ejabberd 16.01
This ‘happy new year’ release of ejabberd is the culmination of one year of major improvements. This is yet another milestone for ejabberd, being the starting point of a new phase of cleanup and optimisations for your favourite server.
This release contains security fix for possible server spoofing with brute force attack on the random number generation. Even if the issue is difficult to exploit, it is recommended to upgrade your server if you’re using server-to-server (s2s) connections.
It also includes:
– better groupchat archiving support with MAM
– improved PubSub performances and control
– more shaper capabilities for listeners
– performance optimisation and lower memory consumption of the core XML processing modules
– faster core routines
All our binary installers now provide each ejabberd dependency in its own directory, following installation scheme of standard ‘make install’ process.
Finally, as usual, we fixed bugs and improved many features across the whole server.
As you see with the following changelog, we had a very busy holiday season :)
Here is the full list of changes:
Changes
Security
- Improve Dialback Key Generation and Validation support (XEP-0185)
- More generally, improve random number generator to avoid timing / guessing attacks on any random value.
Database
- Use BLOB instead of TEXT on mysql in stanza storage
- Use UTF8MB4 character set in MySQL tables
- Make Riak working on Erlang R18
MAM
- Use stanza-id tags for deduplication
- Advertise MAM in disco info for account/room JID
- Improve MUC support
- Don’t store resent messages
- Do not forget to include xmlns in mam prefs response (#859)
- Honor Message Processing Hints (XEP-0334)
MUC
- Add support for muc#roomconfig_presencebroadcast option
- Only filter rooms in Service Disco when more than 100 (EJAB-343)
- List in Service Disco non-empty rooms and provide Node for empty (EJAB-343)
- When user joins logged room, he must be warned (EJAB-726)
Pubsub
- Fix pubsub virtual nodetree plugin
- Use correct notification_type for last items (#827)
- PubSub plugin for online users only
- Disable use of multi-subscribe and subscription-option on standard plugins
- Limit number of subscriptions per node and allow custom default node configuration
- Don’t force max_items_node to MAXITEMS if not defined
- Don’t read pubsub options when plugin does not use them
Elixir
- Upgrade Elixir to v1.1.0
Admin
- Add plugin for passing extra erl_opts flags to deps, and use it for hipe
- Add –enable-latest-deps to configure
- Remove “–enable-nif” flag
- New send_stanza command
- ejabberdctl: new –no-timout flag
- ejabberdctl: Don’t let “reopen_log” rotate files (EJAB-1243)
- ejabberdctl: Improve escaping of arguments passed to ejabberdctl
- OpenSSL minimum required version: raised from 0.9.8 to 1.0.0
Config
- New option accept_interval in ejabberd_listener
- Webadmin console visual refresh (EJAB-1142)
- If mod_register access_from is ‘none’, then don’t advertise IBR (#857)
- Fix handling of some options in old style configs
- Fix parsing option trusted_proxies
- Fix ipv6 configuration processing (#803)
- ejabberd_service: simplify configuration: no need for ‘hosts’, just provide ‘password’
Cleanup and optimisations
- Faster string_to_jid/1 implementation
- Move JID related functions from jlib.erl to jid.erl (#847)
- Remove usage of erlang’s now()
- Update dependency name from p1_cache_tab to cache_tab
- Use crypto:rand_uniform instead of random:uniform
- Fix randoms.erl on R17 that don’t have random:seed(integer())
- Faster and more memory efficient XML parsing.
- Faster stringprep library.
Other changes
- ejabberd_http: Cope with large POST/PUT requests
- ejabberd_http: Log debug message on receive errors
- mod_offline: Discard chat states notifications
- mod_offline: Honor store hint
- mod_http_upload: various fixes
- XEP-0198: Fix stanza counting corner case issue
- Adding WEBIRC, custom realname & ident, ISO-8859-15 (thanks to iwalkalone69)(#877)
- Update hebrew translation
Feedback
As usual, the release is tagged in the Git source code repository on Github.
The source package and binary installers are available at ProcessOne.
If you suspect that you’ve found a bug, please search or fill a bug report on Github.