AOServ Client Changelog


Release Notes

  • Enabled control over Tomcat maxParameterCount:
    1. Added PrivateTomcatSite.getMaxParameterCount()
    2. Added web.tomcat.PrivateTomcatSite.maxParameterCount.set command.
    3. Added SharedTomcat.getMaxParameterCount()
    4. Added web.tomcat.SharedTomcat.maxParameterCount.set command.
  • Enabled control over Tomcat undeployOldVersions setting in support of parallel deployments:
    1. Added PrivateTomcatSite.getUndeployOldVersions()
    2. Added web.tomcat.PrivateTomcatSite.undeployOldVersions.set command.
    3. Added SharedTomcat.getUndeployOldVersions()
    4. Added web.tomcat.SharedTomcat.undeployOldVersions.set command.


Release Notes

  • Added underscore to set of allowed characters in DNS CNAME entries.
  • Added support for Rocky Linux 9.


Release Notes

  • Added support for PostgreSQL 15.
  • Added support for Apache Tomcat 10.1.


Release Notes

  • Updated dependencies.


Release Notes

  • Explicitly closing JDBC resources.


Release Notes

  • New system groups stapusr, stapsys, and stapdev for SystemTap.
  • New system group and user oprofile for OProfile.


Release Notes

  • Added transaction types "discount" and "support" for new AOApps Premium Support.
  • Monthly charges now order by id before type and created. This is so fine-grained line items appear in matching order for new AOApps branding
  • Monthly charges now use package_definitions.display as their description, instead of the previous default based on package_definitions.monthly_rate_transaction_type. This provides more meaningful billing line items, instead of just "Virtual Dedicated Server" repeated.
  • No longer count IP addresses that are loopback, wildcard, or unique-local.
  • Performed Checkstyle clean-up:
    1. Renamed AOServClientConfiguration to AoservClientConfiguration.
    2. Renamed AOServConnection to AoservConnection.
    3. Renamed AOServConnector to AoservConnector.
    4. Renamed AOServObject to AoservObject.
    5. Renamed AoservProtocol.CommandID to AoservProtocol.CommandId.
    6. Renamed AOServReadable to AoservReadable.
    7. Renamed AOServStreamable to AoservStreamable.
    8. Renamed AOServTable to AoservTable.
    9. Renamed AOServWritable to AoservWritable.
    10. Renamed AOSH to Aosh.
    11. Renamed SQLComparator to SqlComparator.
    12. Renamed SQLExpression to SqlExpression.
    13. Renamed SSLCast to SqlCast.
    14. Renamed SQLColumnJoin to SqlColumnJoin.
    15. Renamed SQLColumnValue to SqlColumnValue.
    16. Renamed SSLConnector to SslConnector.
    17. Renamed SimpleAOClient to SimpleAoservClient.
    18. Renamed Table.TableID to Table.TableId.
    19. Renamed Table_Name to TableName.
    20. Renamed TCPConnector to TcpConnector.


Release Notes

  • Added support for PostgreSQL 14.
  • Now properly restoring Thread interrupted state on InterruptedException.
  • Added missing NoSuchElementException from implementations of Iterator.
  • Added support for git-shell.
  • Added support for Jenkins.
  • Added resource definitions in support of new AOApps branding.
  • Removed package category and related signup forms for backup and colocation.
  • Added support for SonarQube.


Release Notes

  • Updated dependencies.
  • notify() replaced with notifyAll() since more than one thread can be waiting.



Release Notes

  • Now supports Java 9+ modules with included module-info.class.


Release Notes

  • Removed unsupported operating systems Gentoo, Mandrake, Mandriva, and RedHat.


Release Notes


Release Notes

  • Split development-only classes into a new sub-project in devel/. This sub-project is used only for development and is never deployed to artifact repositories.
  • Updated dependencies.
  • Fixed NPE in master_processes.command.
  • Eliminated unnecessary uses of where immediate validation from readObject(…) or readExternal(…) is sufficient.
  • New "schema"."AoservProtocol": 1.84.13
  • New "schema"."Type": HashedKey
  • Removed linux.Server.daemon_key, now stored in
  • Removed com.aoindustries.aoserv.client.pki.HashedPassword, using the newer instead.
  • Removed SimpleAOClient.hash(String), which used the obsolete SHA-1 algorithm.


Release Notes

  • Resolved editor warnings.
  • AOServConnection now implements Closeable for use in try-with-resources. This is a behind-the-scenes detail and does not change the public API.
  • Updated dependencies.
  • Added support for PostgreSQL 13.


Release Notes

  • New Linux group and user "centos" to support deployments in Amazon EC2 (and other cloud environments) via the cloud-init package.


Release Notes

  • Monitoring of MySQL replication slaves is now disabled when monitoring of the slave's host is disabled.


Release Notes

  • Fixed translations properly encode ' as '' inside resource bundles.
  • Updated dependencies.


Release Notes

  • Fixed IndexOutOfBoundsException on AOServTable.removeProgressListener(…) and AOServTable.removeTableListener(…).
  • Added MySQL collation utf8mb4_general_ci.


