We're pleased to announce Oragono 2.1.0, a new stable release.
Since the release of 2.0.0 in March, a number of new communities and organizations have adopted Oragono as a communications tool. This new release incorporates many improvements and fixes derived from the experiences of real-world operators and end users. Highlights include:
- Native support for websockets contributed by @hhirtz, eliminating the need for a separate websockets-to-IRC proxy server
- Tighter control over the relationship between account names and nicknames, eliminating the need for extbans
- Support for sending account verification emails directly from Oragono, including DKIM signatures
Many thanks to @ajaspers and @hhirtz for contributing patches, to @ajaspers, @eklitzke, and @hhirtz for contributing code reviews, to @ajaspers, @bogdomania, @clukawski, Csibesz, @csmith, @eklitzke, @nxths, @hhirtz, @jesopo, @jlnt, @justjanne, @jwheare, @k4bek4be, @KoraggKnightWolf, @kula, @kylef, @Mitaka8, @petteri, @PizzaLover2007, @prawnsalad, @RyanSquared, savoyard, and @xPaw for reporting issues, and to @bogdomania, @boppy, Nuve, stickytoffeepuddingwithcaramel, and @vegax87 for contributing translations.
This release includes changes to the config file format, including one breaking change: support for server.ip-cloaking.secret-environment-variable has been removed. (See below for instructions on how to upgrade if you were using this feature.) All other changes to the config file format are backwards compatible and do not require updating before restart.
This release includes a database change. If you have datastore.autoupgrade set to true in your configuration, it will be automatically applied when you restart Oragono. Otherwise, you can update the database manually by running oragono upgradedb (see the manual for complete instructions).
This release includes a change to the MySQL schema. This change will be applied automatically when you restart Oragono. It is fully backwards compatible (i.e., if it is necessary for you to downgrade Oragono back to 2.0.0, it will not be necessary to downgrade the schema).
Config Changes
- Added
websocketattribute of individual listeners, and a newserver.websocketssection, for configuring websocket listeners. (#967, thanks @hhirtz!) - The recommended default is now to enable IP cloaking. In order to facilitate this, the cloaking secret is now stored in the database, instead of the config file. If you currently have a secret stored in the config file (as
server.ip-cloaking.secret), it will be automatically imported into the database. If you were usingsecret-environment-variableto distribute your cloaking secret, you can import it manually after restart using the new/HOSTSERV SETCLOAKSECRETcommand. (#952) - Added
accounts.nick-reservation.force-nick-equals-account, which ensures that logged-in clients are using their account name as their nickname. This eliminates the need for extbans and is a new recommended default. (#864) - Added
guest-nickname-formatandforce-guest-format, which optionally add a prefix likeGuest-to the nicknames of unauthenticated users (#749) - The recommended default is now to enable history storage and playback, with messages expiring after 7 days. (As with all changes in recommended config values, applying this to an existing config file requires explicitly changing the values.) (#1030)
- Added
history.retentionsection for controlling new features related to history storage and deletion (#858) - The recommended default for
accounts.multiclient.always-onis nowopt-in(#919) - Added
accounts.default-user-modes; the recommended default is now to set+ion all users automatically (#942, thanks @ajaspers!) - Added
channels.list-delay, allowing restrictions on channel listings as a defence against spambots (#964) - Added
accounts.multiclient.auto-away, allowing always-on clients to be automatically marked as away when all their sessions disconnect - Added
accounts.throttlingas a global throttle on the creation of new accounts (#913) - New format for
accounts.callbacks.mailto, allowing direct email sending and DKIM signing (#921) - Added
accounts.login-via-pass-command, providing a new mechanism for legacy clients to authenticate to accounts by sendingPASS account:passwordpre-registration (#1020) - Added
datastore.mysql.socket-path, allowing MySQL connections over UNIX domain sockets (#1016, thanks savoyard and @ajaspers!) - Added
roleplaysection for controlling the server's roleplay features (#865) - The recommended default for
accounts.nick-reservation.allow-custom-enforcementis nowfalse(#918) - The recommended default is now to allow PROXY and WEBIRC lines from localhost (#989, #1011)
- Added
channels.registration.operator-only, optionally restricting channel registrations to operators (#685) - Added
server.output-pathfor controlling where the server writes output files (#1004) - Operator capability names prefixed with
oper:have been normalized to remove the prefix (the old names are still respected in the config file) (#868) - The log category names
localconnectandlocalconnect-iphave been changed toconnectandconnect-iprespectively (the old names are still respected in the config file) (#940)
Security
- Fixed incorrect enforcement of ban/invite/exception masks under some circumstances (#983)
- STATUSMSG were being stored in history without the relevant minimum-prefix information, so they could be replayed to unprivileged users. This was fixed by not storing them at all. (#959, thanks @prawnsalad!)
