutions inside the admin panel.
  • You can now export CSVs of orders, invoices, and clients. If you are working on a custom module, you can use table_export_csv from the DI to export a table as a CSV.
  • The foss-update.php script has undergone visual enhancements and now includes support for performing file-level operations.
  • These file operations include deleting, renaming, and moving files which will allow us to make the update process smoother in the future and remove any unused dependencies.

0.3.0 (2-17-2023)

Important: this version of FOSSBilling removes quite a few deprecated functions and as such this release has the possibility to break custom themes and modules. Please read the Breaking Changes below for information on what was removed and how you can update custom code if you were using them.

⚠️ Breaking Changes

  • Removed get_mime_content_type from the Box_Tools class
  • Removed the getApiAdmin, getApiGuest, and getApiClient functions for all classes. The DI should be used instead (example: $this->di['api_admin'];)
  • Removed the following API routes:
    • /client/client/get. Now use /client/profile/get
    • /client/client/update. Now use /client/profile/update
    • /client/client/api_key_get. Now use /client/profile/api_key_get
    • /client/client/api_key_reset. Now use /client/profile/api_key_reset
    • /client/client/change_password. Now use /client/profile/change_password
    • /client/client/logout. Now use /client/profile/logout
    • /admin/staff/profile_get. Now use /admin/profile/get
    • /admin/staff/profile_logout. Now use /admin/profile/logout
    • /admin/staff/profile_update. Now use /admin/profile/update
    • /admin/staff/profile_generate_api_key. Now use /admin/profile/generate_api_key
    • /admin/staff/profile_change_password. Now use/admin/profile/change_password
  • Removed the /client/me route, clients should go to /client/profile to edit their profile.
  • Removed undocumented and deprecated same_invoice option in refundInvoice.
  • Removed the functionality from the license module that allowed it to handle legacy / deprecated API formatting.
  • Removed the deprecated param function from the Admin class.

📝 Changes

  • All usage of the bbmd twig filter has been replaced with the markdown filter. The bbmd filter is now marked as deprecated and will be removed in the future.
  • Made the add funds limit exceptions more specific.
  • Remove references to Walking Pixel’s defunct website from Huraga.
  • Gender options for clients have been updated to include ‘non-binary’ and ‘other’ as options, and our default profile page now allows this to be updated by the client.
  • Added a link to the admin password reset page.
  • The batch send email options is completely disabled in the demo.
  • Made the “model not found” exception a bit more specific.
  • The CWP server manager has had the code quality improved, with support for logging added to it.

➕ New Features

  • All FOSSBilling exception classes can now be translated.
  • We’ve added the ability to have plural translations with the __pluralTrans function.
  • Settings routes are now translatable for our default modules.
  • The WYSIWYG editor has been upgraded to CKEditor 5 and markItUp! has been completely removed.

🐛 Bug Fixes

  • Fixed the usage of placeholders in translations.
  • Fixed the issue that caused accounts to be logged in as “System Cron Job” when using CGI.
  • Fixed the orderbutton module.
  • Fixed the navbar on small screens & mobile, it’ll now become a hamburger menu in those situations.
  • Fixed the “authentication failed” error message when trying to edit a custom page, fix likely applies to other situations as well.
  • Fixed the custom fields not displaying on the client’s profile when they go to make changes.
  • Fixed issues when trying to save custom theme profiles.
  • FOSSBilling will now correctly hide hidden folders from the locale listing if you compiled it from source.

📈 Changes

  • RedBeanPHP has been moved to composer, and we’ve removed a custom hack-fix for our tests.
  • Dompdf has been updated to resolve a security vulnerability.
  • Many other minor updates.

Version 0.2.10 (1-26-2023)

This version comes with some bug fixes and security improvements, most notably with the Stripe payment adapter. As always, create a fully backup of your installation before updating and if possible perform tests outside of your live environment.

🔐 Security

  • The Stripe payment adapter has been updated to their latest SDK.
    • In the process, the adapter has been updated to have better payment status verification, preventing faked transactions from being accepted.
    • The latest version of the adapter also features a much prettier looking payment screen and now works with 3d secure authentication.
  • With previous behavior from BoxBilling, generated web server credentials were stored inside the database, this has now been replaced with the asterisks key, with the intention of the row being completely removed in the future. If you have a custom module that depended on this behavior, it will no longer work.

