turnkey-lapp-18.0 (1) turnkey; urgency=low
* Include and enable mod_evasive and mod_security2 by default in Apache.
[ Stefan Davis <Stefan@turnkeylinux.org> ]
* Debian default PHP updated to v8.2.
* Use PostgreSQL v15 (from debian repos).
[ Stefan Davis <stefan@turnkeylinux.org> ]
* Upstream/Debian Adminer update - closes #1758.
[ Stefan Davis <stefan@turnkeylinux.org> ]
* Install composer from Debian repos (previously installed from source)
[ Stefan Davis <Stefan@turnkeylinux.org> ]
* Upgraded base distribution to Debian 12.x/Bookworm.
* Configuration console (confconsole):
- Support for DNS-01 Let's Encrypt challenges.
[ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
- Support for getting Let's Encrypt cert via IPv6 - closes #1785.
- Refactor network interface code to ensure that it works as expected and
supports more possible network config (e.g. hotplug interfaces & wifi).
- Show error message rather than stacktrace when window resized to
incompatable resolution - closes #1609.
[ Stefan Davis <stefan@turnkeylinux.org> ]
- Bugfix exception when quitting configuration of mail relay.
[ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
- Improve code quality: implement typing, fstrings and make (mostly) PEP8
compliant.
[Stefan Davis <stefan@turnkeylinux.org> & Jeremy Davis
* Firstboot Initialization (inithooks):
- Refactor start up (now hooks into getty process, rather than having it's
own service).
[ Stefan Davis <stefan@turnkeylinux.org> ]
- Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname
is included in dhcp info when set via inithooks.
- Package turnkey-make-ssl-cert script (from common overlay - now packaged
as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
- Refactor run script - use bashisms and general tidying.
- Show blacklisted password characters more nicely.
- Misc packaging changes/improvements.
- Support returning output from MySQL - i.e. support 'SELECT'. (Only
applies to apps that include MySQL/MariaDB).
* Web management console (webmin):
- Upgraded webmin to v2.0.21.
- Removed stunnel reverse proxy (Webmin hosted directly now).
- Ensure that Webmin uses HTTPS with default cert
(/etc/ssl/private/cert.pem).
- Disabled Webmin Let's Encrypt (for now).
* Web shell (shellinabox):
- Completely removed in v18.0 (Webmin now has a proper interactive shell).
* Backup (tklbam):
- Ported dependencies to Debian Bookworm; otherwise unchanged.
* Security hardening & improvements:
- Generate and use new TurnKey Bookworm keys.
- Automate (and require) default pinning for packages from Debian
backports. Also support non-free backports.
* IPv6 support:
- Adminer (only on LAMP based apps) listen on IPv6.
- Nginx/NodeJS (NodeJS based apps only) listen on IPv6.
* Misc bugfixes & feature implementations:
- Remove rsyslog package (systemd journal now all that's needed).
- Include zstd compression support.
- Enable new non-free-firmware apt repo by default.
- Improve turnkey-artisan so that it works reliably in cron jobs (only
Laravel based LAMP apps).
-- Jeremy Davis <jeremy@turnkeylinux.org> Thu, 21 Sep 2023 00:20:10 +0000
turnkey-lapp-17.1 (1) turnkey; urgency=low
* Updated all Debian packages to latest.
[ autopatched by buildtasks ]
* Patched bugfix release. Closes #1734.
[ autopatched by buildtasks ]
-- Jeremy Davis <jeremy@turnkeylinux.org> Wed, 14 Sep 2022 06:49:11 +0000
turnkey-lapp-17.0 (1) turnkey; urgency=low
* Updated PostgreSQL packages for Python to the latest version.
* Note: Please refer to turnkey-core's 17.0 changelog for changes common to
all appliances. Here we only describe changes specific to this appliance.
