turnkey-lapp-18.1 (1) turnkey; urgency=low * v18.1 rebuild - includes latest Debian & TurnKey packages. * Ensure hashfile includes URL to public key - closes #1864. * Configuration console (confconsole) - v2.1.6: - Bugfix broken DNS-01 Let's Encrypt challenge - closes #1876 & #1895. Fixed in v2.1.5 - already included in some appliances. - Let's Encrypt/Dehydrated - bugfix cron failure - closes #1962. - General dehydrated-wrapper code cleanup - now passes shellcheck. * Web management console (webmin): - Include webmin-logviewer module by default - closes #1866. - Upgraded webmin to v2.105. - Replace webmin-shell with webmin-xterm module by default - closes #1904. * Reduce log noise by creating ntpsec log dir - closes #1952. * Apache mod_evasive config improvements: - Bump DOSPageCount from (default) 2 -> 5 - closes #1951. - DOSLogDir - use default log dir & fix permissions - closes #1950. - Add DOSWhitelist example - commented out. * Include new 'tkl-update-php' script - to make updating/changing PHP version easier for end users. [Marcos Méndez @ POPSOLUTIONS ] -- Jeremy Davis Fri, 05 Jul 2024 00:58:04 +0000 turnkey-lapp-18.0 (1) turnkey; urgency=low * Include and enable mod_evasive and mod_security2 by default in Apache. [ Stefan Davis ] * Debian default PHP updated to v8.2. * Use PostgreSQL v15 (from debian repos). [ Stefan Davis ] * Upstream/Debian Adminer update - closes #1758. [ Stefan Davis ] * Install composer from Debian repos (previously installed from source) [ Stefan Davis ] * Upgraded base distribution to Debian 12.x/Bookworm. * Configuration console (confconsole): - Support for DNS-01 Let's Encrypt challenges. [ Oleh Dmytrychenko github: @NitrogenUA ] - Support for getting Let's Encrypt cert via IPv6 - closes #1785. - Refactor network interface code to ensure that it works as expected and supports more possible network config (e.g. hotplug interfaces & wifi). - Show error message rather than stacktrace when window resized to incompatable resolution - closes #1609. [ Stefan Davis ] - Bugfix exception when quitting configuration of mail relay. [ Oleh Dmytrychenko github: @NitrogenUA ] - Improve code quality: implement typing, fstrings and make (mostly) PEP8 compliant. [Stefan Davis & Jeremy Davis * Firstboot Initialization (inithooks): - Refactor start up (now hooks into getty process, rather than having it's own service). [ Stefan Davis ] - Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname is included in dhcp info when set via inithooks. - Package turnkey-make-ssl-cert script (from common overlay - now packaged as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl. - Refactor run script - use bashisms and general tidying. - Show blacklisted password characters more nicely. - Misc packaging changes/improvements. - Support returning output from MySQL - i.e. support 'SELECT'. (Only applies to apps that include MySQL/MariaDB). * Web management console (webmin): - Upgraded webmin to v2.0.21. - Removed stunnel reverse proxy (Webmin hosted directly now). - Ensure that Webmin uses HTTPS with default cert (/etc/ssl/private/cert.pem). - Disabled Webmin Let's Encrypt (for now). * Web shell (shellinabox): - Completely removed in v18.0 (Webmin now has a proper interactive shell). * Backup (tklbam): - Ported dependencies to Debian Bookworm; otherwise unchanged. * Security hardening & improvements: - Generate and use new TurnKey Bookworm keys. - Automate (and require) default pinning for packages from Debian backports. Also support non-free backports. * IPv6 support: - Adminer (only on LAMP based apps) listen on IPv6. - Nginx/NodeJS (NodeJS based apps only) listen on IPv6. * Misc bugfixes & feature implementations: - Remove rsyslog package (systemd journal now all that's needed). - Include zstd compression support. - Enable new non-free-firmware apt repo by default. - Improve turnkey-artisan so that it works reliably in cron jobs (only Laravel based LAMP apps). -- Jeremy Davis Thu, 21 Sep 2023 00:20:10 +0000 turnkey-lapp-17.1 (1) turnkey; urgency=low * Updated all Debian packages to latest. [ autopatched by buildtasks ] * Patched bugfix release. Closes #1734. [ autopatched by buildtasks ] -- Jeremy Davis Wed, 14 Sep 2022 06:49:11 +0000 turnkey-lapp-17.0 (1) turnkey; urgency=low * Updated PostgreSQL packages for Python to the latest version. * Note: Please refer to turnkey-core's 17.0 changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Mira Heichenko Fri, 13 May 2022 06:43:50 +0000 turnkey-lapp-16.1 (1) turnkey; urgency=low * Include 'turnkey-composer' wrapper script - runs composer as www-data user. Makes it easy to not run composer as root - part of #1539. * Explicitly install composer (rather than automatically include in all LAMP based appliances) - part of #1563. * Note: Please refer to turnkey-core's 16.1 changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Wed, 10 Feb 2021 15:29:58 +1100 turnkey-lapp-16.0 (1) turnkey; urgency=low * Explicitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1). (v15.x TurnKey releases supported TLS 1.2, but could fallback as low as TLSv1). * Update SSL/TLS ciphers to provide "Intermediate" browser/client support (suitable for "General-purpose servers with a variety of clients, recommended for almost all systems"). As provided by Mozilla via https://ssl-config.mozilla.org/. * Updated all relevant Debian packages to Buster/10 versions; including PHP 7.3. * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Thu, 23 Apr 2020 06:18:20 +0000 turnkey-lapp-15.0 (1) turnkey; urgency=low * Install Adminer directly from stretch/main repo * Includes PHP7.0 (installed from Debian repos) * Updated PHP default settings * Remove phpsh (no longer maintained) * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Vlad Kuzmenko Tue, 19 Jun 2018 01:32:42 +0200 turnkey-lapp-14.2 (1) turnkey; urgency=low * Updated Adminer to 4.2.5 * Installed security updates. * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Wed, 19 Apr 2017 12:20:04 +1000 turnkey-lapp-14.1 (1) turnkey; urgency=low * Installed security updates. * Installed updated packages from TurnKey repo - includes relevant Webmin packages (v1.780) * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Tue, 01 Mar 2016 16:28:45 +1100 turnkey-lapp-14.0 (1) turnkey; urgency=low * Latest Debian Jessie package versions of all components. * Replaced phpPgAdmin with Adminer. * Hardened default SSL settings * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Thu, 06 Aug 2015 14:07:12 +1000 turnkey-lapp-13.0 (1) turnkey; urgency=low * Latest Debian Wheezy package versions of all components. * PostgreSQL: Removed connections over local unix sockets trust (security). * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Thu, 10 Oct 2013 18:11:50 +0300 turnkey-lapp-12.1 (1) turnkey; urgency=low * Added phpsh (interactive shell for PHP) and php5-cli (generically useful). * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Fri, 05 Apr 2013 08:00:00 +0200 turnkey-lapp-12.0 (1) turnkey; urgency=low * PostgreSQL: - Reduced default shared_buffers to 24MB, as default Debian kernel SHMMAX is too low for the default 32MB. Increase per deployment: - /proc/sys/kernel/shmmax - /etc/postgres/8.4/main/postgresql.conf (shared_buffers) * Major component versions apache2 2.2.16-6+squeeze7 postgresql 8.4.12-0squeeze1 phppgadmin 4.2.3-1.1squeeze2 libapache2-mod-php5 5.3.3-7+squeeze13 php5-pgsql 5.3.3-7+squeeze13 libapache2-mod-python 3.3.1-9 python-pygresql 1:4.0-2+b1 libapache2-mod-perl2 2.0.4-7 libdbd-pg-perl 2.17.1-2+squeeze1 * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Wed, 01 Aug 2012 08:00:00 +0200 turnkey-lapp-11.3 (1) turnkey; urgency=low * Installed security updates. * Enabled etckeeper garbage collection by default. * Upgraded to latest inithooks version (adhoc re-initialization via turnkey-init) -- Alon Swartz Mon, 05 Dec 2011 10:48:44 +0000 turnkey-lapp-11.2 (1) turnkey; urgency=low * Installed security updates. * Added HubDNS package and firstboot configuration. -- Alon Swartz Fri, 15 Jul 2011 07:47:08 +0000 turnkey-lapp-11.1 (1) turnkey; urgency=low * Set PostgreSQL password is on firstboot (convenience, security). * Force PostgreSQL to use Unicode/UTF8. * Added php-xcache PHP opcode cacher / optimizer (performance). * Support CGI out of the box. * Set postfix MTA myhostname to localhost (bugfix). * Minor tweaks to TKL web control panel. * Major component versions: phppgadmin 4.2.2-1ubuntu1 postgresql 8.4.5-0ubuntu10.04 apache2 2.2.14-5ubuntu8.4 * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Sun, 19 Dec 2010 15:01:05 +0200 turnkey-lapp-2009.10 (2) hardy; urgency=low * Installed all security updates (see manifest for package versions). * Install security updates on firstboot (except when running live). * Bugfix: Updated apt preferences for auto-security updates (LP#550307). * Trick webmin into not checking for upgrades (managed by apt). * Included latest version of inithooks and updated scripts. * Included wget as per common request. -- Alon Swartz Mon, 29 Mar 2010 09:02:11 +0200 turnkey-lapp-2009.10 (1) hardy; urgency=low * Added Turnkey web control panel (replaces welcome page). Also fixes displaying correct host when behind proxy (SERVER_ADDR -> HTTP_HOST). * Added postfix MTA (bound to localhost) to allow sending of email from web applications (e.g., password recovery). Also added webmin-postfix module for convenience. * di-live (installer) PostgreSQL component: - Added support for complex passwords (LP#416515). - Added CLI options (user/pass/query/chroot). * Added postgresql-contrib (additional facilities for pgsql - convenience). * Pinned phppgadmin to update directly from Debian (security). * Bugfix: Added missing webmin-apache module. * Added curl (generically useful in LAPP type appliances). * Removed "AllowOverride None" directive from default site configuration. * Regenerates all secrets during installation / firstboot (security). * Major component versions: phppgadmin 4.2.2-1 postgresql 8.3.8-0ubuntu8.04 apache2 2.2.8-1ubuntu0.11 * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Tue, 29 Sep 2009 15:39:41 +0200 turnkey-lapp-2009.02 (1) hardy; urgency=low * added SSL support * includes phppgadmin (listening on port 12322 - uses SSL) * set postgres password to "postgres" in live/demo mode * support configuring postgresql password during installation * postgres password encryption enabled by default (security) * trust "postgres" user when connecting over local unix sockets (convenience) * added Python and Perl support for apache2 and postgresql, so the P in our LAPP stack appliance now stands for Perl and Python in addition to PHP. * updated apache2 "it works" page to provide more useful info/links * added webmin PHP configuration module and increased default PHP limits (convenience) * major component versions phppgadmin 4.2.2-1 postgresql 8.3.5-0ubuntu0.8.04 apache2 2.2.8-1ubuntu0.3 php5 5.2.4-2ubuntu5.4 * note: please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Thu, 29 Jan 2009 14:31:47 +0200