v15.0 Stable Release #2 - 47 OVAs, OpenStack and Xen builds

I'm pleased to followup stage 1 of the v15.0 release with the release of OVA, VM, OpenStack and Xen builds (plus Docker and Proxmox/LXC) for the appliances already released as ISO. Essentially stage 2 of the v15.0 release.

turnkey 15.0 banner

Security Vulnerabilities: SA-CORE-2018-005 - Drupal 8.x & CVE-2018-14773 - Symfony

SA-CORE-2018-005 - Drupal 8

Popular CMS platform Drupal recently announced that versions of Drupal 8 prior to 8.5.6 are affected by SA-CORE-2018-005 / CVE-2018-14773 (more CVE details below). Drupal 8 uses components from the Symfony framework so is affected by this Symfony bug.

v15.0 Stable Release #1 - 47 ISOs including Core, LAMP and WordPress

UPDATE: Stage 2 includes OVA/VM, OpenStack and Xen. Docker and Proxmox/LXC builds published too. More to come soon!

I am overjoyed to announce stage 1 of the TurnKey v15.0 stable release is now available.

turnkey 15.0 banner

Stage 1 of the TurnKey GNU/Linux v15.0 stable release is finally available for public consumption! Stage 1 includes nearly half the library (47 appliances to be precise), albeit only in ISO format so far. We are busily preparing updated Hub builds, as well as Amazon MarketPlace builds which I hope to announce very soon too. All the other build types (i.e. VM/OVA, OpenStack, Proxmox/LXC, Xen & Docker) will follow soon after.

The relevant v15.0 ISOs are all available for download via the "v15.0" links on their respective appliance pages. Updated appliances for this stage include Core LAMP, WordPress, Joomla3, Drupal 7, Drupal 8 [unpublished due to security issue], and more. v15.0 changes worthy of particular note include a new Debian base OS, inclusion of PHP7, MariaDB replaces MySQL, a new Webmin theme, Reproducible Packages and Website upgrades (work in progress), as well as many other tweaks, improvements and upgrades.

Read on for details. Alternatively, jump straight to the list of upgraded appliances to jump straight in! :)

TurnKey v15.0 RC1 is LIVE!

UPDATE: Stage 1 of v15.0 stable release is now available. It includes 47 updated appliance ISOs. Stage 2 includes OVA/VM, OpenStack and Xen. Docker and Proxmox/LXC builds published too. More to come soon!

It is with great pleasure - and a huge sense of relief - that I announce the release of Core v15.0RC1 and TKLDev v15.0RC1!

Drupal SA-CORE-2018-002 - Highly critical - Remote Code Execution vulnerability

Late last week, the Drupal Security Team announced a "Highly critical" remote code execution vulnerability that affects Drupal 6 (EOL), Drupal 7 and Drupal 8. SA-CORE-2018-002 dubbed "Drupalgeddon2" was discovered by Jasper Mattsson. Drupal scores it a whopping 21 (out of a possible 25) "Security Risk Level". All users are recommended to update their Drupal sites immediately.

3rd party SSL/TLS certs on TurnKey: convert CER/P7B to PEM

Stuart recently asked via support how to use third party .cer or .p7b SSL/TLS certificates with TurnKey v14.x.

As I don't run any permanent websites, I'm not super familiar with different certificate formats. My only experience really has been through my years with TurnKey and I've only ever encountered the text file .pem certs. So I did a quick bit of research to help Stuart out. I figured that seeing as it's been a little while since I wrote a blog post and this info may be useful for others, I wrote it up. :)

Blog Tags: 

Meltdown and Spectre: What TurnKey users need to know

By now, I'm sure that you've already heard of the latest vulnerabilities doing the rounds; tagged Meltdown and Spectre. As seems to be the fashion, these new vulnerabilities have cool names, their own website, and the funky looking logos, just below.

I'll provide some more specific details and links for further reading below. I'll also cover checking that you are running a patched kernel, as well as some notes for AWS users.

Blog Tags: 

AWS Marketplace: False Positive Security Warning

It was recently brought to our attention that AWS Marketplace sent out a security warning direct to many of our AWS users. This occurred without any prior consultation with us, or verification that there was indeed an issue to warn about.

v14.2 Release Update #5 - final updated appliances and wrapup

About 3 weeks since my last announcement, I am super excited to announce the final few v14.2 appliances! And the completion (almost) of the v14.2 release! Yay!

v14.2 Release Update #4 - 17 more updated appliances and v14.2-update#3 optimized builds

This release update was a bit quicker! :) Barely 2 weeks since the last one, here comes another v14.2 update...!

Pages