/
CHANGELOG.txt
3937 lines (3186 loc) · 185 KB
/
CHANGELOG.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
### Stable BOA-2.2.3 Release - Full Edition
### Date: Fri Apr 18 12:57:40 PDT 2014
### Includes Aegir 2.x-boa-custom version.
# Release Notes:
This release includes several bug fixes and security upgrades both for the
system services and Drupal core, along with three updated platforms and new
features, including support for MariaDB 10.0 and Ubuntu 14.04 LTS Trusty.
# Important - Read This First! (for self-hosted BOA only)
If you haven't run full barracuda+octopus upgrade to latest BOA Stable
Edition yet, don't use any partial upgrade modes explained in docs/UPGRADE.txt
Once new BOA Stable is released, you must run *full* upgrades with commands:
$ barracuda up-stable
$ octopus up-stable all both
For silent, logged mode with e-mail message sent once the upgrade is
complete, but no progress is displayed in the terminal window, you can run
alternatively, starting with screen session to avoid incomplete upgrade
if your SSH session will be closed for any reason before the upgrade
will complete:
$ screen
$ barracuda up-stable log
$ octopus up-stable all both log
Note that the silent, non-interactive mode will automatically say Y/Yes
to all prompts and is thus useful to run auto-upgrades scheduled in cron.
If you have skipped some recent BOA releases, and you have new default config
option: _PERMISSIONS_FIX=NO in your /root/.barracuda.cnf configuration file,
plus, you are not sure if you follow best practices for managing permissions
as recommended in our docs: https://omega8.cc/node/116 then we recommend
that you change it to _PERMISSIONS_FIX=YES temporarily, or even permanently
if your VPS is fast enough, and then run this powerful script as root:
$ bash /var/xdrago/daily.sh
# Updated Octopus platforms:
### Drupal 7.27.1
Guardr 1.3 ------------------- https://drupal.org/project/guardr
Open Atrium 2.17 ------------- https://drupal.org/project/openatrium
Recruiter 1.2 ---------------- https://drupal.org/project/recruiter
# New features and enhancements in this release:
* Add docs/FAQ.txt
* Add support for MariaDB 10.0 or 5.5 install via _DB_SERIES variable.
* Add support for Ubuntu 14.04 LTS Trusty.
* Improve auto-healing for multi-version PHP-FPM setup.
* Improve docs/UPGRADE.txt
* Improve health check for protected vhosts during live SSH-auth update.
* Nginx: More aggressive limits against spambots trying to register accounts.
# Changes in this release:
* Issue #GH-299 - Force disable LESS developer mode on production sites.
* Move custom scripts to /opt/local/bin/
* Nginx: Use higher defaults for limit_conn to avoid error 503 (CloudFlare)
* Normalize localhost entry in /etc/hosts to avoid FQDN mapped to 127.0.0.1
* PHP: Do not use separate FPM pool for cron if _PHP_FPM_DENY is empty.
# System upgrades in this release:
* MariaDB 5.5.37
# Fixes in this release:
* Add 'exit 0' line if missing.
* Add /opt/local/bin to PATH by default.
* Add symlinks for wrappers only temporarily.
* Add warning that Compass Tools install and upgrade may take a LONG time.
* Better gem uninstall options.
* Compass: Multiple fixes for various expected gems versions install/upgrades.
* Do not override lshell env_path in websh wrapper.
* Do not use monitored bin path for custom scripts to avoid LFD false alarms.
* Extra db GRANT for 127.0.0.1 not added when migrating site.
* Improve auto-healing to create required directories in /var/run/ if missing.
* Issue #2230269 - New Jetty 9 version overrides JETTY_PORT=8099 with 8080.
* Issue #2235991 - Drush make needs better exceptions in websh wrapper.
* Issue #2236475 - Clarify what the Legacy mode really means.
* Issue #2238965 - Add missing path to switch_to_bash().
* Issue #2241013 - Git commands should be whitelisted in websh wrapper.
* Issue #2241495 - wkhtmltopdf stopped working after upgrade.
* Issue #GH-301 - Update the list of restricted keywords for Octopus username.
* Issue #GH-304 - [rvm] use $_RUBY_VERSION as default.
* Make sure that permissions on Chive Manager dir/files are correct.
* Note: _SSL_FROM_SOURCES=YES is ignored and not needed on Wheezy and Precise.
* PHP: Add /opt/local/bin/php tmp symlink on barracuda/octopus upgrade.
* PHP: Allow to set custom _PHP_FPM_TIMEOUT but not lower than 60 (in seconds)
* PHP: Always respect _PHP_FPM_WORKERS variable if set to numeric value > 0
* PHP: pm.max_children was not properly updated on FPM version self-switch.
* PHP: Variable _PROCESS_MAX_FPM is not used on the Satellite Instance level.
* Remove the line with header TABLE_NAME (sqlmagic).
* Reset PATH to avoid RVM overrides after Compass Tools install/upgrade.
* Shell: Allow to run 'drush cache-clear drush' in any directory.
* The _PHP_MODERN_ONLY variable is no longer used.
* Ubuntu 14.04 LTS Trusty requires MariaDB 10.0
* Use hostname -b instead of deprecated hostname -v.
### Stable BOA-2.2.2 Release - Barracuda Edition
### Date: Tue Apr 8 07:24:18 PDT 2014
### Includes Aegir 2.x-boa-custom version.
# Release Notes:
This is a bug-fix only release to address issues discovered after recent
major BOA-2.2.0 and subsequent BOA-2.2.1 Releases.
The most important problem fixed in this Release is related to known OpenSSL
security issue, which has been fixed in OpenSSL 1.0.1g
To learn more please visit: http://heartbleed.com
@=> Note for those on self-hosted BOA (skip this if you are on a hosted Aegir)
We recommend that you enable _SSL_FROM_SOURCES=YES option in your system
/root/.barracuda.cnf file, to always build latest OpenSSL from sources.
Note that it will also trigger OpenSSH and cURL install from sources, plus
subsequent PHP rebuild to include latest SSL libraries.
