-
chevron_right
ProcessOne: ejabberd 25.04
news.movim.eu / PlanetJabber • 16 April • 2 minutes
Just a few weeks after previous release, ejabberd 25.04 is published with an important security fix, several bug fixes and a new API command.
Release Highlights:
If you are upgrading from a previous version, there are no changes in SQL schemas, configuration, API commands or hooks.
Other contents:
- Acknowledgments
- Improvements in ejabberd Business Edition
- ChangeLog
- ejabberd 25.04 download & feedback
Below is a detailed breakdown of the improvements and enhancements:
mod_muc_occupantid: Fix handling multiple occupant-id
Fixed issue with handling of user provided occupant-id in messages and presences sent to muc room. Server was replacing just first instance of occupant-id with its own version, leaving other ones untouched. That would mean that depending on order in which clients send occupant-id, they could see value provided by sender, and that could be used to spoof as different sender.
New kick_users API command
There is a new API command
kick_users
that disconnects all the client sessions in a given virtual host.
Acknowledgments
We would like to thank the contributions to the source code, documentation, and translation provided for this release by:
- Travis Burtrum for reporting problem in occupant-id
-
Marcos de Vera Piquero
for the new
kick_usersAPI command - Besnik Bleta , updated the Albanian translation
- Sketch6580 , updated the Chinese translation
- Nautilusx , updated the German translation
- Silvério Santos , updated the Portuguese translation
- Wellington Uemura , updated the Portuguese (Brazil) translation
- Максим Горпиніч , updated the Ukrainian translation
And also to all the people contributing in the ejabberd chatroom, issue tracker...
Improvements in ejabberd Business Edition
For customers of the ejabberd Business Edition , in addition to all those improvements and bugfixes:
-
Bugfix on
max_concurrent_connectionsformod_gcm,mod_webhookandmod_webpush
ChangeLog
This is a more complete list of changes in this ejabberd release:
Security fixes
-
mod_muc_occupantid: Fix handling multiple occupant-id
Commands API
-
kick_users: New command to kick all logged users for a given host
Bugfixes
-
Fix issue with sql schema auto upgrade when using
sqlitedatabase -
Fix problem with container update, that could ignore previous data stored in
mnesiadatabase -
Revert limit of allowed characters in shared roster group names, that will again allow using symbols like
: -
Binary installers and
ejabberdcontainer image: Updated to Erlang/OTP 27.3.2
Full Changelog
https://github.com/processone/ejabberd/compare/25.03...25.04
ejabberd 25.04 download & feedback
As usual, the release is tagged in the Git source code repository on GitHub .
The source package and installers are available in
ejabberd Downloads
page. To check the
*.asc
signature files, see
How to verify ProcessOne downloads integrity
.
For convenience, there are alternative download locations like the ejabberd DEB/RPM Packages Repository and the GitHub Release / Tags .
The
ecs
container image is available in
docker.io/ejabberd/ecs
and
ghcr.io/processone/ecs
. The alternative
ejabberd
container image is available in
ghcr.io/processone/ejabberd
.
If you consider that you&aposve found a bug, please search or fill a bug report on GitHub Issues .