ejabberd 25.04
Just a few weeks after previous release, ejabberd 25.04 is published with an important security fix, several bug fixes and a new API command.
Just a few weeks after previous release, ejabberd 25.04 is published with an important security fix, several bug fixes and a new API command.
Release Highlights:
If you are upgrading from a previous version, there are no changes in SQL schemas, configuration, API commands or hooks.
Other contents:
- Acknowledgments
- Improvements in ejabberd Business Edition
- ChangeLog
- ejabberd 25.04 download & feedback
Below is a detailed breakdown of the improvements and enhancements:
mod_muc_occupantid: Fix handling multiple occupant-id
Fixed issue with handling of user provided occupant-id in messages and presences sent to muc room. Server was replacing just first instance of occupant-id with its own version, leaving other ones untouched. That would mean that depending on order in which clients send occupant-id, they could see value provided by sender, and that could be used to spoof as different sender.
New kick_users API command
There is a new API command kick_users that disconnects all the client sessions in a given virtual host.
Acknowledgments
We would like to thank the contributions to the source code, documentation, and translation provided for this release by:
- Travis Burtrum for reporting problem in occupant-id
- Marcos de Vera Piquero for the new
kick_usersAPI command - Besnik Bleta, updated the Albanian translation
- Sketch6580, updated the Chinese translation
- Nautilusx, updated the German translation
- Silvério Santos, updated the Portuguese translation
- Wellington Uemura, updated the Portuguese (Brazil) translation
- Максим Горпиніч, updated the Ukrainian translation
And also to all the people contributing in the ejabberd chatroom, issue tracker...
Improvements in ejabberd Business Edition
For customers of the ejabberd Business Edition, in addition to all those improvements and bugfixes:
- Bugfix on
max_concurrent_connectionsformod_gcm,mod_webhookandmod_webpush
ChangeLog
This is a more complete list of changes in this ejabberd release:
Security fixes
mod_muc_occupantid: Fix handling multiple occupant-id
Commands API
kick_users: New command to kick all logged users for a given host
Bugfixes
- Fix issue with sql schema auto upgrade when using
sqlitedatabase - Fix problem with container update, that could ignore previous data stored in
mnesiadatabase - Revert limit of allowed characters in shared roster group names, that will again allow using symbols like
: - Binary installers and
ejabberdcontainer image: Updated to Erlang/OTP 27.3.2
Full Changelog
https://github.com/processone/ejabberd/compare/25.03...25.04
ejabberd 25.04 download & feedback
As usual, the release is tagged in the Git source code repository on GitHub.
The source package and installers are available in ejabberd Downloads page. To check the *.asc signature files, see How to verify ProcessOne downloads integrity.
For convenience, there are alternative download locations like the ejabberd DEB/RPM Packages Repository and the GitHub Release / Tags.
The ecs container image is available in docker.io/ejabberd/ecs and ghcr.io/processone/ecs. The alternative ejabberd container image is available in ghcr.io/processone/ejabberd.
If you consider that you've found a bug, please search or fill a bug report on GitHub Issues.
