v4.2.0

[github-actions]

v4.2.0

✨ Features

🌐 api:

• add permission validation for API endpoints (7f01625)
• add API v2 with consistent response wrapping (0551e8a)

🔐 auth:

• add SAML authentication support with user provisioning, closes [Bug]: PowerAdmin add SRV Entry poweradmin/poweradmin#789 (e8eb1ac)
• add user avatar support with OAuth and Gravatar integration (7fc4d3b)
• implement forgot username feature, closes Implement User Account Recovery and Password Reset Functionality poweradmin/poweradmin#578 (e2f7bda)
• implement session caching for LDAP authentication (a2cf55d)

🔧 ci:

• add workflow to publish releases on PR merge (8b6ee99)

⚙️ config:

• add validation for PowerDNS API configuration (c2c3708)
• add database-specific validation for pdns_db_name setting (4e94120)

🔧 dev:

• add Keycloak OIDC integration testing setup (3936903)

🌍 dns:

• enhance RFC 2317 classless reverse delegation validation, closes Reverse delegation poweradmin/poweradmin#85 (8928b82)
• add interactive wizards for complex DNS record types, closes Add wizard-style interfaces for DMARC, SPF, and DKIM record creation similar to ISPConfig poweradmin/poweradmin#685 (586b29e)

🔧 dns-wizard:

• improve form UI and configuration handling (b469728)

🔧 dns-wizards:

• improve form validation and UX (c1bc57b)
• improve form layout and validation handling (d09c213)
• redesign form UI and improve UX (7f9e325)

🔒 dnssec:

• add pre-flight zone validation before signing (9b5f6fe)
• add pre-flight validation to zone creation (af7a0f8)

🐳 docker:

• add MySQL separate PowerDNS database configuration support (69c9a91)
• added Google OAuth support (added Google OAuth support poweradmin/poweradmin#791) (aa88a9a)
• add Generic OIDC provider support for Authentik/Keycloak/Okta, closes [Bug]: docker-entrypoint.sh not accept all settings poweradmin/poweradmin#918 (9b204ca)

📧 mail:

• add logger transport for development debugging (50e3623)
• replace custom SMTP with Symfony Mailer, closes [Bug]: SMTP mail sends unrecognized commands poweradmin/poweradmin#774 (ba5f8d1)

🔧 oidc:

• add URL template processing for provider configurations (641d7b9)

🔧 pdns:

• add Basic Auth support for PowerDNS metrics endpoint, closes [Bug]: /metrics endpoint does not support Basic Auth poweradmin/poweradmin#800 (92cfb3c)

🛡️ permissions:

• separate zone deletion from edit permissions, closes add ability to disable zone removal poweradmin/poweradmin#97 (672796b)
• add preconfigured permission templates for common user roles (d889fbb)

📝 records:

• add disabled flag support to DNS record operations (00a43fb)
• enable edit operation on selected record (6dd2949)

🖥️ ui:

• add conditional API documentation link to tools menu, closes Feature request - API docs link poweradmin/poweradmin#749 (c1c2fbf)
• improve DNS wizard layout and navigation (e81ce67)
• enhance zone edit UX with configurable elements and improved layout, closes [Feature]: Redisgn proposal Zone Edit poweradmin/poweradmin#756 (a49f137)

🐛 Bug Fixes

🌐 api:

• add missing route for v1 permissions endpoint (555023b)
• resolve route parameter handling and method restrictions (2feaadd)
• correct OpenAPI documentation paths and route methods (1e63df9)
• resolve multiple API functionality and testing issues (c89f504)
• correct routing and CORS preflight handling (b8b0700)
• resolve Basic Auth TypeError when LDAP authentication is enabled, closes [Bug]: API basic auth not working if LDAP is enabled poweradmin/poweradmin#799 (751a175)
• make pagination optional for zones and users endpoints, closes [Bug]: API to list zones does not return all zones poweradmin/poweradmin#803 (078a3a0)
• update SOA serial on all record operations, closes [Bug]: SOA is not updating when deleting a record using the API. poweradmin/poweradmin#804 (63315d6)
• handle missing optional fields gracefully, closes [Bug]: Errors using "DS and DNS keys" poweradmin/poweradmin#818 (052a625)
• ensure consistent boolean return types for disabled and auth fields (c508650)
• exclude invalid records from V2 zones endpoint, closes [Bug]: Saving a zone or record causes ghost records in database poweradmin/poweradmin#914 (82b74b6)
• improve error handling across all V2 endpoints (5ddc5f6)
• remove unused Exception imports from v2 controllers (458bc44)
• filter PowerDNS ENT records from V2 API endpoints, closes [Bug]: Saving a zone or record causes ghost records in database poweradmin/poweradmin#914 (d6d38e7)

