Commit 82dc67cb authored by Paul Cammish's avatar Paul Cammish
Browse files

Update changelogs

parent 9aa036d0
CHANGELOG
---------
* 2019-06-16 - Significantly improved default security for PHP
* 2019-06-19 - Significantly improved default security for PHP
- PHP is now restricted to public/, and has domain-specific tmp and
sessions directories which are automatically created.
- PHP is now disabled in a path that matches 'wp-content/uploads'
......@@ -9,8 +9,8 @@ CHANGELOG
- Enables OSCP stapling by default. Disables HSTS by default.
- zz-mass-hosting now configures all sites, not just SSL sites.
- sympl-web-logger now only used for the zz-mass-hosting fallbacks.
- PHP defaults to blocking dangerous functions such as eval() and
exec() which should not be needed typically. This can be re-enabled
- PHP can block dangerous functions such as eval() and exec() which
should not be needed typically. This can be enabled manually
but effects all sites on the server.
- new config files: config/disable-php-security and config/hsts.
......
sympl-core (9.0.190619.0) stable; urgency=medium
* Removed backward compatibility for /etc/symbiosis
-- Paul Cammish <sympl@kelduum.net> Wed, 19 Jun 2019 17:12:00 +0100
sympl-core (9.0.190614.0) stable; urgency=medium
* Added stubbed out version of the sympl command line.
......
sympl-phpmyadmin (9.0.190619.0) stable; urgency=medium
* Added blowfish_secret configuration
-- Paul Cammish <sympl@kelduum.net> Wed, 19 Jun 2019 17:14:00 +0100
sympl-phpmyadmin (9.0.190611.0) stable; urgency=medium
* Merged sympl-common into sympl-core
......
sympl-web (9.0.190616.0) stable; urgency=medium
sympl-web (9.0.190619.0) stable; urgency=medium
* Massively improved security for PHP
* PHP is now restricted to public/, and has domain-specific tmp and
......@@ -8,12 +8,12 @@ sympl-web (9.0.190616.0) stable; urgency=medium
* Enables OSCP stapling by default. Disables HSTS by default.
* zz-mass-hosting now configures all sites, not just SSL sites.
* sympl-web-logger now only used for the zz-mass-hosting fallbacks.
* PHP defaults to blocking dangerous functions such as eval() and
exec() which should not be needed typically. This can be re-enabled
* PHP can block dangerous functions such as eval() and exec() which
should not be needed typically. This can be enabled manually
but effects all sites on the server.
* new config files: config/disable-php-security and config/hsts.
-- Paul Cammish <sympl@kelduum.net> Sun, 16 Jun 2019 22:25:00 +0100
-- Paul Cammish <sympl@kelduum.net> Wed, 19 Jun 2019 17:15:00 +0100
sympl-web (9.0.190612.0) stable; urgency=medium
......
sympl-webmail (9.0.190619.0) stable; urgency=medium
* Updated configuration to restrict PHP directory access
-- Paul Cammish <sympl@kelduum.net> Thu, 19 Jun 2019 17:17:00 +0100
sympl-webmail (9.0.190612.0) stable; urgency=medium
* Improved webmail auto-configuration
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment