Kim Alvefur <zash@zash.se> [Mon, 26 Apr 2021 15:30:13 +0200] rev 11552
core.certmanager: Attempt to directly access LuaSec config table
Due to a bug this field was not properly exported before
See https://github.com/brunoos/luasec/issues/149
Matthew Wild <mwild1@gmail.com> [Mon, 10 May 2021 17:03:27 +0100] rev 11551
util.xmppstream: Allow dynamically configuring the stanza size limit for a stream
This may be useful for any plugins that want to experiment with different policies
for stanza size limits (e.g. unauthenticated vs authenticated streams).
Matthew Wild <mwild1@gmail.com> [Mon, 10 May 2021 17:02:37 +0100] rev 11550
util.xmppstream: Mark bytes for stream closure as handled
Matthew Wild <mwild1@gmail.com> [Mon, 10 May 2021 17:01:38 +0100] rev 11549
MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#info
The de-facto interpretation of this (undocumented) option is to indicate to
the client whether it is allowed to invite other users to the MUC.
This is differs from the existing option in our config form, which only
controls the behaviour of sending of invites in a members-only MUC (we always
allow invites in open rooms).
Conversations is one client known to use this disco#info item to determine
whether it may send invites.
Matthew Wild <mwild1@gmail.com> [Mon, 10 May 2021 16:50:24 +0100] rev 11548
mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets
Matthew Wild <mwild1@gmail.com> [Mon, 10 May 2021 16:44:55 +0100] rev 11547
util.xmppstream: Reduce default xmppstream limit to 1MB
Matthew Wild <mwild1@gmail.com> [Mon, 10 May 2021 16:41:56 +0100] rev 11546
util.set: Add is_set() to test if an object is a set
Matthew Wild <mwild1@gmail.com> [Mon, 10 May 2021 16:24:54 +0100] rev 11545
util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com> [Fri, 07 May 2021 17:03:49 +0100] rev 11544
mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits
c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB.
These values are aligned with ejabberd's default settings, which should reduce
issues related to inconsistent size limits between servers on the XMPP network.
The previous default (10MB) is excessive for any production server, and allows
significant memory usage by even unauthenticated sessions.
Matthew Wild <mwild1@gmail.com> [Fri, 07 May 2021 16:41:39 +0100] rev 11543
util.startup: Set more aggressive defaults for GC
Testing has demonstrated that the default GC parameters are not
sufficient to prevent runaway memory growth when running under Lua 5.2
and Lua 5.3.
Setting the GC speed to 500 was tested on Lua versions 5.1->5.4 and did
not display unbounded memory growth.