This release adds 4 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+6 more
Summary
AI summaryAdd support for PHP 8.4 in Quick Install apps.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Low |
Add support for PHP 8.4 in Quick Install apps Add support for PHP 8.4 in Quick Install apps Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Feature | Low |
Show user and bandwidth quota in the dashboard Show user and bandwidth quota in the dashboard Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Feature | Low |
Update magento.tpl / magento.stpl for healthcheck support Update magento.tpl / magento.stpl for healthcheck support Source: granite4.1:30b@2026-05-28-audit Confidence: low |
— |
| Feature | Low |
Allow slash when adding username to smtp relay Allow slash when adding username to smtp relay Source: granite4.1:30b@2026-05-28-audit Confidence: low |
— |
| Dependency | Medium |
Fix missing dependency proftpd-mod-crypto on Ubuntu Fix missing dependency proftpd-mod-crypto on Ubuntu Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Dependency | Low |
Bump Roundcube to version 1.6.11 Bump Roundcube to version 1.6.11 Source: granite4.1:30b@2026-05-28-audit Confidence: low |
— |
| Performance | Medium |
Improve security and performance optimizations Improve security and performance optimizations Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Performance | Low |
Improve logging of Spamhaus DQS lookups without exposing query key Improve logging of Spamhaus DQS lookups without exposing query key Source: granite4.1:30b@2026-05-28-audit Confidence: low |
— |
| Bugfix | Medium |
Fix cleanup argument handling and improve kv parsing Fix cleanup argument handling and improve kv parsing Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Bugfix | Medium |
Fix 421 error on all web and mail domains after Apache 2.4.64 update Fix 421 error on all web and mail domains after Apache 2.4.64 update Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Bugfix | Medium |
Set default SOA retry value to 1800 for DENIC compliance Set default SOA retry value to 1800 for DENIC compliance Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Bugfix | Medium |
Fix domain alias replacement logic when changing web domain Fix domain alias replacement logic when changing web domain Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Bugfix | Medium |
Fix ipv4_cidr validation Fix ipv4_cidr validation Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Bugfix | Medium |
Fix domain redirects not being suspended Fix domain redirects not being suspended Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Bugfix | Low |
Sort backup file list before retention check Sort backup file list before retention check Source: granite4.1:30b@2026-05-28-audit Confidence: low |
— |
| Bugfix | Low |
Ensure newline at end of hestiaweb user crontab Ensure newline at end of hestiaweb user crontab Source: granite4.1:30b@2026-05-28-audit Confidence: low |
— |
| Bugfix | Low |
Prevent empty user variable from affecting multiple scripts Prevent empty user variable from affecting multiple scripts Source: granite4.1:30b@2026-05-28-audit Confidence: low |
— |
| Bugfix | Low |
Fix editing Panel Cronjobs for hestiaweb Fix editing Panel Cronjobs for hestiaweb Source: granite4.1:30b@2026-05-28-audit Confidence: low |
— |
| Refactor | Low |
Class change for latest version of file manager Class change for latest version of file manager Source: granite4.1:30b@2026-05-28-audit Confidence: low |
— |
Full changelog
[1.9.5] - Service Release
Features
Add support for PHP 8.4 in Quick Install apps
Improve security and performance optimizations
Bug fixes
Fix: Cleanup argument handling and improve kv parsing (#5309)
Fix: 421 error on all web and mail domains after Apache 2.4.64 update
Fix: Set default SOA retry value to 1800 for DENIC compliance
Fix domain alias replacement logic when changing web domain
Fix ipv4_cidr validation
Update magento.tpl / magento.stpl for healthcheck support
Add: Show user and bandwidth quota in the dashboard
Sort backup file list before retention check
Improve logging of Spamhaus DQS lookups without exposing query key
Bump Roundcube to version 1.6.11
Remove the apache2-suexec-pristine package from the Debian installer
Fix domain redirects not being suspended
Ensure newline at end of hestiaweb user crontab
Allow slash when adding username to smtp relay
Prevent empty user variable from affecting multiple scripts
Fix editing Panel Cronjobs for hestiaweb
Fix missing dependency proftpd-mod-crypto on Ubuntu
Fix the way Hestia validates chain certificate
Class change for latest version of file manager
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About HestiaCP
Hestia Control Panel | A lightweight and powerful control panel for the modern web.
Related context
Related tools
Beta — feedback welcome: [email protected]