What's coming in 7.5

girish

Unfortunately, the wireguard/openvpn integration has to be done in 7.6 . It's a pretty big feature and it's unlikely to be done in 7.5 timeframe.

nebulon

The Filemanager will also get replaced with a new UI, which will better work with large sets of files in one folder. Currently opening a folder with 100s of pictures breaks the filemanager.

girish

We now have a history of past logs and not just the last one. You can click on the timestamp and it opens the corresponding logs. Also, the checkmark indicates success/failure/in-progress.

Change was made to all the tasks - backup cleanup, sync dns, cert renewal etc.

girish

@girish said in What's coming in 7.5:

Upgrade Redis to 7 . This is required for Discourse

Redis is upgraded now. Not sure what is a good screenshot here , but here goes.

potemkin_ai

Thanks for everything, guys!
I wonder - why migrating already working well apps from LDAP to OIDC? What are the benefits?

nebulon

I guess 3 main reasons for that:

• LDAP hands over the password to the app first (!)
• LDAP has no standardized 2fa integration
• OIDC can actually provide single-sign-on

potemkin_ai

@nebulon said in What's coming in 7.5:

I guess 3 main reasons for that:

• LDAP hands over the password to the app first (!)
• LDAP has no standardized 2fa integration
• OIDC can actually provide single-sign-on

Sure, makes sense. But what about 'don't touch if it work'? Or it's mostly due to first item - clear text password forward?

nebulon

presumably this will be a long process to migrate apps anyways, but it's good to get going at some point and new apps can be directly integrated.

girish

@potemkin_ai said in What's coming in 7.5:

Sure, makes sense. But what about 'don't touch if it work'? Or it's mostly due to first item - clear text password forward?

Also, the second point 2FA. OIDC also allows some really really nice "modern" looking authentication.

• For example, we can develop a mobile app which lets you login when you tap on your phone (without any password). Which LDAP can never do.
• OAuth/SSO has always been our "dream" . That's how we started and we removed it since apps were not ready for it. With OIDC (which is based off OAuth), we try this again. This time around the big difference is that upstream might be more willing to accept OIDC support/patches. We struggled with this during OAuth given the non-standard nature.

potemkin_ai

@girish @nebulon thanks for the details! As always, I wish you all things to come true and in the best way possible!

jk

@girish, I noticed when using OIDC that on the authorize page there is no possibility to switch the user account. In other words: once logged in with a specific user, one is always logged in with that user, unless one manually figures out the logout endpoint for OIDC.

Would it be possible to add a logout or switch user button the the OIDC authorization page?

jdaviescoates

@girish said in What's coming in 7.5:

For 7.5, we just want to focus on fixing some long standing issues instead of adding new features. Also, Cloudron 7.4 added OIDC support, so we are also working on moving apps from LDAP to OIDC slowly (as long as the migration works seamlessly).

These are fairly critical and we haven't paid attention to them in a while:

• (mail) Virtual all directory in dovecot for search
• (mail) Investigate why Spam learning/filtering sometimes does not work effectively.
• (mail) SPF regression adding an extra header and leaking client IP.
• Backup integrity - store size and checksum of backups. Also provide a way to "verify" backup integrity in the remote.
• Backup/restore progress
• SSHFS/CIFS import is not working - 1 and 2
• Add optional flag for turn addon.
• Add check to indicate that Cloudron 7.6 will not support servers without AVX. This is required for MongoDB 6.0
• Upgrade Redis to 7 . This is required for Discourse
• Improve app repair workflow

This ALL sounds like great and important stuff, really looking forward to this release!

(and the bit about AVX also reminds me that I need to bite the bullet and start the process moving my existing primary Cloudron which is on a Netcup VPS that doesn'st have AVX, and all my other little Cloudrons too, for that matter, onto one big Hetzner Dedicated Server - after buying it and making sure it has a healthy IP before actually making the switch, so I don't suffer from an email blackout like happened last time I moved servers)

michaelpope

Just curious, do you know if it just basic AVX that will need to be supported for 7.6, or one of the more detailed AVXs (such as AVX512, or AVX2)? Edit Nvm, for anybody who asks, it's just regular AVX as far as I can tell.

Also, for everyone else, just so you know, you can check if your CPU supports it inside of /proc/cpuinfo in the flags section.

potemkin_ai

@jdaviescoates how do you check if IP is good for e-mails, before attaching a working Cloudron to it?

girish

@potemkin_ai maybe these:

• https://whatismyipaddress.com/blacklist-check
• https://mxtoolbox.com/blacklists.aspx
• https://dnschecker.org/ip-blacklist-checker.php

avatar1024

@jdaviescoates Where did you see Netcup does not support AVX?

nebulon

@jk yes this was mentioned a few times now and will be added with the change to use oidc also for the main dashboard login

jk

@nebulon said in What's coming in 7.5:

yes this was mentioned a few times now (...)

I must have missed that then. I'm glad you're aware and are changing this.

girish

@jk probably in our internal discussions (by @luckow )

nebulon

probably not on the forum but in-person by @luckow for sure