feat: v2.5.0 - Complete Technology & Security Update
Features: - PHP 8.4 support (from 8.3) - WordPress 7.0 (auto-update via WP-CLI) - Modern TLS 1.3 cipher suites (2026 best practices) - Fail2Ban security integration (5 jails: SSH, Nginx, WordPress, recidive) - Auto-update cron job for WordPress (weekly Minor updates) - Debian 14 Forky support (testing) - Ubuntu 25.04 support - Python 3.12 in GitHub Actions Security: - Fail2Ban with SSH brute force protection (24h ban) - WordPress wp-login.php protection (2h ban) - Nginx bot scanner protection - Recidive jail for repeat offenders (1 week ban) - Modern TLS ciphers (AEAD only) - HSTS 2 years for preload Documentation: - docs/autoupdate.md - WordPress auto-update guide - docs/fail2ban.md - Fail2Ban configuration guide - docs/troubleshooting.md - Updated with php_version variable Breaking changes: - PHP 8.4 is now the default (requires Ubuntu 20.04+ or Debian 11+)
This commit is contained in:
62
CHANGELOG.md
Normal file → Executable file
62
CHANGELOG.md
Normal file → Executable file
@@ -5,6 +5,68 @@ All notable changes to this project will be documented in this file.
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [2.5.0] - 2026-05-04 - Fail2Ban Security
|
||||
|
||||
### Added
|
||||
- Fail2Ban integration in playbooks
|
||||
- fail2ban jail.local template with SSH, Nginx, WordPress jails
|
||||
- WordPress wp-login.php protection filter
|
||||
- fail2ban documentation (`docs/fail2ban.md`)
|
||||
|
||||
### Security Jails
|
||||
- sshd: SSH brute force protection (24h ban)
|
||||
- nginx-http-auth: HTTP Auth failures
|
||||
- nginx-botsearch: Bot scanners
|
||||
- wordpress-login: WordPress login protection
|
||||
- recidive: Repeat offenders (1 week ban)
|
||||
|
||||
### Changed
|
||||
- fail2ban package added to system packages
|
||||
- Incremental bans enabled for repeat offenders
|
||||
|
||||
## [2.4.0] - 2026-05-04 - Auto-Update Feature
|
||||
|
||||
### Added
|
||||
- WordPress auto-update script (`scripts/wp-update.sh`)
|
||||
- Automated weekly minor updates via cron
|
||||
- WP-CLI update automation in playbooks
|
||||
- Auto backup before updates
|
||||
- Auto-update documentation (`docs/autoupdate.md`)
|
||||
|
||||
### Changed
|
||||
- Minor updates enabled by default (recommended for production)
|
||||
|
||||
### Security
|
||||
- Automatic database and file backups before updates
|
||||
|
||||
## [2.3.0] - 2026-05-04 - Security & Maintenance Update
|
||||
|
||||
### Changed
|
||||
- Modern TLS cipher suites (2026 best practices) - AEAD ciphers only
|
||||
- TLS session handling improved (ssl_session_tickets off, 1d timeout)
|
||||
- HSTS max-age increased to 63072000 (2 years for preload)
|
||||
- Docker description updated with PHP 8.4
|
||||
|
||||
### Security
|
||||
- Removed deprecated ciphers (CBC mode, static RSA)
|
||||
- Only TLS 1.2 + 1.3 with forward secrecy
|
||||
|
||||
## [2.2.0] - 2026-05-04 - OS Compatibility Update
|
||||
|
||||
### Changed
|
||||
- Debian 14 "Forky" support (testing/upcoming)
|
||||
- Ubuntu 25.04 added to CI/CD test matrix
|
||||
- Python 3.12 in GitHub Actions (from 3.11)
|
||||
|
||||
## [2.1.0] - 2026-05-04 - Technology Update
|
||||
|
||||
### Changed
|
||||
- PHP 8.4 support (from 8.3) with property hooks, asymmetric visibility, and performance improvements
|
||||
- WordPress 7.0 as default (from 6.x) with Notes feature, Command Palette, and Abilities API
|
||||
- Ubuntu 25.04 compatibility (Plucky Puffin interim release)
|
||||
- Debian 13 "Trixie" compatibility (current stable)
|
||||
- Updated OS compatibility matrix in all documentation
|
||||
|
||||
## [2.0.0] - 2025-06-21 - Production-Ready Release
|
||||
|
||||
### Added
|
||||
|
||||
Reference in New Issue
Block a user