Changelog Archive

This document contains all changes made to Uberspace 7.

[] - 2019-07-31


  • On some hosts, we were unable to create new accounts. This is now fixed. There was no user impact, as the affected accounts were relocated.

[] - 2019-07-22

Internal changes with our deployment system only.

[7.3.4] - 2019-07-22

This was mostly a maintainance release, containing internal CI releated things. But it also contains these…


  • We promise a log retention period of 7 days in our manual. For a while we only kept logs for 5 days though. This is now fixed.


  • We provide the Ada compiler gnat.


  • We include luarocks in PATH and also set the LUA_PATH / LUA_CPATH environment variables.

[7.3.3] - 2019-07-05

  • we now provide neovim and clang
  • enable HTTP/2 server push
  • add prime256v1 for nodejs, nodejs 8 doesn’t support secp384r1 yet, as do some others
  • disable RSPAMD_EMAILBL check
  • replace logrotate for user logs with custom script because logrotate doesn’t do what it should

[] - 2019-06-26

  • add support for TLS 1.3
  • regular expresion for user log rotation

[7.3.2] - 2019-06-25

  • avoid non-ASCII characters in uberspace command
  • certificates for domains are not present
  • very long domains crash nginx
  • disabling PHP error log also deletes backup copy of the log

[] - 2019-06-12

  • give users access to let’s encrypt certificates
  • newest PHP 7.3 segfaults when opcache is enabled, we downgraded to a working version for now

[7.3.0] - 2019-06-03

  • allow users to open a port in the firewall
  • add ~/go/bin to $PATH

[7.2.14] - 2019-05-27

7.2.12 and 7.2.13 had no user facing features, we changed and fixed lots of internal stuff.

  • provide calendar
  • provide imlib2, imlib2-devel
  • enable users to compile golang apps
  • Raise max_connect_errors in MariaDB to 10000
  • use mitogen for on-host ansible
  • remove RequestReadTimeout body=900 to (hopefully) finally fix the issues with big uploads
  • public suffix list gets updated now
  • maillimit crashed with user-set path
  • fixes a typo in “uberspace mail”
  • systemd reload caused deployment timeout

[7.2.11] - 2019-05-08

  • We now provide boost-devel
  • TLSv1.0/v1.1 is now disabled in webserver
  • rotate user webserver logs, enable users to delete them
  • We removed Ruby 2.3
  • login was slow when initial netns was created by cron
  • wrong MariaDB timezone

[7.2.10] - 2019-04-30

  • Ruby 2.6
  • We now allow *.<user> in webserver
  • changed oom score of SSH so users can login even when there is no memory left
  • deprecate NodeJS 6
  • websockets in .net projects now actually work
  • large uploads work again, we changed mod_requestTimeout from 20 to 900

[7.2.9] - 2019-04-08

  • introduce “deprecated” flag for tool versions
  • Deprecate Ruby 2.3
  • gather only minimal facts for uberspace commands to boost performance
  • enforce SQL passwords for users
  • We switched to in our PHP-FPM setup because open_basedir slows apps down considerably

[7.2.8] - 2019-04-02

  • We now provide libidn-devel, clojure and moreutils
  • Lots of behind the scenes work for network namespaces (fixed login failures for example)

[7.2.7] - 2019-03-25

  • reworked network namespaces to save lots of RAM
  • one character usernames crashed signup process
  • healtcheck tests bailed over deleted users

[7.2.5] - 2019-03-18

  • we now provide elixir
  • uberspace tools restart php now also restarts the socket in case PHP hangs and can’t be restarted by users.

[7.2.4] - 2019-03-06

  • We now provide Xvfb and readline-devel
  • lower OOM-Killer score for our own services like MariaDB to prevent restarts

[7.2.3] - 2019-02-13

  • PHP 7.3
  • deprecated PHP 5.6 & PHP 7.0, migrated all users to 7.1
  • lots of internal stuff: fixed not rebooting systems (waiting for …), fixed not booting systems (logind stuck), fixed stuck supervisord instances, fixed all the things!

