aboutsummaryrefslogtreecommitdiffstats
path: root/CHANGES
Commit message (Collapse)AuthorAgeFilesLines
* net.server_epoll: Add support for TCP Fast OpenKim Alvefur2021-07-081-0/+1
| | | | | | | | | | | | | Requires a patch to LuaSocket adding this socket option, https://github.com/lunarmodules/luasocket/pull/378 sysctl tweaks net.ipv4.tcp_fastopen=3 net.ipv4.tcp_fastopen_blackhole_timeout_sec = 0 net.ipv4.tcp_fastopen_key=$(</proc/sys/kernel/random/uuid) Disabled by default since it an advanced performance tweak unlikely to be needed by most servers.
* CHANGES: Update to add new changes in trunkMatthew Wild2022-03-191-0/+14
|
* CHANGES: Update to reflect 0.12.0 releaseMatthew Wild2022-03-191-2/+4
|
* CHANGES: Mention STUN/TURN support in 'prosodyctl check'Matthew Wild2022-03-051-0/+1
|
* Merge config-updates+check-turn from timberMatthew Wild2022-03-041-0/+2
|\
| * usermanager, mod_saslauth: Default to internal_hashed if no auth module ↵Matthew Wild2022-02-101-0/+1
| | | | | | | | | | | | | | | | | | | | specified The default config was updated in this way long ago, but if no option was present in the config, Prosody would load internal_plain. This change can result in changes (for the better) for people using very old configuration files lacking an 'authentication' setting.
| * various: Require encryption by default for realKim Alvefur2021-12-251-0/+1
| | | | | | | | | | | | | | | | | | These options have been specified (and enabled) in the default config file for a long time. However if unspecified in the config, they were not enabled. Now they are. This may result in a change of behaviour for people using very old config files that lack the require_encryption options. But that's what we want.
* | util.poll: Add support for the poll() APIKim Alvefur2022-02-231-0/+1
|/ | | | Might be better than select(), more portable than epoll.
* CHANGES: Mention graceful shutdownKim Alvefur2022-02-181-0/+3
|
* mod_s2s: Enable outgoing Direct TLS connectionsKim Alvefur2022-01-211-1/+1
| | | | | | | | | | Makes it faster by cutting out the roundtrips involved in <starttls/>, at the cost of making an additional SRV lookup. Since we already ignore a missing <starttls/> offer and try anyway there is not much difference in security. The fact that XMPP is used and the hostnames involved might still be visible until the future Encrypted ClientHello extension allows hiding those too.
* mod_http: Limit unencrypted http port (5280) to loopback by defaultKim Alvefur2022-01-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | Since accessing this port directly over the wider Internet is unlikely to intentional anymore. Most uses will likely be by reverse proxies, by mistake or because of trouble configuring HTTPS. Blocking mistaken uses is just a good thing, letting users send potentially private things unencrypted tends to be Strongly Discouraged these days. Many reverse proxy setups operate over loopback, so listening there instead of all interfaces is a net improvement. Improved automatic certificate location and SNI support has mostly eliminated the need for manual certificate configuration so HTTPS should Just Work once certificates have been provided. For local testing during development, connecting over loopback is likely fine as well. When really needed, `http_interfaces` can still be set. Suggested by Link Mauve
* mod_bookmarks: Import mod_bookmarks2 from prosody-modules @ ad7767a9f3eaEmmanuel Gil Peyrot2022-01-041-0/+1
|
* mod_invites_adhoc: Import from prosody-modules@5001104f0275Kim Alvefur2022-01-051-0/+1
|
* mod_invites_register: Import from prosody-modules@797b51043767Kim Alvefur2021-12-291-0/+1
|
* mod_invites: Import from prosdy-modules@5fc306239db3Kim Alvefur2021-12-271-0/+1
|
* mod_tombstones: Remember deleted accounts #1307Kim Alvefur2021-12-231-0/+1
| | | | | | | | | Presence subscriptions are normally revoked on account deletion, which informs the contact. Sometimes this notification gets lost e.g. due to s2s problems. The accounts JID may also be present e.g. in MUC affiliations, chat group member lists, pubsub subscriptions or other systems. These may grant privileges which would fall to someone who creates the same account again, which this module is meant to prevent.
* core.certmanager: Presets based on Mozilla SSL Configuration GeneratorKim Alvefur2019-12-221-0/+1
| | | | ssl_preset = "modern"
* CHANGES: Add various thingsKim Alvefur2021-12-211-2/+14
|
* CHANGES: Reorganize by added/changed/removed to improve readabilityKim Alvefur2021-12-211-25/+48
|
* CHANGES: Mention mod_http_openmetricsKim Alvefur2021-11-241-0/+1
|
* mod_smacks: Import from prosody-modules @ eb63890ae8fcKim Alvefur2021-11-161-0/+1
|
* mod_auth_cyrus: Remove (move to community modules)Kim Alvefur2021-10-171-0/+1
| | | | mod_auth_ldap provides LDAP support without being tied to Cyrus
* CHANGES: Add mod_auth_ldapKim Alvefur2021-10-051-0/+1
|
* prosodyctl: Add external connectivity check based on observe.jabber.networkJonas Schäfer2020-05-061-0/+1
| | | | | | | This uses the (experimental) observe.jabber.network API to perform external connectivity checks. The idea is to complement the checks prosodyctl can already do with a (nearly) complete s2s/c2s handshake from a remote party to test the entire stack.