🔐 auth:

• resolve missing LDAP section in Add User form, closes Add User - LDAP Section is missing poweradmin/poweradmin#750 (8b6c78f)
• include used field in password reset token creation (a8ce4d6)
• enhance password reset token validation logging (eb2f67d)
• correct recovery code input validation length, closes [Bug]: Valid MFA recovery codes rejected by client-side validation poweradmin/poweradmin#784 (3814b87)
• improve scheme detection for callback URLs behind proxies, related to [Bug]: Issue with OIDC Azure poweradmin/poweradmin#783 (130d0b4)
• prevent external auth from overwriting existing auth methods (0886ad7)
• resolve orphaned user link issues in SAML/OIDC authentication (8ee4f75)
• use correct auth_type field instead of auth_method (477bc41)
• handle missing users table gracefully during authentication (b1c1800)

🔧 build:

• remove non-existent db directory from composer scripts (bb54a2c)
• remove non-existent tools directory from composer scripts (4d5ea5b)

🔧 ci:

• add Phan config to version control (c4d9ec0)
• resolve static analyzer configuration issues (812f4fb)
• remove unused property in TXTRecordValidator (c1e862a)
• format long test string to meet line length requirements (ddb323a)
• update auto-assign action to supported version (4b91669)
• prevent cross-branch tag contamination in Docker workflow (bb9c614)
• prevent version tags from updating latest tag (cdd845e)
• remove empty changelog-sections to enable Release Please (8b8b3e4)
• remove --with-dependencies from composer validate (6175750)
• pass release PR data via env variable to avoid URL length limit (540d9f7)
• correct git-cliff template filter syntax (f0aca03)
• check migration files by target version pattern (4d92299)
• simplify migration detection to avoid output passing issues (276724f)
• use body-file for PR creation to preserve backticks in markdown (7cc030a)
• use body-file for PR creation to preserve markdown formatting (3e90388)

🔧 compat:

• resolve PHP 8.1 compatibility issues in core components (c7e897f)
• improve type safety across controllers, services, and repositories (e182cb7)

⚙️ config:

• resolve validation errors in configuration migration from v3.9.2 to v4.0.0, resolves [Bug]: Conversion of configuration is giving invalid configuration results poweradmin/poweradmin#754 (0d9be30)
• remove non-existent directories from dotfiles (1de1154)
• remove tools directory blocking from web server configs, closes [Bug]: Viewing PDNS server status within docker blocked by Caddy preventing access to /tools* poweradmin/poweradmin#792 (87d7467)
• resolve Psalm type issues in URL port validation (b633c88)
• properly merge indexed arrays in configuration (74d61d5)

🔧 controllers:

• use request accessor for route parameters (8942c55)

🔧 csrf:

• ensure token generation and proxy compatibility, related to [Bug]: Error: Invalid CSRF token within add forward-zone or record to forward-zone poweradmin/poweradmin#787 (a5c7619)

🗃️ database:

• bind LIMIT and OFFSET as integers in filtered record queries, closes [Bug]: "msg":"SQLSTATE[42000]: Syntax error or access violation: 1064 poweradmin/poweradmin#810 (4af18af)
• use DbCompat for boolean column comparisons in PostgreSQL, closes [Bug]: Signing zones with DNSSEC is not possible poweradmin/poweradmin#819 (295a8dd)

🗃️ db:

• ensure password reset tokens used field has proper default value (07a179d)
• standardize boolean parameter binding for MySQL strict mode compatibility, closes [Bug]: account_lockout: PDO execute([...]) sends '' for false (MySQL 1366) poweradmin/poweradmin#788 (037f64b)

🔧 deps:

• resolve corrupted composer.lock with invalid package dependencies (1e8a84f)
• restore ext-tokenizer requirement for API documentation (9a7c222)

🔧 devcontainer:

• add 172.19.0.0/16 to PowerDNS webserver ACL (5dd9628)
• improve service dependencies and database support (8af2d87)

🌍 dns:

• correct SRV record validation to match PowerDNS format requirements, closes [Bug]: Cannot add SRV Records poweradmin/poweradmin#755 (14dc8e5)
• allow multiple instances of SPF mechanisms (42193b3)
• exclude reverse zones from forward zone listings (da1789d)
• remove 255-byte TXT validation to support long DKIM records, closes [Feature]: Support automatic splitting of long TXT records (e.g., DKIM) into 255-byte strings, or provide a configurable TXT length option poweradmin/poweradmin#809 (5a96e40)
• use consistent FQDN handling across record creation flows, closes [Bug]: Record comment isn't saved while adding record poweradmin/poweradmin#814 (ac2eab4)
• validate empty strings in IDN conversion (b73f4d9)

