AddOn

Bugfixes

Namespace Issue Fix

• Fixed: disk_free_space() function call in SecurityAdvisor
• Root Cause: Missing global namespace prefix in namespaced PHP code
• Solution: Added backslash prefix to call global function correctly

Multidomain Maintenance Mode

• Fixed: Domain-based maintenance mode now correctly respects individual domain settings
• Root Cause: Frontend check was running before YRewrite was fully loaded
• Solution: Moved check to PACKAGES_INCLUDED extension point

Improvements

Domain Status Overview

• Added domain status panel in frontend maintenance settings
• Shows which domains are locked vs accessible at a glance
• Dynamic toggle when switching between Active/Inactive

Security

• Added script nonce for Content Security Policy (CSP) compliance

Upgrade Notes

• No breaking changes
• Simply update to fix namespace and multidomain maintenance issues

Full Changelog: https://github.com/KLXM/upkeep/compare/2.2.1...2.2.3

Bugfixes

Multidomain Maintenance Mode

• Fixed: Domain-based maintenance mode now correctly respects individual domain settings
• Root Cause: Frontend check was running before YRewrite was fully loaded
• Solution: Moved check to PACKAGES_INCLUDED extension point

Improvements

Domain Status Overview

• Added domain status panel in frontend maintenance settings
• Shows which domains are locked vs accessible at a glance
• Dynamic toggle when switching between Active/Inactive

Security

• Added script nonce for Content Security Policy (CSP) compliance

Upgrade Notes

• No breaking changes
• Simply update to fix multidomain maintenance issues

Full Changelog: https://github.com/KLXM/upkeep/compare/2.2.0...2.2.1

New Features

Module Deactivation System

• Selective Module Control: Administrators can now disable Security Advisor, Mail Security, Reporting, and IPS modules individually
• Dynamic Navigation: Menu items for deactivated modules are automatically hidden from the navigation
• Smart Dashboard: Dashboard content adapts dynamically based on which modules are active

Enhanced Admin Interface

• Module Status Overview: New status panel in admin dashboard showing active/inactive modules at a glance
• Comprehensive Settings: Centralized admin settings page for module configuration
• Visual Indicators: Clear visual feedback with green/gray labels for module status

Improvements

User Experience

• Reduced Interface Complexity: Users can hide unused security features to focus on what matters
• Cleaner Dashboard: Only relevant information is displayed based on active modules
• Intuitive Controls: Simple checkboxes to enable/disable modules

Technical Enhancements

• Language Support: Full German and English translations for module configuration
• Clean Code: Removed all debug outputs for production readiness
• Robust Configuration: Dual storage system for reliable module state management

Use Cases

This release addresses user feedback about interface overload. Perfect for:

• Simplified Setups: Disable unused security modules for cleaner interface
• Focused Workflows: Show only relevant tools to specific user groups
• Gradual Adoption: Enable modules progressively as teams grow

Installation

1. Download the latest release
2. Extract to your REDAXO addons directory
3. Install via REDAXO addon manager
4. Configure modules in System → Upkeep → Admin Settings

Upgrade Notes

• Existing installations will have all modules enabled by default
• No breaking changes - fully backward compatible
• Previous configurations remain intact

Full Changelog: https://github.com/KLXM/upkeep/compare/v2.0.0...2.1.0

• 🔧 Maintenance Modes: Frontend/Backend separately controllable
• 🌐 Multilingual Maintenance Pages: Professional multilingual user interface
• 🔀 URL Redirects: With wildcard support (/old/* -> /new/*)
• 🛡️ Intrusion Prevention System (IPS): Automatic protection against attacks
• 📊 Security Advisor: SSL certificates, Live-Mode checks, CSP management
• 💾 Mail Security: Badword filter and spam protection for PHPMailer
• *' Mail Reporting**: Comprehensive email reports for all security events
• 🏥 System Health API: JSON/Plain text monitoring endpoints for external tools
• 📈 Dashboard: Live status of all systems with quick actions
• ⚡ API/Console: Remote management capabilities

Danke @iceman-fx für das Testing

What's Changed

• 2.0 by @skerbis in https://github.com/KLXM/upkeep/pull/34
• Rename Blacklist to Blocklist throughout codebase by @Copilot in https://github.com/KLXM/upkeep/pull/36
• Fix YAML syntax errors in package.yml - quote icon and permission values by @Copilot in https://github.com/KLXM/upkeep/pull/42
• Refactor translations: Remove hardcoded text and add complete translation coverage by @Copilot in https://github.com/KLXM/upkeep/pull/44
• Fix frontend and backend maintenance mode not triggering by @Copilot in https://github.com/KLXM/upkeep/pull/46
• Fix: Verhindere Admin-Aussperrung im Impersonate-Modus bei aktivem Wa… by @skerbis in https://github.com/KLXM/upkeep/pull/50
• Fix admin lockout impersonate mode by @skerbis in https://github.com/KLXM/upkeep/pull/51

