CHANGELOG 8.72 KB
Newer Older
1
2
CHANGELOG
---------
3
4
2021-02-09
  all packages
5
6
7
8
9
10
    * Updated versioning for Debian Bullseye
    * Tidied up old dependencies
  sympl-web
    * Replaced Webalizer with AWFFull
    * Removed deprecated php-mcrypt
    
Paul Cammish's avatar
Paul Cammish committed
11
12
13
14
2020-09-23
  sympl-core
    * Properly filter public/cgi-bin

Paul Cammish's avatar
Paul Cammish committed
15
16
17
18
19
20
2020-09-15
  sympl-phpmyadmin
    * Package now available in Buster, using phpMyAdmin from Debian Backports
  sympl-core
    * Enabled Debian Backports repo for Buster to allow installation of phpMyAdmin

21
22
23
2020-09-09
  sympl-web
    * Adds support for optional Apache configs in config/apache.d/*.conf (#300)
Paul Cammish's avatar
Paul Cammish committed
24
    * Added php-zip package to recommends (#294)
25
26
27
  sympl-core
    * sympl-filesystem-security: don't overwite permission in public/cgi-bin (#299)
    * sympl-filesystem-security: correctly read the group id (#298)
Paul Cammish's avatar
Paul Cammish committed
28
    * sympl-cli: fix permissions on newly created domains (#295)
Paul Cammish's avatar
Paul Cammish committed
29

30
31
32
33
34
35
2020-07-06
  sympl-web
   * Fixes incorrect filename for log files (#296)
  sympl-backup
   * Adds missing -extract function to DRIVER_TAR_GZ (#297)

36
2020-05-12
Doug Targett's avatar
Doug Targett committed
37
38
39
  sympl-core
    * Added functionality to the sympl cli for managing FTP users

Paul Cammish's avatar
Paul Cammish committed
40
41
42
43
2020-05-10
  sympl-core
    * Remove debug output from sympl-filesystem-security

Paul Cammish's avatar
Paul Cammish committed
44
45
46
47
2020-04-27
  sympl-core
    * Further fixes to prevent sympl-filesystem-security from changing permissions where it shouldn't. (#280) 

Paul Cammish's avatar
Paul Cammish committed
48
49
50
51
52
2020-04-22
  sympl-web
    * Switch to individual packages for sympl-web (#292)
    * Only enable OCSP Stapling for certs that support it (#293)

53
54
55
56
2020-04-20
  sympl-core
    * Prevent sympl-filesystem-security from changing permissions of /etc/firewall/local.d/ contents.

Paul Cammish's avatar
Paul Cammish committed
57
58
59
60
2020-04-18
  sympl-mail
    * Fixed sympl-mail-dovecot-sni issue with filesystem loops (#281)

Paul Cammish's avatar
Paul Cammish committed
61
62
63
64
65
2020-04-15
  sympl-core
    * Added --verbose switch to sympl-filesystem-security
    * Fixed issue #280 with sympl-filesystem-security

66
67
68
69
70
2020-03-26
  sympl-monit
    * Don't use sudo when writing cursor. Fixes issue #279.
    * Update sympl-monit.cursor path.

Paul Cammish's avatar
Paul Cammish committed
71
72
73
74
2020-01-27
  sympl-webmail
    * Fixed importing contacts

75
76
77
78
2019-12-31
  sympl-core
    * Fixed inconsistency with 'disable-filesystem-security' switch.

79
80
81
82
83
2019-12-27
  sympl-mail
    * Improves default PCI Compliance by disabling TLS1.0
    * Fixes dhparam issue with Dovecot

Paul Cammish's avatar
Paul Cammish committed
84
2019-12-16
85
86
  sympl-core
    * Add sympl user to relevant groups on each install.
Paul Cammish's avatar
Paul Cammish committed
87
  sympl-web
88
    * Added cron to clean up old PHP sessions.
Paul Cammish's avatar
Paul Cammish committed
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308

2019-12-05
  sympl-core
    * Updated IPv6 Only workaround for sympl-ssl.

