Let's Encrypt SSL/TLS certificates may require manual update

As highlighted in the forums by Sean, Let's Encrypt recently discovered a bug in their Certificate Authority (aka CAA). The implication of this is that some of the certificates that they have issued, they shouldn't have!

Core v16.0 RC (Release Candidate) is on the way...

Update 2020-05-04: We've finally published our first batch of 10 v16.0 appliances. Please see the full announcement for details.

Update 2020-03-10: v16.0rc1 ISOs of both Core and TKLDev are now available.

How to update Ghost on a v15.x TurnKey Ghost appliance

In this post, I'll cover the process required the first time you update the Ghost blog software, on a TurnKey Linux Ghost appliance. This applies equally, not matter what platform it's running on; from self hosted VM, to the Hub. Once you've run through this tutorial, in future, you'll be able to simply run:

Blog Tags: 

Webmin remote exploit/vulnerability does NOT affect TurnKey

It has come to our attention that a number of Webmin releases include a vulnerability that could allow a remote attacker to take control of a server with a vulnerable version of Webmin installed. Alarmingly:

v15.x - Updated apps, plus new Redis appliance

Bugfixes and Updates

We have published a number of updated appliances since my last appliance updates blog post (all the way back in February!?). This post is well overdue and in fact a few of the appliances have been updated multiple times... Please read on about the new Redis appliance. And/or read about the updated appliances and the relevant changes of significance.

All of these appliances are now available to download from their relevant appliance pages (links provided in each entry). They are also available to run in the cloud from the TurnKey Hub and/or for Proxmox within the storage templates section. The most June updates will also be available from AWS Marketplace ASAP; the earlier updates should be available already.

New TurnKey appliance versioning regime

Updated Appliance Versioning

Users who have been using TurnKey for a while, may have noticed that the release cycle of TurnKey appliances has changed in more recent times. Since version 14.2, we quietly implemented a new versioning regime which allows for appliances to released individually, i.e. be on different versions. This allows us to update specific appliances as needed, rather than needing to wait and do them all in a batch. I've been meaning to explicitly share this info for a while now, so here we go...!

Debian 7/Wheezy & 8/Jessie backports repos archived

Ever vigilant TurnKey community member, John Carver (aka Dude4Linux), has again bought to our attention an issue worth addressing. In a recent bug report John notes that the Debian old-old-stable (7/Wheezy) and old-stable (8/Jessie) backports apt repositories have now been archived.

Ideally v13.x & v14.x TurnKey users are advised to update/migrate their data to the relevant current v15.x release of their appliance. If you need a hand with that, please do not hesitate to start a new thread on the forums (new threads require a free website user account; if you have any troubles posting please let us know). But if that's not an option right now, to avoid errors jamming up your apt logs, TurnKey v13.x and v14.x users are advised to make an adjustment to their servers.

v15.x - 12 Updated Appliances, plus New OpenCart Appliance

Bugfixes and Updates

There are 13 12 Appliances that have recently been updated, and one new appliance; OpenCart.

Some appliances include security related updates, some include bugfixes, some include both.

Security Vulnerabilities: SA-CORE-2019-003 - Drupal 8 Core, Drupal 7 plugins

SA-CORE-2019-003 - Highly critical - Remote Code Execution

Popular CMS platform Drupal recently announced a highly critical security vulnerability: SA-CORE-2019-003. This vulnerability allows for remote code execution on an exploited server. It is rated Highly Critical and mass exploits are now being reported in the wild!

v15.1 Appliance Updates and Bugfixes - 70+ Rebuilt and Updated Apps

In the wake of the "mini-nightmare" (to quote a user) that was the Debian MariaDB auto removal fiasco; we're back with ~70 updated appliances (all the ones with MySQL/MariaDB). They include all the latest Debian packages.