1. Tigase 8.4.0 Release Notes

1.1. Tigase XMPP Server 8.4.0 Change notes

Note

This version requires JDK17!

Note

Complete list of changes available in [tigase-server-8.4.0 milestone](https://tigase.dev/tigase/_server/~milestones/11)

1.1.1. Major Changes

  • Add support for XEP-0227: Portable Import/Export Format for XMPP-IM Servers (tigase/_server/server-core#1456)

  • Add support for showing accounts with push notifications enabled as away (tigase/_server/server-core#1527)

  • Add support for banning users with support of xmppbl.org (tigase/_server/tigase-muc#156)

  • Add support for XEP-0404: Mediated Information eXchange (MIX): JID Hidden Channels

  • Add ad-hoc commands to manage MIX channel

  • Initial rewrite of HTTP-API from Groovy to Java and switch to jte for templating for improve performance

  • Add dashboard to easily manage users (tigase/_server/tigase-http-api#132)

  • Added support for opt-in for ProtoXEP: PubSub Server Information

  • Add support for authentication of APNS provider using P8 (tigase-push)

  • Allow overriding default “networkaddress.cache.ttl” configuration (tigase/_server/tigase-utils#26)

  • Deprecate MD5*CredentialsEntry (tigase/_server/server-core#1359)

  • Add support for message retraction by admins/owners (tigase/_server/tigase-mix#34)

  • Add support for XEP-0425: Message Moderation (tigase/_server/tigase-muc#152)

1.1.2. All Minor Features & Behavior Changes

  • Fix issue where exception thrown within StoredProcedure that has transaction can cause a lock (tigase/_server/server-core#1347)

  • Improve caching (tigase/_server/tigase-pubsub#92)

  • Improve handling of database failovers (connecting to read-only instance due to DNS propagation being to slow on AWS part) (tigase/_server/server-core#1354)

  • Update MongoDB driver (tigase/_server/tigase-mongodb#34)

  • Implement support for XEP-0404: Mediated Information eXchange (MIX): JID Hidden Channels (tigase/_server/tigase-mix#37)

  • Remove JaXMPP dependency in tigase-push-fcm (tigase/_server/tigase-push#50)

  • Improved and refactor HTTP API implementation (tigase/_server/tigase-http-api#122)

  • Expose account status value in endpoint to retrieve user details (tigase/_server/tigase-http-api#131)

  • Setup not working (NPE because of missing JTE compiler) (tigase/_server/tigase-http-api#135)

  • Add method to generate tokens/QR codes for authentication (tigase/_server/tigase-http-api#133)

  • http-api should delay listening on port until server finished startup (tigase/_server/tigase-http-api#130)

  • Add ad-hoc commands to manage MIX channel (tigase/_server/tigase-mix#36)

  • Add support for exporting/importing MIX channel data (tigase/_server/tigase-mix#38)

  • Add support for XEP-0227: Portable Import/Export Format (tigase/_server/tigase-message-archiving#81)

  • XEP-0227: Portable Import/Export Format for XMPP-IM Servers (tigase/_server/tigase-pubsub#138)

  • Fix disco#items of PubSub node ignores permission checking (tigase/_server/tigase-pubsub#137)

  • NumberFormatException: For input string: “max” (tigase/_server/tigase-pubsub#134)

  • RSM sends <max/> element in response (tigase/_server/tigase-utils#27)

  • Unexpected <build/> element in XEP-0092: Software Version (tigase/_server/server-core#1522)

  • Add support for exporting MUC rooms and history to XML (tigase/_server/tigase-muc#161)

  • Registration captcha makes registration impossible (tigase/_server/server-core#1510)

  • Return better SASL error for accounts pending confirmation (tigase/_server/server-core#1511)

  • Missing escaping of some chars in encrypted Push Notifications (tigase/_server/server-core#1512)

  • SCRAM *-PLUS mechanisms unavailable after StartTLS (tigase/_server/server-core#1508)

  • Rename ‘captcha’ field to ‘qa’ (tigase/_server/server-core#1516)

  • Added support for opt-in for ProtoXEP: PubSub Server Information (tigase/_server/server-core#1515)

  • Adjust TLS ciphers and options values used by default (tigase/_server/server-core#1517)

  • Add support for token/HMAC based authentication (tigase/_server/server-core#1520)

  • Not XML-well-formed stanza being accepted by server and routed to recipient (tigase/_server/tigase-xmltools#16)

  • Dockerize with Jib (tigase/_server/tigase-xmpp-server-docker#12)

  • Fix issue where it’s not possible to configure seeOtherHost.defaultHost (tigase/_server/server-core#1364)

  • Add support for testing S2S connectivity over IPv6 (tigase/_server/server-core#1363)

  • Add support for setting user as admin using REST API (tigase/_server/tigase-http-api#127)

  • Create pre-processor that would filter out error messages (tigase/_server/server-core#1344)

  • Make it easier to disable BruteForceLocker (tigase/_server/server-core#1345)

  • Cache usage statistics are not collected/computed correctly (tigase/_server/tigase-pubsub#135)

  • Improve handling for MAM:1 queries with old IDs (tigase/_server/tigase-muc#153)

  • Undelivered stanzas are processed before stream closure commands (tigase/_server/server-core#1343)

  • [Setup] Add support for env-variables exposed in docker start.sh script (tigase/_server/tigase-http-api#142)

  • Add API-KEY repo implementation that would be based on environment variables (tigase/_server/tigase-http-api#97)

  • Add support for certificates private key using ecdsa (tigase/_server/tigase-utils#28)

1.2. Tigase XMPP Server 8.3.0 Change notes

1.2.1. Major Changes

  • This version requires JDK17 to run

  • Added support for mam2#extended [#mam-73]

  • Rework certificate generation to utilise keygen tool instead of using sun.* API unavailable under JDK17

  • Added support for XEP-0440 SASL Channel Binding Type Capability and fixed and reenabled SCRAM-*-PLUS SASL mechanisms [#server-1335]

  • Added initial,preview support for SASL2 and Bind2 (disabled by default) - to enable, activate beans ‘urn:xmpp:bind:0’ and ‘urn:xmpp:sasl:2’ in ‘sess-man’ [#server-1332]

1.2.2. All Minor Features & Behavior Changes

  • Increased network socket buffer from 2K to 4K to improve performance when reading data from socket. It can increase somewhat memory usage proportionally to number of concurrent user connections. It’s possible to configure size of this buffer using socket-buffer-size property - please see documentation.

