Releases: internetstandards/Internet.nl
1.9.0
Changes
See the changelog for 1.9.0
Upgrade from 1.8.x to 1.9.0
To upgrade from a previous Docker release (note it may take several minutes after this release for the packages to be available):
docker run -ti --rm --pull=always \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $HOME/.docker:/root/.docker \
--volume /opt/Internet.nl:/opt/Internet.nl \
--network none \
--env DOCKER_REGISTRY=ghcr.io/internetstandards \
ghcr.io/internetstandards/util:1.9.0 \
/deploy.sh
Downgrade to 1.8.10
1.9.0 has several database migrations compared to 1.8.10. To downgrade, you must be running the 1.9.0 containers and downgrade the database version, e.g. with:
docker exec -ti internetnl-prod-app-1 ./manage.py migrate checks 0015_auto_20240212_1616
This will return the database to a state matching with 1.8.10. Note that the migrations will be reapplied if you restart the 1.9.0 containers. After downgrading the database, deploy 1.8.10 per the original instructions.
1.8.10
1.8.10 contains a fix in IPv6 nameserver reachability.
The test did not correctly check connectivity to the IPv6 address, causing false good tests.
This was likely introduced in 1.8.0.
To upgrade from a previous Docker release (note it may take several minutes after this release for the packages to be available):
RELEASE=1.8.10 && \
TAG=v1.8.10 && \
cd /opt/Internet.nl/ && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/defaults.env && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/docker-compose.yml && \
curl -sSfO https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/user_manage.sh && \
chmod 755 user_manage.sh && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env pull && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env up --remove-orphans --wait --no-build
There are no database (version) migrations compared to earlier 1.8 releases, so no special instructions for a downgrade to the previous release.
1.8.9
1.8.9 contains a fix for batch scheduling where report
generation did not have appropriate locking. During busy moments, this caused the queue to overflow with repeated
jobs to generate the same report over and over.
To upgrade from a previous Docker release (note it may take several minutes after this release for the packages to be available):
RELEASE=1.8.9 && \
TAG=v1.8.9 && \
cd /opt/Internet.nl/ && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/defaults.env && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/docker-compose.yml && \
curl -sSfO https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/user_manage.sh && \
chmod 755 user_manage.sh && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env pull && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env up --remove-orphans --wait --no-build
There are no database (version) migrations compared to earlier 1.8 releases, so no special instructions for a downgrade to the previous release.
1.8.8.1
1.8.8.1 is a release only to add an intermediate news post.
To upgrade from a previous Docker release (note it may take several minutes after this release for the packages to be available):
RELEASE=1.8.8.1 && \
TAG=v1.8.8.1 && \
cd /opt/Internet.nl/ && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/defaults.env && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/docker-compose.yml && \
curl -sSfO https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/user_manage.sh && \
chmod 755 user_manage.sh && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env pull && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env up --remove-orphans --wait --no-build
There are no database (version) migrations compared to earlier 1.8 releases, so no special instructions for a downgrade to the previous release.
1.8.8
1.8.8 is a release only to add an intermediate news post.
To upgrade from a previous Docker release (note it may take several minutes after this release for the packages to be available):
RELEASE=1.8.8 && \
TAG=v1.8.8 && \
cd /opt/Internet.nl/ && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/defaults.env && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/docker-compose.yml && \
curl -sSfO https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/user_manage.sh && \
chmod 755 user_manage.sh && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env pull && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env up --remove-orphans --wait --no-build
There are no database (version) migrations compared to earlier 1.8 releases, so no special instructions for a downgrade to the previous release.
1.8.7
1.8.7 mainly contains various important fixes to support batch deployment.
- Updated sectxt to use a patched version of PGPy with a fix for a
catastrophic regex backtracking issue - Updated nassl to fix memory leak in OCSP check.
- Connection test zones are now re-signed every week instead of every month.
