Past Incidents

We will update NextCloud to Version v15.0.2. We expect a downtime of ~10 minutes.

Start maintenance window: 29/01/2019 00:00 CEST
Stop maintenance window: 29/01/2019 02:00 CEST

We perform software updates on our mail servers. We expect a downtime of ~5 minutes.

Start maintenance window: 22/01/2019 00:00
Stop maintenance window: 22/01/2019 01:30

New features / Changes:

• [Dovecot] Add more special_use folder names
• [ClamAV] Fix whitelist permission error
• [Compose] Update ClamAV and SOGo images

In course of our half-yearly security checks, we updated the globally used Diffie-Hellman group to a new set for TLS and SSH.

• added support for Solr 7, see documentation for details
• removed support for Solr 5
• removed support for Solr 4
• removed tomcat service which is not used anymore

Reference #498

So far, there was no web application firewall on generation 6 servers, as we had yet to lay some groundwork before. With this change, we will enable ModSecurity and load the OWASP core set, please see the detailed changes below:

• update nginx to the latest stable version 1.14.2
• load ModSecurity base configuration
• load OWASP core rule set
• enable ModSecurity in DetectionOnly mode (= logging only)
• detected requests are logged into the ModSecurity audit log at /var/log/nginx/modsecurity.log (accessible via devop user)

Next steps:

• we will analyze all audit logs and take appropriate actions if required
• we might contact you over the next 2 weeks to discuss required changes on our or your end if required
• we're going to activate blocking mode (switch engine from DetectionOnly to on) on Monday, January 28th

Reference: #291