-
Notifications
You must be signed in to change notification settings - Fork 15
/
changelog
361 lines (240 loc) · 13 KB
/
changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
turnkey-jenkins-18.1 (1) turnkey; urgency=low
* Install latest Jenkins LTS from upstream apt repo - 2.462.2.
* v18.1 rebuild - includes latest Debian & TurnKey packages.
* Reduce log noise by creating ntpsec log dir - closes #1952.
-- Jeremy Davis <[email protected]> Sat, 14 Sep 2024 07:12:58 +0000
turnkey-jenkins-18.0 (1) turnkey; urgency=low
* Install latest Jenkins LTS from upstream apt repo - 2.459
[Anton Pyrogovskyi <[email protected]]
* No longer use PAM authentication by default, preferring Jenkins default
user management (PAM auth module is still installed and available)
[Anton Pyrogovskyi <[email protected]]
* Install latest Jenkins LTS from upstream apt repo - 2.452.1.
* Update OpenJDK to openjdk-17-jre (Debian apt repo).
* Include fontconfig pkg as manually installed pkg (Debian apt repo).
* Confconsole: bugfix broken DNS-01 Let's Encrypt challenge- closes #1876 &
#1895.
[Jeremy Davis <[email protected]>]
* Ensure hashfile includes URL to public key - closes #1864.
* Include webmin-logviewer module by default - closes #1866.
* Upgraded base distribution to Debian 12.x/Bookworm.
* Configuration console (confconsole):
- Support for DNS-01 Let's Encrypt challenges.
[ Oleh Dmytrychenko <[email protected]> github: @NitrogenUA ]
- Support for getting Let's Encrypt cert via IPv6 - closes #1785.
- Refactor network interface code to ensure that it works as expected and
supports more possible network config (e.g. hotplug interfaces & wifi).
- Show error message rather than stacktrace when window resized to
incompatable resolution - closes #1609.
[ Stefan Davis <[email protected]> ]
- Bugfix exception when quitting configuration of mail relay.
[ Oleh Dmytrychenko <[email protected]> github: @NitrogenUA ]
- Improve code quality: implement typing, fstrings and make (mostly) PEP8
compliant.
[Stefan Davis <[email protected]> & Jeremy Davis
* Firstboot Initialization (inithooks):
- Refactor start up (now hooks into getty process, rather than having it's
own service).
[ Stefan Davis <[email protected]> ]
- Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname
is included in dhcp info when set via inithooks.
- Package turnkey-make-ssl-cert script (from common overlay - now packaged
as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
- Refactor run script - use bashisms and general tidying.
- Show blacklisted password characters more nicely.
- Misc packaging changes/improvements.
- Support returning output from MySQL - i.e. support 'SELECT'. (Only
applies to apps that include MySQL/MariaDB).
* Web management console (webmin):
- Upgraded webmin to v2.105.
- Replace webmin-shell with webmin-xterm module by default - closes #1904.
- Removed stunnel reverse proxy (Webmin hosted directly now).
- Ensure that Webmin uses HTTPS with default cert
(/etc/ssl/private/cert.pem).
- Disabled Webmin Let's Encrypt (for now).
* Web shell (shellinabox):
- Completely removed in v18.0 (Webmin now has a proper interactive shell).
- Note: previous v18.0 releases did not include webmin-xterm pkg - see
above webmin note &/or #1904.
* Backup (tklbam):
- Ported dependencies to Debian Bookworm; otherwise unchanged.
* Security hardening & improvements:
- Generate and use new TurnKey Bookworm keys.
- Automate (and require) default pinning for packages from Debian
backports. Also support non-free backports.
* IPv6 support:
- Adminer (only on LAMP based apps) listen on IPv6.
- Nginx/NodeJS (NodeJS based apps only) listen on IPv6.
* Misc bugfixes & feature implementations:
- Remove rsyslog package (systemd journal now all that's needed).
- Include zstd compression support.
- Enable new non-free-firmware apt repo by default.
- Improve turnkey-artisan so that it works reliably in cron jobs (only
Laravel based LAMP apps).
-- Jeremy Davis <[email protected]> Tue, 21 May 2024 00:42:45 +0000
turnkey-jenkins-17.1 (1) turnkey; urgency=low
* Updated all Debian packages to latest.
