Uptime Kuma has recently released version 1.23.7, bringing a range of improvements, bug fixes, and security fixes to the popular server monitoring tool.

In terms of improvements, version 1.23.7 includes the ability to show the original timeout message and adds an additional 10 seconds for the abort signal. This enhancement allows users to better understand and manage timeout issues. Additionally, the error message on abort signal timeout has been improved, thanks to the contribution of @chakflying.

In the bug fixes category, Uptime Kuma has addressed a memory leak issue by ensuring the client postgresql connection is closed after rejection. This fix was made possible by the contribution of @mvaled. Furthermore, the team has decided to revert the “Restart running monitors if no heartbeat” feature, as it was causing issues from version 1.23.4 to 1.23.6.

In terms of security fixes, Uptime Kuma has taken steps to address multiple vulnerabilities. First, an XSS issue in the “Google Analytics ID” text field has been resolved, thanks to the report by @gtg2619. More details about this fix can be found in the advisory GHSA-v4v2-8h88-65qj. Additionally, the Tailscale ping has been rewritten using spawnSync, addressing a security vulnerability reported by @vaadata-pascala. Further information on this issue can be found in the advisory GHSA-hfxh-rjv7-2369. Lastly, Uptime Kuma has made certain functions, such as getGameList and testChrome, only accessible with login, improving overall system security.

Aside from these significant updates, version 1.23.7 also includes various small changes, code refactoring, and comment/documentation updates to enhance the overall user experience.

In this week’s issue of README Highlight (#47, 2023), we are taking a look at Dockge, a fancy, easy-to-use, and reactive self-hosted docker-compose.yml stack-oriented manager. Dockge allows users to easily manage their docker-compose.yml files, create/edit/start/stop/restart/delete containers, and update Docker images. It also features an interactive editor for docker-compose.yml files and a web terminal for easy management.

One of the key features of Dockge is its reactive nature. It provides real-time progress updates and terminal output, making it easy for users to monitor their containers. The UI of Dockge is also designed to be easy-to-use and visually appealing, inspired by the UI/UX of Uptime Kuma.

Dockge follows a file-based structure, ensuring that users have full control over their compose files and can interact with them using normal Docker compose commands. It also provides the ability to convert docker run ... commands into docker-compose.yml format.

To install Dockge, users need to have Docker CE 20+ or Podman installed. The installation process involves creating a directory to store stacks and Dockge’s compose.yaml file, downloading the compose.yaml file, and starting the server using docker compose up -d command.

Dockge supports various platforms including armv7, arm64, and amd64. It is compatible with Docker CE and Podman.

The project provides a number of screenshots showcasing its features, including the interactive editor, web terminal, and UI.

The motivation behind Dockge was to provide an alternative to existing stack management tools like Portainer, with a focus on improving the user experience and clear error messaging. The developer also wanted to experiment with developing using ES Module + TypeScript.

Bug reports, help, and discussions can be found on the project’s GitHub repository. Users interested in translating Dockge into their language can refer to the Translation Guide provided.

In the FAQ section, the developer explains that “Dockge” is a coinage word created by themselves, inspired by Twitch emotes like sadge, bedge, and wokege. Dockge is primarily designed to manage stacks using compose.yaml files, but users can manage single containers using other tools like Portainer or Docker CLI. It is also possible to manage existing stacks by moving the compose file into the stacks directory and scanning the stacks folder in Dockge.

The developer also mentions more ideas for future improvements, including stats, file manager, app store for yaml templates, app icons, switching Docker context, Dockerfile and build support, and Docker swarm support.

Overall, Dockge is a comprehensive and user-friendly tool for managing Docker compose stacks, providing an intuitive UI and real-time updates for easy management.

Source: Dockge README.

OpenSSL 3.2, the latest major update to the widely-used cryptography and SSL/TLS project, has been released. This update brings numerous new features and improvements to the library.

Some of the key highlights of the OpenSSL 3.2 release include:

• The default SSL/TLS security level has been increased from 1 to 2, enhancing security for users.
• Support for client-side QUIC has been added, including multi-stream support. QUIC is a general-purpose transport layer network protocol initially developed by Google and later adopted by the IETF. While OpenSSL 3.2 only offers client-side QUIC support, the plan for OpenSSL 3.3~3.4 over the next year is to further enhance this QUIC implementation.
• The addition of support for Ed25519ctx, Ed25519ph, and Ed448p.
• Deterministic ECDSA signatures are now supported.
• TCP Fast Open is now supported on Linux, macOS, and FreeBSD where available.
• TLS certificate compression is now supported with Zlib, Brotli, and Zstd.
• On Windows, support has been added for using the Windows system certificate store as a source of trusted root certificates, although it is not enabled by default.
• Additional enhancements include support for SM4-XTS, AES-GCM-SIV, Argon2 KDF, Brainpool curves in TLS 1.3, TLS Raw Public Keys, and various other additions.

For downloads and further details on the OpenSSL 3.2 release, visit the official OpenSSL website.

Source: Phoronix.

SiFive has addressed compatibility issues between AMD’s Linux graphics drivers and newer GPUs on RISC-V architecture. The problem, linked to AMDGPU’s “DC” display code, was resolved by introducing kernel-mode FPU support for RISC-V. SiFive’s patches, currently under review, are expected to be part of the Linux 6.8 kernel. Once implemented, this update will allow the latest AMD GPUs to seamlessly operate on RISC-V using open-source drivers.

Source: Phoronix.