Release Notes

  • Minimum Java version changed from 1.7 to 1.8.
  • Reduced use of property substitutions in pom.xml. This is to help 3rd-party parsers that fail to perform full Maven-compatible substitutions.
  • Fixed bug wrong column returned for "canceled".
  • Added support for PostgreSQL 12.
  • Connection pool statistics and password checker results HTML generation now support both SGML and XML serializations.
  • Now supporting Tomcat's tomcatAuthentication configuration:
    1. Added column web.tomcat.PrivateTomcatSite.tomcatAuthentication
    2. Added AOSH command web.tomcat.PrivateTomcatSite.tomcatAuthentication.set
    3. Added column web.tomcat.SharedTomcat.tomcatAuthentication
    4. Added AOSH command web.tomcat.SharedTomcat.tomcatAuthentication.set
  • AOServConnector.getConnector(…) may now be obtained without any checked exceptions:
    1. AOServClientConfiguration throws ConfigurationException
    2. AOServConnector.getConnector(…) throws ConfigurationException
    3. Removed other unnecessary uses of IOException incorrectly left in Schema constructors.
  • Fixed ambiguous definitions of PROTOCOL, now:
    1. TCPConnector.TCP_PROTOCOL
    2. SSLConnector.SSL_PROTOCOL
  • TicketLoggingHandler significantly reworked to be compatible with
  • AOServConnector.getConnector(…) no longer takes a Logger argument. It will use a logger based on the selected implementation class.
  • Updated dependencies.
  • Changed default CVS repository permissions from 0770 to 02770.


Release Notes

  • Added new system roles for PostgreSQL 11.
  • Reserved PostgreSQL username and database "postgresmon".
  • New isSpecial() methods instead of several places using the same list.
  • New canPostgresIdent() methods to control which Linux accounts can authentication to PostgreSQL via "peer" and "ident".
  • May not enable/disable special users and databases.
  • May not set the passwords of special users.
  • May not check if passwords set on special users.
  • May not grant/revoke access to/from special users and databases.
  • New isScramSha256() methods to determine if a version of PostgreSQL supports scram-sha-256 authentication.
  • Now allowing MySQL and PostgreSQL reserved words in user names and database names. All uses are `…` or "…" quoted to avoid any ambiguity.
  • PostgreSQL database names may now contain capital letters, hyphen (-), period (.), and space ( ), too.
  • MySQL database names may now contain hyphen (-), period (.), and space ( ), too.
  • Added multi-currency support to the billing system:
    1. New table billing.Currency
    2. Changed billing.MonthlyCharge.rate to money type
    3. New table billing.NoticeLog.balance
    4. Removed column billing.NoticeLog.balance
    5. Renamed column billing.PackageDefinition.setup_fee to setupFee and changed to money type
    6. Renamed column billing.PackageDefinition.monthly_rate to monthlyRate and changed to money type
    7. Renamed column billing.PackageDefinitionLimit.additional_rate to additionalRate and changed to money type
    8. Changed billing.Transaction.rate to money type
    9. Removed column payment.Payment.currency_code
    10. Changed payment.Payment.amount to money type
    11. Renamed column payment.Payment.tax_amount to taxAmount and changed to money type
    12. Renamed column payment.Payment.shipping_amount to shippingAmount and changed to money type
    13. Renamed column payment.Payment.duty_amount to dutyAmount and changed to money type
  • No longer billing for disabled Java VMs.
  • Renamed remaining uses of Business to Account.
  • Renamed remaining uses of BusinessAdministrator to Administrator.
  • Renamed remaining uses of BusinessServer to AccountHost.
  • Renamed remaining uses of BusinessProfile to Profile.
  • Renamed remaining uses of Server to Host.
  • Added methods to get timestamps in long or Long in addition to java.sql.Timestamp. These methods may offer higher performance when a Timestamp is not needed.
  • Changed from Calendar.getInstance() to new GregorianCalendar() to work correctly independent of locale settings.
  • Updated for compatibility with aocode-public-3.1.0.
  • Specific management of time zones:
    1. DATE type always managed in GMT time zone.
    2. TIME type parsed and displayed in JVM local time zone.
    3. Billing and accounting time ranges are selected and processed in GMT time zone.
  • Removed unused sort fields from TransactionSearchCriteria
  • Table, column, and type names now support "-escaping, with "" being used to represent a quoted quote. This is done because table and column names now contain . dot characters.

    In the current implementation, AOSH tokenizes on ", much like BASH. Thus, these double quotes should be either escaped or contained within single quotes '. A future update may make AOSH parse with quote " support compatible with the this new mechanism, with ' single quotes used for other quoting.

  • Renamed AOSH command add_transaction to billing.Transaction.add, and it now accepts a time with a value of now, today, YYYY-MM-DD (date in GMT) or YYYY-MM-DD HH:MM[:SS[.mmm]] (date-time in local time zone).
  • Changed wire protocol of Timestamp to send the full nanosecond precision. Communication with older clients will still be millisecond precision.
  • Returning UnmodifiableTimestamp instead of Timestamp, and removed *_millis() variants of time accessors.
  • Added types Identifier (128-bit) and SmallIdentifier (64-bit).
  • Renamed master.Process.process_id to id and changed to SmallIdentifier type.
  • Renamed master.Process.connector_id to connectorId and changed to Identifier type.
  • New method AOServTable.getRowsCopy() that may be used when the returned list must be modifiable. This gives the table implementation a way to create a defensive copy most efficient to its underlying storage mechanism.
  • Moved sort(…) from TypeTable to AOServConnector.
  • Renamed SQLExpression.getValue(…) to evaluate(…) to better represent that this may be computationally non-trivial.
  • Renamed AOSH command check_ssl_certificate to pki.Certificate.check, and it now accepts a boolean flag to enable/disable cached results.

    Cached values are best for background processing like monitoring. Direct values are best for interactive use, at the expense of additional processing.

