Changelog Archive

This document contains all changes made to Uberspace 7.

Note

Sometimes the version shown on your host may be higher than the newest version here. In this case we might have applied additional fixes shortly after a release or did internal changes without user impact. We deem updates like these hotfixes and they are not necessarily included in this changelog.


[7.7.9] - 2020-10-14

Fixed

  • Apache workers are now restarted after a number of requests to ensure the web sever’s RAM usage does not grow unreasonably fast. This increases stability overall.

Internal

  • PHP errors for accounts were logged globally by accident. They are now never logged globally. But still user-local, if the user enables them.

[7.7.8] - 2020-09-29

Added

  • deno JavaScript/TypeScript runtime
  • nagios-plugins-http
  • rclone
  • re-added support for Sieve. We had to remove it shortly after the rollout in v7.7.7 because it was incompatible with mailboxes that contain a dot, e.g. isabell.hacker@something.org. This is now fixed. Documentation and an announcement will follow.

Fixed

  • When we do not know a domain, we display a helpful “sorry, unknown domain. here is how you add it” page. This page doesn’t have a valid certificate, but HTTPS was still enforced. The page can now also be opened using HTTP.
  • MX records can be in any case, i.e. 10 TUTTLe.uberspace.DE is now considered valid.
  • The default “there is no content” page is no longer shown, if there is a index.php providing content. In the past the index.html added by us was considered more important by httpd. We now add a nocontent.html, which is always queried last.

Changed

  • ruby 2.4 users have been migrated to version 2.7.
  • nodejs 13 users have been migrated to version 14.
  • The 500 Internal Server Error page now shows information on how to disable it.
  • Updated HTTPS ciphers and settings to match current mozilla recommendations.

Internal

  • Removed an unused 3rd-party YUM repo
  • We continued to restructure our repository to split it up into smaller modules in the future. This will enable us to make quicker releases in the future.

[7.7.7] - 2020-09-16

Added

  • support for Sieve, documentation and announcement will follow.
  • rrdtool

Fixed

  • Modification time of files in ~/etc/certificates now reflects the time the certificate was generated, instead of the current time +/- 1 minute, which was a bit useless.
  • The number of simultaneous SMTP connections is now limited, closing an easy but harmless DoS vector. Additionally, we added more SMTP connection slots.

Changed

  • New accounts now come with an index.html explaining how to upload content, replacing the 403 Forbidden page that was shown in the past.
  • Web Backends now serve their content at both /etherpad and /etherpad/, partly reverting the change made in 7.7.6 because of incompatibility with web socket libraries.
  • Web Backends can now report a custom Server: HTTP response header, which is passed to the client. By default, the server responds Server: nginx like before.
  • supervisord is now version 4.2.1

Internal

  • In the past we used two mechanisms to deploy the primary TLS certificate: prepared (put in a bought one) and self-signed (generate one on demand). The former was used for production, the latter for our automatic tests. This caused the production code path only being tested in… production, which is bad. We changed this to always use “prepared” and removed all of the “self- signed” code.
  • We removed the java installation that was active before 7.7.0
  • General cleanup in our repository removing a total of 800 lines of dead code.

[7.7.6] - 2020-09-07

Added

  • libgdiplus
  • libacl

Fixed

  • uberspace web header set now correctly processes entries with special characters.
  • Web Backends now no longer match /etherpad_test for a backend that was set on /etherpad. Additionally, requests to /etherpad are redirected to /etherpad/.

Changed

  • Node.js version 13 is now deprecated
  • HTTP status 500 responses are now replaced with a custom error page showing instructions how to resolve the error. This can be disabled using the new uberspace web errorpage command.

Internal

  • We started to restructure our repository to split it up into smaller modules in the future. This will enable us to make quicker releases in the future.
  • MySQL backups are now dumped at a random time each night, taking load off our storage system by distributing the resulting peaks better.
  • The NFS mount /backup is now monitored via icinga2, helping us to fix it faster when it hangs.
  • We use a simple watchdog to restart httpd/nginx automatically in case they do no longer respond to requests. Its checking turned out to be too aggressive, resulting in a restart loop in rare cases. We now wait for the server to recover before attempting another check/restart.

[7.7.5] - 2020-08-31

Added

  • weechat - an IRC client
  • yarn - a package manage for nodejs
  • protobuf - headers and libraries used to comple applications that make use of Google’s Protocol Buffers
  • js-devel - development headers for the installed js javascript engine
  • tcsh - a shell compatible with the C shell
  • Cyrillic font support for TeX Live

Changed

Internal

  • We prepared our internal U7 repository to play around with AWX, a platform to execute ansible-playbooks reliably. We currently use gitlab-ci to run them.
  • We re-enabled node_exporter to generate fancy graphs and metics, which we intend to share publicly in the future. At the moment we’re using icinga2 to collect metrics.
  • We deleted old, dead code that was blocking common ports like 6100 so users cannot use them. This is no longer a concern, as every user has their own network namespace now.
  • Files created by ansible in /root/.ansible/tmp are now cleaned up regularly. This should speed up the backup process, as there were quite many of them.

