From 5d0ae73a2a13ab9d6b19db62661d9227ed302f4d Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 19 Mar 2022 11:47:52 +0000 Subject: CHANGES: Update to add new changes in trunk --- CHANGES | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index d963f310..5b37d729 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,17 @@ +TRUNK +===== + +## New + +### Administration + +- Add 'watch log' command to follow live debug logs at runtime (even if disabled) + +### Networking + +- Honour 'weight' parameter during SRV record selection +- Support for RFC 8305 "Happy Eyeballs" to improve IPv4/IPv6 connectivity + 0.12.0 ====== -- cgit v1.2.3 From 575b997d1dd13d4295e5bc2f612f8f639c5d9a60 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 8 Jul 2021 12:29:50 +0200 Subject: net.server_epoll: Add support for TCP Fast Open Requires a patch to LuaSocket adding this socket option, https://github.com/lunarmodules/luasocket/pull/378 sysctl tweaks net.ipv4.tcp_fastopen=3 net.ipv4.tcp_fastopen_blackhole_timeout_sec = 0 net.ipv4.tcp_fastopen_key=$( Date: Sun, 15 May 2022 22:41:17 +0200 Subject: net.server_epoll: Add option to defer accept() until data available This is a Linux(?) socket option that delays the accept signal until there is data available to read. E.g. with HTTP this might mean that a whole request can be handled without going back trough another turn of the main loop, and an initial client can be responded to. This may have effects on latency and resource use, as the server does not need to allocate resources until really needed. --- CHANGES | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index f47dc1a9..e34ea88e 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,7 @@ TRUNK - Honour 'weight' parameter during SRV record selection - Support for RFC 8305 "Happy Eyeballs" to improve IPv4/IPv6 connectivity - Support for TCP Fast Open in server_epoll (pending LuaSocket support) +- Support for deferred accept in server_epoll (pending LuaSocket support) 0.12.0 ====== -- cgit v1.2.3 From 2048a7a762e619974557c4015429626443835b4c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 6 Dec 2020 22:04:43 +0100 Subject: mod_saslauth: Advertise channel bindings via XEP-0440 This is useful when there's more than one channel binding in circulation, since perhaps there will be varying support for them. --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index e34ea88e..213be9da 100644 --- a/CHANGES +++ b/CHANGES @@ -14,6 +14,10 @@ TRUNK - Support for TCP Fast Open in server_epoll (pending LuaSocket support) - Support for deferred accept in server_epoll (pending LuaSocket support) +### Security and authentication + +- Advertise supported SASL Channel-Binding types (XEP-0440) + 0.12.0 ====== -- cgit v1.2.3 From c8a49ad14411a858ceb3cc4c4df091d31cb90ed7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 5 Jul 2022 14:59:47 +0200 Subject: CHANGES: Lua 5.1 support removed (closes #1600) --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index 213be9da..e1f0854a 100644 --- a/CHANGES +++ b/CHANGES @@ -18,6 +18,10 @@ TRUNK - Advertise supported SASL Channel-Binding types (XEP-0440) +## Removed + +- Lua 5.1 support + 0.12.0 ====== -- cgit v1.2.3 From 8db7cdc71321f4a367338df87a7e90629e741ff9 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 1 Jun 2022 15:06:59 +0200 Subject: mod_saslauth: Implement RFC 9266 'tls-exporter' channel binding (#1760) Brings back SCRAM-SHA-*-PLUS from its hiatus brought on by the earlier channel binding method being undefined for TLS 1.3, and the increasing deployment of TLS 1.3. See 1bfd238e05ad and #1542 Requires future version of LuaSec, once support for this key material export method is merged. See https://github.com/brunoos/luasec/pull/187 --- CHANGES | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index e1f0854a..48fe37d5 100644 --- a/CHANGES +++ b/CHANGES @@ -17,6 +17,7 @@ TRUNK ### Security and authentication - Advertise supported SASL Channel-Binding types (XEP-0440) +- Implement RFC 9266 'tls-exporter' channel binding with TLS 1.3 ## Removed -- cgit v1.2.3 From c85c18b03ab627ee81273d4c0f0009e1a5cc2d03 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 14 Aug 2022 16:57:31 +0200 Subject: util.datetime: Add support for sub-second precision timestamps Lua since 5.3 raises a fuss when time functions are handed a number with a fractional part and the underlying C functions are all based on integer seconds without support for more precision. --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index 48fe37d5..7df64d70 100644 --- a/CHANGES +++ b/CHANGES @@ -19,6 +19,10 @@ TRUNK - Advertise supported SASL Channel-Binding types (XEP-0440) - Implement RFC 9266 'tls-exporter' channel binding with TLS 1.3 +## Changes + +- Support sub-second precision timestamps + ## Removed - Lua 5.1 support -- cgit v1.2.3 From 2294d8b8e08fbf75985bd976bc32c79293a478ef Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 15 Aug 2022 16:35:14 +0200 Subject: mod_time: Remove obsolete XEP-0090 support Deprecated even before Prosody even started, obsolete for over a decade. --- CHANGES | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index 7df64d70..3eafb718 100644 --- a/CHANGES +++ b/CHANGES @@ -26,6 +26,7 @@ TRUNK ## Removed - Lua 5.1 support +- XEP-0090 support removed from mod_time 0.12.0 ====== -- cgit v1.2.3 From 227f6c033697210a54f671f5b9128cde8699fdcd Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 22 Aug 2022 13:03:10 +0100 Subject: CHANGES: Add role auth --- CHANGES | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index 3eafb718..d96c5d63 100644 --- a/CHANGES +++ b/CHANGES @@ -18,6 +18,7 @@ TRUNK - Advertise supported SASL Channel-Binding types (XEP-0440) - Implement RFC 9266 'tls-exporter' channel binding with TLS 1.3 +- New role and permissions framework and API ## Changes -- cgit v1.2.3 From dfd1e396bb80af04b25f82efafc6d1dd67d7056a Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 29 Sep 2022 12:57:05 +0100 Subject: CHANGES: Update with MUC permission changes --- CHANGES | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index d96c5d63..ea4ef9e0 100644 --- a/CHANGES +++ b/CHANGES @@ -14,6 +14,16 @@ TRUNK - Support for TCP Fast Open in server_epoll (pending LuaSocket support) - Support for deferred accept in server_epoll (pending LuaSocket support) +### MUC + +- Permissions updates: + - Room creation restricted to local users (of the parent host) by default + - restrict_room_creation = true restricts to admins, false disables all restrictions + - Persistent rooms can only be created by local users (parent host) by default + - muc_room_allow_persistent = false restricts to admins + - Public rooms can only be created by local users (parent host) by default + - muc_room_allow_public = false restricts to admins + ### Security and authentication - Advertise supported SASL Channel-Binding types (XEP-0440) -- cgit v1.2.3 From 2269035c0dd4831975fa40ffeb0848a1ada478b5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 17 Oct 2022 15:20:06 +0200 Subject: mod_blocklist: Add option 'migrate_legacy_blocking' to disable migration from mod_privacy Tiny performance improvement for new users by skipping this check. Most servers should have gone trough the migration for all active users long ago. As a suitable first step of phasing out this code, we make it possible to disable it first. Later it can be disabled by default, before finally the code is deleted. --- CHANGES | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index ea4ef9e0..12f67082 100644 --- a/CHANGES +++ b/CHANGES @@ -33,6 +33,7 @@ TRUNK ## Changes - Support sub-second precision timestamps +- mod_blocklist: New option 'migrate_legacy_blocking' to disable migration from mod_privacy ## Removed -- cgit v1.2.3