Changelog Archive

This document contains all changes made to Uberspace 7.

Note

Sometimes the version shown on your host may be higher than the newest version here. In this case we might have applied additional fixes shortly after a release or did internal changes without user impact. We deem updates like these hotfixes and they are not necessarily included in this changelog.


[7.15.11] - 2024-03-01

🌱 Spring is here 🌱

While we are working at full speed on Uberspace 8, we are of course also finding time to develop for Uberspace 7. Outside the first crocuses are sprouting, inside the pipeline is rolling out the freshest update:

Added

  • new packages: poppler-glib-devel, giflib-devel

Changed

  • PHP 8.3 is now default

  • mail: raise mail_max_userip_connections from 20 to 50

  • mail: sign more headers with DKIM from:to:cc:subject:date

Fixed

  • with our last release we forgot some extensions for PHP 8.3: php-sodium, php-pecl-decimal, php-pecl-gnupgadd.


[7.15.10] - 2024-02-16

This week we rolled out only a little user facing changes:

Added

  • We added PHP 8.3

Deprecations

  • PHP 8.0 has been been deprecated and is no longer selectable in the version list. It will be removed completely next month


[7.15.9] - 2024-01-08

The following changes will be rolled out until the end of this week:

Added

  • We added Erlang 26 as a new selectable version.

  • We added development headers mosquitto-devel libsodium-devel libconfig-devel lmdb-devel

  • We added powershell as a shell alternative

  • We added xmlsec1

Changed

  • We removed some SSH ciphers to mitigate the terrapin vulnerability.

Removed

  • We removed Node.JS 16 completely after a process of deprecation.

  • We removed Ruby 2.7 completely after a process of deprecation.

Deprecations

  • PHP 8.0 has been migrated to 8.1, you may switch back until february before we deprecate.

  • Postgres 10, Postgres 11 are deprecated.


[7.15.8] - 2023-12-11

The following changes will be rolled out until the end of this week:

Added

Changed

  • Prepend Haraka Received instead of appending to comply with RFC 2821

  • We globally restrict web access to .git folders and *.swp files.

Removed

  • We removed Node.JS 19 completely after a process of deprecation.

Deprecations

  • Node.JS 16 is deprecated and will be removed in january 2024.

  • Ruby 2.7 is deprecated and will be removed in january 2024.


[7.15.4] - 2023-08-14

The following changes will be rolled out until the end of this week:

Added

Changed

  • We fixed a bug in the sqlite installation, so the PHP-FPM uses the latest available version.

  • We updated the fish-shell to version 3.

Removed

  • We now removed Node.JS 12 + 14 completely after a process of deprecation.

Deprecations

  • Node.JS 16 will be deprecated from 04.09.2023 on and removed one month later.

  • Node.JS 19 will be deprecated from 04.09.2023 on and removed one month later.

  • Ruby 2.7 will be deprecated from 04.09.2023 on and removed one month later.


[7.15.3] - 2023-06-19

Added

  • We added lsd so you can tune up your ls command.

  • We added the helix editor.

  • We added pgvector for the postgres versions 12-15.

Changed

  • We increased the inotify max user watches limit by 10 times so it is now on 81920.

  • We fixed a bug where the new financed state for ratelimiting mails was not working correctly with sieve redirects.


[7.15.2] - 2023-06-05

Added

  • We added msmtp so you can easily switch sending mails over SMTP instead of sendmail. This will give you all the benefits of real mailboxes like DKIM signed mails.

  • NodeJS 20 is now available for you.

Changed

  • We now have a stricter mail outgoing limit for new accounts. Until the first cash top-up, you will only be able to send 5mails/60min.

  • The limit for all other outgoing mails has been set to 200mails/60min according to our houserules.

  • We now reject outgoing mails with a high spam score.

Deprecations

  • NodeJS 12+14 will be no longer selectable. They will be completely removed in the end of June.

  • NodeJS 19 will soon be deprecated, please switch to the now added NodeJS 20.

  • Ruby 2.7 will soon be deprecated, please switch to newer versions.


[7.15.1] - 2023-04-05

Since yesterday a little release slipped through our fingers onto the servers, beside the final removement of PHP7.4 there are some minor additions to your Asteroids.

Because our main focus now lies on the development of the next Uberspace generation, our release cycle in U7 could evolve to a more frequent but smaller feature set. We’ll see how it all comes together in the coming period.

PHP 7.4 removal

We have now removed the outdated PHP 7.4 version from our servers. All users who reverted to version 8.0 after the deprecation period have now been permanently migrated.

MariaDB updates

The MariaDB updates we implemented within the last weeks on all hosts are finished now and all instances were updated to version 10.6.

Changed

  • mytop came with the newer MariaDB versions and is available now as an alternative to mtop

  • the nice editor ne is now available

  • kitty terminals should now work since we added the necessary terminfo mail-filters

  • we changed the backup time for mysql databases from 02:00 to 01:59. You may now fiddle out why this is a much better idea and why we had a lot of alarms for missing backups on a sunday a week and a half before ;-)


[7.15] - 2023-01-23

DKIM

We now create a DKIM key for your account, which you can use with all your mail domains. You get the neccesary information for your DNS records when adding a new domain, or via the new uberspace records list command. You can check our Spam protection article for some additional information.

PHP 7.4

PHP 7.4 has reached its end of life last year. This means we will eventually remove it. And you should switch to an officially supported version as soon as possible (e.g. 8.0, 8.1 or 8.2).

Added

Deprecations

  • We decided not to deprecate PHP 7.4 just yet. To detect possible problems we just switched all users still on 7.4 to version 8. You can manually change the version back with uberspace tools version use php 7.4.

Removed

  • MongoDB 4.0

  • Ruby 2.5

  • Ruby 2.6


[7.14.1] - 2022-11-29

Changed

  • In preparation for the pending deprecation of PHP 7.4 (probably in the next Uberspace release, scheduled for December), we set the PHP version for everyone running 7.4 to 8.0. Until we roll out the deprecation you can still move back manually, (i.e. to fix things and prepare for the version update).


[7.14] - 2022-11-21

Added

  • Erlang/OTP version 25.

  • Ruby version 3.1.

  • MongoDB 6.

  • Development files for lua 5.3.

  • New tools: cmake3, gojq, gum, ldapvi, oauthtool, pdftk, s3cmd, usql.

Changed

  • We disabled the penalty system in Dovecot, which should result in faster SMTP AUTH connection times.

  • If a user service is missing a startsecs setting, we add startsecs=30, to prevent endless loops, caused by broken services.

  • rust-analyser is now part of the “user versioned tools”, meaning you can run it, without using the full path to the executeable.

  • Updated htop to 3.2.

  • The default PHP version was increased to 8.1.

Deprecated

  • The Rust language server rls is deprecated (but the rust-analyser is availabel).

  • Ruby 2.5 and 2.6.

  • MongoDB 4.


[7.13] - 2022-08-08

Added

  • provide espeak

  • support for you+someforum@example.org-style plussed mail addresses

Fixed

  • various stability and performance improvements for uberspace web traffic

  • handling of mail addresses with dots using uberspace mail

Changed

  • changes to make deployments faster by not copying all let’s encrypt certs on every deployment.

  • fully removed spamdyke, in favor of haraka/rspamd

  • removed cityfan YUM repository


[7.12.3] - 2022-07-14

Added

  • new command: uberspace web traffic to check the used web traffic.

Changed

  • we now reject mail where the IP/rDNS or HELO name do not match.


[7.12.2] - 2022-05-23

🌱 Spring cleaning: this release we were mostly busy updating and polishing internals, e.g. our CI pipeline and container images. We also took first steps towards a new metric and alerting system. Nonetheless we also have a couple of user facing features for you.

