Pantheon release notes: Performance

We're thrilled to announce an impactful upgrade to Pantheon's security infrastructure, reinforcing our commitment to safeguarding your websites. In response to the escalating sophistication of distributed denial-of-service (DDoS) attacks, we've implemented innovative solutions to fortify our defenses. Particularly, we've addressed a surge in Layer 7 attacks targeting content management systems, ensuring resilience even without our Advanced Global CDN's Web Application Firewall (WAF).

Key benefits:

• Advanced DDoS protection: Our engineers have proactively countered Layer 7 attacks, mitigating risks posed by inauthentic traffic targeting web content management systems.
• Rate limiting capabilities: We've introduced rate limiting capabilities within our Global CDN, curbing abusive traffic effectively. This ensures a stable online presence, even during large-scale attacks, preventing wider stability issues.

For more in-depth insights into the measures we've taken and the value they bring to your Pantheon experience, delve into the full blog post. Your website's security and stability are our top priorities, and this enhancement is another step in our ongoing commitment to delivering a robust WebOps platform.

Introducing proactive alerts tailored for directories with substantial file counts, which could impact performance or accessibility. Stay informed with timely notifications delivered directly to your dashboard and via email when file counts reach 50,000 and 100,000. This feature empowers you to efficiently manage your file system and address potential issues promptly.

The WordPress Native PHP Sessions plugin added primary keys to its custom tables in 1.2.2 for greater performance and redundancy, but did not upgrade existing sites. Now, version 1.4 includes an optional upgrade command for sites that installed the plugin prior to the 1.2.2 release.

Our open source WordPress Native PHP Sessions is available in the WordPress.org plugins repo.

Pantheon introduced a new build pipeline for Front End Sites to significantly improve build times. Beginning on November 13th, 2023, newly created sites are automatically using the new pipeline and cannot opt back to the old pipeline. Sites made prior to that date can opt-in to the new pipeline to take advantage of the new features. All pre-existing sites that do not opt-in will be switched over for new builds on or around January 15th.

Additionally, we are adding support for Node 18 (for dynamic sites) and 20 (for both static and dynamic sites). To select a specific version, Pantheon is moving away from using .nvmrc and will instead look to the “engines” field in your project’s package.json file.

To find out more about adopting the new pipeline, check out our documentation, and read our blog post about how we’re already experiencing the benefits of this internally at Pantheon.

The File System team at Pantheon achieved significant speed improvements in backup processes. The Valhalla export process was overhauled, allowing backups to be constructed from new objects, cutting down export times by 25-83%. This was accomplished by initiating object retrieval immediately after receiving MANIFEST metadata, omitting empty files, and promptly archiving received files.

Global CDN now has improved compatibility with the WPML multilingual WordPress plugin. Page variations for each language can be cached at the edge. This update was rolled out automatically for all sites that use the WPML plugin and increased site cache hit ratio by 24% on average.

Sometimes you just need more memory to serve your site reliably. To learn more about why we doubled the memory for most site plans, check out this blog by Rachel Whitton, Lead Technical Writer here at Pantheon.

To take advantage of the increased memory limit, contact our customer support team. Or drop by our regular Zoom-based office hours.

We released an update for the Solr Search for WordPress plugin which disables auto-commit by default and allows cron to push solr commits regularly instead.

This drastically improves the performance of large sites and avoids 503 errors related to hard committing on every update. This update is recommended for all WordPress sites currently running the plugin.

You can still enable auto-commit by explicitly setting SOLRPOWER_DISABLE_AUTOCOMMIT to false.

We released an update for the Pantheon Advanced Page Cache WordPress plugin which adds a filter to allow disabling surrogate keys for posts' taxonomy terms. This can be especially helpful for posts with large numbers of taxonomies (such as WooCommerce products with a large number of global attributes).

For more information, see Pantheon documentation.

WordPress sites can now leverage an upgraded object caching solution on Pantheon! Object Cache Pro is a highly optimized premium WordPress plugin that integrates with Redis for business class performance. Find out more about our perspective Object Caching from Steve Persch, Director of Developer Experience.

See Pantheon’s documentation for instructions on how to enable Object Cache Pro. Or join the #WordPress Slack Channel to connect with other customers using Object Cache Pro.

