MongooseIM 6.5.0

Highlights

• Enhanced and enriched implementation of mod_event_pusher_rabbit
• Enabled TLS support for Redis and RabbitMQ connections
• Support for XEP-0402 PEP Native Bookmarks
• Support for Erlang 28 and dropped support for Erlang 26
• Various enhancements and bug fixes
• Refactoring and improvements of tests

Added

• XEP-0402 PEP Native Bookmarks (#4545)
• Implement support for blocking a user for any groupchat (#4548)
• Support Erlang 28 (#4549)
• Enable selected rabbit exchanges (#4576)
• Enable TLS connections to Redis (#4579)
• Support common name prefix/suffix for SASL External (#4580)
• Support durable exchanges in mod_event_pusher_rabbit (#4582)
• Support TLS in RabbitMQ connection pools (#4583)
• Support RabbitMQ virtual hosts (#4585)

Changed

• Use cached affiliations in MUC Light API (#4552)
• Refactor logging to use c2s_data consistently in log messages (#4561)
• Separate certfile and keyfile (#4566)
• Deprecate MSSQL backend (#4574)
• Skip all messages without body in mod_event_pusher_rabbit (#4577)
• Use a hook with handlers in mod_event_pusher (#4578)

Fixed

• Fix and update GraphiQL (#4543)
• Strip Acc when it is buffered to save memory (#4544)
• Fix missing presence unavailable notifications in Stream Management (#4557)
• Fix missing stream tag for connection-timeout errors (#4559)
• Fix TLS error logs (#4565)
• Fix component IsValidFromJid returning non boolean (#4572)
• Fix colon escaping in Redis session backend (#4584)
• Fix race condition in mod_mam create_user_archive (#4592)

Removed

• Drop support for Erlang 26 (#4549)

Other

• Update Debian release and minor OTP versions (#4555)
• Rework tests for invalid stream opening tag/element (#4556)
• Fix documentation of mod_blocking (#4560)
• Use the PGDATA directory in docker-setup-postgres (#4563)
• Fix heading levels in mod_inbox doc (#4570)
• Fix the test runner script (#4573)
• Refactor mod_muc_api:create_instant_room/3 (#4575)
• Refactor sasl_external_SUITE (#4581)
• Enable "Rerun Failed Tests" for Small Tests (#4586)

Commits, merged PRs and closed issues

• List of merged PRs

• List of closed issues

• Repository history for this release

• List of merged PRs based on merge date

MongooseIM 6.4.0

Highlights

• Reworked S2S and component listeners
• Added TLS 1.3 tls-exporter channel binding
• Added 0-RTT, and channel binding in FAST authentication
• Unified connection and TLS handling
• Improved XMPP traffic shaper configuration with validation and clearer defaults
• Cleanup of legacy modules and updated dependencies
• Reworked application startup order (start applications only when needed)
• Use system CA certificates if not provided in a file
• Various enhancements and bug fixes

Added

• Support dynamic domains for components (#4450)
• TLS listeners for components (#4453)
• TLS 0-RTT to mod_fast_auth_token (#4478)
• Channel binding in FAST authentication (#4494)
• Option to clear inbox after destroying MUC Light room (#4522)

Changed

• Reworked listeners and TLS (#4452, #4509)
  • Reworked component connection handling (#4442)
  • Changed component listener naming scheme to match XMPP specification (#4451)
  • Reworked S2S listeners (#4455)
  • Unified listener TLS configuration via fast_tls removal and channel binding (#4458)
  • Unified listener handling (#4460)
  • Reworked adding dynamic domains to components (#4461)
  • Improved consistency of just_tls filters (#4467)
  • Reworked S2S incoming connections (#4470, #4513)
  • Reworked S2S outgoing connections (#4479)
  • System certificates are used if CA certs are not provided in a file (#4493)
  • Reorganized S2S configuration options (#4515)
  • Improved instrumentation consistency (#4517)
  • Simplified and unified XMPP metrics (#4520)
  • Minor optimizations and cleanups (#4480, #4512, #4514, #4516)
• Increased rate for the default normal shaper (#4540)
• Reworked application startup order and FIPS config (#4524, #4528, #4542)

