English version
We are glad to announce the release of YunoHost 4.3 !
This release includes the following major changes :
-
Autoconfiguration mechanism for DNS records using registrars API and the Lexicon library. For now, only OVH and Gandi were properly tested by the community. This work also brings more feature-awareness, special-TLD-awareness and subdomain-awareness to the recommended DNS configuration, which should please people handling many subdomains . This is the first version of this mechanism - some rough edges may still need to be polished in the next versions, so weâll appreciate your (constructive) feedback! This work is supported by the NLnet foundation and contributions from students from the University of Technology of CompiĂšgne.
-
A rework of the app config-panel framework which was still an experimental/hidden feature so far. We hope that this rework will make it much easier for packagers to implement interfaces to configure and customize applications, as well as unlocking new possibilities for the future of YunoHost and the webadmin in general. Also, this comes with a significant rework of the VPNclient and Hotspot apps to integrate them in the webadmin! This work is supported by the NLnet foundation.
-
User management using CSV export/import. This should make life easier for people handling a large number of users! This work is supported by the CNAM.
-
Better support for
.local
domain names which should be useful for people willing to host local-only services! -
A new setting for experimental security features as well as some new diagnosis checks.
-
Improved mechanic for command-line prompts, such as auto-completion during app install questions
-
As always, various fixes / improvements for every day life, as well as internal spring cleanings, paving the way for the future!
-
Lots of translation updates for Arabic, Basque, Catalan, Chinese (Simplified), Czech, Dutch, Esperanto, French, Galician, German, Hindi, Indonesian, Italian, Kurdish (Central), Macedonian, Occitan, Persian, Portuguese, Russian, Slovenian, Spanish, Turkish, Ukrainian
Thanks to all contributors ! (andretheolauret, axolotle, Christian Wehrli, Colin Wawrik, Corentin Mercier, Cyril Romain, Daniel, Eauchat, Ăric Gaspar, FĂ©lix PiĂ©dallu, Flavio Cristoforetti, Geoff Montel, Gregor Lenz, JocelynDelalande, JosĂ© M, Jurij PodgorĆĄek, Kay0u, liimee, ljf, MercierCorentin, mifegui, Paco, Page Asgardius, Parviz Homayun, ppr, punkrockgirl, QuentĂ, saptrishi das biswas, Semen Turchikhin, tituspijean, Tymofii-Lytvynenko)
Changelog
Highlights
Show/hide
- [enh] users: Be able to import/export users from/to CSV (#1089, Webadmin#357)
- [enh] apps: New config-panel format and mechanism (#987, Moulinette#258, Webadmin#366)
- [enh] domain: Automatic configuration for DNS records using lexicon + add domain settings, domain config panel, subdomain awareness, special-TLD awareness, improvements in recommended DNS conf (#1315, Webadmin#396, 17aafe6f, df02f898)
- [enh] domain: Improve .local domain support, replace avahi-daemon by a new yunomdns service (#1112, #1335, af3d6dd7, 3a07a780)
- [enh] dyndns: Improve IPv6-only support + improve resilience/robustness (55bacd74, a61d0231, #1367)
- [enh] cli: Rework/improve prompt mechanics (#1338, Moulinette#290, Moulinette#303, Moulinette/08f7866f)
- [i18n] Translations updated for Arabic, Basque, Catalan, Chinese (Simplified), Czech, Dutch, Esperanto, French, Galician, German, Hindi, Indonesian, Italian, Kurdish (Central), Macedonian, Occitan, Persian, Portuguese, Russian, Slovenian, Spanish, Turkish, Ukrainian
Misc fixes / enhancement
Show/hide
- [enh] backup: Backup /home/yunohost.multimedia by default (#1179)
- [mod] refactoring: Rework the authentication system, paving the way for future works (#1183, Moulinette#270)
- [enh] apps: Misc app.py refactoring + Prevent change_url from being used to move a fulldomain app to a subpath (#1346)
- [enh] diagnosis: add an âappâ section to check that app are in catalog with good quality, check for deprecated practices (#1217)
- [fix] dovecot: add conf snippet to get rid of stupid stats-writer errors in mail.log (dab3dc6f)
- [enh] security: report suspiciously high number of auth failures in diagnosis (#1292)
- [enh] security: new setting to enable experimental security features (#1290)
- [enh] security: new setting to handle https redirect (#1304)
- [enh] security: Add
httponly
to API cookies (Moulinette/8562c05d) - [fix] security: Prevent attacker from crafting redirections to external domains (SSOwat#193)
- [enh] webadmin: Add spooky easter egg (Webadmin#411)
- [enh] webadmin: Add simplified breadcrumb as document title (Webadmin#393)
- [fix] webadmin: Prevent browser from suggesting saved password on user password change form (Webadmin#329)
- [mod] webadmin: Make logs unselectable to force people clicking the damn share button instead of copypasting only the last messages >.> (Webadmin#400)
- [enh] webadmin: Support github-independent repo urls and/or pointing to specific branches (Webadmin#407)
- [enh] webadmin: Optimizations for waiting modal messages and AppCatalog cards rendering (Webadmin#406)
- [enh] webadmin: Allow to filter by groups on user list view (Webadmin#378)
- [enh] ssowat: Add new theme âCloudsâ (SSOwat#139)
- [fix] ssowat: Fix font urls (SSOwat#193)
Important notes for advanced users
Show/hide
- Note that
/home/yunohost.multimedia
is now backed up by default and could impact the size of your backups - Users of VPNclient or Hotspot : in the new version of these apps, the configuration interface is available directly from the webadmin (in Apps > appname > Configuration), not via the SSO portal. In particular, this means that it can be accessed directly via the local IP, no need to tweak /etc/hosts anymore.
