CHANGELOG 9.04 KB
Newer Older
1
2
CHANGELOG
---------
3

Paul Cammish's avatar
Paul Cammish committed
4
2021-02-15
5
6
  all packages
    * Updated version numbering format
Paul Cammish's avatar
Paul Cammish committed
7
8
9
10
11
12
13
  sympl-mysql
    * Fixed creating 'sympl' MySQL user

2021-02-12
  sympl-mail
    * Final fixes for Exim 4.94

14
15
16
17
18
19
20
21
2021-02-11
  sympl-mail
    * Further fixes for Exim 4.94

2021-02-10
  sympl-mail
    * Fixes for Exim 4.94

22
23
2021-02-09
  all packages
24
25
26
27
28
    * Updated versioning for Debian Bullseye
    * Tidied up old dependencies
  sympl-web
    * Replaced Webalizer with AWFFull
    * Removed deprecated php-mcrypt
Paul Cammish's avatar
Paul Cammish committed
29
30
  sympl-core
    * Updated MOTD version number
31
    
Paul Cammish's avatar
Paul Cammish committed
32
33
34
35
2020-09-23
  sympl-core
    * Properly filter public/cgi-bin

Paul Cammish's avatar
Paul Cammish committed
36
37
38
39
40
41
2020-09-15
  sympl-phpmyadmin
    * Package now available in Buster, using phpMyAdmin from Debian Backports
  sympl-core
    * Enabled Debian Backports repo for Buster to allow installation of phpMyAdmin

42
43
44
2020-09-09
  sympl-web
    * Adds support for optional Apache configs in config/apache.d/*.conf (#300)
Paul Cammish's avatar
Paul Cammish committed
45
    * Added php-zip package to recommends (#294)
46
47
48
  sympl-core
    * sympl-filesystem-security: don't overwite permission in public/cgi-bin (#299)
    * sympl-filesystem-security: correctly read the group id (#298)
Paul Cammish's avatar
Paul Cammish committed
49
    * sympl-cli: fix permissions on newly created domains (#295)
Paul Cammish's avatar
Paul Cammish committed
50

51
52
53
54
55
56
2020-07-06
  sympl-web
   * Fixes incorrect filename for log files (#296)
  sympl-backup
   * Adds missing -extract function to DRIVER_TAR_GZ (#297)

57
2020-05-12
Doug Targett's avatar
Doug Targett committed
58
59
60
  sympl-core
    * Added functionality to the sympl cli for managing FTP users

Paul Cammish's avatar
Paul Cammish committed
61
62
63
64
2020-05-10
  sympl-core
    * Remove debug output from sympl-filesystem-security

Paul Cammish's avatar
Paul Cammish committed
65
66
67
68
2020-04-27
  sympl-core
    * Further fixes to prevent sympl-filesystem-security from changing permissions where it shouldn't. (#280) 

Paul Cammish's avatar
Paul Cammish committed
69
70
71
72
73
2020-04-22
  sympl-web
    * Switch to individual packages for sympl-web (#292)
    * Only enable OCSP Stapling for certs that support it (#293)

74
75
76
77
2020-04-20
  sympl-core
    * Prevent sympl-filesystem-security from changing permissions of /etc/firewall/local.d/ contents.

Paul Cammish's avatar
Paul Cammish committed
78
79
80
81
2020-04-18
  sympl-mail
    * Fixed sympl-mail-dovecot-sni issue with filesystem loops (#281)

Paul Cammish's avatar
Paul Cammish committed
82
83
84
85
86
2020-04-15
  sympl-core
    * Added --verbose switch to sympl-filesystem-security
    * Fixed issue #280 with sympl-filesystem-security

87
88
89
90
91
2020-03-26
  sympl-monit
    * Don't use sudo when writing cursor. Fixes issue #279.
    * Update sympl-monit.cursor path.

Paul Cammish's avatar
Paul Cammish committed
92
93
94
95
2020-01-27
  sympl-webmail
    * Fixed importing contacts

96
97
98
99
2019-12-31
  sympl-core
    * Fixed inconsistency with 'disable-filesystem-security' switch.

