Setting the new mod_muc option tombstone_expiry to a positive integer
will make that any room destroyed gets replaced with a room tombstone.
That tombstone cannot be joined, so it blocks accessing the old room JID
until the expiry seconds have passed.
The default value is 0 seconds, so tombstones are not created.
As mod_offline currently doesn't preserve metadata, add an explicit
check for messages retrieved from offline storage to avoid stripping
their stanza IDs.
Thanks to Zuglufttier for spotting this.
RFC 2616 says: "A 200 response SHOULD include any header fields that
indicate optional features implemented by the server and applicable to
that resource (e.g., Allow) [...]."
Since we now use Lua scripting for cleaning up c2s sessions
the minimum supported Redis version is 3.2.0 or above because
we need to work correctly with Redis replication mechanism.
****** BACKWARD INCOMPATIBILITY WARNING *******
** THIS SHOULD BE ADDED TO THE RELEASE NOTES **
*** PACKAGE MAINTAINERS SHOULD BE INFORMED ***
***********************************************
XEP-0060 states that 'node' and 'jid' attributes to <options> element MUST NOT
be included when <options> are specified at same time as <subscribe> :
https://xmpp.org/extensions/xep-0060.html#subscriber-configure-subandconfig
mod_pubsub will require 'node' and 'jid' attributes on standalone pubsub
options requests, and reject subscribe requests that have options that include
either 'node' or 'jid'
Fix mod_http_upload_quota's process name lookup for the case where a
slot is requested by a JID whose domain part is not the virtual host the
mod_http_upload_quota process is running on.
Let up to 100 clients of a given account join MUC rooms by default. The
old default value can be too small, e.g., when users join many (private)
rooms with multiple devices.
The option makes it possible to offload all HTTP Upload processing
to a separate HTTP server. Both ejabberd and the HTTP server
should share this secret and behave exactly as described at
at https://modules.prosody.im/mod_http_upload_external.html
in the 'Implementation' section. Example configuration:
modules:
...
mod_http_upload:
...
put_url: "http://separate.http.server/upload"
external_secret: "foo bar baz"
...
After some discussion with the community it was decided to
clean the configuration file from excessive comments and
explicitly configured default values. Also, mod_mam and
mod_http_upload have been added.
The rationale for this is to have a clean and not bloated
configuration file which doesn't scare away newcomers and
which has all features from the Compliance Suite 2018 (XEP-0387)
enabled by default.
For further configuration an admin is encouraged to read the
documentation at https://docs.ejabberd.im/admin/configuration
When building the certificates chains, if several certificates
are found matching the same domain their validity is checked:
* the invalid one is ignored and the valid one is picked
* if both are valid or both are invalid, then the one with
sooner expiration is ignored.
Fixes#2454
Also, SASL mechanisms chaining is now supported:
if several mechanisms are supported and authentication
fails, next mechanism in the list is picked, until the
list is exhausted. In the case of a failure, the latest
SASL failure reason is returned within handle_auth_failure/3
callback.
This error condition is defined within stream errors, however,
XEP-0198 says:
> This element SHOULD contain an error condition, which MUST
> be one of the **stanza** error conditions defined in RFC 6120.
* oom_watermark: 1..100
Start OOM watchdog only when system memory usage exceeds
this value in percents. When the usage drops below the value,
OOM watchdog is stopped. The default is 80 (percents).
Note that once OOM watchdog is started, it performs full garbage
collection periodically: this can be seen as spikes in CPU
utilization and drops in RAM usage. If your system is permanently
above the watermark, it may cause significant CPU overhead.
* oom_queue: positive integer
Only trigger OOM killer when total amount of messages in all queues
of all Erlang processes is above this value. The default is 10000.
Note that this value only takes effect when `oom_killer` is set
to `true` (this is the default). Otherwise, only a warning will
be logged.
Set the 'include_body' option to a static text by default. Some app
servers check for the presence of a 'last-message-body' field to
distinguish between notifications generated for actual chat messages and
notifications triggered by other types of traffic.
The result returned by connected_users_info command has changed,
and is now similar to the result of user_sessions_info.
