NethServer project milestone 8.9

We’re happy to announce milestone 8.9, marking another step forward for NethServer 8. This development cycle focused on:

  • redesigning the backup architecture around cluster nodes
  • hardening security defaults
  • giving more control and visibility in the cluster-admin UI
  • strengthening mail filtering capabilities
  • core applications updates

:star2: Enhancements

Here are the highlights introduced since milestone 8.8.

The full list is available in the release notes for milestone 8.9.

New centralized backup architecture

Backup handling has been redesigned around the cluster node rather than individual applications, delivering one of the main goals announced in the previous milestone. The new architecture brings several benefits:

  • More secure: destination passwords are isolated from applications and only accessible with special privileges.
  • Smarter scheduling: schedule conflicts are detected and retried automatically within a one-hour window.
  • Reachable destinations: on multi-node clusters, nodes can route backup traffic through other nodes, making on-premise destinations reachable from cloud nodes.
  • Per-node validation: every node validates its own connectivity and permissions to a destination, not just the leader.
  • Custom Rclone configuration: destinations can be fine-tuned with a raw Rclone configuration, enabling advanced options and new destination types such as SFTP and WebDAV. The Azure Blob Storage destination type has been removed in favor of this more flexible approach.

In addition, applications restored via disaster recovery now keep their original backup schedules.

Abort running tasks with a safer confirmation

Some long-running tasks, including application restore, can now be aborted from the UI. The confirmation step has been redesigned to prevent accidental clicks that could interrupt an important operation, such as a restore or clone in progress.

Free disk space shown during node selection

Building on the volume selection feature introduced in milestone 8.8, the node selection step now shows the free disk space of the root filesystem for every node when installing, cloning, or restoring an application — not only for nodes with an additional volume. This is a first step toward better resource visibility in the cluster-admin UI.

Password never expires for OpenLDAP users

The Password never expires option, previously available only for Active Directory, can now be enabled for individual OpenLDAP users too, both from cluster-admin and the user portal.

Other enhancements

This milestone also brings a restricted shell for application service users, a random initial root password on pre-built images, experimental Spamhaus DQS support and a sender blocklist for the Mail application, IPv6 support in the HTTP routes allow list, and application updates including Nextcloud 33 and WebTop 5.32. For the complete picture, check the release notes.

:beetle: Bug fixes

20+ bugs have been addressed across core components and applications to improve stability and reliability. Here is a brief list:

The full list is available on our GitHub issue tracker.

:compass: Roadmap

Work is already underway for milestone 8.10.

The Mail application improvements announced in the previous milestone — refreshing the Mail containers, the LDAP mail attribute integration, and improvements to mail forwards — were further delayed to 8.10. During this cycle, considerable effort went into fixing Systemd and Podman issues introduced by Rocky Linux 9.8 and into completing the backup improvements described above.

A new goal has been added: defining the core NS8 single sign-on (SSO) architecture, laying the groundwork for future integration of applications like Nextcloud, WebTop, and NethVoice with external identity providers, such as Microsoft Entra ID and Google.

Also worth mentioning, milestone 8.10 will implement a set of completed UX designs:

  • TLS certificates settings UI, with ACME challenge type choice and trusted proxy configuration
  • Regexp log search, with results date interval and count
  • Automated updates switch-off in the Software Center

Finally, the multi-step clone/move procedure is still postponed to a future milestone.

Follow the roadmap on our project page.

:book: Project milestone meaning

In NS8, milestones act as checkpoints in the project’s development journey.

A milestone number like 8.9 does not represent a software version, but a snapshot of completed goals and ongoing work.

:handshake: Join the NS8 community

Your participation helps shape the direction of the project:

  • Join the forum discussions using the tag ns8
  • Share feedback, report bugs, and propose improvements
  • Contribute translations on Weblate

Thanks for being part of the journey — together we’re building the future of NethServer.

The NethServer Team

6 Likes

Very encouraging. I trust this will work with generic OIDC, and not be limited to just certain commercial providers?

1 Like