[7.7.4] - 2020-08-17

Added

  • We included the official RPM repository for the Mercurial SCM. So hg now comes in version 5.4.2 (was 2.6.2).
  • Erlang version 23.
  • We provide devtoolset-9 (enabled by default). Resulting in more recent versions of development tooling (e.g. gcc in version 9.3).

Changed

  • Incoming connections directed to a user’s port will no longer be masqueraded, meaning users processes can now acces the public client IP.
  • We set underscores_in_headers on in our Nginx configuration, so that headers containing underscores are no longer discarded.
  • The configuration prefix for Node.js is no longer hardcoded to /home/$USER, but mearly defaults to it. This means users can now use the NPM_CONFIG_PREFIX environment variable, to set their own prefix.

Fixed

  • We made the part of our uberspace command that parses user settings from YAML files more resistant, so it should no longer bail over corrupted files.

[7.7.3] - 2020-08-10

Added

  • Nginx serves favicons and SVGs compressed (image/x-icon, image/svg+xml).

Changed

  • We decreased our global Rspamd reject score to 10 (down from 15). This means, that we reject mails percieved as spam sooner.
  • When adding new mail domains with uberspace mail domain , we now first ask the DNS resolver for the MX records, and only fall back to our old behaviour (i.e. querying the responsible nameservers directly), when this fails (meaning the record does not point to the host). This allows for edge cases, like when a person is using the NSEntry service of DENIC where the TLD nameservers directly hands out all records.
  • Error pages generated by the Apache webserver now display <username>@uber.space instead of hallo@uberspace.de as a means of contact. Users of users kept asking our support about issues we cannot resolve for them, because they aren’t our customers. The new mail address directs them to the right person.

Internal

  • We added a script to clean up DNS records created during our internal testing process. This will lead to more time spend building features and less time debugging the DNS.
  • Configuration for the Apache webserver is now generated for all users before the server starts, instead of on account creation. This way we can easily change the configuration file in the future. Other services already use this scheme.

[7.7.2] - 2020-07-28

Added

  • Support for Haskell, via Haskell Platform.
  • ksh - the KornShell.
  • emacs - an editor (among other things).
  • js - Netscape’s JavaScript interpreter.
  • The php-dba database abstraction layer module for PHP 7.{2,3,4}.
  • Dependencies for Chrome headless.

Fixed

  • Unified the regular expression used to guard web header input for the uberspace web header command. The ones used for the del and suppress sub-commands where unnecessarily stricter, than the one used for set. This allowed setting headers, that could neither be deleted nor suppressed.

[7.7.1] - 2020-06-08

Fixed

  • A case where a web backend with the option --remove-prefix ends up doing nothing.

[7.7.0] - 2020-06-03

Added

  • HTTP outgoing headers can how be changed and set using uberspace web header (manual entry).
  • MySQL event scheduler is now enabled.
  • ImageMagick v7 now has HEIC support.
  • Redis is preinstalled.
  • Java now includes the Java Development Kit (javac)

Changed

  • Java is now version 14 and will be updated as EPEL’s java-latest-openjdk updates.
  • tmux is now version 2.9a.
  • HSTS is enforced for 1 year.
  • HTTP⇒HTTPS redirects use 301 instead of 302.

Fixed

  • SMTP on port 587 now no longer accepts mails to local domains without authentication.
  • SMTP on port 25 now automatically restarts, should it crash for any reason. The recent SSD migrations caused it to crash once on each host leading to a downtime of ~10 minutes. This change mitigates this on future crashes.
  • Dovecot (IMAP/POP3) now gets version updates independently of other packages. This dramatically shortens downtimes during updates, as the package script otherwise waits until all other packages have finished updating before Dovecot can start again.
  • goaccess now supports “tcb_btree” again to fix --keep-db-files.

[7.6.2] - 2020-05-25

Added

Changed

  • The data directory for MariaDB (/var/lib/mysql) is now stored on SSD.
  • Also on SSD: rpm, yum and journald data directories (/var/lib/rpm, /var/lib/yum, /var/cache/yum and /var/log/journal).

[7.6.1.2] - 2020-05-12

Added

  • Better support for web assembly files: set MIME type application/wasm for .wasm, .wasm.gz, .wat, .wat.gz and enable gzip compression.

Updated

  • Updated Haraka to 2.8.25.

[7.6.1.1] - 2020-05-07

Added

  • Installed pecl-yaml for all our supported PHP versions.