[ autopatched by buildtasks ]
* Patched bugfix release. Closes #1734.
[ autopatched by buildtasks ]
-- Jeremy Davis <[email protected]> Fri, 11 Nov 2022 02:00:48 +0000
turnkey-jenkins-17.0 (1) turnkey; urgency=low
* Install latest Jenkins LTS from upstream apt repo - 2.361.1.
* Fixes #888 (Automated plugin dependency fulfilment)
* Provides jenkins-cli utility script `/usr/local/bin/jenkins-cli`
* Updated all relevant Debian packages to Bullseye/11 versions
* Note: Please refer to turnkey-core's 17.0 changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Stefan Davis <[email protected]> Mon, 19 Sep 2022 19:34:49 +0000
turnkey-jenkins-16.1 (1) turnkey; urgency=low
* Install latest Jenkins LTS from upstream apt repo - 2.277.3.
* Update all current plugins, plus include dependencies:
- bootstrap4-api
- checks-api
- font-awesome-api
- popper-api
- workflow-support
* Install previous minor version (1.18.1) of ssh-credentials plugin. Latest
version requires latest Jenkins (not compatible with Jenkins LTS).
* Note: Please refer to turnkey-core's 16.1 changelog for changes common to
all appliances. Here we only describe changes specific to this appliance.
-- Jeremy Davis <[email protected]> Tue, 27 Apr 2021 15:42:47 +1000
turnkey-jenkins-16.0 (1) turnkey; urgency=low
* Install latest Jenkins LTS from upstream - 2.235.2.
* Update/include additional plugins (new/updated plugin dependencies):
- echarts-api
- jaxb
- trilead-api
- jackson2-api
- jquery3-api
- plugin-util-api
- snakeyaml-api
* Change default Jenkins username to 'jenkins-admin'. This is to avoid
possible clash with sudoadmin on AWSMP (default username is 'admin').
[ Jeremy Daivs <[email protected]> ]
* Explcitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1). (v15.x
TurnKey releases supported TLS 1.2, but could fallback as low as TLSv1).
* Update SSL/TLS cyphers to provide "Intermediate" browser/client support
(suitable for "General-purpose servers with a variety of clients,
recommended for almost all systems"). As provided by Mozilla via
https://ssl-config.mozilla.org/.
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Stefan Davis <[email protected]> Tue, 04 Aug 2020 15:46:51 +1000
turnkey-jenkins-15.4 (1) turnkey; urgency=low
* Install latest Jenkins LTS from upstream (2.150.1).
* Remove broken TurnKey credit footer (and the markup plugin that was
providing it) - closes #1215. To be reimplemented at a later date (see
#1281).
-- Jeremy Davis <[email protected]> Wed, 19 Dec 2018 10:12:50 +1100
turnkey-jenkins-15.3 (1) turnkey; urgency=low
* Install latest Jenkins LTS from upstream (2.138.3).
* Rebuild to resolve inadvertant removal of mariadb during sec-updates
- part of #1246.
-- Jeremy Davis <[email protected]> Wed, 21 Nov 2018 18:20:15 +1100
turnkey-jenkins-15.2 (1) turnkey; urgency=low
* Latest version of Jenkins from upstream LTS repo (2.138.2).
-- Jeremy Davis <[email protected]> Mon, 15 Oct 2018 18:40:16 +1100
turnkey-jenkins-15.1 (1) turnkey; urgency=low
* Latest version of Jenkins from upstream LTS repo (2.138.1).
-- Jeremy Davis <[email protected]> Mon, 17 Sep 2018 14:11:40 +1000
turnkey-jenkins-15.0 (1) turnkey; urgency=low
* Latest version of Jenkins from upstream Long Term Support repo (2.121.3).
* Replace MySQL with MariaDB
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Vlad Kuzmenko <[email protected]> Thu, 12 Jul 2018 04:59:42 +0200
turnkey-jenkins-14.2 (1) turnkey; urgency=low
* Latest version of Jenkins from upstream Long Term Support repo.
* Upgraded to OpenJDK v8.
