Table of Contents
Tigase XMPP Server 8.0.0 Change notes and announcement
Tigase now operates using a Kernel and Beans style of programming. What does this mean for Tigase and You? Good news, really. Tigase XMPP Server is now working as a Kernel program, which will operate on it’s own and handle all the core functionality of the server. Component, and non-essential functionality will now be loaded as Beans. As a user, your experience will not change all that much. However, beans can be loaded and unloaded without having to restart Tigase, meaning that the program will behave more dynamically. This means a smaller footprint on memory on resources when components are not needed, and longer uptimes without having to rest art the program! This also allows for greater flexibility for Tigase XMPP Server to be better customized for unique solutions.
With the change of Tigase to a Kernel and Beans style of programming, we have also changed how the configuration file is managed. Although you will still edit the config.tdsl
file like a plaintext file, a new style of formatting will be used known as DSL.
Domain Specific Language may add more lines, but is a cleaner format, and provides a more secure configuration design since validation of the configuration is done at the domain level.
For more information on this format and how to configure Tigase, visit DSL Configuration Guide.
Starting with Tigase XMPP Server 8.0.0, users connected on clustered nodes will be able use a see-other-host
strategy when a node is being shutdown. Note: This may not be compatible with all clients.
The Ad-hoc command is designed for a graceful shutdown of cluster nodes as a groovy script Shutdown.groovy
.
This script also allows for the -timeout setting which will delay shutdown of the node, and alert all users (via a headline message) that the server will be shutdown after a time. User clients that are compatible with the command will then detect other connected clusters and maintain their connections.
If the command is being sent to shut down the whole cluster, no see-other-host
implementation will be sent, however timeout settings may still be used.
The script may be activated by an ad-hoc command, or sent using REST from remote or Tigase Admin UI.
Multiple changes have been made to the structure and coding for v8, many related to trimming size of repositories and old calls. Some of these improvements are listed here:
System.out.print*()
and printStackTrace()
have been removed from code.BouncyCastle Crypto API has now been employed to handle StartTLS negotiation. By doing this, Tigase now supports tls-unique
within the SCRAM PLUS authentication implementation.
This API is may be employed by calling the class in your configuration file:
c2s () { sslContextContainer(class: tigase.extras.bcstarttls.BCSSLContextContainer) {} }
The BouncyCastle classes are included in the dist-max archives.
Default virtual hosts property is now able to be configured only as a domain name instead of the list of virtual host domains with options. Additional virtual host domains and their options need to be configured using ad-hoc commands or web AdminUI. Reference Virtual-Hosts Configuration for more details.
Since work began on v8.0.0 Tigase has required that all changes to Tigase XMPP Server and dependencies be signed with known certificates. This version marks the first to be totally signed.
We have cleaned up installation methods for Tigase and now recommend the use of web-installer method. IzPack installer (files tigase-server-<version>-b<build>.jar
installation methods have been removed and will no longer be produced for v8.0.0 and later.
Manual installation is still available for those unable to use HTTP or browser access. Visit our Quick Start guide for instructions on these other methods.
Emojis are now supported on MySQL databases, however some settings may be need to be changed, although they won’t affect existing databases. Visit this section for details.
Tigase now supports XEP-0215 - External Service Discovery allowing Tigase to discover services that are not available VIA the XMPP Protocol. For setup and configuration information visit External Service Discovery Component documentation.
XEP-0313 - Message Archive Management is now supported by Tigase featuring custom enhancements like full-text search and searching by tags. MAM requires Tigase’s message archive to be enabled in the config.tdsl
file, and the schema (XEP-0136 or XEP-0313) must be configured in session manager settings.
To turn on MAM, see configuration guide located here.
XEP-0363 - HTTP File Upload is now supported using Tigase HTTP API component now allowing for a more robust one-to-many file uploading option. Configuration details are available at the HTTP File Upload Component section of documentation.
Tigase now uses bootstrapping to startup, which will load configuration from config.tdsl
file like before. Then Tigase will begin it’s normal operations with the configuration options. All startup functions for Tigase will now run under the bootstrap
bean.
XEP-0077 In band registration can use Data Forms as an option to process new registrations. Now you can secure these registrations by employing a CAPTCHA solution. By enabling this option you can reduce the number of potential spammers and bots on your server.