  • Add configuration to log size generated by LoggerTask in Monitor and decrease default from 1M to 50K; Disable serialisation of monitor events; #servers-372

  • Add DOAP file; update documentation with supported features; #server-1076

  • Fix issue with NPE in JabberIqAuth plugin when no password was presented due to missing return statement; fixed similar issue where, after closing the connection, the execution of the code wasn’t terminated in JabberIqAuth and SaslAuth plugins #server-1317

  • Add support for XEP-0398 to feature list and updated list of supported features; #server-1316

  • Change try-catch statement in database schema loader to better catch edge cases; #serverdist-10

  • Remove wildcard certificate generation (as main DN) in certificate container to avoid issues that it entails (inability to override such self-signed certificate via ad-hoc commands!). Wildcards are now properly handled by CertificateGenerateor and are included correctly as SAN in addition to DN for main domain; Fix handling “default” certificates from repository; #server-1279

  • Change default watchdog ping from (forbidden by RFC) whitespace to xmpp; add warning if someone configures it as whitespace either way; server-1318

  • Improve XMPPDomBuilderHandler logging; #server-1323

  • Improved Stream Management code responsible for generating <r/> requests #server-1324 (#150)

  • Added socket-buffer-size option to ConnectionManager to configure SO_RCVBUF separately from internal network buffers #server-1325

  • Increased socket-buffer-size for client-to-server and intercluster connections and added documentation #server-1325

  • Fix MAX_PAUSE property name; #server-1326

  • Updated implementation of XEP-0377: Spam Reporting #server-1327

  • Fixed issue with errors being sent for unexpected <iq type=result/> stanzas #server-1328

  • Improved exceptions handling in StanzaProcessor #server-1328

  • Switch from jtds to MS own jdbc driver; #serverdist-12

  • Prevent re-delivery of certain S2S packets (sasl, features, dialback, etc) as it doesn’t make sense; #server-1320

  • Adjust log levels to avoid WARNINGS during startup for regular messages; #server-1115

  • Add ‘active in last x’ statistic; #server-1281

  • Include option to restart JVM on OOM (off by default)

  • Correctly process packets from mobile queue instead of re-adding currently filtered packet; #server-1331

  • Improvements to NativeMemoryTracking implementation with units; documentation; #server-1330

  • Improve MAM logging; #servers-384

  • Only count stanzas in StreamManagement #server-1333

  • Fixed advertisement stream features for unauthorized stream #server-1334

  • Fixed NPE during preparing stream features when connection is already closed #server-1334

  • Added initial support for SASL2 and Bind2 (preview feature, disabled by default) #server-1332

  • Added support for XEP-0440 SASL Channel Binding Type Capability and fixed and reenabled SCRAM-*-PLUS SASL mechanisms [#server-1335]

  • Fixed NPE during enabling of stream resumption #server-1332

  • Fixed sending block/unblock presences from blocking command for domain #server-1336

  • Better default for lastXmppPacketReceivedTime member to avoid WatchDog closing connection before lastXmppPacketReceivedTime is set; #server-1337

  • Add proper addressing validation in S2S connection and allow connections without ‘from’ set; #server-1338

1.3. Tigase XMPP Server 8.2.0 Change notes

1.3.1. Major Changes

  • Improvements to s2s connection: Version 8.2.0 brings a lot of improvements related to s2s connectivity: support for TLS1.3, improved logic during authentication and stream negotiation solving connectivity issues with various deployments

  • Better handling of certificates: It’s now possible to store certificates in the database making it easier to manage them in clustered environment.

  • Deprecation of Element based events in favour of Object based events

  • Improved performance: reduced memory usage and decrease startup time

1.3.2. All Minor Features & Behavior Changes

  • #server-1050: Database installation without root credentials

  • #server-1062: Deprecate Element based Event-bus

  • #server-1097: It’s not possible to configure additional PacketFilters

  • #server-1101: Enabling TLS1.3 causes s2s connections to fail

  • #server-1102: Add possibility to extend MAM to MAM:2

  • #server-1105: Enhance Add SSL Certificate ad-hoc with option to set default

  • #server-1119: Use database for certificate storage instead of filesystem

  • #server-1120: JabberIqRegister should allow enforcing both CAPTCHA and e-mail

  • #server-1132: Don’t use s2s socket if only one-direction works

  • #server-1142: After registration inform the client that the account activation (email) is required

  • #server-1158: Establishing JMX connection to the server causes excessive memory allocation

  • #server-1162: Allow interfaces in @ConfigField

  • #server-1170: TLS infinity loop impacts Tigase XMPP Server performance

  • #server-1175: Connection with diebesban.de stopped with invalid-namespace error

  • #server-1177: Ability to change log level during runtime

  • #server-1178: Remove online_status from the repository

  • #server-1179: Add support for {clusterNode} in XEP-0215 host field

  • #server-1181: NoSuchElementException in MaxDailyCounterQueue

  • #server-1182: NPE while processing <iq type=”result”/> without existing session

  • #server-1187: SchemaLoader should not print passwords in the logs (URL logs)

  • #server-1192: Obfuscate repository passwords

  • #server-1190: Executing EditUser on non-existen’t user causes creation of the user

  • #server-1193: Push notifications are sent for groupchat messages without <body/>

  • #server-1197: Infinite loop while cutting body of encrypted push notification to fit the push notifications limit

  • #server-1199: Don’t send any packets until s2s stream negotiation is finished

  • #server-1200: Use proper size of network buffers for high-throughput connections

  • #server-1203: Handing error packets in CIDConnections.sendPacketsBack

  • #server-1217: Prevent performing schema upgrade concurrently

  • #server-1219: Use all JDBC URI parameters from config.tdsl when performing database upgrade.

  • #server-1222: Add support for XEP-0377: Spam Reporting

  • #server-1229: Enabling CAPTCHA or e-mail for JabberIqRegister breaks password changing functionality.