Fixed

• XMPP traffic shapers configuration and validation (#4527)
• max_file_size option in mod_http_upload (#4531)
• Fixed incorrect xmlns in presences sent by mod_muc (#4539)

Removed

• Dead max_fsm_queue option (#4521)
• Last mention of unused EJABBERD_DIR variable (#4533)

Other

• Upgraded dependencies (#4500, #4519)
• Updated exometer_labels converter function (#4507)
• Changed base docker image to ubuntu-noble (#4537)
• Documentation improvements (#4504, #4506, #4525)
• Testing and CI improvements/fixes (#4523, #4529, #4532, #4534)
• Replaced the ubuntu-oracular package with ubuntu-plucky (#4536)

Commits, merged PRs and closed issues

• List of merged PRs

• List of closed issues

• Repository history for this release

• List of merged PRs based on merge date

MongooseIM 6.3.3

Highlights

• Fixed buffer duplication issue in stream management
• Improved IQ handling for unknown ID formats
• Restored package support for older systems
• Various enhancements and bug fixes

Fixed

• Duplication issue in stream management buffer (#4496, #4498)
• Stream management stanza counting (#4501)
• Improper response when receiving IQ with unknown ID format (#4503)
• Bundled OpenSSL 3.x to restore package support on older systems (#4511)

Removed

• Call to an unsupported MySQL option (#4508)

Other

• Minor refactor of mod_stream_management (#4497)
• Improved type specs for Sid (#4502)
• Documentation improvements (#4495)
• Testing improvements (#4505)

Commits, merged PRs and closed issues

• List of merged PRs

• List of closed issues

• Repository history for this release

• List of merged PRs based on merge date

MongooseIM 6.3.2

Highlights

• Added support for XEP-0484: Fast Authentication Streamlining Tokens
• Upgraded to exml 4.1.1
• Deprecated fast_tls
• Improved just_tls with distinct client and server options
• Various enhancements and bug fixes

Added

• Distinction between client and server options for just_tls (#4456)
• XEP-0484: "Fast Authentication Streamlining Tokens" implementation (#4379)

Changed

• Updated exml to 4.1.1 (#4465, #4471, #4473)
• Update dependencies: erl_cloud and base16 (#4469)
• Deprecated fast_tls for C2S (#4468)
• Behavior of PEP discovery to closely match the XEP specification (#4475)
• Migrated GraphiQL to V3 (#4474)
• Translations are now a service (#4481)
• Cleaned up empty GraphQL queries (#4482)
• Updated elvis.config to exclude modules that do not match linter standards (#4483)

Fixed

• Description of log handler migration (#4454)
• Compilation warnings (#4462)
• Certificates generations for CockroarchDB (#4466)
• probe_failed error (#4440)
• Wrong namespace when removing IQ handlers in mod_sic (#4484)
• SCRAM hashing issue by upgrading fast_scram library (#4491)

Other

• Documentation improvements (#4476, #4487, #4488)
• CI improvements (#4459)

Known issues and upgrade recommendations

• If you are using MongooseIM 4.1.0 to 6.3.1 with SCRAM authentication and OpenSSL >=3.4.1, hashes for algorithms stronger than SHA-1 are calculated incorrectly. This issue is fixed in this release. See SCRAM hashing issue for details and required actions.
• OpenSSL versions below 3.0 are no longer supported. If you are using OpenSSL 1.x or older, you must upgrade to OpenSSL 3.x before updating MongooseIM, as older versions will not work.