Note that _SSL_FROM_SOURCES=YES will not force the build from sources on
Debian Wheezy and Ubuntu Precise, to avoid confirmed conflicts and because
both OS versions already provide custom, patched OpenSSL packages.
This Release doesn't include any updates to the Octopus installer, so there is
no point in running full upgrade. It is enough to run the barracuda only,
system upgrade in the "silent mode" with:
$ screen
$ barracuda up-stable system
The system will send you an e-mail with results when the upgrade is complete,
but there will be no upgrade progress displayed in the console. You can watch
it, if you prefer, with command (DATE/TIME are placeholders for real values):
$ tail -f /var/backups/reports/up/barracuda/DATE/barracuda-up-DATE-TIME.log
# System upgrades in this release:
* Nginx 1.5.13
* OpenSSL 1.0.1g (if installed from sources)
* PHP 5.4.27
* PHP 5.5.11
# Fixes in this release:
* Chive Authentication via SSH session may break Nginx due to race conditions.
* Drush specific dt() wrapper is required in Provision for custom platforms.
* Fix Compass Tools support for Omega (gems dependencies via bundle install).
* Fix default shell for system level cron tasks.
* Fix for csf firewall compatibility test.
* Force better health check on protected vhosts on live SSH-auth update.
* Improved health check for protected vhosts during live SSH-auth update.
* Issue #2229555 - On fresh boa install link missing durring install.
* Issue #2229715 - Tasks queue doesn't work on the Master Instance.
* Issue #2231093 - Add new line before 'UseDNS no' in the sshd_config file.
* Issue #2235991 - Drush make needs better exceptions in websh wrapper.
* Issue #294 - New Relic ext not installed even if _NEWRELIC_KEY is not empty.
* Nginx: Backup and re-create default wildcard SSL cert/key with rsa:4096
* Nginx: Generate 4096 bit long DH parameters when _NGINX_FORWARD_SECRECY=YES
* Normalize localhost entry in /etc/hosts to avoid FQDN mapped to 127.0.0.1
* PHP: Better default workers limits for the ondemand mode.
* PHP: max_input_time should be set to 180 and not 60, by default.
* PHP: Zend OPcache directive opcache.enable=1 must be set in all ini files.
* Reset PATH to avoid RVM overrides after Compass Tools install/upgrade.
* The 'scp' command is broken in limited shell.
* Too broad whitelisting breaks commands in limited shell with 'tmp' keyword.
* Too restrictive open_basedir defaults break access to valid PEAR paths.
* Too restrictive open_basedir defaults break access to valid Tika paths.
* Use rsa:4096 by default in self-signed certs for Nginx and FTPS.
### Stable BOA-2.2.1 Release - Full Edition
### Date: Tue Apr 1 10:28:45 SGT 2014
### Includes Aegir 2.x-boa-custom version.
# Release Notes:
This is a bug-fix only release to address issues discovered after recent
major BOA-2.2.0 Release.
# Fixes in this release:
* Chive Authentication via SSH session doesn't work on some older instances.
* Compass Tools don't use correct paths to Ruby 2.1.1
* Cron for sites doesn't work on old instances without Nginx wildcard vhost.
* FTPS (FTP over SSL) connections may experience TLS problems.
* PHP: Disabled 'assert' may cause warnings on features revert.
* PHP: Disabled 'create_function' may break some contrib modules or code.
* The 'git pull' command is broken in limited shell.
* The 'rsync' command is broken in limited shell.
* The 'drush dl foo' command can't be run outside of site directory.
# Known Issues on systems upgraded to BOA-2.2.1 (and 2.2.0) releases
==> Updated on Tue Apr 8 01:26:47 PDT 2014
@=> Issues fixed in BOA head (running the hotfix in stable is enough):
* Chive Authentication via SSH session may break Nginx due to race conditions.
* Drush specific dt() wrapper is required in Provision for custom platforms.
* Issue #2229715 - Tasks queue doesn't work on the Master Instance.
* PHP: max_input_time should be set to 180 and not 60, by default.
* The 'scp' command is broken in limited shell.
* Too broad whitelisting breaks commands in limited shell with 'tmp' keyword.
* Too restrictive open_basedir defaults break access to valid Tika paths.
* Zend OPcache directive opcache.enable=1 must be set in all php.ini files.
To fix all those problems you can run as root on self-hosted system:
$ wget -q -U iCab http://files.aegir.cc/update/boa221fix.txt
$ bash boa221fix.txt
We have fixed this on all hosted and remotely managed Aegir instances already.
@=> Other issues fixed in BOA head (run 'barracuda up-head system' to apply):
* PHP: New Relic extension not installed even if _NEWRELIC_KEY is not empty.
* Too restrictive open_basedir defaults break access to valid PEAR paths.
### Stable BOA-2.2.0 Release - Full Edition
### Date: Mon Mar 31 06:44:08 SGT 2014
### Includes Aegir 2.x-boa-custom version.
# Release Notes:
There are many important changes and improvements in this release
you should be aware of *before* running your BOA system upgrade.
Even if you are on a hosted BOA system with upgrades managed for you,
it is very important to read at least this extensive release notes.
Here is a list of topics covered in detail further below:
* New 'legacy' mode available for installs and upgrades
* Important Note For Those Using Our Hosted Aegir Service!
* Custom php.ini protection has changed and will not honor old settings
* Barracuda no longer supports Percona since 2.2.0 release
* Support for PHP FPM/CLI version safe switch per Octopus instance
* All PHP FPM workers in 5.5, 5.4 and 5.3 now use the 'ondemand' mode
* Drush aliases are now automatically copied to all relevant accounts
* Drush is now restricted to use only trusted modules installed by default
* The ~/.drush and other important directories and symlinks are protected
* Support for safely configurable cache bins exceptions in Redis
* Two-Factor-like Authentication to protect access to Chive DB Manager
* Support for session.cookie_lifetime configurable via INI files
* Support for files permissions-fix exceptions via platform level INI file
* High-performance JavaScript callback handler (js) in all platforms
And if you are more curious, read also the big changelog further below,
which covers only a small number of over 560 commits since BOA-2.1.3 release.
