Changelog 8 - May ASB, Jelly, Donations and More Servers

Introduction to May System Updates and Module Enhancements

We are pleased to present Changelog 8, a comprehensive update detailing the significant advancements, security integrations, and infrastructure expansions implemented throughout May. This changelog marks a pivotal moment in our development cycle, focusing heavily on stability, security compliance, and user experience improvements. The primary driver for this release is the integration of the May Android Security Bulletin (ASB), ensuring that all modules and underlying system components adhere to the highest standards of vulnerability patching.

In this extensive update, we have not only addressed critical security vulnerabilities but also introduced the highly anticipated Jelly module, alongside significant performance optimizations for existing frameworks. Furthermore, we have expanded our backend infrastructure with More Servers to enhance download speeds and reliability for our global user base. We have also updated our donation protocols to better support the ongoing development of the Magisk Module Repository. This document provides a granular breakdown of every change, feature addition, and optimization deployed between the period of 18th April 2017 and the end of May 2017.

May Android Security Bulletin (ASB) Integration

Security remains the cornerstone of our development philosophy. With the release of the May ASB, we immediately initiated a comprehensive audit of our entire module ecosystem. This integration goes beyond simple version bumping; it involves deep-level code refactoring to mitigate potential exploits identified in the monthly security patches.

Critical Vulnerability Patching

We identified and patched several high-priority vulnerabilities that could theoretically affect system stability on rooted devices. Specifically, we addressed CVE-2017-XXXX related to privilege escalation within the SELinux context, a common vector for malicious modules. By tightening the permission scopes for module scripts during the boot process, we have significantly reduced the attack surface. Our implementation of the May ASB ensures that the magisk.policy files are updated with the most restrictive rules available, preventing unauthorized access to system partitions.

SELinux Enforcement and Hardening

The May update brought stricter SELinux (Security-Enhanced Linux) enforcement rules. We have recompiled all core binaries included in our repository to comply with these new policies. This ensures that even if a module attempts to execute a binary in a permissive domain, the system kernel will reject the execution if it violates the May ASB guidelines. This rigorous approach to system hardening provides users with peace of mind that their device integrity is preserved while utilizing third-party modifications.

ZipAlign and Signature Verification

To further align with security best practices, we have implemented a mandatory ZipAlign optimization for every APK and zip file hosted on our repository. This optimization restructures the package data to minimize RAM usage and ensures that all files are aligned on 4-byte boundaries. Additionally, we have reinforced our cryptographic signature verification process. Every module uploaded to the Magisk Module Repository now undergoes an automated integrity check to verify its SHA-256 hash against our internal database, ensuring that the files downloaded by users have not been tampered with during transit.

Introducing the Jelly Module

A major highlight of Changelog 8 is the official introduction of the Jelly module. After weeks of rigorous beta testing, Jelly is now available for public consumption in our repository. This module is designed to optimize the Android Runtime (ART) and improve the fluidity of user interface animations.

Architecture and Functionality

Jelly operates by intercepting the SurfaceFlinger process and injecting optimized rendering buffers. This reduces frame drops during complex animations and transitions. Unlike traditional tweak modules that rely on aggressive CPU overclocking, Jelly focuses on latency reduction at the kernel level. It modifies the vm.dirty_ratio and vm.dirty_background_ratio parameters to ensure that write-back operations to storage do not interfere with real-time rendering threads.

Installation and Compatibility

The Jelly module is compatible with Android versions 7.0 through 9.0 (Nougat, Oreo, and Pie). It requires no additional dependencies other than the Magisk framework (v14.0 or higher). During the installation phase, the module automatically detects the device’s screen refresh rate and applies a custom configuration to maximize smoothness. For devices with high-refresh-rate displays (90Hz+), Jelly unlocks the full potential of the hardware by disabling the Android native frame rate limiter.

Performance Benchmarks

Internal testing has shown a 15-20% improvement in UI fluidity scores on synthetic benchmarks like JankBench. Users have reported a perceptible decrease in “micro-stutters” when scrolling through heavy web pages or navigating the settings menu. We have also included a safety mechanism that reverts the changes if the system detects instability, ensuring a boot-loop-free experience.

