turnkey-drupal10-18.1 (1) turnkey; urgency=low

  * v18.1 rebuild - includes latest Debian & TurnKey packages.

  * Update Drupal10 to latest upstream version - v10.3.1.

  * Ensure hashfile includes URL to public key - closes #1864.

  * Configuration console (confconsole) - v2.1.6:
    - Bugfix broken DNS-01 Let's Encrypt challenge - closes #1876 & #1895.
      Fixed in v2.1.5 - already included in some appliances.
    - Let's Encrypt/Dehydrated - bugfix cron failure - closes #1962.
    - General dehydrated-wrapper code cleanup - now passes shellcheck.

  * Web management console (webmin):
    - Include webmin-logviewer module by default - closes #1866.
    - Upgraded webmin to v2.105.
    - Replace webmin-shell with webmin-xterm module by default - closes #1904.

  * Reduce log noise by creating ntpsec log dir - closes #1952.

  * Includes new 'tkl-upgrade-php' helper script - to allow easy update/change
    of PHP version - closes #1892.
    [Marcos Méndez @ POPSOLUTIONS <https://github.com/marcos-mendez>]

  * Apache mod_evasive config improvements:
    - Bump DOSPageCount from (default) 2 -> 5 - closes #1951.
    - DOSLogDir - use default log dir & fix permissions - closes #1950.
    - Add DOSWhitelist example - commented out.

  * DEV: Add support for setting max_execution_time & max_input_vars in
    php.ini via appliance Makefile (PHP_MAX_EXECUTION_TIME &
    PHP_MAX_INPUT_VARS)A

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Fri, 05 Jul 2024 11:30:44 +0000

turnkey-drupal10-18.0 (1) turnkey; urgency=low

  * New Drupal10 appliance, based on Drupal9. Includes Drupal 10.1.4.

  * All other changes below relate to since most recent Drupal9 release.

  * Improved turnkey-drush wrapper/helper script.

  * drupal-console no longer included (not compatible with drupal10).

  * Fix drush-mail-securityupdates cron job - closes #1748. (Bug inherrited
    from drupal9).

  * Special thanks to UncleDan (Daniele Lolli - https://github.com/UncleDan)
    for starting work on this (and many other appliances).

  * Include and enable mod_evasive and mod_security2 by default in Apache.
    [ Stefan Davis <Stefan@turnkeylinux.org> ]

  * Debian default PHP updated to v8.2.

  * Use MariaDB (MySQL replacement) v10.11.3 (from debian repos).

  * Install composer from Debian repos (previously installed from source)
    [ Stefan Davis <Stefan@turnkeylinux.org> ]

  * Upgraded base distribution to Debian 12.x/Bookworm.

  * Configuration console (confconsole):
    - Support for DNS-01 Let's Encrypt challenges.
      [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Support for getting Let's Encrypt cert via IPv6 - closes #1785.
    - Refactor network interface code to ensure that it works as expected and
      supports more possible network config (e.g. hotplug interfaces & wifi).
    - Show error message rather than stacktrace when window resized to
      incompatable resolution - closes  #1609.
      [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Bugfix exception when quitting configuration of mail relay.
      [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Improve code quality: implement typing, fstrings and make (mostly) PEP8
      compliant.
      [Stefan Davis <stefan@turnkeylinux.org> & Jeremy Davis

  * Firstboot Initialization (inithooks):
    - Refactor start up (now hooks into getty process, rather than having it's
      own service).
      [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname
      is included in dhcp info when set via inithooks.
    - Package turnkey-make-ssl-cert script (from common overlay - now packaged
      as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
    - Refactor run script - use bashisms and general tidying.
    - Show blacklisted password characters more nicely.
    - Misc packaging changes/improvements.
    - Support returning output from MySQL - i.e. support 'SELECT'. (Only
      applies to apps that include MySQL/MariaDB).

  * Web management console (webmin):
    - Upgraded webmin to v2.0.21.
    - Removed stunnel reverse proxy (Webmin hosted directly now).
    - Ensure that Webmin uses HTTPS with default cert
      (/etc/ssl/private/cert.pem).
    - Disabled Webmin Let's Encrypt (for now).

  * Web shell (shellinabox):
    - Completely removed in v18.0 (Webmin now has a proper interactive shell).

  * Backup (tklbam):
    - Ported dependencies to Debian Bookworm; otherwise unchanged.

  * Security hardening & improvements:
    - Generate and use new TurnKey Bookworm keys.
    - Automate (and require) default pinning for packages from Debian
      backports. Also support non-free backports.

  * IPv6 support:
    - Adminer (only on LAMP based apps) listen on IPv6.
    - Nginx/NodeJS (NodeJS based apps only) listen on IPv6.

  * Misc bugfixes & feature implementations:
    - Remove rsyslog package (systemd journal now all that's needed).
    - Include zstd compression support.
    - Enable new non-free-firmware apt repo by default.
    - Improve turnkey-artisan so that it works reliably in cron jobs (only
      Laravel based LAMP apps).

 -- Stefan Davis <stefan@turnkeylinux.org>  Thu, 21 Sep 2023 22:59:05 +0000