But what if you are not ready for this major upgrade and you would like
to have more time for testing, but still be able to run system upgrades,
thus effectively still using previous version 2.1.3 with standard command
'barracuda up-stable system', as explained in the docs/UPGRADE.txt?
#-### New 'legacy' mode available for installs and upgrades
We are introducing special 'legacy' mode both for BOA installs and upgrades.
This means that starting with BOA-2.2.0 you can use commands like:
$ boa in-legacy public server.mydomain.org my@email o1
$ barracuda up-legacy system
$ octopus up-legacy o1
etc.
These special 'legacy' commands allow you to install and/or upgrade the 'old
stable', once the 'new stable' is released. But only until another 'stable'
is released, of course. Thus you can use it only as an interim solution
if you are not yet ready for latest 'stable' BOA Edition, for any reason,
but you want to update at least the low level system packages, kernel etc.
Note also that if you will upgrade to current 'stable', it is not possible
to downgrade back to the 'old stable' with 'legacy' mode, so please proceed
with care!
This option will be particularly important once we release *next* major BOA
Edition. It will come with terminated support for Drush 4, Drupal 5 and, yes,
PHP 5.2 (finally). This step is required to use latest Drush 6+ with supported
Drupal cores versions and supported PHP versions, which in fact is required
to introduce the real Aegir 2.0 in BOA -- we are still using older, customized
for backward compatibility, Aegir 2 HEAD version, so it is time to move on and
stay up to date with everything, get new features like ability to manage
Drupal sites in subdirectories etc.
Once that *next* major BOA Edition is released, we will freeze the 'legacy'
mode at 2.2.x series level, which will receive only security upgrades and
no further feature nor bugfix releases. At that point you will have to stick
to the 'legacy' BOA version if you will need to run PHP 5.2 and Drupal 5
with Aegir based on Drush 4. It will be still possible, but not recommended
and not really supported, besides security related issues outside of Drupal.
This also means that at that point the 'legacy' version will no longer
receive Drupal core upgrades, even if there will be security core releases.
Note that we don't use the term "major release" in the known convention
for versions naming. It is because the first digit, for historical reasons,
refers to the Aegir version supported, the second digit refers to BOA stack
major release, and the last digit refers to both feature and bugfix BOA
stack upgrades.
#-### Important Note For Those Using Our Hosted Aegir Service!
NOW is the time (and last chance) to upgrade all your legacy Drupal 5 sites
and outdated Drupal 6 sites still not compatible with at least PHP 5.3,
because once we upgrade to the *next* major BOA Edition, it will be no longer
possible to still run Drupal sites not compatible with PHP 5.3 -- there
were literally years of this legacy support provided, and this finally
comes to the end, because we will not use the BOA 'legacy' mode on our own
servers. It will be still available for remotely managed 'Aegir on Your Own
Server' option, though, but only on request: https://omega8.cc/support
#-### Custom php.ini protection has changed and will not honor old settings
If you have custom settings in any of your php.ini files protected with
old variable in the /root/.barracuda.cnf, make a backup of your ini files
before running this upgrade. While these files will not get overwritten,
they will no longer be used, because we have introduced new, standardized
directory structure to properly support multi-PHP-versions systems.
Respective php.ini files are now located in /opt/phpXX/etc/phpXX.ini
for FPM and /opt/phpXX/lib/php.ini for CLI, where XX is 55, 54, 53 or 52,
depending on the versions listed via _PHP_MULTI_INSTALL variable in the
/root/.barracuda.cnf file. Also the variables used to protect ini files
from being overwritten have changed to _CUSTOM_CONFIG_PHPXX.
If you need any non-standard settings in any of active ini files, don't
overwrite them with the old files, but rather carefully review and apply
only the differences you need.
#-### Barracuda no longer supports Percona since 2.2.0 release
If you have used Percona before, Barracuda will force upgrade to MariaDB 5.5
and PHP rebuild automatically. We plan to add possibility to install
MariaDB 10.0 once released as stable and tested. MariaDB is the default
DB server in Barracuda for a long time already.
#-### Support for PHP FPM/CLI version safe switch per Octopus instance
This allows to easily switch PHP version by the instance owner w/o system
admin (root) help. All you need to do is to create ~/static/control/fpm.info
and ~/static/control/cli.info file with a single line telling the system
which available PHP version should be used (if installed): 5.5 or 5.4 or 5.3
Only one of them can be set, but you can use separate versions for web access
(fpm.info) and the Aegir backend (cli.info). The system will switch versions
defined via these control files in 5 minutes or less. We use external control
files and not any option in the Aegir interface to make sure you will never
lock yourself by switching to version which may cause unexpected problems.
Note that the same version will be used in all platforms and all sites hosted
on the same Octopus instance. Why not to try latest and greatest PHP 5.5 now?
#-### All PHP FPM workers in 5.5, 5.4 and 5.3 now use the 'ondemand' mode
This change will help to better manage memory use, especially on systems with
multiple PHP versions running in parallel. This will also free resources
and allocate them dynamically only when requests are coming and only to
the active FPM pools. Note that the 'ondemand' mode doesn't affect Zend
OPcache, because it is managed by the parent process(es) which stay(s) active.
The net result is that on a vanilla BOA install, without non-hostmaster sites
running, the complete stack consumes just ~200 MB of RAM (in total, so with
MariaDB, Redis and Nginx etc. included) with all three PHP-FPM versions
running in parallel: 5.5, 5.4 and 5.3:
CPU[#* 2.0%]
Mem[|||||||||||||###***********************************209/1002MB]
Swp[ 0/0MB]
magic:~# ps axf | grep fpm
8380 ? Ss 0:00 php-fpm: master process (/opt/php55/etc/php55-fpm.conf)
8391 ? Ss 0:00 php-fpm: master process (/opt/php54/etc/php54-fpm.conf)
8402 ? Ss 0:00 php-fpm: master process (/opt/php53/etc/php53-fpm.conf)
magic:~#
#-### Drush aliases are now automatically copied to all relevant accounts
While Aegir manages Drush aliases for its backend needs, they are normally
not available for the main nor the extra shell users on the instance.