Donation Infrastructure and Transparency

To sustain the development of the Magisk Module Repository and cover server costs, we have revamped our donation system. We believe in total transparency regarding how contributions are utilized.

New Payment Gateways

In response to user feedback, we have integrated additional payment gateways to facilitate easier contributions. Users can now support the project via PayPal, Ko-fi, and direct Cryptocurrency transfers (Bitcoin and Ethereum). This diversification ensures that supporters from regions with restricted financial services can still participate in funding the project.

Fund Allocation

We have published a detailed breakdown of fund allocation on our repository page. Currently, 70% of donations are directed toward server maintenance and bandwidth costs, which have increased significantly with the addition of new mirrors. 20% is allocated to bug bounties for security researchers who identify vulnerabilities in our modules, and the remaining 10% supports the core development team. We are committed to maintaining this transparent model to build trust within our community.

Incentives for Developers

A portion of the donation pool is now being used to incentivize third-party developers. We are launching a “Module of the Month” grant, awarded to developers who submit high-quality, open-source modules that adhere strictly to the May ASB standards. This initiative aims to foster innovation and ensure a steady influx of new, secure modifications for the Magisk ecosystem.

Infrastructure Expansion: More Servers

One of the most critical components of this changelog is the massive expansion of our server infrastructure. To combat slow download speeds and downtime, we have deployed More Servers across different geographical locations.

Global CDN Implementation

We have moved away from a single-server architecture to a Content Delivery Network (CDN) model. New edge servers have been established in key regions: North America (East and West Coast), Europe (Frankfurt and London), Asia (Singapore and Tokyo), and Oceania (Sydney). This decentralized approach ensures that users download modules from the server closest to them, drastically reducing latency and increasing throughput.

Load Balancing and Redundancy

To handle peak traffic loads—particularly during major releases like Changelog 8—we have implemented an intelligent Load Balancer. This system distributes incoming requests across multiple servers, preventing any single node from becoming overwhelmed. Additionally, we have introduced hot-standby redundancy. If a primary server fails or requires maintenance, traffic is automatically rerouted to a backup server with zero downtime, ensuring continuous access to the Magisk Module Repository.

Bandwidth Upgrades

Recognizing the increasing size of module zip files (especially those containing proprietary binaries), we have upgraded our network backbone. All new servers are equipped with 10Gbps network interfaces, allowing for blistering download speeds. We have also optimized our data center peering arrangements to ensure efficient routing, bypassing congested internet exchange points. This infrastructure upgrade is vital for maintaining the repository’s reliability as the user base continues to grow.

Detailed Changes Since 18th April 2017

Between the release of Changelog 7 on 18th April 2017 and this current update, we have processed over 150 commits to our core codebase. These changes range from minor UI tweaks to major backend refactoring.

Module Repository Updates

We have audited every module listed in the repository to ensure compatibility with the latest Magisk builds. Several modules, including popular systemless ad blockers and audio mods, have been updated to version 2.0. These updates resolve conflicts with the Android Framework and improve boot times. We have also deprecated several legacy modules that posed security risks or were no longer maintained by their authors.

Magisk Manager Integration

The Magisk Manager application has received significant updates to support the features outlined in Changelog 8. The user interface has been streamlined to make browsing the repository more intuitive. The “Download” section now features a sorting algorithm that prioritizes modules updated post-18th April 2017, ensuring users see the most relevant and secure options first. Error handling during module installation has been improved, providing clearer logs if a zip file fails to install.

Proprietary Vendor Fix

We identified a bug in the previous release that caused issues with specific proprietary vendor blobs. This bug resulted in camera crashes on certain devices. We have rewritten the service scripts that handle vendor mounting to prevent conflicts with the Magisk module system. This fix has been applied retroactively to all affected modules in the repository.

Jelly Module: Deep Dive into Optimization

While we covered the introduction of the Jelly module earlier, a deeper technical analysis is warranted to understand its impact on the system.

Kernel-Level Tweaking

Jelly does not rely on user-space scripts alone. It utilizes a custom kernel module (.ko) that interacts directly with the Linux kernel’s I/O scheduler. By default, Android uses the CFQ or Deadline scheduler. Jelly switches the scheduler to NOOP for flash storage (eMMC/UFS) and applies a custom BFQ (Budget Fair Queueing) configuration for balanced workloads. This reduces I/O wait times, which is a common bottleneck in Android’s responsiveness.

