Changelog

Below you can see the 5 most recent changes to Uberspace 7. For older changes, please refer to the Changelog Archive.

Note

Sometimes the version shown on your host may be higher than the newest version here. In this case we might have applied additional fixes shortly after a release or did internal changes without user impact. We deem updates like these hotfixes and they are not necessarily included in this changelog.


[7.7.7] - 2020-09-16

Added

  • support for Sieve, documentation and announcement will follow.
  • rrdtool

Fixed

  • Modification time of files in ~/etc/certificates now reflects the time the certificate was generated, instead of the current time +/- 1 minute, which was a bit useless.
  • The number of simultaneous SMTP connections is now limited, closing an easy but harmless DoS vector. Additionally, we added more SMTP connection slots.

Changed

  • New accounts now come with an index.html explaining how to upload content, replacing the 403 Forbidden page that was shown in the past.
  • Web Backends now serve their content at both /etherpad and /etherpad/, partly reverting the change made in 7.7.6 because of incompatibility with web socket libraries.
  • Web Backends can now report a custom Server: HTTP response header, which is passed to the client. By default, the server responds Server: nginx like before.
  • supervisord is now version 4.2.1

Internal

  • In the past we used two mechanisms to deploy the primary TLS certificate: prepared (put in a bought one) and self-signed (generate one on demand). The former was used for production, the latter for our automatic tests. This caused the production code path only being tested in… production, which is bad. We changed this to always use “prepared” and removed all of the “self- signed” code.
  • We removed the java installation that was active before 7.7.0
  • General cleanup in our repository removing a total of 800 lines of dead code.

[7.7.6] - 2020-09-07

Added

  • libgdiplus
  • libacl

Fixed

  • uberspace web header set now correctly processes entries with special characters.
  • Web Backends now no longer match /etherpad_test for a backend that was set on /etherpad. Additionally, requests to /etherpad are redirected to /etherpad/.

Changed

  • Node.js version 13 is now deprecated
  • HTTP status 500 responses are now replaced with a custom error page showing instructions how to resolve the error. This can be disabled using the new uberspace web errorpage command.

Internal

  • We started to restructure our repository to split it up into smaller modules in the future. This will enable us to make quicker releases in the future.
  • MySQL backups are now dumped at a random time each night, taking load off our storage system by distributing the resulting peaks better.
  • The NFS mount /backup is now monitored via icinga2, helping us to fix it faster when it hangs.
  • We use a simple watchdog to restart httpd/nginx automatically in case they do no longer respond to requests. Its checking turned out to be too aggressive, resulting in a restart loop in rare cases. We now wait for the server to recover before attempting another check/restart.

[7.7.5] - 2020-08-31

Added

  • weechat - an IRC client
  • yarn - a package manage for nodejs
  • protobuf - headers and libraries used to comple applications that make use of Google’s Protocol Buffers
  • js-devel - development headers for the installed js javascript engine
  • tcsh - a shell compatible with the C shell
  • Cyrillic font support for TeX Live

Changed

Internal

  • We prepared our internal U7 repository to play around with AWX, a platform to execute ansible-playbooks reliably. We currently use gitlab-ci to run them.
  • We re-enabled node_exporter to generate fancy graphs and metics, which we intend to share publicly in the future. At the moment we’re using icinga2 to collect metrics.
  • We deleted old, dead code that was blocking common ports like 6100 so users cannot use them. This is no longer a concern, as every user has their own network namespace now.
  • Files created by ansible in /root/.ansible/tmp are now cleaned up regularly. This should speed up the backup process, as there were quite many of them.

[7.7.4] - 2020-08-17

Added

  • We included the official RPM repository for the Mercurial SCM. So hg now comes in version 5.4.2 (was 2.6.2).
  • Erlang version 23.
  • We provide devtoolset-9 (enabled by default). Resulting in more recent versions of development tooling (e.g. gcc in version 9.3).

Changed

  • Incoming connections directed to a user’s port will no longer be masqueraded, meaning users processes can now acces the public client IP.
  • We set underscores_in_headers on in our Nginx configuration, so that headers containing underscores are no longer discarded.
  • The configuration prefix for Node.js is no longer hardcoded to /home/$USER, but mearly defaults to it. This means users can now use the NPM_CONFIG_PREFIX environment variable, to set their own prefix.

Fixed

  • We made the part of our uberspace command that parses user settings from YAML files more resistant, so it should no longer bail over corrupted files.

[7.7.3] - 2020-08-10

Added

  • Nginx serves favicons and SVGs compressed (image/x-icon, image/svg+xml).

Changed

  • We decreased our global Rspamd reject score to 10 (down from 15). This means, that we reject mails percieved as spam sooner.
  • When adding new mail domains with uberspace mail domain , we now first ask the DNS resolver for the MX records, and only fall back to our old behaviour (i.e. querying the responsible nameservers directly), when this fails (meaning the record does not point to the host). This allows for edge cases, like when a person is using the NSEntry service of DENIC where the TLD nameservers directly hands out all records.
  • Error pages generated by the Apache webserver now display <username>@uber.space instead of hallo@uberspace.de as a means of contact. Users of users kept asking our support about issues we cannot resolve for them, because they aren’t our customers. The new mail address directs them to the right person.

Internal

  • We added a script to clean up DNS records created during our internal testing process. This will lead to more time spend building features and less time debugging the DNS.
  • Configuration for the Apache webserver is now generated for all users before the server starts, instead of on account creation. This way we can easily change the configuration file in the future. Other services already use this scheme.