Skip to content

Release history

Poweradmin releases

A web-based control panel for PowerDNS

Back to tool Latest release

All releases

18 shown

No immediate action
v4.0.11 Bug fix

Ambiguous column error fixed

Open
v4.2.3 Security relevant
Security fixes
  • Forwarded-IP headers (`X-Forwarded-For`, `X-Real-IP`, `Client-IP`) are now only honored when the peer (`REMOTE_ADDR`) is a private or loopback address, preventing audit‑log spoofing and per‑IP rate‑limit bypass.
Notable features
  • Group‑owned zones show correct edit/delete controls
  • PostgreSQL strict typing fixes prevent zone editing/search breakage
  • Bulk record add handles CSV escaping correctly
Full changelog

✨ Highlights

Patch release for the stable 4.2.x line. Focus is hardened proxy header handling, group-owned zone visibility, and PostgreSQL compatibility fixes.

🐛 Fixes

  • Forwarded-IP headers (X-Forwarded-For, X-Real-IP, Client-IP) are now only honored when the peer (REMOTE_ADDR) is a private or loopback address. Direct-internet deployments stop trusting client-supplied headers, preventing audit-log spoofing and per-IP rate-limit bypass. Same hardening cherry-picked to 4.3.x, master, and develop.
  • Group-owned zones show the correct edit/delete controls in zone search and zone lists (#1200, #1194).
  • PostgreSQL strict typing on record_comment_links no longer breaks zone editing or record search (#1192). Both sides of the join are now cast so it works regardless of whether the linking column is INTEGER or VARCHAR.
  • Bulk record add correctly handles CSV escaping (#1199).
  • CNAME validation accepts numeric-string record IDs from the GUI (#1202).
  • API record edits honor the zone_content_edit_own_as_client permission (#1203).
  • Users API keeps auth_method in sync when use_ldap is toggled (#1195).
  • Zone templates: sync uses zones.id instead of domain_id (#1210); consecutive spaces are preserved in template content listings (#1212).
  • 404 page now fits the viewport without scrolling.
  • Bulk registration template links to group/user management (refs #1201).

📦 Upgrading

Drop-in replacement for v4.2.2. PHP 8.2+ required (unchanged).

Full changelog: https://github.com/poweradmin/poweradmin/compare/v4.2.2...v4.2.3

View release on GitHub
v4.3.1 Bug fix

Minor fixes and improvements.

Full changelog

🐛 Bug Fixes

⚙️ config:

  • surface clear error when settings.defaults.php is missing (closes #1158) (927fcd1)

📥 installer:

  • correct MySQL backfill query in 4.3.0 upgrade script (closes #1159) (7a8122b)
View release on GitHub
v4.3.0 Breaking risk
Breaking changes
  • API v1 deprecated with Sunset date announced via header
Notable features
  • API backend mode without direct database access
  • Zone metadata editor for domainmetadata
  • Audit logging across user, zone, DNSSEC, auth operations
Full changelog

Native API-only deployments, a domainmetadata editor, log filtering and exports, hardened auth, and plenty more.

✨ Highlights

  • API backend mode - run Poweradmin without direct PowerDNS database access (#658)
  • Zone metadata editor for PowerDNS domainmetadata (#1117)
  • Audit logging across user, zone, template, DNSSEC, auth, MFA, and API operations
  • Log pages - filters, CSV/JSON export, detail modals, client IP and auth method visible everywhere
  • SSO permission template mapping with env vars and stale mapping revocation
  • API v1 deprecated with Sunset date announced via header and OpenAPI (#1146)

🐳 Docker

  • PA_PDNS_BACKEND selects SQL or API mode
  • PA_TRUSTED_CA_FILE mounts custom CA certificates (#1065)
  • PA_TRUSTED_PROXIES for real client IP behind reverse proxies (#1134)
  • Env var support for module configuration (#1084)
  • dns_wizards and email_previews togglable via env vars (#1116)
  • Rootless container mode; port 80 binding restored in root mode (#1118)

