3.8 (Trunk)

This is a changelog of the Work In Progress for major version 3.8, between the possibly introducted features one would be clustering but given the time I have and contributions I have that could not happen.

Changes, improvements at 3.7.28:


  1. Re-add legacy urn:xmpp:mam:tmp prefs, as not doing so breaks support with Jappix
  2. Add subnet range matching for whitelisting and blacklisting in mod_register
  3. Update logrotation scripts with delaycompress directive
  4. Fix endless loop caused by IQ errors to the muc room bare jid (withstanding bug, seems fixed now)
  5. Fix "Wrong Number Attack" dialback vulnerability (See issue #232)
  6. Fix incompatibility of net.dns with LuaSocket 3.0 API.
  7. Have mod_register_json double check a user account exists during any operation.
  8. Remove Base64 encoding of the JSON request payload for mod_register_json.
  9. Add plain text error responses for mod_register_json.
  10. Update MAM specification to v0.6.1 (urn:xmpp:mam:2), drop legacy versions support.
  11. Correctly advertise MAM support.
  12. Further improve MUC API functions and eventing.
  13. Refactor MAM library code.
  14. Improve Module API require method.
  15. MAM interface (experimental) for mod_muc_log.
  16. Remove host MUC room.
  17. Have MAM modules add the correct type to forwarded messages.
  18. Fix result element id it must match the UUID.
  19. Don't allow users who do not have access to the room to do MAM queries.
  20. Check that a user is actually a room occupant before pastebinning content.
  21. Add uuid to "user-registered" events by mod_register_json.
  22. Replace UUIDs with entropy generated secrets for mod_register_json tokens.
  23. Fix MIME types served by mod_register_json.
  24. Replace CleanLi.st API with NameAPI.
  25. Fix bug in muc configuration logic.
  26. Refactor privacy lists and implement XEP-0191.
  27. Fix secret generation by looping (at least a bit) /dev/urandom pipe until we get something.
  28. Address cases in which generation of secrets can't be accomplished.
  29. Removed uncatched reference to host MUC room that prevented proper shutdown/restart.
  30. Implement support in PEP of #publish-options.
  31. Add support for contact addresses (XEP-0157) in mod_disco.
  32. Condense SIFT:P and CSI support in one module, also implement CSI presence optimizations and support.
  33. Give a passage on stream features order, also remove useless <optional /> element.
  34. Add CSI flagging for administration modules (telnet and web).
  35. Detect TLS compression usage and disable mod_compression.
  36. Introduce a SPIM prevention mod_spim_block.
  37. Don't have SM bounce message stanzas with recipient-unavailable in case of active carbon resources.
  38. Better handle bare session flag cleaning for mod_carbons.
  39. Attempt fixing obscure case in which mucs are getting SPIM flagged.
  40. Implement muc room icons.
  41. Fully handle Dialback Errors, without attempting to assert support.
  42. Export passwords before hashing to allow external CAS synchronization.
  43. Clone all presences before storing in the CSI queue.
  44. Add missing type attribute on dialback errors.
  45. Add compat for M-Link enabling compression before authenticating the stream.
  46. Do carbon copy outgoing MUC PMs to joined resources.
  47. Drop streams after a fixed amount of dialback errors.
  48. Do attempt to dialback again if more stanzas are queued on unauthed open outgoing streams.
  49. Always set a RSM default max results directive.
  50. Fix count and MAM chunk indexing when an UUID is supplied with <before />.
  51. Correct overflow for MAM on <after /> queries.
  52. Fix incompatibility with more recent versions of LuaSec.
  53. Correct invalid XML sent on invalid anonymous authentication failure.
  54. Don't silently fail when storage is diabled for anonymous hosts.