Updated

Changed

  • Node.js v8 reached end of life late last year. We deprecated it a while ago and now moved the last remaining users to v12 (the latest LTS, it has security support till April 2022).
  • PHP v7.1 reached end of life late last year. We deprecated it a while ago and now moved the last remaining users to v7.2 (it has security support till November 2020).

Fixed

  • A regression in our uberspace {mail,web} domain del commands, that lead to always deleting the given domain for both categories.

[7.6.1] - 2020-04-23

Added

Updated

  • Updated our manual and error messages in regards to xcvbn. A library, we use to check and enforce password strength for user mailboxes.

Changed

  • Cleanup _journald_ logs, disabled split mode and set a retention time of seven days.
  • Increased the process limit to 1024 (up from 400). Mostly because this is the lowest limit we can use and still support Erlang.

[7.6.0] - 2020-04-20

Added

  • We now support Python 3.7 (compiled and packaged by us).
  • We now support Python 3.8 (compiled and packaged by us).
  • We added the zlib Plugin to Dovecot, to support compressed mailboxes.

Changed

  • We had previously pinned PHP to 7.3.5, because newer versions segfault’ed when opcache was enabled. This is no longer the case, so we removed the pin.
  • Crashed PHP-FPM user instances failed to automatically restart when a user had exceeded their quota. They should now recover on their own, when the user no longer exceeds the quota.

[7.5.1.2] - 2020-04-08

Added

  • Some development packages: irssi-devel, jq-devel, libyaml-devel, poppler-devel and wkhtmltopdf-devel.

Changed

  • We decreased process_idle_timeout for PHP-FPM workers to 180 seconds (down from 900). This reduces the time a spawned child has to be idle before it will be killed (to accomodate for the increase in allowed childs).

[7.5.1.1] - 2020-04-02

Added

  • Two new VMs: bernardi.uberspace.de and hernmann.uberspace.de.

Changed

  • After increasing the max value for PHP-FPM workers to 50 (up from 10) in v7.5.1, we now tuned it down to 20.
  • For MariDB we increased max_connections (to 2000, was 400) and max_user_connections (to 100, was 20).

[7.5.1] - 2020-03-31

Added

Changed

  • The default PHP version for new users is now 7.4 (was 7.2).
  • We allow up to 50 PHP-FPM workers (up from 10).

Fixed

  • Enable lingering for user processes. This should prevent processes, that are inside the user slice but outside a session scope, from being killed, when no user sessions are active.
  • Prevent our health-check script from creating empty ~/.my.cnf files, if a user removed it. This will also prevent changed access timestamps on those files.

Deprecated

  • Ruby 2.4.

[7.5] - 2020-03-25

Changed

  • Added a link to our status page is.uberspace.online to the motd.

Fixed

  • Prevented Ansible from automatic type-casting variables (which could lead to errors with uberspace commands for certain edge cases).
  • We now show an error message, if you try to remove a non existent web backend.

[7.4.4] - 2020-03-18

Added

  • we now provide php-mongodb, nasm and gd-devel

[7.4.3] - 2020-03-11

Changed

  • set AllowEncodedSlashes NoDecode in Apache config

[7.4.2] - 2020-03-03

Changed

  • ban short/bad passwords for mailboxes

Fixed

  • spam folder filter now works with forwarded catchall
  • we now accept mails on IDN domains without Punycode

[7.4.1] - 2020-02-18

Added

  • Catch-all mailbox
  • implement uberspace command to forward mails
  • provide texlive-dvipng, texlive-cm, texlive-pdfpages, texlive-graphics, texlive-iftex and socat

Changed

  • spam folder is enabled for new accounts
  • spamfilter is always enabled, remove uberspace mail spamfilter commands

Fixed

  • add catchall to spam folder maildrop filter
  • user ports now survive firewalld updates and reloads

[7.4] - 2020-02-03

Added

  • php-pecl-redis5
  • spam folder for user mailboxes
  • texlive-latex and texlive-dvips

Changed

  • enable rspamd autolearning
  • mail domains MX check: add fallback to SOA records in case a domain does not have NS records

[7.3.13] - 2020-01-30

Added

  • Dotnet Core 3.1 LTS

[7.3.11] - 2020-01-22

Added

  • fcgi-devel
  • restrictdocroot.so to PHP 7.4

Changed

  • raise max_allowed_packet in MariaDB from 16M to 64M

Fixed

  • Cloudflare can now access the .well-known folder via port 443
  • REMOTE_ADDR is now NN.NN.NN.NN in case of IPv4

[7.3.10] - 2019-12-19

Added

  • PHP 7.4

[7.3.8.1] - 2019-11-13

Added

  • city-fan repo for fresh curl and libssl versions

Changed

  • set PHP default version to 7.2
  • update curl to version 7.67

[7.3.7] - 2019-11-04

Added

  • NodeJS 12 and 13
  • Erlang/OTP 20, 21 and 22
  • We now provide gnutls-utils

Changed

  • set NodeJS default version to 12

Fixed

  • Users can add illegal domains using capital letters

[7.3.6.2] - 2019-10-29

Added

  • we now provide GeoIP-devel and aspell

Changed

  • enlarge proxy_buffer_size to send a bigger amount of http headers
  • set http_max_upload_size_mb to 2048mb fof bigger uploads
  • update sqlite to version 3.28

