Download Latest Version
v2.2.2.tar.gz (509.5 kB)
Get an email when there's a new version of Poweradmin
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| poweradmin-poweradmin_4_3_2.spdx.json | 2026-05-10 | 711.0 kB | |
| README.md | 2026-05-10 | 3.6 kB | |
| v4.3.2 source code.tar.gz | 2026-05-10 | 12.7 MB | |
| v4.3.2 source code.zip | 2026-05-10 | 17.1 MB | |
| Totals: 4 Items | 30.5 MB | 0 | |
✨ Highlights
Patch release for the 4.3.x line. Focus is API-mode zone handling (ownership, DNSSEC, record counts), template sync correctness, and the same proxy-header / group-zone hardening shipped in 4.2.3.
🐛 Fixes
API-mode zone handling
- Reverse zones show every assigned owner, dedupe duplicates, and hide the phantom owner icon when no owner is set (#1180, #1182).
- DNSSEC status is now displayed on forward zones in API mode (#1179).
- Record counts on reverse zones and the dashboard are sourced from the PowerDNS API instead of stale local cache (#1164).
- Zone kind is synced from the API rather than stale local state (#1208).
- Forward zones column hidden when the feature is disabled; serial and template populate correctly (#1186).
- SOA inline editing allowed for users with full edit permission.
- Cross-zone row collisions in API mode are prevented by resolving the canonical row.
- Reverse Zones page triggers an API sync on first visit so fresh installs see zones immediately, with sync inserts wrapped in a transaction.
Templates and records
- Zone template sync uses
zones.idrather thandomain_id(#1210). - Template content listing preserves consecutive spaces (#1212).
- API-mode templates skip PDNS table queries that don't apply (#1187) and skip
records_zone_templdeletes for encoded record IDs (#1206). - RecordLog accepts string record IDs from API mode (#1164).
- Bulk record add correctly handles CSV escaping (#1199).
- CNAME validation accepts numeric-string record IDs from the GUI (#1202).
- Bulk registration template links to group/user management with correct permission gating (refs #1201).
- 404 page now fits the viewport without scrolling.
API and permissions
- Users API keeps
auth_methodin sync whenuse_ldapis toggled (#1195). - API record edits honor the
zone_content_edit_own_as_clientpermission (#1203). - Group-owned zones show the correct edit/delete controls in zone search and zone lists (#1200, #1194).
Security and audit
- Forwarded-IP headers (
X-Forwarded-For,X-Real-IP,Client-IP) are only honored when the peer (REMOTE_ADDR) is a private or loopback address. Direct-internet deployments stop trusting client-supplied headers, preventing audit-log spoofing and per-IP rate-limit bypass. - DNSSEC sign events are logged in the zone activity feed alongside unsign events.
📦 Upgrading
Drop-in replacement for v4.3.1. PHP 8.2+ required (unchanged).
Full changelog: https://github.com/poweradmin/poweradmin/compare/v4.3.1...v4.3.2