➕ New Features

  • The back-end has been updated to support password resets, in the next update it will be exposed within the UI. Thank you, @wyntonfranklin
  • Added a check for the PHP version before the installation screen, as some people were trying to install on unsupported versions and were getting HTTP 500 errors.

🐛 Bug Fixes

  • On the admin login screen, we’ve added the version number when including the API.js file. This should help prevent issues related to cache.
  • Fixed issues when trying to assign staff permissions.
  • Fixed an issue with the test server connection button.
  • Fixed some bad HTML causing errors when entering the domain name when creating a new order.
  • Fixed an error that would be thrown if debug mode is turned on and a payment was made without the URL being set.

📝 Changes

  • We’ve started to remove multi-selects from the admin panel in favor of check-boxes for improved usability.
  • Default modules labels are now translatable, helping to ensure that as much of the admin panel can be translated as possible.
  • Updated document URLs and enforced the FOSSBilling naming in a few areas.
  • Changed the way emails are prevented from sending with the demo module enabled.
  • Session save handlers will now only be set if headers haven’t been sent.
  • Fixed some missing icons in the admin panel.

Version 0.2.9 (1-15-2023)

🐛 Bug Fixes

  • Fixed an issue with GET API requests within the admin panel.
  • Fixed the favicon on the admin login page.
  • Fixed typos in the FTP layer.
  • Fixed an issue when FOSSBilling would pass null to the markdown parser. (issue #701)

📝 Changes

  • Properly check for the back-to-top element in the admin panel, avoids a error in the console, but it never caused any errors.

Version 0.2.8 (1-13-2023)

🔐 Security

  • Replaced the existing markdown parser with commonmark, which offers better compatibility with markdown and improved security features.

🐛 Bug Fixes

  • Fixed the breadcrumbs and page header with the custom pages module.
  • Fixed the period strings.
  • Fixed the email history templates being mixed up.
  • Fixed some issues with slashes being mixed when using Windows.
  • Fixed an issue with WHOIS update requiring extra fields.
  • Fixed deprecation warnings with PHP 8.1 and debug mode.
  • Fixed a typo with the ‘theme does not exist’ exception. Thank you to @rubenuijtdewilligen!
  • Fixed renewal failures not saving properly in the order history.
  • Fixed an issue with the forum builder modal. Thank you to @rubenuijtdewilligen!
  • Fixed some more issues with the API wrapper with some specific HTML input types.
  • Fixed replication of new CSS body classes and existing container classes

➕ New Features

  • Added basic support for custom PDF invoice CSS.
  • Themes can now access the locale name without the ISO code.
  • Added support for a custom favicon path. Thank you @reynaldiarya!
  • Added support for payment gateways to be moved into their own sub-folder.

📝 Changes

  • Remove dots from the Huraga public dashboard.
  • Updated login / signup / password reset styling.
  • Used Rector to modernize code for PHP 8.0.
  • Add CSS body classes to modules client HTML.

Version 0.2.7 (1-3-2023)

Happy new years from the FOSSBilling team! This release is focused on bug fixes, but does also introduce a Namecheap registrar adapter.

🐛 Bug Fixes

  • Resolved issues related to the API wrapper submitting malformed JSON data.
  • Resolved a few minor issues with the CWP server manager
  • Replaced the way our ‘custom and ‘email’ registrar adapters check for domain availability, this should resolve issues with some TLDs
  • Fixed issues with the order button CSS
  • Fixed issues when updating email templates

➕ New Features

  • FOSSBilling now has a Namecheap registrar adapter! Huge thank you to @ashavolian on GitHub!

📈 Changes

  • Added a requirement check for the PHP XML extension
  • Added and improved inline PHPDocs for payment, registrar, and server adapters
  • Some minor fixes to the code and an increased scanning level from PHPStan
  • Dependency updates

💬 Localization

  • FOSSBilling now targets 19 languages for localization
  • Overall, we are 22% translated into all translations

As always, if you’d like to contribute to the localization of FOSSBilling, join us at translate.fossbilling.org

Version 0.2.6 (12-28-2022)

🔐 Security

  • Introduce API wrapper for custom themes and modules to facilitate easier CSRF tokens (#612)
  • FOSSBilling will no longer provide a user’s password to the account creation email.