Full Changelog: https://github.com/KLXM/upkeep/compare/1.8.1...2.0.0

What's Changed

• Fix: Verhindere Admin-Aussperrung im Impersonate-Modus bei aktivem Wa… by @skerbis in https://github.com/KLXM/upkeep/pull/50

Full Changelog: https://github.com/KLXM/upkeep/compare/2.0.0-beta2...2.0.0-beta3

What's Changed

• Refactor translations: Remove hardcoded text and add complete translation coverage by @Copilot in https://github.com/KLXM/upkeep/pull/44
• Fix frontend and backend maintenance mode not triggering by @Copilot in https://github.com/KLXM/upkeep/pull/46

Full Changelog: https://github.com/KLXM/upkeep/compare/2.0.0-beta1...2.0.0-beta2

• 🔧 Maintenance Modes: Frontend/Backend separately controllable
• 🌐 Multilingual Maintenance Pages: Professional multilingual user interface
• 🔀 URL Redirects: With wildcard support (/old/* -> /new/*)
• 🛡️ Intrusion Prevention System (IPS): Automatic protection against attacks
• 📊 Security Advisor: SSL certificates, Live-Mode checks, CSP management
• 💾 Mail Security: Badword filter and spam protection for PHPMailer
• *' Mail Reporting**: Comprehensive email reports for all security events
• 🏥 System Health API: JSON/Plain text monitoring endpoints for external tools
• 📈 Dashboard: Live status of all systems with quick actions
• ⚡ API/Console: Remote management capabilities

What's Changed

• 2.0 by @skerbis in https://github.com/KLXM/upkeep/pull/34
• Rename Blacklist to Blocklist throughout codebase by @Copilot in https://github.com/KLXM/upkeep/pull/36
• Fix YAML syntax errors in package.yml - quote icon and permission values by @Copilot in https://github.com/KLXM/upkeep/pull/42

Full Changelog: https://github.com/KLXM/upkeep/compare/1.8.1...2.0.0-beta1

Links im Dashboard korrigiert

✨ Neue Features:

• Mehrsprachige Frontend-Wartungsseiten mit Repeater-Interface
• Animierte Sprachauswahl mit neutralem Design (Weltkugel + Sprachcodes)
• Cookie-basierte Sprachpräferenzen für Folgebesuche
• URL-Bypass mit Session-Management für autorisierten Zugang
• Erste Sprache im Repeater dient automatisch als Standard

🔧 Backend-Verbesserungen:

• Benutzerfreundliche Repeater-Konfiguration für Sprachen
• Entfernung redundanter Standard-Sprachen-Einstellung
• Installation mit mehrsprachigen Standard-Texten

🎨 Frontend-Features:

• Apple-ähnliche Rotationsanimationen beim Sprachwechsel
• Responsive Design für alle Bildschirmgrößen
• Semantische HTML-Struktur für Barrierefreiheit
• Dark/Light-Mode-Unterstützung via CSS Custom Properties

🛡️ Sicherheit:

• Session-Management für Bypass-Funktionalität
• Integration mit bestehenden Passwort- und IP-Schutz
• Sichere Cookie-Handhabung für Sprachpräferenzen"

Fixed: https://github.com/KLXM/upkeep/issues/31
Fixed: https://github.com/KLXM/upkeep/issues/29

Danke @iceman-fx

fixed: https://github.com/KLXM/upkeep/issues/28

Full Changelog: https://github.com/KLXM/upkeep/compare/1.7.0...1.7.1

Upkeep AddOn - Domain-Redirect Berechtigungen & Toggle Buttons

Implementierte Features

1. Domain-Mapping eigene Berechtigung

• Neue Berechtigung: upkeep[domain_mapping]
• Getrennt von: upkeep[domains] (Domain-Verwaltung)
• Zugriff: Separate Kontrolle über Domain-Redirects

2. Toggle Buttons für das Dashboard

Wie in GitHub Issue #26 gewünscht - schnelle Toggle-Switches für:

• Frontend Wartungsmodus
• Backend Wartungsmodus
• Domain-Redirects

3. Dashboard vollständig übersetzt

Neu:

• Domain-Redirects 😀 www. non.-www und IDN-Domains
• Intrusion-Prevention-System verbessert , Fail2ban Support u.vm.
• Viele viele Verbesserungen
• Englische Übersetzung

What's Changed

• Enhanced Manual IP Blocking with Detailed Error Handling, CIDR Support, and Bulk Import by @Copilot in https://github.com/KLXM/upkeep/pull/24
• Add configurable IPS system logging to prevent REDAXO log flooding by @Copilot in https://github.com/KLXM/upkeep/pull/25

New Contributors

• @Copilot made their first contribution in https://github.com/KLXM/upkeep/pull/24

Full Changelog: https://github.com/KLXM/upkeep/compare/1.6.0-beta2...1.6.0-beta3

Die Default-Patterns können jetzt bearbeitet werden.

