When building the certificates chains, if several certificates
are found matching the same domain their validity is checked:
* the invalid one is ignored and the valid one is picked
* if both are valid or both are invalid, then the one with
sooner expiration is ignored.
Fixes#2454
Also, SASL mechanisms chaining is now supported:
if several mechanisms are supported and authentication
fails, next mechanism in the list is picked, until the
list is exhausted. In the case of a failure, the latest
SASL failure reason is returned within handle_auth_failure/3
callback.
This error condition is defined within stream errors, however,
XEP-0198 says:
> This element SHOULD contain an error condition, which MUST
> be one of the **stanza** error conditions defined in RFC 6120.
* oom_watermark: 1..100
Start OOM watchdog only when system memory usage exceeds
this value in percents. When the usage drops below the value,
OOM watchdog is stopped. The default is 80 (percents).
Note that once OOM watchdog is started, it performs full garbage
collection periodically: this can be seen as spikes in CPU
utilization and drops in RAM usage. If your system is permanently
above the watermark, it may cause significant CPU overhead.
* oom_queue: positive integer
Only trigger OOM killer when total amount of messages in all queues
of all Erlang processes is above this value. The default is 10000.
Note that this value only takes effect when `oom_killer` is set
to `true` (this is the default). Otherwise, only a warning will
be logged.
Set the 'include_body' option to a static text by default. Some app
servers check for the presence of a 'last-message-body' field to
distinguish between notifications generated for actual chat messages and
notifications triggered by other types of traffic.
The result returned by connected_users_info command has changed,
and is now similar to the result of user_sessions_info.
Notice that num_active_users and process_rosteritems still require Mnesia.
The header consisted of too many unrelated stuff and macros misuse.
Some stuff is moved into scram.hrl and type_compat.hrl.
All macros have been replaced with the corresponding function calls.
TODO: probably type_compat.hrl is not even needed anymore since
we support only Erlang >= OTP 17.5
Don't include a urn:xmpp:push:summary form in push notifications that
are triggered by outgoing messages. App servers might use the form
fields to generate user-visible notifications directly (as opposed to
just waking the client app). This is usually not desired for outgoing
messages.
If the 'include_sender' and/or 'include_body' options are specified,
also include a urn:xmpp:push:summary form in push notifications that are
generated for carbon-copied messages (with a body).
Now room owners are able to set a preferred language
for the discussions in the room, so other users can
discover rooms based on the language they wish to talk.
TODO: the language format should conform to RFC 5646.
This check should be implemented in 'xmpp' library.
Fixes#2436
If a callback function is not defined by the `Mod` then
a call to code_server process is performed. Under heavy load
this may cause code_server to get overloaded. We now avoid this.
ext_api_headers can be defined as a single string. Headers are separated
by comma. Definition MUST NOT contain spaces. Example
"X-MyHead:test,X-Token:082748"
Due to historical reasons, ejabberd loads the whole file/data
into the memory when serving an HTTP request. This is now improved:
1) For GET requests ejabberd uses sendfile(2) if the underlying
connection is HTTP and falls back to read/write loop with 64kb
buffer for HTTPS connections. This type of requests are handled
by mod_http_fileserver, mod_http_upload, ejabberd_captcha, etc
2) POST requests are now limited to 20Mb and are fully downloaded
into the memory for further processing (by ejabberd_web_admin,
mod_bosh, etc)
3) PUT requests (e.g. for mod_http_upload) are handled by read/write
loop with 64kb buffer
Since now, ejabberd doesn't ignore unknown options and doesn't
allow to have options with malformed values. The rationale for
this is to avoid unexpected behaviour during runtime, i.e. to
conform to "fail early" approach. Note that it's safe to reload
a configuration with potentialy invalid and/or unknown options:
this will not halt ejabberd, but will only prevent the configuration
from loading.
***NOTE FOR PACKAGE BUILDERS***
This new behaviour should be documented in the upgrade notes.
Now all external ports are attached to supervising processes
and requests are balanced in round-robin manner until the pool
is exhausted.
The commit also deprecates `extauth_instances` option and introduces
`extauth_pool_size` option instead, with the default value of a number
of logical processors (i.e. CPU cores).
Fixes#2403