From df4bde023ba33f3a84538aa5cd10a0e1bda64990 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 16 Sep 2023 14:23:08 +0200
Subject: mod_http_file_share: Switch to the new authz API (BC)

Behavior change: It becomes up to the authorization module whether to
allow requests. The default, mod_authz_internal, will allow users on the
*parent* host only, breaking use by some components.

Remaining question is whether to deprecate the `http_file_share_access`
setting or leave as a way to complement/bypass access control?
---
 CHANGES | 1 +
 1 file changed, 1 insertion(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 68900215..db16128b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -51,6 +51,7 @@ TRUNK
 - mod_blocklist: New option 'migrate_legacy_blocking' to disable migration from mod_privacy
 - Moved all modules into the Lua namespace `prosody.`
 - Forwarded header from RFC 7239 supported, disabled by default
+- mod_http_file_share now uses roles framework, affecting access from e.g. components
 
 ## Removed
 
-- 
cgit v1.2.3