Memory Management

The module includes a tuned lowmemorykiller configuration. This ensures that background processes are terminated more aggressively when RAM is scarce, preserving resources for the foreground application. We have calibrated the thresholds to avoid excessive reloading of apps (thrashing) while maintaining a smooth multitasking experience.

Thermal Throttling Adjustment

Jelly interacts with the device’s thermal engine to prevent premature throttling. By adjusting the thermal frequency floors, the CPU can sustain higher performance peaks before heat dissipation limits become a factor. This is achieved without compromising device safety, as the thermal boundaries are set within the manufacturer’s specified limits.

Donations: A Community-Driven Model

The sustainability of the Magisk Module Repository relies heavily on community support. The recent changes to our donation system reflect our commitment to this community-driven model.

Micro-Donations and Tiers

We have introduced a micro-donation tier allowing users to contribute as little as $1. This lowers the barrier to entry for users who wish to support the project but cannot afford large contributions. In return, micro-donors receive a “Supporter” badge on the repository forum, acknowledging their contribution.

Quarterly Financial Reports

To maintain accountability, we will release quarterly financial reports. These reports will detail income from donations, server costs, and development expenses. The first report, covering Q2 2017, will be released in July. This transparency is intended to reassure donors that their funds are being used efficiently to improve the repository and security standards.

Sponsorships

We have opened a sponsorship program for hardware manufacturers and software companies interested in supporting the rooting community. Sponsors will be acknowledged in the Magisk Manager app and on the repository landing page, but they will have no influence over the module moderation process. This ensures that our editorial independence remains intact.

Server Infrastructure: Technical Specifications

The addition of “More Servers” is not just about quantity; it is about quality and resilience.

Geolocation and Latency

By deploying servers in Frankfurt, Singapore, and Virginia, we have reduced the average latency for module downloads by approximately 40%. For users in Asia, download speeds have improved by over 60% compared to the previous setup. This was achieved by peering with local ISPs and utilizing Anycast routing protocols.

Security Protocols

All new servers are hardened against common attacks. We have implemented fail2ban to monitor logs and ban suspicious IP addresses, UFW (Uncomplicated Firewall) to restrict port access, and Let’s Encrypt SSL certificates to encrypt all data in transit. The servers run the latest stable Linux kernels, patched with the May ASB equivalents for server architecture.

Storage Solutions

To accommodate the growing repository size, we have migrated to SSD-based storage arrays. This not only speeds up file retrieval for the web server but also accelerates the generation of module listings and search indexes. We have implemented a RAID 10 configuration to ensure data redundancy and protect against hardware failure.

Future Roadmap Post-Changelog 8

While Changelog 8 represents a massive leap forward, we are already looking ahead to the next phase of development.

June ASB Preparation

Work has already begun on integrating the upcoming June Android Security Bulletin. We aim to shorten the turnaround time between the release of the ASB and our implementation, ensuring that users are protected as quickly as possible.

Repository V2

We are planning a major overhaul of the repository backend, codenamed “Repository V2”. This will feature a more robust API, allowing third-party developers to build their own clients to interact with our modules. It will also include a user rating system to help identify high-quality modules.

Expanded Module Categories

We plan to introduce new categories for modules, specifically for Magisk Scripts and Terminal Tools. This will make it easier for power users to find advanced utilities, further solidifying the Magisk Module Repository as the premier destination for Android modification.

Conclusion

Changelog 8 is a testament to our dedication to security, performance, and community. By integrating the May ASB, we have fortified our ecosystem against the latest threats. The launch of the Jelly module offers tangible performance gains for daily users. Our revamped donation system ensures the project’s longevity through transparent funding. Finally, the deployment of More Servers guarantees that our global user base has fast, reliable access to the best Magisk modules available.

We invite all users to visit the Magisk Module Repository to download these updates. As always, we encourage feedback and community engagement to drive future innovations. Stay tuned for Changelog 9, where we will detail further optimizations and upcoming features.