++ed by:

3 PAUSE users
1 non-PAUSE user.

Martin Atkins
and 1 contributors

Changes for version 0.85

  • Fix an XML entity injection attack allowing the attacker to read random files from the server. Reported by Wouter Coekaerts <wouter@coekaerts.be>. (Yann Kerherve <yann@cyberion.net>)
  • Support intermediate SSL certificates. (Rajiv Aaron Manglani <rajiv@brontes3d.com>)
  • SASL support (Previously released, but not advertised here) (Yann Kerherve <yann@cyberion.net>)
  • Implement proper support for XML namespace prefixes (Daniel Ruoso <daniel@ruoso.com>)
  • Meta: djabberd is now hosted on http://github.com/djabberd
  • Meta: The core repository is now separated from plugins.
  • Treat the node and domain parts of a JID as case-insensitive as per the XMPP spec. This creates a dependency on the CPAN module Unicode::Stringprep. A backward-compatibility setting is provided for servers that have existing non-normalized JIDs stored, since they are likely to be broken by this change until their stored data is normalized. Patch from Alex Vandiver <alexmv@bestpractical.com>
  • Some configuration file docs (Alex Vandiver <alexmv@bestpractical.com>)
  • Improve debugging information for S2S connections. (Alex Vandiver <alexmv@bestpractical.com>)
  • Remove the stream:features-in-dialback quirk hack, since it breaks interop with a few different implementations and is incorrect per spec. This may break interop with some other implementation, but we've been unable to determine which one, so I'm assuming that it's no longer an issue. (Alex Vandiver <alexmv@bestpractical.com>)
  • Small tweak to comment and logging in DJabberd::Connection::ServerOut (Alex Vandiver <alexmv@bestpractical.com>)
  • Don't treat hostnames that look like as IP addresses. (Reported by Domrachev Ivan <domrachev.ivan@gmail.com>).
  • new hook chain called "SendFeatures" allows plugins to add xml to the stream:features stanza returned by the server
  • new hook chain called "HandleStanza" allows plugins to register for and then handle what would otherwise be unsupported-stanza-type
  • SSL memory leak fix (http://codereview.appspot.com/2326)
  • hook chain callback logging fix merged from 'kane-hacking' branch
Show More