- XMPP users : note that XMPP DNS recommendation is only enabled by default on the main domain. You may enable it on other domain or subdomains in Domain > the_domain > Domain configuration.
-
yunohost domain dns-conf
got renamed toyunohost domain dns suggest
-
yunohost domain cert-status/install/renew
got renamed tocert status/install/renew
(no dash) - Some unused options in
yunohost dyndns subscribe/update
have been removed - In case you were using it, the command-line interface for config panels got entirely reworked
- App actions are still sort of working but are meant to be reworked in the near future
- The new experimental security setting can be enabled with
sudo yunohost settings set 'security.experimental.enabled' -v True
. So far this does the following:- prevents system users from snooping on the list of processes (using
ps -ef
) - adds
default-src https: data:
to the nginxâs CSP configuration (note that this may break apps or stuff that needs for example a javascripteval
) - enforces
Secure
andHTTPonly
on all cookies - adds a more extensive Permissions-Policy in NGINX configuration
- prevents system users from snooping on the list of processes (using
Changelog / Important notes for app packagers
Show/hide
- [fix] helpers: improve composer debug when it canât install dependencies (4ebcaf8d)
- [enh] helpers: allow to get/set/delete app settings without explicitly passing app id everytime⊠(fcd2ef9d)
- [fix] helpers: Donât say the âapp was restoredâ when restore failed after failed upgrade (019d207c)
- [enh] helpers: temporarily auto-add visitors during
ynh_local_curl
if needed (#1370) - [enh] apps: Add
YNH_ARCH
to app script env for easier debugging and arch checks in script (85eb43a7) - [mod] helpers: Deprecate
ynh_print_ON/OFF
(flagged as internal to not advertise them in the doc) (fe959bd7) - [fix] helpers: Rework
ynh_exec_*
to not use eval (#1358) - [enh] helpers: Simplify apt/php dependencies helpers (#1018)
- using --package in ynh_add_fpm_config is deprecated. Please do not separate php dependencies from other apt dependencies - just install them all at once with
ynh_install_app_dependencies
. YunoHost will automagically guess that you need a custom php version if needed (e.g. if php8.0-foobar is listed, YunoHost will understand that php8.0-fpm needs to be installed)
- using --package in ynh_add_fpm_config is deprecated. Please do not separate php dependencies from other apt dependencies - just install them all at once with
- [enh] helpers: In logrotate helper, enforce decent permissions on log file if app user exists (#1352)
- [enh] helpers: Bump n version to 7.5.0 (#1347)
- c.f. #1304 : https autoredirect is now handled by the core, shouldnt not be part of nginxâs app configurations
- c.f. #987 : a new config panel format / mechanics is available.
- Note that app actions still sort of work but are meant to be merged with the config panel mecanism somehow
- There also are new question types and new mecanism (e.g. âvisible ifâ) that may also be applicable to install forms !
- See example_ynh (maybe PR still pending) for example on how to use it + possibly upcoming doc on yunohost.org + ask on the chat if youâre lost / not sure
- [mod] codequality: Safer, clearer code
ynh_secure_remove
(#1357) - [mod] codequality: Lint/autoformat helpers, hooks and debian scripts (#1356)
-
yunohost app remove
now supports a--purge
option, which can be tested using the newYNH_APP_PURGE
variable equal to 1 (if purge enabled) or 0 (if disabled). The typical use case for this is to delete the data directory if purge is enabled. (This is not yet integrated in the webadmin though)
How to upgrade
From the web admin
- Go to âUpdate systemâ
- Then hit the âUpdateâ button in the âSystemâ section.
- This may take a few minutes, grab your favorite beverage. You will need to re-log into the webadmin once itâs done.
- Make sure to force-refresh the browser cache (Ctrl+Shift+R in Firefox)
- Make sure that everything went well (green check ) in Tools > Logs
Or from the command line
$ sudo yunohost tools update
$ sudo yunohost tools upgrade --system
Other project news
The packaging teams continues to deliver an incredible amount of work with a whooping ~280 apps available in the catalog . People willing to keep a look on newly packaged apps can have a look at this new page (which doesnât include all updates of already-packaged apps)
The next priority for the project is going to be Bullseye support. We expect to release an alpha version in the upcoming days/weeks (definitely before the end of the month) depending on how this 4.3 release goes .
Version française
Nous sommes heureux dâannoncer la sortie de la version 4.3 !