[7.2] - 2019-02-01

  • web backends
  • every account now has its own isolated network stack

[7.2.2] - 2019-01-23

  • deprecate Node 9, we set version 10 for all affected users
  • update to Ruby Bundler 2
  • limit user runtime directories to 25MB
  • Fix PHP FPM open_basedir
  • increase the max values for semaphore parameters to prevent Apache outages
  • keep SQL dumps for 21 days as promised
  • a lot of cleanup and polish here and there (fix for MariaDB restarts, changed Supervisord PATH, …)

[7.1.19] - 2018-12-13

  • .NET Core is now available in Version 2.2
  • An internal API key was readable to local users. We fixed the permissions, reset the keys on all hosts and made sure that future hosts are setup correctly.

[7.1.17] - 2018-11-21

  • We now provide at and wkhtmltopdf
  • Undeliverable outgoing E-Mails now bounce after 1 day, instead of 10.
  • Removed SQL backups from quota.

[7.1.16] - 2018-11-07

  • We now allow users to set variables in their SSH session environment
  • The /mysql_backup/{current,old} directories are now user readable. Also backups now include the UNIX time in their timestamp.

[7.1.15] - 2018-10-15

  • We now provide the php ldap module
  • We updated MariaDB to version 10.3

[7.1.14] - 2018-10-11

  • We limit outgoing mails via SMTP to 500 per hour
  • We lowered the max age for files in /tmp from 10 days to 1 day
  • We no longer accept sub domains from other users for uberspace domain <web|mail> add

[7.1.13] - 2018-09-24

  • Poppler, a PDF rendering library.
  • luarocks, a package manager for the Lua programming language.
  • We provide mb2md so you can easily convert mbox files to Maildirs.
  • Update .net to 2.1
  • 🐟 We now provide the fish shell
  • New packages: lua-devel, tcl-devel, gnuplot, e2fsprogs-devel, expat-devel, jpegoptim, optipng

[7.1.12] - 2018-08-20

  • We now provide lame-devel, libmad-devel, libogg-devel, libsamplerate-devel, libvorbis-devel and taglib-devel

[7.1.11] - 2018-08-14

  • We now provide poppler and Node.js 10

[7.1.10] - 2018-07-25

  • SELinux is now enabled globally. In case you experience any unexpected “403 Forbidden” or “Permission denied” errors, please contact our support.
  • Backups are now available at /backup
  • We now provide mtop
  • We now provide cpanm and other basic perl tools
  • We now provide php-xmlrpc
  • We now provide dos2unix and unix2dos
  • We now provide librsync and librsync-devel
  • The local-part of mail addresses is now case-insenstive

[7.1.9] - 2018-06-06

  • We now provide gdbm-devel
  • We now provide libcurl-devel

[7.1.8] - 2018-06-01

  • We now provide the glances monitoring tool.
  • We now provide PHP-PEAR.
  • We now provide jq.
  • The path to binaries from PHP composer packages, which are globally installed by users, is now included in the PATH environment variable.

[7.1.7] - 2018-05-28

  • We now provide PHP-GNUPG 🔐
  • Reject mails to invalid recipients on valid domains early, instead of bouncing them.

[7.1.6] - 2018-05-22

  • we now provide joe.

[7.1.5] - 2018-05-15

  • We now provide fetchmail for your mail fetching pleasure.
  • We now provide goaccess.
  • Mailbox names now can start with a number.

[7.1.3] - 2018-04-13

  • We fixed a security issue allowing users to read the list of all mail domains setup on their host.
  • Bash completion scripts in /etc/bash_completion.d/ are now sourced for login shells. This includes wp and composer commands.

[7.1.2] - 2018-04-09

  • We now install composer to help you manage your PHP dependencies
  • We now install WP-CLI to manage Wordpress installations.
  • We now provide libpng-dev

[7.1.1] - 2018-03-19

  • To support users with file transfer related things, we now install lftp and ncftp by default.
  • dmesg output is now hidden for normal users, as it was on U6.
  • uberspace mail filter status is now working as documented

[7.1] - 2018-03-09

  • SPAM filtering for incoming mails: All incoming email is now spamchecked via rspamd. Mails with a spam score higher than 15 are rejected.
  • You can opt out of our new rspamd spamfilter with the uberspace mail spamfilter (enable|disable) command.
  • Webmail now works with mail addresses like
  • The webmail client now supports uploading attachments
  • We now support IMAP / POP3 / SMTP login with <user>
  • Parsing of requested versions is now more rigid, resulting in fewer crashes for invalid versions.
  • The output of “uberspace mail domain add” now includes a sample SPF record.

