Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
2. In the administration interface go to Menu → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
3. Click Get Packages to download the update packages.
4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this version

System Management: Linux Kernel 6.6.71

With this update the Linux Kernel 6.6.71 is installed.

Security: Security-related and general updates

Various software packages have been updated in this release. In addition to security-related updates, general maintenance and care updates have also been carried out.

The updates and bug fixes affect the following packages<p

• Data synchronization program rsync 3.4.1
• Encryption library OpenSSL Security Fix
• Programming language Python3 3.11.10
• Microcode for Intel processors 20241112
• Programming language PHP7: php7-7.4.33-150400.4.43.1
• Ghostscript 10.0.0~dfsg-11+deb12u6
• libarchive_3.4.3-2+deb11u2
• nss_3.61-1+deb11u4
• glib2.0_2.58.3-2+deb10u7
• expat_2.2.6-2+deb10u8
• libgd2_2.2.5-5.2+deb10u1

Issues fixed in this version

Network: Country block

A country block is used to block all connections from selected countries through the firewall. Lists that assign a country to IP addresses are used for this purpose. An error has been fixed that could occur if the country data in “/usr/share/xt_geoip” was not yet available when restoring a backup.

Let’s Encrypt - Error during certificate update fixed

On a few systems, Let’s Encrypt certificates were not updated automatically because an important script could not be executed due to a missing path variable. This problem has been fixed and the update now works reliably again.

DNS: IPv6 requests

If there is no connection to a standard IPv6 route BIND still tries to reach IPv6 DNS servers. This sometimes led to too many requests being made and BIND responding with “SERVFAIL” in response. To prevent this, BIND is started in IPv4 mode if no IPv6 address and no IPv6 default route are available. In this case BIND can continue to deliver IPv6 to domain names. If an IPv6 address and a default route are available, BIND is started normally.

Notes

Additional software: Bitdefender - Proxy for updates

The virus pattern updates are carried out according to a set cycle. It is currently not possible to use an http proxy for the pattern update of the Bitdefender virus and spam filter.

Additional software: Bitdefender - pattern update after commissioning

After starting up the Collax Antivirus powered by Bitdefender module, it may take a few minutes for the current virus patterns to be downloaded. If you click on Update Bitdefender in the virus scanner form during this time, you will receive an error message “Error connecting to server at /opt/lib/bitdefender//bdamsocket: -3”, because the background process has not yet been fully executed.

GUI: Sporadic hangs during running jobs

The progress of configuration jobs is displayed in the top right-hand corner of the web administration. In the case of extensive changes in the network area, especially with country locks (geo-ip), it can happen in rare cases that the job display hangs during activation. As of release 7.2.28, you will now receive the message “Network connection has been interrupted: Messages may be lost until the connection can be re-established.” informs you about such situations.

VPN: Fix for IKEv2 with Microsoft Windows crashes after 7.6 hours

VPN connections with IKEv2 and the on-board tools of Microsoft Windows are interrupted after interrupted after exactly 7.6 hours. The error occurs because Microsoft Windows proposes different algorithms during the IKE re-encryption than during the first connection. The problem can be solved with a registry fix by the value “NegotiateDH2048_AES256” under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters to 1 is set.

Under the following link you will find a REG file (registry entry) that adds the registry key. Collax accepts no liability for system errors resulting from this.