  • Master returns new entropy needed as entropy is added.
  • Split getRandom() into both getSecureRandom() and getFastRandom(), then selected the appropriate method for each place random is used.
  • Refined ambiguity and imprecise separation between "source account" and "billing account" for monthly charges and monthly rates:
    1. Account.getMonthlyRate() may now return null on filtered billing
    2. Added Account.getBillingMonthlyCharges()
    3. Removed Account.getTotalMonthlyCharges() - use Account.getMonthlyRate() instead
    4. Added Account.getBillingMonthlyRate(), which may return null on filtered billing
  • Added new method TransactionTable.getActiveAccountBalance(…) that provides currently active accounts and currencies.
  • May no longer cancel an account that has any active sub-account.
  • New monthly billing Transaction for disabled accounts are now added as WAITING_CONFIRMATION. These transactions will be moved to CONFIRMED if the account is enabled, or to NOT_CONFIRMED if the account is canceled.
  • Entries are now still added to MonthlyChargeTable when an account is disabled, but with active=false. This provides information about what the account would cost if uncanceled during the 30-day uncancel window.
  • Added phone to url cast as "tel:" URL.
  • Now supporting Redis:
    1. New system group and user for redis.
    2. New protocol redis, defaulting to port 6379.
    3. New protocol redis-cluster, defaulting to port 16379.
    4. New protocol redis-sentinel, defaulting to port 26379.
  • Fixed bug in add_postgres_database parameter count check.
  • Type group_id is now left aligned instead of right aligned, as it is a textual name, not a numeric ID.


Release Notes

  • Payment persistence improvements:
    1. Bank card expiration month and year is now stored in the clear when available:
      1. Added payment.CreditCard.expirationMonth column
      2. Added payment.CreditCard.expirationYear column
      3. Removed payment.CreditCard.encrypted_expiration column
      4. Removed payment.CreditCard.encryption_expiration_from column
      5. Removed payment.CreditCard.encryption_expiration_recipient column
    2. Now updating stored masked card number and expiration date when an updated card is used for a payment:
      1. Added payment.Payment.creditCard.expirationMonth column
      2. Added payment.Payment.creditCard.expirationYear column
      3. Added payment.Payment.authorizationResult.providerReplacementMaskedCardNumber column
      4. Added payment.Payment.authorizationResult.replacementMaskedCardNumber column
      5. Added payment.Payment.authorizationResult.providerReplacementExpiration column
      6. Added payment.Payment.authorizationResult.replacementExpirationMonth column
      7. Added payment.Payment.authorizationResult.replacementExpirationYear column
    3. Transaction paymentInfo may now be updated on approved, declined, and held.

      Transactions are initially created in a pending state with the expected paymentInfo. This allows for updating the paymentInfo to the actual value used, as obtained from AuthorizationResult.replacementMaskedCardNumber.

    4. Added missing CreditCard.customerId from persistence implementation:
      1. Added payment.CreditCard.customerId column
      2. Added payment.Payment.creditCard.customerId column
  • Reduced use of deprecated APIs.
  • Fixed NullPointerException in com.aoindustries.aoserv.client.linux.ServerTable.
  • Fixed NullPointerException in
  • Using managed dependencies:
    1. This project uses managed dependencies.
    2. This project's managed dependencies may also be imported by other projects.


Release Notes

  • Now managing Firewalld zone settings on a per-port basis:
    1. New self-validating type FirewalldZoneName.
    2. New schema type: firewalld_zone_name.
    3. New table firewalld_zones that defines the zones managed on a per-server basis.
    4. New table net_bind_firewalld_zones that maps each port to the specific set of zones it is added to.
    5. addNetBind now takes a set of FirewalldZoneName instead of a single boolean open_firewall. Older clients that provide true for open_firewall will be added to the "public" zone.
    6. Updated the add_net_bind AOSH command to take a variable number of Firewall zone names instead of the single boolean open_firewall.
    7. Removed net_binds.open_firewall and NetBind.isFirewallOpen(). This will be true on older clients when the port is in the "public" zone.
    8. Removed NetBind.setOpenFirewall. Older clients are supported by adding or removing the "public" zone.
    9. Removed the set_net_bind_open_firewall AOSH command.
    10. New method NetBind.setFirewalldZones for fine-grained control over zones on a per-port basis.
    11. Added the set_net_bind_firewalld_zones AOSH command.
    12. New table httpd_site_bind_redirects that configures redirects on a per-httpd_site_bind basis.
  • Parsing command-line in case-insensitive manner.
  • Net ports are now allocated unique-per-server, not globally unique. It has been a full decade since we've used chroot-based virtual servers.
  • New protocol memcached, defaulting to port 11211.
  • EmailSpamAssassinIntegrationMode.DEFAULT_SPAMASSASSIN_INTEGRATION_MODE changed from pop3 to none.
  • New "mysql.session" reserved account for MySQL 5.7: MySQLUser.MYSQL_SESSION.
  • Added can_reference parameter to add_mysql_db_user AOSH command. Existing mysql_db_users granted references_priv matching existing drop_priv. Old client versions granted references_priv matching drop_priv.
  • May now optionally exclude context configuration from conf/server.xml. This then allows deployment of the context by simply overwriting the WAR file. This also allows deployment through the Tomcat Manager webapp, when enabled (disabled by default for static production configuration).
    1. Added httpd_tomcat_contexts.server_xml_configured column, defaulting to true for existing contexts.
    2. Added server_xml_configured parameter to the add_httpd_tomcat_context AOSH command.
    3. Added server_xml_configured parameter to the set_httpd_tomcat_context_attributes AOSH command.
  • To support Let's Encrypt certificates, added httpd_site_binds.ssl_cert_chain_file column. Certbot installs certificates in a structure incompatible with our previous automatic chain detection. With this new column, the chain file may be specified directly.
  • Added httpd_site_bind_redirects.no_escape column to support the noescape RewriteRule Flag, defaulting to false.
  • Added ao_servers.sftp_umask column to support the -u umask option for sftp-server in /etc/ssh/sshd_config.
  • Per-site features now all default to false to begin in the safest configuration:
    1. httpd_sites.enable_cgi now defaults to false.
    2. httpd_sites.enable_ssi now defaults to false.
    3. httpd_sites.enable_htaccess now defaults to false.
    4. httpd_sites.enable_indexes now defaults to false.
    5. httpd_sites.enable_follow_symlinks now defaults to false.
    6. httpd_sites.enable_anonymous_ftp now defaults to false.
    7. Removed parameters from add_httpd_jboss_site command to use defaults.
    8. Removed parameters from add_httpd_tomcat_shared_site command to use defaults.
    9. Removed parameters from add_httpd_tomcat_std_site command to use defaults.
  • Added options to selectively disable protections that have been always on up to this point. These all default to true to begin in the safest configuration. When an application takes full control over the URL space, these default protections might get in the way. They should only be disabled with full understanding and careful consideration.
    1. Added httpd_sites.block_trace_track column, which enables the blocking of TRACE and TRACK HTTP methods.

