You are here
Changes:
- Bugfix 'turnkey-mysql-ssl disable' script - closes #1614.
[Jeremy Davis jeremy@turnkeylinux.org]
- Updating mysql appliance and its dependencies to v17.0.
- Update appliance landing page with lighttpd refactoring. Includes adding
adding lighty openssl module to plan, and using new common make files.
- Replace php-cgi with php-fpm.
Links
Changes:
- Rebuild on latest Debian Buster.
- Note: Please refer to turnkey-core's 16.1 changelog for changes common to
all appliances. Here we only describe changes specific to this appliance.
Links
Changes:
- Updated all relevant Debian packages to Buster/10 versions; including
MariaDB & PHP 7.3 (for Adminer).
- New MySQL/MariaDB user account, named "remote" configured for remote connections.
- Explicitly enabled SSL for MySQL network connections via port 3306.
- New inithooks to set hostname for remote user host and regenerate MariaDB
connection SSL certificates/keys.
- CLI script 'turnkey-mysql-ssl' and Confconsole plugin to enable/disable
MySQL/MariaDB SSL requirement for remote connections.
- Explcitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1) for WebCP & Adminer.
(v15.x TurnKey releases supported TLS 1.2, but could fallback as low as
TLSv1).
- Update SSL/TLS cyphers webservers to provide "Intermediate" browser/client
support (suitable for "General-purpose servers with a variety of clients,
recommended for almost all systems"). As provided by Mozilla via
https://ssl-config.mozilla.org/.
- Updated version of mysqltuner script - now installed as per upstream
recommendation.
- Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
Links
Pages