100
101
102
103
104
2019-12-27
  sympl-mail
    * Improves default PCI Compliance by disabling TLS1.0
    * Fixes dhparam issue with Dovecot

Paul Cammish's avatar
Paul Cammish committed
105
2019-12-16
106
107
  sympl-core
    * Add sympl user to relevant groups on each install.
Paul Cammish's avatar
Paul Cammish committed
108
  sympl-web
109
    * Added cron to clean up old PHP sessions.
Paul Cammish's avatar
Paul Cammish committed
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329

2019-12-05
  sympl-core
    * Updated IPv6 Only workaround for sympl-ssl.

2019-10-17
  sympl-core
    * Updated sympl-ssl to use Let's Encrypt ACME v02 API.

2019-10-04
  sympl-mail
    * Fixed permission issue with configuration.

2019-09-18
  sympl-firewall
    * Fixed missing version increment.

2019-09-17
  sympl-mail
    * Adds full chain support to Dovecot SNI, needed by some clients.

2019-09-08
  sympl-core
    * Set default threshold for LE cert renewal to suggested 30 days.
  sympl-backup
    * Added backup2l driver to prevent warnings from tar.

2019-08-16
  sympl-core
    * Adds detection of NAT64 environments for sympl-ssl wrapper.
  sympl-firewall
    * Removed incrond, re-instated old manual triggers on changes.
    * Fixed warning message from nftables.

2019-07-31
  sympl-backup
    * Force backups to be run as root.
    * Updated backup paths, exclude backups of /var/lib/docker.
  sympl-mysql
    * Updated sympl-sqldump to use sympl user correctly.

2019-07-29
  sympl-core
    * Copy root user authorized_keys to sympl user on first install.

2019-07-25
  sympl-core
    * Fixed typo in sympl CLI

2019-07-19
  sympl-cron
    * Updated sympl-crontab --test output

2019-07-18
  sympl-firewall
    * Updated sympl-firewall-whitelist to more sane defaults.
    * Only whitelist SSH access for a week once logged in.
    * Only whitelist IPv6 address at /128 rather than /64.

2019-07-09
  sympl-web
    * Updated sympl-web-rotate-logs to support new ownership
    * Reload Apache when rotating logs, rather than the loggers.

2019-07-08
  sympl-mail
    * Re-enable Dovecot SNI

2019-07-07
  sympl-mail
    * Fixed unhandled input

2019-07-06
  sympl-mail
    * Resolved potential race condition
    * Updated sympl-mail-dovecot-sni for edge cases
    * Improved sympl-mail ssl-hook

2019-07-05
  sympl-core
    * Removed beta flag from MOTD
    * Updated 'sympl' parser, added 'sympl update' function.

2019-07-04
  sympl-core
    * Workaround for sympl-ssl bug #249 under IPv6 only.
  sympl-monit
    * Updated monit tests to use TLSv1.2
  sympl-web
    * Rewrote Apache configs
    * Moved phpMyAdmin specifics to sympl-phpmyadmin
    * Deprecated Apache vhost_sympl module

2019-07-03
  sympl-web
    * Updated path for PHP config
    * Reverted default PHP lockdown
    * Reverted vhost rewrites

2019-07-02
  sympl-core
    * Removed mailbox permission rewriting
    * Disabled hostname enforcement
    * Adjusted security permissions for domains Exim config files
  sympl-mail
    * Adjusted exim config group
    * Permissions adjustment for Debian-exim user

2019-07-01
  sympl-mail
    * Fixes for Roundcube/Dovecot changes in Buster.
    * Enables SMTP AUTH on localhost without TLS.

2019-06-30
  sympl-web
    * Reworked apache templates
    * Added fallback for zz-mass-hosting

2019-06-28
  sympl-core
    * Adjusted permissions for config/dkim

2019-06-26
  sympl-mail
    * Fix for non-selfsigned certs with Dovecot SNI
    * Fixed SNI configuration in Exim and Dovecot

2019-06-25
  sympl-core
    * First update for sympl command line
    * Fixed edge case in sympl-filesystem-security

2019-06-24
  sympl-core
    * Adjusted MOTD Banner
    * Updated sympl-filesystem-security with tweaks to paths/logic
  sympl-ftp
    * Adjusted configuration to allow www-data
  sympl-mail
    * Updated Dovecot configuration for Debian Buster
    * Migrated links into existing file
  sympl-web
    * Adjusted ssl-hook so it doesn't fire before sympl-web is installed.
    * Adjusted Apache templates slightly.