[7.3.6] - 2019-09-04

Added

  • we now provide php-devel for all PHP versions
  • install colordiff

Fixed

  • fix account deletion for users with databases with special characters in their names

[7.3.5.2] - 2019-08-21

This release fixes some issues with supervisord and the firewall:

Changed

  • set dummy user & password for supervisord’s http server
  • move supervisord socket out of users home directory because supervisord became uncontrollable when users deleted $HOME/tmp/supervisor.sock

Fixed

  • fix race condition in mail limiter
  • make open ports available via IPv6

[7.3.4.2] - 2019-07-31

  • On some hosts, we were unable to create new accounts. This is now fixed. There was no user impact, as the affected accounts were relocated.

[7.3.4.1] - 2019-07-22

Internal changes with our deployment system only.


[7.3.4] - 2019-07-22

This was mostly a maintainance release, containing internal CI releated things. But it also contains these…

  • We promise a log retention period of 7 days in our manual. For a while we only kept logs for 5 days though. This is now fixed.
  • We provide the Ada compiler gnat.
  • We include luarocks in PATH and also set the LUA_PATH / LUA_CPATH environment variables.

[7.3.3] - 2019-07-05

Added

  • we now provide neovim and clang
  • enable HTTP/2 server push

Changed

  • add prime256v1 for nodejs, nodejs 8 doesn’t support secp384r1 yet, as do some others
  • disable RSPAMD_EMAILBL check

Fixed

  • replace logrotate for user logs with custom script because logrotate doesn’t do what it should

[7.3.2.1] - 2019-06-26

Added

  • add support for TLS 1.3

Fixed

  • regular expresion for user log rotation

[7.3.2] - 2019-06-25

Changed

  • avoid non-ASCII characters in uberspace command

Fixed

  • certificates for .uber.space domains are not present
  • very long domains crash nginx
  • disabling PHP error log also deletes backup copy of the log

[7.3.1.1] - 2019-06-12

Added

  • give users access to let’s encrypt certificates

Fixed

  • newest PHP 7.3 segfaults when opcache is enabled, we downgraded to a working version for now

[7.3.0] - 2019-06-03

Added

  • allow users to open a port in the firewall

Changed

  • add ~/go/bin to $PATH

[7.2.14] - 2019-05-27

7.2.12 and 7.2.13 had no user facing features, we changed and fixed lots of internal stuff.

Added

  • provide calendar
  • provide imlib2, imlib2-devel
  • enable users to compile golang apps

Changed

  • Raise max_connect_errors in MariaDB to 10000
  • use mitogen for on-host ansible
  • remove RequestReadTimeout body=900 to (hopefully) finally fix the issues with big uploads

Fixed

  • public suffix list gets updated now
  • maillimit crashed with user-set path
  • fixes a typo in “uberspace mail”
  • systemd reload caused deployment timeout

[7.2.11] - 2019-05-08

Added

  • We now provide boost-devel

Changed

  • TLSv1.0/v1.1 is now disabled in webserver
  • rotate user webserver logs, enable users to delete them
  • We removed Ruby 2.3

Fixed

  • login was slow when initial netns was created by cron
  • wrong MariaDB timezone

[7.2.10] - 2019-04-30

Added

  • Ruby 2.6
  • We now allow *.<user>.uber.space-subdomains in webserver

Changed

  • changed oom score of SSH so users can login even when there is no memory left
  • deprecate NodeJS 6

Fixed

  • websockets in .net projects now actually work
  • large uploads work again, we changed mod_requestTimeout from 20 to 900

[7.2.9] - 2019-04-08

Added

  • introduce “deprecated” flag for tool versions

Changed

  • Deprecate Ruby 2.3
  • gather only minimal facts for uberspace commands to boost performance
  • enforce SQL passwords for users

Fixed

  • We switched to restrictdocroot.so in our PHP-FPM setup because open_basedir slows apps down considerably

[7.2.8] - 2019-04-02

Added

  • We now provide libidn-devel, clojure and moreutils

Fixed

  • Lots of behind the scenes work for network namespaces (fixed login failures for example)

[7.2.7] - 2019-03-25

Fixed

  • reworked network namespaces to save lots of RAM
  • one character usernames crashed signup process
  • healtcheck tests bailed over deleted users

[7.2.5] - 2019-03-18

Added

  • we now provide elixir

Changed

  • uberspace tools restart php now also restarts the socket in case PHP hangs and can’t be restarted by users.