  • #server-1229: Enabling CAPTCHA or e-mail for JabberIqRegister breaks password changing functionality.

  • #server-1233: Add option to CertificateRepository to load certificates from the filesystem

  • #server-1234: Roster API improvements

  • #server-1237: Rework CertificateRepository so items are stored individually

  • #server-1238: Can’t set MOTD via ad-hoc.

  • #server-1243: Include wait-for-it.sh script in base distribution

  • #server-1245: MethodStatistics doesn’t work well for interfaces with overloaded methods

  • #server-1251: Can’t initialise MAM processor with default installation

  • #server-1252: Remove select row_count() from Tig_OfflineMessages_DeleteMessage

  • #server-1253: It seems that ‘expired-processor’ doesn’t remove periodically expired messages

  • #server-1254: Fix slow startup and shutdown

  • #server-1258: Allow beans to be instantiated without the requirement to reference/inject them

  • #server-1260: UserConnectedEvent should be a cluster event

  • #server-1261: Revise and improve EventBus developer guide

  • #server-1269: SSL issues are hidden by default making it difficult to identify

  • #server-1273: Add option to limit number of concurrently connected resources

  • #server-1277: Fix HUGE out queue in StreamManagementIOProcessor

  • #server-1278: NPE in StreamManagementIOProcessor.serviceStopped

  • #server-1282: XMPPProcessorAbstract.processToUserPacket() responds to IQ result with error

  • #server-1284: Add validation to JabberIqAuth

  • #server-1285: Wrong field type for XEP-0157 entries

  • #server-1290: Improve StringPrep to actually forbid space in localpart/domain as per rfc7622

  • #server-1292: TLS connectivity issue with search.jabber.network

  • #server-1297: Add option to push plugin that would allow to overwrite unencrypted part in (OMEMO) encrypted messages

  • #server-1303: Better handling of “The target is unavailable at this time.” / PacketInvalidTypeException

  • #server-1305: Allow creation of admin user (if not exist) during upgrade-schema task

  • #server-1306: Fix farge amount of direct memory being used.

  • #server-1307: Fix disconnection on MAM sync

  • #extras-3: Add AWS logback and documentation how to use it

  • #extras-4: Unescape and normalise logs in mail notifications before sending them

  • #extras-7: Add email validation during in-band-registration; better handling of mail sending exceptions regarding to non-existent addresses

  • #extras-9: Deprecate mDNS implementation

  • #serverdist-8: Remove DNS resolution part from XEP-0156 implementation

1.4. Tigase XMPP Server 8.1.0 Change notes and announcement

1.4.1. Major Changes

More XMPP extensions

Following XMPP guidelines specified in Compliance Suites a number of extensions was included in this release:

  • XEP-0157: Contact Addresses for XMPP Services (server-995) that can be configured on per VHost basis (server-1015)

  • XEP-0398: User Avatar to vCard-Based Avatars Conversion (server-1017)

  • XEP-0156: Discovering Alternative XMPP Connection Methods - Tigase already supported handling DNS queries and standardised our webservice to XEP-0156 (http-76)

  • XEP-0410: MUC Self-Ping (Schrödinger’s Chat) (muc-122)

  • XEP-0153: vCard-Based Avatars - added support for setting vCard avatar for MUC rooms (muc-112)

  • XEP-0411: Bookmarks Conversion (pubsub-79)

  • XEP-0157: Contact Addresses for XMPP Services (server-995)

Improved connectivity with other servers

SASL-EXTERNAL mechanism was added for server-to-server (federated, s2s) connections greatly improving compliance with XMPP network. It’s possible to use both SASL-EXTERNAL and Diallback depending on support in other servers.

Better security & privacy

When it comes to connectivity, Tigase XMPP Server sported Hardened Mode that adjusted networking security settings (supported protocols, cipher suites and keys’ length where applicable). We decided include 3-level configuration option for Hardened Mode (roughly following Mozilla’s SSL Configuration Generator): relaxed, secure (default) and strict and to further eliminate cipher suites that are currently considered insecure.

We also enabled by default our anti-spam plugin and because we like all-things-extensible we created a guide how to create your own pluggable filters for anti-spam-plugin.

Multiple domains (VHosts) support is even better

It was always quite easy to configure and serve multiple domains in Tigase XMPP Server. In this release we made it even better! First of all - we included Default VHost item, which allows configuring global defaults for the installation on the fly without having to change configuration files and restart the instance.

Internally, we introduced VHost Extensions - a mechanism that allows easy addition of configurable options that can be set on per-domain basis.

On top of that we reworked how SSL certificates are handled (especially wildcard ones) and now they are loaded and assigned to correct domain automatically - no need to configure star-certificates manually anymore.

Mobile First

Notifications send to mobile applications via Apple’s and Google’s push servers using Tigase’s PUSH component are now encrypted (#push-25), requires compatible clients)

MUC component now allows users to register permanent nickname, which makes it possible to receive PUSH notifications even if our client disconnects and is offline (#muc-115)

Installation & management

The (web) installer was simplified making setting up and configuring Tigase even easier (#http-78) - now it’s only needed to select desired database, provide it’s details and eventually adjust which components and plugins should be enabled or disabled, but we believe that provided defaults should work well in most of the cases.

After the installation and startup, it’s possible to see basic instance state via web browser either opening /server/ endpoint (#server-1164), or local file from logs/server-info.html) and manage the installation using Admin WebUI, that received slight visual face-lift (#http-90)

Noteworthy

  • Startup time was significantly reduced due to improvements of creating repository pools (#server-1149)

  • Multi-thread, highly concurrent script execution was improved (#server-1154)

  • StreamManagement was available, but in this version we decided to enabled it by default.