But starting with 2.2.0, BOA automatically manages copies of all Drush
aliases, by adding them, updating or removing, every 5 minutes, once it
detects that there are changes applied, like: the site has been migrated
to another platform, or associated client/owner has been updated, etc.
You no longer need to `cd` to the respective site directory to perform
some available Drush tasks. Just check the available aliases list with
`drush aliases` and then enjoy the beauty of `drush @foo.com command` syntax.
#-### Drush is now restricted to use only trusted modules installed by default
Note: this change affects only Aegir backend/system user, typically o1,
while all other limited shell accounts are not affected, because they are
already individually jailed with protected custom php.ini and special
Drush wrappers and settings.
This means that you can skip this section if you are on a hosted Aegir.
Customized Drush now included in BOA by default, will be able to use only
extensions/commands bundled with contrib modules which are either a part
of modules added in every platform via shared o_contrib/o_contrib_seven
symlink located in the platform core modules directory, or are included
in the built-in platforms installation profiles space, or in the system
account, protected .drush sub-directory.
This means that any Drush extension/command bundled with contrib module
uploaded to the sites/all/modules space in all built-in platforms will be
ignored and not available on command line for the backend user. The same
applies to site level contrib space, if used.
Additionally, any Drush extension/command bundled with custom platforms
located in the ~/static directory tree will be completely ignored by Drush,
no matter where uploaded: core, profiles, sites/all or sites/foo.com space.
This is not a problem in hosted environments, where users normally never
should have an access to the Aegir backend user, anyway.
If you have any reason to use Drush on command line as an Aegir backend/system
user, for example to escape limited shell restrictions, we recommend to
install vanilla Drush 6, for example in /opt/tools/drush/vanilla/drush/ and
then symlink it into /usr/local/bin/ with custom name, so it will be available
automatically in your backend o1 user's PATH.
Further improvements to secure sites and instances in a completely locked
virtual jails are planned in next BOA releases, which will address all other
known and even potential security issues in Aegir.
#-### The ~/.drush and other important directories and symlinks are protected
There are directories, files and symlinks which should be protected from
any changes and managed exclusively by the BOA system. The reasons may vary
from security to avoidable support requests when the less experienced user
will delete his sites or platforms symlinks, while they can't be easily nor
automatically recreated. It also prevents the sub-accounts users from using
their account home directory as a private upload/archive disk space.
#-### Support for safely configurable cache bins exceptions in Redis
Sometimes you may want to exclude some problematic cache bins from Redis
so they will use default SQL engine, at least until related issue will be
fixed either in your contrib code or in the Redis integration module.
Normally you had to edit the local.settings.php file which is both tedious
and dangerous because of extra steps: https://omega8.cc/node/230 to add
a line, for example: $conf['cache_class_cache_foo'] = 'DrupalDatabaseCache';
Plus, it had to be done for every site separately.
Now you can simply list the cache bins to exclude, comma separated, either
in the site or platform level active INI file.
Example: redis_exclude_bins = "cache_views,cache_foo,cache_bar"
#-### Two-Factor-like Authentication to protect access to Chive DB Manager
We are introducing Two-Factor-like Authentication logic - now extended also
to protect Chive DB Manager, Collectd Graph Panel and SQL Buddy DB Manager.
You must be logged in via SSH and run any auto-continuos command, for example:
`ping -i 30 google.com` to keep the access open for your IP address.
Why is this important?
While BOA forces HTTPS connection for Chive, anyone who knows the URL can
access it and attempt to either run brute-force attack to get into your
site's database, or at least attempt to hammer the server and cause DoS-like
effects, at least until the system will block his IP on the firewall.
The other important reason is that your site's DB credentials change only
when you migrate or rename the site, and otherwise remain intact. Now, what
if you have an employee or a freelancer whom you no longer want to be able
to access your site? If you think that deleting his SFTP sub-account is
enough, think again. He still can access your site's database via Chive, if
he knows the site's DB credentials and the Chive URL.
But now it's no longer possible. Only the visitor who is able to successfully
authenticate himself via SSH, and keeps active SSH session, will be able
to access the Chive URL. The rest of the world will see just dummy Nginx 403
Access Denied error.
And in case you are using self-hosted BOA, the same protection is applied
also to Collectd Graph Panel and SQL Buddy DB Manager.
#-### Support for session.cookie_lifetime configurable via INI files
You can control session cookies expiration (TTL) per site and per platform.
The value (in seconds) of the session_cookie_ttl variable is used as
session.cookie_lifetime value.
BOA default defined in the system level global.inc file is 86400 == 24h.
We also recommend that you enable and configure built-in session_expire
module, which allows you to keep the sessions DB table tidy. Make sure that
TTL set via session_cookie_ttl variable is *lower* than TTL configured
in the session_expire module, because the module does not care about PHP
settings and simply deletes old entries from the sessions table on cron run.
#-### Support for files permissions-fix exceptions via platform level INI file
You can opt-out from globally enabled daily-permissions-fix procedure per
platform with new fix_files_permissions_daily variable.
This feature can be useful when you prefer to manage custom platform in
a monolithic codebase mode in Git, so forcing permissions could conflict
with your workflow or development tools. Otherwise you should never disable
this to avoid issues with Aegir tasks related to sites on this platform.
Note that the system level option _PERMISSIONS_FIX (introduced in BOA-2.1.0
and set to NO by default) should be also enabled with YES in the system level
/root/.barracuda.cnf file, if you prefer to have permissions fixed in all
sites on all platforms, except those with fix_files_permissions_daily = FALSE
set in the platform level, active INI file.
#-### High-performance JavaScript callback handler (js) in all platforms
All platforms, both built-in and custom in the ~/static directory tree, enjoy
automatically added High-performance JavaScript callback handler (js) support,
which requires extra /js.php file in the platform root and also proper Nginx
rewrites. The module itself is also included in the built-in o_contrib bundle.
