aboutsummaryrefslogtreecommitdiffstats
path: root/CHANGES
blob: 95b636ded65bab629f66a3090d09ab09fc15bf8d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
TRUNK
=====

## New

### Administration

- Add 'watch log' command to follow live debug logs at runtime (even if disabled)

### Networking

- Honour 'weight' parameter during SRV record selection
- Support for RFC 8305 "Happy Eyeballs" to improve IPv4/IPv6 connectivity
- Support for TCP Fast Open in server_epoll (pending LuaSocket support)
- Support for deferred accept in server_epoll (pending LuaSocket support)

### MUC

- Permissions updates:
  - Room creation restricted to local users (of the parent host) by default
    - restrict_room_creation = true restricts to admins, false disables all restrictions
  - Persistent rooms can only be created by local users (parent host) by default
    - muc_room_allow_persistent = false restricts to admins
  - Public rooms can only be created by local users (parent host) by default
    - muc_room_allow_public = false restricts to admins
- Commands to show occupants and affiliations in the Shell
- Save 'reason' text supplied with affiliation change

### Security and authentication

- Advertise supported SASL Channel-Binding types (XEP-0440)
- Implement RFC 9266 'tls-exporter' channel binding with TLS 1.3
- Implement 'tls-server-end-point' channel binding
- New role and permissions framework and API
- Ability to disable and enable user accounts
- Full DANE support for s2s
- A "grace period" is now supported for deletion requests via in-band registration

### Storage

- New 'keyval+' combined keyval/map store type
- Performance improvements in internal archive stores
- Ability to use SQLite3 storage using LuaSQLite3 instead of LuaDBI

### Module API

- Config interface API can require that string values be picked from a provided set
- Acceptable interval can be specified for number options
- Method for parsing time periods / intervals from config
- Method for retrieving integer settings from config
- It is now easy for modules to expose a Prosody shell command, by adding a shell-command item
- Modules can now implement a module.ready method which will be called after server initialization

### Configuration

- The configuration file now supports referring and appending to options previously set
- Direct usage of the Lua API in the config file is deprecated, but can now be accessed via Lua.* instead

## Changes

- Support sub-second precision timestamps
- mod_blocklist: New option 'migrate_legacy_blocking' to disable migration from mod_privacy
- Moved all modules into the Lua namespace `prosody.`
- Forwarded header from RFC 7239 supported, disabled by default
- mod_http_file_share now uses roles framework, affecting access from e.g. components
- Intervals of mod_cron managed periodic jobs made configurable
- When mod_smacks is enabled, s2s connections not responding to ack requests are closed.
- Arguments to `prosodyctl shell` that start with ':' are now turned into method calls
- Support for Type=notify and notify-reload systemd service type added

## Removed

- Lua 5.1 support
- XEP-0090 support removed from mod_time
- util.rfc6724

0.12.0
======

**2022-03-14**

## New

### Modules

-   mod_mimicking: Prevent address spoofing
-   mod_s2s_bidi: Bi-directional server-to-server (XEP-0288)
-   mod_external_services: generic XEP-0215 support
-   mod_turn_external: easy setup XEP-0215 for STUN+TURN
-   mod_http_file_share: File sharing via HTTP (XEP-0363)
-   mod_http_openmetrics for exposing metrics to stats collectors
-   mod_smacks: Stream management and resumption (XEP-0198)
-   mod_auth_ldap: LDAP authentication
-   mod_cron: One module to rule all the periodic tasks
-   mod_admin_shell: New home of the Console admin interface
-   mod_admin_socket: Enable secure connections to the Console
-   mod_tombstones: Prevent registration of deleted accounts
-   mod_invites: Create and manage invites
-   mod_invites_register: Create accounts using invites
-   mod_invites_adhoc: Create invites via AdHoc command
-   mod_bookmarks: Synchronise open rooms between clients

### Security and authentication

-   SNI support (including automatic certificate selection)
-   ALPN support in mod_net_multiplex
-   DANE support in low-level network layer
-   Direct TLS support (c2s and s2s)
-   SCRAM-SHA-256
-   Direct TLS (including https) certificates updated on reload
-   Pluggable authorization providers (mod_authz_)
-   Easy use of Mozilla TLS recommendations presets
-   Unencrypted HTTP port (5280) restricted to loopback by default
-   require_encryption options default to 'true' if unspecified
-   Authentication module defaults to 'internal_hashed' if unspecified

### HTTP

-   CORS handling now provided by mod_http
-   Built-in HTTP server now handles HEAD requests
-   Uploads can be handled incrementally

### API

-   Module statuses (API change)
-   util.error for encapsulating errors
-   Promise based API for sending queries
-   API for adding periodic tasks
-   More APIs supporting ES6 Promises
-   Async can be used during shutdown

### Other

-   Plugin installer
-   MUC presence broadcast controls
-   MUC: support for XEP-0421 occupant identifiers
-   `prosodyctl check connectivity` via observe.jabber.network
-   STUN/TURN server tests in `prosodyctl check`
-   libunbound for DNS queries
-   The POSIX poll() API used by server_epoll on \*nix other than Linux

## Changes

-   Improved rules for mobile optimizations
-   Improved rules for what messages should be archived
-   mod_limits: Exempted JIDs
-   mod_server_contact_info now loaded on components if enabled
-   Statistics now based on OpenMetrics
-   Statistics scheduling can be done by plugin
-   Offline messages aren't sent to MAM clients
-   Archive quotas (means?)
-   Rewritten migrator with archive support
-   Improved automatic certificate locating and selecting
-   Logging to syslog no longer missing startup messages
-   Graceful shutdown sequence that closes ports first and waits for
    connections to close

## Removed

-   `daemonize` option deprecated
-   SASL DIGEST-MD5 removed
-   mod_auth_cyrus (older LDAP support)
-   Network backend server_select deprecated (not actually removed yet)

0.11.0
======

**2018-11-18**

New features
------------

-   Rewritten more extensible MUC module
    -   Store inactive rooms to disk
    -   Store rooms to disk on shutdown
    -   Voice requests
    -   Tombstones in place of destroyed rooms
-   PubSub features
    -   Persistence
    -   Affiliations
    -   Access models
    -   "publish-options"
-   PEP now uses our pubsub code and now shares the above features
-   Asynchronous operations
-   Busted for tests
-   mod\_muc\_mam (XEP-0313 in groupchats)
-   mod\_vcard\_legacy (XEP-0398)
-   mod\_vcard4 (XEP-0292)
-   mod\_csi, mod\_csi\_simple (XEP-0352)
-   New experimental network backend "epoll"

0.10.0
======

**2017-10-02**

New features
------------

-   Rewritten SQL storage module with Archive support
-   SCRAM-SHA-1-PLUS
-   `prosodyctl check`
-   Statistics
-   Improved TLS configuration
-   Lua 5.2 support
-   mod\_blocklist (XEP-0191)
-   mod\_carbons (XEP-0280)
-   Pluggable connection timeout handling
-   mod\_websocket (RFC 7395)
-   mod\_mam (XEP-0313)

Removed
-------

-   mod\_privacy (XEP-0016)
-   mod\_compression (XEP-0138)