  • More places offers support for XEP-0059: Result Set Management - namely PubSub nodes discovery and jabber:iq:serach

  • Publishing Options were added to PubSub (#pubsub-75)

1.4.2. New Minor Features & Behavior Changes

  • server-918: AWS obtain public IP and/or DNS address of the EC2 instance

  • server-985: Add support for SCRAM-SHA-512(-PLUS)

  • spam-8: Enable spam processor by default

  • server-1012: UserDomainFilter.groovy fails to load

  • server-1014: Can’t upgrade from 8.0.0GA to 8.1.0-SNAPSHOT

  • server-798: Limit number of messages that are stored in DB per user within a period of time

  • server-827: Seperate Component-based statistics

  • server-1026: NPE: in JabberIqRegister/EmailConfirmationSender

  • pubsub-82: NPE in RetrieveItemsModule

  • tigaseim-78: IPv6 connectivity issue

  • server-239: OSGi mode - exceptions in logs

  • server-1020: Enable stream management by default

  • pubsub-83: NPE in PublishItemModule

  • pubsub-81: Exception during execution of event: tigase.pubsub.modules.PresenceCollectorModule.PresenceChangeEvent

  • server-1021: NPE: Cannot update BruteForceLocker

  • server-826: UserRepository caches force synchronization even if caching is disabled

  • server-958: Add timeout for opened TCP connections

  • server-1029: Read receipients are not copied via carbons

  • server-1015: Allow configuring XEP-0157: Contact Addresses on per VHost basis

  • pubsub-65: RSM and jabber:search for pubsub discovery

  • server-1030: NPE in VCardTemp when processing initial presence

  • http-72: Change Content-Disposition from attachment to inline

  • server-1045: NPE in DiscoExtensionsForm

  • server-1048: Update parent pom and information about suggested JDK

  • push-23: [JDK12] Can’t establish encrypted connection with Push/FCM

  • server-978: Improve VHost configuration / extending

  • server-1068: Improve LogFormat readability (and maybe performance)

  • server-1070: Improve privacy list loggging

  • server-1071: NPE in IOService.accept

  • server-710: Registration improvements

  • pubsub-79: XEP-0411: Bookmarks Conversion

  • pubsub-75: Add support for Publishing Options

  • server-1017: XEP-0398: User Avatar to vCard-Based Avatars Conversion

  • server-994: Add server support for Entity Capabilities: Stream Feature

  • server-995: XEP-0157: Contact Addresses for XMPP Services

  • http-76: Standardise DNS webservice to XEP-0156

  • server-1109: Add recommended JDK version to documentation

  • push-28: Non-tigase notifications should use high priority (APNS)

  • server-1114: Can’t register on sure.im with StorkIM

  • server-1005: Flatten schema to match versioning document

  • server-1116: account_status is not checked

  • server-1074: Hardened Mode improvements

  • server-1125: StatsDumper.groovy doesn’t work in documentation in 8.x

  • http-85: Pasword resset doesn’t work

  • server-1128: Possible vulnerability in XML parser

  • server-1130: NPE i JabberIqAuth

  • http-84: Configurable resetPassword endpoint hostname

  • server-1129: BOSH timeouts on GET requests

  • prv-436: Conversations compliance - contact developers

  • server-1100: CAAS and WS testers fail to connect to wss://tigase.im:5291

  • server-1047: Add SASL-EXTERNAL on s2s conections

  • server-1103: High priority PUSH notifications are sent for all messages

  • pubsub-93: NPE in CapsChangeEvent

  • server-1137: Don’t require setting JAVA_HOME to start server

  • server-1136: upgrade-schema –help not available

  • utils-19: tigase-utils doesn’t compile with JDK12

  • server-1138: Schema files are not sorted correctly during loading

  • pubsub-98: Resources with emoji chars are causing issues with MySQL backend

  • server-1110: Disabling TLS in VHost configuration doesn’t work

  • server-1078: Don’t send root CA certificate in chain

  • server-1113: Don’t advertise SASL-EXTERNAL if own certificate is not valid

  • http-78: Simplify installer

  • server-1133: Not able to connect via S2S to server with incorrect SSL certificate

  • serverdistribution-2: MUC upgrade not linked correctly in global tigase guide

  • server-1149: Reduce startup time with a lot of database connections

  • server-1148: “ERROR! Component <x> schema version is not loaded in the database or it is old!” during shutdown

  • server-1153: Refactor Credentials related username to credentialId to avoid confussion

  • servers-312: No cluster connection to send a packet

  • server-1154: Multi-thread script execution yields wrong results

  • servers-294: Can’t connect from tigase.im to rsocks.net

  • server-1111: Can’t establish s2s to upload.pouet.ovh

  • server-1143: S2S connectivity issue with OpenFire when SASL external is used

  • servers-309: Issue when connecting to xabber.org: not-authorized: self signed certificate

  • tigaseim-80: Siskin IM push server is not accessible

  • server-1080: After updating certificate via ad-hoc/rest only main certificate is updated

  • http-88: Improve REST documentation

  • http-87: “request accept time exceeded” for every request when using JavaStandaloneHttpServer

  • server-1151: BruteForceLockerExtension (and possibly others) settings are not correctly retrieved

  • http-89: Drop result/error packages received by HTTP-API if no connection present to write response to

  • pubsub-99: Notifications are not sent for +notify from nodes with whitelist access mode

  • pubsub-79: XEP-0411: Bookmarks Conversion

  • server-1157: SCRAM-SHA512 not working

  • server-1159: Improve handling establishing and terminating of the session

  • server-1152: Cleanup warnings from JDBCMsgRepository

  • server-1112: Fallback to diallback if SASL-EXTERNAL fails

  • servers-292: S2S connectivity issues

  • acspubsub-19: REST execution fails on other nodes

  • server-1145: Race condition during storing/loading of offline messages

  • http-90: Add direct links to most useful task in AdminUI main page

  • spam-10: Add documentation for creation of a custom filter

  • server-1163: Review and update SASL Custom Mechanisms and Configuration documentation

  • server-1164: After-installation report - installation status

  • systems-76: Fix issue with StackOverflow due to recursive call in TLSIO; improve debug log

  • server-1082: Sec-WebSocket-Accept not calculated correctly

  • server-1083: Messages sent to full jid are returned with error

  • push-25: Add support for sending encrypted PUSHes

  • server-1085: Improve retrieval of values for all keys in a node in UserRepository

  • muc-115: Add support for MUC and offline message delivery

  • muc-122: XEP-0410: MUC Self-Ping (Schrödinger’s Chat)

  • muc-112: Support for setting vCard avatar for room

  • http-83: Issue with multithreading access to HttpExchange instance

  • httpapijetty-3: Support for HTTP/2

  • httpapijetty-6: Update Jetty version

1.5. Tigase XMPP Server 8.0.0 Change notes and announcement

1.5.1. Major Changes

Kernel and beans configuration

Tigase now operates using a Kernel and Beans style of programming. What does this mean for Tigase and You? Good news, really. Tigase XMPP Server is now working as a Kernel program, which will operate on it’s own and handle all the core functionality of the server. Component, and non-essential functionality will now be loaded as Beans. As a user, your experience will not change all that much. However, beans can be loaded and unloaded without having to restart Tigase, meaning that the program will behave more dynamically. This means a smaller footprint on memory on resources when components are not needed, and longer uptimes without having to rest art the program! This also allows for greater flexibility for Tigase XMPP Server to be better customized for unique solutions.