      Leave this enabled unless you intend to handle these methods and understand the consequences.

      May be configured with the set_httpd_site_block_trace_track AOSH command.

    2. Added httpd_sites.block_scm column, which enables the blocking of URL patterns associated with source control management systems. It is possible for SCM files, such as CVS/Root and .git/config to have authentication credentials.

      Currently has protections for CVS, Subversion, and Git.

      Leave this enabled when pulling web root content directly from revision control systems.

      May be configured with the set_httpd_site_block_scm AOSH command.

    3. Added httpd_sites.block_core_dumps column, which enables blocking of core dumps. Core dumps could potentially expose sensitive information and have predictable filename patterns.

      Leave this enabled when scripts may leave core dumps; if in doubt, leave this on.

      May be configured with the set_httpd_site_block_core_dumps AOSH command.

    4. Added httpd_sites.block_editor_backups column, which enables blocking filename patterns associated with editor automatic backups. Without this protection, it is possible for source code to be leaked by accessing the URL associated with the automatic backups.

      Currently has protections for Emacs and Vim.

      May be configured with the set_httpd_site_block_editor_backups AOSH command.

    5. Added httpd_tomcat_sites.block_webinf column, which blocks access to /META-INF and /WEB-INF at the Apache level. When Apache serves content directly, instead of passing all requests to Tomcat, this helps ensure proper protection of these paths.

      Leave this enable unless trying to squeeze every last drop of performance out of a system and are 100% confident /META-INF and /WEB-INF are mapped to Tomcat. Just leave this on; it's only two Location directives for each HttpdTomcatContext.

      May be configured with the set_httpd_tomcat_site_block_webinf AOSH command.

    6. Fixed bug in add_email_list_address AOSH command implementation.
  • New table httpd_tomcat_site_jk_mounts that configures the request mappings between Apache and Tomcat via the JkMount and JkUnMount directives:
    1. Added the httpd_tomcat_site_jk_mounts table, with default values matching the configurations derived from the old httpd_tomcat_sites.use_apache flag.
    2. Added the add_httpd_tomcat_site_jk_mount AOSH command.
    3. Added the remove_httpd_tomcat_site_jk_mount AOSH command.
    4. Removed the httpd_tomcat_sites.use_apache column, with true provided to older clients when httpd_tomcat_site_jk_mounts does not contain JkMount /* for the site.
    5. Removed the set_httpd_tomcat_site_use_apache AOSH command, with older clients toggling the existence of JkMount /*.
  • May now manually configure which Apache Modules are loaded on a per-Apache-instance basis. Any value left at null, the default, with be in automatic mode. Automatic mode minimizes the number of loaded modules given the current system configuration. Automatic mode does not parse the contents of .htaccess files, so non-default modules may be enabled manually as-needed.

    The following columns within the httpd_servers table control each module, with default automatic behavior described for each:

    1. mod_access_compat defaults:
      • Enabled when aoserv-httpd-config-compat package is installed.
    2. mod_actions defaults:
      • Enabled when CGI-based PHP exists on a site and mod_php is not used on this instance.
    3. mod_alias defaults:
      • Enabled when mod_autoindex enabled (for /icons/Alias in /etc/httpd/aoserv.conf.d/mod_autoindex.conf).
      • Enabled when any site has a secondary context (contexts other than webapps/ROOT are added by Alias).
    4. mod_auth_basic defaults:
      • Enabled when has any httpd_site_authenticated_locations.auth_user_file (for AuthType Basic).
    5. mod_authn_core defaults:
      • Enabled when has any httpd_site_authenticated_locations.auth_user_file (for AuthType Basic).
      • Enabled when has any httpd_site_authenticated_locations.auth_name (for AuthName).
    6. mod_authn_file defaults:
      • Enabled when has any httpd_site_authenticated_locations.auth_user_file (for AuthUserFile).
    7. mod_authz_core defaults:

      When mod_authz_core is manually disabled, the server will still run, but many protections will be disabled. This might result in open proxies, unexpected access to URLs or files, and other serious issues. Only disable when all consequences are fully analyzed and understood.

