This release includes support for listening on IPv6 addresses. It also fixes issues with servers that have home directories mounted over NFS with
root_squash, and with networks that use double-bind LDAP with restrictive permissions on user accounts.
Finally, this release changes the default SSL/TLS configuration in Shiny Server Pro to remove support for the obsolete and insecure TLSv1 protocol.
Shiny Server 220.127.116.111
Upgrade to Node v8.11.3.
Added support for listening on IPv6 addresses.
X-Powered-By response header now reports “Shiny Server” instead of “Express”.
Resolve permissions issues when log directory is on an NFS mount with root squash. The
log_as_userdirective was intended to work for these situations, but would fail in common configurations. It should now work.
log_file_modeno longer respects the process umask, and the default has been changed from
Exit code of shiny-server process was always 0, regardless of the reason the process exited. Now a non-zero exit code is used if the process was terminated by a signal, or an unhandled error crashed the process, or loading of the shiny-server.conf config file failed during startup.
Shiny Server Pro 18.104.22.1685
The above changes, plus:
For LDAP double-bind authentication, use the base_bind account to iterate the user’s groups (rather than the user’s own LDAP account, which sometimes does not have permissions to see its own groups).
auth_ignore_casedirective, which can be used to treat
required_groupdirectives as case-insensitive. Disabled by default, as it’s only safe to use on systems that prevent the creation of users/groups whose names vary from existing users/groups only by case.
For SSL/TLS configurations, remove support for TLSv1 by default (SSLv2 and v3 were already not supported). If a stricter or looser policy is desired, this can be achieved by adding
ssl_min_versionas a child directive of
ssl; valid values for