New Configuration File Format

With the change of Tigase to a Kernel and Beans style of programming, we have also changed how the configuration file is managed. Although you will still edit the config.tdsl file like a plaintext file, a new style of formatting will be used known as DSL. Domain Specific Language may add more lines, but is a cleaner format, and provides a more secure configuration design since validation of the configuration is done at the domain level. For more information on this format and how to configure Tigase, visit DSL Configuration Guide.

Cluster Node Shutdown Changes

Starting with Tigase XMPP Server 8.0.0, users connected on clustered nodes will be able use a see-other-host strategy when a node is being shutdown. Note: This may not be compatible with all clients. The Ad-hoc command is designed for a graceful shutdown of cluster nodes as a groovy script Shutdown.groovy. This script also allows for the -timeout setting which will delay shutdown of the node, and alert all users (via a headline message) that the server will be shutdown after a time. User clients that are compatible with the command will then detect other connected clusters and maintain their connections.

If the command is being sent to shut down the whole cluster, no see-other-host implementation will be sent, however timeout settings may still be used.

The script may be activated by an ad-hoc command, or sent using REST from remote or Tigase Admin UI.

Significant cleanup of code and repositories

Multiple changes have been made to the structure and coding for v8, many related to trimming size of repositories and old calls. Some of these improvements are listed here:

  • Empty JavaDocs that do not convey values have been removed.

  • All code is reformatted to be compliant with out codestyle guidelines.

  • Calls to System.out.print*() and printStackTrace() have been removed from code.

  • Depreciated and unused classes have been removed.

BouncyCastle being used for StartTLS

BouncyCastle Crypto API has now been employed to handle StartTLS negotiation. By doing this, Tigase now supports tls-unique within the SCRAM PLUS authentication implementation. This API is may be employed by calling the class in your configuration file:

c2s () {
    sslContextContainer(class: tigase.extras.bcstarttls.BCSSLContextContainer) {}
}

The BouncyCastle classes are included in the dist-max archives.

default-virtual-host property changes

Default virtual hosts property is now able to be configured only as a domain name instead of the list of virtual host domains with options. Additional virtual host domains and their options need to be configured using ad-hoc commands or web AdminUI. Reference Virtual-Hosts Configuration for more details.

All artifacts are signed

Since work began on v8.0.0 Tigase has required that all changes to Tigase XMPP Server and dependencies be signed with known certificates. This version marks the first to be totally signed.

Scaled Down Installation Methods

We have cleaned up installation methods for Tigase and now recommend the use of web-installer method. IzPack installer (files tigase-server-<version>-b<build>.jar installation methods have been removed and will no longer be produced for v8.0.0 and later. Manual installation is still available for those unable to use HTTP or browser access. Visit our Quick Start guide for instructions on these other methods.

Emojis now supported on Tigase XMPP Servers

Emojis are now supported on MySQL databases, however some settings may be need to be changed, although they won’t affect existing databases. Visit this section for details.

XEP-0215 External Service Discovery now supported

Tigase now supports XEP-0215 - External Service Discovery allowing Tigase to discover services that are not available VIA the XMPP Protocol. For setup and configuration information visit External Service Discovery Component documentation.

XEP-0313 Message Archive Management now supported

XEP-0313 - Message Archive Management is now supported by Tigase featuring custom enhancements like full-text search and searching by tags. MAM requires Tigase’s message archive to be enabled in the config.tdsl file, and the schema (XEP-0136 or XEP-0313) must be configured in session manager settings. To turn on MAM, see configuration guide located here.

XEP-0363 HTTP File Upload now supported

XEP-0363 - HTTP File Upload is now supported using Tigase HTTP API component now allowing for a more robust one-to-many file uploading option. Configuration details are available at the HTTP File Upload Component section of documentation.

Startup now uses bootstrapping

Tigase now uses bootstrapping to startup, which will load configuration from config.tdsl file like before. Then Tigase will begin it’s normal operations with the configuration options. All startup functions for Tigase will now run under the bootstrap bean.

CAPTCHA system now available for in-band registration

XEP-0077 In band registration can use Data Forms as an option to process new registrations. Now you can secure these registrations by employing a CAPTCHA solution. By enabling this option you can reduce the number of potential spammers and bots on your server.

Schema changes

Now each component has it’s own schema for databases, they are no longer tied into Tigase XMPP server versions making changes and updates to individual components easier, and may not disrupt all users not using certain components. See the schema update section for more details.

Shrinkable Statistics History

Statistics history can now be automatically made smaller if a systems memory resources are above a certain amount. By default this is enabled and will trigger when over 95% of memory is in use. Half of all existing entries will be removed at this time. The same pattern will continue to halve the available records every time the threshold is met. A hard-set minimum of 5 entries is set, so you will always have the last 5 entries. This setting may be adjusted by adding the following setting to your config.tdsl file and adjusting the integer value:

stats() {
  'stats-high-memory-level' = 95
}

Statistics now available for all modules

For any bean, you may enable statistics by using the following

bean (class) {
  statistics = true
}
Spam Protection

Tigase XMPP Server v8.0.0 now includes some efforts to prevent spam bot accounts from running on servers.

Account Registration Limits Expanded

Account registration limits have been expanded and now you can set separate counters, or configure components individually for their own limits. Visit this section for configuration details.

