This site is a static archive of the Aegir community site. Documentation has moved to http://docs.aegirproject.org. Other community resources can be found on the Contacting the community page.
Skip navigation

Revision of 2.4 release notes from Wed, 05/20/2015 - 18:42

Help

2.4 release notes

The Aegir team is proud to announce the forth release in the stable 2.x release branch!

This maintenance release ships with a security fix for Apache installations. Everyone is encouraged to upgrade. Re-verify is required for all sites (Views bulk operations makes this easy)

Also, worth noting is the simultaneous release of our second beta for Aegir 3. Debian packages are now being provided for Aegir 3, so trying it out is easier than ever!

1. Security improvements for nginx

Previously, Aegir stored SSL cipher and protocol settings per site in Nginx virtualhost configuration files. This included the enabling of SSLv3, which is vulnerable to POODLE attacks [1].

Because these settings were stored via templates, permanently removing SSLv3 support on Aegir-based Nginx SSL environments was not possible. These settings have now been removed from the templates that generate Nginx virtualhost files under Aegir. If you wish to either re-enable SSLv3, or otherwise alter SSL cipher and protocol settings in Nginx, we recommend you do so in the http {} context (e.g, in /etc/nginx/nginx.conf), which are applied globally and are never manipulated by Aegir.

Sites that were running on Nginx and had SSL enabled, should be re-verified to remove those settings.

Apache users (including those using SSL) were not affected.

[1] http://en.wikipedia.org/wiki/POODLE

2. Installing and upgrading

The canonical source of installation documentation is on the community site at:

http://community.aegirproject.org/installing

In a similar fashion, the upgrade documentation is at:

http://community.aegirproject.org/upgrading

Within those sections, you'll find step-by-step instructions for performing both manual and automatic upgrade processes.

It is still imperative that you read the the upgrade path and version-specific information and follow all version-specific upgrade instructions before trying to run the upgrade script or manual upgrade.

N.B. Issue #2146977: Broken backward compatibility with IP based vhosts may affect those upgrading from 1.x. It appears that running 'verify' tasks on all sites should resolve the issue.

3. Need help?

If you struggle to install or upgrade your Aegir system, you have a number of options available to you for getting help.

Consult this page for more information: http://community.aegirproject.org/help

Thanks to our awesome community for their help, support and encouragement as always! Enjoy the new release :)

4. Known issues

Being really open about our project, we have never hidden the fact that some things, sometimes, do not work in Aegir. Our issue trackers are public, and we've made it a point of honor not only to document clearly what is wrong in our releases as soon as we find out about it, but also to reroll new releases when we fix it.

That being said, 2.2 still has a number of issues and design flaws. This is the list of all issues marked "major" in the queue right now. Most issues are now likely to be fixed in the 3.x development branch, and unlikely to be backported unless considered critical.

As mentioned in the previous section, Issue #2146977: Broken backward compatibility with IP based vhosts is still listed as a 'critical' issue against the 2.x branch. However, it should only affect those upgrading from 1.x, and has a fairly simple work-around. If you come across this behaviour during your upgrade, please post a comment to the issue, so we can confirm that it still exists.

5. Features

#2267057: Pre-upgrade add ctools to 6.x-2.x

6. Bug fixes

Changes to hosting since 6.x-2.1:

  • Make it clear that subdomain (foo) and subdirectory name (foo) must be identical.
  • #2333911 - Restore the pre-views order of tasks in the queue blocks/lists.
  • #2313327 by helmo | tvl: Fixed Unknown options for provision-verify.
  • #2163525 by helmo | daften: Fixed Aegir doesn't delete old alias on migration of site.

Changes to provision since 6.x-2.1:

  • #2457359: Stop overriding Nginx SSL settings
  • Nginx: Stop the POST flood to /autodiscover/autodiscover.xml generated by MS Office/Outlook
  • Nginx: Use dummy db fastcgi_param placeholders if any of them is empty
  • #2350695 by omega8cc, helmo: Profile is registered twice, also as a module, which causes warning
  • Nginx: Remove webform keyword from regex locations - fixes #599
  • Nginx: Sync configuration improvements.
  • Fix for custom cpuinfo logic.
  • #2421543 by notzach: Changing how Apache ServerAliases are defined
  • Nginx: Use safe fallback for mysteriously empty $db_port
  • Nginx: Use reliable source for db_port to write in the vhost
  • #2276557 by zxaos, bgm: allow aegir2-provision package to accept mariadb or mysql
  • Nginx: Fix for D8-specific /cron/ location caching (extended mode only).
  • Nginx: Fix for D8-specific /cron/ location regex.
  • Nginx: Drupal 8 with clean urls enabled should use /cron/ URI.
  • Nginx: Sync config templates.
  • Detect if the platform stays the same only when site name changes.
  • Standardize inline comments.
  • #2372653 by helmo: Add --no-autocommit when dumping MySQL tables
  • Use $new_name instead of $new_uri to avoid confusion.
  • Compare $new_uri with d()->name and not d()->uri in the Site Rename Check.
  • Nginx: Helper locations to avoid 404 on legacy images paths (subdir only)
  • Nginx: Fix spacing
  • Nginx: Add missing variables in subdirectory config template.
  • don't allow d() to run before drush is fully initialized
  • Nginx: Add the fix for known problem with files/imagecache in legacy D6 sites (again).
  • Nginx: Fail early if any required db credentials are empty, to never create broken vhost.
  • Nginx: Block semalt botnet (extended boa mode only)
  • #2358977 by mrP - [nginx] Aegir redirection to non-install url leads to sites/$server_name/files 404 errors (sub-dir config sync)
  • #2373923 by griz - https redirect problem with Nginx (fix tested)
  • Nginx: Avoid redirect loops (really fixed).
  • Nginx: Avoid redirect loops (fixed).
  • Nginx: Avoid redirect loops.
  • #2358977 by mrP - [nginx] Aegir redirection to non-install url leads to sites/$server_name/files 404 errors.
  • Nginx: Simplify imagecache/styles support.
  • Nginx: Remember real site name in $main_site_name and MAIN_SITE_NAME.
  • Sync new lines.
  • Nginx: proper sync with Apache redirects.
  • Revert "Issue #2373923 by griz - https redirect problem with Nginx"
  • #2373923 by griz - https redirect problem with Nginx
  • Merge remote-tracking branch 'origin/6.x-2.x-backports' into 6.x-2.x
  • #2163979 - Check if field_info_field_map() is available to not break support for old D7 versions.
  • Make sure that db_port is never empty and defaults to 3306.
  • #2266997 by helmo, cweagans: Added Do not automatically enable update module when installing a site.
  • Nginx: Update vhosts templates to match BOA improvements #unforkboa
  • Nginx: Sanitize aliases in vhost_disabled.tpl.php to avoid: 'nginx: [warn] server name "foo.com/bar" has suspicious symbols'
  • Fix spacing in config lines.
  • Nginx: Update config includes to match optional BOA features improvements #unforkboa
  • Manage extra GRANTS to allow SQL remote access via SSH tunneling which depends on '127.0.0.1' and will not work with GRANTS for 'localhost'.
  • Add support for file generated from /proc/cpuinfo on system with no access to /proc #unforkboa
  • Ignore paths from OS X
  • Backport provision_hosting_feature_enabled (2)
  • Backport provision_hosting_feature_enabled()
  • Fix typo.
  • Shorten and simplify the subdirs checks code.
  • Remove legacy subdir code and update checks.
  • Remove whitespace.
  • Use is_readable() instead of file_exists() when checking alias existence.
  • Use is_dir() instead of file_exists() when checking directory existence.
  • Use is_readable() check instead of insufficient file_exists() for config includes.
  • Remove redundant file_exists() if is_readable() is also used.
  • Add little debugging markers.
  • Use strict checks: is_file() and/or is_link() instead of file_exists() before attempting unlink()
  • Fix for mysterious warning "Could not create directory ." on Hostmaster site Verify.
  • Nginx: Fix typo in vhosts templates.
  • #2330781 - Use Drush native dt() wrapper instead of not always available t()
  • #2329131 by dagomar: Fixed Uninstalled block module causes errors.
  • Allow usage with Drush7, now that *.drush.load.inc's aren't being included.
  • #2177315 by pwatzeels: Fixed Group permissions on private/temp folder not correct on remote server.
  • #2296089 by ergonlogic, cosmicdreams: Fixed Installer can detect incorrect default web group.
  • #2169287 by cableman0408: Fixed Setting user name twice (fails non-default installation profile).
  • #2275467 by kristofferwiklund: Fixed incorrect variable in Debian postinstall script for Apache 2.4
  • Stop false-positive warnings when SSL uses a wildcard.
  • #2259461 by Liam McDermott - Remove too aggressive limit_conn directive in the Nginx config templates.
  • Revert "change version information for release 2.1"
  • #1168758 by helmo | acrollet: Optionally add --include-vcs argument when using drush rsync to sync remote platform.
  • Extend provision_drupal_fetch_site with a parameter to specify site to fetch.
Need help?

Documentation

The notebook section provides a way for you to store and share information with your group members. With the book feature you can:

  • Add book pages and organize them hierarchically into different books.
  • Attach files to pages to share them with others.
  • Track changes that others have made and revert changes as necessary.
  • Archive books that are no longer of interest to the group. Archived books can be reactivated later if needed.

The revisions let you track differences between multiple versions of a post.