Added

  • Python 3.10 and a preview for 3.11.

  • New tools: ranger, oauth2-proxy, mtail and chromium-headless.

  • Even more metrics to play with in the future.

Fixed

  • Sieve vacation autoreplies should now work. You can see our mail filter documentation for an updated example.

  • When you authenticate with SMTP, we implement penalties for failed attemps (further ones are delayed). Because our authentication backend used the proxy’s IP (which is the same for all users), not the one for your connection, you could be affected by penalties caused by other user’s failed login attemps. This is now fixed.

  • You can now use the ErrorDocument directive in .htaccess files.

  • Dovecot can now correctly handle mailboxes containing colons (:), i.e. automatically clean their spam folder.


[7.12.1] - 2022-02-16

💌 We’ve been busy to hand craft you a nice litte release which is mainly about tweaking our new outgoing mail server Haraka and combating SPAM. If you had issues with SMTP since U7.12 this one is for you.

Added

  • A Sieve editor in our webmail.

  • Dotnet 6

  • MongoDB 5

  • Commandline Tools: as-tree, skim, bottom, elinks, links, alpine, git-lfs, bash-completion-extras

  • PHP Modules: php-gnupg

  • Lots of lots of lots of metrics to play with in the future.

Changed

  • SMTP rate limits: 500/1h for SMTP with auth and 60/h for sendmail

  • Add ~all to suggested TXT record for mail domains

  • Remove anti-fast-talker delay from Haraka config for SMTP submit

  • Decrease Rspamd score for SPOOF_REPLYTO`

  • Decrease Rspamd score for SUBJ_EXCESS_BASE64

  • Increase Rspamd score threshold for SMTP submit

  • Disable spam filtering for outgoing mails

  • Anonymyze Received header inbound and outbound

  • Remove MongoDB 3.6 because it’s end of life since April 2021

  • Deprecated PHP 7.3

Fixed

  • A missing symlink /usr/local/bin/dotnet

  • A Dovecot reboot issue

  • restrictdocroot.so for PHP 8.1

  • MySQL backup for DBs with hyphens in their name

  • No more auth-imap timeouts

  • postfix clients for SMTP now work with our new mail setup

  • Symlink old ImageMagick to our new one


[7.12] - 2021-12-13

🎄 Santa is coming to town

Added

  • 🎁 you can now train the SPAM filter by moving mails to or out of the SPAM folder

  • 🎁 we now inform by email you when your quota is full or almost full

  • 🎁 we added PHP 8.1

  • 🎁 we include our own ImageMagick v7 with support for AVIF / HEIC

  • 🎁 provide sha3sum and liblua

  • 🎁 We now provide prolog for all your computational linguistics needs

Changed

  • 🎁 we switched our outgoing mail server to haraka

  • 🎁 we set the maillimit to 60/h instead of 500/h to combat SPAM

  • 🎁 your new IMAP folders are now subscribed automatically in mail clients

  • 🎁 we implemented the Mozilla TLS recommendations for IMAP/POP3/SMTP-587

Fixed

  • 🎁 .NET package bailed because of cache

  • 🎁 we fixed a problem with resolv.conf from active Network Manager

  • 🎁 SQL backup dumps were deleted too early in an edge case, we fixed that

  • 🎁 SMTP rate limit now tells you the correct error message in the SMTP dialogue

  • 🎁 Explicitly put CA list into php.ini

  • 🎁 fail soft when running uberspace mail user list without ~/users


[7.12.hotfix] - 2021-12-13

Changed:

  • we reset the maillimit to 500/h


[7.11.5] - 2021-10-13

Added

  • Added fzf.

  • Added fd.

  • Added XeTeX.

  • The pear binary for PHP is now exposed, based on your selected version.

Changed

  • We now expose envelope recipient and sender to Sieve.

  • We now grant you direct access to your PHP FPM socket at /run/php-fpm-{username}.sock (e.g. so you can use it from your own proxy).

  • We now link your userfacts (i.e. your asteroid specific settings) to ~/etc/userfacts for easier access.

  • We now link your Nginx configuration to /readonly/<username>/nginx.conf for easier access.

  • We now link your Apache httpd configuration to /readonly/<username>/httpd.conf for easier access.

  • We now show you the path to the affected log file, when you use uberspace web log ....

  • The info page for disabled accounts now shows a link to the dashboard.

  • The info page shown for unknown domains (shown when you point a domain to the host, but you missed setting it with uberspace web domain add ...), now mentions the hostname.

  • We now also show the page for an unknown domain, when a non empty path is requested (before this would result in a 404).

Removed

  • We removed NodeJS 10 (in was already deprecated in the last release).

Fixed

  • In 7.11.4 we added our self compiled Python 3.9 to the $CPATH. The way we handled it added the current directory (i.e. .) too, when $CPATH was empty. That could lead to all kinds of problems when compiling and is now fixed.


[7.11.4] - 2021-08-19

Added

  • We added a rate limit of 10 requests/sec for two common Wordpress paths: ~.*/wp-login.php and ~.*/xmlrpc.php. These are (for now) based on $server_name only. (This was already rolled out via hotfix some weeks ago)…

  • We now use a a stricter rate limit of 30 requests/min for these request. This is subject to ongoing tweaking and will probably be reduced further in the future (and based also on IP).

  • We now accept strict TLS connections for SMTP relaying on port 465.

  • Added Erlang OTP 24 (along with recent versions for 21, 22 and 23).

  • Elixir was updated too, for the OTP version mentioned above.

  • The npx binary for Node.js is now exposed, based on your selected version.

  • The php-config binary for PHP is now exposed, based on your selected version.

Changed

  • We now limit the number of recipients for SMTP relaying to 100.

  • We now actually limit the max size for mails to 25 MB. (This is stated in our community rules for a long time, but we had not yet enforced it on U7).

  • The uberspace mail domain list command now displays DNS INVALID next to unverified mail domains (along with the time of the last check). While the tool responsible for checking these runs around every 30 seconds, failed MX checks will be retried at most every 3 minutes.

  • We now rotate /var/log/wtmp daily (default was by size) and set the retention period to 7 days.

  • We now delete TLS certificates immediately after removal of domains / accounts (before they where “garbage collected” eventually).

  • We increased some Pigeonhole settings for Sieve: sieve_max_redirects (up to 20 form 4) and sieve_max_actions (up to 64 form 32).

  • nano is now the default editor set by shell profile via $EDITOR and $VISUAL.

  • /opt/nginx/conf/mime.types is now world-readable (i.e. you can include it in your own settings).

Removed

  • Removed Python 3.4 and 3.5.

  • Deprecated Node.js v10. Will be removed soon.

Fixed

  • PHP now uses a per-user session save path (/var/lib/php-sessions/{{account}}/) to allow garbage collection. Before this change, garbage collection failed because of missing permissions.

  • We added our self compiled Python 3.9 to the $CPATH via shell profile. So you no longer have to do that manually before installing compiled packages (e.g. uwsgi).


[7.11.3] - 2021-06-15

Added

  • Support for the editheader capability for Sieve.

  • PHP’s phpize to the $PATH.

Changed

  • Dovecot now ignores a size mismatch between the mail file on disk and the size given in its filename. This should prevent errors, occurring when something changes the mail after it was delivered (e.g. writing an extra header to it, like CRM114).


[7.11.1] - 2021-05-03

Added

  • Node.js v16.

