Changelog¶
This document will track major changes in the project.
[7.1.19] - 2018-12-13¶
Added¶
- .NET Core is now available in Version 2.2
Fixed¶
- An internal API key was readable to local users. We fixed the permissions, reset the keys on all hosts and made sure that future hosts are setup correctly.
[7.1.17] - 2018-11-21¶
Added¶
- We now provide at and wkhtmltopdf
Changed¶
- Undeliverable outgoing E-Mails now bounce after 1 day, instead of 10.
[7.1.16] - 2018-11-07¶
Added:¶
- We now allow users to set variables in their SSH session environment
Changed:¶
- The /mysql_backup/{current,old} directories are now user readable. Also backups now include the UNIX time in their timestamp.
[7.1.14] - 2018-10-11¶
Added¶
- We now provide cairo-devel and darcs
- MariaDB SQL backups are now accessible by users
Changed¶
- We limit outgoing mails via SMTP to 500 per hour
- We lowered the max age for files in /tmp from 10 days to 1 day
- We no longer accept sub domains from other users for
uberspace domain <web|mail> add
[7.1.13] - 2018-09-24¶
Added¶
- Poppler, a PDF rendering library.
- luarocks, a package manager for the Lua programming language.
- We provide mb2md so you can easily convert mbox files to Maildirs.
- Update .net to 2.1
- 🐟 We now provide the fish shell
- New packages: lua-devel, tcl-devel, gnuplot, e2fsprogs-devel, expat-devel, jpegoptim, optipng
[7.1.12] - 2018-08-20¶
Added¶
- We now provide lame-devel, libmad-devel, libogg-devel, libsamplerate-devel, libvorbis-devel and taglib-devel
[7.1.10] - 2018-07-25¶
Added¶
- SELinux is now enabled globally. In case you experience any unexpected “403 Forbidden” or “Permission denied” errors, please contact our support.
- Backups are now available at /backup
- We now provide mtop
- We now provide cpanm and other basic perl tools
- We now provide php-xmlrpc
- We now provide dos2unix and unix2dos
- We now provide librsync and librsync-devel
[7.1.8] - 2018-06-01¶
Added¶
- We now provide the glances monitoring tool.
- We now provide PHP-PEAR.
- We now provide jq.
Changed¶
- The path to binaries from PHP composer packages, which are globally installed by users, is now included in the PATH environment variable.
[7.1.5] - 2018-05-15¶
Added¶
- We now provide fetchmail for your mail fetching pleasure.
- We now provide goaccess.
[7.1.3] - 2018-04-13¶
Fixed¶
- We fixed a security issue allowing users to read the list of all mail domains setup on their host.
- Bash completion scripts in /etc/bash_completion.d/ are now sourced for login shells. This includes wp and composer commands.
[7.1.2] - 2018-04-09¶
Added¶
- We now install composer to help you manage your PHP dependencies
- We now install WP-CLI to manage Wordpress installations.
- We now provide libpng-dev
[7.1.1] - 2018-03-19¶
Added¶
- To support users with file transfer related things, we now install lftp and ncftp by default.
Changed¶
- dmesg output is now hidden for normal users, as it was on U6.
[7.1] - 2018-03-09¶
Added¶
- SPAM filtering for incoming mails: All incoming email is now spamchecked via rspamd. Mails with a spam score higher than 15 are rejected.
- You can opt out of our new rspamd spamfilter with the uberspace mail spamfilter (enable|disable) command.
Fixed¶
- Webmail now works with mail addresses like charlie@user.uber.space
- The webmail client now supports uploading attachments
- We now support IMAP / POP3 / SMTP login with <user>@uber.space
- Parsing of requested versions is now more rigid, resulting in fewer crashes for invalid versions.
[7.0.34] - 2018-03-05¶
Fixed¶
- Because of a configuration error php-fpm logs were recorded to a non-user-accessible default location, even when the user did not turn them on. This has been resolved and all logs have been deleted.
Added¶
- Sometimes you want to assert ownership. We now provide the “whois”-tool, so you can do that.
