Changes since Usermin version 1.080
- Usermin Core
- Fixed a security hole in the maketemp.pl script, used to create the /tmp/.usermin directory at install time. If an un-trusted user creates this directory before Webmin is installed, he could create in it a symbolic link pointing to a critical file on the system, which would be overwritten when Usermin writes to the link filename (CVE bug CAN-2004-0559).
When PAM is used for authentication, expired passwords are now detected and the user is prompted to select a new password (if this feature is enabled on the Usermin Configuration module).
- Scheduled Cron Jobs
- The Usermin module now runs with the permissions of the logged-in Unix user, enhancing security and making calls from other modules easier.
- Read Mail
- Added a basic HTML editor for sending and replying to email in HTML format. Requires Java 1.4+ in the browser. Must be enabled on the Preferences page, as it is still rather unstable.
Included support for SMTP authentication when sending email, configurable in Webmin's Usermin Configuration module.
Added a check for attempting to delete the same messages twice by using the browser Back button. If the mail file has been modified since the message list was loaded, the deletion will fail.
- SpamAssassin Mail Filter
- Added an icon for setting up Razor, if it is not already set up.