Poweradmin 4.2.3 & 4.3.2
patch releases and what's coming in 4.4.0
Some of you already noticed that new patch releases are out - I just didn’t have time to write about them. Both went up yesterday: 4.2.3 on the stable 4.2.x line and 4.3.2 on the newer 4.3.x line. 4.4.0 is right behind them.
One thing up front: 4.3.x isn’t fully stable yet. A lot of the work going into it is around API-backend-only support (the mode where Poweradmin talks to PowerDNS over HTTP instead of reading its database), and that path is still experimental. It’s steadier with every patch, but if stability matters more than new features, 4.2.x is still the line to be on.
If you do want to move from 4.2.x to 4.3.x, follow the migration path from the earlier releases - run each SQL migration script in order, don’t skip versions.
🛠️ 4.2.3
Bugfix release for the 4.2.x line. Changes since v4.2.2:
🔒
X-Forwarded-For,X-Real-IPandClient-IPare now only trusted when the peer is on a private or loopback address. If you ran Poweradmin directly on the public internet, anyone could spoof these and poison audit logs or sidestep per-IP rate limits. Cherry-picked to 4.3.x, master and develop too.#1200, #1194 - Group-owned zones now show edit/delete controls everywhere, not just on the dashboard.
#1192 - On PostgreSQL, strict typing on
record_comment_linkswas breaking zone editing and record search. The join now casts both sides.#1199 - Bulk record add was choking on CSV content with quotes or backslashes.
#1202 - CNAME validator was rejecting numeric-string IDs coming back from the GUI.
#1203 - API record edits now honor
zone_content_edit_own_as_client, same as the web UI.#1195 - Users API now keeps
auth_methodanduse_ldapin sync when either is toggled.#1210, #1212 - Zone template sync was using the wrong column on some installs, and the content listing was eating consecutive spaces.
🌍 The 404 page no longer needs a scroll bar.
Drop-in replacement for v4.2.2. PHP 8.2+ still required.
🛠️ 4.3.2
Bugfix release for the 4.3.x line. Most of the changes are in API mode - when Poweradmin talks to PowerDNS over HTTP instead of reading the database. The proxy header and group-zone fixes from 4.2.3 are in here too.
#1180, #1182 - Reverse zones in API mode were either missing owners, showing duplicates, or showing a phantom owner icon when nobody was assigned. All three are fixed.
#1179 - DNSSEC status now shows on forward zones in API mode (it already worked for reverse).
#1164 - Record counts on reverse zones and the dashboard are pulled from PowerDNS instead of a stale local cache, so the numbers actually match reality.
#1208 - Zone kind (Primary/Secondary/Native) is synced from the API too.
#1186 - When forward zones are disabled, the column is hidden. When they’re enabled, serial and template actually populate.
✨ Inline SOA editing now works for any user with full edit permission, not just admins.
#1187, #1206 - API-mode templates stopped emitting noisy errors from PDNS table queries that didn’t apply, and template sync skips deletes for encoded API record IDs.
📝 DNSSEC sign events are now logged in the zone activity feed. Previously only unsign was being recorded, which is an odd half of the picture.
Plus the same proxy header, group-zone, Users API, record permission, bulk CSV and CNAME validator fixes shipped in 4.2.3.
Drop-in replacement for v4.3.1. PHP 8.2+ still required.
🚀 What’s next - 4.4.0
This is the one I’m spending most of my time on. The headline is that Poweradmin now asks PowerDNS what version it’s running and adapts the UI accordingly. A lot of stuff that’s been gated for years - because it needed PowerDNS 4.5 or 4.7 or 5.0 - finally just lights up when your backend supports it.
Some of what’s already in master:
✨ PowerDNS capability detection. Dashboard shows the connected version. Record types you can’t actually use are hidden from the forms, and metadata kinds you can’t use show a “Requires 4.X+” hint instead of failing silently. The last-modified record column appears on PowerDNS 4.9+.
✨ Labels follow the backend. Master/Slave becomes Primary/Secondary on PowerDNS 4.5+. Supermasters becomes Autoprimaries on 4.6+. Producer/Consumer zone kinds show up on 4.7+.
✨ Views & Networks for PowerDNS 5.0, manageable from the UI.
🔒 DNSSEC PEM key import/export on PowerDNS 4.7+. The CSK guidance alert is now only shown on legacy pre-4.0 servers, where it actually applies. DS and DNSKEY records can be copied to clipboard (#1177).
✨ Manual sync-from-PowerDNS button on Forward Zones. PowerDNS API errors now surface on the dashboard for admins with HTTP status and a clue about what to do, instead of a stack trace.
✨ Default zone template can be set site-wide (#973). Long-standing request.
✨ Zone owners can read the audit log for their own zones (#1136).
✨ New
zone_ownership_modesetting (users_only,groups_only,both).display_hostname_onlyis now a per-user preference (#1181).🌍 Eight new locales: Serbian, Hungarian, Slovak, Romanian, Croatian, Latvian, Estonian, Finnish.
🔒 OIDC honours
HTTPS_PROXY/http_proxyfor endpoint discovery (refs #1188).Schema migration script:
sql/poweradmin-{mysql,pgsql,sqlite}-update-to-4.4.0.sql. Run it before upgrading.
Planned for the end of this month, once the migration story and the API-mode fixes settle down.
🙏 Thanks
A lot of what shipped in these releases came from people taking the time to file bugs, write reproducers, and follow up on threads. Thanks to:
@michielvisser, @NTS15576, @lovilak, @Verestchagin, @Hardi100, @pgo-nu, @Eidener, @hwaastad, @aurel8812, @IroHaturo, @insxa, @danfratamico, @Ekkisleif, @wxtewx, @akops76, and @AndreasPrang for the README screenshot fix.
And a separate thanks to everyone who’s donated. The amounts vary but the signal is the same: people use this and want it to stick around. It’s a real motivator on the weeks where the issue queue is long and the day job is busy. Genuinely - thank you.
🐳 Docker tags
How the image tags map to branches:
stable→release/4.2.xnext→release/4.3.xlatest→master(4.4.0 in flight - expect churn)lts→release/3.xdev→develop
Version-pinned tags (v4.2.3, v4.3.2, ...) are published too if you’d rather pin. Images go to both Docker Hub (poweradmin/poweradmin) and GHCR (ghcr.io/poweradmin/poweradmin).
Bug reports and feedback land on GitHub, as always.