2019-10-17
  sympl-core
    * Updated sympl-ssl to use Let's Encrypt ACME v02 API.

2019-10-04
  sympl-mail
    * Fixed permission issue with configuration.

2019-09-18
  sympl-firewall
    * Fixed missing version increment.

2019-09-17
  sympl-mail
    * Adds full chain support to Dovecot SNI, needed by some clients.

2019-09-08
  sympl-core
    * Set default threshold for LE cert renewal to suggested 30 days.
  sympl-backup
    * Added backup2l driver to prevent warnings from tar.

2019-08-16
  sympl-core
    * Adds detection of NAT64 environments for sympl-ssl wrapper.
  sympl-firewall
    * Removed incrond, re-instated old manual triggers on changes.
    * Fixed warning message from nftables.

2019-07-31
  sympl-backup
    * Force backups to be run as root.
    * Updated backup paths, exclude backups of /var/lib/docker.
  sympl-mysql
    * Updated sympl-sqldump to use sympl user correctly.

2019-07-29
  sympl-core
    * Copy root user authorized_keys to sympl user on first install.

2019-07-25
  sympl-core
    * Fixed typo in sympl CLI

2019-07-19
  sympl-cron
    * Updated sympl-crontab --test output

2019-07-18
  sympl-firewall
    * Updated sympl-firewall-whitelist to more sane defaults.
    * Only whitelist SSH access for a week once logged in.
    * Only whitelist IPv6 address at /128 rather than /64.

2019-07-09
  sympl-web
    * Updated sympl-web-rotate-logs to support new ownership
    * Reload Apache when rotating logs, rather than the loggers.

2019-07-08
  sympl-mail
    * Re-enable Dovecot SNI

2019-07-07
  sympl-mail
    * Fixed unhandled input

2019-07-06
  sympl-mail
    * Resolved potential race condition
    * Updated sympl-mail-dovecot-sni for edge cases
    * Improved sympl-mail ssl-hook

2019-07-05
  sympl-core
    * Removed beta flag from MOTD
    * Updated 'sympl' parser, added 'sympl update' function.

2019-07-04
  sympl-core
    * Workaround for sympl-ssl bug #249 under IPv6 only.
  sympl-monit
    * Updated monit tests to use TLSv1.2
  sympl-web
    * Rewrote Apache configs
    * Moved phpMyAdmin specifics to sympl-phpmyadmin
    * Deprecated Apache vhost_sympl module

2019-07-03
  sympl-web
    * Updated path for PHP config
    * Reverted default PHP lockdown
    * Reverted vhost rewrites

2019-07-02
  sympl-core
    * Removed mailbox permission rewriting
    * Disabled hostname enforcement
    * Adjusted security permissions for domains Exim config files
  sympl-mail
    * Adjusted exim config group
    * Permissions adjustment for Debian-exim user

2019-07-01
  sympl-mail
    * Fixes for Roundcube/Dovecot changes in Buster.
    * Enables SMTP AUTH on localhost without TLS.

2019-06-30
  sympl-web
    * Reworked apache templates
    * Added fallback for zz-mass-hosting

2019-06-28
  sympl-core
    * Adjusted permissions for config/dkim

2019-06-26
  sympl-mail
    * Fix for non-selfsigned certs with Dovecot SNI
    * Fixed SNI configuration in Exim and Dovecot

2019-06-25
  sympl-core
    * First update for sympl command line
    * Fixed edge case in sympl-filesystem-security

2019-06-24
  sympl-core
    * Adjusted MOTD Banner
    * Updated sympl-filesystem-security with tweaks to paths/logic
  sympl-ftp
    * Adjusted configuration to allow www-data
  sympl-mail
    * Updated Dovecot configuration for Debian Buster
    * Migrated links into existing file
  sympl-web
    * Adjusted ssl-hook so it doesn't fire before sympl-web is installed.
    * Adjusted Apache templates slightly.

