This release includes support for listening on IPv6 addresses. It also fixes issues with servers that have home directories mounted over NFS with
root_squash, and with networks that use double-bind LDAP with restrictive permissions on user accounts.
Finally, this release changes the default SSL/TLS configuration in Shiny Server Pro to remove support for the obsolete and insecure TLSv1 protocol.
Shiny Server 220.127.116.111
Upgrade to Node v8.11.3.
Added support for listening on IPv6 addresses.
X-Powered-By response header now reports “Shiny Server” instead of “Express”.
Resolve permissions issues when log directory is on an NFS mount with root
log_as_userdirective was intended to work for these situations,
but would fail in common configurations. It should now work.
log_file_modeno longer respects the process umask, and the default has been
Exit code of shiny-server process was always 0, regardless of the reason the
process exited. Now a non-zero exit code is used if the process was terminated
by a signal, or an unhandled error crashed the process, or loading of the
shiny-server.conf config file failed during startup.
Shiny Server Pro 18.104.22.1685
The above changes, plus:
For LDAP double-bind authentication, use the base_bind account to iterate the
user’s groups (rather than the user’s own LDAP account, which sometimes does
not have permissions to see its own groups).
auth_ignore_casedirective, which can be used to treat
required_groupdirectives as case-insensitive. Disabled by default, as
it’s only safe to use on systems that prevent the creation of users/groups
whose names vary from existing users/groups only by case.
For SSL/TLS configurations, remove support for TLSv1 by default (SSLv2 and v3
were already not supported). If a stricter or looser policy is desired, this
can be achieved by adding
ssl_min_versionas a child directive of
valid values for