Changes:

• Latest upstream versiion of CakePHP - v5.0.5. [Anton Pyrogovskyi ]
• Use Debian default PHP (v8.2).
• Ensure hashfile includes URL to public key - closes #1864.
• Include webmin-logviewer module by default - closes #1866.
• Upgraded base distribution to Debian 12.x/Bookworm.
• Configuration console (confconsole):
  • Support for DNS-01 Let's Encrypt challenges. [ Oleh Dmytrychenko github: @NitrogenUA ]
  • Support for getting Let's Encrypt cert via IPv6 - closes #1785.
  • Refactor network interface code to ensure that it works as expected and supports more possible network config (e.g. hotplug interfaces & wifi).
  • Show error message rather than stacktrace when window resized to incompatable resolution - closes #1609. [ Stefan Davis ]
  • Bugfix exception when quitting configuration of mail relay. [ Oleh Dmytrychenko github: @NitrogenUA ]
  • Improve code quality: implement typing, fstrings and make (mostly) PEP8 compliant. [Stefan Davis & Jeremy Davis
• Firstboot Initialization (inithooks):
  • Refactor start up (now hooks into getty process, rather than having it's own service). [ Stefan Davis ]
  • Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname is included in dhcp info when set via inithooks.
  • Package turnkey-make-ssl-cert script (from common overlay - now packaged as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
  • Refactor run script - use bashisms and general tidying.
  • Show blacklisted password characters more nicely.
  • Misc packaging changes/improvements.
  • Support returning output from MySQL - i.e. support 'SELECT'. (Only applies to apps that include MySQL/MariaDB).
• Web management console (webmin):
  • Upgraded webmin to v2.105.
  • Removed stunnel reverse proxy (Webmin hosted directly now).
  • Ensure that Webmin uses HTTPS with default cert (/etc/ssl/private/cert.pem).
  • Disabled Webmin Let's Encrypt (for now).
• Web shell (shellinabox):
  • Completely removed in v18.0 (Webmin now has a proper interactive shell).
• Backup (tklbam):
  • Ported dependencies to Debian Bookworm; otherwise unchanged.
• Security hardening & improvements:
  • Generate and use new TurnKey Bookworm keys.
  • Automate (and require) default pinning for packages from Debian backports. Also support non-free backports.
• IPv6 support:
  • Adminer (only on LAMP based apps) listen on IPv6.
  • Nginx/NodeJS (NodeJS based apps only) listen on IPv6.
• Misc bugfixes & feature implementations:
  • Remove rsyslog package (systemd journal now all that's needed).
  • Include zstd compression support.
  • Enable new non-free-firmware apt repo by default.
  • Improve turnkey-artisan so that it works reliably in cron jobs (only Laravel based LAMP apps).
• Set mod_evasive log location - makes debugging easier. [ Jeremy Davis ]
• Include and enable mod_evasive and mod_security2 by default in Apache. [ Stefan Davis ]
• Debian default PHP updated to v8.2.
• Include new 'tkl-update-php' script - to make updating/changing PHP version easier for end users. [Marcos Méndez @ POPSOLUTIONS ]
• DEV: Add support for setting max_execution_time & max_input_vars in php.ini via appliance Makefile (PHP_MAX_EXECUTION_TIME & PHP_MAX_INPUT_VARS).
• Use MariaDB (MySQL replacement) v10.11.3 (from debian repos).
• Install composer from Debian repos (previously installed from source) [ Stefan Davis ]

Links

• Release meta-files (signature, manifest)