[7.0.33] - 2018-02-21¶
Added¶
- Say hi to our new central webmail interface https://webmail.uberspace.de
Changed¶
- PHP, nodejs and other languages can now be used in cronjobs, regardless of the exact PATH set there.
[7.0.32] - 2018-02-16¶
Added¶
- We now provide ImageMagick development headers as well as perl bindings.
- We now provide libuuid development headers.
- We now provide the irssi IRC client.
Fixed¶
- Maildrop can now be used in .qmail files without specifying the full path. This should have been fixed in 7.0.24, but we misread the systemd documentation, so here we go again.
- The message shown on websites hosted on deactivated accounts is now correctly displayed in browsers.
Changed¶
- ~/php.d is now loaded last, so it can override values set in the global php.ini. To load extensions like ioncube, which insist on being loaded first, use the newly introduced php.early.d.
[7.0.30] - 2018-02-09¶
Changed¶
- If a domain is accepted by nginx, we now always provide a let’s encrypt certificate for it trough auto-ssl. We hope this will prevent the case, where sometimes a correctly added domain won’t get a certificate.
- As promised in 7.0.24 the nginx config generation now happens way faster, resulting in quicker reboots und easier debugging.
[7.0.29] - 2018-02-02¶
[7.0.28] - 2018-01-31¶
Added¶
- Not all apps need MySQL, so we also provide sqlite development headers for your smaller database needs.
- we new provide getmail, mutt and gnutls-devel so you can get your mail, check your mail and compile crypto applications,
Changed¶
Uberspace mail domain addnow emphasizes on the fact that you need to use the MX value provided by us.
[7.0.27] - 2018-01-25¶
[7.0.26] - 2018-01-24¶
Added¶
- We now provide phpMyAdmin and adminer.
Changed¶
- The who/last/lastlog commands (and thus display of other user sessions) are now disabled.
Fixed¶
- We now support the following special characters in mailbox names: dots (.), plus signs (+), hyphens (-) and underscores (_).
[7.0.25] - 2018-01-22¶
Added¶
- We now provide ImageMagick commands like “convert” on the command line.
- We now provide Ruby in user selectable versions: 2.3, 2.4 and 2.5.
[7.0.24] - 2018-01-16¶
Added¶
- All servers now come with pandoc (to convert document formats), tree (to view your directory structures in a pretty way), and imapsync (to transfer emails between IMAP accounts) installed.
- We now provide development headers for the ncurses GUI library.
- We now provide the “gmp” module for php.
- For your network debugging needs, we now offer traceroute and mtr.
Changed¶
- The $PATH of qmail is now extended by standard directories like /bin, so maildrop can be called without specifying its full path.
- We now automatically restart php-fpm of your web services on updates or when new php modules are added.
- Apache now uses the “event” multi processing module instead of the old “prefork”. This allows us to handle more requests in parallel.
- The number of HTTP slots, which can be used by a single uberspace is now limited, so a single uberspace cannot overload our webservers.
Fixed¶
- After numerous attempts to install “git submodules” and various other git sub-commands, we now got it. finally. maybe.
- On reboot, supervisord user services might be started before MySQL, causing some of them to fail. They are now only started, once MySQL is fully booted.
- Generating the nginx config takes too long in some cases, causing a timeout and nginx to be permanently down. We increased the timeout. The faulty script will be optimized at a later date.
[7.0.23] - 2018-01-03¶
Fixed¶
- Under rare conditions some users did not get a let’s encrypt certificate for a small percentage of their requests. This has been corrected.
[7.0.22] - 2017-12-20¶
Added¶
- In preparation for a public status dashboard, our servers now have additional black box monitoring.
- Popular default ports like 9001 are now blocked.
Changed¶
- The maximum number of processes/threads is now 400 instead of 300, which allows weechat to be compiled using linuxbrew.
Fixed¶
- Usernames did have a minimal length of two. This is wrong. We changed it to one, so it matches Uberspace 6.
- Because of an oversight, VMailMgr was never correctly set up for existing users users. This has been corrected.
- The vMailMgr wrappers now support Unicode and the char–limits for password have been removed. A warning is displayed though, if non–ASCII chars are used.
[7.0.21] - 2017-12-19¶
Added¶
- We now provide mercurial.
