ejabberd 17.12

To celebrate a culmination of many efforts in 2017 to make ejabberd the best XMPP server ever, we are happy to announce 17.12 which comes with many improvements and bugfixes.

2017 has been the biggest year ever for ejabberd. Please, send us feedback to help us build an even stronger community and do even better in 2018 !

Happy New Year !

What’s new

SNI for inbound connections

Server Name Indication (SNI for short) is a way for clients to provide a server name for the certificate intended to use for TLS connection. There is a trend to replace STARTTLS (defined in RFC6120) with the new approach defined in XEP-0368 (also known as “Direct-TLS”).
This is where SNI becomes useful: there is no need now to do STARTTLS, instead, a client may directly open a TLS connection to a server and request the server’s certificate via SNI extension.
Such approach makes it possible to multiplex several services on a single port (e.g. having both XMPP and HTTP on port 443) and, for huge deployments, to offload SSL to frontends, such as nginx or haproxy.

Rewrite ejabberd system monitor

Previous version was inefficient making its usage almost pointless, but with a lot of potential. The new verion is based on memsup(3erl) application: the OOM watchdog is only started when total OS memory consumption is more than 80%. A watchdog periodically inspects all running processes and collects statistics about overloaded ones.
If the OOM killer is enabled (with ejabberd option oom_killer: true), all overloaded processes would be killed. By default, OOM killer is enabled. When memory consumption is back to normal, the OOM watchdog is stopped.

Support PubSub v1.14 and OMEMO

Missing features and behaviour has been discussed with users of the Conversations client, to improve support of OMEMO and fix the blocking items.

Improvements

A race in join_cluster has been fixed, inotifywait.exe on Windows has been fixed, ODBC configuration on Windows has been fixed, logger is killed and restarted when it’s overloaded, certificate creation and validation chain has been optimised for faster operation.
Certificates management has been improved and binary installer now provides “ready to use” and pre-configured ones.

Changes

Core

  • Rewrite ejabberd system monitor for efficiency
  • Fix incoming XMPP processing order
  • Use xmpp:try_subtag/2 wherever possible
  • Better process subtag decoding errors
  • Only allow compression after SASL as per XEP-0170
  • Don’t crash on unexpected XML events
  • Fix session mnesia table cleanup
  • Don’t let privacy list prevent local roster update

Encryption

  • Rely on Server Name Indication for incoming Direct-TLS connections
  • Speedup certificate chains creation and validation
  • Log warning on empty wildcard paths
  • Don’t call pkix_is_self_signed/1 too frequently
  • Eat less memory during building certificates graph
  • Avoid infinite loop between self-signed certs
  • Fix function clause on filelib:wildcard/1
  • Use ejabberd_pkix API in mod_sip
  • Move ‘certfile’ based options in a single place

Groupchat

  • Don’t crash on malformed IQ
  • Include x tag in presence errors related to nick change
  • Include 110 status on shutdown
  • Improve muc#roominfo and muc#roomconfig forms
  • mod_mam: Never store MUC messages in user archives

PubSub

  • Fix num_subscribers on node metadata
  • Fix send last items on initial presence
  • Send last PEP items to owner on initial presence
  • Support pubsub#publish-options PRECONDITIONs
  • Add pubsub#multi-items to features list (Support XEP-0060 v1.14)
  • Add missing Nidx building records from sql result
  • Don’t force RSM in get_items when max_items is not provided

Admin

  • Introduce option ‘ca_file’
  • Set executable permission on mac_listener when installing
  • Use /bin/sh as the explicit shell when using su in ejabberdctl.
  • Windows does not have /tmp, fallback to $HOME/conf for ODBC configuration files

Logging

  • Change loglevel of TLS failures
  • Log a warning when a disk is almost full
  • Disable default alarm handler
  • Handle also process_memory_high_watermark alarm
  • Kill and restart lager when it’s overloaded
  • Avoid excessive logging of SQL failures

Commands

  • New muc_online_room_by_regex command
  • Fix race between join_cluster and ejabberd_mnesia
  • Fix commands rooms_unused_list and _destroy
  • send_direct_invitations accepts only user jids
  • ejabberd_sm: Fix get_session_sid/3

SQL

  • Add missing server_host column in pg.new.sql
  • Add new schema for MySQL and Sqlite
  • Fix SQL serialization

Installer

  • MacOS installer is signed. You can now easily install ejabberd on your Mac.

Build

  • Compile sql_pt early
  • Binary installer uses OTP 20.2

Feedback

As usual, the release is tagged in the Git source code repository on Github.

The source package and binary installers are available at ejabberd XMPP & MQTT server download page.

If you suspect that you’ve found a bug, please search or fill a bug report on Github.


Let us know what you think 💬


Leave a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.