[7.0.34] - 2018-03-05

  • Because of a configuration error php-fpm logs were recorded to a non-user-accessible default location, even when the user did not turn them on. This has been resolved and all logs have been deleted.
  • Sometimes you want to assert ownership. We now provide the “whois”-tool, so you can do that.
  • We switched our MTA on port 25 to haraka, to enable spam filtering in the future.

[7.0.33] - 2018-02-21

  • PHP, nodejs and other languages can now be used in cronjobs, regardless of the exact PATH set there.

[7.0.32] - 2018-02-16

  • We now provide ImageMagick development headers as well as perl bindings.
  • We now provide libuuid development headers.
  • We now provide the irssi IRC client.
  • Maildrop can now be used in .qmail files without specifying the full path. This should have been fixed in 7.0.24, but we misread the systemd documentation, so here we go again.
  • The message shown on websites hosted on deactivated accounts is now correctly displayed in browsers.
  • ~/php.d is now loaded last, so it can override values set in the global php.ini. To load extensions like ioncube, which insist on being loaded first, use the newly introduced php.early.d.

[7.0.30] - 2018-02-09

  • If a domain is accepted by nginx, we now always provide a let’s encrypt certificate for it trough auto-ssl. We hope this will prevent the case, where sometimes a correctly added domain won’t get a certificate.
  • As promised in 7.0.24 the nginx config generation now happens way faster, resulting in quicker reboots und easier debugging.

[7.0.29] - 2018-02-02

  • In addition to the end-user sqlite we now also provide the matching development headers.

[7.0.28] - 2018-01-31

  • Not all apps need MySQL, so we also provide sqlite development headers for your smaller database needs.
  • we new provide getmail, mutt and gnutls-devel so you can get your mail, check your mail and compile crypto applications,
  • Uberspace mail domain add now emphasizes on the fact that you need to use the MX value provided by us.

[7.0.27] - 2018-01-25

  • Supervisord is now restated after 10 seconds in case it is killed or crashes.

[7.0.26] - 2018-01-24

  • The who/last/lastlog commands (and thus display of other user sessions) are now disabled.
  • We now support the following special characters in mailbox names: dots (.), plus signs (+), hyphens (-) and underscores (_).

[7.0.25] - 2018-01-22

  • We now provide ImageMagick commands like “convert” on the command line.
  • We now provide Ruby in user selectable versions: 2.3, 2.4 and 2.5.

[7.0.24] - 2018-01-16

  • All servers now come with pandoc (to convert document formats), tree (to view your directory structures in a pretty way), and imapsync (to transfer emails between IMAP accounts) installed.
  • We now provide development headers for the ncurses GUI library.
  • We now provide the “gmp” module for php.
  • For your network debugging needs, we now offer traceroute and mtr.
  • The $PATH of qmail is now extended by standard directories like /bin, so maildrop can be called without specifying its full path.
  • We now automatically restart php-fpm of your web services on updates or when new php modules are added.
  • Apache now uses the “event” multi processing module instead of the old “prefork”. This allows us to handle more requests in parallel.
  • The number of HTTP slots, which can be used by a single uberspace is now limited, so a single uberspace cannot overload our webservers.
  • After numerous attempts to install “git submodules” and various other git sub-commands, we now got it. finally. maybe.
  • On reboot, supervisord user services might be started before MySQL, causing some of them to fail. They are now only started, once MySQL is fully booted.
  • Generating the nginx config takes too long in some cases, causing a timeout and nginx to be permanently down. We increased the timeout. The faulty script will be optimized at a later date.

[7.0.23] - 2018-01-03

  • Under rare conditions some users did not get a let’s encrypt certificate for a small percentage of their requests. This has been corrected.

[7.0.22] - 2017-12-20

  • In preparation for a public status dashboard, our servers now have additional black box monitoring.
  • Popular default ports like 9001 are now blocked.
  • The maximum number of processes/threads is now 400 instead of 300, which allows weechat to be compiled using linuxbrew.
  • Usernames did have a minimal length of two. This is wrong. We changed it to one, so it matches Uberspace 6.
  • Because of an oversight, VMailMgr was never correctly set up for existing users users. This has been corrected.
  • The vMailMgr wrappers now support Unicode and the char–limits for password have been removed. A warning is displayed though, if non–ASCII chars are used.