🌍 DNS & content

  • Custom TLD-to-server mapping for WHOIS and RDAP, with .za added (#1138)
  • IDN/punycode support for record names and content, incl. HTTPS, SVCB, and LP (#1090)
  • IPv6 batch PTR with correct nibble expansion (#1110)
  • Selective zone template update instead of full replace

🛡️ Security hardening

  • md5 and md5salt hashing removed for new passwords (existing hashes still validate)
  • Default bcrypt cost bumped to 12
  • CSRF validation required for API key toggle
  • IpAddressRetriever hardened - X-Real-IP support, proxy headers matching REMOTE_ADDR skipped, parsing bugs fixed (#1134)
  • Mail MIME boundary uses random_bytes instead of md5

🔧 Other

  • Dashboard zone, record, and user count stats for admins
  • Globe language switcher on the login page
  • disabled field respected in bulk record CSV import
  • Preserve auth_method on OIDC/SAML user edits (#1064)

Full changelog: https://github.com/poweradmin/poweradmin/compare/v4.2.1...v4.3.0

View release on GitHub
v4.2.2 Bug fix
Notable features
  • TRUSTED_PROXIES env var for reverse proxies
  • X-Real-IP support
  • Group-owned zone listing
Full changelog

✨ Highlights

Patch release for the stable 4.2.x line. Focus is real client IP handling behind reverse proxies, group-owned zone visibility, and small UI fixes.

🐛 Fixes

  • Real client IP behind reverse proxies (#1134) - new TRUSTED_PROXIES env var, X-Real-IP support, correct handling of proxy headers, and consistent use across auth and logging. Several IP parsing bugs fixed along the way.
  • Zones owned only via a group are listed correctly in the API (#1153) and counted without duplication in dashboard stats (refs #1112).
  • API Keys submenu is now shown to users with the api_manage_keys permission (#1154).
  • .za WHOIS server entry added for South African domains (#1138).
  • Suppressed misleading "User unknown" log noise on unauthenticated requests.

📦 Upgrading

Drop-in replacement for v4.2.1. PHP 8.2+ required (unchanged).

Full changelog: https://github.com/poweradmin/poweradmin/compare/v4.2.1...v4.2.2

View release on GitHub
v4.0.10 Bug fix

Fixed a duplicate SOA serial increment when adding inline DNS records and corrected locale format specifiers and plural headers, enhancing zone reliability and translation accuracy.

View release on GitHub
v4.2.1 Security relevant

Added audit logging for user and OIDC/SAML auth, enabled non-root container execution, hardened API validation, improved zone and DNS handling, and fixed several bugs for better security and reliability.

View release on GitHub
v4.1.3 New feature

Added rootless Docker execution, fixed DNS duplicate SOA increments, resolved macOS bind mount conflicts, corrected locale formatting, displayed TXT validation errors, repaired record restoration, and improved zone lookups.

View release on GitHub
v4.1.2 Bug fix

Bugfix release addressing zone creation validation, OIDC group extraction from ID token, auth method preservation for SSO users, default permission templates, Docker environment mappings, and translation updates.

View release on GitHub
v4.2.0 New feature
Notable features
  • API v2 with response wrapping
  • SAML authentication
  • Generic OIDC support
View release on GitHub
v3.9.10 Maintenance

Bugfix release focused on translation completions and improvements across multiple locales.

View release on GitHub
v4.0.9 Bug fix

Bugfix release addressing zone creation template validation, password encryption config, Docker volume mount handling, and translation completions.

View release on GitHub
v4.0.7 Bug fix

Bugfix release addressing LUA record parsing, TOTP secret generation, zone name handling, IPv6 validation, and CSRF token field correction.

View release on GitHub
v4.1.1 New feature
Notable features
  • DNSSEC CSK info alerts
  • RFC 2317 zone name support
  • LUA record handling
View release on GitHub
v4.0.6 Bug fix

Bugfix release fixing PowerDNS API error handling, MySQL SSL verification, Docker healthcheck and DNS CLI, CSRF tokens, i18n, and zone deletion flow.

View release on GitHub
v3.9.9 Bug fix

Bugfix release allowing HTML characters in TXT records and fixing record name suffix stripping logic.

View release on GitHub

Beta — feedback welcome: [email protected]