[7.2.4] - 2019-03-06

Added

  • We now provide Xvfb and readline-devel

Changed

  • lower OOM-Killer score for our own services like MariaDB to prevent restarts

[7.2.3] - 2019-02-13

Added

  • PHP 7.3

Changed

  • deprecated PHP 5.6 & PHP 7.0, migrated all users to 7.1

Fixed

  • lots of internal stuff: fixed not rebooting systems (waiting for …), fixed not booting systems (logind stuck), fixed stuck supervisord instances, fixed all the things!

[7.2] - 2019-02-01

Added

  • web backends

Changed

  • every account now has its own isolated network stack

[7.2.2] - 2019-01-23

Changed

  • deprecate Node 9, we set version 10 for all affected users
  • update to Ruby Bundler 2
  • limit user runtime directories to 25MB

Fixed

  • Fix PHP FPM open_basedir
  • increase the max values for semaphore parameters to prevent Apache outages
  • keep SQL dumps for 21 days as promised
  • a lot of cleanup and polish here and there (fix for MariaDB restarts, changed Supervisord PATH, …)

[7.1.19] - 2018-12-13

Added

  • .NET Core is now available in Version 2.2

Fixed

  • An internal API key was readable to local users. We fixed the permissions, reset the keys on all hosts and made sure that future hosts are setup correctly.

[7.1.17] - 2018-11-21

Added

  • We now provide at and wkhtmltopdf

Changed

  • Undeliverable outgoing E-Mails now bounce after 1 day, instead of 10.

Fixed

  • Removed SQL backups from quota.

[7.1.16] - 2018-11-07

Added:

  • We now allow users to set variables in their SSH session environment

Changed:

  • The /mysql_backup/{current,old} directories are now user readable. Also backups now include the UNIX time in their timestamp.

[7.1.15] - 2018-10-15

Added

  • We now provide the php ldap module

Changed

  • We updated MariaDB to version 10.3

[7.1.14] - 2018-10-11

Added

Changed

  • We limit outgoing mails via SMTP to 500 per hour
  • We lowered the max age for files in /tmp from 10 days to 1 day
  • We no longer accept sub domains from other users for uberspace domain <web|mail> add

[7.1.13] - 2018-09-24

Added

  • Poppler, a PDF rendering library.
  • luarocks, a package manager for the Lua programming language.
  • We provide mb2md so you can easily convert mbox files to Maildirs.
  • Update .net to 2.1
  • 🐟 We now provide the fish shell
  • New packages: lua-devel, tcl-devel, gnuplot, e2fsprogs-devel, expat-devel, jpegoptim, optipng

[7.1.12] - 2018-08-20

Added

  • We now provide lame-devel, libmad-devel, libogg-devel, libsamplerate-devel, libvorbis-devel and taglib-devel

[7.1.11] - 2018-08-14

Added

  • We now provide poppler and Node.js 10

[7.1.10] - 2018-07-25

Added

  • SELinux is now enabled globally. In case you experience any unexpected “403 Forbidden” or “Permission denied” errors, please contact our support.
  • Backups are now available at /backup
  • We now provide mtop
  • We now provide cpanm and other basic perl tools
  • We now provide php-xmlrpc
  • We now provide dos2unix and unix2dos
  • We now provide librsync and librsync-devel

Changed

  • The local-part of mail addresses is now case-insenstive

[7.1.9] - 2018-06-06

Added

  • We now provide gdbm-devel
  • We now provide libcurl-devel

[7.1.8] - 2018-06-01

Added

  • We now provide the glances monitoring tool.
  • We now provide PHP-PEAR.
  • We now provide jq.

Changed

  • The path to binaries from PHP composer packages, which are globally installed by users, is now included in the PATH environment variable.

[7.1.7] - 2018-05-28

Added

  • We now provide PHP-GNUPG 🔐

Changed

  • Reject mails to invalid recipients on valid domains early, instead of bouncing them.

[7.1.6] - 2018-05-22

Added

  • we now provide joe.

[7.1.5] - 2018-05-15

Added

  • We now provide fetchmail for your mail fetching pleasure.
  • We now provide goaccess.

Fixed

  • Mailbox names now can start with a number.

[7.1.3] - 2018-04-13

Fixed

  • We fixed a security issue allowing users to read the list of all mail domains setup on their host.
  • Bash completion scripts in /etc/bash_completion.d/ are now sourced for login shells. This includes wp and composer commands.

[7.1.2] - 2018-04-09

Added

  • We now install composer to help you manage your PHP dependencies
  • We now install WP-CLI to manage Wordpress installations.
  • We now provide libpng-dev

[7.1.1] - 2018-03-19

Added

  • To support users with file transfer related things, we now install lftp and ncftp by default.

Changed

  • dmesg output is now hidden for normal users, as it was on U6.