All you need is to enable the module, if recommended by any other module,
and enjoy much faster page generation, where possible. You can review the
full list of modules which will benefit from this great helper module on its
project page: https://drupal.org/project/js
Enjoy another super-fast and even more powerful BOA Edition!
# New Octopus platforms:
### Drupal 7.26.4
Guardr 1.1 ------------------- https://drupal.org/project/guardr
# Updated Octopus platforms:
### Drupal 7.26.4
Commerce 1.24 ---------------- https://drupal.org/project/commerce_kickstart
Commerce 2.13 ---------------- https://drupal.org/project/commerce_kickstart
Commons 3.9.1 ---------------- https://drupal.org/project/commons
Drupal 7.26.4 ---------------- https://drupal.org/drupal-7.26
Open Academy 1.0 ------------- https://drupal.org/project/openacademy
Open Atrium 2.15 ------------- https://drupal.org/project/openatrium
Open Deals 1.32 -------------- https://drupal.org/project/opendeals
Open Outreach 1.5 ------------ https://drupal.org/project/openoutreach
OpenBlog 1.0-a3 -------------- https://drupal.org/project/openblog
OpenChurch 1.12 -------------- https://drupal.org/project/openchurch
OpenScholar 3.12.1 ----------- http://theopenscholar.org
Panopoly 1.2 ----------------- https://drupal.org/project/panopoly
Recruiter 1.1.2 -------------- https://drupal.org/project/recruiter
Spark 1.0-b1 ----------------- https://drupal.org/project/spark
Totem 1.1.2 ------------------ https://drupal.org/project/totem
Ubercart 3.6 ----------------- https://drupal.org/project/ubercart
### Pressflow 6.30.1
Commons 2.16 ----------------- https://drupal.org/project/commons
Feature Server 1.2 ----------- http://bit.ly/fserver
Managing News 1.2.4 ---------- https://drupal.org/project/managingnews
Open Atrium 1.7.2 ------------ https://drupal.org/project/openatrium
Pressflow 6.30.1 ------------- http://pressflow.org
Ubercart 2.13 ---------------- https://drupal.org/project/ubercart
# New features and enhancements in this release:
* Add High-performance JavaScript callback handler (js) in all platforms.
* Add session_expire module to shared contrib space in all platforms.
* Add support for session.cookie_lifetime configurable via INI variable.
* Allow to control swap clear with control file /root/.no.swap.clear.cnf
* Auto-Update all BOA install and upgrade wrappers daily.
* Default system /bin/sh symlink target replaced with /bin/websh wrapper.
* Disable tcp_slow_start_after_idle for better SPDY performance.
* Improve the logic in the global.inc for faster processing.
* Issue #1217486 - Add o_contrib symlinks on platform Verify task.
* Issue #1310054 - Add support for drush aliases in all lshell accounts.
* Issue #2148335 - Add Default Localhost Vhost.
* Issue #2166641 - Make hard-coded load thresholds configurable.
* Issue #2170079 - Use _CUSTOM_CONFIG_LSHELL to protect lshell.conf template.
* Issue #2226919 - Custom Platforms in Version Control (skip permissions fix).
* Lshell: Update /etc/lshell.conf only when required instead of every 5 min.
* Manage extra db GRANT for 127.0.0.1 to allow SSH tunneling for SQL access.
* New option _REDIS_LISTEN_MODE to configure PORT or SOCKET mode globally.
* Nginx: Add support for protected PHP-FPM monitor.
* Nginx: Force aggressive no-cache headers for the under construction page.
* Nginx: Switch to buffered logging when /root/.high_traffic.cnf exists.
* PHP: Add support for FPM/CLI version safe switch per Octopus instance.
* PHP: Allow to install and run all supported versions: 5.5, 5.4, 5.3, 5.2
* PHP: Extra php.ini files automatically managed per system and shell user.
* PHP: FPM workers in 5.5, 5.4 and 5.3 will use 'ondemand' mode by default.
* PHP: Use separate FPM pools per Octopus instance.
* PHP: Use TCP Socket mode for all FPM pools and Port mode for legacy vhosts.
* Protect ~/.drush and other important directories and symlinks from changes.
* Redis: Allow to exclude cache bins on the fly, per site or per platform.
* Save 295 seconds on BOA Install and Upgrade.
* Set and auto-manage strict permissions on some important config files.
* Set PHP CLI version in the /bin/websh wrapper on the fly.
* Use Two-Factor-like Authentication logic for Chive DB Manager access.
* Improve `sqlmagic fix file.sql` to properly replace INSERT INTO with
INSERT IGNORE INTO (a workaround for duplicate keys in the DB dump)
* Use the same trick with modules/local-allow.info to temporarily make
civicrm.settings.php writable, if exists.
# Changes in this release:
* Add ~/static/trash/* to automatic daily cleanup.
* Add coder to auto-disabled modules -- see #2068771
* Allow 'drush uli' as root, but deny root access to Drush by default.
* Disable D8 install via _ALLOW_UNSUPPORTED until next release.
* Do not enable SYNFLOOD protection by default.
* Do not force old_short_name in any profile file directly.
* Firewall: Allow to connect to Apple Push Notification service (APNs)
* Issue #289 - Update lshell env_path for RVM and install/update global gems.
* Issue #292 - Open standard RTMP port 1935.
* Lshell: Use latest Drush 6 (master) by default and remove other versions.
* Nginx and PHP-FPM: Better default timeout limits.
* Nginx: Add apk, pxl, ipa to known mime types / download extensions.
* Nginx: Use text/xml mime type for .xml URLs and restore other mime defaults.
* Open local access for web based sites cron.
* Open outgoing port 2525 for custom SMTP connections.
* Percona DB server is no longer supported.
* PHP: Always build from sources.
* PHP: Disable 5.2 FPM if installed, but not used.
* PHP: Only critical errors are enabled by default in the CLI mode.
* PHP: Reloading FPM hourly no longer makes any sense.
* PHP: Remove support for deprecated APC and Memcached.
