Changelog

Below you can see the 5 most recent changes to Uberspace 7. For older changes, please refer to the Changelog Archive.

Note

Sometimes the version shown on your host may be higher than the newest version here. In this case we might have applied additional fixes shortly after a release or did internal changes without user impact. We deem updates like these hotfixes and they are not necessarily included in this changelog.


[7.7.9] - 2020-10-14

Fixed

  • Apache workers are now restarted after a number of requests to ensure the web sever’s RAM usage does not grow unreasonably fast. This increases stability overall.

Internal

  • PHP errors for accounts were logged globally by accident. They are now never logged globally. But still user-local, if the user enables them.

[7.7.8] - 2020-09-29

Added

  • deno JavaScript/TypeScript runtime
  • nagios-plugins-http
  • rclone
  • re-added support for Sieve. We had to remove it shortly after the rollout in v7.7.7 because it was incompatible with mailboxes that contain a dot, e.g. isabell.hacker@something.org. This is now fixed. Documentation and an announcement will follow.

Fixed

  • When we do not know a domain, we display a helpful “sorry, unknown domain. here is how you add it” page. This page doesn’t have a valid certificate, but HTTPS was still enforced. The page can now also be opened using HTTP.
  • MX records can be in any case, i.e. 10 TUTTLe.uberspace.DE is now considered valid.
  • The default “there is no content” page is no longer shown, if there is a index.php providing content. In the past the index.html added by us was considered more important by httpd. We now add a nocontent.html, which is always queried last.

Changed

  • ruby 2.4 users have been migrated to version 2.7.
  • nodejs 13 users have been migrated to version 14.
  • The 500 Internal Server Error page now shows information on how to disable it.
  • Updated HTTPS ciphers and settings to match current mozilla recommendations.

Internal

  • Removed an unused 3rd-party YUM repo
  • We continued to restructure our repository to split it up into smaller modules in the future. This will enable us to make quicker releases in the future.

[7.7.7] - 2020-09-16

Added

  • support for Sieve, documentation and announcement will follow.
  • rrdtool

Fixed

  • Modification time of files in ~/etc/certificates now reflects the time the certificate was generated, instead of the current time +/- 1 minute, which was a bit useless.
  • The number of simultaneous SMTP connections is now limited, closing an easy but harmless DoS vector. Additionally, we added more SMTP connection slots.

Changed

  • New accounts now come with an index.html explaining how to upload content, replacing the 403 Forbidden page that was shown in the past.
  • Web Backends now serve their content at both /etherpad and /etherpad/, partly reverting the change made in 7.7.6 because of incompatibility with web socket libraries.
  • Web Backends can now report a custom Server: HTTP response header, which is passed to the client. By default, the server responds Server: nginx like before.
  • supervisord is now version 4.2.1

Internal

  • In the past we used two mechanisms to deploy the primary TLS certificate: prepared (put in a bought one) and self-signed (generate one on demand). The former was used for production, the latter for our automatic tests. This caused the production code path only being tested in… production, which is bad. We changed this to always use “prepared” and removed all of the “self- signed” code.
  • We removed the java installation that was active before 7.7.0
  • General cleanup in our repository removing a total of 800 lines of dead code.

[7.7.6] - 2020-09-07

Added

  • libgdiplus
  • libacl

Fixed

  • uberspace web header set now correctly processes entries with special characters.
  • Web Backends now no longer match /etherpad_test for a backend that was set on /etherpad. Additionally, requests to /etherpad are redirected to /etherpad/.

Changed

  • Node.js version 13 is now deprecated
  • HTTP status 500 responses are now replaced with a custom error page showing instructions how to resolve the error. This can be disabled using the new uberspace web errorpage command.

Internal

  • We started to restructure our repository to split it up into smaller modules in the future. This will enable us to make quicker releases in the future.
  • MySQL backups are now dumped at a random time each night, taking load off our storage system by distributing the resulting peaks better.
  • The NFS mount /backup is now monitored via icinga2, helping us to fix it faster when it hangs.
  • We use a simple watchdog to restart httpd/nginx automatically in case they do no longer respond to requests. Its checking turned out to be too aggressive, resulting in a restart loop in rare cases. We now wait for the server to recover before attempting another check/restart.

[7.7.5] - 2020-08-31

Added

  • weechat - an IRC client
  • yarn - a package manage for nodejs
  • protobuf - headers and libraries used to comple applications that make use of Google’s Protocol Buffers
  • js-devel - development headers for the installed js javascript engine
  • tcsh - a shell compatible with the C shell
  • Cyrillic font support for TeX Live

Changed

Internal

  • We prepared our internal U7 repository to play around with AWX, a platform to execute ansible-playbooks reliably. We currently use gitlab-ci to run them.
  • We re-enabled node_exporter to generate fancy graphs and metics, which we intend to share publicly in the future. At the moment we’re using icinga2 to collect metrics.
  • We deleted old, dead code that was blocking common ports like 6100 so users cannot use them. This is no longer a concern, as every user has their own network namespace now.
  • Files created by ansible in /root/.ansible/tmp are now cleaned up regularly. This should speed up the backup process, as there were quite many of them.