ejabberd (14.07-1) unstable; urgency=low This is the first release after a rather long time. A lot has changed, many patches were dropped and there's a bunch of new features. Most important: the configuration file format was changed to YAML. In previous ejabberd versions the configuration file should be written in Erlang terms. The format is still supported, but it is highly recommended to convert it to the new YAML format using the convert_to_yaml command from ejabberdctl. Also, the epam binary has a new location, so if you use PAM with ejabberd make sure to look into README.Debian again. Last but not least, mod_admin_extra was packaged separately. It might be a good idea to install ejabberd-contrib if you have enabled that module. -- Philipp Huebner Wed, 01 Oct 2014 14:59:39 +0200 ejabberd (2.1.11-1) unstable; urgency=low This release adds support for the SCRAM-SHA-1 authentication mecnahism. If the fully-qualified hostname of the server differs from the name of the XMPP domain it serves, in order for this mechanism to work with compliant clients, a modification should be made to the ejabberd's configuration file. Please consult the section "Using SCRAM-SHA-1 authentication mechanism" in the README.Debian file for detailed information. -- Konstantin Khomoutov Thu, 16 May 2013 13:27:56 +0000 ejabberd (2.1.8-1) unstable; urgency=low This release drops support for the @recent@ shared roster group (implemented as part of the OLPC project), and now only the @online@ shared roster group is supported. -- Konstantin Khomoutov Sun, 07 Aug 2011 20:40:02 +0400 ejabberd (2.1.4-1) unstable; urgency=low umask is now forcibly set to 027 before ejabberd's main process is started. This means all the files created by ejabberd now have permissions set to 0640 (0750 for directories). This does not have any impact on the routine operation of ejabberd but this affects all the commands which export data, such as `ejabberdctl export2odbc` -- the files they generate now cannot be read by users other than root, ejabberd and those included in the "ejabberd" group. The directory containing ejabberd logs (/var/log/ejabberd) is now owned by the "adm" group and have the group sticky bit set on it so that the log files are also owned by this group. In addition, due to the change described above they are now not world-readable. This is a change in behaviour; if you don't like it, use dpkg-statoverride on the /var/log/ejabberd directory to force other owner/permissions. -- Konstantin Khomoutov Mon, 12 Jul 2010 03:28:32 +0400 ejabberd (2.1.2-2) unstable; urgency=high This release fixes CVE-2010-0305 by allowing a server administrator to limit the lengths of "message queues" for outgoing connections. Roughly speaking, each message in such queues represents one XML stanza queued to be sent into its relevant outgoing stream. Note that the limiting is *NOT* enabled by default; if you want to enable it, use the {max_fsm_queue, Size} option which can either be specified globally (at the top level of the configuration file) and/or specifically for ejabberd_service and ejabberd_c2s_in listeners. Local options specified for the said listeners override the global one. The global option, if present, also affects outgoing server-to-server connections. The argument to this option can be either an atom 'undefined' -- the default value -- or an integer number, specifying the maximum number of queued messages. Refer to /usr/share/doc/ejabberd/guide.html for more details. -- Konstantin Khomoutov Tue, 09 Feb 2010 01:46:55 +0300 ejabberd (2.1.0-1) unstable; urgency=low Calling convention of the ejabberdctl program was changed. Also some of its commands were renamed or removed, or their calling convention was changed due to switching to another ejabberd module providing a set of additional commands. "sasl.log" was renamed to "erlang.log", and ejabberd command-line option to change its location was renamed accordingly as well. ejabberdctl no more generates unique node names for the erl process it spawns by default, it only does so if the "--concurrent" option is specified. The method used to generate unique node names was also changed. See the "Upgrading from 2.0.x series" section in README.Debian for details. -- Konstantin Khomoutov Tue, 17 Nov 2009 16:56:08 +0300