Fixed

  • uberspace mail filter status is now working as documented

[7.1] - 2018-03-09

Added

  • SPAM filtering for incoming mails: All incoming email is now spamchecked via rspamd. Mails with a spam score higher than 15 are rejected.
  • You can opt out of our new rspamd spamfilter with the uberspace mail spamfilter (enable|disable) command.

Fixed

  • Webmail now works with mail addresses like charlie@user.uber.space
  • The webmail client now supports uploading attachments
  • We now support IMAP / POP3 / SMTP login with <user>@uber.space
  • Parsing of requested versions is now more rigid, resulting in fewer crashes for invalid versions.

Changed

  • The output of “uberspace mail domain add” now includes a sample SPF record.

[7.0.34] - 2018-03-05

Fixed

  • Because of a configuration error php-fpm logs were recorded to a non-user-accessible default location, even when the user did not turn them on. This has been resolved and all logs have been deleted.

Added

  • Sometimes you want to assert ownership. We now provide the “whois”-tool, so you can do that.

Changed

  • We switched our MTA on port 25 to haraka, to enable spam filtering in the future.

[7.0.33] - 2018-02-21

Added

Changed

  • PHP, nodejs and other languages can now be used in cronjobs, regardless of the exact PATH set there.

[7.0.32] - 2018-02-16

Added

  • We now provide ImageMagick development headers as well as perl bindings.
  • We now provide libuuid development headers.
  • We now provide the irssi IRC client.

Fixed

  • Maildrop can now be used in .qmail files without specifying the full path. This should have been fixed in 7.0.24, but we misread the systemd documentation, so here we go again.
  • The message shown on websites hosted on deactivated accounts is now correctly displayed in browsers.

Changed

  • ~/php.d is now loaded last, so it can override values set in the global php.ini. To load extensions like ioncube, which insist on being loaded first, use the newly introduced php.early.d.

[7.0.30] - 2018-02-09

Changed

  • If a domain is accepted by nginx, we now always provide a let’s encrypt certificate for it trough auto-ssl. We hope this will prevent the case, where sometimes a correctly added domain won’t get a certificate.
  • As promised in 7.0.24 the nginx config generation now happens way faster, resulting in quicker reboots und easier debugging.

[7.0.29] - 2018-02-02

Added

  • In addition to the end-user sqlite we now also provide the matching development headers.

[7.0.28] - 2018-01-31

Added

  • Not all apps need MySQL, so we also provide sqlite development headers for your smaller database needs.
  • we new provide getmail, mutt and gnutls-devel so you can get your mail, check your mail and compile crypto applications,

Changed

  • Uberspace mail domain add now emphasizes on the fact that you need to use the MX value provided by us.

[7.0.27] - 2018-01-25

Fixed

  • Supervisord is now restated after 10 seconds in case it is killed or crashes.

[7.0.26] - 2018-01-24

Added

Changed

  • The who/last/lastlog commands (and thus display of other user sessions) are now disabled.

Fixed

  • We now support the following special characters in mailbox names: dots (.), plus signs (+), hyphens (-) and underscores (_).

[7.0.25] - 2018-01-22

Added

  • We now provide ImageMagick commands like “convert” on the command line.
  • We now provide Ruby in user selectable versions: 2.3, 2.4 and 2.5.

Fixed


[7.0.24] - 2018-01-16

Added

  • All servers now come with pandoc (to convert document formats), tree (to view your directory structures in a pretty way), and imapsync (to transfer emails between IMAP accounts) installed.
  • We now provide development headers for the ncurses GUI library.
  • We now provide the “gmp” module for php.
  • For your network debugging needs, we now offer traceroute and mtr.

Changed

  • The $PATH of qmail is now extended by standard directories like /bin, so maildrop can be called without specifying its full path.
  • We now automatically restart php-fpm of your web services on updates or when new php modules are added.
  • Apache now uses the “event” multi processing module instead of the old “prefork”. This allows us to handle more requests in parallel.
  • The number of HTTP slots, which can be used by a single uberspace is now limited, so a single uberspace cannot overload our webservers.

Fixed

  • After numerous attempts to install “git submodules” and various other git sub-commands, we now got it. finally. maybe.
  • On reboot, supervisord user services might be started before MySQL, causing some of them to fail. They are now only started, once MySQL is fully booted.
  • Generating the nginx config takes too long in some cases, causing a timeout and nginx to be permanently down. We increased the timeout. The faulty script will be optimized at a later date.

[7.0.23] - 2018-01-03

Fixed

  • Under rare conditions some users did not get a let’s encrypt certificate for a small percentage of their requests. This has been corrected.

[7.0.22] - 2017-12-20

Added

  • In preparation for a public status dashboard, our servers now have additional black box monitoring.
  • Popular default ports like 9001 are now blocked.

Changed

  • The maximum number of processes/threads is now 400 instead of 300, which allows weechat to be compiled using linuxbrew.

