Beta Information

2019-01-31 (5.17-5)

The Installer now supports FreeBSD 11 and 12. I have greatly improved the "upgrade" tool so that it is more intelligent about finding ZendTo versions on systems that aren't using package management (not rpm or deb packages, anyway). This should allow it to work with the ZendTo tarball (tgz) distribution, and still manage to find your old, new and template preferences.php and zendto.conf files. It also now has a couple of command-line options, run "upgrade --help" for details.

Notable new feature is a simple "upgrade" tool in /opt/zendto/bin which will sort out both your preferences.php and zendto.conf files. It takes no parameters, it just does the job. It keeps all your old and supplied versions in an "old" directory it creates under /opt/zendto/config.

There are a whole pile of bug-fixes and minor improvements.

Improved error checking in "extractdropoff". Greatly reduced memory requirements and improved speed of encryption/decryption.

Many minor improvements and bug fixes, plus a new "extractdropoff" command- line tool to extract the files (including decryption if needed) from a drop-off to the current directory.

The user can now choose, and change, their language on-the-fly while using ZendTo. The Google reCAPTCHA language will follow their choice. You can now choose to hide the fact that ZendTo is written in PHP by removing all ".php" occurrences from the user interface with the "hidePHP" setting.

By changing 'skipSenderInfo' to TRUE and by using the improvements in the UI in this beta, the "new drop-off" process is now a lot faster and simpler.

The information shown about a new drop-off is improved, with a "copy link to clipboard" button to copy the direct pick-up URL to the clipboard. Many other layout improvements.

If a user is logged in, the new-dropoff form immediately asks for the first recipients instead of waiting for the user to find the "+" button.

The buttons in the "add recipient" box in the new-dropoff form have been improved to make it easier for novice users who do not know how to close a dialog by clicking on the X icon or pressing Esc.

The installer no longer rebuilds PHP. On all supported systems it installs at least PHP 7.1 which does not need patching. To migrate an existing installation over to the new PHP, simply download the installer and run stage 2, the "install PHP" part, then stage 5 "configure apache and php" to ensure your php.ini is configured correctly.

The latest betas I believe to be stable are:

However, I strongly advise you to use the beta installer on a fresh system.

The file at will tell you the latest beta version number.

About the Installer

Instead of the old VM images, I have written an installer which will automate (almost!) the entire process is installing ZendTo on to a blank server installation.

It talks to you along the way, asks if you want to do each of the 8 steps, and asks you to confirm the odd question or two. It pauses quite a bit so you can see what it's doing, giving you the chance to stop it temporarily (Ctrl-S) to read what it's done before you continue (Ctrl-Q).

It is also modular, so you can run each of the 8 parts alone; you may want to do this when, for example, there is an update to PHP5 and you want to just rebuild PHP with "big uploads" support.

The parts are:

  1. Install web server and development tools.
  2. Rebuild PHP from source, including support for uploads >4GB.
  3. Install and configure virus scanner, including SELinux support for it.
  4. Configure firewall holes for ssh, http and https.
  5. Configure web server and PHP.
  6. Install ZendTo itself and configure email sending & usage stats graphing.
  7. Configure SELinux on CentOS and RedHat 5, 6 & 7.

I have tested the installer on:

  • CentOS 6, 7
  • RedHat Enterprise Linux 6, 7
  • Ubuntu Server 14, 16, 18
  • Debian 8, 9
  • SUSE Enterprise Linux Server 16
  • openSUSE Leap 15

There are 2 things the installer does not currently do:

  • Generate a production-ready SSL certificate for the website. It does create the SSL website, but only with a self-signed certificate. You might want to look at as a very good (fully automatic) way of getting free SSL certificates.
  • Configure MySQL, as new installations will not need it anyway.

Other New Features

The other main new features of interest are:

  • Fixed all known vulnerabilities.
  • Written automatic upgrader for preferences.php file, described below at the end of the 'How To Get It' section.
  • Added new setting 'warnDaysBeforeDeletion'. If set, when no one has picked up a drop-off, the recipients will be reminded daily for the last few days before the drop-off expires.
  • Added support for Google's new (beta) Invisible reCaptcha. Switching to this reCaptcha means that most of the time, your users will never see a CAPTCHA at all. Instructions on where to sign up are in preferences.php.
  • Added a new "How Secure is ZendTo" page, which you will want to customise for your site. This is linked from the main menu, the template is in templates/security.tpl.
  • 'SQLite3' is now the default database type. It requires no configuration and works on everything except CentOS/RedHat 5.
  • Moved all writable directories such as cache & templates_c to /var/zendto, so /opt/zendto is now entirely read-only to the web server.
  • Drastically reduced the changes made by installation of the Ubuntu/Debian .deb package. Almost all of it has been moved to the new installer.

How To Get It

You can download the new installer now. Then just unpack it and run it as root with

tar xzf install-beta.ZendTo.tgz
cd install.ZendTo

If you look inside its Ubuntu-Debian or CentOS-RedHat directories, you will see the 8 stages. The main will ask you whether you want to run each stage and will walk you through what it is doing. Feel free to pause (Ctrl-S) or stop it (Ctrl-C) at any time; if you stop it you can just re-run it. Each of the 8 stages can be run independently at any time by just running that particular stage number's script.

There is 1 command-line option that can be used on either or any its stages: "--defaults" tells the installer to just use the default values it suggests, and not to pause long at any point. It will run entirely unattended.

After you have installed the package (or just updated to the new rpm/deb/tgz package), you will find the new upgrader for preferences.php and zendto.conf in /opt/zendto/bin/upgrade. Just run it. It will automatically copy all your old preferences.php and zendto.conf settings into the new files, while keeping your comments, extra "define"s you may have added, and such like. It keeps copies of all your previous ones in an "old" sub-directory.

Tell Me What You Think

Please do tell me what you think of this upgrade, and in particular the new installer. Please report all bugs, issues, suggestions and so on.

The mailing list would be the best place, so we can all discuss them, but otherwise you can of course email me too.