The PHP developers recently released versions 5.6.35, 7.0.29 and 7.1.16 that fix several bugs. We’ve upgraded the PHP 5.6, 7.0 and 7.1 series on our servers as a result.
These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.
The authors of the Drupal CMS software today announced a “highly critical” Drupal security bug (SA-CORE-2018-002).
This vulnerability is likely to be widely exploited soon. If you use Drupal 6, 7 or 8 without updating it, your site will be compromised (taken over by “hackers”).
To protect our customers who have installed Drupal, we have “patched” the vulnerable files on every copy of Drupal on our servers, blocking the attacks that we expect to see in the future. We used these patches:
So our customers are protected against this particular problem. But that doesn’t mean you shouldn’t upgrade Drupal: older versions also have other security bugs. If you’ve installed the Drupal software on your site, please make absolutely sure you’ve upgraded to the latest version today.
Update 4:30 PM Pacific time March 25: The changes described below have been deployed on all servers.
The PHP developers recently released versions 5.6.34, 7.0.28 and 7.1.15 that fix several bugs. Over the next couple of days, we’ll be upgrading the PHP 5.6, 7.0 and 7.1 series on our servers as a result.
In addition, we’ll be upgrading the less-commonly used Perl scripting language from version 5.14 to 5.20 at the same time. (These need to be updated simultaneously because of shared “dependencies” on certain software libraries.)
These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.
Update 11:55 PM Pacific time: The maintenance described below was completed successfully and all services are running normally.
Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 7 (codename “wheezy”) to version 8 (codename “jessie”). We’ll be finishing that process over the next few weeks, with brief scheduled maintenance on each server.
The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any server should not exceed ten minutes during this three hour period.
Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.
This coming weekend, we’ll be updating some (not all) web servers:
So, for example, the “web12” server will be updated on March 9, and the “web01” server will be updated on March 10. This page explains how to find which server a site is on.
(Servers ending with other digits have already been updated in maintenance in previous weeks. This will complete the upgrades.)
Although the final step of the upgrade modifies hundreds of software packages on the server, we have tested it extensively don’t expect most customers to notice any change. Your website and email should continue working as they always have. However, if you do have any trouble, don’t hesitate to contact us.
Update 11:18 PM Pacific time: The maintenance described below was completed successfully and all services are running normally.
Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 7 (codename “wheezy”) to version 8 (codename “jessie”). We’ll be finishing that process over the next few weeks, with brief scheduled maintenance on each server.
The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any server should not exceed ten minutes during this three hour period.
Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.
This coming weekend, we’ll be updating some (not all) web servers:
So, for example, the “web06” server will be updated on March 2, and the “web13” server will be updated on March 4. This page explains how to find which server a site is on.
(Servers ending in “0”, “9”, “8” and “7” have already been updated. Servers ending in “2” and “1” will be updated the following weekend; we’ll post a separate announcement about that.)
Although the final step of the upgrade modifies hundreds of software packages on the server, we have tested it extensively don’t expect most customers to notice any change. Your website and email should continue working as they always have. However, if you do have any trouble, don’t hesitate to contact us.
Update 11:18 PM Pacific time: The maintenance described below was completed successfully.
Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 7 (codename “wheezy”) to version 8 (codename “jessie”). We’ll be finishing that process over the next few weeks, with brief scheduled maintenance on each server.
The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any server should not exceed ten minutes during this three hour period.
Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.
This coming weekend, we’ll be updating some (not all) web servers:
So, for example, the “web10” server will be updated on February 23, and the “web07” server will be updated on February 24. This page explains how to find which server a site is on.
(Additional servers will be updated the following weekends; we’ll post separate announcements about that.)
Although the final step of the upgrade modifies hundreds of software packages on the server, we have tested it extensively don’t expect most customers to notice any change. Your website and email should continue working as they always have. However, if you do have any trouble, don’t hesitate to contact us.
One of the nice things about WordPress is that it automatically updates itself for important security and bug fixes. For example, if you installed WordPress 4.9.1, it would have automatically updated itself to version 4.9.2 on January 16, and to version 4.9.3 on February 5.
Unfortunately, WordPress 4.9.3 has a bug that prevents it from automatically updating itself to later versions. It needs to be manually updated to version 4.9.4 or later.
The WordPress 4.9.3 to 4.9.4 update is trivial (it fixes only this bug, after which automatic updates will work again), so we’ve updated every customer copy of WordPress 4.9.3 on our servers to version 4.9.4, just as if it had happened automatically.
Customers should not notice any change as a result of this — but as always, don’t hesitate to contact us if you have any trouble.
If you install a script that sends mail, that script should let you choose the address it sends from. Unfortunately, some scripts don’t offer that feature, instead using a default sender address that on our systems looked like “From: example.com@tigertech.net” until now.
The inability of these scripts to specify a sender address has become more of a problem as email reputation and security systems like DKIM are deployed.
To help with this, we’ve enhanced our email system to allow you to specify the sender address these scripts use. The “How can I change the default address?” section of our page about script addresses has more details.
By the way, if you use a script like this and you don’t choose an address, it will default to the slightly different “From: example.com@tigertech-hosted-site.net” from now on. But we recommend that anyone who uses these kinds of scripts choose a real address instead, which will ensure other people see only your own domain name.
The authors of the Mailman mailing list software we provide for customers have recently released version 2.1.26 to fix several bugs.
We’ve upgraded the Mailman software on our servers as a result.
Users of Mailman lists shouldn’t notice any changes, but as always, don’t hesitate to contact us if you have any questions or see any problems.
The PHP scripting language offers an SNMP extension “for managing remote devices via the Simple Network Management Protocol”.
It’s unlikely that any of our customers use this extension, but if you do, it may no longer work correctly on very old PHP versions before PHP 5.6. (The reason is technical, and involves forthcoming updates to the SNMP library on our servers.)