Commits, merged PRs and closed issues

• List of merged PRs

• List of closed issues

• Repository history for this release

• List of merged PRs based on merge date

Special thanks to our contributors

• @xvnds Migrated graphiql to v3 (#4474)

MongooseIM 6.3.1

Highlights

• Better certificate validation
• Improved CockroachDB support
• Removed unnecessary components
• Multiple owner support in MUC Light
• Packages are now published on GitHub
• Various improvements and fixes

Added

• Checking of probe metrics types (#4390)
• Multiple owner support in MUC Light (#4392)
• Delays to SM buffer (#4407)
• Better logging when something takes longer than expected (#4427, #4430)
• Support open_test_database_shell for CockroachDB (#4438)

Changed

• Enforced fail_if_no_peer_cert in just_tls for stricter client certificate validation (#4386)
• Allowed config processor to be a list of functions (#4396)
• fast_tls to validate CA certificate when verify_mode is set to verify_peer or selfsigned_peer (#4391)
• Supervisor, listeners, components and types cleanup (#4441)
• Optimized memory usage in just_tls (#4447)

Fixed

• MUC room crash when handling old protocol stanza (#4387)
• CockroachDB consistency (#4402)
• Shutdown logic to prevent event_not_registered errors by stopping c2s processes before listeners (#4400)
• Definition of the "protected" GraphQL directive (#4409)
• GraphQL library is now used as a package (#4405)
• Package related warning (#4410)
• IO list handling in jiffy:encode (#4420)
• Error on startup: "No such file or directory" (#4436)
• MongooseIM is restarted as a permanent application rather than a temporary one (#4443)

Removed

• Lager as a dependency (#4393)
• Goldrush from rebar.lock (#4397)
• Dead tools and code (#4411)
• Native code from mam_id (#4412)
• More complicated dead code (#4422)
• Base16 library (#4415)

Other

• Updated dependencies (#4428)
• Documentation improvements (#4388)
• CI improvements/fixes (#4403, #4416, #4417, #4435)
• Streamlined package workflow (#4385, #4399, #4414, #4406, #4425, #4432, #4449)
• Testing improvements/fixes (#4394, #4398, #4418, #4419, #4401, #4426, #4431, #4423, #4424, #4433, #4437, #4434, #4444, #4445)

Commits, merged PRs and closed issues

• List of merged PRs

• List of closed issues

• Repository history for this release

• List of merged PRs based on merge date

MongooseIM 6.3.0

Highlights

• Improved instrumentation with better configurability, Prometheus support and user-friendly features
• Docker images are smaller and free of reported vulnerabilities
• Improved WebSocket's stream management support
• Erlang 27 compatibility
• Added support for CockroachDB as a new RDBMS
• Various improvements and fixes

Added

• Instrumentation (#4223, #4226)
  • Modules:
    • mod_mam (#4224, #4253, #4265, #4352)
    • mod_muc (#4268)
    • mod_bosh (#4281)
    • mod_csi (#4284)
    • mod_event_pusher (#4285)
    • mod_ping (#4288)
    • mod_global_distrib (#4292)
    • mod_pubsub (#4297)
    • mod_websoctkets (#4299)
  • Hooks (#4289):
    • Privacy (#4298)
    • Authentication (#4301)
    • Session (#4305)
    • C2S (#4310)
    • Roster (#4295)
    • Unified names (#4287)
  • Tests:
    • Unit (#4227)
    • CETS (#4296)
    • Prometheus endpoint (#4335)
    • More specific assertions for events (#4312)
  • async_pools (#4337)
  • mongoose_wpool (#4306)
  • mongoose_backend (#4282)
  • mongoose_user_cache (#4323)
  • Router, S2S and component (#4319)
  • Probes (#4272)
  • Logging support (#4238)
  • Dynamic handlers (#4247)
  • C2S TCP/TLS listener (#4304)
  • Authentication events (#4311)
  • Session management (#4313)
  • Global probes and counters (#4317)
  • Documentation (#4355, #4358, #4360, #4382)
  • Misc (#4228, #4249, #4324, #4368)
• Erlang doctor utilities (#4264)
• Error text when message with given ID is not found (#4302)
• Error IQ when SQL query fails in MAM (#4308)
• Erlang 27 support (#4334, #4331, #4338, #4348, #4345)
• CockroachDB support (#4378)

Changed

• Upgraded CETS to the latest version (#4271)
• Optimized node cleanup for mod_last (#4274)
• Upgraded test dependencies (#4275)
• Moved Exometer reporters config to mongooseim.toml (#4326)
• Upgraded fast_tls (#4330)
• Privacy IQs sent to users are treated as regular stanzas (#4361)
• Renaming c2s_state_timeout option (#4363)
• Moved docker repository to 'erlangsolutions' organization (#4372)
• Docker image to the one based on Ubuntu 24.10 (#4375)

Fixed

• Starting CETS for persistent_cluster_id (#4245)
• Package building scripts (#4273)
• S2S DNS discovery (#4278)
• Timestamps for MUC legacy messages (#4294)
• Improved stream management support for WebSockets (#4303)
• GraphQL SSE crash with large stanza payloads (#4364)
• Double message in MAM bug (#4374)
• Building docker image locally (#4377)

Removed

• CentOS support (#4314)
• geas dependency of GraphQL (#4332)
• Old mongoose_metrics module (#4353)

Other

• Documentation improvements (#4266, #4277, #4327, #4341, #4354, #4356, #4376, #4383)
• Testing improvements/fixes (#4267, #4270, #4279, #4286, #4307, #4315, #4321, #4339, #4342, #4351, #4357, #4362, #4373)
• CI improvements/fixes (#4276, #4329, #4346, #4350, #4365, #4366, #4367, #4369, #4370)

Commits, merged PRs and closed issues

• List of merged PRs

• List of closed issues

• Repository history for this release

• List of merged PRs based on merge date

MongooseIM 6.2.1

Highlights

• Enhanced CETS
• Pools configuration
• Traffic shapers update
• Support for MAM v1.1.0
• More reliable testing
• Various improvements and fixes

All changes

Added

• RDBMS backend for mod_caps (#4211)
• Commit hash to GraphQL server status (#4221, #4262)
• Erlang Doctor debugging tool (#4248)
• Pools:
  • By host type (#4229)
  • By host config (#4235)
  • Names to mongoose_rdbms (#4231)

Changed

• Improved shapers (#4187, #4203, #4213)
• Enhanced discovery requests handling (#4194)
• User-friendly errors for internal databases in the GraphQL API (#4192)
• Increase idle_timeout for SSE (#4196)
• Presence management refactor (#4207)
• MAM implementation update to version 1.1.0 (#4218, #4225)
• Roster management refactor (#4209)

Fixed

• CETS improvements:
  • Pause on all nodes (#4204)
  • Node cleanup (#4234, #4250, #4251)
  • Unnecessary logs removal (#4205)
  • Node discovery (#4255, #4256)
• MAM lookup error handling (#4191)
• MUC Light id definition for MariaDB (#4195)
• max_stanza_size issue (#4197)
• Duplicate migration files (#4230)
• Invalid MAM IDs parsing and overflow (#4242)
• Certificate options verification on HTTPS (#4236)
• GitHub Actions status badge (#4261)

Other

• Testing improvements/fixes (#4176, #4202, #4212, #4237, #4239, #4243, #4241, #4246, #4257, #4259, #4260)
• Update migration guide (#4258)

Commits, merged PRs and closed issues

• List of merged PRs

• List of closed issues

• Repository history for this release

• List of merged PRs based on merge date

MongooseIM 6.2.0

Highlights

• Introduced CETS as an alternative internal database to Mnesia
• Updated many XEP implementations to the newest version
• Implemented partial support for XEP-0386: Bind 2 and XEP-0388: Extensible SASL Profile
• Support for Erlang 26
• Removed support for Riak
• Various improvements and fixes

