Release notes 7

NethServer release 7

Major changes on 2018-10-17

  • ISO release 7.6.1810 “final” replaces any previous ISO 7.5.1804
  • PHP 5.6 from SCL has reached end-of-life and is thus deprecated. See PHP 5.6 SCL
  • Default TLS policy is 2018-10-01
  • Default systems log retention has been increased to 52 weeks
  • The Zeroconf network protocol is now disabled by default
  • By default, Evebox events are retained for 30 days. The new default is applied to upgraded systems as a bug fix
  • NDPI module has been updated to version 2.4 which no longer recognize some old protocols. See dpw_ndpi24 for the list of removed protocols
  • SMTP server can be directly accessed from trusted networks
  • PPPoE connections use rp-pppoe plugin by default to improve network speed
  • For repositories that support GPG metadata signature, YUM runs now an integrity check (repo_gpgcheck=1) for additional security. This new default setting is applied automatically unless a .repo file was changed locally. In that case an .rpmnew file is created instead of overwriting the local changes. Rename the .rpmnew to .repo to apply the new defaults. This is the list of files to be checked:

    • /etc/nethserver/yum-update.d/NsReleaseLock.repo
    • /etc/yum.repos.d/NethServer.repo
    • /etc/yum.repos.d/NsReleaseLock.repo

Major changes on 2018-06-11

  • ISO release 7.5.1804 “final” replaces any previous ISO 7.5.1804 “rc” and “beta”
  • The Email module is now based on Rspamd
  • MX DNS record override for LAN hosts has been removed. Removed postfix/MxRecordStatus prop
  • Host name aliases are converted into hosts DB records. See Additional host name aliases
  • /etc/fstab is no longer an expanded template. See Requirements and User home directories for details
  • Default permissions for Shared folders is Grant full control to the creator
  • Default TLS policy is 2018-03-30
  • Default Server Manager session idle timeout is 60 minutes, session life time is 8 hours
  • Quality of Service (QoS) implementation now uses FireQOS, current configuration is automatically migrated. See Traffic shaping
  • The menu entry Automatic updates in Server Manager was removed. Automatic updates are now configured from Software center > Configure. From the same panel it is possible to select the Software updates origin. See Software updates
  • The NethServer subscription module is available by default in new installations. Run the following command to update the base module set on existing installations: yum update @nethserver-iso
  • The WebVirtMgr project is no longer maintained and the corresponding module has been removed along with nethserver-libvirt package. See Virtual machines chapter for details on how to use virtualization

Major changes on 2017-10-26

  • ISO release 7.4.1708 “final” replaces the old ISOs 7.4.1708 “beta1” and 7.3.1611 “update 1”
  • The local AD account provider applies updates to the Samba DC instance automatically (#5356) Latest Samba DC version is 4.6.8
  • The Software center page warns when a new upstream release is available (#5355)
  • Added FreePBX 14 module
  • Squid has been patched for a smoother web navigation experience when using SSL transparent proxy
  • Ntopng 3 replaces Bandwidthd, the Server Manager has a new “top talkers” page which tracks hosts network usage
  • Suricata can be configured with multiple categories rules
  • EveBox can report traffic anomalies detected by Suricata
  • Nextcloud 12.0.3
  • Web antivirus based on ICAP instead of ECAP
  • Web filters: ufdbGuard updated to 1.33.4, small UI improvements on web
  • Diagtools: added speedtest
  • ufdbGuard updated to release 1.33.4
  • WebTop4 has been removed

Major changes on 2017-07-31

  • ISO release 7.3.1611 “update 1” replaces the previous ISO 7.3.1611 “Final”
  • Configuration backup page enhancement
  • Accounts provider page enhancement
  • Migration from sme8 and upgrade from ns6 procedures
  • OpenvPN: improve net2net tunnels
  • WebTop 5.0.7
  • Backup data: basic WebDAV support for backups and storage stats
  • UI tweaks for IPSec tunnels
  • Web proxy: support divert and priority rules
  • NextCloud 12
  • Network diagnostic tools page

Major changes on 2017-01-30

  • ISO release 7.3.1611 “Final” replaces the previous ISO 7.3.1611 “RC4”
  • Installer: added new manual installation method
  • Account providers: “administrators” group has been replaced by “domain admins” group (Server Manager access)
  • Mail server: fix pseudonym expansion for groups
  • Mail server: enable user shared mailbox by default (User shared mailbox)
  • Mail server: specific per-domain pseudonym now override generic ones
  • OpenVPN: start VPN clients on boot
  • Web filter: fix group-based profiles
  • Firewall: fix selection of time conditions
  • IPS: update configuration for latest pulledpork release

Deprecated features and packages

PHP 5.6 SCL

PHP 5.6 from the SCL repository has reached end-of-life (EOL) [1] [2].

To avoid problems with existing legacy applications, the PHP 5.6 SCL packages from CentOS 7.5.1804 will be still available from NethServer repositories during the 7.6.1810 lifetime.

Warning

PHP 5.6 SCL packages will not receive any security update. Very limited support will be provided as best-effort

The nethserver-rh-php56-php-fpm package will be removed from the next NethServer release.

Developers are invited to update their modules, replacing nethserver-rh-php56-php-fpm with nethserver-rh-php71-php-fpm as soon as possible.

… _dpw_ndp24:

NDPI 2.4

The following protocols have been removed:

  • tds
  • winmx
  • imesh
  • http_app_veohtv
  • quake
  • meebo
  • skyfile_prepaid
  • skyfile_rudics
  • skyfile_postpaid
  • socks4
  • timmeu
  • torcedor
  • tim
  • simet
  • opensignal
  • 99taxi
  • easytaxi
  • globotv
  • timsomdechamada
  • timmenu
  • timportasabertas
  • timrecarga
  • timbeta

Rules using the above protocols, will be automatically disabled.

Upgrading NethServer 6 to NethServer 7

It is possible to upgrade the previous major release of NethServer to 7, with a backup/restore strategy. See the Upgrade from NethServer 6 for details.

Server Manager access

If you want to grant Server Manager access to other users than root, please add the users to the “domain admins” group and execute:

config delete admins
/etc/e-smith/events/actions/initialize-default-databases

User shared mailbox

If you want to enable user shared mailbox, execute:

config setprop dovecot SharedMailboxesStatus enabled
signal-event nethserver-mail-server-update

Discontinued packages

The following packages were available in the previous 6 release and have been removed in 7:

  • nethserver-collectd-web: replaced by nethserver-cgp
  • nethserver-password: integrated inside nethserver-sssd
  • nethserver-faxweb2: see the discussion faxweb2 vs avantfax.
  • nethserver-fetchmail: replaced by getmail
  • nethserver-ocsinventory, nethserver-adagios: due to compatibility problems with Nagios, these modules will be mantained only on NethServer 6 release
  • nethserver-ipsec: IPSec tunnels are now implemented in nethserver-ipsec-tunnels, L2TP function has been dropped
  • nethserver-webvirtmgr

References

[1]Red Hat Software Collections Product Life Cycle – https://access.redhat.com/support/policy/updates/rhscl
[2]PHP supported versions – http://php.net/supported-versions.php