Accounts created using in-band registration now will use confirmation E-mail

In an effort to create a more secure method for implementing JabberIqRegister Tigase XMPP Server will now require the use of a confirmation E-mail by default in the process. The E-mail must be valid, and accounts will be made into pending status until a user clicks the generated URI in the E-mail and activates the account. This is a plugin and must be enabled in the config.tdsl file by using the following code:

'account-registration-email-validator'() {}
Further Spam prevention

Tigase-spam component is now in dist-max distribution package, and has a number of features described here in this section.

Changes in password storage

Before version 8.0.0, user passwords were stored in plaintext in the user_pw database field within tig_users table, but in plaintext. It was possible to enable storage of the MD5 hash of the password instead, however this limited authentication mechanism SASL PLAIN only. However an MD5 hash of a password is not really a secure method as it is possible to revert this mechanism using rainbow tables.

Therefore, we decided to change this and store only encrypted versions of a password in PBKDF2 form which can be easily used for SCRAM-SHA-1 authentication mechanism or SCRAM-SHA-256. SASL PLAIN mechanism can also use these encrypted passwords.

The storage of encrypted passwords is now enabled by default in v8.0.0 of Tigase.

Dynamic TLS Buffer

Memory Buffer for TLS no longer remains at highest buffer size needed for the server session. Buffer will now free memory during idle connections. Thus drastically improving program footprint.

XEP-305 Quickstart now supported

It’s now possible to establish connection faster due to implementation of XEP-0305: XMPP Quickstart (#1936). Feature is only available for c2s Connection Manager (i.e. connections on port 5222) and needs to be enabled in config.tdsl

c2s () {
    'pipelining' = true
}

Database Timestamps

Timestamps in database will be stored using UTC time.

Config-type properties have changed

Config-type is now configured using DSL format. Visit this section for more information. The names of different config-type properties have changed: default replaces --gen-config-def, --gen=config-all, and --gen-config-default configuration types. session-manager replaces --gen-config-sm. connection-managers replaces --gen-config-cs. component replaces --gen-config-comp. setup - is a new type of config created for initial configuration of Tigase XMPP Server.

Note

Old versions are no longer supported, you HAVE to replace old versions with the new ones manually when upgrading to v8.0.0.

Database Watchdog implemented

It is now possible to set connection testing to databases when connections are idle and customize the frequency with which this is done. Visit this section for more details.

Packet statistics expanded

Packet statistics both retrieved VIA XMPP and during graceful shutdown have now been separated to a per-XMLNS basis. This may be disabled by adding the following line to config.tdsl file:

'detailed-other-statistics' = false

XEP-0016 Behavior changes

XEP states that Privacy lists should be used when no user session exists in addition to when there is. Previously, Tigase would only filter results when retrieving messages, allowing blocked users to store offline messages. This has now been changed to reflect the XEP properly, and messages will be filtered while there is no user session. If however, you wish to use the previous version, where offline messages are cached first and then filtered, you may use the following configuration:

'sess-man' {
    'jabber:iq:privacy' () {
        privacyListOfflineCache (active: true) {
          size = 20000
        }
    }
}

By default, the cache has a limit of 10000 entries, that may be set by using size bean as seen above.

Access Control List has new ACL modifiers

New permissions have been added to ACL including DOMAIN_OWNER and DOMAIN_ADMIN to reduce permissions checking, and add another level of fine-grained permissions. For more details, please see Tigase ACL configuration for more details.

Option to ignore schema-version check added

You can now skip the schema check phase for individual databases. To do this, add the following do the datasource configuration block:

DataSource () {
  default () {
    'schema-management' = false
  }
}

This will do the following:

  • Print a warning during repository startup.

  • Skip schema upgrades for the source.

  • Skip schema destruction for the source.

Protection against brute-force attacks

Version 8.0.0 improves security by preventing brute-force attacks. Feature needs to be explicitly enabled and configured (on per VHost basis). Detailed configuration is described in ??? (#8160)

New Minor Features & Behavior Changes

  • #611 Support for Message of the Day is now enabled in Tigase XMPP Server and can be administered using XEP-0133 Service Administration.

  • #1569 Re-implemented XEP-0133 Service Administration Scripts 4.3 Disable User and 4.4 Re-enable User.

  • #1449 Monitoring modules now works in OSGi mode.

  • #1706 auto-authorize of presence subscriptions can now be set for individual vhosts.

  • #1968 Added a Proxy Wrapper to handle reconnections to database connection pool to help prevent deadlocking threads.

  • #3511 Mechanism responsible for closing XMPP in SessionManager has been changed to process all packets from TCP connection before closing connection.

  • #3802 Implementation and API of LocalEventBus and ClusteredEventBus has been unified and is now available as EventBus.

  • #3918 Session Establishment Advertisement is now optional, bringing session establishment in line with RFC 6121.

  • #4111 Changed input buffer sizing to use a ratio of 2 to 1 based on input capacity. No longer using a constant value.

  • #4212 Database schema files have been flattened and made for better organization.

  • #4501 CounterDataFileLogger now has an upper limit and will be default be shrunk to 75% if available disk space is 5% or less than 100MB.

  • #4654 PubSub component has been updated and new schema uses UTF-8 encoding when hashing database lookup.

  • #4776 Tigase DbSchemaLoader now prompts for password if one is missing from command line.

  • #4788 Push component added to dist-max archive.

  • #4814 SASL-SCRAM will now be automatically disabled if auth database uses encoded passwords.

  • #4844 External components can now have SSL socket connections assigned to them.

  • #4859 Tigase DbSchemaLoader now can support using SSL when connecting to databases.

  • #4874 Tigase Test Suite has been updated to correspond to all changes for v8.0.0.

  • #4877 In-memory repository implemented for testing ONLY.

  • #4880 Tigase config-type settings have been reduced and changed. See this section for more details.

  • #4908 Limited Ad-hoc execution to admin only within monitor component.

  • #5005 Detailed logging configuration is now available in DSL format. See xref:[customLogging] for more details.

  • #5069 Packet processed statistics now separates results based on XML Namespaces.

  • #5079 Tigase DbSchemaLoader can now process multiple .sql files in one command by using a comma separated list when calling.

  • #5086 Tigase server monitor is loaded after delay to prevent NPE during startup.

  • #5149 StanzaReceiver and StanzaSender Components have been deprecated and are no longer part of Tigase XMPP Server. Related SQL tables xmpp_stanza and short_news have also been removed from schemas.