-- Mira Heichenko <mira@turnkeylinux.org> Fri, 13 May 2022 06:43:50 +0000
turnkey-lapp-16.1 (1) turnkey; urgency=low
* Include 'turnkey-composer' wrapper script - runs composer as www-data
user. Makes it easy to not run composer as root - part of #1539.
* Explicitly install composer (rather than automatically include in all LAMP
based appliances) - part of #1563.
* Note: Please refer to turnkey-core's 16.1 changelog for changes common to
all appliances. Here we only describe changes specific to this appliance.
-- Jeremy Davis <jeremy@turnkeylinux.org> Wed, 10 Feb 2021 15:29:58 +1100
turnkey-lapp-16.0 (1) turnkey; urgency=low
* Explicitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1). (v15.x
TurnKey releases supported TLS 1.2, but could fallback as low as TLSv1).
* Update SSL/TLS ciphers to provide "Intermediate" browser/client support
(suitable for "General-purpose servers with a variety of clients,
recommended for almost all systems"). As provided by Mozilla via
https://ssl-config.mozilla.org/.
* Updated all relevant Debian packages to Buster/10 versions; including
PHP 7.3.
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Jeremy Davis <jeremy@turnkeylinux.org> Thu, 23 Apr 2020 06:18:20 +0000
turnkey-lapp-15.0 (1) turnkey; urgency=low
* Install Adminer directly from stretch/main repo
* Includes PHP7.0 (installed from Debian repos)
* Updated PHP default settings
* Remove phpsh (no longer maintained)
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Vlad Kuzmenko <vlad@turnkeylinux.org> Tue, 19 Jun 2018 01:32:42 +0200
turnkey-lapp-14.2 (1) turnkey; urgency=low
* Updated Adminer to 4.2.5
* Installed security updates.
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Jeremy Davis <jeremy@turnkeylinux.org> Wed, 19 Apr 2017 12:20:04 +1000
turnkey-lapp-14.1 (1) turnkey; urgency=low
* Installed security updates.
* Installed updated packages from TurnKey repo
- includes relevant Webmin packages (v1.780)
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Jeremy Davis <jeremy@turnkeylinux.org> Tue, 01 Mar 2016 16:28:45 +1100
turnkey-lapp-14.0 (1) turnkey; urgency=low
* Latest Debian Jessie package versions of all components.
* Replaced phpPgAdmin with Adminer.
* Hardened default SSL settings
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Jeremy Davis <jeremy@turnkeylinux.org> Thu, 06 Aug 2015 14:07:12 +1000
turnkey-lapp-13.0 (1) turnkey; urgency=low
* Latest Debian Wheezy package versions of all components.
* PostgreSQL: Removed connections over local unix sockets trust (security).
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Alon Swartz <alon@turnkeylinux.org> Thu, 10 Oct 2013 18:11:50 +0300
turnkey-lapp-12.1 (1) turnkey; urgency=low
* Added phpsh (interactive shell for PHP) and php5-cli (generically useful).
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Alon Swartz <alon@turnkeylinux.org> Fri, 05 Apr 2013 08:00:00 +0200
turnkey-lapp-12.0 (1) turnkey; urgency=low
* PostgreSQL:
- Reduced default shared_buffers to 24MB, as default Debian kernel SHMMAX
is too low for the default 32MB. Increase per deployment:
- /proc/sys/kernel/shmmax
- /etc/postgres/8.4/main/postgresql.conf (shared_buffers)
* Major component versions
apache2 2.2.16-6+squeeze7
postgresql 8.4.12-0squeeze1
phppgadmin 4.2.3-1.1squeeze2
libapache2-mod-php5 5.3.3-7+squeeze13
php5-pgsql 5.3.3-7+squeeze13
libapache2-mod-python 3.3.1-9
python-pygresql 1:4.0-2+b1
libapache2-mod-perl2 2.0.4-7
libdbd-pg-perl 2.17.1-2+squeeze1
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Alon Swartz <alon@turnkeylinux.org> Wed, 01 Aug 2012 08:00:00 +0200
turnkey-lapp-11.3 (1) turnkey; urgency=low
* Installed security updates.