New:

• Dashboard
• Fail2ban compatible Logging
• EP for custom Logging file formatting
• Fixed some Issues reported by: @dergel and @iceman-fx

Features 1.3.0 - 1.5.0

Wartungsmodi

• Frontend-Wartungsmodus: Zeigt Besuchern eine elegante Wartungsseite an
• Backend-Wartungsmodus: Sperrt den Backend-Zugang für bestimmte Benutzergruppen
• Domain-spezifische Sperren: Für Multidomains mit YRewrite
• Flexible Berechtigungen: Wartungsmodi können unabhängig voneinander aktiviert werden
• Passwort-Bypass: Zum Testen des Frontends im Wartungsmodus
• IP-Whitelist: Mit einfacher Übernahme der aktuellen IP-Adresse

URL-Redirects

• Wildcard-Unterstützung: Flexible URL-Umleitungen mit Platzhaltern (old-blog.com/posts/* → new-blog.com/articles/*)
• Pfad-Ersetzung: Automatische Übertragung von URL-Parametern
• HTTP-Status-Codes: Konfigurierbare Redirect-Codes (301, 302, 303, 307, 308)
• Path-Traversal-Schutz: RFC-konforme Domain-Validierung

Intrusion Prevention System (IPS) 🛡️

• Echtzeit-Bedrohungserkennung: Automatische Erkennung von Angriffsmustern
• CMS-spezifische Patterns: Schutz vor WordPress, TYPO3, Drupal und Joomla Exploits
• Scanner-Erkennung: Erkennt Pentest-Tools (Nikto, SQLMap, Burp Suite, etc.)
• Positivliste mit Ablaufzeiten: Ausnahmen für vertrauenswürdige IPs (permanent oder temporär)
• Manuelle IP-Blockierung: Gezielte Sperrung mit konfigurierbarer Dauer
• CAPTCHA-Entsperrung: Menschliche Verifikation mit automatischer Rehabilitation
• Bot-Erkennung: Intelligente Erkennung legitimer Bots (Google, Bing, etc.)
• Optionales Rate Limiting: DoS-Schutz (standardmäßig deaktiviert - Server sollte das machen)
• Custom Patterns: Eigene Bedrohungsmuster mit Regex-Unterstützung
• Umfassende Protokollierung: Detaillierte Logs aller Sicherheitsereignisse
• Automatische Bereinigung: Selbstreinigende Datenbank-Logs

Backend-Integration

• Status-Indikatoren: Live-Anzeige der aktiven Systeme (B/F/R/S)
• Frontend-Tooltips: Benutzerfreundliche Inline-Hilfen für alle Konfigurationsfelder
• Responsive Design: Optimiert für Desktop und Mobile
• Konsolen-Befehle: Für Remote-Management
• REST-API: Zur Steuerung aus der Ferne

thx to @iceman-fx for reporting🚀

⚡ Breaking Change - Execution Order:

• Wartungsmodus-Prüfung ZUERST (Frontend + Backend)
• URL-Redirects erst NACH Wartungsmodus-Prüfung
• Verhindert Umgehung des Wartungsmodus durch Redirects

🎯 Improved Logic:

• Wartungsseite hat nun Vorrang vor automatischen Weiterleitungen
• Konsistente User Experience bei aktivem Wartungsmodus
• Domain-spezifische Wartung kann nicht mehr durch Redirects umgangen werden

📋 Technical Details:

• Frontend: checkFrontend() → checkDomainMapping()
• Backend: checkBackend() → checkDomainMapping()
• Sicherheitspriorisierung: Wartung vor Weiterleitung"

What's Changed

• Feature/wildcard and Domain redirects by @skerbis in https://github.com/KLXM/upkeep/pull/2

New Contributors

• @skerbis made their first contribution in https://github.com/KLXM/upkeep/pull/2

Full Changelog: https://github.com/KLXM/upkeep/compare/1.1.0...1.2.0

Neu: Übernahme der Server-IP per Click

Features der 1. Version

• Frontend-Sperre mit eleganter und anpassbarer Wartungsseite
• Backend-Sperre für Redakteure (Admins haben immer Zugriff)
• Domain-spezifische Sperren für Multidomains mit YRewrite
• Passwort-Bypass zum Testen des Frontends im Wartungsmodus
• Automatischer Zugang für angemeldete Benutzer (konfigurierbar)
• IP-Whitelist mit einfacher Übernahme der aktuellen IP-Adresse
• Konfigurierbare HTTP-Statuscodes (503, 403, 307) mit Retry-After Header
• Konsolen-Befehle für Remote-Management
• API zur Stuerung aus der Ferne