Commit cb3f8cd0 authored by Paul Cammish's avatar Paul Cammish

Merge branch 'buster-testing' into 'buster'

Update Changelog

See merge request !151
parents 99cea200 44749835
Pipeline #747 passed with stages
in 37 minutes and 55 seconds
CHANGELOG
---------
* 2019-06-20 - Various fixes
- Fixed missing sympl-ssl cron job, and made it run first.
- Fixed broken SSL email hook.
- Completed autoconfiguration for Dovecot/Exim SNI from Symbiosis.
- Minor fixes
* 2019-06-19 - Significantly improved default security for PHP
- PHP is now restricted to public/, and has domain-specific tmp and
2019-12-05
sympl-core
* Updated IPv6 Only workaround for sympl-ssl.
2019-10-17
sympl-core
* Updated sympl-ssl to use Let's Encrypt ACME v02 API.
2019-10-04
sympl-mail
* Fixed permission issue with configuration.
2019-09-18
sympl-firewall
* Fixed missing version increment.
2019-09-17
sympl-mail
* Adds full chain support to Dovecot SNI, needed by some clients.
2019-09-08
sympl-core
* Set default threshold for LE cert renewal to suggested 30 days.
sympl-backup
* Added backup2l driver to prevent warnings from tar.
2019-08-16
sympl-core
* Adds detection of NAT64 environments for sympl-ssl wrapper.
sympl-firewall
* Removed incrond, re-instated old manual triggers on changes.
* Fixed warning message from nftables.
2019-07-31
sympl-backup
* Force backups to be run as root.
* Updated backup paths, exclude backups of /var/lib/docker.
sympl-mysql
* Updated sympl-sqldump to use sympl user correctly.
2019-07-29
sympl-core
* Copy root user authorized_keys to sympl user on first install.
2019-07-25
sympl-core
* Fixed typo in sympl CLI
2019-07-19
sympl-cron
* Updated sympl-crontab --test output
2019-07-18
sympl-firewall
* Updated sympl-firewall-whitelist to more sane defaults.
* Only whitelist SSH access for a week once logged in.
* Only whitelist IPv6 address at /128 rather than /64.
2019-07-09
sympl-web
* Updated sympl-web-rotate-logs to support new ownership
* Reload Apache when rotating logs, rather than the loggers.
2019-07-08
sympl-mail
* Re-enable Dovecot SNI
2019-07-07
sympl-mail
* Fixed unhandled input
2019-07-06
sympl-mail
* Resolved potential race condition
* Updated sympl-mail-dovecot-sni for edge cases
* Improved sympl-mail ssl-hook
2019-07-05
sympl-core
* Removed beta flag from MOTD
* Updated 'sympl' parser, added 'sympl update' function.
2019-07-04
sympl-core
* Workaround for sympl-ssl bug #249 under IPv6 only.
sympl-monit
* Updated monit tests to use TLSv1.2
sympl-web
* Rewrote Apache configs
* Moved phpMyAdmin specifics to sympl-phpmyadmin
* Deprecated Apache vhost_sympl module
2019-07-03
sympl-web
* Updated path for PHP config
* Reverted default PHP lockdown
* Reverted vhost rewrites
2019-07-02
sympl-core
* Removed mailbox permission rewriting
* Disabled hostname enforcement
* Adjusted security permissions for domains Exim config files
sympl-mail
* Adjusted exim config group
* Permissions adjustment for Debian-exim user
2019-07-01
sympl-mail
* Fixes for Roundcube/Dovecot changes in Buster.
* Enables SMTP AUTH on localhost without TLS.
2019-06-30
sympl-web
* Reworked apache templates
* Added fallback for zz-mass-hosting
2019-06-28
sympl-core
* Adjusted permissions for config/dkim
2019-06-26
sympl-mail
* Fix for non-selfsigned certs with Dovecot SNI
* Fixed SNI configuration in Exim and Dovecot
2019-06-25
sympl-core
* First update for sympl command line
* Fixed edge case in sympl-filesystem-security
2019-06-24
sympl-core
* Adjusted MOTD Banner
* Updated sympl-filesystem-security with tweaks to paths/logic
sympl-ftp
* Adjusted configuration to allow www-data
sympl-mail
* Updated Dovecot configuration for Debian Buster
* Migrated links into existing file
sympl-web
* Adjusted ssl-hook so it doesn't fire before sympl-web is installed.
* Adjusted Apache templates slightly.
2019-06-21
All Packages
* Created Sympl v10.0 (Debian Buster)
sympl-core
* Moved sympl-ssl to sbin to avoid permissions/hook issues.
sympl-web
* Updated dependencies/build-dependencies
* Fixed typo in apache template
