ejabberd 18.06

Noticeable changes

Stop ejabberd initialization on invalid/unknown options

Since some time now, we are warning ejabberd admins in log file about incorrect configuration options. We feel that we are ready to make these hints strong requirements about config file validity.

Starting with ejabberd 18.06, ejabberd will not ignore unknown options and doesn’t allow to have options with malformed values. The rationale for this is to avoid unexpected behaviour during runtime, i.e. to conform to “fail early” approach. We thus hope to be helpful to newcomers by making sure they properly format their config files to get the expected behaviour.

Note that it’s safe to reload a configuration with potentially invalid and/or unknown options:
this will not halt ejabberd, but will only prevent the configuration from loading.

NOTE FOR PACKAGE BUILDERS
This new behaviour should be documented in the upgrade notes.

Improve robustness of external authentication backends

Now all external ports are attached to supervising processes and requests are balanced in round-robin manner until the pool is exhausted.

The commit also deprecates extauth_instances option and introduces extauth_pool_size option instead, with the default value of a number of logical processors (i.e. CPU cores).

Add new options for OOM watchdog

• oom_watermark: 1..100
  Start OOM watchdog only when system memory usage exceeds this value in percents. When the usage drops below the value, OOM watchdog is stopped. The default is 80 (percents). Note that once OOM watchdog is started, it performs full garbage collection periodically: this can be seen as spikes in CPU utilization and drops in RAM usage. If your system is permanently above the watermark, it may cause significant CPU overhead.
• oom_queue: positive integer
  Only trigger OOM killer when total amount of messages in all queues of all Erlang processes is above this value. The default is 10000. Note that this value only takes effect when oom_killer is set to true (this is the default). Otherwise, only a warning will be logged.

Add support for REST API custom headers

ext_api_headers can be defined as a single string. Headers are separated by comma. Definition MUST NOT contain spaces. Example “X-MyHead:test,X-Token:082748”

Optimize HTTP requests memory usage

Due to historical reasons, ejabberd loads the whole file/data into the memory when serving an HTTP request. This is now improved:

1. For GET requests ejabberd uses sendfile(2) if the underlying connection is HTTP and falls back to read/write loop with 64kb buffer for HTTPS connections. This type of requests are handled by mod_http_fileserver, mod_http_upload, ejabberd_captcha, etc
2. POST requests are now limited to 20Mb and are fully downloaded into the memory for further processing (by ejabberd_web_admin, mod_bosh, etc)
3. PUT requests (e.g. for mod_http_upload) are handled by read/write loop with 64kb buffer

Support SASL PLAIN by xmpp_stream_out

Also, SASL mechanisms chaining is now supported: if several mechanisms are supported and authentication fails, next mechanism in the list is picked, until the list is exhausted. In the case of a failure, the latest SASL failure reason is returned within handle_auth_failure/3 callback.

Drop support of mod_irc

If you need IRC support, we suggest to use biboumi. We will not maintain mod_irc anymore and moved it to ejabberd-contrib repository.

SQL schema change

As mod_irc has been obsoleted, we removed the related SQL table from the schema: irc_custom

Changes

Admin

• Stop ejabberd initialization on invalid/unknown options
• Add new options for OOM watchdog: oom_watermark and oom_queue
• Add ability to modify version string
• Add option ext_api_headers to define REST API custom headers
• Fix Erlang limits in ejabberdctl.cfg.example to reflect current situation
• Make trusted_proxied ejabberd_http option accept ip masks
• Teach acl ip matching about ipv4 mapped ipv6 addresses
• Removed watchdog_admins option from config, as has no effect anymore
• Improve logging of external authentication failures
• ejabberd_auth: Don’t use cache if the option is disabled
• Make connected_users_info and user_sessions_info DB-agnostic

Core

• Support SASL PLAIN by xmpp_stream_out
• Add Resource Binding support to xmpp_stream_out
• Improve robustness of external authentication backends
• Don’t use ‘unsupported-version’ inside SM element
• Generate SASL failures on unencrypted connections only for s2s
• Fix reset_stream in websocket using pre-rfc protocol
• Don’t crash in bosh when we receive request with RID < prev_rid
• Get rid of all calls to jlib.erl module
• Support IPv6 connections for PostgreSQL, MySQL and LDAP
• Fix authentication for usernames containing uppercase characters
• Optimize HTTP requests memory usage
• PKIX: Just warn instead of ignore a certificate containing no domain names
• PKIX: Don't replace valid certificates with invalid ones

Modules

• Log modules startup
• mod_disco: Advertise disco#info and disco#items features
• mod_irc: is moved away from ejabberd repo to ejabberd-contrib
• mod_mam: Don't replace existing stanza ID
• HTTP upload: Generate HTTP Upload form using xdata codec
• HTTP upload: Improve error formatting
• HTTP upload: Return detailed error if HTTP upload is too large

MUC

• Always display room's xdata in disco#info
• Display muc#roomconfig_changesubject in room's disco#info
• Render roomname, allowinvites and allowpm in room disco#info
• Support for roomconfig_lang/roominfo_lang
• mod_muc_sql: Fix export to SQL

Push

• Omit summary for outgoing messages
• Further improve handling of carbons
• Also include sender/body for carbons
• Include a static body text by default
• keepalive: Increase default timeout to 3 days
• SQL: Check 'max_user_sessions' limit

Feedback

As usual, the release is tagged in the Git source code repository on Github.

The source package and binary installers are available at ejabberd XMPP & MQTT server download page.

If you suspect that you’ve found a bug, please search or fill a bug report on Github.