Fixed

  • Usernames did have a minimal length of two. This is wrong. We changed it to one, so it matches Uberspace 6.
  • Because of an oversight, VMailMgr was never correctly set up for existing users users. This has been corrected.
  • The vMailMgr wrappers now support Unicode and the char–limits for password have been removed. A warning is displayed though, if non–ASCII chars are used.

[7.0.21] - 2017-12-19

Added

  • We now provide mercurial.
  • You can use additional mailboxes.
  • In addition to $USER@uber.space, you can now also receive mails for $MAILBOX@$USER.uber.space.
  • We now provide .NET.
  • When you log into an Uberspace 7 server, you are now presented with the current version as well as a couple of useful links.

Fixed

  • We now support HTTPS connections form android phones running a version between 7.0 and 7.1.1.

[7.0.20] - 2017-12-08

Added

  • We now support maildrop, which enables you to apply advanced filtering to incoming mails.
  • Common errors like configuring the permissions on your home directory to be too open are now detected and corrected silently. A notification mechanism will be added later.

Changed

  • Domains without explicit NS-Records were not able to receive emails. We now ask for SOA instead.

Fixed

  • An erroneous systemd configuration caused the mail service to quit when it was reloaded during manual intervention. The configuration has been updated to state that the service does not support reloads.

[7.0.19] - 2017-11-30

Added

  • We now provide the ImageMagick and GraphicsMagick library
  • We now provide the imagick pecl module in all PHP versions
  • We now provide PHP 7.2
  • Due to high demand pseudo DocumentRoots are back again
  • ~/bin directory

Changed

  • PHP_INI_SCAN_DIR now includes files from /home/{USER}/etc/php.d first to support ioncube

[7.0.18] - 2017-11-18

Added

  • We now provide nodeJS 6, 8 and 9.

[7.0.16] - 2017-11-17

Added

  • We now provide PHP 7.2 Release Candidates.

Fixed

  • New Let’s Encrypt license lead to a few cases, where the automatic certificate retrieval did not work. We now accept the latest license.

[7.0.17] - 2017-11-17

Fixed

  • git commands from non git-core now work as well.

[7.0.15] - 2017-11-14

Added

  • Error logging for .htaccess files can be enabled now.

Fixed

  • The uberspace command now always uses the python provided by the system.

[7.0.14] - 2017-10-10

Added

  • We now provide zsh.
  • Our brand new uberspace command.

Changed

  • We replaced user.server.uberspace.de with user.uber.space in the webserver config.
  • We migrated all uberspace-*-* tools to the new uberspace command.
  • The max_allowed_packet setting for MySQL is 16777216 now to allow importing large database dumps.

Fixed

  • uberspace web domain list now includes user.uber.space.
  • We did not apply the MySQL config file properly, therefore innodb_file_format was not set. It is Barracuda now.

[7.0.13] - 2017-10-05

Changed

  • Webserver: Several users ran into 429 errors. We removed the connection limits for now and will look into that later.

Fixed

  • Apache and PHP: ProxyPassMatch directives are evaluated first, this brings several problems: for instance .htaccess files can’t be evaluated anymore before the PHP scripts are run. Using FilesMatch and SetHandler solves the issue.

[7.0.12] - 2017-10-03

Added

  • 🎉 Public Beta! 🎉
  • The Dashboard can now talk to the Uberspace 7 servers, create users, delete users and change passwords.
  • We now provide lynx, w3m and bind-utils.
  • New PHP extensions: soap and posix, shmop, sysvmsg, sysvsem and sysvshm.

Changed

  • We increased the maximum concurrent webserver connections from each IP address to 15 with a burst of 150 for a short period to be within the HTTP/2 specification.
  • The webmail interface used to be reachable via webmail.servername.uberspace.de and we got the certificates from Let’s Encrypt. Unfortunatelly we ran into the rate limiting and can’t get any certificates for uberspace.de anymore. For now we had to disable the webmail interface and we will look into the issus to find a workaround. On the bright side we had to refactor the certificate deployment process and so far it’s rock solid 💪😎.
  • We did some work on the manual: 💄

Fixed

  • Composer sees that /bin/php is a symlink and directly calls the symlink target instead of /bin/php. The result was that our wrapper doesn’t know it’s supposed to execute php. Using a hardlink instead of a symlink fixed it.
  • something.uber.space can’t be added via uberspace-add-domain anymore.
  • HTTP basic auth headers are now passed to PHP.
  • Adding a domain to the email configuration didn’t trigger a qmail reload.

[7.0.11] - 2017-09-21

Added

  • $user.uber.space-domains in addition to $user.server.uberspace.de-domains.

Changed

  • Webserver logs are now stored in ~/logs/webserver

[7.0.10] - 2017-08-17

Added

  • We now have a webmail interface.
  • Users are now able to provide their own php.ini files that are loaded in addition to the stock config.
  • Incoming mails are filtered with the ix.dnsbl.manitu.net and bl.spamcop.net blacklists to reduce SPAM.