- Support for new Docker (compose) versions and some checks for incompatible versions.
- Many updates to the Docker setup to handle issues with large batch jobs
- Extensions in Grafana dashboards for batch monitoring.
- Various improvements to CI UX.
To upgrade from a previous Docker release (note it may take several minutes after this release for the packages to be available):
RELEASE=1.8.7 && \
TAG=v1.8.7 && \
cd /opt/Internet.nl/ && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/defaults.env && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/docker-compose.yml && \
curl -sSfO https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/user_manage.sh && \
chmod 755 user_manage.sh && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env pull && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env up --remove-orphans --wait --no-build
There are no database (version) migrations compared to earlier 1.8 releases, so no special instructions for a downgrade to the previous release.
1.8.6
Release 1.8.6 contains numerous fixes.
Functional changes:
- Fixed an issue where redirects with an explicit port 443 were incorrectly.
rejected in the HTTPS redirect test (#1291). - 4xx and 5xx in the IPv4/6 similarity test are now permitted (#1267).
- Changed user agent to a common format (#1224).
- Fixed excessive caching TTLs in some DNS queries for some tests.
- Added support for br and zstd compression in HTTP compression test.
Internal changes:
- Access and user management was improved with a separate command to manage users,
which can be applied to batch API only, or all URLS (#1267, #1274, #1396). - Added periodic re-signing of connection test DNS zones.
- DNS configuration was documented along with several fixes in the certbot config (#1275, #1228, #1411).
- Added a log exporter for nginx.
- Added test probes every 15 minutes.
- Added periodic restart for nassl worker.
- Several other bugfixes.
To upgrade from a previous Docker release (note it may take several minutes after this release for the packages to be available):
RELEASE=1.8.6 && \
TAG=v1.8.6 && \
cd /opt/Internet.nl/ && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/defaults.env && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/docker-compose.yml && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env pull && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env up --remove-orphans --wait --no-build
There are no database (version) migrations compared to earlier 1.8 releases, so no special instructions for a downgrade to the previous release.
1.8.5
Release 1.8.5 contains a hotfix for the sectxt library failing on leap days.
To upgrade from a previous Docker release (note it may take several minutes after this release for the packages to be available):
RELEASE=1.8.5 && \
TAG=v1.8.5 && \
cd /opt/Internet.nl/ && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/defaults.env && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/docker-compose.yml && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env pull && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env up --remove-orphans --wait --no-build
There are no database (version) migrations compared to earlier 1.8 releases, so no special instructions for a downgrade to the previous release.
1.8.4
Release 1.8.4:
- Updates unbound to 1.19.1-internetnl to fix CVE-2023-50387 and CVE-2023-50868.
- Restricts HTTPS redirects to the same domain, no longer allowing directions to a subdomain first (#1208).
- Updates a number of other dependencies.
- Fixes an issue where certbot renewals were not correctly run.
To upgrade from a previous Docker release (note it may take several minutes after this release for the packages to be available):
RELEASE=1.8.4 && \
TAG=v1.8.4 && \
cd /opt/Internet.nl/ && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/defaults.env && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/docker-compose.yml && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env pull && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env up --remove-orphans --wait --no-build
There are no database (version) migrations compared to earlier 1.8 releases, so no special instructions for a downgrade to the previous release.
1.8.3
Release 1.8.3 fixes an issue where HSTS and CSP headers were missing from the www-subdomain of the main domain (#1210, #1211).
To upgrade from a previous Docker release (note it may take several minutes after this release for the packages to be available):
RELEASE=1.8.3 && \
TAG=v1.8.3 && \
cd /opt/Internet.nl/ && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/defaults.env && \
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/${TAG}/docker/docker-compose.yml && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env pull && \
env -i RELEASE=$RELEASE docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env up --remove-orphans --wait --no-build
There are no database (version) migrations compared to earlier 1.8 releases, so no special instructions for a downgrade to the previous release.