- Fixed invisible users not being hidden from
WHO *queries (#991, thanks @ajaspers!) - Restricted nicknames of some additional common services:
OperServ,BotServ,MemoServ, andGlobal(#1080, thanks @KoraggKnightWolf!)
Fixed
- Fixed incorrect rejection of
draft/multilinemessages containing blank lines (#1005, thanks @jwheare!) - Fixed roleplay commands, which were completely broken from v1.1.0 through v2.0.0 (#865, thanks @petteri and @Mitaka8!)
- Fixed
/SAMODEapplying user mode changes to the operator instead of the target user (#866, thanks @csmith!) - Fixed some channels not being unregistered during account unregistration (#889)
- Fixed
/NICKSERV SETand related commands being unavailable when account registration is disabled (#922, thanks @PizzaLover2007!) - Fixed
TAGMSGnot being replayed correctly in history (#1044) - Fixed incorrect
401 ERR_NOSUCHNICKresponses onTAGMSGsent to a service (#1051, thanks @ajaspers!) - Fixed
301 RPL_AWAYnot being sent inWHOISresponses when applicable (#850) /OPERwith no password no longer disconnects the client (#951)- Fixed failure to send extended-join responses after account unregistration (#933, thanks @jesopo!)
- Improved validation of channel keys (#1021, thanks @kylef!)
- Fixed labeling of
421 ERR_UNKNOWNCOMMANDresponses (#994, thanks @k4bek4be!) - Fixed incorrect parsing of ident protocol responses (#1002, thanks @justjanne!)
- Fixed registration completing after
NICKand an ident response, without waiting forUSER(#1057, thanks @KoraggKnightWolf!) - Fixed messages rejected by the
+Rmode being stored in history (#1061, thanks @KoraggKnightWolf!) - Fixed redundant
/INVITEcommands not sending443 ERR_USERONCHANNEL(#842, thanks @hhirtz!) - Fixed
/NICKSERV REGISTERresponse displayingmailto:out of context (#985, thanks @eklitzke!) - Fixed nickname changes not sending
731 RPL_MONOFFLINEwhen appropriate (#1076, thanks @ajaspers!) - Fixed incorrect MONITOR responses in some cases (#1086, thanks @ajaspers!)
- Fixed HostServ approval and rejection notices being sent from the wrong source (#805)
- Error messages for invalid TLS certificate/key pairs are now more informative (#982)
- Fixed error message when attempting to attach a plaintext session to an always-on client (#955, thanks @bogdomania and @xPaw!)
