You are here
Changes:
- Ensure hashfile includes URL to public key - closes #1864.
- Include webmin-logviewer module by default - closes #1866.
- Install latest upstream version of DokuWiki 4: Release 2023-04-04a "Jack Jackrum"
- Special thanks to Daniele Lolli aka UncleDan for work on this (and many other) v18.0 app updates.
- Debian default PHP updated to v8.2.
- Upgraded base distribution to Debian 12.x/Bookworm.
- Configuration console (confconsole):
- Support for DNS-01 Let's Encrypt challenges. [ Oleh Dmytrychenko github: @NitrogenUA ]
- Support for getting Let's Encrypt cert via IPv6 - closes #1785.
- Refactor network interface code to ensure that it works as expected and supports more possible network config (e.g. hotplug interfaces & wifi).
- Show error message rather than stacktrace when window resized to incompatable resolution - closes #1609. [ Stefan Davis ]
- Bugfix exception when quitting configuration of mail relay. [ Oleh Dmytrychenko github: @NitrogenUA ]
- Improve code quality: implement typing, fstrings and make (mostly) PEP8 compliant. [Stefan Davis & Jeremy Davis
- Firstboot Initialization (inithooks):
- Refactor start up (now hooks into getty process, rather than having it's own service). [ Stefan Davis ]
- Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname is included in dhcp info when set via inithooks.
- Package turnkey-make-ssl-cert script (from common overlay - now packaged as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
- Refactor run script - use bashisms and general tidying.
- Show blacklisted password characters more nicely.
- Misc packaging changes/improvements.
- Support returning output from MySQL - i.e. support 'SELECT'. (Only applies to apps that include MySQL/MariaDB).
- Web management console (webmin):
- Upgraded webmin to v2.0.21.
- Removed stunnel reverse proxy (Webmin hosted directly now).
- Ensure that Webmin uses HTTPS with default cert (/etc/ssl/private/cert.pem).
- Disabled Webmin Let's Encrypt (for now).
- Web shell (shellinabox):
- Completely removed in v18.0 (Webmin now has a proper interactive shell).
- Backup (tklbam):
- Ported dependencies to Debian Bookworm; otherwise unchanged.
- Security hardening & improvements:
- Generate and use new TurnKey Bookworm keys.
- Automate (and require) default pinning for packages from Debian backports. Also support non-free backports.
- IPv6 support:
- Adminer (only on LAMP based apps) listen on IPv6.
- Nginx/NodeJS (NodeJS based apps only) listen on IPv6.
- Misc bugfixes & feature implementations:
- Remove rsyslog package (systemd journal now all that's needed).
- Include zstd compression support.
- Enable new non-free-firmware apt repo by default.
- Improve turnkey-artisan so that it works reliably in cron jobs (only Laravel based LAMP apps).
Links
Changes:
- Updated all Debian packages to latest. [ autopatched by buildtasks ]
- Patched bugfix release. Closes #1734. [ autopatched by buildtasks ]
Links
Changes:
- Updated to latest stable
- Updated all relevant Debian packages to Bullseye/11 versions; including PHP 7.4.
- Provide predefined dh_params (via 'turnkey-make-ssl-cert' where relevant) as per RFC7919 - part of #1653.
- Updated version of mysqltuner script.
- Enable HTTP/2 by default (where possible). Note: will not actually work until a CA signed cert is generated or installed.
- Configure OCSP stapling (will only work once a valid cert is configured).
- Enable HSTS by default (only effects HTTPS traffic - full implementation also requires HTTP redirect to HTTPS and valid cert).
- Enable Apache mod-headers by default (required for HSTS).
- Disable cipher order in default ssl.conf (no longer required with the secure cipher suites we use; mild improvement in cpu resources).
- Note: Please refer to turnkey-core's 17.0 changelog for changes common to all appliances. Here we only describe changes specific to this appliance.
Links
Pages