[7.0.21] - 2017-12-19

  • We now provide mercurial.
  • You can use additional mailboxes.
  • In addition to $, you can now also receive mails for $MAILBOX@$
  • We now provide .NET.
  • When you log into an Uberspace 7 server, you are now presented with the current version as well as a couple of useful links.
  • We now support HTTPS connections form android phones running a version between 7.0 and 7.1.1.

[7.0.20] - 2017-12-08

  • We now support maildrop, which enables you to apply advanced filtering to incoming mails.
  • Common errors like configuring the permissions on your home directory to be too open are now detected and corrected silently. A notification mechanism will be added later.
  • Domains without explicit NS-Records were not able to receive emails. We now ask for SOA instead.
  • An erroneous systemd configuration caused the mail service to quit when it was reloaded during manual intervention. The configuration has been updated to state that the service does not support reloads.

[7.0.19] - 2017-11-30

  • We now provide the ImageMagick and GraphicsMagick library
  • We now provide the imagick pecl module in all PHP versions
  • We now provide PHP 7.2
  • Due to high demand pseudo DocumentRoots are back again
  • ~/bin directory
  • PHP_INI_SCAN_DIR now includes files from /home/{USER}/etc/php.d first to support ioncube

[7.0.18] - 2017-11-18

  • We now provide nodeJS 6, 8 and 9.

[7.0.17] - 2017-11-17

  • git commands from non git-core now work as well.

[7.0.16] - 2017-11-17

  • We now provide PHP 7.2 Release Candidates.
  • New Let’s Encrypt license lead to a few cases, where the automatic certificate retrieval did not work. We now accept the latest license.

[7.0.15] - 2017-11-14

  • Error logging for .htaccess files can be enabled now.
  • The uberspace command now always uses the python provided by the system.

[7.0.14] - 2017-10-10

  • We now provide zsh.
  • Our brand new uberspace command.
  • We replaced with in the webserver config.
  • We migrated all uberspace-*-* tools to the new uberspace command.
  • The max_allowed_packet setting for MySQL is 16777216 now to allow importing large database dumps.
  • uberspace web domain list now includes
  • We did not apply the MySQL config file properly, therefore innodb_file_format was not set. It is Barracuda now.

[7.0.13] - 2017-10-05

  • Webserver: Several users ran into 429 errors. We removed the connection limits for now and will look into that later.
  • Apache and PHP: ProxyPassMatch directives are evaluated first, this brings several problems: for instance .htaccess files can’t be evaluated anymore before the PHP scripts are run. Using FilesMatch and SetHandler solves the issue.

[7.0.12] - 2017-10-03

  • 🎉 Public Beta! 🎉
  • The Dashboard can now talk to the Uberspace 7 servers, create users, delete users and change passwords.
  • We now provide lynx, w3m and bind-utils.
  • New PHP extensions: soap and posix, shmop, sysvmsg, sysvsem and sysvshm.
  • We increased the maximum concurrent webserver connections from each IP address to 15 with a burst of 150 for a short period to be within the HTTP/2 specification.
  • The webmail interface used to be reachable via and we got the certificates from Let’s Encrypt. Unfortunatelly we ran into the rate limiting and can’t get any certificates for anymore. For now we had to disable the webmail interface and we will look into the issus to find a workaround. On the bright side we had to refactor the certificate deployment process and so far it’s rock solid 💪😎.
  • We did some work on the manual: 💄
  • Composer sees that /bin/php is a symlink and directly calls the symlink target instead of /bin/php. The result was that our wrapper doesn’t know it’s supposed to execute php. Using a hardlink instead of a symlink fixed it.
  • can’t be added via uberspace-add-domain anymore.
  • HTTP basic auth headers are now passed to PHP.
  • Adding a domain to the email configuration didn’t trigger a qmail reload.

[7.0.11] - 2017-09-21

  • $ in addition to $
  • Webserver logs are now stored in ~/logs/webserver

[7.0.10] - 2017-08-17

  • We now have a webmail interface.
  • Users are now able to provide their own php.ini files that are loaded in addition to the stock config.
  • Incoming mails are filtered with the and blacklists to reduce SPAM.

