Release 2022_011 (2022-04-25)

Impact

  • [NixOS 21.11] Most services will be restarted because of a core dependency change. Machines will schedule a reboot to activate the changed kernel.

  • [NixOS 21.11] Jitsi will be restarted and conferences will be interrupted for a short period of time.

NixOS 21.11 platform

  • 21.11 is our default production platform version from now on. New machines created via the customer UI will use this version.

  • Common errors in the daily Nix store garbage collection job don’t mark the systemd unit as failed anymore. These failures were sometimes propagated to automated deployments which shouldn’t fail in that case (#PL-130101).

  • Matomo: make tag manager plugin work. The plugin needs a writable directory to store JS files for containers created via the Admin UI (#PL-130561).

  • LAMP: accept the obsolete useFPM option instead of failing to make upgrading from 21.05 easier. FPM is always used on 21.11. (#PL-130565).

  • Jitsi: update jitsi-videobridge, jicofo and jitsi-meet to latest stable versions (#PL-130541).

  • Add auditbeat7-oss and filebeat7-oss packages and use them in platform code. They remove unfree code before building the packages to make sure that the result can be used freely without being affected by the Elastic license (#PL-130528).

  • Loghost: updated and enhanced role documentation.

  • Pull upstream NixOS changes that include security fixes and other updates (#PL-130547). Important note: we have experienced problems with some Java applications due to the updated zlib version. zlib hasn’t been updated for some years and the change may also affect other packages depending on it. Because of the problem, Elasticsearch, Solr and Graylog use Java runtimes with a patched zlib. The Java packages jdk8_headless and jdk11_headless include this patch. If you see problems with other Java versions or other packages, contact our support for help.

    • apacheHttpd: 2.4.52 -> 2.4.53

    • discourse: 2.9.0.beta1 -> 2.9.0.beta4

    • element-web: 1.10.6 -> 1.10.10

    • gitlab: 14.8.5 -> 14.9.2

    • grafana: 8.4.4 -> 8.4.6

    • keycloak: 16.1.0 -> 17.0.1

    • libarchive: 3.5.2 -> 3.5.3

    • libressl: 3.4.1 -> 3.4.3

    • libressl_3_2: add patch for CVE-2022-0778

    • linux: 5.10.106 -> 5.10.111

    • matrix-synapse: 1.54.0 -> 1.56.0

    • mediawiki: 1.36.3 -> 1.36.4

    • openvpn: 2.5.2 -> 2.5.6, 2.4.11 -> 2.4.12 (CVE-2022-0547)

    • php74: 7.4.28 -> 7.4.29

    • php.packages.composer: 2.1.9 -> 2.3.5 (CVE-2022-24828)

    • php80: 8.0.16 -> 8.0.18

    • powerdns: apply patch for ixfr validation issue

    • python310: 3.10.0 -> 3.10.3

    • python38: 3.8.12 -> 3.8.13

    • python39: 3.9.6 -> 3.9.11

    • strace: 5.16 -> 5.17

    • subversion: 1.14.1 -> 1.14.2

    • subversion_1_10: 1.10.7 -> 1.10.8

    • zlib: 1.2.11 -> 1.2.12 (CVE-2018-25032)

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/152709/download/1/nixexprs.tar.xz

NixOS 21.05 platform

  • Loghost: updated and enhanced role documentation.

Detailed Changes