NethServer project milestone 8.6

Announcements
, , , ,
1

We’re excited to share the latest progress on NethServer 8 with the release of milestone 8.6. In the last three months we delivered improvements to security, usability, and system reliability, along with refreshed applications and deeper cloud integration.

:sunrise: Enhancements

Here are the most notable updates since milestone 8.5. For the full changelog, check out the release notes for milestone 8.6.

New TLS certificates page

The TLS certificates UI has completed its redesign cycle, offering full lifecycle management of Let’s Encrypt certificates with clearer validation, renewal, and deletion steps.

An automated certificate expiration alert is now sent when a TLS certificate is within 28 days of expiry.

TLS certificates page
TLS certificates page1920×950 148 KB

Delete obsolete certificates modal window
Delete obsolete certificates modal window1920×950 134 KB

Upload certificate modal window
Upload certificate modal window1920×950 105 KB

Application restart

A new Restart action in the Software Center allows administrators to completely restart an application instance. This behaves like a node reboot but limited to the chosen app — stopping and starting all of its components.

Restart Application action
Restart Application action1167×651 38.5 KB

Safer migrations

During application migration, the cluster admin UI of the app is now disabled. This prevents accidental changes that could interfere with the migration process.

"Undergoing migration" message
"Undergoing migration" message1344×722 19 KB

Default password policy

Both Samba AD and OpenLDAP domains now adopt a more flexible default password expiration age ranging from 0 to 180 days (previously 1–42 days for Samba AD). Administrators can fine-tune these settings after domain creation. Special user accounts can be configured with “No password expiration” flag. Samba AD users can also be forced to change their password with the Must change password at next logon flag. Both flags can be managed also from the user portal interface.

Edit password age policy
Edit password age policy1854×955 79 KB

Exempt with No password expiraton
Exempt with No password expiraton1854×955 55.5 KB

Must change password
Must change password1854×955 69.4 KB

User portal list
User portal list1914×953 49.8 KB

Change password from user portal
Change password from user portal1914×953 77.3 KB

Set flags from user portal
Set flags from user portal1914×953 75.8 KB

CrowdSec notification improvements

CrowdSec notifications have been streamlined to reduce noise:

  • A single daily summary email with ban decisions.
  • Immediate notification if decisions exceed a threshold (default: 500).
  • Customizable sender address for improved email delivery.
  • Cleaner, more readable layout and style.

Email notification after 5 decisions, custom threshold
Email notification after 5 decisions, custom threshold1117×379 24.4 KB

WebTop

The latest WebTop release introduces:

  • A modernized UI with new icons and streamlined layouts
  • Delayed email sending with cancellation before delivery
  • Automatic IMAP/SMTP configuration for mobile devices
  • Numerous usability, security, and performance improvements

New icons
New icons645×497 38.9 KB

Delayed email sending
Delayed email sending653×500 20.8 KB

NethVoice

NethVoice continues to evolve with:

  • Real-time JPG video streaming for intercoms, with preview in notifications and Phone Island
  • Enhanced operator panel design and dashboard accessibility
  • Improved SRTP handling in NethVoice Proxy
  • Fixes across CTI, VoIP trunks, conferencing, voicemail, and call transfers

Intercom video sources in CTI
Intercom video sources in CTI690×414 32.3 KB

Video source configuration
Video source configuration690×401 30 KB

Updated applications

Latest upstream versions now available in the Default repository:

  • Mattermost 10.5.11 ESR
  • Ejabberd 25.07
  • Nextcloud 31.0.7
  • CrowdSec 1.16.11

:mag: Bug Fixes

More than 30 issues were resolved in this milestone to improve stability and reliability. See the full list on our GitHub issue tracker.

:arrow_up: Roadmap

Looking ahead to milestone 8.7, planned for the end of the year 2025:

  • Applications page and enhanced Node details – We’ll add a new cluster-admin page, dedicated to installed applications, with applicaton-specific actions, links, where we progressively add information about the app itself. More information will be visible in the Nodes page.
  • Assign specific app volumes to dedicated storage – We’ll analyze and implement the low-level mapping between application volumes and mounted disks to improve the sysadmin experience with large data volumes.
  • Import/export LDAP users, groups and e-mail addresses – Implement APIs and UIs to massively import/export LDAP users and groups, integrating the mail attribute also in the Mail application.

Stay tuned on our project page.

:thinking: What is a “Project Milestone”?

In NS8, we use project checkpoints called milestones to highlight significant goals achieved and upcoming priorities. A milestone number like 8.6 does not represent a software version, but a checkpoint in the overall project roadmap.

:fist: Get Involved in the NS8 Community

Your participation keeps NS8 moving forward! Here’s how you can help:

  • Join the forum discussion using the tag ns8
  • Report bugs, share ideas, and refine features
  • Contribute translations on Weblate

Every contribution matters — let’s keep building the future of NS8 together :rocket:

The NethServer Team

13 Likes
3

With this Implementation, WOuld it be possible to implement Application Shared Volumes.
Some applications have capacity and need to share volume locations and files, calibre and its many tools is one example, and most AAR tools, as well as many cctv tools, and Home automation tools as well.

The Application restart, and deleting certs is a great Addition

Regarding the User Pages, from your screenshrot, an Admin is able to Add users, and do other user related tasks, Would it be possible, to enable someone to be able to do thos things as well, but only limited within the users page,

they can Add new users, reset users passwords, Edit User Information.
Where necessary, permissions for disable User, or Delete user.

4

It seems like this would include, or support, the ability to change account providers–e.g., from OpenLDAP to AD. Thoughts on that?

1 Like
5

I haven’t bothered to say anything for all this time and I finally feel like I should point out that I’ve always been bothered by the use of these milestones. My nodes say Nethserver 8. Your announcement is Nethserver 8.6. My core is still 3.9.1. The closest core to this milestone, day before yesterday is 3.12. I understand that the milestone is far more than just the core. My Nextcloud is 31.0.6, milestone 8.6 includes NC 31.0.7 which was released to NS a few weeks ago.

It’s just confusing. Maybe, at least in these announcements add a minimum core version or, just keep the milestone # to yourselves internally.

Basically, if I want to know where my clusters stand with regards to your announcements, I have to go through the announcements and then click though several different pages of my clusters to verify. Yes, if the clusters are up to date then you can assume you’re at such and such a milestone but, I feel like it really should be more clear at a glance.

Just my 2c.

5 Likes
6

This is great! While you are on it, could you please consider to allow e-mail alias addresses from LDAP as well? Ideally with a configurable field name, but also a fixed field name for aliases would be fine.

That would improve the integration in webmail apps (like SOGo, nextcloud mail) that are able to let the user choose a from-address from valid ldap mail aliases when sending mails.

This is also a great addition. Would it include the possibility to assign NFS storage to apps?

7

No, filesystem-level sharing is not among the feature goals. Inside containers, applications use different UID/GID namespaces, so they cannot reliably share the same filesystem area, such as a volume mount.

Fine-grained permissions in cluster-admin are possible because the backend (api-server) grants permissions at the action level. However, the UI is not designed for fine-grained authorizations, so implementing it would not be straightforward.

At the moment, user management features are also available in the user portal. If I want to grant user management permissions without full cluster-admin access, I can add an LDAP user to the Domain Admins group.

Why not? It could serve as a migration path between AD and OpenLDAP. However, passwords cannot be exported since they are encrypted.

I understand that all those X.Y numbers can be annoying, and boring too! As you say, the milestone is far more than just the core, so we may have a milestone announcement without a new core version. Should we simply use the date instead? For example, NethServer project milestone October 2025.

Beside the mail attribute? Why not? If it’s simple to implement, we can consider it.

It depends on the app. For instance, Samba requires filesystem extended attributes (xattrs), which NFS may not support.

1 Like
8

Thank you for consideration. At least to my experience, having a second LDAP field (besides mail) that stores E-Mail Aliases of a user seems to be pretty common.

Thank you, that limitation would be acceptable for me. I think that main usage for NFS shares would be storage-intensive applications, like e.g. nextcloud file storage or E-Mail storage. These typically do not require special permission settings.

1 Like
9

Sure. That’d reduce confusion a lot I think. I actually have a lot of thoughts on this, too many really, but that could keep people coming from, for example, Distrowatch, looking for 8.6 announced Oct 3 and only finding Nethserver 8.

Regarding all these thoughts I have about this whole thing without going off the rails and into the weeds… let me say this, what are you going to do when you’re ready to actually rename Nethserver 8 to Nethserver 9? Will that milestone actually be associated with a core version? You’d have to wouldn’t you? Just like when you update Nextcloud to 31.0.7 using nethserver/ns8-nextcloud 1.5.1, you change the nextcloud/dockerfile line.

1 Like
10

I think SSL notifications needs some improvements,

I get way too many notifications, its frustrating, i cant set custom timeline for notification. I cant manually renew SSL certs, to stop notifications.
Unlike NS7, in NS8 you can get SSL, if they are part of traefik routs, or module hostnames.

Is there something we could do to improve this.

11

I’m afraid using the date wouldn’t fit well with the development process. A milestone needs a name assigned before it starts. The finish date is just one of its attributes and may change along the way, so it’s not suitable to use as the milestone name.

More than a year and six milestones have passed since we adopted the current approach. It’s not perfect, but changing it now could cause even more confusion, so I’d prefer to avoid that. Feel free to open a new Feature topic to discuss possible alternatives.

I suggest opening a Support thread for that. Here, I can just say that the Metrics UI should already provide control over Alert Manager and allow silencing active alarms. However, there seems to be an issue with it at the moment, since it’s not working as expected. We’ll need to fix that: Project Card.

1 Like
12

I think He Suggested, mentioning minimum Versions of each Milestone.

Eg, core versions, traefik versions etc, to Make it easy, Just to grasp, incase one is following the change Logs

1 Like
13

That’s fine. I can include individual component versions more often in Release Notes and in Announcements to make changelog searches easier.

4 Likes
14

Hi,

Are there any plan to update Crowdsec to the latest version ?

image
image438×138 9.35 KB

3 Likes
15

many many bug fixes are coming to 1.7.1, like we do with Nextcloud we wait the next minor release of a major release to try to be bug free as many as possible.

4 Likes
16

Makes sense. :+1:

1 Like
17

Please integrate the primary network information, esp. configured IP adresses (V4/v6)

2 Likes
18

Yes, we’re working on it :+1:

2 Likes