Now each component has it’s own schema for databases, they are no longer tied into Tigase XMPP server versions making changes and updates to individual components easier, and may not disrupt all users not using certain components. See the schema update section for more details.
Statistics history can now be automatically made smaller if a systems memory resources are above a certain amount. By default this is enabled and will trigger when over 95% of memory is in use. Half of all existing entries will be removed at this time.
The same pattern will continue to halve the available records every time the threshold is met. A hard-set minimum of 5 entries is set, so you will always have the last 5 entries.
This setting may be adjusted by adding the following setting to your config.tdsl
file and adjusting the integer value:
stats() { 'stats-high-memory-level' = 95 }
For any bean, you may enable statistics by using the following
bean (class) { statistics = true }
Tigase XMPP Server v8.0.0 now includes some efforts to prevent spam bot accounts from running on servers.
Account registration limits have been expanded and now you can set separate counters, or configure components individually for their own limits. Visit this section for configuration details.
In an effort to create a more secure method for implementing JabberIqRegister
Tigase XMPP Server will now require the use of a confirmation E-mail by default in the process. The E-mail must be valid, and accounts will be made into pending status until a user clicks the generated URI in the E-mail and activates the account.
This is a plugin and must be enabled in the config.tdsl
file by using the following code:
'account-registration-email-validator'() {}
Tigase-spam component is now in dist-max
distribution package, and has a number of features described here in this section.
Before version 8.0.0, user passwords were stored in plaintext in the user_pw
database field within tig_users
table, but in plaintext.
It was possible to enable storage of the MD5 hash of the password instead, however this limited authentication mechanism SASL PLAIN only.
However an MD5 hash of a password is not really a secure method as it is possible to revert this mechanism using rainbow tables.
Therefore, we decided to change this and store only encrypted versions of a password in PBKDF2
form which can be easily used for SCRAM-SHA-1
authentication mechanism or SCRAM-SHA-256
.
SASL PLAIN
mechanism can also use these encrypted passwords.
The storage of encrypted passwords is now enabled by default in v8.0.0 of Tigase.
Memory Buffer for TLS no longer remains at highest buffer size needed for the server session. Buffer will now free memory during idle connections. Thus drastically improving program footprint.
It’s now possible to establish connection faster due to implementation of XEP-0305: XMPP Quickstart (#1936). Feature is only available for c2s
Connection Manager (i.e. connections on port 5222) and needs to be enabled in config.tdsl
c2s () { 'pipelining' = true }
Config-type is now configured using DSL format. Visit this section for more information.
The names of different config-type properties have changed:
default
replaces --gen-config-def
, --gen=config-all
, and --gen-config-default
configuration types.
session-manager
replaces --gen-config-sm
.
connection-managers
replaces --gen-config-cs
.
component
replaces --gen-config-comp
.
setup
- is a new type of config created for initial configuration of Tigase XMPP Server.
Old versions are no longer supported, you HAVE to replace old versions with the new ones manually when upgrading to v8.0.0.
It is now possible to set connection testing to databases when connections are idle and customize the frequency with which this is done. Visit this section for more details.
Packet statistics both retrieved VIA XMPP and during graceful shutdown have now been separated to a per-XMLNS basis. This may be disabled by adding the following line to config.tdsl
file:
'detailed-other-statistics' = false
XEP states that Privacy lists should be used when no user session exists in addition to when there is. Previously, Tigase would only filter results when retrieving messages, allowing blocked users to store offline messages. This has now been changed to reflect the XEP properly, and messages will be filtered while there is no user session. If however, you wish to use the previous version, where offline messages are cached first and then filtered, you may use the following configuration:
'sess-man' { 'jabber:iq:privacy' () { privacyListOfflineCache (active: true) { size = 20000 } } }
By default, the cache has a limit of 10000 entries, that may be set by using size bean as seen above.
New permissions have been added to ACL including DOMAIN_OWNER
and DOMAIN_ADMIN
to reduce permissions checking, and add another level of fine-grained permissions. For more details, please see Tigase ACL configuration for more details.
You can now skip the schema check phase for individual databases. To do this, add the following do the datasource configuration block:
DataSource () { default () { 'schema-management' = false } }
This will do the following:
Version 8.0.0 improves security by preventing brute-force attacks. Feature needs to be explicitly enabled and configured (on per VHost basis). Detailed configuration is described in the section called “Brute-force attack prevention” (#8160)