What's coming in 7.5
-
We now have a history of past logs and not just the last one. You can click on the timestamp and it opens the corresponding logs. Also, the checkmark indicates success/failure/in-progress.
Change was made to all the tasks - backup cleanup, sync dns, cert renewal etc.
-
For 7.5, we just want to focus on fixing some long standing issues instead of adding new features. Also, Cloudron 7.4 added OIDC support, so we are also working on moving apps from LDAP to OIDC slowly (as long as the migration works seamlessly).
These are fairly critical and we haven't paid attention to them in a while:
- (mail) Virtual all directory in dovecot for search
- (mail) Investigate why Spam learning/filtering sometimes does not work effectively.
- (mail) SPF regression adding an extra header and leaking client IP.
- Backup integrity - store size and checksum of backups. Also provide a way to "verify" backup integrity in the remote.
- Backup/restore progress
- SSHFS/CIFS import is not working - 1 and 2
- Add optional flag for turn addon.
- Add check to indicate that Cloudron 7.6 will not support servers without AVX. This is required for MongoDB 6.0
- Upgrade Redis to 7 . This is required for Discourse
- Improve app repair workflow
-
Thanks for everything, guys!
I wonder - why migrating already working well apps from LDAP to OIDC? What are the benefits? -
I guess 3 main reasons for that:
- LDAP hands over the password to the app first (!)
- LDAP has no standardized 2fa integration
- OIDC can actually provide single-sign-on
@nebulon said in What's coming in 7.5:
I guess 3 main reasons for that:
- LDAP hands over the password to the app first (!)
- LDAP has no standardized 2fa integration
- OIDC can actually provide single-sign-on
Sure, makes sense. But what about 'don't touch if it work'? Or it's mostly due to first item - clear text password forward?
-
@nebulon said in What's coming in 7.5:
I guess 3 main reasons for that:
- LDAP hands over the password to the app first (!)
- LDAP has no standardized 2fa integration
- OIDC can actually provide single-sign-on
Sure, makes sense. But what about 'don't touch if it work'? Or it's mostly due to first item - clear text password forward?
@potemkin_ai said in What's coming in 7.5:
Sure, makes sense. But what about 'don't touch if it work'? Or it's mostly due to first item - clear text password forward?
Also, the second point 2FA. OIDC also allows some really really nice "modern" looking authentication.
- For example, we can develop a mobile app which lets you login when you tap on your phone (without any password). Which LDAP can never do.
- OAuth/SSO has always been our "dream" . That's how we started and we removed it since apps were not ready for it. With OIDC (which is based off OAuth), we try this again. This time around the big difference is that upstream might be more willing to accept OIDC support/patches. We struggled with this during OAuth given the non-standard nature.
-
G girish referenced this topic on
-
@potemkin_ai said in What's coming in 7.5:
Sure, makes sense. But what about 'don't touch if it work'? Or it's mostly due to first item - clear text password forward?
Also, the second point 2FA. OIDC also allows some really really nice "modern" looking authentication.
- For example, we can develop a mobile app which lets you login when you tap on your phone (without any password). Which LDAP can never do.
- OAuth/SSO has always been our "dream" . That's how we started and we removed it since apps were not ready for it. With OIDC (which is based off OAuth), we try this again. This time around the big difference is that upstream might be more willing to accept OIDC support/patches. We struggled with this during OAuth given the non-standard nature.
-
G girish referenced this topic on
-
@girish, I noticed when using OIDC that on the authorize page there is no possibility to switch the user account. In other words: once logged in with a specific user, one is always logged in with that user, unless one manually figures out the logout endpoint for OIDC.
Would it be possible to add a logout or switch user button the the OIDC authorization page?
-
For 7.5, we just want to focus on fixing some long standing issues instead of adding new features. Also, Cloudron 7.4 added OIDC support, so we are also working on moving apps from LDAP to OIDC slowly (as long as the migration works seamlessly).
These are fairly critical and we haven't paid attention to them in a while:
- (mail) Virtual all directory in dovecot for search
- (mail) Investigate why Spam learning/filtering sometimes does not work effectively.
- (mail) SPF regression adding an extra header and leaking client IP.
- Backup integrity - store size and checksum of backups. Also provide a way to "verify" backup integrity in the remote.
- Backup/restore progress
- SSHFS/CIFS import is not working - 1 and 2
- Add optional flag for turn addon.
- Add check to indicate that Cloudron 7.6 will not support servers without AVX. This is required for MongoDB 6.0
- Upgrade Redis to 7 . This is required for Discourse
- Improve app repair workflow
@girish said in What's coming in 7.5:
For 7.5, we just want to focus on fixing some long standing issues instead of adding new features. Also, Cloudron 7.4 added OIDC support, so we are also working on moving apps from LDAP to OIDC slowly (as long as the migration works seamlessly).