* PHP: Restore MailParse support - 2.1.6
* PHP: Use aggressive disable_functions defaults (further tuned per FPM pool).
* Redis: Integration module (the modern variant) upgrade to 7.x-2.x-o8-2.6-A
* Redis: Use modern version with enabled fast lock and aggressive flush mode.
* Remove insecure exception for wkhtmltopdf uploaded in the user space.
* Rename master repository on GitHub from legacy nginx-for-drupal to boa.
* Set _STRICT_BIN_PERMISSIONS=YES by default.
* Upgrade Compass Tools on every upgrade, not just on new BOA release.
* Use 60s opcache.revalidate_freq by default to save disk I/O on live sites.
* Use Ruby Version Manager (RVM) by default to manage Compass Tools etc.
* Use RVM for global gem installation and updates.
* Use search_api_solr-7.x-1.4 for new installs.
* Use web based cron by default to benefit from Zend OPcache.
* Do not check existence nor auto-config Purge/Expire unless INI variable
purge_expire_auto_configuration is set to TRUE (automatically, when
the module is detected as enabled).
* New naming convention for Ubercart 3.x platforms: [ud2] to support upgrades
from uberdrupal profile, and [aq3] to support upgrades from acquia profile.
Note that you have to choose Vanilla Testing profile to see [ud2] or
Vanilla Minimal to see [aq3] platform in the Add Site form.
* GitHub is now our main repository, we re-open the issue queue there
for patches merge requests, while d.o has a code mirror status from now on.
* Make it crystal clear that Ubuntu is barely supported, rarely tested and
thus not recommended.
* The "Run cron" extra task has been removed for security reasons. Site cron
can be run either via standard, scheduled in Aegir procedure, which uses
local, but web based request to the protected /cron.php URL, or on command
line, or from the site admin area, as usual.
# System upgrades in this release:
* Bazaar Version Control System (bzr) 2.6.0
* Collectd Graph Panel (CGP) master-30-03-2014
* cURL 7.36.0 (if installed from sources)
* Git 1.9.1 (if installed from sources)
* Jetty 7.6.14, 8.1.14, 9.1.3
* Limited Shell 0.9.16.5-om8
* MariaDB 5.5.36
* MySecureShell 1.32
* Nginx 1.5.12
* OpenSSH 6.6p1 (if installed from sources)
* OpenSSL 1.0.1f (if installed from sources)
* PHP 5.4.26
* PHP 5.5.10
* PHP: Imagick 3.1.2
* PHP: ionCube loader 4.5.3
* PHP: MongoDB 1.4.5 (optional add-on)
* PHP: Zend OPcache master-09-03-2014
* PHPRedis: master-22-03-2014
* Redis 2.8.8
* Ruby 2.1.1 (from now on compiled from sources)
# Fixes in this release:
* Add fix_collectd_nginx for Collectd config update.
* Add missing panopoly_demo app in the Panopoly distro to fix broken install.
* Add missing variables to active INI files, if needed.
* Avoid way too long Speed Booster TTL for bots, especially for rss feeds.
* Changing old_short_name mapping to: uberdrupal->testing and acquia->minimal
* Do not force old_short_name if already set in db/drushrc.
* Do not run swap clean when heavy tasks like cdp backup run.
* Drush: Simplify and improve access restrictions logic when aliases are used.
* Excessive and useless Drush internal cache clear in daily.sh removed.
* Fix default PATH in all sub-scripts.
* Fix for broken cURL from sources install logic.
* Fix for drush make broken by websh fix for cd wildcard crash fix.
* Fix for multi-IP cron access.
* Fix missing /dev/fd early enough to avoid broken tasks in Aegir.
* Fix the logic in manage_ip_auth_access()
* Fix to avoid daily services maintenance/cron freeze if Jetty didn't stop.
* Force backward compatible SERVER_SOFTWARE to silence core warnings.
* Force OpenSSH rebuild on OpenSSL upgrade (if installed from sources).
* Issue #1317322 - Filters UI broken.
* Issue #1991908 - Fix the syslog flood caused by collectd df plugin.
* Issue #2057213 - Use better SQL GRANT style.
* Issue #2110589 - Unable to install BOA correctly on Debian 6.0 and OpenVZ
* Issue #2141283 - Drush aliases like `drush dbup` no longer work properly.
* Issue #2144801 - Display bug on add site.
* Issue #2144947 - Install new Ruby for better compatibility with new gems.
* Issue #2150557 - Make the check and update procedure for UseDNS safe.
* Issue #2152383 - Fix for [js module] - add js_server_software variable.
* Issue #2159881 - Drush is broken because Console_Table URL no longer works.
* Issue #2161115 - AdvAgg: Strictly follow RFC 2616 14.21
* Issue #2167141 - Do not exclude --with-ldap --with-gmp in the PHP on Wheezy.
* Issue #2172089 - Fix for syntax error.
* Issue #2173209 - Do not use legacy (removed) symlink for version check.
* Issue #2175197 - Regex configuration not matching esi/ssi tags.
* Issue #2177837 - process.max not set correctly for PHP 5.5 and 5.4
* Issue #2182671 - Solr 4 with Jetty 8 does not start after upgrade.
* Issue #2188907 - Update docs criteria for not rebuilding ssh, ssl, and curl.
* Issue #2199229 - CiviCRM 4.4.4 Requires change in the Nginx configuration.
* Issue #288 - SMTP Authentication Module depends on fsockopen.
* Lshell: Fix for crash on wildcard cd.
* Lshell: Remove symlinks for legacy drush_make.
* Modules can be incorrectly whitelisted from dis by installation profile.
* Nginx: Add exceptions for known video players.
* Nginx: Avoid downtime on upgrade because of too low variables_hash_max_size
* Nginx: Better gzip defaults.
* Nginx: Default value of variables_hash_max_size is too low.
* Nginx: Do not overwrite gzip_types.
* Nginx: Improve fastcgi defaults.
* Nginx: Remove too broad regex for 'flag' keyword in the URI.