Added

• CETS
  • CETS backend for session management and stream management (#3629, #4075, #4143)
  • Add GraphQL handler for CETS info (#4015, #4116)
  • RDBMS discovery backend for CETS (#4022, #4042, #4108, #4049, #4165, #4182)
  • CETS backend for mod_bosh (#4050)
  • CETS support for components (#4047)
  • CETS support for S2S (#4046)
  • CETS backend for mod_muc (#4066)
  • CETS backend for mod_jingle_sip (#4076)
  • CETS backend for mongoose_cluster_id (#4136)
  • Add CETS backend for mod_keystore (#4140)
  • Remove mnesia from mod_register (#4146)
  • Anonymous auth supports mnesia and CETS backends (#4148)
  • Custom EPMD module (#4179)
• Unified XEP list for xmpp.org (#4021, #4024, #4025, #4123)
• Reporting to Google Analytics 4 (#4040, #4061)
• Add config option to limit the number of users per domain (#4059)
• XEP-0386: Bind 2 and XEP-0388: Extensible SASL Profile
  • Extensible SASL Profile (#4101, #4102)
  • Bind 2 (#4113, #4114)
• Log internal-server-errors in mod_privacy (#4139)

Changed

• XEP updates
  • Implement XEP-0004: Data Forms in a separate module (#4028, #4031)
  • Update XEP-0016: Privacy Lists (#4038)
  • Update XEP-0030: Service Discovery (#4039)
  • Update XEP-0050: Ad-Hoc Commands (#4043, #4048)
  • Update XEP-0363: HTTP File Upload(#4053)
  • Update attributes for XEP-0178 and add for XEP-0220 (#4057)
  • Update XEP-0045: Multi-User Chat (#4054)
  • Update XEPs: XEP-0082, XEP-0115, XEP-0124, XEP-0157, XEP-0160, XEP-0163, XEP-0199, XEP-0248, XEP-0277 (#4060)
  • Update XEP-0280 (#4083)
  • Update XEP-0060: Publish-Subscribe (#4092)
  • Update XEP-0215: External Service Discovery (#4120)
  • Advertise support for XEP-0249: Direct MUC Invitations (#4168)
• Upgrade segmented_cache library and its telemetry events (#4041)
• Improved Metrics initialization (#4070)
• Initialise domain workers in the supervision tree instead of manually (#4069)
• Config in one persistent term (#4093)
• C2S features optimisations (#4094)
• Patch ejabberd_sm (#4096)
• Use jid:make_bare/2 instead of jid:make/3 where appropiate (#4109)
• Unify auth_module and info in c2s_data record (#4110)
• Simplify specs for ejabberd_sup and let workers terminate (#4117)
• Raise an error if mnesia:create_table/2 fails (#4138)

Fixed

• Fix mod_event_pusher:push_event/3 (#3939)
• Removing incorrect CORS headers (#4006)
• Fix handling of the undefined host type for stream errors (#4052)
• Put reporter init after app startup (#4085)
• Fix slow getaddrs call in global distribution (#4086)
• C2S fixes (#4095, #4129)
• Fix invalid username in scram authentication (#4118)
• Return a proper type from mod_muc:node_cleanup_for_host_type/3 (#4122)
• Correctly handle the case when TLS is disabled (#4150)
• Fix error on ping timeout with stream management (#4153)
• Update epgsql to fix an issue with Erlang/OTP 26 (#4169)
• mod_muc_light config fix (#4178)
• Change domain validation logic (#4184)
• Require 'cacertfile' for just_tls when verify_mode = 'peer' (#4189)

Removed

• Remove riak (#4035)
• Remove legacy CLI commands (#4160)

Performance improvements

• Cache router, filter, and process handlers into funs (#4068)
• C2S features small optimisation (#4077)
• Replace erlang:apply with explicit function calls for hooks (#4073)
• Avoid calling ejabberd_sm_backend:get_sessions/3 second time when routing presences (#4089)
• Put hooks into persistent_term using batching (#3878)

Other

• Tests improvements/fixes (#4064, #4072, #4079, #4098, #4099, #4100, #4104, #4103, #4107, #4115, #4137, #4142, #4147, #4155, #4164)
• Documentation updates (#4030, #4034, #4055, #4087, #4130, #4133, #4181, #4190)
• CI improvements/fixes (#4023, #4026, #4027, #4029, #4097, #4112, #4149, #4145, #4152, #4166, #4167, #4171)
• Upgrade exometer_report_graphite (#4134)
• Support for Erlang 26 (#4121)
• Rename db and node to mongooseim (#4172)

