Latest Version: v1.4.3
Release Notes
Track the latest updates, improvements, and bug fixes for WisPanel.
v1.4.3
May 20, 2026
Stable
Latest
- New Async kernel-module install/uninstall with status polling β POST returns 202 immediately, frontend polls /status (tampercore)
- New can_grant_api per-reseller delegation lever + admin UI to override per reseller (security/reseller)
- New can_grant_malware_scanner symmetric to can_grant_api across reseller-store, reseller-package, /resellers/:u/limits, /users/:u/features gate, and UI (security/reseller)
- New Per-reseller "Features Can Grant" tab in Reseller Settings exposing the full can_grant_* set (admin/ui)
- New Users table redesign β Account cell (username + role tag + creator), domain x/y with green β unlimited, per-line domain list with hover (pointers) tooltip, clickable domains (open site in new tab) (ui)
- New API Keys tab visible to users/resellers with can_use_api (not just admin) (ui/settings)
- New Reseller-delegation docs section on the portal Authentication api_doc page (docs)
- New Comprehensive dark-mode coverage β global Sec-Style-Attr shim + per-class theme-aware overrides; charts (Bandwidth/Disk/Statistics) get theme-aware axis labels, axis lines and grid lines; live-reactive via MutationObserver (ui)
- New Reusable dark-mode audit + autofix scripts at scripts/audit-dark-mode-gaps.py / scripts/autofix-dark-mode-gaps.py (devtools)
- New Terminal WebSocket integration smoke test at scripts/smoke-test-terminal-ws.py β 7 cases covering the auth chain (tests)
- Fixed API-key hardening: full scope enforcement on /api/v1/* protected routes, brute-force gate + audit logging on invalid keys, idempotency cache no longer caches one-time secrets, fail-closed enabled flag, constant-time hash compare, RNG error checked on key-ID gen, permission-vocab validation on create, step-up reauth on update/toggle (security/api)
- Fixed Reseller package privilege escalation closed β resellers pinned to their own owner namespace on list/get/update/delete user-packages; admins still pass explicit ?owner (security/api)
- Fixed Only 'all'-scoped API keys may hit /auth/login-as and /auth/sso/* (route-level apiKeyRequireAll) (security/api)
- Fixed Terminal WebSocket regression introduced by the WS-token migration to Sec-WebSocket-Protocol β fixed authMiddleware to read the subprotocol bearer, authMiddlewareForWS to accept wsp_ API keys, and handleTerminalWS to trust the middleware-validated user instead of re-parsing the token (terminal/auth)
- Fixed Modify User & Edit Package modals: vertical form layout (label above field) matching Reseller Settings (ui)
- Fixed Modify User: duplicate "Resource Limits" tab β quota tab renamed to "Limits", CPU/RAM/IO tab keeps "Resource Limits" with full i18n (ui)
- Fixed Reseller Package modal: full vertical layout + Malware Scanner switch (admin lever for can_grant_malware_scanner) (ui)
- Fixed API Key create modal: send expires_in (was expires_days), so the 1-year option now actually expires (ui)
- Fixed t('common.actions') no longer resolved on flat-merged i18n β re-pointed to wispanel.common.actions on packages & processes tables (i18n)
- Fixed 22 hardcoded Tabs.TabPane labels in 6 tamper/files components i18n'd under wispanel.security.tamper.tabs.* (i18n)
- Fixed modifyModal.features.tamperProtection key added (was raw on the Tamper Protection feature switch) (i18n)
- Fixed API Key Created modal code-box + Subdomain Create doc-root preview: theme-aware dark-mode (ui)
- Fixed Chmod modal columns / column titles / bottom-row borders: dark-mode contrast (ui)
55ff2a4
19.21 MB
Stay Updated
Get notified about new releases and updates by following our documentation.
Installation Guide
Run this command on your server to install or update WisPanel:
$ curl -sSL https://wispanel.com/install.sh | bash
Requires Ubuntu 22.04/24.04 or Debian 12 with root access.