    8. mod_authz_groupfile defaults:
      • Enabled when has any httpd_site_authenticated_locations.auth_group_file (for AuthGroupFile).
    9. mod_authz_host defaults:
      • Disabled, no auto condition currently to turn it on.

      Might be needed for .htaccess or manual override for Require ip, Require host, or Require local.

    10. mod_authz_user defaults:
    11. mod_autoindex defaults:
      • Enabled when has any httpd_sites.enable_indexes.
    12. mod_deflate defaults:
      • Enabled by default (unless explicitly disabled).
    13. mod_dir defaults:
      • Enabled by default (unless explicitly disabled).
    14. mod_filter defaults:
      • Enabled when mod_deflate is enabled (for AddOutputFilterByType in /etc/httpd/aoserv.conf.d/mod_deflate.conf).
    15. mod_headers defaults:
      • Disabled, no auto condition currently to turn it on.

      Might be needed for .htaccess or manual override for Header or RequestHeader.

    16. mod_include defaults:
      • Enabled when has any httpd_sites.enable_ssi.
    17. mod_jk defaults:
      • Enabled when any site has a JkMount or JkUnMount.
    18. mod_log_config defaults:
      • Enabled by default (unless explicitly disabled).
    19. mod_mime defaults:
    20. mod_mime_magic defaults:
      • Enabled by default (unless explicitly disabled).
    21. mod_negotiation defaults:
      • Disabled by default (unless explicitly enabled).
    22. mod_proxy defaults:
      • Enabled when mod_proxy_http is enabled.
    23. mod_proxy_http defaults:
      • Disabled by default (unless explicitly enabled).
    24. mod_reqtimeout defaults:
      • Enabled by default (unless explicitly disabled).
    25. mod_rewrite defaults:
      • Enabled when has any httpd_sites.block_trace_track.
      • Enabled when has any httpd_site_binds.redirect_to_primary_hostname.
      • Enabled when has any httpd_site_bind_redirects.
    26. mod_setenvif defaults:
      • Enabled when mod_ssl is enabled (for BrowserMatch SSL downgrade of ancient browsers).

      It is safe to disable this module if not concerned about ancient browser support and the module is otherwise not needed.

    27. mod_socache_shmcb defaults:
    28. mod_ssl defaults:
      • Enabled when has any httpd_site_binds.ssl_cert_file.
    29. mod_status defaults:
      • Disabled by default (unless explicitly enabled).
    30. New system groups:
      1. bird
      2. clamscan
      3. clamupdate
      4. virusgroup
    31. New system users:
      1. bird
      2. clamscan
      3. clamupdate
    32. Added pkey output from some AOSH commands that were otherwise quiet upon successful addition of the resource:
      • add_business_profile
      • add_linux_group_account
      • add_net_bind
  • Renamed httpd_servers.number to name and changed type from int to string.
  • New constants for default ports:
    • PostgresServer.DEFAULT_PORT
  • Generated JDBC URLs no longer include the port number when it is the default value.
  • Now supporting mod_wsgi:
    • Added httpd_servers.mod_wsgi column
  • Now supporting httpd_site_binds that do not necessarily include the per-site configuration file:
    • Added httpd_site_binds.include_site_config column
  • Now managing SSL certificates through APIs instead of manually:
    • Added ssl_certificates table
    • Added ssl_certificate_names table
    • Added httpd_site_binds.certificate column
    • Removed httpd_site_binds.ssl_cert_file column
    • Removed httpd_site_binds.ssl_cert_key_file column
    • Removed httpd_site_binds.ssl_cert_chain_file column
    • Added check_ssl_certificate AOSH command
  • Now supporting per-IP/port SSL certificates on Cyrus IMAPD:
    • Added cyrus_imapd_binds table
    • Added cyrus_imapd_servers table
  • Now supporting multiple instances of Sendmail on a server in order to have per-IP/port SSL certificates:
    • Added sendmail_binds table
    • Added sendmail_servers table
  • Removed some old, unused features:
    • Removed set_imap_folder_subscribed AOSH command
    • Removed httpd_servers.is_mod_jk column
    • Removed httpd_servers.max_binds column
    • Removed httpd_shared_tomcats.is_secure column
    • Removed httpd_shared_tomcats.is_overflow column
    • Removed httpd_sites.content_src column
    • Removed is_secure and is_overflow parameters from add_httpd_shared_tomcat AOSH command
    • Removed content_source parameter from add_httpd_jboss_site AOSH command
    • Removed tomcat_version and content_source parameters from add_httpd_tomcat_shared_site AOSH command
    • Removed content_source parameter from add_httpd_tomcat_std_site AOSH command
  • Generating JDBC URLs for MySQL and PostgreSQL more precisely based on the net_binds settings.
  • Now monitoring Apache concurrency:
    • Added httpd_servers.monitoring_concurrency_low column
    • Added httpd_servers.monitoring_concurrency_medium column
    • Added httpd_servers.monitoring_concurrency_high column
    • Added httpd_servers.monitoring_concurrency_critical column
    • Added get_httpd_server_concurrency AOSH command
  • Using System.console() to no longer echo password during login.
  • Now detects multiple DNSRecords of type TXT with destination "v=spf1" as conflicts, to help in compliance of SPF: RFC 4408.
  • Added support for newer versions of PostgreSQL:
    1. Added support for PostgreSQL 9.5.
    2. Added support for PostgreSQL 9.6.
    3. Added support for PostgreSQL 10.
    4. Added support for PostgreSQL 11.
  • Maximum MySQL username is now 32 characters as of MySQL 5.7.8.
  • Added support for MySQL 8.0.
  • Added support for newer versions of Apache Tomcat:
    1. Added support for Apache Tomcat 8.5.
    2. Added support for Apache Tomcat 9.0.
  • May now update Tomcat versions in-place.
    1. In-place upgrades are supported from Tomcat versions 4.1 and above.
    2. In-place upgrades and downgrades are supported to Tomcat versions 8.5 and above.
    3. Added the following AOSH commands:
      1. set_httpd_shared_tomcat_version
      2. set_httpd_tomcat_std_site_version
  • Now supporting per-location Apache handlers:
    1. Added httpd_site_authenticated_locations.handler column
    2. Added add_httpd_site_authenticated_location AOSH command
    3. Added set_httpd_site_authenticated_location_attributes AOSH command
  • Now supporting multiple site-bind configurations per unique (site, ip, port). Previously, there was at most one Apache configuration file per unique (site, ip, port) combination. We now support multiple Apache configuration files per unique (site, ip, port, name), where name is either null (for the default), or a user/API-provided meaningful name to identify the bind.