These are fairly critical and we haven't paid attention to them in a while:
- (mail) Virtual all directory in dovecot for search
- (mail) Investigate why Spam learning/filtering sometimes does not work effectively.
- (mail) SPF regression adding an extra header and leaking client IP.
- Backup integrity - store size and checksum of backups. Also provide a way to "verify" backup integrity in the remote.
- Backup/restore progress
- SSHFS/CIFS import is not working - 1 and 2
- Add optional flag for turn addon.
- Add check to indicate that Cloudron 7.6 will not support servers without AVX. This is required for MongoDB 6.0
- Upgrade Redis to 7 . This is required for Discourse
- Improve app repair workflow
This ALL sounds like great and important stuff, really looking forward to this release!
(and the bit about AVX also reminds me that I need to bite the bullet and start the process moving my existing primary Cloudron which is on a Netcup VPS that doesn'st have AVX, and all my other little Cloudrons too, for that matter, onto one big Hetzner Dedicated Server - after buying it and making sure it has a healthy IP before actually making the switch, so I don't suffer from an email blackout like happened last time I moved servers)
-
Just curious, do you know if it just basic AVX that will need to be supported for 7.6, or one of the more detailed AVXs (such as AVX512, or AVX2)?Edit Nvm, for anybody who asks, it's just regular AVX as far as I can tell.Also, for everyone else, just so you know, you can check if your CPU supports it inside of /proc/cpuinfo in the flags section.
-
@girish said in What's coming in 7.5:
For 7.5, we just want to focus on fixing some long standing issues instead of adding new features. Also, Cloudron 7.4 added OIDC support, so we are also working on moving apps from LDAP to OIDC slowly (as long as the migration works seamlessly).
These are fairly critical and we haven't paid attention to them in a while:
- (mail) Virtual all directory in dovecot for search
- (mail) Investigate why Spam learning/filtering sometimes does not work effectively.
- (mail) SPF regression adding an extra header and leaking client IP.
- Backup integrity - store size and checksum of backups. Also provide a way to "verify" backup integrity in the remote.
- Backup/restore progress
- SSHFS/CIFS import is not working - 1 and 2
- Add optional flag for turn addon.
- Add check to indicate that Cloudron 7.6 will not support servers without AVX. This is required for MongoDB 6.0
- Upgrade Redis to 7 . This is required for Discourse
- Improve app repair workflow
This ALL sounds like great and important stuff, really looking forward to this release!
(and the bit about AVX also reminds me that I need to bite the bullet and start the process moving my existing primary Cloudron which is on a Netcup VPS that doesn'st have AVX, and all my other little Cloudrons too, for that matter, onto one big Hetzner Dedicated Server - after buying it and making sure it has a healthy IP before actually making the switch, so I don't suffer from an email blackout like happened last time I moved servers)
@jdaviescoates how do you check if IP is good for e-mails, before attaching a working Cloudron to it?
-
@potemkin_ai maybe these:
-
@girish said in What's coming in 7.5:
For 7.5, we just want to focus on fixing some long standing issues instead of adding new features. Also, Cloudron 7.4 added OIDC support, so we are also working on moving apps from LDAP to OIDC slowly (as long as the migration works seamlessly).
These are fairly critical and we haven't paid attention to them in a while:
- (mail) Virtual all directory in dovecot for search
- (mail) Investigate why Spam learning/filtering sometimes does not work effectively.
- (mail) SPF regression adding an extra header and leaking client IP.
- Backup integrity - store size and checksum of backups. Also provide a way to "verify" backup integrity in the remote.
- Backup/restore progress
- SSHFS/CIFS import is not working - 1 and 2
- Add optional flag for turn addon.
- Add check to indicate that Cloudron 7.6 will not support servers without AVX. This is required for MongoDB 6.0
- Upgrade Redis to 7 . This is required for Discourse
- Improve app repair workflow
This ALL sounds like great and important stuff, really looking forward to this release!
(and the bit about AVX also reminds me that I need to bite the bullet and start the process moving my existing primary Cloudron which is on a Netcup VPS that doesn'st have AVX, and all my other little Cloudrons too, for that matter, onto one big Hetzner Dedicated Server - after buying it and making sure it has a healthy IP before actually making the switch, so I don't suffer from an email blackout like happened last time I moved servers)
@jdaviescoates Where did you see Netcup does not support AVX?
-
@girish, I noticed when using OIDC that on the authorize page there is no possibility to switch the user account. In other words: once logged in with a specific user, one is always logged in with that user, unless one manually figures out the logout endpoint for OIDC.
Would it be possible to add a logout or switch user button the the OIDC authorization page?
-
@jk yes this was mentioned a few times now and will be added with the change to use oidc also for the main dashboard login
-
@nebulon said in What's coming in 7.5:
yes this was mentioned a few times now (...)
I must have missed that then. I'm glad you're aware and are changing this.
-
@girish thank you!
(by