  • inotify-tools

Changed

  • We changed the format of the user access log (again) and added the port after the host. Now the format should be compatible with VCOMBINED / NCSA with VHOST parsers, e.g. GoAccess. E.g.:

    isabell.uber.space:443 10.132.0.0 - - [28/Apr/2021:16:10:23 +0000]
    "GET /hello/world.php HTTP/1.1" 200 42 "-" "HTTPie/0.9.4"
    
  • When adding mail domains, we priviously only accept domains, whose MX record points to the FQDN of the host. Now we also accept domains whose MX record points to a domain, whose A record resolves to the host.

Fixed

  • Our new Dovecot does not play well with qmail (qmail masks SIGCHLD, Dovecot does not unmasks it). Until this is fixed upstream, we added a workaround.

Internal

  • We added more fields to our internal access log.


[7.11.0] - 2021-04-20

Added

  • HEIC support for ImageMagick v6 (already installed for v7).

  • Mod FastCGI for Lighttpd.

  • WebP tooling via libwebp-tools.

Updated

  • We now use the official RPM repo for Dovecot, jumping to version 2.3.14.

Changed

  • We now use TLS v1.2 as minimum version for connections to Dovecot.

  • We switched the format of our web server logs from COMBINED to VCOMBINED (i.e. added $host as first field). This changes the format of ~/logs/webserver/access_log.

Fixed

  • If --remove-prefix option for web backends used for a path not ending in a slash, the prefix was not removed.

Internal

  • Updated node exporter to v1.1.2.

  • We now log full HTTP client IP addresses for 24 hours for internal abuse and spam handling. Weekly and user logs still use anonymized IPs only.


[7.10.0] - 2021-03-04

Added

  • updated Java to 15

  • each users CPU usage is now limited to 6 cores, improving stability.

  • pecl-mailparse

  • HEIC support for ImageMagick 6, and by extension PHP

Changed

  • recommended SPF record is now include:spf.uberspace.de so we can reoute mails more easily. The current records prevents us from relaying mails through another server temporarily.

  • to be consistent with our advice to use .uber.space domains for mail, user.host.uberspace.de is now no longer part of mail domain list.

  • uberspace mail domain add now explains that the trailing dot in MX records is correct, but not necessary or possible to enter in many DNS interfaces.

  • rspamd’s FORGED_RECIPIENTS test now adds fewer points to the spam score to counter many reported false-positive.

Fixed

  • RAM limits for users were not applying consistently, leading to outages in the recent past. We now apply the limits ourselves instead of relying on systemd, increasing stability in the future.

  • Sometimes systemd failed to reload nginx, leading to new domains not being available. We now use the nginx tooling directly instead of relying on systemd’s $MAINPID variable, hopefully fixing this.

  • MySQLs temporary files are now written to SSDs on all hosts, increasing performance for big queries that don’t fit into RAM.

Internal

  • there is a dummy uberspace-letsencrypt-renew script, which does nothing. Many U6 users leave their let’s encrypt cronjob in place, even though U7 does not need one. The resulting cron error mails confuse users, which increases our support volume. The dummy script automates those cases.

  • we rewrote the playbook, which updates MariaDB, enabling updates to 10.4 and 10.5 in the future.

  • some hosts have additional SSD devices for yum, rpm and the systemd journal. Since we are moving all hosts to SSDs, these are not necessary anymore. We wrote a playbook to remove them in the future, making all hosts consistent again.

  • we now detect and automatically ban more mining tools.

  • MySQL backups now only happen for databases, which changed since the last backup. This reduces the system load at night and further increases storage performance and stability.


[7.9.0] - 2021-01-25

Added

  • PHP 8.0

  • Ruby 3.0

  • InfluxDB and telegraf

  • PostgreSQL

  • CouchDB

  • MongoDB

  • .NET 5.0

  • gobject-introspection-devel, pango-devel, ripgrep, bat, asciidoc, ledger

Changed

  • legacy URLs like adminer., pma., and webmail.host.uberspace.de redirect to their global counterparts (e.g. https://webmail.uberspace.de)

  • removed PHP 7.2

  • removed .NET 2.0 and 2.2

  • httpd is now allowed to read files with user_home_t SELinux labels. This fixes usability issues because of files removed from home. It also enables CGI scripts to access libraries installied in $HOME/.local and similar. There is still no official support for CGI, though.

Fixed

  • tmux sessions no longer break after some time. We mistakenly removed them from /tmp automatically and now leave them be.

  • MySQL backups sometimes (1 or 3 databases in total on _all_ hosts) fail, so we now retry them once. This increases the reliability of the provided backups and silences our monitoring.

  • Sieve configuration files no longer show up as folders in mail clients.

Internal

  • We migrated additional hosts to SSD storage.

  • Add a test for redis.

  • Add monitoring check for failed user services. This way we will notice, if your supervisord or php-fpm fail.

  • Add monitoring check for individual MySQL backups. Monitoring for the backup process as a whole was already present.


[7.8.1] - 2020-12-22

Added

Changed

  • Increased the Rspamd reject score to 15 (up from 10).

  • Reduced the Rspamd score for INVALID_RCPT_8BIT to 3 (down from 6).

  • We limit the Spam Assassin rules we use with Rspamd to ZMI.

  • Deprecated PHP 7.2. It will be removed early next year.

  • We added a connection timeout on port 587 (hard capped at two hours, or one hour for idle connections). Our SMTP submit queue suffered from lingering connections, we hope this helps to mitigate it.

  • The output of uberspace mail domain add now ends domain names with a dot (.). We hope this helps avoiding situations, where it could otherwise be interpreted as relative to an origin (this mostly effects c/p to bind configurations, but also some web based GUIs).

Internal

  • We migrated a lot of hosts to SSD storage.

  • fstrim now runs about weekly on the hosts. Concrete times are distributed randomly, to minimize the impact on the cluster.

  • While creating SQL backup dumps, we now log and monitor MariaDB errors.

  • We moved the Rspamd logs out of the journal (for now). This allows us to have a longer retention policy for those, while still keeping them pretty verbose. We will fine tune our Spam filtering over the next releases, so this might come in handy.


[7.8.0] - 2020-12-01

Added

  • Support for managed Sieve

  • Mails from spam folder are now auto-expunged after 30 days.

  • Add special RFC 6154 folders to Dovecot config, so mail clients detect trash, spam, and other default folders automatically.

Changed

  • We now keep logs for incoming mails for 10 days instead of one day to aid debugging of missing mails in support.

  • System logs are now kept for one to two days, instead of just one.

  • The default values of max_execution_time and max_input_time are now 90 seconds and 60 seconds respectively, to free up stuck php-fpm workers more quickly. Higher values can be set using a config file in ~/etc/php.d. CLI invocations like cronjobs are not affected.

Internal

  • MySQL backups are now monitored, alerting us when the process stops working.

  • Optimized log output of our scripts, so we can keep the useful logs for longer.

  • Instead of reloading nginx after log rotation, we now call nginx -s reopen to reduce load spikes and thus increase reliability.

  • We now run fstrim regularly to free unused storage in our ceph cluster. This enables us to use it more efficiently.


[7.7.10] - 2020-11-17

Added

  • mg: a tiny Emacs-like editor

  • numactl command to please MongoDB

  • modern TLS settings for POP3/IMAP/SMTP-SUBMIT (reverted because they block connections from thunderbird)

  • opus, opus-tools, and opus-devel

  • many fonts to support non-western scripts

Fixed

  • MariaDB backups now includestored routines

  • table_definition_cache is now 20000 to meet friendica’s requirements

  • The SMTP connection limit introduced in v7.7.7 now actually works.

  • $user.uber.space is now correctly displayed in uberspace mail domain list

  • uberspace * domain list output is now sorted

Internal

  • Log rotation is now randomized to happen between 4 and 5 am. The time is constant for each host, so they are always rotated at the same time for a given host. This reduces the IO load on our storage and therefore improves performance and reliabilty at night.