    We host applications that respond to different, unrelated hostnames/domains, then internally perform virtual hosting or content negotiation to serve different, unrelated clients. With HTTP, this all works well under a single per-(site, ip, port) Apache configuration file.

    However, as part of our initiative to achieve 100% encryption via Let's Encrypt, and given that these hostnames/domains are for unrelated clients, we need to support different SSL certificates for different clients. Previously, we would accomplish this with each SSL certificate on a different IP address. Now with the ubiquity of SNI, we want to run different SSL certificates on the same IP address, and thus our unique constraint on (site, ip, port) was too restrictive.

    API compatibility for older clients is maintained by only manipulating the null (default) bind.

    1. Added column
  • New table httpd_site_bind_headers that configures headers on a per-httpd_site_bind basis.
  • New table ssl_certificate_other_uses that configures configured manual uses of SSL certificates. This will avoid warnings in monitoring and avoid removal in management.
  • May now disable monitoring on a per-IP basis, which is useful to avoid alerts during routine maintenance or while allocating and releasing resources:
    1. Added ip_addresses.monitoring_enabled column
    2. Added set_ip_address_monitoring_enabled AOSH command
  • Moved monitoring configuration into a separate schema. This results in the following changes:
    1. Added IpAddressMonitoring table
  • UID_MAX and GID_MAX are now configurable on a per-server basis. Also, uid and gid allocation proceeds from the last one allocated, wrapping back to UID_MIN once UID_MAX is achieved. Previously, the first available uid, starting at UID_MIN was used, which could cause a new user to have access to orphaned files from an old, deleted user.
  • Schema changes, with some moves toward:
    1. Schema support
    2. Singular table names, PascalCase
    3. camelCase column names
    4. Generated numeric keys id instead of pkey
  • Restructured into package names matching recently introduced master server schemas.
  • Renamed classes to match new table names.
  • ProgressListener and TableLoadListener now notified of row counts using a 64-bit integer to handle results with more than StreamableOutput.MAX_COMPRESSED_INT_VALUE rows.
  • Improved registrable domain management:
    1. Renamed table billing.whois_history to billing.WhoisHistory
    2. Added table billing.WhoisHistoryAccount
    3. Changes to billing.WhoisHistory:
      1. Changed zone to domain type (without the trailing period).
      2. Renamed zone to registrableDomain
      3. Added column exitStatus
      4. Renamed whois_output to output
      5. Added column error
      6. Removed column accounting
  • May now select the format for outgoing emails. May be one of:

    • HTML - HTML allowing embedded images (the default).
    • HTML_ONLY - HTML without any embedded images.
    • TEXT - Plaintext only.

    Made the following schema changes to support this:

    1. Added enum account.Profile.EmailFormat
    2. Added column account.Profile.billingEmailFormat
    3. Added column account.Profile.technicalEmailFormat
    4. Updated add_business_profile AOSH command
  • Allowing direct control over the RewriteRule Flags:
    1. Renamed table httpd_site_bind_redirect to RewriteRule
    2. Renamed column RewriteRule.pkey to id
    3. Renamed column RewriteRule.httpd_site_bind to virtualHost
    4. Renamed column RewriteRule.sort_order to sortOrder
    5. Added column RewriteRule.flags
    6. Removed column RewriteRule.no_escape
  • Moved table getters into per-package schemas.
  • Changed table getters to be consistent with database table names. Unusual for Java, these property names are Pascal-case (CapitalCamelCase), for consistency with their representation in the database. We are choosing to make Java conform to other systems, for consistency across the platform.
  • Moved self-validating type implementations into per-package schemas:
    1. Renamed to match and support master server schema changes in the process.
    2. Renamed account.Username to account.User
    3. Added linux_username to schema.Type
    4. Changed linux.User.username to linux_username type
    5. Changed web.Site.linux_account to linux_username type
    6. Changed linux.UserServer.username to linux_username type
    7. Changed to linux_username type
    8. Changed ftp.GuestUser.username to linux_username type
    9. Changed to linux_username type
  • Changed default ordering of billing.Transaction from time::date, transid to time::date, source_accounting, time, transid.