- You can use additional mailboxes.
- In addition to
$USER@uber.space, you can now also receive mails for$MAILBOX@$USER.uber.space. - We now provide .NET.
- When you log into an Uberspace 7 server, you are now presented with the current version as well as a couple of useful links.
Fixed¶
- We now support HTTPS connections form android phones running a version between 7.0 and 7.1.1.
[7.0.20] - 2017-12-08¶
Added¶
- We now support maildrop, which enables you to apply advanced filtering to incoming mails.
- Common errors like configuring the permissions on your home directory to be too open are now detected and corrected silently. A notification mechanism will be added later.
Changed¶
- Domains without explicit NS-Records were not able to receive emails. We now ask for SOA instead.
Fixed¶
- An erroneous systemd configuration caused the mail service to quit when it was reloaded during manual intervention. The configuration has been updated to state that the service does not support reloads.
[7.0.19] - 2017-11-30¶
Added¶
- We now provide the ImageMagick and GraphicsMagick library
- We now provide the imagick pecl module in all PHP versions
- We now provide PHP 7.2
- Due to high demand pseudo DocumentRoots are back again
~/bindirectory
[7.0.16] - 2017-11-17¶
Added¶
- We now provide PHP 7.2 Release Candidates.
Fixed¶
- New Let’s Encrypt license lead to a few cases, where the automatic certificate retrieval did not work. We now accept the latest license.
[7.0.14] - 2017-10-10¶
Added¶
- We now provide
zsh. - Our brand new
uberspacecommand.
Changed¶
- We replaced
user.server.uberspace.dewithuser.uber.spacein the webserver config. - We migrated all
uberspace-*-*tools to the newuberspacecommand. - The
max_allowed_packetsetting for MySQL is16777216now to allow importing large database dumps.
Fixed¶
uberspace web domain listnow includesuser.uber.space.- We did not apply the MySQL config file properly, therefore
innodb_file_formatwas not set. It isBarracudanow.
[7.0.13] - 2017-10-05¶
Changed¶
- Webserver: Several users ran into
429errors. We removed the connection limits for now and will look into that later.
Fixed¶
- Apache and PHP:
ProxyPassMatchdirectives are evaluated first, this brings several problems: for instance.htaccessfiles can’t be evaluated anymore before the PHP scripts are run. UsingFilesMatchandSetHandlersolves the issue.
[7.0.12] - 2017-10-03¶
Added¶
- 🎉 Public Beta! 🎉
- The Dashboard can now talk to the Uberspace 7 servers, create users, delete users and change passwords.
- We now provide
lynx,w3mandbind-utils. - New PHP extensions:
soapandposix,shmop,sysvmsg,sysvsemandsysvshm.
Changed¶
- We increased the maximum concurrent webserver connections from each IP address to 15 with a burst of 150 for a short period to be within the HTTP/2 specification.
- The webmail interface used to be reachable via
webmail.servername.uberspace.deand we got the certificates from Let’s Encrypt. Unfortunatelly we ran into the rate limiting and can’t get any certificates foruberspace.deanymore. For now we had to disable the webmail interface and we will look into the issus to find a workaround. On the bright side we had to refactor the certificate deployment process and so far it’s rock solid 💪😎. - We did some work on the manual: 💄
Fixed¶
- Composer sees that
/bin/phpis a symlink and directly calls the symlink target instead of/bin/php. The result was that our wrapper doesn’t know it’s supposed to execute php. Using a hardlink instead of a symlink fixed it. something.uber.spacecan’t be added viauberspace-add-domainanymore.- HTTP basic auth headers are now passed to PHP.
- Adding a domain to the email configuration didn’t trigger a qmail reload.
[7.0.11] - 2017-09-21¶
Added¶
$user.uber.space-domains in addition to$user.server.uberspace.de-domains.
[7.0.10] - 2017-08-17¶
Added¶
- We now have a webmail interface.
- Users are now able to provide their own
php.inifiles that are loaded in addition to the stock config. - Incoming mails are filtered with the
ix.dnsbl.manitu.netandbl.spamcop.netblacklists to reduce SPAM.