Notice that num_active_users and process_rosteritems still require Mnesia.
The header consisted of too many unrelated stuff and macros misuse.
Some stuff is moved into scram.hrl and type_compat.hrl.
All macros have been replaced with the corresponding function calls.
TODO: probably type_compat.hrl is not even needed anymore since
we support only Erlang >= OTP 17.5
Don't include a urn:xmpp:push:summary form in push notifications that
are triggered by outgoing messages. App servers might use the form
fields to generate user-visible notifications directly (as opposed to
just waking the client app). This is usually not desired for outgoing
messages.
If the 'include_sender' and/or 'include_body' options are specified,
also include a urn:xmpp:push:summary form in push notifications that are
generated for carbon-copied messages (with a body).
Now room owners are able to set a preferred language
for the discussions in the room, so other users can
discover rooms based on the language they wish to talk.
TODO: the language format should conform to RFC 5646.
This check should be implemented in 'xmpp' library.
Fixes#2436
If a callback function is not defined by the `Mod` then
a call to code_server process is performed. Under heavy load
this may cause code_server to get overloaded. We now avoid this.
ext_api_headers can be defined as a single string. Headers are separated
by comma. Definition MUST NOT contain spaces. Example
"X-MyHead:test,X-Token:082748"
Due to historical reasons, ejabberd loads the whole file/data
into the memory when serving an HTTP request. This is now improved:
1) For GET requests ejabberd uses sendfile(2) if the underlying
connection is HTTP and falls back to read/write loop with 64kb
buffer for HTTPS connections. This type of requests are handled
by mod_http_fileserver, mod_http_upload, ejabberd_captcha, etc
2) POST requests are now limited to 20Mb and are fully downloaded
into the memory for further processing (by ejabberd_web_admin,
mod_bosh, etc)
3) PUT requests (e.g. for mod_http_upload) are handled by read/write
loop with 64kb buffer
Since now, ejabberd doesn't ignore unknown options and doesn't
allow to have options with malformed values. The rationale for
this is to avoid unexpected behaviour during runtime, i.e. to
conform to "fail early" approach. Note that it's safe to reload
a configuration with potentialy invalid and/or unknown options:
this will not halt ejabberd, but will only prevent the configuration
from loading.
***NOTE FOR PACKAGE BUILDERS***
This new behaviour should be documented in the upgrade notes.
Now all external ports are attached to supervising processes
and requests are balanced in round-robin manner until the pool
is exhausted.
The commit also deprecates `extauth_instances` option and introduces
`extauth_pool_size` option instead, with the default value of a number
of logical processors (i.e. CPU cores).
Fixes#2403
Some mobile apps might only be notified on actual chat messages with
a body, so don't let mod_push_keepalive reset the stream management
timeout on other types of traffic.
Add 'include_sender' and 'include_body' options. If one or both of them
are set to 'true', a urn:xmpp:push:summary form with the enabled
field(s) is included in push notifications that are generated for
messages with a body.
The 'include_body' option can instead be set to a static text. In this
case, the specified text will be included in place of the actual message
body. This can be useful to signal the push service whether the
notification was triggered by a message with body (as opposed to other
types of traffic) without leaking actual message contents.
If a pending stream management session is closed with a stream error,
this is usually due to the client opening a new stream that conflicts
with the old one. Don't generate a push notification in this situation.
Accept all alphanumeric characters of any script in user and file names
rather than replacing non-ASCII characters with underscores. However,
non-alphanumeric characters are still replaced, except for "." and "-".
Closes#2346.
New hook 'component_send_packet' added.
Callback function must accept one argument {Pkt, ComponentState} and should yield 'drop' or {NewPkt, NewComponentState}.
When modules for some virtual host are about to be started,
they are topologically sorted to preserve dependencies order.
We now keep this order for stop/reload functions to work properly.
The option can be used to override configuration options of a
particular PubSub node. Example:
mod_pubsub:
...
force_node_config:
"eu.siacs.conversations.axolotl.*":
access_model: whitelist
"*":
persist_items: true
Fixes#2276
During resumption, make sure the old process and the corresponding
session entry are disposed also in the case where the call that queries
the old process times out.