2019-06-21
  All Packages
    * Created Sympl v10.0 (Debian Buster)
  sympl-core
    * Moved sympl-ssl to sbin to avoid permissions/hook issues.
  sympl-web
    * Updated dependencies/build-dependencies
    * Fixed typo in apache template

2019-06-20
  sympl-mail
    * Merged legacy Symbiosis patch for SNI on Exim
    * Updated configuration for SNI in Dovecot
  sympl-core
    * Updated recommended packages
    * Updated MOTD banner

2019-06-19
  sympl-web
    * Massively improved security for PHP
    * PHP is now restricted to public/, and has domain-specific tmp and
      sessions directories which are automatically created.
    * PHP is now disabled in a path that matches 'wp-content/uploads'
      significantly securing all WordPress sites.
    * Enables OSCP stapling by default. Disables HSTS by default.
    * zz-mass-hosting now configures all sites, not just SSL sites.
    * sympl-web-logger now only used for the zz-mass-hosting fallbacks.
    * PHP can block dangerous functions such as eval() and exec() which
      should not be needed typically. This can be enabled manually
      but effects all sites on the server.
    * new config files: config/disable-php-security and config/hsts.
  sympl-webmail
    * Updated configuration to restrict PHP directory access

2019-06-14
  sympl-mysql
    * Fixed typos

2019-06-13
  sympl-backup
    * Removed deprecated backup scripts
  sympl-mysql
    * Added sympl-sqldump

2019-06-12
  sympl-web
    * Massively improved security for web stats.
    * new config files: config/stats and config/stats-htpasswd
  sympl-webmail
    * Improved webmail auto-configuration

2019-06-11
  All Packages
    * Merged sympl-common into sympl-core

2019-06-10
  All Packages
    * Adjusted Dependencies
  sympl-mail
    * Re-implimented password strength testing
  sympl-webmail
    * Moved configuration of roundcube to sympl-common

2019-06-09
  All Packages
    * Renamed admin user to sympl.
  sympl-ftp
    * FTP user now logs in as owner of the chrooted dir
    * Added Umask so files are +rw by the relevant group
  sympl-web
    * Removed skel.d files.
  sympl-mysql
    * .my.cnf and 'mysql_password' files now created in /home/sympl
  sympl-backup
    * Updated backup paths
Paul Cammish's avatar
Paul Cammish committed
309

Paul Cammish's avatar
Paul Cammish committed
310
311
312
313
314
315
316
317
* 2019-06-06 - First Public Build
  - Renamed packages and files, replaced references to Symbiosis with Sympl.
      bytemark-symbiosis -> sympl-core
      symbiosis-httpd -> sympl-web
      symbiosis-email -> sympl-mail
      symbiosis-ftpd -> sympl-ftp
      symbiosis-meta -> sympl-core
      symbiosis-* -> sympl-*
Paul Cammish's avatar
Paul Cammish committed
318
319
  - Renamed command-line tools, with new package names, added symlinks
    from old names.
Paul Cammish's avatar
Paul Cammish committed
320
321
322
323
324
  - /etc/symbiosis is now /etc/sympl, with symlink for compatibilty.
  - Folded old metapackages into relevant packages.
  - Dropped support for old Exchange Activesync.
  - Dropped support for XMPP.
  - A lot of tidying up.
Paul Cammish's avatar
Paul Cammish committed
325

Paul Cammish's avatar
Paul Cammish committed
326
* 2019-05-28 - Implemented autotest suite, updated docs.
Paul Cammish's avatar
Paul Cammish committed
327

Paul Cammish's avatar
Paul Cammish committed
328
* 2019-04-16 - Fixed Gitlab CI
Paul Cammish's avatar
Paul Cammish committed
329

Paul Cammish's avatar
Paul Cammish committed
330
* 2019-04-13 - Initial fork from GitHub