Release Notes

  • UID_MIN and GID_MIN, as found in /etc/login.defs, is now set on a per-server basis. Older servers keep this at 500 whereas newer servers use the current default of 1000.

    1. Added AOServer.getUidMin()
    2. Added AOServer.getGidMin()
    3. Added LinuxAccount.UID_MAX
    4. Added LinuxGroup.GID_MAX
    5. Removed LinuxID.isSystem()
    6. Removed LinuxServerAccount.MINIMUM_USER_UID
  • Top-level domains change frequently these days. Top reduce code maintenance, using new AO TLDs project to have a self-updating list of top-level domains.
  • Changed distribution verification from MD5 to SHA-256.

    1. Removed DistroFile.hasFileMD5()
    2. Removed DistroFile.getFileMD5Hi()
    3. Removed DistroFile.getFileMD5Lo()
    4. Added DistroFile.hasFileSha256()
    5. Added DistroFile.getFileSha256_0()
    6. Added DistroFile.getFileSha256_1()
    7. Added DistroFile.getFileSha256_2()
    8. Added DistroFile.getFileSha256_3()

    No MD5 data will be sent to older clients. DistroFile.hasFileMD5() will return false for all files.

  • Bug fixes:
    1. Ticket: Fixed handling of filtered reseller field.
  • Web site resources moved to more predictable locations for CentOS 7:
    1. Apache virtual hosts moved from /www to /var/www.
    2. Apache virtual hosts logs moved from /logs to /var/log/httpd-sites.
    3. Multi-site Tomcat installations moved from /wwwgroup to /var/opt/apache-tomcat.
    4. Servers that are upgraded retain compatibility links at the old paths.
  • Moved the following classes to the new AO Lang project:
    1. com.aoindustries.aoserv.client.DtoFactory
    2. com.aoindustries.aoserv.client.validator.InvalidResult
    3. com.aoindustries.aoserv.client.validator.ValidationException
    4. com.aoindustries.aoserv.client.validator.ValidationResult
    5. com.aoindustries.aoserv.client.validator.ValidResult
  • Moved the following classes to the new AO Net Types project:
    1. com.aoindustries.aoserv.client.dto.DomainLabel
    2. com.aoindustries.aoserv.client.dto.DomainLabels
    3. com.aoindustries.aoserv.client.dto.DomainName
    4. com.aoindustries.aoserv.client.dto.Email
    5. com.aoindustries.aoserv.client.dto.HostAddress
    6. com.aoindustries.aoserv.client.dto.InetAddress
    7. com.aoindustries.aoserv.client.dto.MacAddress
    8. com.aoindustries.aoserv.client.dto.NetPort
    9. com.aoindustries.aoserv.client.validator.DomainLabel
    10. com.aoindustries.aoserv.client.validator.DomainLabels
    11. com.aoindustries.aoserv.client.validator.DomainName
    12. com.aoindustries.aoserv.client.validator.Email
    13. com.aoindustries.aoserv.client.validator.HostAddress
    14. com.aoindustries.aoserv.client.validator.InetAddress
    15. com.aoindustries.aoserv.client.validator.MacAddress
    16. com.aoindustries.aoserv.client.validator.NetPort
  • Removed a few tables that are now represented by self-validating types:
    1. Removed linux_ids table
    2. Removed net_ports table
    3. Removed net_protocols table
  • Removed a couple protocols that referred to old raw net protocol:
    1. Removed protocols.rtmp row
    2. Removed row
  • Changed column types to use new self-validating types:
    1. Changed to hostname type
    2. Changed distro_files.group_name to group_id type
    3. Changed email_pipes.path to string type
    4. Renamed email_pipes.path to command
    5. Changed failover_file_replications.quota_gid to linux_id type
    6. Changed httpd_sites.group_name to group_id type
    7. Changed httpd_tomcat_contexts.doc_base to path type
    8. Changed linux_group_accounts.group_name to group_id type
    9. Changed to group_id type
    10. Changed to group_id type
    11. Changed linux_server_accounts.uid to linux_id type
    12. Changed linux_server_groups.gid to linux_id type
    13. Changed to hostname type
    14. Changed to mysql_database_name type
    15. Removed mysql_reserved_words table
    16. Changed to mysql_server_name type
    17. Changed mysql_server_users.username to mysql_username type
    18. Changed mysql_users.username to mysql_username type
    19. Changed net_binds.port to net_port type
    20. Removed net_binds.net_protocol column
    21. Changed net_devices.mac_address to mac_address type
    22. Changed net_tcp_redirects.destination_port to net_port type
    23. Changed to postgres_database_name type
    24. Removed postgres_reserved_words table
    25. Changed to postgres_server_name type
    26. Changed postgres_server_users.username to postgres_username type
    27. Changed postgres_users.username to postgres_username type
    28. Removed protocols.net_protocol column
    29. Changed protocols.port to net_port type
    30. Changed ticket_actions.old_assigned_to to username type
    31. Changed ticket_actions.new_assigned_to to username type
  • Removed package type:
    1. Changed dns_zones.package to accounting type
    2. Changed email_domains.package to accounting type
    3. Changed email_pipes.package to accounting type
    4. Changed email_smtp_relays.package to accounting type
    5. Changed httpd_sites.package to accounting type
    6. Changed ip_addresses.package to accounting type
    7. Changed linux_groups.package to accounting type
    8. Changed monthly_charges.package to accounting type
    9. Changed mysql_databases.package to accounting type
    10. Changed mysql_servers.package to accounting type
    11. Changed net_binds.package to accounting type