  • Prometheus’ node_exporter can now be monitored by our icinga2 setup, leading to more complete graphs for us and better performance for you.

  • Sometimes our internal CI amassed a lot of temporary DNS records, which exceeded the quota of our DNS provider, griding our CI and development to a halt. The records are now purged reguarly.


[7.7.9] - 2020-10-14

Added

Fixed

  • Apache workers are now restarted after a number of requests to ensure the web sever’s RAM usage does not grow unreasonably fast. This increases stability overall.

Internal

  • PHP errors for accounts were logged globally by accident. They are now never logged globally. But still user-local, if the user enables them.


[7.7.8] - 2020-09-29

Added

  • deno JavaScript/TypeScript runtime

  • nagios-plugins-http

  • rclone

  • re-added support for Sieve. We had to remove it shortly after the rollout in v7.7.7 because it was incompatible with mailboxes that contain a dot, e.g. isabell.hacker@something.org. This is now fixed. Documentation and an announcement will follow.

Fixed

  • When we do not know a domain, we display a helpful “sorry, unknown domain. here is how you add it” page. This page doesn’t have a valid certificate, but HTTPS was still enforced. The page can now also be opened using HTTP.

  • MX records can be in any case, i.e. 10 TUTTLe.uberspace.DE is now considered valid.

  • The default “there is no content” page is no longer shown, if there is a index.php providing content. In the past the index.html added by us was considered more important by httpd. We now add a nocontent.html, which is always queried last.

Changed

  • ruby 2.4 users have been migrated to version 2.7.

  • nodejs 13 users have been migrated to version 14.

  • The 500 Internal Server Error page now shows information on how to disable it.

  • Updated HTTPS ciphers and settings to match current mozilla recommendations.

Internal

  • Removed an unused 3rd-party YUM repo

  • We continued to restructure our repository to split it up into smaller modules in the future. This will enable us to make quicker releases in the future.


[7.7.7] - 2020-09-16

Added

  • support for Sieve, documentation and announcement will follow.

  • rrdtool

Fixed

  • Modification time of files in ~/etc/certificates now reflects the time the certificate was generated, instead of the current time +/- 1 minute, which was a bit useless.

  • The number of simultaneous SMTP connections is now limited, closing an easy but harmless DoS vector. Additionally, we added more SMTP connection slots.

Changed

  • New accounts now come with an index.html explaining how to upload content, replacing the 403 Forbidden page that was shown in the past.

  • Web Backends now serve their content at both /etherpad and /etherpad/, partly reverting the change made in 7.7.6 because of incompatibility with web socket libraries.

  • Web Backends can now report a custom Server: HTTP response header, which is passed to the client. By default, the server responds Server: nginx like before.

  • supervisord is now version 4.2.1

Internal

  • In the past we used two mechanisms to deploy the primary TLS certificate: prepared (put in a bought one) and self-signed (generate one on demand). The former was used for production, the latter for our automatic tests. This caused the production code path only being tested in… production, which is bad. We changed this to always use “prepared” and removed all of the “self- signed” code.

  • We removed the java installation that was active before 7.7.0

  • General cleanup in our repository removing a total of 800 lines of dead code.


[7.7.6] - 2020-09-07

Added

  • libgdiplus

  • libacl

Fixed

  • uberspace web header set now correctly processes entries with special characters.

  • Web Backends now no longer match /etherpad_test for a backend that was set on /etherpad. Additionally, requests to /etherpad are redirected to /etherpad/.

Changed

  • Node.js version 13 is now deprecated

  • HTTP status 500 responses are now replaced with a custom error page showing instructions how to resolve the error. This can be disabled using the new uberspace web errorpage command.

Internal

  • We started to restructure our repository to split it up into smaller modules in the future. This will enable us to make quicker releases in the future.

  • MySQL backups are now dumped at a random time each night, taking load off our storage system by distributing the resulting peaks better.

  • The NFS mount /backup is now monitored via icinga2, helping us to fix it faster when it hangs.

  • We use a simple watchdog to restart httpd/nginx automatically in case they do no longer respond to requests. Its checking turned out to be too aggressive, resulting in a restart loop in rare cases. We now wait for the server to recover before attempting another check/restart.


[7.7.5] - 2020-08-31

Added

  • weechat - an IRC client

  • yarn - a package manage for nodejs

  • protobuf - headers and libraries used to comple applications that make use of Google’s Protocol Buffers

  • js-devel - development headers for the installed js javascript engine

  • tcsh - a shell compatible with the C shell

  • Cyrillic font support for TeX Live

Changed

Internal

  • We prepared our internal U7 repository to play around with AWX, a platform to execute ansible-playbooks reliably. We currently use gitlab-ci to run them.

  • We re-enabled node_exporter to generate fancy graphs and metics, which we intend to share publicly in the future. At the moment we’re using icinga2 to collect metrics.

  • We deleted old, dead code that was blocking common ports like 6100 so users cannot use them. This is no longer a concern, as every user has their own network namespace now.

  • Files created by ansible in /root/.ansible/tmp are now cleaned up regularly. This should speed up the backup process, as there were quite many of them.


[7.7.4] - 2020-08-17

Added

  • We included the official RPM repository for the Mercurial SCM. So hg now comes in version 5.4.2 (was 2.6.2).

  • Erlang version 23.

  • We provide devtoolset-9 (enabled by default). Resulting in more recent versions of development tooling (e.g. gcc in version 9.3).

Changed

  • Incoming connections directed to a user’s port will no longer be masqueraded, meaning users processes can now acces the public client IP.

  • We set underscores_in_headers on in our Nginx configuration, so that headers containing underscores are no longer discarded.

  • The configuration prefix for Node.js is no longer hardcoded to /home/$USER, but mearly defaults to it. This means users can now use the NPM_CONFIG_PREFIX environment variable, to set their own prefix.

Fixed

  • We made the part of our uberspace command that parses user settings from YAML files more resistant, so it should no longer bail over corrupted files.


[7.7.3] - 2020-08-10

Added

  • Nginx serves favicons and SVGs compressed (image/x-icon, image/svg+xml).

Changed

  • We decreased our global Rspamd reject score to 10 (down from 15). This means, that we reject mails percieved as spam sooner.

  • When adding new mail domains with uberspace mail domain , we now first ask the DNS resolver for the MX records, and only fall back to our old behaviour (i.e. querying the responsible nameservers directly), when this fails (meaning the record does not point to the host). This allows for edge cases, like when a person is using the NSEntry service of DENIC where the TLD nameservers directly hands out all records.

  • Error pages generated by the Apache webserver now display <username>@uber.space instead of hallo@uberspace.de as a means of contact. Users of users kept asking our support about issues we cannot resolve for them, because they aren’t our customers. The new mail address directs them to the right person.

Internal

  • We added a script to clean up DNS records created during our internal testing process. This will lead to more time spend building features and less time debugging the DNS.

  • Configuration for the Apache webserver is now generated for all users before the server starts, instead of on account creation. This way we can easily change the configuration file in the future. Other services already use this scheme.


[7.7.2] - 2020-07-28

Added

  • Support for Haskell, via Haskell Platform.

  • ksh - the KornShell.

  • emacs - an editor (among other things).

  • js - Netscape’s JavaScript interpreter.

  • The php-dba database abstraction layer module for PHP 7.{2,3,4}.

  • Dependencies for Chrome headless.

Fixed

  • Unified the regular expression used to guard web header input for the uberspace web header command. The ones used for the del and suppress sub-commands where unnecessarily stricter, than the one used for set. This allowed setting headers, that could neither be deleted nor suppressed.


[7.7.1] - 2020-06-08

Fixed

  • A case where a web backend with the option --remove-prefix ends up doing nothing.


