This file is a running track of new features and fixes to each version of the panel released starting with v2.0.0.
This project follows Semantic Versioning guidelines.
- Fixed missing SSO token creation endpoint
- Fixed bulk importing of IPv6 addresses #66
- Fixed inability to create servers with IP addresses.
- Fixed minor UI bug where addresses in IPAM won't optimistically update after making a change.
- Made the IPAM address table sort by descending.
- Fixed cloning of VM's to the wrong storage location #64
- Removed API request throttling
- Increased Coterm session token lifetime from 30 seconds to a minute.
- Fixed cloning of VM's to the wrong storage location #64
If you use Convoy for a production or commercial environment/purpose, please subscribe to a license here. It supports my work, and you are also violating the license agreement if you don't. Your deployment of Convoy may be disabled without warning if you don't adhere to the terms of the license agreement.
- BREAKING: Overhauled the IP address management system to add IP pools that can be shared among nodes. #51
- BREAKING: Fixed Coterm where it doesn't support multiple nodes #50
- Fixed inability to use special characters for Redis password.
- Fixed error when trying to parse a vm's disk that has no
sizeattribute #48 - Fixed typo in the input labels on the node creation modal #42
- Fixed the mobile navigation menu where it won't automatically close when you click on a link #41
- Added ability to copy node and template IDs #40
- Fixed
workspaceimage failing to build because PHP Composer hash changed from a recent update.
- Added ISO imports (thanks A LOTTTT Fro!!!)
- Added new logo courtesy of Yatin Manuel from Halvex Inc.
- This changelog was forgotten, so I will add it now
- mind-numbing frontend refactorings
- Fixed inability to successfully build the
workspacecontainer because the PHP Docker image recently upgraded from Debian 11 to 12 while Nodesource hasn't added stable support for Debian 12.
- Fixed inability to save new password/ssh keys on Client > Server > Settings > Security > Authentication
- Fixed coterm fields required when trying to update node information instead of updating Coterm information.
- Reorganized frontend React Router routes
The release candidate process for non-beta v3.9.0 was discontinued. Convoy will be keeping its beta status while more improvements to the product are made.
If you are upgrading from v3.8.1-beta, keep note of these notices:
- v3.9.0-rc.9:
⚠️ This release may require you to regenerate your Proxmox API token credentials for each of your nodes with the implementation of encryption of node credentials in Convoy from this point on. - v3.9.0-rc.3:
⚠️ This release makes changes to the data in your database. Rows that have a non-nulldeleted_atfield in yourserversanduserstable will be purged. If your routine relies on soft deletes, please make changes now to stop relying on them as they are removed in this update.
- Servers using IP addresses that they shouldn't have access to.
- Address pools (not in use yet)
- IPAddress internal naming to Address
- SSO to use JWT instead of generating+saving tokens to the database
- Coterm support (DEV PREVIEW)
- Encryption for PVE node credentials
- Potential security vulnerability allowing unauthorized users to access another user's server
- Inability to reimport the same IP address across different nodes.
- Password updating when marked optional in a server import
- Email max length on the login screen
- Password setting when rebuilding/creating a new server
- Browser history hijacking on client server settings page
deleted_at field in
your servers and users table will be purged. If your routine relies on soft deletes, please make changes now to stop
relying on them as they are removed in this update.
- Adding both a IPv4 and IPv6 address to a server
- Base code for adding translations/localizations to Convoy
- Soft deletes from
serversanduserstable
- Some automatic refactors done by PHPStorm
- Renamed Media to Iso
- Server reinstallations firing wrong job chain
- can sync server usages test
- ISO download progress monitor
- Backup creation progress monitor
- Tests
- Internal HTTP client from Guzzle to a wrapper of it from Laravel
- VM building, deletion, and server deletion logic
- This should improve reliability of Convoy tremendously
- Rate limit throttling
- Made system OS password optional if create server option isn't checked when creating a new server in the administrator area
- English keyboard characters validation rule in create server modal in the administrator area.
- Some minor refactoring that changed the namespacings of some files to improve code consistency.