[7.0.9] - 2017-08-02¶
Added¶
access_loganderror_logcan be enabled and disabled now.
Changed¶
- We are using the newest MySQL file format Barracuda.
- We are now using
utf8mb4by default in MariaDB. access_loganderror_logare disabled by default.- We adapted php.ini settings for common CMSes: drupal, Typo3, Magento, owncloud
Fixed¶
- Websocket proxy connections can divert random requests. It is not known what exactly causes apache to do this, but we strongly suspect a bug. For now the fix is deactivating
mod_proxy_wstunnelfor the connections to Apache. - A graceful restart in Apache causes it to not accept any new requests until all old requests have been finished. This causes the server to be unresponsive for an undefined amount of time in some cases. We now set
GracefulShutDownTimeout 5in the Apache config.
[7.0.8.1] - 2017-07-13¶
Added¶
- The changelog is now linked in the sidebar navigation.
- We provide
gitversion 2 from IUS repo. - We now set
session.use_strict_mode = 1in globalphp.inito combat session fixation attacks.
Fixed¶
- nginx and php log errors to different files now.
- php session files are getting cleaned up now.
- We changed our
ssl_ciphersto make it possible forjava8to connect via HTTPS. - Apache does not parse IP addresses in
x-forwarded-forheaders correctly, this is a bug in mod_rpaf. To work around that we disabledkeepalivebetween Apache<=>nginx (not nginx<=>users) for now. - Many connections to a single virtualhost can shut down the whole webserver. We now rate-limit the maximum connections for each user.
[7.0.8] - 2017-06-26¶
Added¶
- In the past the maximum upload size for PHP was chaos. We now guarantee 500 megabytes everywhere.
- We now ship Python 3. You can choose from interpreter versions 3.4, 3.5, as well as 3.6.
- We now provide midnight commander.
- Following security best practices, we now set a number of HTTP headers.
Fixed¶
- The version system did not respect the selected version, when executed with
niceor within a cronjob. To fix this, we no longer modify the$PATH, but instead use wrapper scripts. - To comply with German privacy regulations all IP addresses within user-accessible webserver logs are now shortened.
- As to not unnecessarily leak software versions, we now remove the
X-Powered-Byheader from all HTTP responses. - To prevent unexpected behaviour, mice are now banned from using nano. 🐭🚫
Backstage¶
- We’ve upgraded all
uberspace-scripts to [paternoster v2](github.com/uberspace/paternoster). - Since
te512042.019e71729061e1f03aef698f89da225d00559bbd-1310.testing.ubrspc.deis not a very handy hostname, we now use shorter ones like565743.vagrant.ubrspc.dewithin our testing setup. - Nginx rightly complained about a duplicated MIME type in our config. We learned that
text/htmlis implied, so we no longer add it to the list of gzip-able files explictly. - A bug within vagrant-google caused our workflows to be a bit cumbersome. So we fixed it.
- An oversight caused us to issue certificates with non-unique serial numbers during testing. While those certificates never reached production, they’re more random now.
[7.0.6.2] - 2017-05-03¶
Added¶
- we say goodbye to
daemontoolsand hello tosupervisord! For the impatient: * setup daemons in~/etc/services.d/, create a*.inifile for each daemon * control deamons with supervisorctl status. * see logs in~/logs/* check the global config if you’re curious:/etc/supervisord.conf* check the official documentation
[7.0.6] - 2017-04-25¶
Added¶
- redirect HTTP requests to HTTPS
- adapt
$PATHto prioritize home bin:PATH=$HOME/.local/bin:$HOME/bin:$PATH - implement option to change shell via
chshwithout password - provide PHP module:
bcmath
Fixed¶
- some of the
uberspace-*scripts were horribly slow. This is due to the fact that the scripts are written in Ansible and the loading of modules and fact gathering takes time. With the recent changes in we’re down to <5s for each script. - fix for webserver sometimes delivering the wrong certificate
[7.0.5] - 2017-04-03¶
Added¶
- provide
libunwind,libicu,screen,ncdu - provide PHP modules:
pecl-zip,pecl-apcu,mcrypt,mbstring,intl,xml,json,tidy,gd,mysqlnd,pgsql,imap