* Nginx: Send Access-Control-Allow-Origin * header also for /favicon.ico
* Nginx: Use port 9090 in nginx_octopus_include.conf by default (PHP-FPM 5.3)
* Nginx: Use Redirect 301 for legacy paths /sites/default/files/*
* Once you have next 2.3.x installed, you can't downgrade to legacy 2.2.x
* PHP: Add protection for instance level php.ini files.
* PHP: Fix for broken build when --with-ldap is used.
* PHP: Fix for broken dependencies in newer Debian and Ubuntu systems.
* PHP: Fix for forced rebuild mode if lib curl is broken or updated with apt.
* PHP: Fix for GEOS 3.4.2 and multi-version install.
* PHP: Fix for legacy 5.2 logic.
* PHP: Force 5.5 to use correct SQL drivers so its built-in will not be used.
* PHP: Reduce duplicate rebuilds.
* PHP: The --with-curlwrappers option has been removed in 5.5
* Redis: Auto-Restart if socket is missing only when socket mode is enabled.
* Redis: Exclude cache_form bin or it will break modules like ajax_comments.
* Redis: Force clean restart daily, with long enough sleep time.
* Redis: Restore pwd protection.
* Redis: The cache_metatag bin needs aggressive flush mode -- see #2062379
* Reduce system load during db backups with short delays between databases.
* Remove collectd on major system upgrade even if /var/www/cgp doesn't exist.
* Silence AIS (Adaptive Image Styles) module .htaccess requirements.
* Sort and group cnf variables to bring some order into this chaos.
* Symlink main drush wrapper to shared location outside of Master Instance.
* Update for Redis bins exceptions logic.
* Update system load check method in all scripts.
* Use forced Jetty restart mode.
* Use https in the welcome screen image src URL.
* Use IPv4-strict hostname and IP checks only.
# Known Issues on systems upgraded to BOA-2.2.0 release (all fixed)
==> Updated on Tue Apr 1 12:20:27 SGT 2014
@=> Issues hot-fixed in stable (run 'barracuda up-stable system' to apply):
* Compass Tools don't use correct paths to Ruby 2.1.1
* Chive Authentication via SSH session doesn't work on some older instances.
* PHP: Disabled 'create_function' may break some contrib modules or code.
* PHP: Disabled 'assert' may cause warnings on features revert.
* Cron for sites doesn't work on old instances without Nginx wildcard vhost.
* The 'git pull' command is broken in limited shell.
* FTPS (FTP over SSL) connections may experience TLS problems.
* The 'rsync' command is broken in limited shell.
* The drush dl foo can't be run outside of site directory.
### Stable BOA-2.1.3 Release - Full Edition
### Date: Thu Nov 21 17:55:47 SGT 2013
### Includes Aegir 2.x-boa-custom version.
# Release Notes:
This release provides Drupal 7.24.1 and Pressflow 6.29.1 core security upgrade
for all supported distributions. It also includes two updated platforms and
several fixes for issues discovered since BOA-2.1.2 released 3 days ago, plus
some clever improvements to help you automatically optimize all tables daily,
or even automatically convert tables to-innodb or to-myisam, either per site
or per platform, or per entire Octopus instance. There is also Purge Cruft
Machine available to run some spring-cleaning daily with configurable TTL.
Enjoy another super-fast and even more clever BOA Edition!
# Updated Octopus platforms:
### Drupal 7.24.1
Open Atrium 2.0.9 ------------ http://drupal.org/project/openatrium
OpenScholar 3.9.3 ------------ http://openscholar.harvard.edu
# New features and enhancements in this release:
* Purge Cruft Machine moved to daily.sh agent and made configurable
with _DEL_OLD_BACKUPS and _DEL_OLD_TMP per Octopus instance.
If changed to any number greater than "0" it will automatically delete
backups stored in the /data/disk/U/backups/ directory and in all hosted
sites backup_migrate directories, during daily cleanup, if created more
than X days ago, where X is a number of days defined in _DEL_OLD_BACKUPS.
If "0" then this feature is disabled. It can't be configured via INI files,
so you may need to submit support request if you want to customize this
option set to 7 days by default on all hosted instances, as per our
backups policy: https://omega8.cc/backups
The same logic applies to _DEL_OLD_TMP which defines for how long the
temporary files in all hosted sites files/tmp/ and private/temp/ directories
are kept before deleting them during running daily maintenance.
* Added sql_conversion_mode variable in the platform and site level INI
to customize instance-wide mode optionally set via _SQL_CONVERT.
This option allows to activate and/or customize DB tables conversion
per site, per platform and via _SQL_CONVERT per Octopus instance.
Supported values are: innodb and myisam (lowercase only!)
Note that this conversion will run daily even if all tables have been
already converted, so it will run OPTIMIZE on all tables, effectively.
Related Issue #2126471 - Convert DB engine control files to ini format.
# Changes in this release:
* Allow to install unsupported distros only in head, not stable.
* Contrib update: advagg-7.x-2.3
* Map drush to drush6 on command line. You can still use drush4 and drush5.
* New contrib: display_cache
* New contrib: panels_content_cache
* Nginx 1.5.7 -- security upgrade.
* Use dev versions of CDN module with patch for AdvAgg 7 compatibility.
* Use Drush 5 and 6 head until next release.
# Fixes in this release:
* Always cleanup temp downloads to avoid failed builds due to leftovers.
* Always fix permissions on contrib on upgrade and in daily.sh agent.
* Better auto-recovery when broken libcurl is detected.
* Delete any tar/gz/zip files in modules|themes|libraries daily.
* Delete dangerous local-allow.info file.
* Display all active INI variables in HTTP headers on dev URLs.
* Fix for cron auto-correction.
* Fix for Feature Server broken due to incorrect context version downloaded.
* Fix the logic for cURL install from sources.
* Nginx: Add Access-Control-Allow-Origin header also for static .json
* Nginx: Protect also .md files in modules|themes|libraries dirs.
* Issue #2137583 - Permissions on the site directory are broken after running,
how ironically, the Health Check task.
