NovaPanel
Features Pricing Docs Changelog Customer portal Discord GitHub
Get Pro

Changelog

Every panel release in chronological order. Updates land continuously — your panel picks them up on its next heartbeat. This page auto-refreshes from the release server, so you'll see new entries the moment they ship.

v1.3.0

  • Fix DKIM and DMARC now actually work. Enabling DKIM previously only started the opendkim service — it never generated signing keys, wired opendkim, or published the public records, so outbound mail still failed DKIM/DMARC at the receiver. Creating a mailbox now generates the 2048-bit key, configures opendkim to sign for the domain, and publishes correctly-quoted SPF, DKIM (selector "nova"), and DMARC records into PowerDNS. A "Republish mail DNS" button on the Mail Server page backfills every existing mail domain, and the DMARC policy (none/quarantine/reject) is now configurable.
  • Feature Email Deliverability page (admin): pick a mail domain and run live checks for SPF, DKIM, DMARC, reverse DNS (PTR), and the major blocklists (Spamhaus, SpamCop, Barracuda) against real public DNS — what receivers actually see, not what the panel intended to publish.
  • Feature Zone transfers (AXFR): allow secondary nameservers to pull a zone. Admin → DNS Zones → zone → Zone Transfers sets PowerDNS's ALLOW-AXFR-FROM + ALSO-NOTIFY. Transfers are deny-by-default; only literal IPs/CIDRs are accepted and "allow everything" ranges (0.0.0.0/0, ::/0) are rejected, so a zone is never accidentally exposed to the whole internet.
  • Feature Secondary DNS / hidden-master: a global secondary-nameserver list on the Nameservers page is pushed to every zone's transfer config and applied automatically to any zone created afterwards — run NovaPanel as a hidden master with external secondaries (e.g. Hurricane Electric) handling public queries.
  • Feature Wildcard SSL via DNS-01: because the panel runs its own DNS, it can now issue *.domain certificates. Click Wildcard on the customer SSL page and Caddy solves the ACME DNS-01 challenge against PowerDNS.
  • Infra Wildcard SSL needs Caddy's PowerDNS module. New installs include it automatically. Servers upgraded from an earlier version self-update only the panel binary, so they won't have the module yet — re-run the installer once to rebuild Caddy: curl -fsSL https://license.novapanel.dev/install.sh | sudo bash (safe to re-run; verify with `caddy list-modules | grep powerdns`). Until then the Wildcard button fails cleanly and single-host certs are unaffected.

v1.2.3

  • Fix DNS zones now get a correct SOA record. The primary master (MNAME) is set from your configured primary nameserver instead of PowerDNS's unresolvable "a.misconfigured.dns.server.invalid" placeholder, which a stock pdns.conf stamps onto every new zone. Existing zones still showing the placeholder are repaired automatically on upgrade and whenever you save the Nameservers page — an operator-set primary master is never overwritten.

v1.2.2

  • Fix Reject reserved usernames (user, users, root, admin, �) at account creation. Invalid names previously created an orphan panel row with no matching Linux user, then every sudo -u action (App Installer, Terminal, File Manager, FTP, cron, PHP pools) failed with "unknown user". Validation now runs in Register and surfaces the real error to the admin.
  • Fix WordPress Manager now detects installs that have been staged by the App Installer but not yet configured � shows them with an amber "Setup pending" badge and a one-click link to /wp-admin/install.php instead of saying "no sites detected".
  • Infra New how-to: running NovaPanel behind a Cloudflare Tunnel for homelab deployments � what works (panel UI + customer sites with caveats), what doesn�t (mail, FTP, auth-DNS), and the two SSL workarounds for customer websites.

v1.2.1

  • Feature File Manager: upload, download, compress (.zip/.tar.gz/.tar), extract, move, and chmod � per-row action menu plus multi-select "compress selected". Uploads stream through sudo tee so multi-GB transfers stay flat on memory
  • Fix PHP version install no longer fails with debconf TTY errors � apt-get now runs through systemd-run with DEBIAN_FRONTEND=noninteractive so dpkg-preconfigure can configure packages without a controlling terminal
  • Fix Session timeout (and other ops fields like admin email + notification toggles) save correctly on Community tier � they were incorrectly gated behind the whitelabel feature alongside true branding fields

v1.2.0

  • Feature Outbound webhooks: HMAC-signed event POSTs (user.created, site.deployed, domain.added, php.installed, …) with admin UI, test pings, and a 5s-refreshing delivery log
  • Feature Whitelabel layout editor: reorder, hide, or rename any sidebar section/item; add your own external links (billing, monitoring, support) with icon + target section
  • Feature Admin → user impersonation: one-click "Login as" opens the customer panel in a new tab via short-lived signed tokens, audit-logged on every use
  • Feature Clients Overview admin page: per-account rollup of sites, domains, PHP versions in use, disk vs quota — with inline Login as
  • Feature Session timeout: admin-configurable presets from 15 minutes through Never (with confirm gate)
  • Feature Visual distinction between admin and user panels: amber accent stripe + role pill in the header
  • Fix PHP Manager: every supported version visible in the grid, install errors captured and displayed inline with retry, view service log for stopped FPM units
  • Fix Customer Deployments page now links to the per-deployment log
  • Fix Modals are scrollable on small screens — Add Site dialog reachable on a 13" MacBook again
  • Fix Dashboard memory: use MemAvailable instead of Free+Buffers+Cached

v1.1.14

  • Fix Dashboard memory uses MemAvailable from /proc/meminfo, matching what free(1) and htop report instead of under-counting cache as free.

v1.1.13

  • Feature License page Subscription and billing card reads the actual provider - Stripe customers see Stripe wording, PayPal customers see PayPal wording. Card hides entirely for hand-issued comp licenses.
  • Fix Update notifications: routine package upgrades fire their own notification independently of security patches.

v1.1.12

  • Fix License-renewal warnings read the real license expiry instead of the JWT TTL - no more daily 'due tomorrow' toasts on lifetime or hand-issued comp licenses.

v1.1.11

  • Feature License page shows an Included-with-this-license section listing every feature your tier unlocks, with friendly labels and icons. Driven by tier_configs so admin edits propagate without a panel release.
  • Fix Server-wide Usage caps render correctly for all tiers - no more empty slash for unlimited limits.

v1.1.10

  • Fix License page Expires field shows the real subscription renewal date (or Never for lifetime licenses) instead of the rolling 24h JWT refresh window.

v1.1.9

  • Security JWT TTL reduced from 30 days to 24 hours; panels drop to Community within minutes of a binding reset on the license server. Closes the rolling-reset abuse window.
  • Feature Admin Refund and suspend now works for PayPal customers too (previously Stripe-only).

v1.1.8

  • Infra Production hardening across the license server: CSRF on the admin SPA, metrics endpoint for Prometheus, audit-log retention sweep.
Want to follow along live? Drop into our Discord — release notes also land there the moment they ship, plus you can ask questions and trade hosting tips with other operators.