3.9

This is the changelog of version 3.9, newly introduced features are Avatar to vCard Conversions (XEP-0398), HTTP Upload (XEP-0363), Dialback Shortcircuiting (XEP-0344), Push Notifications (XEP-0357), Support for Direct TLS S2S connections (XEP-0368), completely rehauled improved Registration API, GDPR handling module, MUC Avatars/Favicons. Improvements are: Dialback errors handling (to usefulness), MUC on-creation locking mechanism, User Locking mechanism, Fix of various outstanding session leaks, Fix of HTTP Parser inefficency, Fix whitelist access model in util.pubsub, Support of disco#items for PEP nodes, Improvement of Adhoc Commands restriction logics, Lua5.2 initial support, etc.

Changes, improvements:

  1. Better handle all LuaSocket versions url parsing api outputs.
  2. Remove and cleanup MAM API from unused arguments and return values.
  3. Respect Processing Hints for Offline messages, remove legacy xep-0091 support.
  4. Support SIFT'ing for stanzas:message and sender:remote fine graining, add supporting logic in mod_message.
  5. Cleanup after mod_stanza_optimizations unload, and remove all sessions' layovers.
  6. Advertise Metronome's mam-purge protocol on account disco.
  7. Fix traceback into MAM.
  8. Deprecate mod_host_guard in favor of mod_gate_guard.
  9. Send forbidden on the right stream during dialback after receiving invalid.
  10. Cleanup and rework TLS requirement code.
  11. Bounce blacklisted entities db:request with "not-allowed" instead of "not-authorized".
  12. Fix global indexing and traceback in mod_pastebin.
  13. Update and homologate minimal password requirements for all servlets in mod_register_json.
  14. Update MUC API, modify and homologate events.
  15. Broadcast room presence with room avatar hash (Experimental).
  16. Fix gate guard hits and auto-banning, expiring comparison was inverted.
  17. Commit a first draft of GDPR compliance module.
  18. Include status 201 on owner self presence during muc room creation.
  19. Implement room locks after creation, and add proper logics to config handlers for instant rooms requesting.
  20. Add PEP events for node creation, deletion, publish, retract and purge.
  21. Implement XEP-0398, User Avatar to vCard Avatar conversion.
  22. Fix loading of inheritable components in mod_admin_telnet. (3.8.8 minor release)
  23. Backport mod_http_upload from Prosody Modules, which implements XEP-0363.
  24. Add header fix exporting in net.http.server.
  25. Make mod_http_upload loadable only on a component, fix disco#info replies and remove dependency on mod_disco.
  26. Improve module spring cleaning, a.k.a. layovers removals and expiration of uploaded content.
  27. Modify module:http_url() to accept http host ovveride.
  28. Make sure we always set a MIME to HTTP responses.
  29. Export response object to mod_http_errors.
  30. Make sure we interrupt HTTP callbacks when we need to.
  31. Fix favicon issues with MS Edge.
  32. Implement filtering logics to shortcircuit blocks on banned entities.
  33. Implement XEP-0344 shortcircuiting in Dialback.
  34. Remove cumbersome (and useless) Multiplexed logics.
  35. Add LMC correction logic to the caches in MUC's MAM.
  36. Have HTTP Uploads module properly clean empty directories.
  37. Add host exceptions to mod_spim_block.
  38. Add logic to allow customization of ban time by plugins (mod_gate_guard).
  39. Improve SPIM blocking, add disabling/enabling via adhoc and s2s ban override.
  40. Add some basic ordering to adhoc commands.
  41. Add compatibility for LuaSec versions above 0.5.
  42. Implement an util library to send mails from Metronome.
  43. Implement locking mechanisms for accounts.
  44. Refactor mod_register_json to mod_register_api.
  45. Implement locking mechanisms and verification in mod_register.
  46. Add minimal ToS description field in the IBR form.
  47. Fix and refactor port multiplexing.
  48. Have module:http_url() generate an url even if there's no portmanager service.
  49. Add retrieval of ssl configuration table from certmanager.
  50. Implement direct TLS for server to server streams.
  51. Mix all SRV records.
  52. Remove ssl_config override in the Multiplex SSL listener.
  53. Add Direct TLS listeners for c2s/s2s.
  54. Implement a basic version of PUSH Notifications (XEP-0357).
  55. Fix default_headers table piercing in mod_bosh.
  56. Fix pinging to sort out issues with APN and improve defaults.
  57. Properly (re-)fix component load logic in mod_admin_telnet's module:load().
  58. Add a way to toggle last-message-sender in notifications via adhoc.
  59. Drop weak table from HTTP Upload cache.
  60. Attempt to address HTTP Upload memory usage issues, also implement adhoc file purge.
  61. Uniform admin adhoc commands to register/change-pass eventing.
  62. Add a limit to HTTP Parser's buffer, also improve request data buffering logics.
  63. First passage at supporting Lua5.2
  64. Have mod_spim_block deal with presence subscriptions.
  65. Cleanup MAM archive from cache on user deletion.
  66. Fix Content-Length possible duplication issues.
  67. Fix access model whitelist for #get_items in util.pubsub.
  68. Fix bad routing loop caused by mod_privacy.
  69. Don't bounce errors when handling unacked stanzas on session timeout.
  70. SM should only bounce IQ, Message and Presence payloads.
  71. Respect client SM maximum resumption time if it does not exceed timeout value.
  72. Fix s2s session leak.
  73. Always lower case mail addresses.
  74. Send correct error types in DB errors.
  75. Further correct DB flow between step 3 and 4.
  76. Add type="list-multi" to contact address values.
  77. Allow removal of MUC favicons.
  78. Save user push store immediatly after node removal because of errors.
  79. Make mod_http_upload compatible with web apps like Movim.
  80. Fix some adhoc commands permissions.
  81. Add signature revoking for GDPR s2s agreement.
  82. Double MAM default store cap value, a further refine defaults.
  83. Add support of "node" querying in disco#items on PEP.
  84. Implement verify only logic for dialback verification streams.
  85. Add caching for Privacy/Simple Blocking Command lists.
  86. Last minute fixes, see #374.
  87. Return human readable error when a required value is missing, from IBR dataform.
  88. Check that registration mail addresses are actually valid.
  89. Add language field to muc room extended infos.
  90. Fire an event to allow modules to modify extended room informations.
  91. MAM RSM validation for before and after works incoherently.
  92. Remove save/restore methods from MAM.
  93. Add challenge to the SPIM blocking form.
  94. Add adhoc command to send GDPR agreement.
  95. Always return the disco#info feature on a service discovery response.
  96. Add stream user preferred language to stanzas.
  97. Fix stale references in muc modules when mod_muc is reloaded.
  98. Change logics regarding SASL External offering, and certificate verification.
  99. Backport mod_auth_external from Prosody Modules, see #386.
  100. Properly verify the whole chain when shortcircuiting dialback.
  101. Delete users when Register API fails to add a hash.
  102. MAM is not appending a stanza-id when message is sent to own bare jid.
  103. Preserve origin-id and also do some general behaviour passage in MAM.
  104. Fix exception in mod_push adhoc command.
  105. Add deduplication to CSI queue.
  106. Handle unacked stanzas in s2s.
  107. Fix MUC Superuser toggle not working on passworded rooms after a module reload.
  108. Use timers for inactivity cleanup.
  109. Don't fire handling of s2s unacked stanzas on a graceful stream close.