core.certmanager: Attempt to directly access LuaSec config table Due to a bug this field was not properly exported before See https://github.com/brunoos/luasec/issues/149

util.xmppstream: Allow dynamically configuring the stanza size limit for a stream This may be useful for any plugins that want to experiment with different policies for stanza size limits (e.g. unauthenticated vs authenticated streams).

util.xmppstream: Mark bytes for stream closure as handled

MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#info The de-facto interpretation of this (undocumented) option is to indicate to the client whether it is allowed to invite other users to the MUC. This is differs from the existing option in our config form, which only controls the behaviour of sending of invites in a members-only MUC (we always allow invites in open rooms). Conversations is one client known to use this disco#info item to determine whether it may send invites.

mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets

util.xmppstream: Reduce default xmppstream limit to 1MB

util.set: Add is_set() to test if an object is a set

util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)

mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB. These values are aligned with ejabberd's default settings, which should reduce issues related to inconsistent size limits between servers on the XMPP network. The previous default (10MB) is excessive for any production server, and allows significant memory usage by even unauthenticated sessions.

util.startup: Set more aggressive defaults for GC Testing has demonstrated that the default GC parameters are not sufficient to prevent runaway memory growth when running under Lua 5.2 and Lua 5.3. Setting the GC speed to 500 was tested on Lua versions 5.1->5.4 and did not display unbounded memory growth.