[7.7.0] - 2020-06-03

Added

  • HTTP outgoing headers can how be changed and set using uberspace web header (manual entry).

  • MySQL event scheduler is now enabled.

  • ImageMagick v7 now has HEIC support.

  • Redis is preinstalled.

  • Java now includes the Java Development Kit (javac)

Changed

  • Java is now version 14 and will be updated as EPEL’s java-latest-openjdk updates.

  • tmux is now version 2.9a.

  • HSTS is enforced for 1 year.

  • HTTP⇒HTTPS redirects use 301 instead of 302.

Fixed

  • SMTP on port 587 now no longer accepts mails to local domains without authentication.

  • SMTP on port 25 now automatically restarts, should it crash for any reason. The recent SSD migrations caused it to crash once on each host leading to a downtime of ~10 minutes. This change mitigates this on future crashes.

  • Dovecot (IMAP/POP3) now gets version updates independently of other packages. This dramatically shortens downtimes during updates, as the package script otherwise waits until all other packages have finished updating before Dovecot can start again.

  • goaccess now supports “tcb_btree” again to fix --keep-db-files.


[7.6.2] - 2020-05-25

Added

Changed

  • The data directory for MariaDB (/var/lib/mysql) is now stored on SSD.

  • Also on SSD: rpm, yum and journald data directories (/var/lib/rpm, /var/lib/yum, /var/cache/yum and /var/log/journal).


[7.6.1.2] - 2020-05-12

Added

  • Better support for web assembly files: set MIME type application/wasm for .wasm, .wasm.gz, .wat, .wat.gz and enable gzip compression.

Updated

  • Updated Haraka to 2.8.25.


[7.6.1.1] - 2020-05-07

Added

  • Installed pecl-yaml for all our supported PHP versions.

Updated

Changed

  • Node.js v8 reached end of life late last year. We deprecated it a while ago and now moved the last remaining users to v12 (the latest LTS, it has security support till April 2022).

  • PHP v7.1 reached end of life late last year. We deprecated it a while ago and now moved the last remaining users to v7.2 (it has security support till November 2020).

Fixed

  • A regression in our uberspace {mail,web} domain del commands, that lead to always deleting the given domain for both categories.


[7.6.1] - 2020-04-23

Added

Updated

  • Updated our manual and error messages in regards to xcvbn. A library, we use to check and enforce password strength for user mailboxes.

Changed

  • Cleanup _journald_ logs, disabled split mode and set a retention time of seven days.

  • Increased the process limit to 1024 (up from 400). Mostly because this is the lowest limit we can use and still support Erlang.


[7.6.0] - 2020-04-20

Added

  • We now support Python 3.7 (compiled and packaged by us).

  • We now support Python 3.8 (compiled and packaged by us).

  • We added the zlib Plugin to Dovecot, to support compressed mailboxes.

Changed

  • We had previously pinned PHP to 7.3.5, because newer versions segfault’ed when opcache was enabled. This is no longer the case, so we removed the pin.

  • Crashed PHP-FPM user instances failed to automatically restart when a user had exceeded their quota. They should now recover on their own, when the user no longer exceeds the quota.


[7.5.1.2] - 2020-04-08

Added

  • Some development packages: irssi-devel, jq-devel, libyaml-devel, poppler-devel and wkhtmltopdf-devel.

Changed

  • We decreased process_idle_timeout for PHP-FPM workers to 180 seconds (down from 900). This reduces the time a spawned child has to be idle before it will be killed (to accomodate for the increase in allowed childs).


[7.5.1.1] - 2020-04-02

Added

  • Two new VMs: bernardi.uberspace.de and hernmann.uberspace.de.

Changed

  • After increasing the max value for PHP-FPM workers to 50 (up from 10) in v7.5.1, we now tuned it down to 20.

  • For MariDB we increased max_connections (to 2000, was 400) and max_user_connections (to 100, was 20).


[7.5.1] - 2020-03-31

Added

Changed

  • The default PHP version for new users is now 7.4 (was 7.2).

  • We allow up to 50 PHP-FPM workers (up from 10).

Fixed

  • Enable lingering for user processes. This should prevent processes, that are inside the user slice but outside a session scope, from being killed, when no user sessions are active.

  • Prevent our health-check script from creating empty ~/.my.cnf files, if a user removed it. This will also prevent changed access timestamps on those files.

Deprecated

  • Ruby 2.4.


[7.5] - 2020-03-25

Changed

  • Added a link to our status page is.uberspace.online to the motd.

Fixed

  • Prevented Ansible from automatic type-casting variables (which could lead to errors with uberspace commands for certain edge cases).

  • We now show an error message, if you try to remove a non existent web backend.


[7.4.4] - 2020-03-18

Added

  • we now provide php-mongodb, nasm and gd-devel


[7.4.3] - 2020-03-11

Changed

  • set AllowEncodedSlashes NoDecode in Apache config


[7.4.2] - 2020-03-03

Changed

  • ban short/bad passwords for mailboxes

Fixed

  • spam folder filter now works with forwarded catchall

  • we now accept mails on IDN domains without Punycode


[7.4.1] - 2020-02-18

Added

  • Catch-all mailbox

  • implement uberspace command to forward mails

  • provide texlive-dvipng, texlive-cm, texlive-pdfpages, texlive-graphics, texlive-iftex and socat

Changed

  • spam folder is enabled for new accounts

  • spamfilter is always enabled, remove uberspace mail spamfilter commands

Fixed

  • add catchall to spam folder maildrop filter

  • user ports now survive firewalld updates and reloads


[7.4] - 2020-02-03

Added

  • php-pecl-redis5

  • spam folder for user mailboxes

  • texlive-latex and texlive-dvips

Changed

  • enable rspamd autolearning

  • mail domains MX check: add fallback to SOA records in case a domain does not have NS records


[7.3.13] - 2020-01-30

Added

  • Dotnet Core 3.1 LTS


[7.3.11] - 2020-01-22

Added

  • fcgi-devel

  • restrictdocroot.so to PHP 7.4

Changed

  • raise max_allowed_packet in MariaDB from 16M to 64M

Fixed

  • Cloudflare can now access the .well-known folder via port 443

  • REMOTE_ADDR is now NN.NN.NN.NN in case of IPv4


[7.3.10] - 2019-12-19

Added

  • PHP 7.4


[7.3.8.1] - 2019-11-13

Added

  • city-fan repo for fresh curl and libssl versions

Changed

  • set PHP default version to 7.2

  • update curl to version 7.67


[7.3.7] - 2019-11-04

Added

  • NodeJS 12 and 13

  • Erlang/OTP 20, 21 and 22

  • We now provide gnutls-utils

Changed

  • set NodeJS default version to 12

Fixed

  • Users can add illegal domains using capital letters


[7.3.6.2] - 2019-10-29

Added

  • we now provide GeoIP-devel and aspell

Changed

  • enlarge proxy_buffer_size to send a bigger amount of http headers

  • set http_max_upload_size_mb to 2048mb fof bigger uploads

  • update sqlite to version 3.28


[7.3.6] - 2019-09-04

Added

  • we now provide php-devel for all PHP versions

  • install colordiff

Fixed

  • fix account deletion for users with databases with special characters in their names


[7.3.5.2] - 2019-08-21

This release fixes some issues with supervisord and the firewall:

Changed

  • set dummy user & password for supervisord’s http server

  • move supervisord socket out of users home directory because supervisord became uncontrollable when users deleted $HOME/tmp/supervisor.sock

Fixed

  • fix race condition in mail limiter

  • make open ports available via IPv6


[7.3.4.2] - 2019-07-31

Fixed

  • On some hosts, we were unable to create new accounts. This is now fixed. There was no user impact, as the affected accounts were relocated.