[7.0.9] - 2017-08-02

Added

  • access_log and error_log can be enabled and disabled now.

Changed

  • We are using the newest MySQL file format Barracuda.
  • We are now using utf8mb4 by default in MariaDB.
  • access_log and error_log are disabled by default.
  • We adapted php.ini settings for common CMSes: drupal, Typo3, Magento, owncloud

Fixed

  • Websocket proxy connections can divert random requests. It is not known what exactly causes apache to do this, but we strongly suspect a bug. For now the fix is deactivating mod_proxy_wstunnel for the connections to Apache.
  • A graceful restart in Apache causes it to not accept any new requests until all old requests have been finished. This causes the server to be unresponsive for an undefined amount of time in some cases. We now set GracefulShutDownTimeout 5 in the Apache config.

[7.0.8.1] - 2017-07-13

Added

  • The changelog is now linked in the sidebar navigation.
  • We provide git version 2 from IUS repo.
  • We now set session.use_strict_mode = 1 in global php.ini to combat session fixation attacks.

Fixed

  • nginx and php log errors to different files now.
  • php session files are getting cleaned up now.
  • We changed our ssl_ciphers to make it possible for java8 to connect via HTTPS.
  • Apache does not parse IP addresses in x-forwarded-for headers correctly, this is a bug in mod_rpaf. To work around that we disabled keepalive between Apache<=>nginx (not nginx<=>users) for now.
  • Many connections to a single virtualhost can shut down the whole webserver. We now rate-limit the maximum connections for each user.

[7.0.8] - 2017-06-26

Added

  • In the past the maximum upload size for PHP was chaos. We now guarantee 500 megabytes everywhere.
  • We now ship Python 3. You can choose from interpreter versions 3.4, 3.5, as well as 3.6.
  • We now provide midnight commander.
  • Following security best practices, we now set a number of HTTP headers.

Fixed

  • The version system did not respect the selected version, when executed with nice or within a cronjob. To fix this, we no longer modify the $PATH, but instead use wrapper scripts.
  • To comply with German privacy regulations all IP addresses within user-accessible webserver logs are now shortened.
  • As to not unnecessarily leak software versions, we now remove the X-Powered-By header from all HTTP responses.
  • To prevent unexpected behaviour, mice are now banned from using nano. 🐭🚫

Backstage

  • We’ve upgraded all uberspace- scripts to [paternoster v2](github.com/uberspace/paternoster).
  • Since te512042.019e71729061e1f03aef698f89da225d00559bbd-1310.testing.ubrspc.de is not a very handy hostname, we now use shorter ones like 565743.vagrant.ubrspc.de within our testing setup.
  • Nginx rightly complained about a duplicated MIME type in our config. We learned that text/html is implied, so we no longer add it to the list of gzip-able files explictly.
  • A bug within vagrant-google caused our workflows to be a bit cumbersome. So we fixed it.
  • An oversight caused us to issue certificates with non-unique serial numbers during testing. While those certificates never reached production, they’re more random now.

[7.0.6.2] - 2017-05-03

Added

  • we say goodbye to daemontools and hello to supervisord! For the impatient: * setup daemons in ~/etc/services.d/, create a *.ini file for each daemon * control deamons with supervisorctl status. * see logs in ~/logs/ * check the global config if you’re curious: /etc/supervisord.conf * check the official documentation

[7.0.6] - 2017-04-25

Added

  • redirect HTTP requests to HTTPS
  • adapt $PATH to prioritize home bin: PATH=$HOME/.local/bin:$HOME/bin:$PATH
  • implement option to change shell via chsh without password
  • provide PHP module: bcmath

Fixed

  • some of the uberspace-* scripts were horribly slow. This is due to the fact that the scripts are written in Ansible and the loading of modules and fact gathering takes time. With the recent changes in we’re down to <5s for each script.
  • fix for webserver sometimes delivering the wrong certificate

[7.0.5] - 2017-04-03

Added

  • provide libunwind, libicu, screen, ncdu
  • provide PHP modules: pecl-zip, pecl-apcu, mcrypt, mbstring, intl, xml, json, tidy, gd, mysqlnd, pgsql, imap

Fixed

  • uberspace-add-domain -v leaked all user names and corresponding domains.

[7.0.4] - 2017-03-16

Added

  • relay mail via SMTP
  • provide symlink ~/html for convenience

[7.0.3] - 2017-03-03

Added

  • PHP 7.1

Changed

  • make PHP 7.1 standard

[7.0.2] - 2017-02-10

Added

  • own domains with mailserver via uberspace-add-domain -m
  • access mail via IMAP and POP3

[7.0.1] - 2017-01-20

Fixed

  • Cleanup