3.11

Changelog for the 3.11.x release builds.
This version mainly focuses on improving memory usage, code, security and introduces a fair set of new features like: customization of CSI filtering options via Adhoc commands add queuing of message payloads, loading of MAM caches on demand to greatly reduce memory usage, refactoring of the SASL API (some changes are not backward compatible) and authentication backends, implementation of SCRAM with channel binding and SHA-256/384/512 digesting algorithms variants. Seemless automatic Bookmarks (XEP-0048) conversion between Private Storage and PEP. Implement “Security Labels in XMPP” (XEP-0258) and related customizable Access Control Decision Function policies. Introduce new session / host handling Module API functions.

Other notable changes or fixes:

  • Add in house keeping for overly inactive persistent rooms
  • Add redirection tombstoning for destroyed room with an alternative room provided
  • Allow MUC superusers to list hidden rooms via Service Discovery
  • Fix data disclosure security related bugs in mod_privacy and mod_pep whitelist access model
  • Attempt preventing all possible out-of-order processing cases in CSI
  • Add smarter logics to prevent routing of unwanted messages in SM/Carbons etc to CSI inactive resources
  • Add administration adhoc command to change the mail address associated to an account by the Registration API
  • Implement affiliation retrieval and management in mod_pep
  • Implement #publish-options in mod_pubsub also make node auto-creation on publish the default


Changes, improvements
:

  1. Update modules to new API and also remove datamanger calls where applicable.
  2. Completely refactor mod_sec_labels and ACDF library.
  3. Add support to add ESS Mime Labels.
  4. Fix mail address sanity check pattern.
  5. Partially pair featureset between PubSub and PEP and also rework some defaults.
  6. Fix long time completely broken XMPP Websocket support.
  7. Fix handling of Offline stores in MAM.
  8. Add placemarker when popping entries in the middle of the archive.
  9. Backport mod_http_upload_external from Prosody Modules.
  10. Clean WebSocket sessions properly from net.http.server.
  11. Add hits threshold callback override in mod_gate_guard.
  12. Fix S2S exception when network is unreacheable.
  13. Add conn level filter logic to gate guard’s black list/protect list.
  14. Improve mod_gate_guard host’s reloadability.
  15. Finish implementing XEP-307.
  16. Simplify tokens used in Metronome (Register API, SPIM Block).
  17. Stop sending PEP notifications on every presence change.
  18. Uniform and shorten generated UIDs in Metronome.
  19. Rework GDPR compliance module inner workings.
  20. Add missing SCRAM backends exports in SASL auxiliary library.
  21. Fix timers not being properly cleared in mod_muc on unload.
  22. Add persistence of MUC occupants list across restarts.
  23. Prevent SPIM challenge enumeration by forcing form retrieval.
  24. Fix timers not being properly cleared in mod_muc on unload.
  25. Add persistence of MUC occupants list across restarts.
  26. Prevent SPIM challenge enumeration by forcing form retrieval.
  27. Protect SPIM Blocking form with reCAPTCHA.
  28. Correct PEP notifications leak during service bootstrap.
  29. Correct possible ID spoofing in some modules IQ result processing.
  30. Have mod_iq fire “iq-result/to_type” as two argument events (event, id).