- Increased the TLS handshake timeout, increasing reliability under high CPU contention (#894)
- Fixed
CHANMODESISUPPORT token (#408, #874, thanks @hhirtz!) - Fixed
002 RPL_MYINFOparameters (#1058, thanks @KoraggKnightWolf!) - Fixed incorrect parameter limit for
MONITORin theTARGMAXisupport token (#1090, thanks @KoraggKnightWolf!) - Fixed edge cases in handling of the
+kchannel mode parameter (#874, thanks @hhirtz!) account-notifylines are now part of the labeled-response batch when applicable (#1018)- Fixed incorrect help description of channel mode
+R(#930, thanks @PizzaLover2007!) - Fixed
255 RPL_LUSERMEresponse to indicate that the number of federated peer servers is 0 (#846, thanks @RyanSquared!)
Changed
- Account names are now permanent identifiers; they cannot be re-registered after unregistration, and applicable nickname protections remain in force. (#793)
- User modes of always-on clients now persist across server restarts (#819)
- Registered channels with no members remain present on the server, including their in-memory history messages when applicable (#704, thanks @bogdomania!)
- Updated the setname IRCv3 capability to its ratified version (#1001)
/CHANSERV AMODEnow takes immediate effect (#729)- The channel founder can now take any action that would require channel privileges without actually having the
+qmode (#950, #998) - Account unregistration now always disconnects the client (#1028)
- Fakelag is now temporarily disabled during the sending of a
draft/multilinemessage batch (#817) - Failed attempts to join a
+Rchannel now send477 ERR_NEEDREGGEDNICK(#936, thanks @PizzaLover2007, @jesopo!) 353 RPL_NAMREPLYnow always uses a trailing parameter, for compatibility with incorrect client implementations (#854, #862)- Channels with persistent history can no longer be renamed with
/RENAME(#827) - The self-signed certificate generation command
oragono mkcertsnow generates a 2048-bit RSA certificate, instead of a NIST P-521 ECDSA certificate (#898) - Cleaned up compatibility with an obsolete WEBIRC escaping convention (#869)
- The cloak secret is now stored in the database, so it can no longer be rotated by changing
server.ip-cloaking.secret. To rotate the secret, use the new/HOSTSERV SETCLOAKSECRETcommand. (#952)
Added
- Added native support for websockets (#967, thanks @hhirtz!)
- Added support for sending verification emails directly (i.e., without a MTA/smarthost), including DKIM signing (#920, #921)
- Added
/NICKSERV LISTand/CHANSERV LIST, allowing operators to list registered nicknames and channels (#974, thanks @ajaspers!) - Added auto-away feature for marking always-on clients away when all their sessions are disconnected; see
accounts.multiclient.auto-awayand/NICKSERV HELP SETfor more information (#824) - Added
/HISTSERV PLAY, which plays back history messages as NOTICEs from theHistServservice (#383, thanks @nxths!) - Added
/HISTSERV DELETEfor deleting history messages (see the config optionhistory.retention.allow-individual-delete) (#858) - Added
/HISTSERV FORGETfor deleting all history messages associated with an account (see the config optionhistory.retention.enable-account-indexing) (#858) - Added
/HISTSERV EXPORTfor exporting all history messages associated with an account as JSON. This can be used at the user's request for regulatory compliance reasons (see the config optionhistory.retention.enable-account-indexing) (#858) - Added support for logging legacy clients into accounts via the
PASScommand, with the account:password syntax used by Freenode. To enable this feature, setaccounts.login-via-pass-commandtotrue. (#1020, thanks @jlnt!) - Added
/NICKSERV ERASEas an escape hatch for operators, allowing an account to be erased and re-registered (#793) - Added support for playing back
MODEandTOPICmessages in history (#532) - Added
conventional.yaml, a version of the config file that provides a more traditional IRC experience. We recommend a config file based onoragono.yamlfor production networks, and one based onconventional.yamlfor IRCv3 conformance testing. (#918) - Added an optional global throttle on the creation of new accounts (#913)
- Added support for restricting
/LISTresponses sent to anonymous clients (#964) - Added support for the Plan 9 operating system and its derivatives, including testing on 9front (#1025, thanks @clukawski!)
Removed
- Removed support for colored log output (#940, #939)
- Removed support for distributing the cloaking secret via environment variables (#952)