Changelog¶

Below you can see the 5 most recent changes to Uberspace 7. For older changes, please refer to the Changelog Archive.

Note

Sometimes the version shown on your host may be higher than the newest version here. In this case we might have applied additional fixes shortly after a release or did internal changes without user impact. We deem updates like these hotfixes and they are not necessarily included in this changelog.

[7.11.5] - 2021-10-13¶

Added¶

Added fzf.
Added fd.
Added XeTeX.
The pear binary for PHP is now exposed, based on your selected version.

Changed¶

We now expose envelope recipient and sender to Sieve.
We now grant you direct access to your PHP FPM socket at /run/php-fpm-{username}.sock (e.g. so you can use it from your own proxy).
We now link your userfacts (i.e. your asteroid specific settings) to ~/etc/userfacts for easier access.
We now link your Nginx configuration to /readonly/<username>/nginx.conf for easier access.
We now link your Apache httpd configuration to /readonly/<username>/httpd.conf for easier access.
We now show you the path to the affected log file, when you use uberspace web log ....
The info page for disabled accounts now shows a link to the dashboard.
The info page shown for unknown domains (shown when you point a domain to the host, but you missed setting it with uberspace web domain add ...), now mentions the hostname.
We now also show the page for an unknown domain, when a non empty path is requested (before this would result in a 404).

Removed¶

We removed NodeJS 10 (in was already deprecated in the last release).

Fixed¶

In 7.11.4 we added our self compiled Python 3.9 to the $CPATH. The way we handled it added the current directory (i.e. .) too, when $CPATH was empty. That could lead to all kinds of problems when compiling and is now fixed.

[7.11.4] - 2021-08-19¶

Added¶

We added a rate limit of 10 requests/sec for two common Wordpress paths: ~.*/wp-login.php and ~.*/xmlrpc.php. These are (for now) based on $server_name only. (This was already rolled out via hotfix some weeks ago)…
We now use a a stricter rate limit of 30 requests/min for these request. This is subject to ongoing tweaking and will probably be reduced further in the future (and based also on IP).
We now accept strict TLS connections for SMTP relaying on port 465.
Added Erlang OTP 24 (along with recent versions for 21, 22 and 23).
Elixir was updated too, for the OTP version mentioned above.
The npx binary for Node.js is now exposed, based on your selected version.
The php-config binary for PHP is now exposed, based on your selected version.

Changed¶

We now limit the number of recipients for SMTP relaying to 100.
We now actually limit the max size for mails to 25 MB. (This is stated in our community rules for a long time, but we had not yet enforced it on U7).
The uberspace mail domain list command now displays DNS INVALID next to unverified mail domains (along with the time of the last check). While the tool responsible for checking these runs around every 30 seconds, failed MX checks will be retried at most every 3 minutes.
We now rotate /var/log/wtmp daily (default was by size) and set the retention period to 7 days.
We now delete TLS certificates immediately after removal of domains / accounts (before they where “garbage collected” eventually).
We increased some Pigeonhole settings for Sieve: sieve_max_redirects (up to 20 form 4) and sieve_max_actions (up to 64 form 32).
nano is now the default editor set by shell profile via $EDITOR and $VISUAL.
/opt/nginx/conf/mime.types is now world-readable (i.e. you can include it in your own settings).

Removed¶

Removed Python 3.4 and 3.5.
Deprecated Node.js v10. Will be removed soon.

Fixed¶

PHP now uses a per-user session save path (/var/lib/php-sessions/{{account}}/) to allow garbage collection. Before this change, garbage collection failed because of missing permissions.
We added our self compiled Python 3.9 to the $CPATH via shell profile. So you no longer have to do that manually before installing compiled packages (e.g. uwsgi).

[7.11.3] - 2021-06-15¶

Added¶

Support for the editheader capability for Sieve.
PHP’s phpize to the $PATH.

Changed¶

Dovecot now ignores a size mismatch between the mail file on disk and the size given in its filename. This should prevent errors, occurring when something changes the mail after it was delivered (e.g. writing an extra header to it, like CRM114).

[7.11.1] - 2021-05-03¶

Added¶

Node.js v16.
inotify-tools

Changed¶

We changed the format of the user access log (again) and added the port after the host. Now the format should be compatible with VCOMBINED / NCSA with VHOST parsers, e.g. GoAccess. E.g.:
```
isabell.uber.space:443 10.132.0.0 - - [28/Apr/2021:16:10:23 +0000]
"GET /hello/world.php HTTP/1.1" 200 42 "-" "HTTPie/0.9.4"
```
When adding mail domains, we priviously only accept domains, whose MX record points to the FQDN of the host. Now we also accept domains whose MX record points to a domain, whose A record resolves to the host.

Fixed¶

Our new Dovecot does not play well with qmail (qmail masks SIGCHLD, Dovecot does not unmasks it). Until this is fixed upstream, we added a workaround.

Internal¶

We added more fields to our internal access log.

[7.11.0] - 2021-04-20¶

Added¶

HEIC support for ImageMagick v6 (already installed for v7).
Mod FastCGI for Lighttpd.
WebP tooling via libwebp-tools.

Updated¶

We now use the official RPM repo for Dovecot, jumping to version 2.3.14.

Changed¶

We now use TLS v1.2 as minimum version for connections to Dovecot.
We switched the format of our web server logs from COMBINED to VCOMBINED (i.e. added $host as first field). This changes the format of ~/logs/webserver/access_log.

Fixed¶

If --remove-prefix option for web backends used for a path not ending in a slash, the prefix was not removed.

Internal¶

Updated node exporter to v1.1.2.
We now log full HTTP client IP addresses for 24 hours for internal abuse and spam handling. Weekly and user logs still use anonymized IPs only.