Release 2024_007 (2024-02-26)

Impact

• [NixOS 23.11] Gitlab will be restarted.

NixOS 23.11 platform

• webgateway/nginx: Reintroduce optional rate limiting for nginx to enable when needed to counter rapid reset attacks (originally part of release 2024_005, temporarily removed in 2024_006) (PL-132210).

• webproxy: the Varnish command line can now be overridden by setting the flyingcircus.services.varnish.extraCommandLine option (PL-132106).

• docker: document <nixos-docker-storage-driver> how to upgrade machines that still use the deprecated devicemapper storage driver. (PL-132175).

• opensearch: document <nixos-opensearch> migration path from Elasticsearch 6.

• Package security updates (PL-132233):

  • gitlab: 16.7.5 -> 16.7.6 (CVE-2023-4895, CVE-2024-0861, CVE-2023-3509, CVE-2024-0410)

  • mastodon: 4.2.6 -> 4.2.7 (CVE-2024-25623)

• Production channel URL for this release: https://hydra.flyingcircus.io/build/382222/download/1/nixexprs.tar.xz

NixOS 22.11 platform

• Document that upgrades from Elasticsearch 6 to 7 are irreversible due to index changes (PL-131888).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/382099/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 23.11: platform code, nixpkgs/upstream changes

• NixOS 22.11: platform code