The options "inet", "inet6" and "backlog" are valid listen options, but are
currently logged as errors (even though they do work):
2018-02-28 16:08:44.141 [error] <0.338.0>@ejabberd_listener:validate_module_option:630 unknown listen option 'backlog' for 'ejabberd_c2s' will be likely ignored, available options are: access, shaper, certfile, ciphers, dhfile, cafile, client_cafile, protocol_options, tls, tls_compression, starttls, starttls_required, tls_verify, zlib, max_fsm_queue
This adds the necessary validators so they are correctly recognized.
Call Mod:handle_auth_success/4 and Mod:handle_auth_failure/4 before
sending the SASL response rather than afterwards. This way, callbacks
can send a custom response and disconnect.
Incoming MUC PMs aren't carbon-copied, as the MUC service usually forks
them. However, don't suppress copying of outgoing PMs, where no such
forking takes place.
The option can be used to specify a period (in seconds) for a stream
negotiation to complete. If the timer fires, the stream is considered
as failed and the underlying connection gets closed. This is a global
option (you cannot set it per domain) and the default is 30 seconds.
The option is supposed to be used when `allow_local_users`
and `allow_transports` are not enough. It's an ACL where `deny`
means the message will be rejected (or a CAPTCHA would be
generated for a presence), and `allow` means the sender is
whitelisted and the stanza will pass through.
The default value is `none`, which means nothing is whitelisted.
The option emulates legacy behaviour which registers all routes
defined in `hosts` on a component connected. This behaviour
is considered harmful in the case when it's desired to multiplex
different components on the same port, so, to disable it,
set `global_routes` to `false`. The default value is `true`,
e.g. legacy behaviour is emulated: the only reason for this is
to maintain backward compatibility with existing deployments.
Since we got rid of all bottle-neck processes and we have
a connection pool for every database, the option is no longer
needed and in fact is detrimental: in practice what you get
is just a bunch of overloaded processes in the IQ handlers pool
no matter how much you increase the `iqdisc` value.
Given that there are close to zero operators understanding
the meaning of the option and, hence, not using it all,
it's not simply deprecated but completely removed.
The commit also deprecates the following functions:
- gen_iq_handler:add_iq_handler/6
- gen_iq_handler:handle/5
- gen_iq_handler:iqdisc/1
If the client acknowledged more stanzas than the server sent, close the
connection with a stream error rather than hiding client bugs by silently
adjusting the server's count.
If set to `true`, all incoming XML packets are fully validated
against known schemas. If an error occurs, the packet will be bounced
with the corresponding error reason. The default value is `false`.
The option might be useful to protect client software from sofisticated
bugs related to XML validation as well as for client developers
who want to catch validation errors at early stage of development.
Note that the option might have slight performance impact, so use it
with care on loaded machines.
The option controls how many avatars a user can upload per minute.
The option takes positive integer values. The default is 10.
Note that the option only takes effect when an avatar is about
to convert to a different format, i.e. it implies that `convert`
option is configured.
When the option is set to `true`, the module will generate
CAPTCHA challenges for incoming subscription requests. The option
also implies that option `drop` is set to `true`. Note that
the module won't generate CAPTCHA challenges for messages: they
will still be rejected if `drop` is set to `true`.
Fixes#2246
The callback is supposed to provide known options and their default
values, as long as the documentation. Passing default values into
get_mod functions is now deprecated: all defaults should be provided
by the Mod:mod_options/1 callback.
Even if no suitable C graphics libraries are detected
at compile time, the package is still usable because it
provides `eimp:get_type/1` which is used by mod_avatar.
The option allows to set arbitrary text for disco#info identity name.
Previously, option 'name' was supported by mod_proxy65 and mod_http_upload
only. Now, all the following modules support this option as well:
- mod_disco
- mod_irc
- mod_muc
- mod_multicast
- mod_pubsub
- mod_vcard
Example:
```
modules:
...
mod_disco:
name: "Cool XMPP Server"
...
```