0.85 2011-06-13 *CRITICAL SECURITY RELEASE* - Fix an XML entity injection attack allowing the attacker to read random files from the server. Reported by Wouter Coekaerts . (Yann Kerherve ) - Support intermediate SSL certificates. (Rajiv Aaron Manglani ) - SASL support (Previously released, but not advertised here) (Yann Kerherve ) - Implement proper support for XML namespace prefixes (Daniel Ruoso ) - Meta: djabberd is now hosted on http://github.com/djabberd - Meta: The core repository is now separated from plugins. - Treat the node and domain parts of a JID as case-insensitive as per the XMPP spec. This creates a dependency on the CPAN module Unicode::Stringprep. A backward-compatibility setting is provided for servers that have existing non-normalized JIDs stored, since they are likely to be broken by this change until their stored data is normalized. Patch from Alex Vandiver - Some configuration file docs (Alex Vandiver ) - Improve debugging information for S2S connections. (Alex Vandiver ) - Remove the stream:features-in-dialback quirk hack, since it breaks interop with a few different implementations and is incorrect per spec. This may break interop with some other implementation, but we've been unable to determine which one, so I'm assuming that it's no longer an issue. (Alex Vandiver ) - Small tweak to comment and logging in DJabberd::Connection::ServerOut (Alex Vandiver ) - Don't treat hostnames that look like 192.168.0.1.domain.com as IP addresses. (Reported by Domrachev Ivan ). - new hook chain called "SendFeatures" allows plugins to add xml to the stream:features stanza returned by the server - new hook chain called "HandleStanza" allows plugins to register for and then handle what would otherwise be unsupported-stanza-type - SSL memory leak fix (http://codereview.appspot.com/2326) - hook chain callback logging fix merged from 'kane-hacking' branch 0.84_01 (2009-07-31) dev release because it's beeen awhile - SARTAK caught a typo in BotContext.pm where a qr was used in a place that obviously should have been qq. - "use bytes" in Connection.pm, which reportedl fixes UTF-8 corruption in rosters (Aleksey Luzin ) - If an explicit configuration file location is given to djabberd, don't fall back on the built-in default locations. If the user wanted the defaults, he wouldn't have used the --conffile option. - Allow the location of the log4perl configuration file to be set via a command-line argument to djabberd. (Jakob Burkhart ) - Correct support for re-using an S2S connection for multiple source domains. (Adrian Ulrich ) - Jacob Burkhart : Fix memory leak when using SSL - Michael Scherer : more helpful error messages in logs after dialback failure (shows hosts in question) - Piers Harding : Fix bug where server wasn't including a "from" attribute in IQ responses. - Multiple resources of the same local JID are now made aware of one another via presence stanzas as required by the spec. - don't leak UDP sockets on DNS SRV lookup timeouts - handle improper SSL disconnects without spinning CPU - Updated DJabberd::Component::Example which uses the correct API. The previous example didn't actually work anymore. - Add POD for DJabberd::Agent, DJabberd::Component and a bunch of other related modules. - Make bots automatically accept roster subscription requests. 0.83 2007-05-08 - the "yes, this project is still alive" release - packaging fixes, tree clean, dist now managed by ShipIt, for more regular releases - ClientPort, ServerPort, AdminPort can include IPs to bind to, not just port numbers. - better pidfile support - optional expansion of environment in config files, using syntax: ${ENV:KEY}, which expands to environment variable KEY - vhost/server/plugin nesting issues in config files. more tolerant now - DJabberd::Delivery::ComponentConnection - Delivery through a JEP-0114 component connection - DJabberd::Connection::ComponentIn - JEP-0114 Server - DJabberd::Connection::ComponentOut - JEP-0114 Client - when closing an XMLElement, also clone the raw field - don't crash when DNS SRV records have no port defined - Component::External bug fixes, enhancements - warnings about implicit delivery/etc plugins auto-added for you (like Local deliver, S2S deliver, local presence checks, etc...) 0.82 2007-05-08 - accidental release in which I mistakenly claimed nothing was new since 0.81... whoops! 0.81 2006-10-01 - fix the MANIFEST to include the dozen some missing files. 0.80 - first tarball release of core only after svn rearrange to split modules into per-distribution directories.