Voici les points clefs de cette nouvelle version :
-
Un mĂ©canisme dâautoconfiguration des enregistrements DNS basĂ© sur lâAPI des registrars et la librairie Lexicon. Pour le moment, seulement les interfaces avec OVH et Gandi ont Ă©tĂ© correctement testĂ©e et validĂ©e par la communautĂ©. En outre, YunoHost sais dĂ©sormais un peu mieux gĂ©rer les enregistrements DNS en terme de fonctionnalitĂ© (mail, XMPP), dâextensions spĂ©ciales (par ex. .local, .test), et la notion de sous-domaines, qui devrait plaire aux personnes gĂ©rant beaucoup de sous-domaines . Il sâagit dâune premiĂšre version de ce mĂ©canisme et certains Ă©lĂ©ments sont encore sans-doute Ă paufiner - aussi nous aprĂ©cierons vos retours constructifs ! Ce travail a Ă©tĂ© soutenu par la fondation NLnet et par des contributions dâĂ©tudiants de lâUTC CompiĂšgne.
-
Une refonte des panneaux de configuration des apps qui Ă©taient jusquâici une fonctionnalitĂ© experimentale et cachĂ©e. Nous espĂ©rons que cette refonte va permettre aux packageurs de crĂ©er plus simplement et rapidement des interfaces pour configurer et personaliser les applications, ainsi que dĂ©bloquer de nouvelles possibilitĂ©s pour le futur de Yunohost et de la webadmin. Ce travail est aussi liĂ© Ă une refonte de VPNclient et Hotspot qui sont maintenant intĂ©grĂ©es directement dans la webadmin! Ce travail a Ă©tĂ© soutenu par la fondation NLnet.
-
Gestion des utilisateurices via des imports/exports CSV. Ceci devrait simplifier la vie des personnes gérant un grand nombre de comptes ! Ce travail a été soutenu par le CNAM.
-
Amélioration du support des domains en
.local
, ce qui devrait ĂȘtre utile pour les personnes souhaitant hĂ©berger des services accessibles en rĂ©seau local uniquement! -
Un nouveau paramÚtre de configuration pour activer des mesures de sécurité expérimentales ainsi que de nouveaux éléments dans le diagnostique.
-
AmĂ©lioration de lâinvite de commande en CLI, qui par exemple propose maintenant une auto-complĂ©tion pour rĂ©pondre aux questions lors de lâinstall des apps
-
Comme toujours, divers correctifs et améliorations pour la vie de tous les jours, ainsi que des nettoyages en interne dans le code pour préparer le terrain pour de futur travaux!
-
De nombreuses mises Ă jour des traductions : Arabic, Basque, Catalan, Chinese (Simplified), Czech, Dutch, Esperanto, French, Galician, German, Hindi, Indonesian, Italian, Kurdish (Central), Macedonian, Occitan, Persian, Portuguese, Russian, Slovenian, Spanish, Turkish, Ukrainian
Merci Ă toutes les contributeurices ! (andretheolauret, axolotle, Christian Wehrli, Colin Wawrik, Corentin Mercier, Cyril Romain, Daniel, Eauchat, Ăric Gaspar, FĂ©lix PiĂ©dallu, Flavio Cristoforetti, Geoff Montel, Gregor Lenz, JocelynDelalande, JosĂ© M, Jurij PodgorĆĄek, Kay0u, liimee, ljf, MercierCorentin, mifegui, Paco, Page Asgardius, Parviz Homayun, ppr, punkrockgirl, QuentĂ, saptrishi das biswas, Semen Turchikhin, tituspijean, Tymofii-Lytvynenko)
Changelog
(voir la version anglaise)
Notes pour les utilisateurices avancées et équipe de packaging
(voir la version anglaise)
Comment mettre Ă niveau
Depuis la webadmin
- Aller dans âMettre Ă jour le systĂšmeâ
- Puis cliquez sur âMettre Ă jourâ dans la section âSystĂšmeâ.
- La mise à jour peut prendre quelques minutes. Il vous faudra ensuite vous re-logger à la webadmin une fois terminée.
- Forcez le raffraichissement du cache navigateur (Ctrl+Shift+R in Firefox)
- Assurez-vous que tout sâest bien passĂ© (petite coche verte ) dans Outils > Journaux
Ou Ă partir de la ligne de commande
$ sudo yunohost tools update
$ sudo yunohost tools upgrade --system
Autres nouvelles du projet
LâĂ©quipe de packaging dâapps continue de faire un travail incroyable sur les applications avec ~280 applications disponibles dans le catalogue . Vous pouvez consulter les nouvelles du catalogue sur cette nouvelle page (qui nâinclue pas les mises Ă jour rĂ©guliĂšres sur les apps dĂ©jĂ packagĂ©es)
La priorité suivante du projet va consister au passage à Bullseye. Nous prévoyons de sortir une premiÚre versions alpha dans les jours/semaines qui viennent (en tout cas clairement avant la fin du mois) en fonction de comment cette sortie de version 4.3 se passe .