2019-06-20
sympl-mail
* Merged legacy Symbiosis patch for SNI on Exim
* Updated configuration for SNI in Dovecot
sympl-core
* Updated recommended packages
* Updated MOTD banner
2019-06-19
sympl-web
* Massively improved security for PHP
* PHP is now restricted to public/, and has domain-specific tmp and
sessions directories which are automatically created.
- PHP is now disabled in a path that matches 'wp-content/uploads'
* PHP is now disabled in a path that matches 'wp-content/uploads'
significantly securing all WordPress sites.
- Enables OSCP stapling by default. Disables HSTS by default.
- zz-mass-hosting now configures all sites, not just SSL sites.
- sympl-web-logger now only used for the zz-mass-hosting fallbacks.
- PHP can block dangerous functions such as eval() and exec() which
* Enables OSCP stapling by default. Disables HSTS by default.
* zz-mass-hosting now configures all sites, not just SSL sites.
* sympl-web-logger now only used for the zz-mass-hosting fallbacks.
* PHP can block dangerous functions such as eval() and exec() which
should not be needed typically. This can be enabled manually
but effects all sites on the server.
- new config files: config/disable-php-security and config/hsts.
* 2019-06-13 - Improved SQL backup script
- New script with configurbility.
- Run sympl-sqldump --help for info.
* 2019-06-13 - Improved hostname & webmail installs
- Hostname misconfiguration will be repaired automatically
- If a FQDN isn't set, one will be created automatically.
- Webmail should no longer prompt for web server to configure
* 2019-06-12 - Changes to web stats
- Stats are no longer generated by default.
- If it exists, public/htdocs/stats will require HTTPS and a
username/password
- web stats can be enabled by creating config/stats
- username password should be placed in config/stats-htpasswd in htpasswd
format
* 2019-06-11 - Merged the sympl-common package into sympl-core
* 2019-06-10 - Re-implimented password strength checking and tests
* 2019-06-10 - Significant changes to 'admin' user
- Replaced 'admin' user with 'sympl' user, with the home directory at
/home/sympl
- sympl-mysql writes /home/sympl/.my.cnf and 'mysql_password' files on
install
- FTP users inherit uid/gid from target chroot directory, Umask is set
read/write for group.
- Improved filesystem security and added 'sympl-filesystem-security' to
enforce it.
- This prevents a compromised site from accessing configurations,
mail, backups, etc.
- It runs hourly, and enforces permissions on /srv, /var/backup and
/etc/sympl
- config/public-user and config/public-group specify user which owns
the public directory
- defaults to www-data:www-data
- can be disabled with do-not-secure (domain) in config and /etc/sympl
(global)
- Removed symbiosis-skel/sympl-skel service as it's superflous
- Added htop, nano, vim to recommends, along with basic configs for
usability
* new config files: config/disable-php-security and config/hsts.
sympl-webmail
* Updated configuration to restrict PHP directory access
2019-06-14
sympl-mysql
* Fixed typos
2019-06-13
sympl-backup
* Removed deprecated backup scripts
sympl-mysql
* Added sympl-sqldump
2019-06-12
sympl-web
* Massively improved security for web stats.
* new config files: config/stats and config/stats-htpasswd
sympl-webmail
* Improved webmail auto-configuration
2019-06-11
All Packages
* Merged sympl-common into sympl-core
2019-06-10
All Packages
* Adjusted Dependencies
sympl-mail
* Re-implimented password strength testing
sympl-webmail
* Moved configuration of roundcube to sympl-common
2019-06-09
All Packages
* Renamed admin user to sympl.
sympl-ftp
* FTP user now logs in as owner of the chrooted dir
* Added Umask so files are +rw by the relevant group
sympl-web
* Removed skel.d files.
sympl-mysql
* .my.cnf and 'mysql_password' files now created in /home/sympl
sympl-backup
* Updated backup paths
* 2019-06-06 - First Public Build
- Renamed packages and files, replaced references to Symbiosis with Sympl.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment