VPL Jail System 4.0.3 Release Notes

The 4.0.3 version includes critical security fixes. Updates should be made immediately following the instructions below.

This document outlines fixes and improvements introduced in the VPL Jail System since version 3.0.1. The highlights of these changes include critical security fixes and the introduction of Docker support, among other significant improvements.

Server Bug Fixes

• Critical security flaw:
  • A critical security flaw has been discovered in the VPL Jail System (@vincentscode Vincent Schmandt) affecting all versions prior to 4.0.3.
  • This critical bug requires updating your VPL Jail System to the latest version immediately. The update requires using a machine with a freshly installed operating system. Remember to save your configuration file and certificates before completing the update.
  • If you are currently using the security parameters URLPATH and/or TASK_ONLY_FROM in your VPL Jail Servers's configuration, you are better protected against an attack. If you are not using these parameters, you may implement them as an immediate protection measure before updating. See VPL Jail System security parameters.
  • Download VPL Jail System 4.0.3
• Fixed JSON encoding of control codes < 32.
• Standardized JSONRPC to use three parameters while maintaining backward compatibility for two parameters.
• Fixed a bug in checking repeated parameters.
• Fixed a bug in control of log levels.
• Fixed an important bug that prevented waiting for the retrieval action before cleaning task information.

Docker Support

• Auto-detection of containerized environments.
• Capability to run the jail server inside a container, both in privileged and non-privileged modes.
• Includes three Dockerfiles for various configurations:
  • Dockerfile.no_https: HTTP without HTTPS support.
  • Dockerfile: HTTP and HTTPS support.
  • Dockerfile.letsencrypt: HTTP and HTTPS with Let's Encrypt certificates.
• Three Compose files (compose.no_https.yaml, compose.yaml, compose.letsencrypt.yaml) corresponding to the Dockerfiles.
• Non-privileged mode set as default.

VPL Jail System Images Available on Docker Hub

You can access built images of the VPL Jail System running on different operating systems. The official account that distributes these images is jcrodriguezvpl. There is a repository for each operating system. These images have been built with the VPL Jail System installed along with a full suite of development software. For example, one of the repositories is jail-fedora-full.

Server Enhancements

• Added the ability to start the server in foreground mode, suitable for containerized environments.
• Introduced support for challenge mode for Let's Encrypt certificate management. Available using the new CERTBOT_WEBROOT_PATH configuration parameter to support certbot.
• Allow running waiting for certificates.
• Environment Variable Support: Configuration parameters from environment variables now take precedence over the config file. Environment variables should be prefixed with VPL_JAIL_, followed by the config parameter name.
  • Example: export VPL_JAIL_PORT=8000 to set the PORT parameter.
• Added an experimental script to automatically update the software by fetching the latest version from GitHub and applying updates if needed.

Installer Updates

• Introduced new command-line options for the installer:

  • help: Display help information.

  • update: Update the VPL Jail System server software.

  • start: Start the VPL Jail System service post-installation.

  • noninteractive: Enable installation without user interaction.

  • [inst_level]: Set installation level (minimum, basic, standard, full).

  • list: Show packages to be installed per [inst_level].

  • Examples of installer launch:

    • ./install-vpl.sh update: Update server software.
    • ./install-vpl.sh standard noninteractive start: Non-interactive installation of standard packages and start the server.
    • ./install-vpl.sh full: Interactive installation of all development packages.
• Added Rust programming language support.
• Added .NET packages, enabling support for C#, F#, and Visual Basic .NET. C# on Mono remains available if .NET is not installed.
• Expanded package manager support to APT, DNF, and APK, increasing compatibility with various Linux distributions. YUM support has been discontinued.
• Package Customization: Extracted the list of packages to install to separate files, allowing for better customization. These files are located in the package_files directory.

Running Tasks Enhancement

• VNC Launching Enhancements:

  • Fixes and improvements in the VNC launch process.
  • Confirmed functionality on Fedora, Ubuntu, Debian, and Alpine distributions.

• Terminal and Task Execution Changes:

  • Modified running tasks terminal behavior to use only newline as the end-of-line character.
  • Removed local echo in evaluations.

Other Improvements and Fixes

• Improved testing by performing syntax checks for bash scripts.
• Fixed a typo in the name of CERTBOT.
• Enhanced the installer to support command line options in any order.

Compatibility and Requirements

• Operating System: VPL Jail System requires a Linux operating system.
• Service Manager: The host system may use either systemd or System V as a service manager, or Docker.
• Package Manager: The installer requires APK, APT, or DNF package managers to install common development software.
• Compilation Requirements: The system is distributed in source format and requires a C++ compiler (supporting C++11) and the OpenSSL library for compilation.
• Tested Environments: The current version has been tested on various Linux distributions, including Alpine, Ubuntu, Debian, and Fedora.