* Issue #2138811 - Maintenance agent disables modules from its standard
turn-off list, even if they are required by other modules, apps or features.
# Known Issues on systems upgraded to initial BOA-2.1.3 release
==> Updated on Thu Nov 28 18:33:58 SGT 2013.
@=> Issues which will trigger `barracuda up-stable system` if discovered:
* PHP: Fix for broken cURL from sources install logic.
* PHP: Fix for forced rebuild mode if lib curl is broken or updated.
* PHP: Fix for legacy 5.2 rebuild required when broken libcurl is detected.
* Use dummy variable instead of 'true' to avoid breaking the logic.
@=> Issues which will NOT trigger `barracuda up-stable system` if discovered:
* Add coder to the auto-disabled modules list -- see #2068771
* Excessive and useless Drush internal cache clear in daily.sh
* Issue #2141283 - Drush aliases like `drush dbup` no longer work properly.
* Issue #8215957 - Invalid version type error in old Drush Make.
* MariaDB 5.5.34 just released.
* Redis: Incorrect permissions on the integration module directory.
* Modules can be incorrectly whitelisted by installation profile and
never disabled, while they should be.
# HotFix for known post-upgrade issues
Run the boa-fix-upgrade script when logged in as system root:
$ cd;rm -f boa-fix-upgrade.sh.txt*
$ wget -q -U iCab http://files.aegir.cc/update/boa-fix-upgrade.sh.txt
$ bash boa-fix-upgrade.sh.txt
This script is updated once there is any new regression or bug discovered,
so it is safe and recommended to run it again if the list of known issues
have been updated. Note that this script will detect and fix all Octopus
instances on your system at once.
### Stable BOA-2.1.2 Release - Full Edition
### Date: Mon Nov 18 00:03:30 SGT 2013
### Includes Aegir 2.x-boa-custom version.
# Release Notes:
This is primarily a bug-fix release and you should read release notes and
also the changelog for both BOA-2.1.1 and BOA-2.1.0 for a context, especially
if you are upgrading from BOA-2.0.9 or older release (we have tested upgrades
from as old Editions as BOA-2.0.1, released on Dec 28 07:00:00 EST 2011).
This Edition includes fixes for all Known Issues on systems already upgraded
to initial BOA-2.1.1 release, plus some extra improvements and one updated
platform (Managing News).
Important new features include ability to use either legacy (default) or
modern (highly recommended) version of Redis integration module.
The reason we don't enable the modern version by default is that it may need
some testing before using it on a complex Drupal sites. The modern version
of Redis integration module comes with some great new features which allow
you to configure flush mode per cache bin, with three modes available.
Please refer to the module README for more information on all available
advanced flush modes: http://bit.ly/1drmi35
It also comes with super-fast lock backend, which can be enabled only when
you are using the modern version, but still needs more improvements, so we
auto-configure some exceptions on the fly, when it is used, to avoid known
issues, as reported in the queue: https://drupal.org/node/2135545
Please read also INI docs to understand how it works, and how to improve
performance by enabling and tuning these settings: http://bit.ly/1bwfZZj
Enjoy!
# Updated Octopus platforms:
### Pressflow 6.28.3
Managing News 1.2.4 ---------- http://drupal.org/project/managingnews
# New features and enhancements in this release:
* Redis: Modern integration module 7.x-2.5 with latest fixes from #2135545
is available as an option with new INI variable: redis_use_modern
* Redis: New option redis_flush_forced_mode to better control flush modes
when redis_use_modern = TRUE
* Add example for custom Speed Booster cache TTL configuration in the optional
override.global.inc file. It can be used also in local.settings.php file.
* Add detection and auto-config for the allow_private_file_downloads variable.
* Issue #1978066 - Add _RESERVED_RAM variable for "reserved" memory.
* Map all old_short_name profiles relations in the Aegir Provision directly.
# Updated Aegir modules or extensions:
* Newer aegir_custom_settings 6.x-2.3 with site clone added for client role.
* Newer registry_rebuild 7.x-2.1 with fixed critical bug - see: #2130905
# Changes in this release:
* Auto-Disable views_cache_bully also when Ubercart is enabled.
* Do not delete testing profile, we need it for acquia->testing upgrade path.
* Do not map old_short_name on the Octopus level, it is moved to Provision.
* Make ACTIVE INI files comments-free to never confuse them with templates.
* Make the fix for known Feeds problem global, not just ManagingNews specific.
* PHP: 5.4.22 and 5.5.6 as an option (for testing only).
* PHP: Use latest (master) phpredis_new by default.
* Redis: Default integration module version reverted to pre-7.x-2.0 release.
* Redis: Force rebuild on system upgrade to update also Redis config.
* Redis: Make redis_lock_enable available only when redis_use_modern = TRUE
* Set opcache.revalidate_freq to 5 sec only on non-dev URLs by default.
* Switch Ubercart 3 to use D7 Minimal instead if Standard to fix upgrade path.
* Update prev release notes to explain importance of using latest Pressflow 6.
# Fixes in this release:
* Always fix permissions on contrib on upgrade and in daily.sh agent.
* Avoid files checks for Drupal for Facebook and Domain Access by default.
* Better auto-recovery when broken libcurl is detected.
* Fix for cron auto-correction.
* Fix for post-upgrade permissions issues affecting modules|themes|libraries.
* Fix for too restrictive permissions in /data/all/000/*
* Fix regression in the logic for dev URLs detection and auto-configuration.
* Fix the forced contrib upgrade logic.
* Fix the logic for cURL install from sources.
* Improve procs monitoring agent with better whitelisting.
* Improve sanitize_string() filtering to avoid issues with strong passwords.
* Issue #1860706 - Native, unified support also for D6 lock backend.
* Issue #2023895 - Do not kill java, only jetty and tomcat procs when needed.
* Issue #2105477 - Allowed gem commands need custom aliases in lshell.
* Issue #2134329 - Going from 2.0.9 to 2.1.1 does not update platforms.
* Issue #2135545 - Lock Backend freezes the site on cache clear.