ejabberd 18.03

After two months of active development, we’re happy to announce the release of ejabberd 18.03 which includes many improvements, new options, and bugfixes.

New configuration options

New ‘negotiation_timeout’ option

The option can be used to specify a period (in seconds) for a stream negotiation to complete. If the timer fires, the stream is considered as failed and the underlying connection gets closed.

This is a global option (you cannot set it per domain) and the default is 30 seconds.

New ‘validate_stream’ option

If set to true, all incoming XML packets are fully validated against known schemas. If an error occurs, the packet will be bounced with the corresponding error reason. The option might be useful to protect client software from sophisticated bugs related to XML validation as well as for client developers who want to catch validation errors at an early stage of development.

The default value is false.

Note that the option might have a slight performance impact, so use it with care on loaded machines.

New ‘global_routes’ option for ejabberd_service

The option emulates legacy behavior which registers all routes defined in hosts on a component connected. This behavior is considered harmful in the case when it’s desired to multiplex different components on the same port, so, to disable it, set global_routes to false.

The default value is true, e.g. legacy behavior is emulated: the only reason for this is to maintain backward compatibility with existing deployments.

New ‘rate_limit’ option for mod_avatar

The option controls how many avatars a user can upload per minute. The option takes positive integer values. Note that the option only takes effect when an avatar is about to convert to a different format, i.e. it implies that convert option is configured.

The default is 10.

New ‘access’ option for mod_block_strangers

The option is supposed to be used when allow_local_users and allow_transports are not enough. It’s an ACL where deny means the message will be rejected (or a CAPTCHA would be generated for a presence), and allow means the sender is whitelisted and the stanza will pass through.

The default value is none, which means nothing is whitelisted.

New ‘captcha’ option for mod_block_strangers

When the option is set to true, the module will generate CAPTCHA challenges for incoming subscription requests. The option also implies that option drop is set to true. Note that the module won’t generate CAPTCHA challenges for messages: they will still be rejected if drop is set to true.

New force_node_config for mod_pubsub

The option can be used to override configuration options of a particular PubSub node. Example:

    mod_pubsub:
      ...
      force_node_config:
        "eu.siacs.conversations.axolotl.*":
          access_model: whitelist
        "*":
          persist_items: true

Remove ‘iqdisc’ option

Since we got rid of all bottleneck processes and we have a connection pool for every database, the option is no longer needed and in fact is detrimental: in practice, what you get is just a bunch of overloaded processes in the IQ handlers pool no matter how much you increase the iqdisc value.

Given that the option was not very well known and understood, it’s not simply deprecated but completely removed.

The commit also deprecates the following functions:
– gen_iq_handler:add_iq_handler/6
– gen_iq_handler:handle/5
– gen_iq_handler:iqdisc/1

New SQL schema

With the new database schema, all the tables that include the username, have also server_host. This means you can set one single database to serve all the virtual hosts. This is not enabled by default and needs explicit configuration in ejabberd.yml file.

When creating a new database, use the new schema to create the tables:

    mysql -u ejabberd_test ejadb < sql/mysql.new.sql

Then, in the ejabberd configuration file, add this line:

    new_sql_schema: true

If you already have a PostgreSQL database with old schema and contents, you can upgrade it to the new schema. Right now, only PostgreSQL database can be updated.

For that, first enable this module and restart ejabberd:

    new_sql_schema: true
    modules:
      mod_admin_update_sql: {}

Then execute the command:

    ejabberdctl update_sql

Changes

This is a brief list of most important improvements and fixes.

Admin

  • Avoid logging IP addresses in mod_register when it's not desired
  • Command 'reload-config' allows to reload certificates
  • Get rid of 'fs' package dependency
  • Improve log message when module startup has failed
  • mod_muc_admin: New command get_room_affiliation
  • prosody2ejabberd: Report meaningful error when luerl is not available

Configure

  • Accept atoms in api_permission command lists and commands with numbers in them
  • Validate additional listen opts: inet, inet6, backlog
  • Remove 'iqdisc' option
  • New option –enable-group=xxx
  • New option 'negotiation_timeout'
  • New option 'new_sql_schema'
  • New option 'validate_stream'
  • ejabberd_service: New option 'global_routes' for
  • mod_avatar: New 'rate_limit' option
  • mod_block_strangers: New 'access' option
  • mod_block_strangers: New 'captcha' option
  • mod_pubsub: New option ‘force_node_config’

Miscelanea

  • Simplify ejabberd_sup code
  • New gen_mod mod_options/1 callback to provide known options and defaults
  • Replace ?MYLANG with connection's language wherever possible
  • sql/*: Add username to peer indexes
  • cyrsasl: Simplify code for splitting auth string in cyrsasl
  • ejabberd_auth: Cache 'isuser' queries to external auth program
  • ejabberd_web_admin: Hardcode required ACL rules
  • mod_admin_extra: Command check_password_hash supports all hash methods
  • mod_admin_extra: Fix srg_get_info command with @all@ and @online@
  • mod_avatar: Fulfill all requirements of XEP-0398 v0.2.0
  • mod_avatar: Improve validation of 'convert' option
  • mod_block_strangers: Bounce groupchat to bare JID
  • mod_block_strangers: Fix a typo in call to create_captcha()
  • mod_caps: Only store CAPS if contact is subscribed
  • mod_carboncopy: Copy outgoing MUC PMs
  • mod_mam: Really run use_cache/1 and cache_nodes/1 callbacks
  • mod_pubsub: Remove items of unregistered user
  • mod_push_keepalive: Preserve timeout on resumption
  • mod_shared_roster: Try to fix ejabberd_c2s:process_info: got unexpected info
  • mod_shared_roster_ldap: Fix processing of ldap_memberattr_format_re option
  • mod_stream_mgmt: Abort connection on count error
  • mod_stream_mgmt: Clean up on timed out resumption

Feedback

As usual, the release is tagged in the Git source code repository on Github.

The source package and binary installers are available at ProcessOne.

If you suspect that you’ve found a bug, please search or fill a bug report on Github.


Related jobs at ProcessOne


Go Backend Developer
Paris, France

Javascript / Typescript Frontend Developer
Paris, France

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.