- Server power commands
- Server deletion failing when the virtual machine is running
- Error unmounting media (or ISOs) in the server control panel in the client area
- Server bandwidth statistic not updating #14
- Overallocation check logic whenever an administrator tries to update a server's build #16
- Issue where you can't use IPv6 for nameservers
- Made account_password required by default for creating new servers and server installations
- Refactored all settings pages
- Refactored menu component to reduce bundle size
- Refactored Server Usages and Rate Limit sync for better scaling
- Minor frontend styling
- Refactored disk data transfer object
- All password inputs (except for Convoy user account password) has these two validation rules:
/^[A-Za-z0-9!@#$%^&*()_+\-=[\]{}|;\':",.\/<>?\\ ]*$/for checking if the password contains only characters on the U.S. English keyboard./^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#\$%\^&\*])(?=.{8,})/for checking if the password contains 8 characters, 1 uppercase, 1 lowercase, 1 number and 1 special character.
- Search bars in the administrator area
- Log rotation for Laravel log file
- Proxmox user pruning to prune expired temporary NoVNC users
- IP Addresses being clipped if too long in the UI (x2)
- Hostname validation regex in frontend
- Viewport glitch when a server name or hostname is too long
- Validation rule not catching special characters from other languages for OS password validation
If you are developing automation software for Convoy, please implement these regular expressions in your code. Otherwise, your code will error when you send invalid requests.
- server
account_passwordvalidation/^[A-z0-9!@£$%^&*()\'~*_+\-]+$/to detect special characters from other language/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#\$%\^&\*])(?=.{8,})/uminimum password requirements
- server
hostnamevalidation/^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/
- IP Addresses being clipped if too long in the UI
- Awkward delete address modal
- IPv6 addresses wouldn't display in client area settings
- Confusing "account password" placeholder when creating a server in the admin area
- Ability to view IP addresses of a server on the dashboard in the client area
- Support for hosting Convoy without a hostname
- Default redis configuration in .env because some people were getting confused by the documentation
- Settings layout for client side server settings
- possibility that
address_idswill cause an exception when it's null when creating a new server
- Refactored routes
- Navigation Bar Context. Now switching pages are even more seamless
- Lack of cancel button when deleting an API key
- Ability for administrators to impersonate the client view for a server and also visit the server's configuration in the admin area.
- Warnings when creating a new node to disable privilege separation and grant root permissions.
- Broken network syncing when updating an address's assigned server
- Text alignment for server counter on the users table in the admin area
- Hyperlinks to the owner on the servers table
- Scoped routing bindings in RouteServiceProvider that were breaking some routes
- Conflicting named routes that would break route optimization/caching
- IP Address updating
- Server build updating
- Option to sync or not sync network settings when deleting an IP address
- The default behavior is always to sync
- Server installs
- a bunch of other stuff
- from proprietary hard-coded api tokens to Bearer tokens for the application/external api
- the whole entire frontend
- Server hostnames
- Node location grouping
- This release is so big that I can't really summarize everything
- Inability to delete IP address from the admin user interface
- FQDN validator for the hostname field when adding a new node
- Problem where validation errors for the SSH key wouldn't show up
- Bug where user couldn't unset a SSH key after saving one
- Storing of CPU, memory, disk, snapshots, backups, and bandwidth limits
- Added server suspensions
- Added real-time status updates of server installs (though it will be deprecated in v3.x.x)
- Automatic bandwidth throttler when a user exceeds the bandwidth limit
- Internally, server details are now passed around the application using Laravel Data by Spatie. Though in v3.x.x, we are planning on switching to Data Transfer Objects by Spatie. We pulled the wrong package and didn't realize until one month in using the package LOL.
- Virtual machines are now limited to one disk. Multiple disks may be supported when a daemon is available in the future.
- The built-in web server is now Caddy instead of Nginx. This provides auto SSL out of the box.
- The commands in the node viewing page for installing the VNC Broker and templates.
- The real-time server installation communication is known to be buggy and will be resolved in v3.x.x
- Editing the server field for IP Addresses will sometime result in the first server of the node to be used. This will be resolved in v3.x.x
