August 2018 – Webuzo Blog

MySQL 8.0 Launched

0 Shares

Hi,

Webuzo Team has launched MySQL 8.0, the latest version of MySQL. It is available for both Ubuntu and CentOS.

A lot of important new features have been added in this version. You will find everything you need to know about these amazing new features on this link https://dev.mysql.com/doc/refman/8.0/en/mysql-nutshell.html

Please note these following points:

– Currently, We are not providing upgrades to MySQL 8.0 from any version of MySQL, Percona or MariaDB.
– Only Fresh installation’s of MySQL 8.0 are allowed, so If you have an existing Database then you may not be able to install MySQL 8.0
– Since we are installing MySQL 8.0 from the Vendor’s repo itself, MySQL will update itself whenever the OS updates.

Let us know if you have any queries regarding MySQL 8.0 in the comment section.

Regards,
Webuzo Team.

0 Shares

Webuzo 2.7.1 Launched

0 Shares

Hi,

The Webuzo Team has released Webuzo 2.7.1.
This version introduces a major new Feature many improvements & bug fixes.

Features:

1) Apache Subversion Management(SCM) integrated into Webuzo. Refer this guide to bring your code under Source Control Management.

2) New Architecture for Application Managers to provide fast updates, bug fixes and security patches outside Webuzo releases.

Improvements:

3) Let’s Encrypt Certificate’s will now be updated 30 days before the renewal date.

4) Updated the Let’s Encrypt utility(ACME.SH) which is used to issue and renew certificate.

5) Application Config editor’s can now be resized freely instead of a fixed size.

6) Optimized Pure-FTPd quota check to reduce server load.

7) While downloading backup files Browser’s will now display the total file size and the time to download.

8) Added a CLI utility to make Webuzo aware of the backups files uploaded in the /var/webuzo/backup directory. Refer this guide for more information

9) Exim and Dovecot now support SSL/TLS connections. *

Bug Fixes:

10) Fixed many bugs related to Apache Tomcat Management and configuration.

11) If PHP is running as a service, then editing it’s config file will trigger a restart.

12) Webuzo and numerous other Application service files have been updated so that the service will start up even after a hard reboot. It’s recommended to update all the Applications to the latest version.

13) When multiple Web Servers were installed, restarting the server would cause the non-default Web Server to start up on some servers, this is now fixed.

14) Let’s Encrypt certificate used for the panel was not reloaded after the renewal process, required a manual restart of the Webuzo service, this is now done automatically.

App Updates:

15) Node.js updated to the latest LTS release. Refer this guide to configure Node.js in Webuzo #

16) MariaDB 10.3 the latest version in the 10.x series, launched .

17) Updated Pure-FTPd to the latest LTS release.

18) MySQL 8.0 launched, the latest version by the MySQL Community in the 8.X series.

19) Updated Tomcat 7 & 8 to the latest version.

* Both APP’s must be updated to the latest version
# This is a generic configuration, steps for your application might vary.

The upcoming version will bring more exciting Improvements, features and changes.

Regards,
The Webuzo Team

0 Shares

OpenSSL Vulnerability [CVE-2018-0732 & CVE-2018-0737]

0 Shares

Hi,

We have updated OpenSSL to the latest LTS version: 1.0.2 p

The above update includes fix for the following Vulnerabilities:

CVE-2018-0732:
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Find more info at: https://nvd.nist.gov/vuln/detail/CVE-2018-0732

CVE-2018-0737:
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Find more info at: https://nvd.nist.gov/vuln/detail/CVE-2018-0737

We recommend all users to update OpenSSL, Webserver and related Libraries to protect your server against the above attacks.

Let me know if you have any questions in the comment section.

Regards,
The Webuzo Team

0 Shares

MariaDB 10.3 launched

0 Shares

Hi,

The Webuzo Team has launched MariaDB 10.3 the latest version in the 10.x series.

Maria DB is an open-source alternative to MySQL by the original developer of MySQL.

Get more info on the Maria DB project at the following link: MariaDB Org

You can check if Maria DB fits your needs or not by checking the Release Notes & Change Logs

Upgrades from the following versions of MySQL and MariaDB is allowed:

MySQL – 5.5 – 5.6
Maria DB – 5.5, 10.0 – 10.2

And of course, you can install Maria DB 10.3 as a fresh installation.

Note: After Upgrading or Installing Maria DB 10.3 you cannot downgrade to any version of MySQL or MariaDB

Let me know if you have any questions in the comment section.

Regards,
The Webuzo Team

0 Shares