PHP versions 7.2.29, 7.3.16, and 7.4.4

The PHP developers recently released versions 7.2.29, 7.3.16 and 7.4.4 that fix several bugs. We’ve upgraded the PHP 7.2, 7.3 and 7.4 series on our servers as a result.

In addition, the authors of ionCube Loader and SourceGuardian Loader have made them available for the PHP 7.4 series, so our copy of PHP 7.4.4 now supports both of those.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

Change to SSH “RSA key fingerprint”

We’ve made a change to one of the SSH keys our servers use, and this post explains why a small number of customers may see a warning message as a result. If you don’t use SSH to connect to the command-line shell (most people don’t), you can ignore this post completely.

The change is that the RSA key has been increased in size (to 2,048 bits) to ensure that sites we host pass PCI compliance scans. Most modern SSH software now uses ECDSA keys instead of RSA keys, so this won’t affect most people. But if your SSH software still uses RSA keys, you may see a message like this:

Warning: the RSA host key for 'example.com' differs from the
key for the IP address '192.0.2.3'
Are you sure you want to continue connecting (yes/no)?

Or even more alarmingly, like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now
(man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
21:24:65:80:55:5e:8c:e2:d9:6d:21:43:ef:07:3f:21.

If you see either of these, it’s expected and okay. It’s telling you that it thinks the RSA host key has changed since the last time you connected — which it has.

If your SSH client software completely prevents you from connecting because of an existing entry in your computer’s “known_hosts” file, removing the line it mentions from that file will fix it.

The next time you connect after doing that, you’ll be prompted to add the new key. You can verify the key fingerprint it shows you on our SSH page.

Sites hosted with us aren’t affected by today’s “Let’s Encrypt” SSL security bug

We provide free Let’s Encrypt SSL certificates for all sites hosted with our company.

Recently, Let’s Encrypt found a problem with some certificates that could cause site visitors to see security warnings if the certificate wasn’t renewed before noon Pacific time today (March 4, 2020).

Our customers don’t need to worry, though. We’ve already renewed any affected certificates, so the problem will not affect any sites we host.

There’s a website at checkhost.unboundtest.com you can use to test your certificate if you want to be sure. As always, don’t hesitate to contact us if you have any questions.

Updated webmail for 2020

We’ve started publicly testing an updated webmail interface for our customers. The new system has more flexible message composing, the ability to drag-and-drop images and other attachments, a simpler mobile interface, and a generally more modern feel.

You can try it yourself at https://webmail.tigertech.net/, and we have some tips for using it.

We consider it in “beta test” for now and it probably still has some bugs, although we’ve been using it ourselves for several weeks of testing. If you have any trouble, the existing webmail system is also still available.

PHP versions 7.2.27, 7.3.14, and 7.4.2

The PHP developers recently released versions 7.2.27, 7.3.14 and 7.4.2 that fix several bugs. We’ve upgraded the PHP 7.2, 7.3 and 7.4 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

PHP versions 7.2.26, 7.3.13, and 7.4.1

The PHP developers recently released versions 7.2.26, 7.3.13 and 7.4.1 that fix several bugs. We’ve upgraded the PHP 7.2, 7.3 and 7.4 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

PHP 7.4 series now available

The PHP developers recently released a brand new version, PHP 7.4, so PHP 7.4.0 is now available in our control panel (in addition to the PHP 5.6, 7.0, 7.1, 7.2 and 7.3 series).

We don’t yet recommend PHP 7.4 for most customers. It’s fairly new and some third-party scripts aren’t yet compatible with it. If you want to try it anyway:

  1. First, update your site’s PHP scripts (including WordPress, Joomla, any plugins or themes you use, and so on)
  2. Login to our My Account control panel
  3. Click PHP Settings
  4. Click PHP 7.4 series
  5. Click Save Settings

After updating, test your site carefully to make sure there aren’t any problems.

By the way, if all this seems confusing, we have a page explaining more about PHP versions and updates.

PHP 7.1.33, 7.2.25 and 7.3.12

The PHP developers recently released versions 7.1.33, 7.2.25 and 7.3.12 that fix several bugs. We’ve upgraded the PHP 7.1, 7.2 and 7.3 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

WordPress 5.3

WordPress 5.3 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites. WordPress 5.3 works fine on our servers (make sure you’re using a recent version of PHP for your site).

If you’ve previously installed an older version of WordPress, you should update it from within your WordPress Dashboard.

Our IMAP mail servers now support “special use” hints for Sent and Trash folders

Our IMAP mail servers now support the IMAP LIST Extension for Special-Use Mailboxes. That means we send hints to your IMAP mail program suggesting it should store copies of sent and deleted mail in the “Sent” and “Trash” mail folders on the server, rather than a different location the program might randomly choose.

Without the hints, some mail programs default to storing copies of sent and deleted mail only on your local computer or device. Those copies can’t be seen by other programs or devices, and they aren’t saved in our backups. You could always change that manually, but with the hints, some mail programs — particularly macOS Mail and iOS Mail — will now automatically save the mail to server folders with no extra configuration needed. The copies will then be visible on all the IMAP devices you use, and they’ll be saved in our backups.

What if I don’t want my mail program to use these folders?

In our testing, this change doesn’t affect mail programs that are already storing sent and deleted mail on the server in folders you’ve specified. But if your mail program does change where it stores sent or deleted mail, and you don’t like the change, you can use your program’s settings to explicitly choose where you want sent and deleted mail copies to be stored (for example, this page describes how to set folders on an iPhone or iPad, and this page describes how to change folders for the macOS Mail program).

If your program doesn’t offer that feature, another option is to delete the “Sent” and “Trash” server folders from your mailbox (or ask us to do so). That will prevent any hints from being sent at all, making things work exactly as they did before.