* Enabled etckeeper garbage collection by default.
* Upgraded to latest inithooks version (adhoc re-initialization via turnkey-init)
-- Alon Swartz <alon@turnkeylinux.org> Mon, 05 Dec 2011 10:48:44 +0000
turnkey-lapp-11.2 (1) turnkey; urgency=low
* Installed security updates.
* Added HubDNS package and firstboot configuration.
-- Alon Swartz <alon@turnkeylinux.org> Fri, 15 Jul 2011 07:47:08 +0000
turnkey-lapp-11.1 (1) turnkey; urgency=low
* Set PostgreSQL password is on firstboot (convenience, security).
* Force PostgreSQL to use Unicode/UTF8.
* Added php-xcache PHP opcode cacher / optimizer (performance).
* Support CGI out of the box.
* Set postfix MTA myhostname to localhost (bugfix).
* Minor tweaks to TKL web control panel.
* Major component versions:
phppgadmin 4.2.2-1ubuntu1
postgresql 8.4.5-0ubuntu10.04
apache2 2.2.14-5ubuntu8.4
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Alon Swartz <alon@turnkeylinux.org> Sun, 19 Dec 2010 15:01:05 +0200
turnkey-lapp-2009.10 (2) hardy; urgency=low
* Installed all security updates (see manifest for package versions).
* Install security updates on firstboot (except when running live).
* Bugfix: Updated apt preferences for auto-security updates (LP#550307).
* Trick webmin into not checking for upgrades (managed by apt).
* Included latest version of inithooks and updated scripts.
* Included wget as per common request.
-- Alon Swartz <alon@turnkeylinux.org> Mon, 29 Mar 2010 09:02:11 +0200
turnkey-lapp-2009.10 (1) hardy; urgency=low
* Added Turnkey web control panel (replaces welcome page). Also fixes
displaying correct host when behind proxy (SERVER_ADDR -> HTTP_HOST).
* Added postfix MTA (bound to localhost) to allow sending of email from
web applications (e.g., password recovery). Also added webmin-postfix
module for convenience.
* di-live (installer) PostgreSQL component:
- Added support for complex passwords (LP#416515).
- Added CLI options (user/pass/query/chroot).
* Added postgresql-contrib (additional facilities for pgsql - convenience).
* Pinned phppgadmin to update directly from Debian (security).
* Bugfix: Added missing webmin-apache module.
* Added curl (generically useful in LAPP type appliances).
* Removed "AllowOverride None" directive from default site configuration.
* Regenerates all secrets during installation / firstboot (security).
* Major component versions:
phppgadmin 4.2.2-1
postgresql 8.3.8-0ubuntu8.04
apache2 2.2.8-1ubuntu0.11
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Alon Swartz <alon@turnkeylinux.org> Tue, 29 Sep 2009 15:39:41 +0200
turnkey-lapp-2009.02 (1) hardy; urgency=low
* added SSL support
* includes phppgadmin (listening on port 12322 - uses SSL)
* set postgres password to "postgres" in live/demo mode
* support configuring postgresql password during installation
* postgres password encryption enabled by default (security)
* trust "postgres" user when connecting over local unix sockets (convenience)
* added Python and Perl support for apache2 and postgresql, so the P in our
LAPP stack appliance now stands for Perl and Python in addition to PHP.
* updated apache2 "it works" page to provide more useful info/links
* added webmin PHP configuration module and increased default PHP limits
(convenience)
* major component versions
phppgadmin 4.2.2-1
postgresql 8.3.5-0ubuntu0.8.04
apache2 2.2.8-1ubuntu0.3
php5 5.2.4-2ubuntu5.4
* note: please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Alon Swartz <alon@turnkeylinux.org> Thu, 29 Jan 2009 14:31:47 +0200