[7.3.4.1] - 2019-07-22

Internal changes with our deployment system only.


[7.3.4] - 2019-07-22

This was mostly a maintainance release, containing internal CI releated things. But it also contains these…

Fixed

  • We promise a log retention period of 7 days in our manual. For a while we only kept logs for 5 days though. This is now fixed.

Added

  • We provide the Ada compiler gnat.

Changed

  • We include luarocks in PATH and also set the LUA_PATH / LUA_CPATH environment variables.


[7.3.3] - 2019-07-05

Added

  • we now provide neovim and clang

  • enable HTTP/2 server push

Changed

  • add prime256v1 for nodejs, nodejs 8 doesn’t support secp384r1 yet, as do some others

  • disable RSPAMD_EMAILBL check

Fixed

  • replace logrotate for user logs with custom script because logrotate doesn’t do what it should


[7.3.2.1] - 2019-06-26

Added

  • add support for TLS 1.3

Fixed

  • regular expresion for user log rotation


[7.3.2] - 2019-06-25

Changed

  • avoid non-ASCII characters in uberspace command

Fixed

  • certificates for .uber.space domains are not present

  • very long domains crash nginx

  • disabling PHP error log also deletes backup copy of the log


[7.3.1.1] - 2019-06-12

Added

  • give users access to let’s encrypt certificates

Fixed

  • newest PHP 7.3 segfaults when opcache is enabled, we downgraded to a working version for now


[7.3.0] - 2019-06-03

Added

  • allow users to open a port in the firewall

Changed

  • add ~/go/bin to $PATH


[7.2.14] - 2019-05-27

7.2.12 and 7.2.13 had no user facing features, we changed and fixed lots of internal stuff.

Added

  • provide calendar

  • provide imlib2, imlib2-devel

  • enable users to compile golang apps

Changed

  • Raise max_connect_errors in MariaDB to 10000

  • use mitogen for on-host ansible

  • remove RequestReadTimeout body=900 to (hopefully) finally fix the issues with big uploads

Fixed

  • public suffix list gets updated now

  • maillimit crashed with user-set path

  • fixes a typo in “uberspace mail”

  • systemd reload caused deployment timeout


[7.2.11] - 2019-05-08

Added

  • We now provide boost-devel

Changed

  • TLSv1.0/v1.1 is now disabled in webserver

  • rotate user webserver logs, enable users to delete them

  • We removed Ruby 2.3

Fixed

  • login was slow when initial netns was created by cron

  • wrong MariaDB timezone


[7.2.10] - 2019-04-30

Added

  • Ruby 2.6

  • We now allow *.<user>.uber.space-subdomains` in webserver

Changed

  • changed oom score of SSH so users can login even when there is no memory left

  • deprecate NodeJS 6

Fixed

  • websockets in .net projects now actually work

  • large uploads work again, we changed mod_requestTimeout from 20 to 900


[7.2.9] - 2019-04-08

Added

  • introduce “deprecated” flag for tool versions

Changed

  • Deprecate Ruby 2.3

  • gather only minimal facts for uberspace commands to boost performance

  • enforce SQL passwords for users

Fixed

  • We switched to restrictdocroot.so in our PHP-FPM setup because open_basedir slows apps down considerably


[7.2.8] - 2019-04-02

Added

  • We now provide libidn-devel, clojure and moreutils

Fixed

  • Lots of behind the scenes work for network namespaces (fixed login failures for example)


[7.2.7] - 2019-03-25

Fixed

  • reworked network namespaces to save lots of RAM

  • one character usernames crashed signup process

  • healtcheck tests bailed over deleted users


[7.2.5] - 2019-03-18

Added

  • we now provide elixir

Changed

  • uberspace tools restart php now also restarts the socket in case PHP hangs and can’t be restarted by users.


[7.2.4] - 2019-03-06

Added

  • We now provide Xvfb and readline-devel

Changed

  • lower OOM-Killer score for our own services like MariaDB to prevent restarts


[7.2.3] - 2019-02-13

Added

  • PHP 7.3

Changed

  • deprecated PHP 5.6 & PHP 7.0, migrated all users to 7.1

Fixed

  • lots of internal stuff: fixed not rebooting systems (waiting for …), fixed not booting systems (logind stuck), fixed stuck supervisord instances, fixed all the things!


[7.2] - 2019-02-01

Added

  • web backends

Changed

  • every account now has its own isolated network stack


[7.2.2] - 2019-01-23

Changed

  • deprecate Node 9, we set version 10 for all affected users

  • update to Ruby Bundler 2

  • limit user runtime directories to 25MB

Fixed

  • Fix PHP FPM open_basedir

  • increase the max values for semaphore parameters to prevent Apache outages

  • keep SQL dumps for 21 days as promised

  • a lot of cleanup and polish here and there (fix for MariaDB restarts, changed Supervisord PATH, …)


[7.1.19] - 2018-12-13

Added

  • .NET Core is now available in Version 2.2

Fixed

  • An internal API key was readable to local users. We fixed the permissions, reset the keys on all hosts and made sure that future hosts are setup correctly.


[7.1.17] - 2018-11-21

Added

  • We now provide at and wkhtmltopdf

Changed

  • Undeliverable outgoing E-Mails now bounce after 1 day, instead of 10.

Fixed

  • Removed SQL backups from quota.


[7.1.16] - 2018-11-07

Added:

  • We now allow users to set variables in their SSH session environment

Changed:

  • The /mysql_backup/{current,old} directories are now user readable. Also backups now include the UNIX time in their timestamp.


[7.1.15] - 2018-10-15

Added

  • We now provide the php ldap module

Changed

  • We updated MariaDB to version 10.3


[7.1.14] - 2018-10-11

Added

Changed

  • We limit outgoing mails via SMTP to 500 per hour

  • We lowered the max age for files in /tmp from 10 days to 1 day

  • We no longer accept sub domains from other users for uberspace domain <web|mail> add


[7.1.13] - 2018-09-24

Added

  • Poppler, a PDF rendering library.

  • luarocks, a package manager for the Lua programming language.

  • We provide mb2md so you can easily convert mbox files to Maildirs.

  • Update .net to 2.1

  • 🐟 We now provide the fish shell

  • New packages: lua-devel, tcl-devel, gnuplot, e2fsprogs-devel, expat-devel, jpegoptim, optipng


[7.1.12] - 2018-08-20

Added

  • We now provide lame-devel, libmad-devel, libogg-devel, libsamplerate-devel, libvorbis-devel and taglib-devel


[7.1.11] - 2018-08-14

Added

  • We now provide poppler and Node.js 10


[7.1.10] - 2018-07-25

Added

  • SELinux is now enabled globally. In case you experience any unexpected “403 Forbidden” or “Permission denied” errors, please contact our support.

  • Backups are now available at /backup

  • We now provide mtop

  • We now provide cpanm and other basic perl tools

  • We now provide php-xmlrpc

  • We now provide dos2unix and unix2dos

  • We now provide librsync and librsync-devel

Changed

  • The local-part of mail addresses is now case-insenstive


[7.1.9] - 2018-06-06

Added

  • We now provide gdbm-devel

  • We now provide libcurl-devel


[7.1.8] - 2018-06-01

Added

  • We now provide the glances monitoring tool.

  • We now provide PHP-PEAR.

  • We now provide jq.

Changed

  • The path to binaries from PHP composer packages, which are globally installed by users, is now included in the PATH environment variable.


[7.1.7] - 2018-05-28

Added

  • We now provide PHP-GNUPG 🔐

Changed

  • Reject mails to invalid recipients on valid domains early, instead of bouncing them.