    12. Changed to accounting type
    13. Changed usernames.package to accounting type
  • Changed client-side objects to use more of the new self-validating types:
    1. Changed path type implementation to UnixPath class
    2. Changed username type implementation to UserId class
  • Removed AOSH commands covered by self-validating types:
    1. Removed check_business_administrator_username command.
    2. Removed check_email_forwarding command.
    3. Removed check_ip_address command.
    4. Removed check_linux_account_username command.
    5. Removed check_package_name command.
  • New field CvsRepository.DEFAULT_CVS_DIRECTORY providing the default directory containing CVS repositories.
  • Completed generics for CannotRemoveReason.
  • MySQL and PostgreSQL database dump improvements:
    1. New gzip flag to enable Gzip compression.
    2. New methods to dump databases directly into an OutputStream to avoid the additional encoding layer of the default Writer.
    3. New constants providing dump character encoding.
    4. Database dumps now provide the size of the dumps in bytes.
  • New interface AOServStreamable that extends Streamable, but represents its version as AOServProtocol.Version.
  • Extended network protocol to send randomized command sequences to help ensure stream integrity.
  • Now supporting MySQL 5.7.
  • is now nullable.
  • Added linux_group_accounts.operating_system_version column to limit groups on a per-operating-system-version basis.
  • Linux shell accounts now support, and default to, non-hashed home directories in /home/username format. Hashed home directories of the form /home/u/username are still supported when specifically selected.
  • New AOServer.addSystemGroup() and AOServer.addSystemUser() calls for AOServ Daemon to automatically register new system groups and users with the AOServ Master.
  • Added linux_server_accounts.sudo column to configure sudo on a per-user and per-server basis.
  • Enabled more fine-grained control over per-site Apache settings:
    1. Added HttpdSite.getEnableSsi()
    2. Added HttpdSite.getEnableHtaccess()
    3. Added HttpdSite.getEnableIndexes()
    4. Added HttpdSite.getEnableFollowSymlinks()
    5. Added HttpdSite.getEnableAnonymousFtp()
    6. Added parameters to add_httpd_jboss_site command for new settings.
    7. Added parameters to add_httpd_tomcat_shared_site command for new settings.
    8. Added parameters to add_httpd_tomcat_std_site command for new settings.
    9. Added set_httpd_site_php_version command.
    10. Added set_httpd_site_enable_cgi command.
    11. Added set_httpd_site_enable_ssi command.
    12. Added set_httpd_site_enable_htaccess command.
    13. Added set_httpd_site_enable_indexes command.
    14. Added set_httpd_site_enable_follow_symlinks command.
    15. Added set_httpd_site_enable_anonymous_ftp command.
    16. Added set_httpd_tomcat_site_use_apache command.
  • Enabled more fine-grained control over Tomcat settings:
    1. Added HttpdSharedTomcat.getMaxPostSize()
    2. Added HttpdSharedTomcat.getUnpackWARs()
    3. Added HttpdSharedTomcat.getAutoDeploy()
    4. Added HttpdTomcatStdSite.getMaxPostSize()
    5. Added HttpdTomcatStdSite.getUnpackWARs()
    6. Added HttpdTomcatStdSite.getAutoDeploy()
    7. Added set_httpd_shared_tomcat_max_post_size command.
    8. Added set_httpd_shared_tomcat_unpack_wars command.
    9. Added set_httpd_shared_tomcat_auto_deploy command.
    10. Added set_httpd_tomcat_std_site_max_post_size command.
    11. Added set_httpd_tomcat_std_site_unpack_wars command.
    12. Added set_httpd_tomcat_std_site_auto_deploy command.
  • Disabled site now packaged in RPM and distributed via Yum.
  • New system groups:
    1. aoserv-jilter
    2. aoserv-xen-migration
    3. mailnull
    4. memcached
    5. nginx
    6. saslauth
    7. smmsp
  • New system users:
    1. aoserv-jilter
    2. aoserv-xen-migration
    3. mailnull
    4. memcached
    5. nginx
    6. saslauth
    7. smmsp
  • Added Protocol.RFB for VNC servers.
  • Shared Tomcats now auto-shutdown when have no enabled sites.
  • Email lists on CentOS 7 are directly in /etc/mail/lists and no longer use hashed-directory format:
    1. check_email_list_path command altered to include ao_server parameter.
  • Added Protocol.SPAMD, which is used to enable SpamAssassin via the net_binds table.
  • Updated dependencies.
  • Protocol 1.80.2 finalized.


Release Notes

  • New AO OSS Parent POM to simplify pom.xml files.
  • Project documentation moved to per-project book in SemanticCMS format.
  • Added changelog as top-level project link.
  • Default DNS zone TTL changed from 43200 (12 hours) to 3600 (1 hour).
  • Existing zones that were the default 43200 have been changed to 3600.


Release Notes

  • Improved Javadoc formatting.
  • Improved README formatting.


Release Notes

  • Improved Javadoc formatting.
  • Additional MySQL collation.
  • Each lock object now a small empty class to help identify lock contention.

    The lock contention profiler in NetBeans is just showing "java.lang.Object" all over, and can't seem to get from the lock object id to the actual object in the heap dump using OQL (id not found).

  • Updated MySQL JDBC documentation URLs.


Release Notes

  • Added ".top" top-level domain.


Release Notes

  • Improved Maven configuration for Java EE 6 dependencies.


Release Notes

  • MySQL JDBC only used for tests.


Release Notes

  • Project moved to GitHub and Maven.