Changes:

  • Upgraded to latest Bullseye version of Django (2.2.25).
  • Updated all relevant Debian packages to Bullseye/11 versions.
  • Provide predefined dh_params (via 'turnkey-make-ssl-cert' where relevant) as per RFC7919 - part of #1653.
  • Updated version of mysqltuner script.
  • Enable HTTP/2 by default (where possible). Note: will not actually work until a CA signed cert is generated or installed.
  • Configure OCSP stapling (will only work once a valid cert is configured).
  • Enable HSTS by default (only effects HTTPS traffic - full implementation also requires HTTP redirect to HTTPS and valid cert).
  • Enable Apache mod-headers by default (required for HSTS).
  • Disable cipher order in default ssl.conf (no longer required with the secure cipher suites we use; mild improvement in cpu resources).
  • Note: Please refer to turnkey-core's 17.0 changelog for changes common to all appliances. Here we only describe changes specific to this appliance.

Links