Files
ansible-lemp-wordpress/CHANGELOG.md
Sebastian Palencsar dffd8e3b76 feat: v2.5.0 - Complete Technology & Security Update
Features:
- PHP 8.4 support (from 8.3)
- WordPress 7.0 (auto-update via WP-CLI)
- Modern TLS 1.3 cipher suites (2026 best practices)
- Fail2Ban security integration (5 jails: SSH, Nginx, WordPress, recidive)
- Auto-update cron job for WordPress (weekly Minor updates)
- Debian 14 Forky support (testing)
- Ubuntu 25.04 support
- Python 3.12 in GitHub Actions

Security:
- Fail2Ban with SSH brute force protection (24h ban)
- WordPress wp-login.php protection (2h ban)
- Nginx bot scanner protection
- Recidive jail for repeat offenders (1 week ban)
- Modern TLS ciphers (AEAD only)
- HSTS 2 years for preload

Documentation:
- docs/autoupdate.md - WordPress auto-update guide
- docs/fail2ban.md - Fail2Ban configuration guide
- docs/troubleshooting.md - Updated with php_version variable

Breaking changes:
- PHP 8.4 is now the default (requires Ubuntu 20.04+ or Debian 11+)
2026-05-04 19:37:27 +02:00

151 lines
5.8 KiB
Markdown
Executable File

# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [2.5.0] - 2026-05-04 - Fail2Ban Security
### Added
- Fail2Ban integration in playbooks
- fail2ban jail.local template with SSH, Nginx, WordPress jails
- WordPress wp-login.php protection filter
- fail2ban documentation (`docs/fail2ban.md`)
### Security Jails
- sshd: SSH brute force protection (24h ban)
- nginx-http-auth: HTTP Auth failures
- nginx-botsearch: Bot scanners
- wordpress-login: WordPress login protection
- recidive: Repeat offenders (1 week ban)
### Changed
- fail2ban package added to system packages
- Incremental bans enabled for repeat offenders
## [2.4.0] - 2026-05-04 - Auto-Update Feature
### Added
- WordPress auto-update script (`scripts/wp-update.sh`)
- Automated weekly minor updates via cron
- WP-CLI update automation in playbooks
- Auto backup before updates
- Auto-update documentation (`docs/autoupdate.md`)
### Changed
- Minor updates enabled by default (recommended for production)
### Security
- Automatic database and file backups before updates
## [2.3.0] - 2026-05-04 - Security & Maintenance Update
### Changed
- Modern TLS cipher suites (2026 best practices) - AEAD ciphers only
- TLS session handling improved (ssl_session_tickets off, 1d timeout)
- HSTS max-age increased to 63072000 (2 years for preload)
- Docker description updated with PHP 8.4
### Security
- Removed deprecated ciphers (CBC mode, static RSA)
- Only TLS 1.2 + 1.3 with forward secrecy
## [2.2.0] - 2026-05-04 - OS Compatibility Update
### Changed
- Debian 14 "Forky" support (testing/upcoming)
- Ubuntu 25.04 added to CI/CD test matrix
- Python 3.12 in GitHub Actions (from 3.11)
## [2.1.0] - 2026-05-04 - Technology Update
### Changed
- PHP 8.4 support (from 8.3) with property hooks, asymmetric visibility, and performance improvements
- WordPress 7.0 as default (from 6.x) with Notes feature, Command Palette, and Abilities API
- Ubuntu 25.04 compatibility (Plucky Puffin interim release)
- Debian 13 "Trixie" compatibility (current stable)
- Updated OS compatibility matrix in all documentation
## [2.0.0] - 2025-06-21 - Production-Ready Release
### Added
- Production-ready project cleanup and optimization
- **Ansible Vault documentation and guide** for secure password management
- Comprehensive security documentation (SECURITY.md)
- Vault usage guide (docs/vault.md) with complete setup instructions
- Enhanced SSL/HTTPS support with modern TLS configurations
- Nginx security headers (X-Frame-Options, X-XSS-Protection, etc.)
- HSTS (HTTP Strict Transport Security) for SSL deployments
- **Redis caching** in ultimate playbook with WordPress object cache plugin
- **PHP OPcache optimization** for enhanced performance
- **Advanced Nginx optimizations** (gzip compression, caching, buffer tuning, timeouts)
### Changed
- **BREAKING**: Removed experimental features for production stability (moved non-essential features to optional)
- Streamlined to 2 production-ready playbooks: `lemp-wordpress.yml` (basic) and `lemp-wordpress-ultimate.yml` (with Redis & OPcache)
- Reduced templates to 5 production-tested files only
- Cleaned inventory structure: `production.yml`, `docker.yml`, `production.yml.example`
- Enhanced documentation structure with consistent multi-language support
- Improved security features focus on SSL/TLS and Nginx hardening
- Updated CONTRIBUTING.md to reflect current project structure
### Removed
- Test playbooks and development artifacts
- Experimental Fail2Ban integration (moved to future roadmap for better implementation)
- Non-essential templates and inventory files
- Test deployment files with hardcoded passwords
### Security
- All production passwords replaced with secure placeholder values
- **Ansible Vault documentation** provided for sensitive data management
- Secure inventory templates with placeholder values (`CHANGE_ME_*`)
- Enhanced SSL certificate management
- Complete vault.md guide for implementing encrypted password storage
### Planned
- WordPress Multisite automation
- Advanced backup strategies with retention policies
- Fail2Ban integration (improved implementation)
- Monitoring integration (Prometheus/Grafana)
- Database replication setup
- Performance tuning guides
## [1.0.0] - 2025-06-19 - First Release
### Added
- Complete LEMP stack automation for Ubuntu/Debian
- SSL/HTTPS support with modern TLS configuration
- GitHub Actions CI/CD pipeline
- WordPress automation with WP-CLI integration
- Performance optimizations (PHP OPcache, MySQL tuning)
- Security enhancements (SSL/TLS hardening, secure configurations)
- Comprehensive documentation and guides
- Contributing guidelines and troubleshooting guide
- Docker testing environment
- Multi-environment support (Docker, VMs, bare metal)
- Ubuntu/Debian support (20.04, 22.04, 24.04, Debian 11, 12)
- 🌍 Multilingual documentation (German, Hungarian translations)
- 🧪 Simplified and robust CI/CD testing approach
- 📝 Professional language navigation in README
### Changed
- Restructured project for better maintainability
- Improved error handling in playbooks
- Enhanced variable management with OS-specific files
- Better template organization
- Focused exclusively on Ubuntu/Debian family systems for better stability
- Unified variables into single debian-family.yml file
- Streamlined playbooks for production readiness
- Improved test reliability with comprehensive integration tests
### Fixed
- WP-CLI download from official source
- MySQL user permissions for TCP connections
- PHP-FPM socket permissions
- Service management across different systems
- CI/CD pipeline stability issues
- Container build problems in GitHub Actions
- SSH connectivity issues in automated tests
- Python3-apt dependency problems in check mode