Changelog

Below you can see the 5 most recent changes to Uberspace 7. For older changes, please refer to the Changelog Archive.

Note

Sometimes the version shown on your host may be higher than the newest version here. In this case we might have applied additional fixes shortly after a release or did internal changes without user impact. We deem updates like these hotfixes and they are not necessarily included in this changelog.

[7.7.10] - 2020-11-17

Added

  • mg: a tiny Emacs-like editor
  • numactl command to please MongoDB
  • modern TLS settings for POP3/IMAP/SMTP-SUBMIT (reverted because they block connections from thunderbird)
  • opus, opus-tools, and opus-devel
  • many fonts to support non-western scripts

Fixed

  • MariaDB backups now includestored routines
  • table_definition_cache is now 20000 to meet friendica’s requirements
  • The SMTP connection limit introduced in v7.7.7 now actually works.
  • $user.uber.space is now correctly displayed in uberspace mail domain list
  • uberspace * domain list output is now sorted

Internal

  • Log rotation is now randomized to happen between 4 and 5 am. The time is constant for each host, so they are always rotated at the same time for a given host. This reduces the IO load on our storage and therefore improves performance and reliabilty at night.
  • Prometheus’ node_exporter can now be monitored by our icinga2 setup, leading to more complete graphs for us and better performance for you.
  • Sometimes our internal CI amassed a lot of temporary DNS records, which exceeded the quota of our DNS provider, griding our CI and development to a halt. The records are now purged reguarly.

[7.7.9] - 2020-10-14

Fixed

  • Apache workers are now restarted after a number of requests to ensure the web sever’s RAM usage does not grow unreasonably fast. This increases stability overall.

Internal

  • PHP errors for accounts were logged globally by accident. They are now never logged globally. But still user-local, if the user enables them.

[7.7.8] - 2020-09-29

Added

  • deno JavaScript/TypeScript runtime
  • nagios-plugins-http
  • rclone
  • re-added support for Sieve. We had to remove it shortly after the rollout in v7.7.7 because it was incompatible with mailboxes that contain a dot, e.g. isabell.hacker@something.org. This is now fixed. Documentation and an announcement will follow.

Fixed

  • When we do not know a domain, we display a helpful “sorry, unknown domain. here is how you add it” page. This page doesn’t have a valid certificate, but HTTPS was still enforced. The page can now also be opened using HTTP.
  • MX records can be in any case, i.e. 10 TUTTLe.uberspace.DE is now considered valid.
  • The default “there is no content” page is no longer shown, if there is a index.php providing content. In the past the index.html added by us was considered more important by httpd. We now add a nocontent.html, which is always queried last.

Changed

  • ruby 2.4 users have been migrated to version 2.7.
  • nodejs 13 users have been migrated to version 14.
  • The 500 Internal Server Error page now shows information on how to disable it.
  • Updated HTTPS ciphers and settings to match current mozilla recommendations.

Internal

  • Removed an unused 3rd-party YUM repo
  • We continued to restructure our repository to split it up into smaller modules in the future. This will enable us to make quicker releases in the future.

[7.7.7] - 2020-09-16

Added

  • support for Sieve, documentation and announcement will follow.
  • rrdtool

Fixed

  • Modification time of files in ~/etc/certificates now reflects the time the certificate was generated, instead of the current time +/- 1 minute, which was a bit useless.
  • The number of simultaneous SMTP connections is now limited, closing an easy but harmless DoS vector. Additionally, we added more SMTP connection slots.

Changed

  • New accounts now come with an index.html explaining how to upload content, replacing the 403 Forbidden page that was shown in the past.
  • Web Backends now serve their content at both /etherpad and /etherpad/, partly reverting the change made in 7.7.6 because of incompatibility with web socket libraries.
  • Web Backends can now report a custom Server: HTTP response header, which is passed to the client. By default, the server responds Server: nginx like before.
  • supervisord is now version 4.2.1

Internal

  • In the past we used two mechanisms to deploy the primary TLS certificate: prepared (put in a bought one) and self-signed (generate one on demand). The former was used for production, the latter for our automatic tests. This caused the production code path only being tested in… production, which is bad. We changed this to always use “prepared” and removed all of the “self- signed” code.
  • We removed the java installation that was active before 7.7.0
  • General cleanup in our repository removing a total of 800 lines of dead code.

[7.7.6] - 2020-09-07

Added

  • libgdiplus
  • libacl

Fixed

  • uberspace web header set now correctly processes entries with special characters.
  • Web Backends now no longer match /etherpad_test for a backend that was set on /etherpad. Additionally, requests to /etherpad are redirected to /etherpad/.

Changed

  • Node.js version 13 is now deprecated
  • HTTP status 500 responses are now replaced with a custom error page showing instructions how to resolve the error. This can be disabled using the new uberspace web errorpage command.

Internal

  • We started to restructure our repository to split it up into smaller modules in the future. This will enable us to make quicker releases in the future.
  • MySQL backups are now dumped at a random time each night, taking load off our storage system by distributing the resulting peaks better.
  • The NFS mount /backup is now monitored via icinga2, helping us to fix it faster when it hangs.
  • We use a simple watchdog to restart httpd/nginx automatically in case they do no longer respond to requests. Its checking turned out to be too aggressive, resulting in a restart loop in rare cases. We now wait for the server to recover before attempting another check/restart.