mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB. These values are aligned with ejabberd's default settings, which should reduce issues related to inconsistent size limits between servers on the XMPP network. The previous default (10MB) is excessive for any production server, and allows significant memory usage by even unauthenticated sessions.

util.startup: Set more aggressive defaults for GC Testing has demonstrated that the default GC parameters are not sufficient to prevent runaway memory growth when running under Lua 5.2 and Lua 5.3. Setting the GC speed to 500 was tested on Lua versions 5.1->5.4 and did not display unbounded memory growth.

core.certmanager: Catch error from lfs lfs.dir() throws a hard error if there's a problem, e.g. no such directory or permission issues. This also gets called early enough that the main loop error protection hasn't been brought up yet, causing a proper crash.

core.certmanager: Resolve certs path relative to config dir Otherwise the default "certs" would be relative to $PWD, which works when testing from a source checkout, but not on installed systems where it usually points to the data directory. Also, the LuaFileSystem dir() iterator throws a hard error, which may cause a crash or other problems.

core.portmanager: Use existing http_host for https SNI mapping

core.portmanager: Allow overriding expected SNI name per service E.g. VirtualHost"example.com" https_name = "xmpp.example.com"

core.certmanager: Skip directly to guessing of key from cert filename Cuts down on a ton of debug logs

core.certmanager: Join paths with OS-aware util.paths function Right thing to do, rather than hardcoding '/'

core.certmanager: Build an index over certificates

core.certmanager: Check for complete filename Prevents a false positive match on files with fullchain.pem as suffix