  • #5150 All TigaseDB tables now use the tig_ prefix.

  • #5214 Check has been added if recipient exists before storing offline messages for local jid.

  • #5293 DbSchemaLoader now will fail execution instead of skipping when encountering missing files.

  • #5379 Server ready detection has been improved in testrunner.sh.

  • #5397 Webhelp Documentation will no longer be built.

  • #5422 Errors with Beans will now result in compact and more readable StackTrace print in console log.

  • #5423 System configuration will now be printed to log file as ConfigHolder.loadConfiguration output.

  • #5425 GetAnyFile and GetConfigFile scripts moved to message-router instead of basic-conf.

  • #5429 Adjusted settings for Dynamic Rostering now can use separate beans for multiple implementations.

  • #5430 BindResource is now set to FINER log level to reduce console output verbosity.

  • #5475 Setting default environment variables is now possible in config.tdsl file using env('env-1', 'def-value') lines. Details available in DSL Configuration section.

  • #5496 Destroy Schema task now added to schema manager.

  • #5583 Error messages now properly sent when offline message storage is full.

  • #5674 All components now use UTC timestamp when interacting with databases.

  • #5800 Better annotation of deprecated code, cleanup and removal code previously marked as deprecated.

  • #5964 Server version is now added to JMX statistics.

  • #5982 Remote JVM debugging configuration added to tigase.conf file, commented by default.

  • #6038 Data Source pool connections are now initialized concurrently instead of one at a time, dropping initializing time.

  • #6103 RosterElement`no longer keeps `XMPPResourceConnection instance as it is cached elsewhere. Removal results in net improvement in memory footprint.

  • #6133 Tigase now checks components against server version to ensure compatibility.

  • #6163 Groovy plugin updated to v2.4.12.

  • #6206 Separated TigaseXMLTools and TigaseUtil packages for better compatibility with JDK v9.

  • #6216 MongoDB Driver now updated to v3.5.0.

  • #6560 tigase anti-spam component now included in tigase dist-max archive.

  • #6821 Improved error reporting when errors from ConfigReader.

  • #6842 DefaultTypesConverter no longer requires case sensitive enums.

  • #7082 ClassUtilBean now handles packet filtering for packets part of Tigase Server but not containing beans, other improvements to mDNS.

  • #7433 SeeOtherHost no longer uses PropertiesBeanConfigurator to parse configuration.

  • #7446 User credentials can now be managed with Ad-hoc commands.

  • #7743 Improved error message when repository is not found.

  • #7773 Ad-hoc commands can now by executed asynchronously.

  • #2341 allow specifying SubscriptionType when adding buddy to avoid calling separately .setBuddySubscription() thus eliminating saving roster twice to database if not needed

1.5.2. Fixes

  • #2750 Multiple artifact and depreciated file cleanup. Massive code cleanup and javadoc cleaning.

  • #3582 Schema files streamlined, and no longer embedded in code.

  • #3611 Fixed TheadExceptionHandler caused by ACS unable to read PubSub schema changes.

  • #3686 Issues with processing XHTML-IM have been fixed, and now render correctly messages with multiple CData items.

  • #3689 Packets returned from CM no longer bear the original senders’ jid.

  • #3803 New call RouteEvent has been added to check to list and check events and determine which should be forwarded to other nodes.

  • #3822 Error is now thrown if listener is registered for an event that is not found in EventBus.

  • #3910 Fixed NPE in SessionManager when session is closed during execution of everyMinute method.

  • #3911 Fixed issue of dropping connections during thread load distribution.

  • #4185 Fixed an error where messages would be duplicated on stream resumption due to a counter being reset upon reconnection.

  • #4447 Fixed condition where expired messages in offline store would cause locks.

  • #4547 config.dump file now is fully compatible with init.tdsl file and DSL file formatting.

  • #4672 Fixed UnsupportedOperationException occurring during configuration of WebSocketConnectionClustered.

  • #4776 DBSchemaLoader now asks for user credentials if parameter is missing. Exceptions are no longer thrown if file specified is not found.

  • #4885 client-port-delay-listening no longer causes exception when called.

  • #4973 Changed Message History query to now include a limit when selecting items, preventing an SQLTimeoutException.

  • #5005 Fixed an issue where disabling components would result in server shutdown.

  • #5042 Fixed issue when implementing custom SASL providers, mechanisms and callback handler factories.

  • #5066 Fixed issue initializing databases using MongoDB.

  • #5076 last_login and last_logout values are now properly updated while using SASL SCRAM authentication.

  • #5084 SCRAM now checks to see if account is disabled before retrieving password.

  • #5085 Fixed too many beans implemented error in Monitor Component.

  • #5088 Removed unnecessary SASL request processing after session is closed.

  • #5118 Fixed NPE during query of privacy lists then type is missing.

  • #5303 Fixed beans not being overridden by configuration if they were registered in RegistrarBean or AbstractKernelBasedComponent.

  • #5311 Offline messages are no longer dumped from MongoDB when restarting server.

  • #5394 Loading main Derby schema no longer throws exceptions.

  • #5428 Fixed parsing of v-host per domain limit property.

  • #5450 Server no longer automatically shuts down when default or other db can not be found or accessed.

  • #5458 Fixed potential timeout arising from XMPPIOService::xmppStreamOpened() method.

  • #5480 Fixed issue in Derby DB where obtaining offline messages results in SQLException.

  • #5525 Fixed S2S invalid-namespace error being returned during connection establishment.

  • #5587 Fixed unclosed ResultSet when storing a message to AMP-offline database in Derby causing deadlock.

  • #5645 Added fix for possible NPE when failing to retrieve beans.

  • #5670 config-dump now prints configuration for inactive components and beans to log.

  • #5692 Messages sent with negative priority were being occasionally dropped and not processed to OfflineMessageHandler.

  • #5727 Fixed potential issue with MySQL procedures not being killed properly.

  • #5750 Statistics now filter out zero-value results unless FINEST level is requested.

  • #5831 Fixed occurrence of OutOfMemory error.

  • #5864 Fixed NPE when executing BOSH pre-bind script.

  • #5867 Fixed NPE occurring during configuration dump.

