Hi I've created a new thread as the last one grew a bit too big, plus there was such a big break between 20C and this release 20D.
I'll be finalising this build at some point tomorrow for official release, just want to make sure I haven't broken anything with my latest updates as I've changed basically every single file...
The focus of this release has been on security, as Xtream UI has become a target for hackers. Although there aren't any SQL injection points in XC UI, there wasn't a flood limit introduced so weak passwords were able to be bruteforced. This is conjecture as I'm unsure if anyone has been hacked, and if so, where the weak spot was, however if I were to try and break into an Xtream UI dashboard that's how I'd do it! So I've added a bunch of security methods to protect everyone here over Christmas.
The biggest weak spot I've seen so far has been WHMCS, just be wary!
Merry Christmas All!
Changelog (R20D):
Changelog (R20 - R20C):
I'll be finalising this build at some point tomorrow for official release, just want to make sure I haven't broken anything with my latest updates as I've changed basically every single file...
The focus of this release has been on security, as Xtream UI has become a target for hackers. Although there aren't any SQL injection points in XC UI, there wasn't a flood limit introduced so weak passwords were able to be bruteforced. This is conjecture as I'm unsure if anyone has been hacked, and if so, where the weak spot was, however if I were to try and break into an Xtream UI dashboard that's how I'd do it! So I've added a bunch of security methods to protect everyone here over Christmas.
The biggest weak spot I've seen so far has been WHMCS, just be wary!
Merry Christmas All!
Changelog (R20D):
- Added reCAPTCHA V2 - Add API keys in settings to enable.
- Added flood limit on login to ban bruteforce and bots. Enable in settings.
- Added minimum password length setting, will force resellers to update their password. Enable in settings.
- Reinforced SQL statements, especially in the Smarters Reseller API.
- Escaped html inputs for security, plus correct display of quotes.
- Login session will self destruct if IP changes during use. Cookie can't be stolen now!
- Added cookie field to Streams.
- Removed MySQL credentials from Admin interface for security purposes.
- Removed database editor from Admin interface for security purposes.
- Disabled download of backups for security purposes.
- Enhanced Process Monitor, now shows far more information.
- Added ability to clear temp and streams directory from Process Monitor.
- Added option to disable trial generating for all resellers temporarily. i.e. during PPV.
- Further secured API and table generator from resellers.
- Various other security enhancements.
- Added donate links to the Settings page, what? I do what I want, don't judge me
Changelog (R20 - R20C):
- Added a separate option to Created Channels to allow you to select VOD directly from a server instead of manually finding it.
- Added Radio.
- Added a button to flush iptables and remove all IP bans.
- Added Portuguese - Brazil to TMDb languages.
- Native Frames off by default now for VOD.
- Added new Python parser. Enable in settings.
- Improved TMDb matching in general through folder watch.
- URL's with spaces can now be imported through m3u's.
- Added episode number to Add / Edit Episode page.
- Modified mass TMDb edit to parse season and episode number from filename.
- Fixed missing series title in bouquets.
- Fixed mass edit radio.
- Integrated process monitor BETA. Use it to debug your high memory / cpu usage issues. See below notes.
- Revised process monitor, now shows all processes from all users. Changed memory to MB instead of %.
- Added MAG Device Types to settings, will allow you to add / remove allowed MAG's. Use this to add MAG420 for example.
- Added user count to resellers page as per requests.
- Fixed timeshift only toggle not turning off in servers.
- Removed threshold setting for process monitor, best to just show everything.
- Added stream cleanup to stream tools. Will delete unnecessary streams from streams_sys as improve performance.
- Added reset settings command, will reset settings to proper Xtream Codes defaults. Backup first! In Settings -> Database
Last edited: