Release 2020_031 (2020-09-28)

Impact

• [NixOS 19.03] Multiple services will be restarted, including elasticsearch, httpd, mongodb, mysql, openvpn, postgresql, redis, rabbitmq and sshd.

NixOS 19.03 platform

• Nginx: anonymize IP addresses (IPv4 and IPv6) in access logs by default. We use a patched Nginx which provides $remote_addr_anon as a variable for log formats. This variable is used in the default combined log format (#127632).

• Security updates for mcpp (patch CVE-2019-14274), Python (2.7.17 -> 2.7.18, 3.6.9 -> 3.6.11, 3.7.4 -> 3.7.8), sysstat (12.2.0 -> 12.2.3), and unzip (patch CVE-2019-13232) (#128665).

• Mail server: Grant users holding the “sudo-srv” permission sudo access to the “vmail” system user.

• Journal, logging: make unit script names more readable, for example postgresql-start instead of <hash>-unit-script-postgresql-start (#126523).