🔒 dnssec:

• correct DS/DNSKEY button routing, closes [Bug]: Show DS and DNSkey button in DNSSEC is not working as expected poweradmin/poweradmin#775 (0348236)
• improve input validation and error handling for key management (06f20c9)
• standardize permission checks across all DNSSEC controllers, closes [Bug]: In DNSSEC within forward-zone add new key leads to You do not have the permission to view this zone. poweradmin/poweradmin#778 (03ccb47)

🐳 docker:

• resolve container startup validation logic, closes [Bug]: Issues starting container with PDNS API enabled poweradmin/poweradmin#766 (9f4e9eb)
• correct heredoc syntax in entrypoint script (db91f87)
• update OIDC Azure AD configuration and metadata URL handling (fix(docker): update OIDC Azure AD configuration and metadata URL handling poweradmin/poweradmin#785) (438d0af)
• add ldap extension for LDAP authentication support, closes [Bug]: LDAP Authentication PHP poweradmin/poweradmin#812 (ee7da53)
• improve container health check and database initialization, closes [bug] Docker HealthCheck of Caddy Administrative Port poweradmin/poweradmin#851 (e461071)
• capture admin user insert result before case statement ends (3204546)
• update FrankenPHP base image to 1.10-php8.4-alpine, closes Outdated docker frankenphp image poweradmin/poweradmin#877 (a51c09d)
• update base packages to resolve security vulnerabilities (e85a1b0)

🔧 forms:

• make DNSSEC opt-in instead of enabled by default (307034f)

🌐 i18n:

• improve pagination error messages in log controllers (6d99bc8)

📥 install:

• add missing xml extension check in requirements step (9ed0668)

🔧 notifications:

• only send zone access emails on successful database operations (525ef4f)

🔧 oidc:

• fix scope format to comply with OAuth2 specification, related to [Bug]: Issue with OIDC Azure poweradmin/poweradmin#783 (ca99289)
• resolve user provisioning failures, related to [Bug]: Issue with OIDC Azure poweradmin/poweradmin#783 (0cfb9a2)
• improve authentication service implementation (d59035c)
• enable proper user logout flow (75e49fb)

🛡️ permissions:

• prevent non-superusers from modifying superuser accounts (460a5d2)

📝 records:

• exclude invalid database entries from queries, closes [Feature]: Ignore records without type (these are created by PowerDNS) when searching by keyword poweradmin/poweradmin#758 (d477adc)
• validate zone existence before name normalization (b861556)
• add table prefix to ORDER BY clause, closes [Bug]: Searching a RR in a zone throw error poweradmin/poweradmin#919 (3934701)

🔧 renovate:

• remove PHP constraint to fix install-tool failure (5a12294)
• correct composer update options (d5b46db)

🔀 routing:

• update template URLs to use proper query syntax (d4335b8)

🔍 search:

• reload page instead of submitting empty search form, closes [Bug]: Page crashes on clearing search field poweradmin/poweradmin#815 (1545359)

🗄️ sql:

• enforce integer binding for pagination parameters in all queries (83ee679)
• enforce explicit PDO parameter types in user operations (f6992ee)
• add primary key to records_zone_templ table, closes compatibility issue with mysql innodb cluster poweradmin/poweradmin#906 (9252c44)

🔧 status:

• remove color classes preventing dark mode visibility, closes [Bug]: 'Other Metrics' tab text is not visible in dark mode poweradmin/poweradmin#801 (e3aac03)

📋 templates:

• correct password reset form action URLs (39a9cc0)
• add input validation and encoding for record operations (ad40149)
• correct pagination URL for template zone listing (da1557b)

🧪 tests:

• resolve static analysis issues in integration tests (f94d4bb)
• resolve test failures and improve type conversion handling (c899b7e)
• correct test counting logic in API test suite (4aee9cf)
• correct mock configuration in unit tests (8637fed)

🔧 theme:

• gracefully handle removed legacy themes with fallback ([Bug]: iface_style not found when use a old config poweradmin/poweradmin#899) (ee0435a)
• remove reference to non-existent migrate-config.php on master (c3a87ee)

🖥️ ui:

