Beta Information

2018-02-07 (5.01-4)

Beta release of 5.01 which fixes outstanding bugs and adds checksums for each file in a drop-off (provided the drop-off is smaller than a maximum size so it doesn't take too long to calculate the checksums). The email sent back to the sender when a recipient first picks up a drop-off now includes full information about the drop-off, so the sender has a copy of the checksums and other details.

The installer no longer rebuilds PHP except on Ubuntu 14 and earlier (and possibly Debian). On other systems it installs PHP 7 which does not need patching. To migrate an existing installation over to the new PHP, simply download the installer and run stage 2, the "install PHP" part, then stage 5 "configure apache and php" to ensure your php.ini is configured correctly.

The latest betas I believe to be stable are:

However, I strongly advise you to use the beta installer on a fresh system.

2017-05-27 (4.28-1)

Version 4.28-1 has been released as a full production release. There is only currently a new beta version of the Installer available. The beta installer will install 4.28-1, but can now do so on Debian 8 systems as well.

There is a new beta installer available which now works on Debian 8 as well as CentOS, RedHat and Ubuntu. It will install the latest beta release of ZendTo, instead of using the yum/apt repositories. This installer is used the same way as the main one, which is documented below.

Before using the betas, read the latest Change Log to see what has changed. If you are just upgrading your existing rpm/deb installation, I strongly advise you use /opt/zendto/bin/upgrade_preferences_php to upgrade your /opt/zendto/config/preferences.php file.

If upgrading from 4.20 or below, please do read the section of preferences.php about sending e-mail (look for the word "SMTP" in that file). By default it will continue to use an existing sendmail/Postfix setup, but can be easily configured to talk directly to your SMTP server instead. This brings the advantage of pretty HTML email messages if you want them, along with things like TLS encryption and SMTP authentication.

Also make sure you set the value for 'serverRoot' in preferences.php. Without this, it cannot send reminder emails with correct links in them. If you do not adjust this value, it will attempt to guess the correct value.

The latest betas I believe to be stable are:

About the Installer

Instead of the old VM images, I have written an installer which will automate (almost!) the entire process is installing ZendTo on to a blank server installation.

It talks to you along the way, asks if you want to do each of the 8 steps, and asks you to confirm the odd question or two. It pauses quite a bit so you can see what it's doing, giving you the chance to stop it temporarily (Ctrl-S) to read what it's done before you continue (Ctrl-Q).

It is also modular, so you can run each of the 8 parts alone; you may want to do this when, for example, there is an update to PHP5 and you want to just rebuild PHP with "big uploads" support.

The parts are:

  1. Install web server and development tools.
  2. Rebuild PHP from source, including support for uploads >4GB.
  3. Install and configure virus scanner, including SELinux support for it.
  4. Configure firewall holes for ssh, http and https.
  5. Configure web server and PHP.
  6. Install ZendTo itself and configure email sending & usage stats graphing.
  7. Configure SELinux on CentOS and RedHat 5, 6 & 7.

I have tested the installer on:

  • CentOS 5, 6, 7
  • RedHat Enterprise Linux 5, 6, 7
  • Ubuntu Server 14, 16
  • Debian 8

There are 2 things the installer does not currently do:

  • Generate a production-ready SSL certificate for the website. It does create the SSL website, but only with a self-signed certificate. You might want to look at as a very good (fully automatic) way of getting free SSL certificates.
  • Configure MySQL, as new installations will not need it anyway.

Other New Features

The other main new features of interest are:

  • Fixed all known vulnerabilities.
  • Written automatic upgrader for preferences.php file, described below at the end of the 'How To Get It' section.
  • Added new setting 'warnDaysBeforeDeletion'. If set, when no one has picked up a drop-off, the recipients will be reminded daily for the last few days before the drop-off expires.
  • Added support for Google's new (beta) Invisible reCaptcha. Switching to this reCaptcha means that most of the time, your users will never see a CAPTCHA at all. Instructions on where to sign up are in preferences.php.
  • Added a new "How Secure is ZendTo" page, which you will want to customise for your site. This is linked from the main menu, the template is in templates/security.tpl.
  • 'SQLite3' is now the default database type. It requires no configuration and works on everything except CentOS/RedHat 5.
  • Moved all writable directories such as cache & templates_c to /var/zendto, so /opt/zendto is now entirely read-only to the web server.
  • Drastically reduced the changes made by installation of the Ubuntu/Debian .deb package. Almost all of it has been moved to the new installer.

How To Get It

You can download the new installer now. Then just unpack it and run it as root with

tar xzf install-beta.ZendTo.tgz
cd install.ZendTo

If you look inside its Ubuntu-Debian or CentOS-RedHat directories, you will see the 8 stages. The main will ask you whether you want to run each stage and will walk you through what it is doing. Feel free to pause (Ctrl-S) or stop it (Ctrl-C) at any time; if you stop it you can just re-run it. Each of the 8 stages can be run independently at any time by just running that particular stage number's script.

There is 1 command-line option that can be used on either or any its stages: "--defaults" tells the installer to just use the default values it suggests, and not to pause long at any point. It will run entirely unattended.

After you have installed the package (or just updated to the new rpm/deb/tgz package), you will find the new upgrader for preferences.php in /opt/zendto/bin/upgrade_preferences_php. Run it on its own (after installing/upgrading to the new version) and it will show you how to use it. It will automatically copy all your old preferences.php settings into a new file, while keeping your comments, extra "define"s you may have added, and such like.

The rpm, deb and tgz Files

For those who are not installing on a new system, but just want to upgrade their existing ZendTo to the new code, the package files are all available here:

The file at will tell you the latest beta version number.

Tell Me What You Think

Please do tell me what you think of this upgrade, and in particular the new installer. Please report all bugs, issues, suggestions and so on.

The mailing list would be the best place, so we can all discuss them, but otherwise you can of course email me too.