[7.0.9] - 2017-08-02

  • access_log and error_log can be enabled and disabled now.
  • We are using the newest MySQL file format Barracuda.
  • We are now using utf8mb4 by default in MariaDB.
  • access_log and error_log are disabled by default.
  • We adapted php.ini settings for common CMSes: drupal, Typo3, Magento, owncloud
  • Websocket proxy connections can divert random requests. It is not known what exactly causes apache to do this, but we strongly suspect a bug. For now the fix is deactivating mod_proxy_wstunnel for the connections to Apache.
  • A graceful restart in Apache causes it to not accept any new requests until all old requests have been finished. This causes the server to be unresponsive for an undefined amount of time in some cases. We now set GracefulShutDownTimeout 5 in the Apache config.

[] - 2017-07-13

  • The changelog is now linked in the sidebar navigation.
  • We provide git version 2 from IUS repo.
  • We now set session.use_strict_mode = 1 in global php.ini to combat session fixation attacks.
  • nginx and php log errors to different files now.
  • php session files are getting cleaned up now.
  • We changed our ssl_ciphers to make it possible for java8 to connect via HTTPS.
  • Apache does not parse IP addresses in x-forwarded-for headers correctly, this is a bug in mod_rpaf. To work around that we disabled keepalive between Apache<=>nginx (not nginx<=>users) for now.
  • Many connections to a single virtualhost can shut down the whole webserver. We now rate-limit the maximum connections for each user.

[7.0.8] - 2017-06-26

  • In the past the maximum upload size for PHP was chaos. We now guarantee 500 megabytes everywhere.
  • We now ship Python 3. You can choose from interpreter versions 3.4, 3.5, as well as 3.6.
  • We now provide midnight commander.
  • Following security best practices, we now set a number of HTTP headers.
  • The version system did not respect the selected version, when executed with nice or within a cronjob. To fix this, we no longer modify the $PATH, but instead use wrapper scripts.
  • To comply with German privacy regulations all IP addresses within user-accessible webserver logs are now shortened.
  • As to not unnecessarily leak software versions, we now remove the X-Powered-By header from all HTTP responses.
  • To prevent unexpected behaviour, mice are now banned from using nano. 🐭🚫
  • We’ve upgraded all uberspace- scripts to [paternoster v2](
  • Since is not a very handy hostname, we now use shorter ones like within our testing setup.
  • Nginx rightly complained about a duplicated MIME type in our config. We learned that text/html is implied, so we no longer add it to the list of gzip-able files explictly.
  • A bug within vagrant-google caused our workflows to be a bit cumbersome. So we fixed it.
  • An oversight caused us to issue certificates with non-unique serial numbers during testing. While those certificates never reached production, they’re more random now.

[] - 2017-05-03

  • we say goodbye to daemontools and hello to supervisord! For the impatient: * setup daemons in ~/etc/services.d/, create a *.ini file for each daemon * control deamons with supervisorctl status. * see logs in ~/logs/ * check the global config if you’re curious: /etc/supervisord.conf * check the official documentation

[7.0.6] - 2017-04-25

  • redirect HTTP requests to HTTPS
  • adapt $PATH to prioritize home bin: PATH=$HOME/.local/bin:$HOME/bin:$PATH
  • implement option to change shell via chsh without password
  • provide PHP module: bcmath
  • some of the uberspace-* scripts were horribly slow. This is due to the fact that the scripts are written in Ansible and the loading of modules and fact gathering takes time. With the recent changes in we’re down to <5s for each script.
  • fix for webserver sometimes delivering the wrong certificate

[7.0.5] - 2017-04-03

  • provide libunwind, libicu, screen, ncdu
  • provide PHP modules: pecl-zip, pecl-apcu, mcrypt, mbstring, intl, xml, json, tidy, gd, mysqlnd, pgsql, imap
  • uberspace-add-domain -v leaked all user names and corresponding domains.

[7.0.4] - 2017-03-16

  • relay mail via SMTP
  • provide symlink ~/html for convenience

[7.0.3] - 2017-03-03

  • PHP 7.1
  • make PHP 7.1 standard

[7.0.2] - 2017-02-10

  • own domains with mailserver via uberspace-add-domain -m
  • access mail via IMAP and POP3

[7.0.1] - 2017-01-20

  • Cleanup