Changes:

  • Updated all relevant Debian packages to Buster/10 versions; including OpenLDAP (slapd) to 2.4.47 & PHP 7.3 (for phpldapadmin).
  • Update phpldapadmin to latest upstream version - 1.2.5. Plus also add cookie encryption (via setting blowfish seed) and disable anonymous access.
  • Explcitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1) for webserver/ phpldapadmin. (v15.x TurnKey releases supported TLS 1.2, but could fallback as low as TLSv1).
  • Update webserver SSL/TLS cyphers to provide "Intermediate" browser/client support (suitable for "General-purpose servers with a variety of clients, recommended for almost all systems"). As provided by Mozilla via https://ssl-config.mozilla.org/.
  • Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance.

Links