Below you can see the 5 most recent changes to Uberspace 7. For older changes, please refer to the Changelog Archive.
Sometimes the version shown on your host may be higher than the newest version here. In this case we might have applied additional fixes shortly after a release or did internal changes without user impact. We deem updates like these hotfixes and they are not necessarily included in this changelog.
[7.11.1] - 2021-05-03¶
- Node.js v16.
We changed the format of the user access log (again) and added the port after the host. Now the format should be compatible with
NCSA with VHOSTparsers, e.g. GoAccess. E.g.:
isabell.uber.space:443 10.132.0.0 - - [28/Apr/2021:16:10:23 +0000] "GET /hello/world.php HTTP/1.1" 200 42 "-" "HTTPie/0.9.4"
When adding mail domains, we priviously only accept domains, whose MX record points to the FQDN of the host. Now we also accept domains whose
MXrecord points to a domain, whose
Arecord resolves to the host.
- Our new Dovecot does not play well with qmail (qmail masks
SIGCHLD, Dovecot does not unmasks it). Until this is fixed upstream, we added a workaround.
- We added more fields to our internal access log.
[7.11.0] - 2021-04-20¶
- HEIC support for ImageMagick v6 (already installed for v7).
- Mod FastCGI for Lighttpd.
- WebP tooling via
- We now use the official RPM repo for Dovecot, jumping to version
- We now use TLS v1.2 as minimum version for connections to Dovecot.
- We switched the format of our web server logs from
$hostas first field). This changes the format of
--remove-prefixoption for web backends used for a path not ending in a slash, the prefix was not removed.
- Updated node exporter to
- We now log full HTTP client IP addresses for 24 hours for internal abuse and spam handling. Weekly and user logs still use anonymized IPs only.
[7.10.0] - 2021-03-04¶
- updated Java to 15
- each users CPU usage is now limited to 6 cores, improving stability.
- HEIC support for ImageMagick 6, and by extension PHP
- recommended SPF record is now
include:spf.uberspace.deso we can reoute mails more easily. The current records prevents us from relaying mails through another server temporarily.
- to be consistent with our advice to use
.uber.spacedomains for mail,
user.host.uberspace.deis now no longer part of
mail domain list.
uberspace mail domain addnow explains that the trailing dot in MX records is correct, but not necessary or possible to enter in many DNS interfaces.
FORGED_RECIPIENTStest now adds fewer points to the spam score to counter many reported false-positive.
- RAM limits for users were not applying consistently, leading to outages in the recent past. We now apply the limits ourselves instead of relying on systemd, increasing stability in the future.
- Sometimes systemd failed to reload nginx, leading to new domains not being
available. We now use the nginx tooling directly instead of relying on
$MAINPIDvariable, hopefully fixing this.
- MySQLs temporary files are now written to SSDs on all hosts, increasing performance for big queries that don’t fit into RAM.
- there is a dummy
uberspace-letsencrypt-renewscript, which does nothing. Many U6 users leave their let’s encrypt cronjob in place, even though U7 does not need one. The resulting cron error mails confuse users, which increases our support volume. The dummy script automates those cases.
- we rewrote the playbook, which updates MariaDB, enabling updates to 10.4 and 10.5 in the future.
- some hosts have additional SSD devices for yum, rpm and the systemd journal. Since we are moving all hosts to SSDs, these are not necessary anymore. We wrote a playbook to remove them in the future, making all hosts consistent again.
- we now detect and automatically ban more mining tools.
- MySQL backups now only happen for databases, which changed since the last backup. This reduces the system load at night and further increases storage performance and stability.
[7.9.0] - 2021-01-25¶
- PHP 8.0
- Ruby 3.0
- InfluxDB and
- .NET 5.0
- legacy URLs like
webmail.host.uberspace.deredirect to their global counterparts (e.g. https://webmail.uberspace.de)
- removed PHP 7.2
- removed .NET 2.0 and 2.2
- httpd is now allowed to read files with
user_home_tSELinux labels. This fixes usability issues because of files removed from home. It also enables CGI scripts to access libraries installied in
$HOME/.localand similar. There is still no official support for CGI, though.
- tmux sessions no longer break after some time. We mistakenly removed them from
/tmpautomatically and now leave them be.
- MySQL backups sometimes (1 or 3 databases in total on _all_ hosts) fail, so we now retry them once. This increases the reliability of the provided backups and silences our monitoring.
- Sieve configuration files no longer show up as folders in mail clients.
- We migrated additional hosts to SSD storage.
- Add a test for redis.
- Add monitoring check for failed user services. This way we will notice, if your supervisord or php-fpm fail.
- Add monitoring check for individual MySQL backups. Monitoring for the backup process as a whole was already present.
[7.8.1] - 2020-12-22¶
- Increased the Rspamd reject score to
- Reduced the Rspamd score for
- We limit the Spam Assassin rules we use with Rspamd to ZMI.
- Deprecated PHP
7.2. It will be removed early next year.
- We added a connection timeout on port 587 (hard capped at two hours, or one hour for idle connections). Our SMTP submit queue suffered from lingering connections, we hope this helps to mitigate it.
- The output of
uberspace mail domain addnow ends domain names with a dot (
.). We hope this helps avoiding situations, where it could otherwise be interpreted as relative to an origin (this mostly effects c/p to bind configurations, but also some web based GUIs).
- We migrated a lot of hosts to SSD storage.
- fstrim now runs about weekly on the hosts. Concrete times are distributed randomly, to minimize the impact on the cluster.
- While creating SQL backup dumps, we now log and monitor MariaDB errors.
- We moved the Rspamd logs out of the journal (for now). This allows us to have a longer retention policy for those, while still keeping them pretty verbose. We will fine tune our Spam filtering over the next releases, so this might come in handy.