* mod_s2s: Add a Direct TLS listenerKim Alvefur2021-08-101-1/+1
| | | | | | Mirroring the c2s 'direct_tls'. Naming things is hard. direct_tls_s2s_ports = { 5269+1 }
* net.server_select: Deprecate and warn about itKim Alvefur2021-09-031-0/+1
| | | | | | | | | To be removed in the future, but not right now. Give the log warning a chance to prod anyone who might have network_backend="select" in their config first. There's also things built on Verse which uses server_select.lua, which will need to be updated somehow.
* mod_mam: Suppress offline message broadcast for MAM clientsKim Alvefur2021-08-311-0/+1
| | | | | | | | MattJ on 09:34:24 > Zash: I think as a first step, offline messages should not be sent to > clients that request MAM https://chat.modernxmpp.org/log/modernxmpp/2021-08-31#2021-08-31-8518a542bd283686
* Revert 926d53af9a7a: Restore DANE supportKim Alvefur2021-07-181-0/+1
| | | | | Previous commit adds a workaround, so this doesn't mutate global state anymore, only per-connection 'extra' state as originally intended.
* CHANGES: Add Direct TLS supportKim Alvefur2021-06-201-0/+1
| | | | | | | | Since there is now support for SNI with per-host certificates as well as support in `prosodyctl check dns`. Previous "support" was just the 'legacy_ssl' option, which didn't have much other supporting code.
* CHANGES: Add OpenMetrics changes to StatisticsKim Alvefur2021-06-191-0/+1
|
* mod_turn_external: Simple module to offer TURN(+STUN) via mod_external_servicesKim Alvefur2021-01-211-1/+2
|
* core.modulemanager: Inherit mod_server_contact_info onto components #1270Kim Alvefur2021-05-271-0/+1
|
* core.statsmanager: Allow special "manual" value for statistics_intervalKim Alvefur2021-04-061-0/+1
| | | | | | | | | | | | | When set, no periodic statistics collection is done by core.statsmanager, instead some module is expected to call collect() when it suits. Obviously only one such module should be enabled. Quoth jonas’ > correct way is to scrape the internal sources on each call to /metrics > in the context of Prometheus "manual" as opposed to "automatic", from the point of view of statsmanager.
* net.resolvers.basic: Disable DANE for now, completely brokenKim Alvefur2021-03-031-1/+0
| | | | | Turns out 'extra' is, at least for mod_s2s, the same table for *all* connections.
* net.connect: Add DANE supportKim Alvefur2021-03-021-0/+1
| | | | | | Disabled DANE by default, since it needs extra steps to be useful. The built-in DNS stub resolver does not support DNSSEC so having DANE enabled by default only leads to an extra wasted DNS request.
* CHANGES: Clarify what mod_mimicking doesKim Alvefur2021-01-301-1/+1
|
* mod_http_file_share: Let's write another XEP-0363 implementationKim Alvefur2021-01-261-0/+1
| | | | | | | | | | This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
* Update CHANGES and doap.xml for XEP-0421 supportMatthew Wild2020-11-241-0/+1
|
* CHANGES: Add util.errorKim Alvefur2020-09-281-0/+1
|
* mod_external_services: XEP-0215: External Service DiscoveryKim Alvefur2020-07-181-0/+1
|
* CHANGES: Add libunboundKim Alvefur2020-06-251-0/+1
|
* util.sasl.digest-md5: Remove, obsolete since 2011Kim Alvefur2020-04-141-0/+1
| | | | | | | RFC 6331 lists several problems with this outdated authentication mechanism. The code here was also completely ignored by lint checks and has probably not been used for a long time, as it is incompatible with SCRAM-hashed password storage.
* CHANGES: Mention deprecation of 'daemonize' optionKim Alvefur2020-01-261-0/+1
|
* mod_net_multiplex: Add support for using ALPNKim Alvefur2019-11-291-0/+1
| | | | | | | Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose.
* CHANGES: Add a line for #1335Kim Alvefur2019-10-201-0/+1
|
* net.http.server: Re-fire unhandled HEAD requsts as GET events (fixes #1447)Kim Alvefur2019-10-121-0/+1
| | | | | | BC: This overloads the GET event. Previous commit ensures HEAD requests are sent without a body.
* CHANGES: Add XEP-0288Kim Alvefur2019-09-081-0/+1
|
* mod_auth_internal_hashed: Add support for optionally using SCRAM-SHA-256 ↵Kim Alvefur2019-01-131-0/+1
| | | | | | | instead of SHA-1 This will currently require a hard reset of all passwords back to plain. This will be least painful on new deployments.
* migrator: Rewrite to use storage modulesKim Alvefur2019-05-051-0/+1
| | | | | This allows migrating to and from any storage module that supports the right methods. Based on experimental mod_migrate work.
* mod_mimicking: Prevents registration of confusable usernames (by Florob) ↵Kim Alvefur2012-08-061-0/+1
| | | | (fixes #1347)