[7.1.6] - 2018-05-22

Added

  • we now provide joe.


[7.1.5] - 2018-05-15

Added

  • We now provide fetchmail for your mail fetching pleasure.

  • We now provide goaccess.

Fixed

  • Mailbox names now can start with a number.


[7.1.3] - 2018-04-13

Fixed

  • We fixed a security issue allowing users to read the list of all mail domains setup on their host.

  • Bash completion scripts in /etc/bash_completion.d/ are now sourced for login shells. This includes wp and composer commands.


[7.1.2] - 2018-04-09

Added

  • We now install composer to help you manage your PHP dependencies

  • We now install WP-CLI to manage Wordpress installations.

  • We now provide libpng-dev


[7.1.1] - 2018-03-19

Added

  • To support users with file transfer related things, we now install lftp and ncftp by default.

Changed

  • dmesg output is now hidden for normal users, as it was on U6.

Fixed

  • uberspace mail filter status is now working as documented


[7.1] - 2018-03-09

Added

  • SPAM filtering for incoming mails: All incoming email is now spamchecked via rspamd. Mails with a spam score higher than 15 are rejected.

  • You can opt out of our new rspamd spamfilter with the uberspace mail spamfilter (enable|disable) command.

Fixed

  • Webmail now works with mail addresses like charlie@user.uber.space

  • The webmail client now supports uploading attachments

  • We now support IMAP / POP3 / SMTP login with <user>@uber.space

  • Parsing of requested versions is now more rigid, resulting in fewer crashes for invalid versions.

Changed

  • The output of “uberspace mail domain add” now includes a sample SPF record.


[7.0.34] - 2018-03-05

Fixed

  • Because of a configuration error php-fpm logs were recorded to a non-user-accessible default location, even when the user did not turn them on. This has been resolved and all logs have been deleted.

Added

  • Sometimes you want to assert ownership. We now provide the “whois”-tool, so you can do that.

Changed

  • We switched our MTA on port 25 to haraka, to enable spam filtering in the future.


[7.0.33] - 2018-02-21

Added

Changed

  • PHP, nodejs and other languages can now be used in cronjobs, regardless of the exact PATH set there.


[7.0.32] - 2018-02-16

Added

  • We now provide ImageMagick development headers as well as perl bindings.

  • We now provide libuuid development headers.

  • We now provide the irssi IRC client.

Fixed

  • Maildrop can now be used in .qmail files without specifying the full path. This should have been fixed in 7.0.24, but we misread the systemd documentation, so here we go again.

  • The message shown on websites hosted on deactivated accounts is now correctly displayed in browsers.

Changed

  • ~/php.d is now loaded last, so it can override values set in the global php.ini. To load extensions like ioncube, which insist on being loaded first, use the newly introduced php.early.d.


[7.0.30] - 2018-02-09

Changed

  • If a domain is accepted by nginx, we now always provide a let’s encrypt certificate for it trough auto-ssl. We hope this will prevent the case, where sometimes a correctly added domain won’t get a certificate.

  • As promised in 7.0.24 the nginx config generation now happens way faster, resulting in quicker reboots und easier debugging.


[7.0.29] - 2018-02-02

Added

  • In addition to the end-user sqlite we now also provide the matching development headers.


[7.0.28] - 2018-01-31

Added

  • Not all apps need MySQL, so we also provide sqlite development headers for your smaller database needs.

  • we new provide getmail, mutt and gnutls-devel so you can get your mail, check your mail and compile crypto applications,

Changed

  • Uberspace mail domain add now emphasizes on the fact that you need to use the MX value provided by us.


[7.0.27] - 2018-01-25

Fixed

  • Supervisord is now restated after 10 seconds in case it is killed or crashes.


[7.0.26] - 2018-01-24

Added

Changed

  • The who/last/lastlog commands (and thus display of other user sessions) are now disabled.

Fixed

  • We now support the following special characters in mailbox names: dots (.), plus signs (+), hyphens (-) and underscores (_).


[7.0.25] - 2018-01-22

Added

  • We now provide ImageMagick commands like “convert” on the command line.

  • We now provide Ruby in user selectable versions: 2.3, 2.4 and 2.5.

Fixed


[7.0.24] - 2018-01-16

Added

  • All servers now come with pandoc (to convert document formats), tree (to view your directory structures in a pretty way), and imapsync (to transfer emails between IMAP accounts) installed.

  • We now provide development headers for the ncurses GUI library.

  • We now provide the “gmp” module for php.

  • For your network debugging needs, we now offer traceroute and mtr.

Changed

  • The $PATH of qmail is now extended by standard directories like /bin, so maildrop can be called without specifying its full path.

  • We now automatically restart php-fpm of your web services on updates or when new php modules are added.

  • Apache now uses the “event” multi processing module instead of the old “prefork”. This allows us to handle more requests in parallel.

  • The number of HTTP slots, which can be used by a single uberspace is now limited, so a single uberspace cannot overload our webservers.

Fixed

  • After numerous attempts to install “git submodules” and various other git sub-commands, we now got it. finally. maybe.

  • On reboot, supervisord user services might be started before MySQL, causing some of them to fail. They are now only started, once MySQL is fully booted.

  • Generating the nginx config takes too long in some cases, causing a timeout and nginx to be permanently down. We increased the timeout. The faulty script will be optimized at a later date.


[7.0.23] - 2018-01-03

Fixed

  • Under rare conditions some users did not get a let’s encrypt certificate for a small percentage of their requests. This has been corrected.


[7.0.22] - 2017-12-20

Added

  • In preparation for a public status dashboard, our servers now have additional black box monitoring.

  • Popular default ports like 9001 are now blocked.

Changed

  • The maximum number of processes/threads is now 400 instead of 300, which allows weechat to be compiled using linuxbrew.

Fixed

  • Usernames did have a minimal length of two. This is wrong. We changed it to one, so it matches Uberspace 6.

  • Because of an oversight, VMailMgr was never correctly set up for existing users users. This has been corrected.

  • The vMailMgr wrappers now support Unicode and the char–limits for password have been removed. A warning is displayed though, if non–ASCII chars are used.


[7.0.21] - 2017-12-19

Added

  • We now provide mercurial.

  • You can use additional mailboxes.

  • In addition to $USER@uber.space, you can now also receive mails for $MAILBOX@$USER.uber.space.

  • We now provide .NET.

  • When you log into an Uberspace 7 server, you are now presented with the current version as well as a couple of useful links.

Fixed

  • We now support HTTPS connections form android phones running a version between 7.0 and 7.1.1.


[7.0.20] - 2017-12-08

Added

  • We now support maildrop, which enables you to apply advanced filtering to incoming mails.

  • Common errors like configuring the permissions on your home directory to be too open are now detected and corrected silently. A notification mechanism will be added later.

Changed

  • Domains without explicit NS-Records were not able to receive emails. We now ask for SOA instead.

Fixed

  • An erroneous systemd configuration caused the mail service to quit when it was reloaded during manual intervention. The configuration has been updated to state that the service does not support reloads.


[7.0.19] - 2017-11-30

Added

  • We now provide the ImageMagick and GraphicsMagick library

  • We now provide the imagick pecl module in all PHP versions

  • We now provide PHP 7.2

  • Due to high demand pseudo DocumentRoots are back again

  • ~/bin directory

Changed

  • PHP_INI_SCAN_DIR now includes files from /home/{USER}/etc/php.d first to support ioncube


[7.0.18] - 2017-11-18

Added

  • We now provide nodeJS 6, 8 and 9.


[7.0.16] - 2017-11-17

Added

  • We now provide PHP 7.2 Release Candidates.