Commits, merged PRs and closed issues

• List of merged PRs

• List of closed issues

• Repository history for this release

• List of merged PRs based on merge date

MongooseIM 6.1.0

Highlights

• Reworked C2S architecture
• Docker image for arm64
• Update of Universal Analytics to Google Analytics 4
• Dialyzer types fix
• Deprecation of Riak
• More reliable test suites
• Various improvements and fixes

All changes

Added

• New C2S architecture (#3765)
  • presence (#3746)
  • mod_last (#3750)
  • mod_register (#3751)
  • privacy (#3747)
  • pubsub (#3785)
  • ping (#3748)
  • metrics (#3800)
  • steam_management (#3796)
  • mod_csi (#3880)
  • sasl_external (#3911)
  • More granular hooks (#3852, #3857, #3955)
  • Fixed stream_management timeouts (#3934)
  • Stopped routing broadcast tuples (#3946)
  • Unified metrics (#3967)
  • C2S Migration guide (#3965)
  • Fixed duplicated logout in stream_management (#3983)
  • Adapted existing test suites (#3772, #3778, #3783, #3787, #3786, #3845, #3882, #3909, #3925, #3927, #3932, #3931, #3940)
  • Miscellaneous changes (#3729, #3797, #3790, #3816, #3858, #3888, #3904, #3908, #3917, #3919, #3935, #3950, #3957, #3959, #3972)
• Added information about GraphQL (#3905)
• Enable CircleCI tests insights (#3899)
• Hooks improvement (#3913, #3912)
• mod_inbox improvements (#3910, #3974, #4016)
• Checking push form fields (#3916)
• Checking for MUC domain when archiving messages (#3936)
• Updated base Docker image (#3943)
• Implemented mod_pubsub_db without dynamic modules (#3953)
• Checking the to JID (#3971)
• Auto registration/unregistration of hooks in gen_mod (#3954)
• Added port and IP in the listener options for WebSockets and BOSH (#3977)
• Improved MAM logging (#3984)
• Added error reason to batch worker termination (#3985)
• Docker image for arm64 (#3979, #3986, #3988, #4009)
• Full support for TLS version 1.3 (#3989)
• Restarting executes in transactions (#3973)
• GraphQL server status now returns MongooseIM version (#3995)
• Capability of measuring asynchronous SQL execute requests (#4002)
• Enabled codecov with the new uploader (#4013)
• remove_domain for internal auth (#4010)
• Passing SID into store_info (#4007)

Changed

• Unified status icons (#4000)
• Reworked mongoose transport (#3982)
• Updated dependencies (#3918, #3976, #4017)
• Updated MySQL schema (#3944)
• Set cookie to mongooseim (#3930)
• Moved to Google Analytics 4 (#4011, #4019)

Fixed

• Issues with GitHub actions (#3992, #4003)
• Status badges (#3975)
• Announcing session establishment (#3970)
• Input for mam errors (#4008)
• Issue with certificate verification for Google Analytics (#3978)
• Incremental removal query (#3924)
• Unknown types in Dialyzer (#3929)
• Scram invalid xml response (#4020)

Removed

• Legacy C2S implementation (#3805, #3860)
• Some of the hooks with no handlers (#3990)
• Incorrect CORS headers (#4005)
• Riak is now deprecated (#3981)

Other

• Test suites improvements (#3906, #3923, #3926, #3937, #3961, #3968, #3964, #3960, #3969, #3960, #3998, #3999)
• Updated documentation (#3914, #3962, #3966, #4014)

Commits, merged PRs and closed issues

• List of merged PRs

• List of closed issues

• Repository history for this release

• List of merged PRs based on merge date

Special thanks to our contributors:

• @askarsyzdykov Fix typo in documentation (#3966)

MongooseIM 5.1.1

What's Changed

• dependencies update (PR #3938)

Full Changelog: 5.1.0...5.1.1