Back to Changelog

v1.0.355

Minor Release Released July 8, 2026

Orphan cleanup hardening, backend memory reduction, fresh-install fix, and a fail2ban self-ban fix (panelica-server 1.0.351-1.0.354).

New Feature

1
  • Added orphan reaper reconciliation for Linux users, home directories, PHP-FPM pools, DKIM keys, and cgroup slices left behind by failed or partial deletions.

Improvements

5
  • Startup health-check reconciliation now runs in the background instead of blocking backend boot.
  • Backend memory usage significantly reduced by removing 30 embedded language translation dumps from the binary; translations are now served from disk.
  • Removed UPX binary packing, eliminating a persistent RAM overhead with no real security benefit (symbol stripping already protects against casual inspection).
  • Backend restarts are faster since translation bundles no longer require a large database read on every startup.
  • Private network ranges (LAN/VPN) are now always excluded from fail2ban bans, protecting administrators who manage the panel from an internal network.

Bug Fixes

9
  • User deletion now leaves zero orphaned resources; OS cleanup runs asynchronously with a bounded concurrency limit to avoid overload.
  • Domain deletion no longer leaves orphaned DKIM keys (exact-match cleanup) and batches all service reloads so bulk deletes no longer hang.
  • Fixed a systemd daemon-reload storm during mass user deletion by removing volatile timestamps from cgroup slice unit content and bounding reload calls.
  • Bulk delete operations that exceed the request timeout now correctly report as continuing in the background instead of surfacing as an error.
  • Fixed a fresh-install issue where the English i18n seed migration could fail to create keys and namespaces, affecting new installations.
  • The on-disk translation bundle writer is now merge-safe: translation keys that exist on disk but are missing from the database are preserved instead of being overwritten, guaranteeing no translation can ever be silently lost during a sync.
  • Fixed fail2ban banning admins from their own panel: the admin-login filter matched any 401 response, including harmless background API calls (notifications, settings, update checks), so normal panel use could trigger a self-ban.
  • The panel-admin fail2ban filter is now bundled inside the server binary itself, so this fix reaches existing installs immediately on update instead of requiring a separate config file.
  • Fixed a health check that reported fail2ban as not running even when it was healthy.
See the Demo