• correct pagination calculation when filters are applied, closes Pagination in the Zones Search poweradmin/poweradmin#748 (593373a)
• remove extra closing divs breaking footer layout in PDNS status page (2cdfe47)
• prevent dark mode flickering by loading correct theme stylesheet early (29c3064)
• improve dark theme visibility and styling consistency (0dd70ae)
• clear form data when switching between zones, closes [Bug]: Add new record does not clear on reload/zone change after error poweradmin/poweradmin#769 (6533732)
• change warning to info message for successful saves without changes, related to [Feature]: allow save zones without making any changes poweradmin/poweradmin#762 (ba6b147)
• restore original footer layout for non-authenticated pages (c528475)
• disable browser autofill for user creation, closes [Bug]: Username and Password pre-filled on new User Account creation poweradmin/poweradmin#782 (1c2c395)
• enable sorting by owner, id, and disabled status, closes [Bug]: Sorting by owner / id / disabled triggers “Invalid ORDER BY column” poweradmin/poweradmin#781 (6ff3fb1)
• update template URLs to use proper query parameter syntax (e379def)
• correct filter form redirect in zone edit views, closes [Bug]: Filter within forward-zones and other list views redirects to dashboard after apply poweradmin/poweradmin#786 (ae0f074)
• replace legacy form actions with proper URLs in log templates (a908bd2)
• improve icon visibility on outline button hover states (1f05734)
• correct URL query parameter syntax in refresh forms, closes [Bug]: PDNS Server Status refresh wrong URL poweradmin/poweradmin#793 (c23a190)
• enhance user preferences and navigation consistency (dc2f13a)
• standardize navigation icon sizes and spacing (b337e91)
• improve log table layout and prevent text overflow, closes [Bug]: Long log lines in the Zone log are causing the table to run out of frame poweradmin/poweradmin#772 (cb69f64)
• correct checkbox handling in multi-record add form, closes [Bug]: Multi-record mode create only first PTR record poweradmin/poweradmin#807 (0eefdb5)
• hide DNS record wizard in reverse zones (b798693)
• improve spacing in zone edit layout (e38eea4)

✅ validation:

• support record type prefixes in LUA validator, closes [Bug]: Unable to use some LUA records formats poweradmin/poweradmin#770 (d946628)
• improve IP address validation, closes [Bug]: Unable to add AAAA for Shopify poweradmin/poweradmin#794 (923e56a)

📁 zones:

• allow slave zone creation with delegation NS records, closes [Bug]: Fail to add new slave zone poweradmin/poweradmin#802 (1fc14f6)
• correct form submission for bulk record deletion, closes [Bug]: Delete record failed: document.getElementById('delete-records-form') is null poweradmin/poweradmin#842 (1d3242e)

⚡ Performance

🗃️ db:

• add indexes to improve query performance (14fcf2c)

♻️ Refactoring

🌐 api:

• clean up routing configuration and remove unused components (450930b)
• improve basic auth stateless implementation (19e530b)

🔧 ci:

• enhance release workflow with emoji formatting and migrations (83b7277)

🔧 csrf:

• centralize token management and improve code consistency (7ab5cf4)

🔒 dnssec:

• improve key toggle implementation and error handling, closes [Bug]: Invalid or unexpected input given within deactivate key in DNSSEC poweradmin/poweradmin#780 (54c7abb)

🐳 docker:

• simplify OIDC provider configuration (f047dd1)

🔧 emails:

• use template inheritance for email templates (e7cf35f)

📥 install:

• centralize system requirements configuration (c79472e)
• improve clarity and fix Symfony Request API usage (2ebaf40)

🔧 model:

• ensure CryptoKey ds property is always an array, closes [Bug]: Errors using "DS and DNS keys" poweradmin/poweradmin#818 (5430302)

📋 templates:

• simplify zone template help text (4d7baa6)

🔧 types:

• standardize zone ID and owner ID to integer types (74abb2c)

🖥️ ui:

• replace placeholder cards with functional dashboard in modern theme (5f797e9)
• improve layout by relocating version and theme controls, closes [Feature]: UI improvement suggestion now that we have the sidebar menu in place poweradmin/poweradmin#773 (0ac7e5f)
• add conditional footer branding for non-authenticated users (898857e)
• align header heights and optimize footer rendering (4c62d33)
• improve DNS wizard form styling and compactness (af08a69)
• optimize zone edit layout and restore bulk operations (3a238df)

👥 users:

• remove redundant authentication column from user list (d3a9fc8)

security

📦 Database Migrations

The following database update scripts are included in this release:

• sql/poweradmin-mysql-update-to-4.2.0.sql
• sql/poweradmin-pgsql-update-to-4.2.0.sql
• sql/poweradmin-sqlite-update-to-4.2.0.sql

Note: Run the appropriate update script for your database type (mysql, pgsql, or sqlite) before upgrading.