* jenkins-cli:
- '-remoter' mode disabled by default (security)
- JENKINS_URL env var set to http://localhost:8080 (convenience)
- jenkins-cli bash wrapper - can now use 'jenkins-cli' instead of
'java -jar path/to/jenkins-cli.jar' (convenience)
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Anton Pyrogovskyi <[email protected]> Tue, 11 Jul 2017 23:05:29 +0200
turnkey-jenkins-14.1 (1) turnkey; urgency=low
* Jenkins:
-Latest version of Jenkins from upstream Long Term Support repo.
-Included scm_api dependency (#507).
-Fix reverse proxy (#untracked bug).
-Redirect HTTP to HTTPS.
* Latest versions of Debian packages (from repos).
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Jeremy Davis <[email protected]> Wed, 17 Feb 2016 16:33:08 +1100
turnkey-jenkins-14.0 (2) turnkey; urgency=low
* Latest version of Jenkins from Long Term Support release version. Fixes
remote code execution vulnerability.
-- Jeremy Davis <[email protected]> Thu, 26 Nov 2015 19:28:32 +1000
turnkey-jenkins-14.0 (1) turnkey; urgency=low
* Jenkins:
- Latest version of Jenkins from official package repository.
* Tomcat/JDK:
- Upgraded to Tomcat7 (Jessie).
- Upgraded to OpenJDK7 (Jessie).
* Debian component versions:
tomcat7 7.0.56-3
openjdk-7-jdk 7u79-2.5.5-1~deb8u1
* Hardened default SSL settings
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Jeremy Davis <[email protected]> Sun, 24 May 2015 04:37:32 +1000
turnkey-jenkins-13.0 (1) turnkey; urgency=low
* Jenkins:
- Latest version of Jenkins from official package repository.
- Bugfixed plugin permissions [#42].
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Alon Swartz <[email protected]> Thu, 10 Oct 2013 18:07:35 +0300
turnkey-jenkins-12.1 (1) turnkey; urgency=low
* Jenkins:
- Installing latest version of Jenkins from official package repository,
and pinning for security.
- Latest plugins versions are installed at build time.
- Transitioned to jenkins daemon localhost, removed tomcat related.
- Regenerate jenkins secrets/keys on firstboot (security).
- Configured authentication via pam (admin posix user, disabled login).
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Alon Swartz <[email protected]> Sun, 07 Apr 2013 08:00:00 +0200
turnkey-jenkins-12.0 (1) turnkey; urgency=low
* Initial public release of TurnKey Jenkins, based on TKLPatch submitted
by Adrian Moya.
* Jenkins is preconfigured with PrivateSecurityRealm, providing users
full control once logged in (signup is disabled by default).
* Set Jenkins admin password on firstboot (convenience, security).
* Regenerates all secrets during installation / firstboot (security).
* Includes all popular VCS clients and related Jenkins plugins for Git,
Bazaar, Mercurial and Subversion.
* JENKINS_HOME configured in environment: /var/local/lib/jenkins.
* SSL support out of the box.
* Tomcat, Apache and Java configurations
- Apache2 Jk loadbalancer connector to Tomcat (performance).
- JkMounts for jenkins, admin, manager, host-manager applications.
- Configured Tomcat admin/manager roles and admin user.
- Configured Tomcat AJP connector to bind to localhost (security).
- Removed tomcat HTTP connector listener (security).
- Tomcat and Java environment variables configuration system wide.
* Includes postfix MTA (bound to localhost) for sending of email (e.g.
password recovery). Also includes webmin postfix module for convenience.
* Major component versions
tomcat6 6.0.35-1+squeeze2
apache2 2.2.16-6+squeeze7
libapache2-mod-jk 1:1.2.30-1squeeze1
openjdk-6-jdk 6b18-1.8.13-0+squeeze2
openjdk-6-jre 6b18-1.8.13-0+squeeze2
ant 1.8.0-4
mysql-server 5.1.63-0+squeeze1
libmysql-java 5.1.10+dfsg-2
git-core 1:1.7.2.5-3
bzr 2.1.2-1
subversion 1.6.12dfsg-6
mercurial 1.6.4-1
build-essential 11.5
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Alon Swartz <[email protected]> Wed, 01 Aug 2012 08:00:00 +0200