Services like Redis greatly accelerate web performance by offloading heavy database and fileservice interactions to a fast in-memory cache. Pantheon Object Cache Update allows customers the ability to adopt Redis server 6.x. This capability is made possible by adopting Pantheon’s modernized infrastructure and cloud operations frameworks. To learn more about Object Cache, refer to our documentation.

The Workspace Index Service (WIS) is officially in Early Access. WIS aggregates sites from different site providers. This allows for better performance on site listings in the New Dashboard.

All Pantheon customers are now provisioned with a dedicated certificate for HTTPS for each custom domain on a site environment. In addition, the go-live experience has been optimized and now lets you configure HTTPS before launch via the DNS TXT method to verify domain ownership.

Global CDN now blocks requests identified as being performed by AspiegelBot (aka PetalBot) when a query string is present. This platform-wide change is intended to guard against resource exhaustion and related site downtime. Going forward these requests will result in a 403 and will not count as site traffic for Pages Served and Visits. For more information see Traffic Limits and Overages.

Capacity Expansion: Auckland, New Zealand (AKL).

The New Relic agent has been upgraded from version 9.2.0.247 to version 9.7.0.258 platform-wide. This upgrade fixes a potential segfault with PHP 7.3. For more information, see the New Relic Agent release notes.

New Points of Presence:

• Ashburn, VA (WDC)
• Chicago (PWK)

Expanded Capacity:

• Vancouver (YVR)
• Sydney, Australia (SYD)
• NY (LGA)
• Los Angeles (BUR)
• Dallas (DFW)
• Atlanta (FTY)
• Boston (BOS)
• Helsinki (HEL)
• Osaka (ITM)
• Amsterdam (AMS)

Advanced Global CDN extends Global CDN for customers that need unique customizations including personalization, domain masking, and extended enterprise-grade security features including a WAF, IP and geolocation blocking and blocklisting. Advanced Global CDN is available as an add-on product to all customers now.

Swiftbot can now crawl non-production environments and platform domains like test-example.pantheonsite.io to support pre-release site search testing. For details see, Bots and Indexing on Pantheon.

The New Relic agent has been upgraded Platform-wide. For more info see New Relic PHP Agent 8.7.0.242 release notes.

An issue was fixed that improved the consistency of hourly cron runs.

Now when you create a new site on Pantheon, you can select from one of four regions across the globe, including Australia, Canada, and the European Union. For more info see Pantheon Site Regions and Data Residency.

Following April’s announcement of our new European Union region, we’ve added Australia and Canada regions. For more info see regions

In January 2018, Pantheon announced migration of the Pantheon CMS Container Matrix to Google Cloud. Now, all site file storage, backup processing, and backup storage has moved from Amazon Web Services to Google Cloud. This change provides higher backup performance, higher reliability, and increased innovation ahead for all of Pantheon's customers.

New Relic Agent has been upgraded platform-wide to 8.6.0.238. For details see New Relic release notes.

Whether you need your WordPress or Drupal site to meet data residency requirements or have a performance use case not solved by caching requests through Pantheon’s Global CDN, contract customers can now create sites in the European Union. Also see the blog announcement.

Pantheon’s new Disaster Recovery offering now supports Redis application cache. A standby Redis cache is provisioned in the site’s backup zone and ready for failover in the event of a data center outage. Also see documentation on Redis and Disaster Recovery best practices.

Early Access to run sites in Pantheon’s new European Region is now available for contract customers. See regions for details and contact us for more info.

New Relic has been upgraded platform-wide to version 8.5.0.235. For details see New Relic's APM PHP Agent 8.50.236 release notes. Also, see Pantheon's New Relic documentation for general info on using New Relic to monitor your site and identify opportunities to improve application performance.

Pantheon is happy to announce our new Disaster Recovery Service, designed for mission-critical websites that need to ensure business continuity during the unlikely event of a zone failure. See the Disaster Recovery doc below for more information.

While we still recommend using a third-party email solution, for those who choose to use Pantheon's built-in message transfer agent (MTA), you may now set up an SPF record for your domain and include Pantheon's mail relays for improved delivery. For details, see: Email on Pantheon.

An improvement to our queuing system has resulted in a 60% reduction in average HTTPS provisioning times!

Use the filemount configuration to modify the default location of Pantheon's cloud-based filesystem. For details, see Pantheon YAML Configuration Files.