2019-06-21
  All Packages
    * Created Sympl v10.0 (Debian Buster)
  sympl-core
    * Moved sympl-ssl to sbin to avoid permissions/hook issues.
  sympl-web
    * Updated dependencies/build-dependencies
    * Fixed typo in apache template

2019-06-20
  sympl-mail
    * Merged legacy Symbiosis patch for SNI on Exim
    * Updated configuration for SNI in Dovecot
  sympl-core
    * Updated recommended packages
    * Updated MOTD banner

2019-06-19
  sympl-web
    * Massively improved security for PHP
    * PHP is now restricted to public/, and has domain-specific tmp and
      sessions directories which are automatically created.
    * PHP is now disabled in a path that matches 'wp-content/uploads'
      significantly securing all WordPress sites.
    * Enables OSCP stapling by default. Disables HSTS by default.
    * zz-mass-hosting now configures all sites, not just SSL sites.
    * sympl-web-logger now only used for the zz-mass-hosting fallbacks.
    * PHP can block dangerous functions such as eval() and exec() which
      should not be needed typically. This can be enabled manually
      but effects all sites on the server.
    * new config files: config/disable-php-security and config/hsts.
  sympl-webmail
    * Updated configuration to restrict PHP directory access

2019-06-14
  sympl-mysql
    * Fixed typos

2019-06-13
  sympl-backup
    * Removed deprecated backup scripts
  sympl-mysql
    * Added sympl-sqldump

2019-06-12
  sympl-web
    * Massively improved security for web stats.
    * new config files: config/stats and config/stats-htpasswd
  sympl-webmail
    * Improved webmail auto-configuration

2019-06-11
  All Packages
    * Merged sympl-common into sympl-core

2019-06-10
  All Packages
    * Adjusted Dependencies
  sympl-mail
    * Re-implimented password strength testing
  sympl-webmail
    * Moved configuration of roundcube to sympl-common

2019-06-09
  All Packages
    * Renamed admin user to sympl.
  sympl-ftp
    * FTP user now logs in as owner of the chrooted dir
    * Added Umask so files are +rw by the relevant group
  sympl-web
    * Removed skel.d files.
  sympl-mysql
    * .my.cnf and 'mysql_password' files now created in /home/sympl
  sympl-backup
    * Updated backup paths
Paul Cammish's avatar
Paul Cammish committed
330

Paul Cammish's avatar
Paul Cammish committed
331
332
333
334
335
336
337
338
* 2019-06-06 - First Public Build
  - Renamed packages and files, replaced references to Symbiosis with Sympl.
      bytemark-symbiosis -> sympl-core
      symbiosis-httpd -> sympl-web
      symbiosis-email -> sympl-mail
      symbiosis-ftpd -> sympl-ftp
      symbiosis-meta -> sympl-core
      symbiosis-* -> sympl-*
Paul Cammish's avatar
Paul Cammish committed
339
340
  - Renamed command-line tools, with new package names, added symlinks
    from old names.
Paul Cammish's avatar
Paul Cammish committed
341
342
343
344
345
  - /etc/symbiosis is now /etc/sympl, with symlink for compatibilty.
  - Folded old metapackages into relevant packages.
  - Dropped support for old Exchange Activesync.
  - Dropped support for XMPP.
  - A lot of tidying up.
Paul Cammish's avatar
Paul Cammish committed
346

Paul Cammish's avatar
Paul Cammish committed
347
* 2019-05-28 - Implemented autotest suite, updated docs.
Paul Cammish's avatar
Paul Cammish committed
348

Paul Cammish's avatar
Paul Cammish committed
349
* 2019-04-16 - Fixed Gitlab CI
Paul Cammish's avatar
Paul Cammish committed
350

Paul Cammish's avatar
Paul Cammish committed
351
* 2019-04-13 - Initial fork from GitHub