🐛 Bug Fixes

  • Fixed an issue with alias under Apache2 (#626)
  • Better handle php://input being empty when checking the CSRF token. (#626)
  • Fixed an issue with WHM/Cpanel server manager where you where not able to reuse existing packages as root user (#607)
  • Refactor loading locales (#623)
  • Update how we load available locale selection (#611)

💬 Localization

  • Synced localization with Crowdin (Current status +/- 24% and 13 different languages)
    • Arabic, Egypt
    • Chinese (Simplified)
    • Chinese (Traditional)
    • Dutch
    • French
    • Greek
    • German
    • Hebrew
    • Romanian
    • Spanish
    • Portuguese
    • Vietnamese

To help with the localization please join us on https://translate.fossbilling.org/

📈 Changes

  • Updated some dependencies.
  • Added some inline documentation to our code to help developers with more documentation in the works.

Version 0.2.5 (12-21-2022)

🔐 Security

  • Disable logging stack trace when debug mode is enabled (#618 #617)

🐛 Bug Fixes

  • Create a alias for bb-ipn.php to prevent recurring payments from failing after upgrading from BoxBilling or FOSSBilling 0.1.x release (#605)
  • Change ApexCharts colors when switching to darkmode (#610)
  • Disable display errors before checking for a valid ssl certificate. (#604)

📝 Changes

  • Updated some dependencies.

Version 0.2.4 (12-16-2022)

🔐 Security

  • Added a new security mode and settings
    • These settings are located in the config.php file and allow you to fine tune some security related options.
    • The default settings are what we recommend.

🐛 Bug Fixes

  • We’ve replaced the old gettext back end for translations. Translations should now work correctly for everyone.
  • Fixed issue with HestiaCP.
  • Cleanly handle no template being passed to the renderString function in the system module.
  • Fixed some issues with the client lookup.
  • The API should now return HTTP status codes depending on the result.
  • Fixed some missing icons with the custom pages module.
  • The auto updater will now destroy the current session, this should help prevent any odd issues after updates.
  • Fixed the missing CSRF token on the EU tax sync button.
  • Removed the option to ping sitemaps top Bing as they do not accept them anymore.
  • PDF invoices will now hide company / client details that are not set, rather than an empty line.

➕ New Features

  • Set the default currency during installation
  • We’ve improved the “showcase” feature with Huraga, it now accepts markdown input and has multiple sizing options.
  • We’ve added some new events to be used in our demo module. (with a FOSSBilling demo coming soon)

📝 Changes

  • Updated some dependencies.
  • Significantly cleaned up the Huraga theme’s dependencies, shrinking the overall theme size by about 5Mb.

Version 0.2.3 (12-8-2022)

🐛 Bug Fixes

  • Fixed some minor issues with the admin theme styling
  • Hide the settings button for themes that don’t have settings
  • Another fix to the CSRF protection

Version 0.2.2 (12-7-2022)

🐛 Bug Fixes

  • Fixed more issues relating to the CSRF protection, including the checkout screen.

Version 0.2.1 (12-7-2022)

This is a hotfix to fix issues introduced by the new security features added in 0.2.0. (has changes from PR#545)

Version 0.2.0 (12-7-2022)

This release adds protection against CSRF attacks. This change will break outdated modules. It’s highly discouraged to disable this protection, but if needed you can edit the CSRFPrevention value in your config.php file and set it to false.

⚠️ Breaking Changes / Security

  • Implemented a token system to protect against CSRF attacks. outdated modules and themes will no longer work with this protection enabled.

🐛 Bug Fixes

  • Fixed subscriptions with the PayPal payment adapter.
  • Properly fixed issues with the VestaCP and HestiaCP server managers.
  • The localization files have been synced with the source code and we’ve pre-translated a few popular languages using machine learning.
  • Fixed issues when trying to click the filter icon in the admin dashboard.

➕ New Features

  • Sever managers can now specify their own input fields, making the setup process a bit more intuitive.

