When building the certificates chains, if several certificates
are found matching the same domain their validity is checked:
* the invalid one is ignored and the valid one is picked
* if both are valid or both are invalid, then the one with
sooner expiration is ignored.
Fixes#2454
Also, SASL mechanisms chaining is now supported:
if several mechanisms are supported and authentication
fails, next mechanism in the list is picked, until the
list is exhausted. In the case of a failure, the latest
SASL failure reason is returned within handle_auth_failure/3
callback.
This error condition is defined within stream errors, however,
XEP-0198 says:
> This element SHOULD contain an error condition, which MUST
> be one of the **stanza** error conditions defined in RFC 6120.
* oom_watermark: 1..100
Start OOM watchdog only when system memory usage exceeds
this value in percents. When the usage drops below the value,
OOM watchdog is stopped. The default is 80 (percents).
Note that once OOM watchdog is started, it performs full garbage
collection periodically: this can be seen as spikes in CPU
utilization and drops in RAM usage. If your system is permanently
above the watermark, it may cause significant CPU overhead.
* oom_queue: positive integer
Only trigger OOM killer when total amount of messages in all queues
of all Erlang processes is above this value. The default is 10000.
Note that this value only takes effect when `oom_killer` is set
to `true` (this is the default). Otherwise, only a warning will
be logged.
Set the 'include_body' option to a static text by default. Some app
servers check for the presence of a 'last-message-body' field to
distinguish between notifications generated for actual chat messages and
notifications triggered by other types of traffic.
The result returned by connected_users_info command has changed,
and is now similar to the result of user_sessions_info.
Notice that num_active_users and process_rosteritems still require Mnesia.
The header consisted of too many unrelated stuff and macros misuse.
Some stuff is moved into scram.hrl and type_compat.hrl.
All macros have been replaced with the corresponding function calls.
TODO: probably type_compat.hrl is not even needed anymore since
we support only Erlang >= OTP 17.5
Don't include a urn:xmpp:push:summary form in push notifications that
are triggered by outgoing messages. App servers might use the form
fields to generate user-visible notifications directly (as opposed to
just waking the client app). This is usually not desired for outgoing
messages.
If the 'include_sender' and/or 'include_body' options are specified,
also include a urn:xmpp:push:summary form in push notifications that are
generated for carbon-copied messages (with a body).
Now room owners are able to set a preferred language
for the discussions in the room, so other users can
discover rooms based on the language they wish to talk.
TODO: the language format should conform to RFC 5646.
This check should be implemented in 'xmpp' library.
Fixes#2436
If a callback function is not defined by the `Mod` then
a call to code_server process is performed. Under heavy load
this may cause code_server to get overloaded. We now avoid this.
ext_api_headers can be defined as a single string. Headers are separated
by comma. Definition MUST NOT contain spaces. Example
"X-MyHead:test,X-Token:082748"
Due to historical reasons, ejabberd loads the whole file/data
into the memory when serving an HTTP request. This is now improved:
1) For GET requests ejabberd uses sendfile(2) if the underlying
connection is HTTP and falls back to read/write loop with 64kb
buffer for HTTPS connections. This type of requests are handled
by mod_http_fileserver, mod_http_upload, ejabberd_captcha, etc
2) POST requests are now limited to 20Mb and are fully downloaded
into the memory for further processing (by ejabberd_web_admin,
mod_bosh, etc)
3) PUT requests (e.g. for mod_http_upload) are handled by read/write
loop with 64kb buffer
Since now, ejabberd doesn't ignore unknown options and doesn't
allow to have options with malformed values. The rationale for
this is to avoid unexpected behaviour during runtime, i.e. to
conform to "fail early" approach. Note that it's safe to reload
a configuration with potentialy invalid and/or unknown options:
this will not halt ejabberd, but will only prevent the configuration
from loading.
***NOTE FOR PACKAGE BUILDERS***
This new behaviour should be documented in the upgrade notes.
Now all external ports are attached to supervising processes
and requests are balanced in round-robin manner until the pool
is exhausted.
The commit also deprecates `extauth_instances` option and introduces
`extauth_pool_size` option instead, with the default value of a number
of logical processors (i.e. CPU cores).
Fixes#2403
Some mobile apps might only be notified on actual chat messages with
a body, so don't let mod_push_keepalive reset the stream management
timeout on other types of traffic.
Add 'include_sender' and 'include_body' options. If one or both of them
are set to 'true', a urn:xmpp:push:summary form with the enabled
field(s) is included in push notifications that are generated for
messages with a body.
The 'include_body' option can instead be set to a static text. In this
case, the specified text will be included in place of the actual message
body. This can be useful to signal the push service whether the
notification was triggered by a message with body (as opposed to other
types of traffic) without leaking actual message contents.
If a pending stream management session is closed with a stream error,
this is usually due to the client opening a new stream that conflicts
with the old one. Don't generate a push notification in this situation.
Accept all alphanumeric characters of any script in user and file names
rather than replacing non-ASCII characters with underscores. However,
non-alphanumeric characters are still replaced, except for "." and "-".
Closes#2346.
New hook 'component_send_packet' added.
Callback function must accept one argument {Pkt, ComponentState} and should yield 'drop' or {NewPkt, NewComponentState}.
When modules for some virtual host are about to be started,
they are topologically sorted to preserve dependencies order.
We now keep this order for stop/reload functions to work properly.
The option can be used to override configuration options of a
particular PubSub node. Example:
mod_pubsub:
...
force_node_config:
"eu.siacs.conversations.axolotl.*":
access_model: whitelist
"*":
persist_items: true
Fixes#2276
During resumption, make sure the old process and the corresponding
session entry are disposed also in the case where the call that queries
the old process times out.
The options "inet", "inet6" and "backlog" are valid listen options, but are
currently logged as errors (even though they do work):
2018-02-28 16:08:44.141 [error] <0.338.0>@ejabberd_listener:validate_module_option:630 unknown listen option 'backlog' for 'ejabberd_c2s' will be likely ignored, available options are: access, shaper, certfile, ciphers, dhfile, cafile, client_cafile, protocol_options, tls, tls_compression, starttls, starttls_required, tls_verify, zlib, max_fsm_queue
This adds the necessary validators so they are correctly recognized.
Call Mod:handle_auth_success/4 and Mod:handle_auth_failure/4 before
sending the SASL response rather than afterwards. This way, callbacks
can send a custom response and disconnect.
Incoming MUC PMs aren't carbon-copied, as the MUC service usually forks
them. However, don't suppress copying of outgoing PMs, where no such
forking takes place.
The option can be used to specify a period (in seconds) for a stream
negotiation to complete. If the timer fires, the stream is considered
as failed and the underlying connection gets closed. This is a global
option (you cannot set it per domain) and the default is 30 seconds.
The option is supposed to be used when `allow_local_users`
and `allow_transports` are not enough. It's an ACL where `deny`
means the message will be rejected (or a CAPTCHA would be
generated for a presence), and `allow` means the sender is
whitelisted and the stanza will pass through.
The default value is `none`, which means nothing is whitelisted.
The option emulates legacy behaviour which registers all routes
defined in `hosts` on a component connected. This behaviour
is considered harmful in the case when it's desired to multiplex
different components on the same port, so, to disable it,
set `global_routes` to `false`. The default value is `true`,
e.g. legacy behaviour is emulated: the only reason for this is
to maintain backward compatibility with existing deployments.
