We are happy to announce the release of Cloudron 1.2.1.
For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.
Cloudron 1.2.1 is a patch release and fixes a high security vulnerability in nodejs. We highly recommend upgrading as soon as possible. Cloudrons on auto-update should have already updated to this release.
- Update nodejs to 6.11.1 - Node.js was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. You can read more here.
- Set max TTL of unbound to 5 minutes - Cloudron uses an internal DNS server called unbound. Unbound tends to respect the TTL in the DNS response and this can result in DNS entries being cached for a very long time. This can cause problems if you initially had a DNS entry with a high TTL and change it shortly after. This problem is frequently hit when users switch over the MX record to the Cloudron and the Cloudron does not detect that the DNS entry has changed. We have now capped unbound's DNS caching time to 5 minutes. This means that the Cloudron will only take up to 5 minutes maximum to notice a change in DNS.
- Fix issue where mail container does not cleanup LDAP connections properly - The mail subsystem uses LDAP to authenticate users. However, LDAP connections were not being cleaned up properly. This resulted in authentication failing sporadically.