Version 0.1.1 (12-3-2022)

This release is a quick hotfix to resolve some minor issues reported with version 0.1.0

➕ New Features

  • Added an “about” tab

🐛 Bug Fixes

  • Fix issues with the “email” domain registrar adapter.
  • Fixed the income chart
  • Fixed typos
  • Fix misbehaving isPreviewVersion()
  • Fixed wrong source for the staff login logo
  • Use DejaVu Sans for PDF generation, this fixes issues with some Unicode characters
  • Corrected some of the icons in the dashboard

Version 0.1.0 (12-2-2022)

Note: this changelog is compared to BoxBilling version 4.22.1.5

🔐 Security

  • Don’t send the admin password in plain text email.
  • Prevent cron from paying deposit invoices with credits
  • Use the cryptographically secure random_int()
  • Properly define password requirements and enforce it
  • Various security improvements
  • Sanitize and validate email addresses
  • Removed obsolete file manager. It had security vulnerabilities and many bugs.
  • Default config for NGINX will now properly block direct access to sensitive files.

🐛 Bug Fixes

  • Fixed database port not being used during installation
  • Fixed database can’t contain a hyphen
  • Fixed issues with Centova Cast module
  • Fixed issues with Plesk module
  • Fixed issues with the SolusVM module
  • Fixed bugs with the PDF generator
  • Improved support for SVG images with PDF generation
  • Fixed error with service domain manage page
  • Changed storage engine to InnoDB
  • General bugfixes and improved compatibility with the latest PHP versions
  • Fixed issue with the admin theme not changing
  • Fixed issues when trying to update a client that didn’t have all the information set
  • Fixed issues with custom pages on NGINX
  • Fixed issues when validating international domains
  • Fixed port selection with the Virtualmin manager
  • Fixed issues that could potentially cause FOSSBilling to infinitely attempt to resend emails if there is an error.
  • Fixed issues with both the VestaCP and HestiaCP integrations.
  • Prevent domain orders from being completed without selecting the “years”
  • Removed the “API” tab from the staff members list due to bugs and security concerns.

⚠️ Breaking Changes

  • Dropped the forum module
  • Dropped the “BoxBilling” and “Bootstrap” themes
  • Rename templates to native Twig extension (.html.twig instead of .phtml)
  • Migrated to Twig version 3
  • Removed the “bb” prefix from folders and path variables.
  • The SolusVM and Centova Cast have been removed from the core software.

Refactors

  • Replaced TFPDF with dompdf for PDF generation
  • Refactor the OrderButton module to use more theme assets instead of overriding
  • Completely new admin theme
  • Completely rewritten the Plesk integration.

➕ New Features

  • Introduced the ability for FOSSBilling to migrate configuration files. - This can be manually run from the “Update FOSSBilling” screen
  • Created a new validateAndSanitizeEmail tool.
  • FOSSBilling will automatically execute cron when you log into the admin panel (as long as it hasn’t been executed in at least 15 minutes. Can be disabled via the disable_auto_cron option in the config file)
  • FOSSBilling will log a stack trace when an exception is thrown with debugging on. (log_stacktrace and stacktrace_length in the config file)
  • FOSSBilling has a new maintenance mode which can be configured and enabled via the config file.
  • FOSSBilling can now switch between release and preview branches for the automatic update tool.
  • FOSSBilling will display a helpful message if you are using Apache without a .htaccess file.
  • Added support for strike-through in markdown. (~~strikethrough~~)
  • Added the custom invoice text to the PDF invoice.
  • Very basic support for an extension store inside of FOSSBilling.
  • Added a new setting for a dark variant of your companies logo that will be used with dark mode.

📝 Changes

  • Lots of dependency updates
  • Add 4 new events
  • Added HTTPS support to the DirectAdmin module
  • Pointed the update checker to the new repository
  • Code style improvements
  • Replaced references to BoxBilling
  • Improve NGINX config
  • Various Changes to Defaults
  • Improved docker support
  • Default to Huraga Green
  • Replaced PT Sans with IBM Plex Sans
  • Renamed “blog” to “news”
  • Added toggles for the sidebar links to news and knowledge base
  • Rewrote emptyFolder() to be cleaner and simpler.