Stats must be explicitly disabled, leading to GDPR non-compliance by default.

[Kelduum]

By default, Symbiosis should (based on issues and previous merges) default to automatic web stat generation being disabled.

This is not the case however, as the non-existence of the config/stats file is taken as a 'true', leading to stats being generated.

This can be missed in testing as stats are only generated after log rotation, based on the *access.log.1 files, so if no logs were written/rotated, then no stats will be generated.

This is a problem due to GDPR defining IP addresses are considered personal data, meaning that sites running on Symbiosis are not GDPR compliant by default.

Mitigation:

• create htdocs/stats/.htaccess containing Require all denied for each site.
• create config/stats containing false for each site.

This affects all versions of Symbiosis with automatic web statistics.

[Kelduum]

Fixed in Sympl, a fork of Symbiosis.

[hairy-dog]

This issue is about upgrades from older versions of Symbiosis. As Sympl does not support upgrades from Symbiosis (why not?) it is NOT "Fixed" in Sympl, is it?

[Kelduum]

FYI, Sympl doesn't officially support in-place upgrades from Symbiosis as there are numerous other packages included in most Symbiosis installs which are unmaintained.

It's certainly possible to do this (purge Symbiosis, install Sympl), Symbiosis doesn't cleanly remove itself.

The current suggested method of Symbiosis 'upgrades' still apply however, which is 'install on a new machine and migrate sites over'.

Sympl is configuration compatible with Symbiosis, so this still applies.

[hairy-dog]

Who suggested that method of upgrading? It'd be a disaster. I've updated Symbiosis loads of times, always by simply updating. No way am I going to migrate over a hundred websites and hundreds of mail accounts!

[Kelduum]

That has been the official line from Bytemark Support for at least the period of Feb 2016 - June 2019, and likely still is.

Migrating everything is fairly simple though as you only need to sync the databases and then rsync the /srv directory over.

[ianeiloart]

There are a few other details that might be relevant to some users. They should be covered in the Symbiosis migration guide. https://docs.bytemark.co.uk/article/symbiosis-migration-guide/

Reasons for migrating like this:

1. You can test the site before committing. Some sites might not like the new version of PHP, for example. So, it's more forgiving.
2. You can migrate a site at a time, or all at once, as you wish, and fix them up, if necessary, as you go.
3. A dist-upgrade can cause downtime, not necessary with a migration.

Downsides: It might be trickier maintaining consistency for e-commerce sites or email. For either, you really do need a little downtime to ensure consistency. Basically, take the old site down, finalise db sync or rsync, then bring the new site up.

[ianeiloart]

Note also that Sympl is a FORK of Symbiosis, not an upgrade. Nevertheless, I'm sure this project would welcome merge requests, if a migration-free migration path (oh, did I say that? Perhaps I mean a migration-free transition) were required.

[hairy-dog]

I've yet to have a problem doing it my way: I do the upgrade on the staging server copy of the server, and then when everything is as it should be, I do exactly the same thing on the production server. Starting afresh and sync the databases and /srv directory would lose all the Symbiosis / Simpl config files and custom settings.