STUN via UDP can easily be abused for reflection/amplification DDoS
attacks. Suggest a non-standard port to make it harder for attackers to
discover the service.
Modern XMPP clients discover the port via XEP-0215, so there's no
advantage in sticking to the standard port.
Some users reported ejabberd being restarted by systemd due to missing
watchdog pings despite the actual service operating just fine. So far,
we weren't able to track down the issue, so we'll no longer enable the
watchdog in our example service unit.
Closes#4054.
New check_register_user hook in ejabberd_auth.erl
to allow blocking account registration when a tombstone exists.
Modified room_destroyed hook in mod_muc_room.erl
Until now the hook passed as arguments: LServer, Room, Host.
Now it passes: LServer, Room, Host, Persistent
That new Persistent argument passes the room persistent option,
required by mod_tombstones because only persistent rooms should generate
a tombstone, temporary ones should not.
And the persistent option should not be completely overwritten, as we must
still known its real value even when room is being destroyed.
mod_tombstones is available in experimental mode in ejabberd-contrib git.
Initial feature request: #2546
These days, TURN authentication is usually performed using ephemeral
credentials handed out by mod_stun_disco. In that case, the TURN realm
is irrelevant. Therefore, omit the misleading log message that warned
about a missing realm configuration.
(Commit 6eb2f07274 reduced the log level
of that message already.)
XEP-0388 says: "SASL2 MUST only be used by Clients or offered by Servers
after TLS negotiation". Therefore, we reject SASL2 negotiations over
unencrypted transports by default. However, TLS might be terminated
outside of ejabberd. Add the 'allow_unencrypted_sasl2' option to
support this use case.
Ignore node plugin defaults if the plugin handling the request isn't
enabled, rather than ignoring 'default_node_config' options and
applying plugin defaults in that case.