Site Auditor (aka RavenCrawler) can now access platform domains to support pre-release SEO testing. Please contact support if you would like to see other tools given this access.

OCSP stapling is an improved method for quickly and safely checking the validity of certificates for HTTPS. You can use SSL Labs (e.g. https://www.ssllabs.com/ssltest/analyze.html?d=pantheon.io) and search for "stapling" to see it's enabled. OCSP responses are typically good for about 7 days, so a response will only get updated as its validity lifetime expiration time approaches.

The Surrogate-Key-Raw header, used for debugging when using Pantheon Advanced Page Cache, is no longer sent by default. To receive this header when making a request, send the Pantheon-Debug: 1 header, like so:

curl -IsH "Pantheon-Debug:1" https://example.com | grep key

This change addressed an issue that caused Twitter card validation to fail, and also reduces overall page size and speeds up page load time when sending many keys.

Pantheon has switched infrastructure providers from Rackspace to Google Cloud Platform. This switch requires no downtime, as we actually did it six months ago! Read the announcement here.

New Relic on Pantheon has been upgraded to version 7.7.0.203 5.0.199, which supports PHP 7.2.

• Added the HTML Tidy PHP extension.
• Fixed an issue where the Redis cache was not cleared during clone operations.
• Fixed an issue where repeated UTM_* parameters caused an infinite redirect loop.

Over 200,000 sites are already on Pantheon's Global CDN, but if you still have sites pointing to the legacy, deprecated infrastructure, you can now see which sites need an upgrade from your User or Organization Dashboard. Find the required DNS information from the Domains / HTTPS tab on each site environment. Complete the upgrade as soon as possible, and let us know if you have any questions.

Global CDN now respects the no-store directive in the cache-control header.

New Relic on Pantheon has been updated to version 7.5.0.199. You can read the release notes for this version in New Relic’s docs. This update also includes Drupal-specific fixes from previous versions, detailed in the release notes.

We improved cache clearing behavior for a large number of surrogate keys or cache tags. The fix was made internally by Pantheon and no action is required if you are already running WordPress or Drupal versions of Pantheon Advanced Page Cache. See the Pantheon Advanced Page Cache for WordPress and Drupal pages for more information.

Although our analysis indicated our customers were not likely subject to this vulnerability, we applied the recommended remediation for CVE-2017-7529.

New Relic's APM Availability Monitoring has known incompatibilities with SNI, which our HTTPS uses. Instead, we recommend configuring the free availability monitoring service within New Relic’s Synthetics Lite tool. For details, refer to New Relic APM Pro.

In some cases, ssh operations to the platform would hang on connection if a user has ed25519 ssh keys in their agent keychain. This bug has been fixed. Note that we still don’t support ed25519 keys.

Upgraded from 6.3.0.161 to 6.8.0.177. Includes a fix for an issue with Drupal 6 sites that could cause POST requests made using drupal_http_request to be converted into GET requests. Learn more.

Previously, the Pro level of service was only available as a two-week trial. Now, Pro won’t end after just two weeks. New Relic APM Pro gives code and query level visibility into application performance, allowing you to quickly pinpoint performance bottlenecks. Learn more.

• Quicksilver opens up our platform and allows deeper integration and automation by adding hooks for encoding reactions to specific platform workflows. Common uses so far include:
• Automatically sanitizing databases after cloning content from Live
• Marking deployments in New Relic to track improvements or regressions
• Posting notifications to Slack of platform actions
  Learn more about Quicksilver or check out the examples on the GitHub repo.

We upgraded upgraded Varnish 3 to Varnish 4. This allows us to keep up with operating system and security upgrades. This upgrade includes overall stabilization improvements and we expect 100% backward compatibility.

If there’s an outage or hardware issue with the Pantheon File System, “Saint Mode” now kicks in to serve your images, CSS, and JavaScript files.

The arg separator is used in PHP generated URLs to separate arguments. For PHP 5.5, we changed the default PHP arg separator from & to &. To use the old arg separator, modify settings.php or wp-config.php.

Kalabox 2 now supports quickly pulling and pushing apps between Pantheon and your local Kalabox. Read how at GitHub.

We've been optimizing Dashboard load times, specifically for the Site Dashboard. Things are looking much better. Have you noticed a difference? We'd love to hear your feedback. What is the WORST thing about using Pantheon?