Fixed

  • New Let’s Encrypt license lead to a few cases, where the automatic certificate retrieval did not work. We now accept the latest license.


[7.0.17] - 2017-11-17

Fixed

  • git commands from non git-core now work as well.


[7.0.15] - 2017-11-14

Added

  • Error logging for .htaccess files can be enabled now.

Fixed

  • The uberspace command now always uses the python provided by the system.


[7.0.14] - 2017-10-10

Added

  • We now provide zsh.

  • Our brand new uberspace command.

Changed

  • We replaced user.server.uberspace.de with user.uber.space in the webserver config.

  • We migrated all uberspace-*-* tools to the new uberspace command.

  • The max_allowed_packet setting for MySQL is 16777216 now to allow importing large database dumps.

Fixed

  • uberspace web domain list now includes user.uber.space.

  • We did not apply the MySQL config file properly, therefore innodb_file_format was not set. It is Barracuda now.


[7.0.13] - 2017-10-05

Changed

  • Webserver: Several users ran into 429 errors. We removed the connection limits for now and will look into that later.

Fixed

  • Apache and PHP: ProxyPassMatch directives are evaluated first, this brings several problems: for instance .htaccess files can’t be evaluated anymore before the PHP scripts are run. Using FilesMatch and SetHandler solves the issue.


[7.0.12] - 2017-10-03

Added

  • 🎉 Public Beta! 🎉

  • The Dashboard can now talk to the Uberspace 7 servers, create users, delete users and change passwords.

  • We now provide lynx, w3m and bind-utils.

  • New PHP extensions: soap and posix, shmop, sysvmsg, sysvsem and sysvshm.

Changed

  • We increased the maximum concurrent webserver connections from each IP address to 15 with a burst of 150 for a short period to be within the HTTP/2 specification.

  • The webmail interface used to be reachable via webmail.servername.uberspace.de and we got the certificates from Let’s Encrypt. Unfortunatelly we ran into the rate limiting and can’t get any certificates for uberspace.de anymore. For now we had to disable the webmail interface and we will look into the issus to find a workaround. On the bright side we had to refactor the certificate deployment process and so far it’s rock solid 💪😎.

  • We did some work on the manual: 💄

Fixed

  • Composer sees that /bin/php is a symlink and directly calls the symlink target instead of /bin/php. The result was that our wrapper doesn’t know it’s supposed to execute php. Using a hardlink instead of a symlink fixed it.

  • something.uber.space can’t be added via uberspace-add-domain anymore.

  • HTTP basic auth headers are now passed to PHP.

  • Adding a domain to the email configuration didn’t trigger a qmail reload.


[7.0.11] - 2017-09-21

Added

  • $user.uber.space-domains in addition to $user.server.uberspace.de-domains.

Changed

  • Webserver logs are now stored in ~/logs/webserver


[7.0.10] - 2017-08-17

Added

  • We now have a webmail interface.

  • Users are now able to provide their own php.ini files that are loaded in addition to the stock config.

  • Incoming mails are filtered with the ix.dnsbl.manitu.net and bl.spamcop.net blacklists to reduce SPAM.


[7.0.9] - 2017-08-02

Added

  • access_log and error_log can be enabled and disabled now.

Changed

  • We are using the newest MySQL file format Barracuda.

  • We are now using utf8mb4 by default in MariaDB.

  • access_log and error_log are disabled by default.

  • We adapted php.ini settings for common CMSes: drupal, Typo3, Magento, owncloud

Fixed

  • Websocket proxy connections can divert random requests. It is not known what exactly causes apache to do this, but we strongly suspect a bug. For now the fix is deactivating mod_proxy_wstunnel for the connections to Apache.

  • A graceful restart in Apache causes it to not accept any new requests until all old requests have been finished. This causes the server to be unresponsive for an undefined amount of time in some cases. We now set GracefulShutDownTimeout 5 in the Apache config.


[7.0.8.1] - 2017-07-13

Added

  • The changelog is now linked in the sidebar navigation.

  • We provide git version 2 from IUS repo.

  • We now set session.use_strict_mode = 1 in global php.ini to combat session fixation attacks.

Fixed

  • nginx and php log errors to different files now.

  • php session files are getting cleaned up now.

  • We changed our ssl_ciphers to make it possible for java8 to connect via HTTPS.

  • Apache does not parse IP addresses in x-forwarded-for headers correctly, this is a bug in mod_rpaf. To work around that we disabled keepalive between Apache<=>nginx (not nginx<=>users) for now.

  • Many connections to a single virtualhost can shut down the whole webserver. We now rate-limit the maximum connections for each user.


[7.0.8] - 2017-06-26

Added

  • In the past the maximum upload size for PHP was chaos. We now guarantee 500 megabytes everywhere.

  • We now ship Python 3. You can choose from interpreter versions 3.4, 3.5, as well as 3.6.

  • We now provide midnight commander.

  • Following security best practices, we now set a number of HTTP headers.

Fixed

  • The version system did not respect the selected version, when executed with nice or within a cronjob. To fix this, we no longer modify the $PATH, but instead use wrapper scripts.

  • To comply with German privacy regulations all IP addresses within user-accessible webserver logs are now shortened.

  • As to not unnecessarily leak software versions, we now remove the X-Powered-By header from all HTTP responses.

  • To prevent unexpected behaviour, mice are now banned from using nano. 🐭🚫

Backstage

  • We’ve upgraded all uberspace- scripts to [paternoster v2](github.com/uberspace/paternoster).

  • Since te512042.019e71729061e1f03aef698f89da225d00559bbd-1310.testing.ubrspc.de is not a very handy hostname, we now use shorter ones like 565743.vagrant.ubrspc.de within our testing setup.

  • Nginx rightly complained about a duplicated MIME type in our config. We learned that text/html is implied, so we no longer add it to the list of gzip-able files explictly.

  • A bug within vagrant-google caused our workflows to be a bit cumbersome. So we fixed it.

  • An oversight caused us to issue certificates with non-unique serial numbers during testing. While those certificates never reached production, they’re more random now.


[7.0.6.2] - 2017-05-03

Added

  • we say goodbye to daemontools and hello to supervisord! For the impatient: * setup daemons in ~/etc/services.d/, create a *.ini file for each daemon * control deamons with supervisorctl status. * see logs in ~/logs/ * check the global config if you’re curious: /etc/supervisord.conf * check the official documentation


[7.0.6] - 2017-04-25

Added

  • redirect HTTP requests to HTTPS

  • adapt $PATH to prioritize home bin: PATH=$HOME/.local/bin:$HOME/bin:$PATH

  • implement option to change shell via chsh without password

  • provide PHP module: bcmath

Fixed

  • some of the uberspace-* scripts were horribly slow. This is due to the fact that the scripts are written in Ansible and the loading of modules and fact gathering takes time. With the recent changes in we’re down to <5s for each script.

  • fix for webserver sometimes delivering the wrong certificate


[7.0.5] - 2017-04-03

Added

  • provide libunwind, libicu, screen, ncdu

  • provide PHP modules: pecl-zip, pecl-apcu, mcrypt, mbstring, intl, xml, json, tidy, gd, mysqlnd, pgsql, imap

Fixed

  • uberspace-add-domain -v leaked all user names and corresponding domains.


[7.0.4] - 2017-03-16

Added

  • relay mail via SMTP

  • provide symlink ~/html for convenience


[7.0.3] - 2017-03-03

Added

  • PHP 7.1

Changed

  • make PHP 7.1 standard


[7.0.2] - 2017-02-10

Added

  • own domains with mailserver via uberspace-add-domain -m

  • access mail via IMAP and POP3


[7.0.1] - 2017-01-20

Fixed

  • Cleanup