Proxmox today announced the release of version 8.1 of Proxmox Virtual Environment, its open-source server virtualization management platform. This version comes with several new features, support for Secure Boot, a Software-defined Network stack, a new flexible notification system, and many further enhancements and bug fixes.

Proxmox VE 8.1 is based on Debian 12.2 (“Bookworm”), but uses a newer Linux kernel 6.5 as stable default, and includes updates to the latest versions of leading open-source technologies for virtual environments like QEMU 8.1.2 and LXC 5.0.2. It comes with ZFS 2.2.0 including the most important bugfixes from 2.2.1 already. The virtualization platform adds support for Ceph Reef 18.2.0 and continues to support Ceph Quincy 17.2.7.

Highlights in Proxmox Virtual Environment 8.1

• Support for Secure Boot: This version is now compatible with Secure Boot. This security feature is designed to protect the boot process of a computer by ensuring that only software with a valid digital signature launches on a machine. Proxmox VE now includes a signed shim bootloader trusted by most hardware’s UEFI implementations. This allows installing Proxmox VE in environments with Secure Boot active.
• Software-defined Network (SDN): With this version the core Software-defined Network (SDN) packages are installed by default. The SDN technology in Proxmox VE enables to create virtual zones and networks (VNets), which enables users to effectively manage and control complex networking configurations and multitenancy setups directly from the web interface at the datacenter level. Use cases for SDN range from an isolated private network on each individual node to complex overlay networks across multiple Proxmox VE clusters on different locations. The benefits result in a more responsive and adaptable network infrastructure that can scale according to business needs.
• New Flexible Notification System: This release introduces a new framework that uses a matcher-based approach to route notifications. It lets users designate different target types as recipients of notifications. Alongside the current local Postfix MTA, supported targets include Gotify servers or SMTP servers that require SMTP authentication. Notification matchers determine which targets will get notifications for particular events based on predetermined rules. The new notification system now enables greater flexibility, allowing for more granular definitions of when, where, and how notifications are sent.
• Support for Ceph Reef and Ceph Quincy: Proxmox Virtual Environment 8.1 adds support for Ceph Reef 18.2.0 and continues to support Ceph Quincy 17.2.7. The preferred Ceph version can be selected during the installation process. Ceph Reef brings better defaults improving performance and increased reading speed.

Availability

Proxmox VE 8.1 is available for download at the Proxmox website. The ISO contains the complete feature-set and can be installed on bare-metal.

The virtualization platform from Proxmox comes stocked with all the essential management tools, as well as an easy-to-use, web-based user interface. This allows for simple, out-of-the-box management of the host, either through the command line or a standard web browser. Distribution upgrades from older versions of Proxmox VE are possible with apt. It’s also possible to install Proxmox VE 8.1 on top of Debian. Proxmox Virtual Environment is free and open-source software, published under the GNU Affero General Public License, v3.

Banana Pi has released a new WiFi 7 router board called the BPI-R4. This router board is powered by the MediaTek MT7988A (Filogic 880) quad-core Arm Corex-A73 processor. It features 4GB DDR4 RAM, 8GB eMMC flash, and 128MB SPI-NAND flash.

The BPI-R4 also includes two 10GbE SFP cages, four Gigabit Ethernet RJ45 ports, a USB 3.2 port, an M.2 socket for a 4G/5G modem or an NVMe SSD, and two mini PCIe slots with PCIe 3.0 to support WiFi 7.

The specifications of the Banana Pi BPI-R4 are as follows:

• SoC: MediaTek MT7988A (Filogic 880) quad-core Arm Corex-A73 processor @ 1.8GHz with AI-powered packet accelerator
• System Memory: 4GB DDR4
• Storage: 8GB eMMC flash, 128MB SPI NAND Flash, microSD card slot, M.2 Key M for NVMe SSD
• Networking: 2x 10GbE SFP cages, 4x Gigabit Ethernet RJ45 ports
• USB: USB 3.2 port
• Expansion: M.2 Key-B slot with USB 3.2 interface for 5G or 4G LTE connectivity, M.2 Key-M slot with 1-lane PCIe 3.0 for NVMe SSD, 2x mini PCIe slots with 2-lane PCIe 3.0 for Wi-Fi 7 NIC, 26-pin GPIO header for expansion
• Debugging: 3-pin header for 3.3V serial console
• Misc: Reset button, WPS button, bootstrap switch, RTC battery connector
• Power Supply: 12V/5.2A or 19V/3.2A via DC jack, 20V DC input via header, optional PoE module (RT5400), 5V/12V output header
• Dimensions: 148 x 100.5 mm
• Weight: 250 grams

The Banana Pi BPI-R4 currently has three OpenWrt images available for eMMC, NAND flash, or microSD card boot. A Debian image is also in development. The board does not come with a WiFi 7 module by default but can support it through the two mini PCIe sockets.

The WiFi 7 iPA NIC Module, which can be added to the BPI-R4, is based on a four-chip design with MediaTek MT7996 (WiFi 7 tri-band BE19000 SoC), MT7995N (2.4 GHz WiFi), MT7977AN (6 GHz), and MT7977B (6 GHz).

The Banana Pi BPI-R4 is available for purchase on Aliexpress for $103.15, but the WiFi 7 card must be purchased separately. Coupon codes are available for discounts during the Black Friday promotion.

Overall, the Banana Pi BPI-R4 is a powerful WiFi 7 router board with a range of features and expandability options.

Source: CNX Software – Embedded Systems News.