  • #6000 Fixed a few issues with dynamic rosters properly handling presence subscription requests.

  • #6006 Improved configuration file and DB Schema handling.

  • #6041 Fixed potential issue where vhosts DB could be overwritten by vhosts configuration in init.config.

  • #6078 Fixed ClusterConnectionManager to use custom_elements_limit instead of a fixed value.

  • #6080 Fixed Packet Filtering to not filter cluster node information requests.

  • #6083 Fixed clustered mode shutting down server when certain components are disabled.

  • #6135 Tigase now properly enabled selective TLS if not enabled globally.

  • #6140 Fixed issue while sending server welcome message.

  • #6141 Fixed NPE at startup.

  • #6234 Fixed an error where an error message would repeat unnecessarily.

  • #6284 Ad-hoc commands now refresh SSL Certificate, and restart is no longer required.

  • #6293 Server no longer sends no response upon setting empty photo in vCard.

  • #6263 Fixed missing namespaces in responses from adhoc commands.

  • #6400 Added a proper error when max-queue-size is too small and server cannot start.

  • #6408 Fixed an issue where single WebSocket frames contained multiple XML stanzas instead of one per frame.

  • #6411 Main kernel is now called to smooth shutdown. Further, timeout periods are opened up for large instances.

  • #6574 SSL certificate upload handling is now fixed within cluster mode.

  • #6598 Fixed EventBus Registration connection issues between cluster nodes.

  • #6658 Cluster connections no longer potentially keep open connection after cluster is no longer connected or available.

  • #6749 Fixed schema parsing for DerbyDB.

  • #6776 Fixed failing Websocket connections if header contains more than one value.

  • #6875 Fixed an issue where C2S connections could be accepted before SessionManager was initialized.

  • #7037 Fixed error while parsing negative values from config.tdsl file.

  • #7055 Improvements to metaspace use and other memory use tweaks.

  • #7304 Virtual host logs now properly follow log size limits.

  • #7431 AdHoc requests between the same user with different resources are no longer dropped with `NoConnectionIdExecption`error.

  • #7434 Adjusted SeeOtherHotDualIP to use new table name in cluster nodes database.

  • #7491 Stacktraces from CertificateContainer are no longer printed to tigase-console.log, but will be printed to tigase.log.

  • #7687 Fixed an error where connections failed after authentication timeout were marked as active after cleanup.

  • #7747 Fixed ClusterRepoItemEvent serialization issues causing unsupported conversion error in cluster mode.

  • #7495 fix issue with not all logs being obfuscated, added testcase, documentation

  • #8305 fix issue with SeeOtherHostDualIP when using MongoDB

1.5.3. Component Changes

AMP

  • #7301 Tigase AMP component now uses multiple processing threads.

PubSub

  • #5033 PubSub now compatible with using emojis in pubsub items.

  • #5693 Fixed parsing configuration of SessionManager processors.

  • #5766 PubSub now writes to all databases with UTC timestamp.

  • #5953 Fixed presences not being removed from presenceByService collection if client disconnects without <unavailable/> presence being sent.

  • #6176 version changed to PubSub v4.0.0.

  • #7707 Fixed potential NPE in PubSub.

http-api

  • #4873 Support added to display timestamp fields as data, time, and timezone fields.

  • #4876 Implemented using XML repository for new setups, and updated default config to use this.

  • #4888 http-api now is enabled by default.

  • #5209 Updated visual styling of pages hosted by component.

  • #5290 Fixed invalid property name.

  • #5316 Account Registration now can now require and send confirmation E-mails.

  • #5415 Web Setup now checks configuration for message archive conflicts.

  • #5460 MongoDB now supported through web-setup.

  • #5717 Fixed default values of check-boxes in admin UI not being shown.

  • #5950 Supported added for XEP-0363: HTTP File Upload.

  • #6159 Fixed NPE thrown if scripts directory is not present.

  • #6176 version changed to tigase-http-api v2.0.0.

  • #6212 Added mechanism for password changing through HTTP API.

  • #7307 Fixed scripts returning 404 while handling rest/user/ requests even though user exists.

  • #7178 Ad-hoc commands are now categorized in groups for better organization.

  • #7568 Added timeout reading for HTTP request headers, added configurable accept-timeout.

message-archive

  • #4867 fixed issue when changing MA jid.

  • #4888 message-archive is enabled by default.

  • #5033 Update message archive to be compatible with emojis.

  • #5391 Added missing query statement block starts and ends to be compatible with SQL Server.

  • #5604 Modified access to static fields and functions.

  • #5681 Fixed duplication of groupchat messages with different ids by modifying hash algorithm.

  • #6176 version changed to message-archive v2.0.0.

  • #7615 feature-not-implemented response no longer occurs when removing stored messages.

MUC

  • #4888 muc now is enabled by default.

  • #5033 MUC component is now compatible with emojis.

  • #5066 Fixed issues working with MongoDB repository.

  • #5085 Removed invalid annotation parameter values.

  • #5559 Fixed NPE while changing default room configuration.

  • #5666 User may add more than one <item/> elements to query when querying room members.

  • #5715 Welcome messages may now be disabled globally, or in individual room configurations.

  • #5736 Rooms with no subject now return empty <subject/> element, as per XEP-0048 7.2.16.

  • #5813 Fixed NPE during room creation.

  • #6176 version changed to tigase-muc v3.0.0.

  • #6395 Fixed tigase.db.UserNotFoundException during retrieval of MUC user.

  • #6734 Introduced muc#roomconfig_maxresources to allow configuration of max number of resources for a single occupant.

  • #7443 Disabled XEP-0091 by default, added history attribute validation.

socks5 Proxy

  • #2750 Cleanup of code and removal of empty javadocs.

  • #5867 Fixed NPE during configuration dump when component is disabled.

  • #6176 version changed to tigase-socks5 v2.0.0.

stats

  • #5206 Fixed exception causing duplicate error entry.

  • #5728 Fixed MySQLIntegrityConstraintViolationException in upload handler.

  • #6161 Removed usage of classes from javax.xml.ws package for JDKv9 compatibility.

STUN Server

  • #6176 version changed to tigase-stun v2.0.0.

WebSocket

  • #6481 Websocket component has been improved to be more compliant with rfc6455