Files
libstrophe-gh/ChangeLog
Dmitry Podgorny 2bf5cc0e41 auth: disable PLAIN when other mechanisms are supported
PLAIN mechanism sends password in BASE64 encoding which everyone can
read. As result, debug logs expose password and users often don't remove
it when post the logs in the Internet.

Usually, both a secure mechanism and PLAIN are used in the scenario when
username or password is incorrect. PLAIN fails in this scenario anyway.
2019-10-01 23:38:50 +03:00

84 lines
2.5 KiB
Plaintext

0.9.3
- PLAIN mechanism is used only when no other mechanisms are supported
- Legacy authentication is disabled by default, can be enabled with
connection flag XMPP_CONN_FLAG_LEGACY_AUTH
- Session is not established if it is optional
- Fixed a bug causing a reused connection not to cleanup properly
- Improved debug logging in OpenSSL module
- Few memory leaks fixed
0.9.2
- OpenSSL tls module verifies certificate by default. Set flag
XMPP_CONN_FLAG_TRUST_TLS to ignore result of the verification
- Certificate hostname verification is forced for openssl-1.0.2 and
newer
- OpenSSL tls module disables insecure SSLv2 SSLv3 and TLSv1
- Support of handlers with the same callback function, but different
userdata
- System handlers are deleted on xmpp_conn_t reconnection. Old system
handlers could cause problems
- Default timeout for xmpp_run() is increased from 1 millisecond to 1
second in order to reduce CPU consumption
- Reduced memory usage in expat module
- New functions:
- xmpp_error_new()
- xmpp_send_error()
- xmpp_ctx_set_timeout()
- xmpp_sha1_digest()
0.9.1
- Fixed bug #95 (DNS lookup failing on Cygwin)
- Removed dependency on the check package
0.9.0
- IPv6 support
- Legacy SSL support
- Initial Android support
- Resolver returns all SRV records instead of one. Lookup is performed
according to RFC2052
- xmpp_connect_raw() provides access to a xmpp_conn object just after
establishing TCP connection. This allows to implement in-band
registration, authentication mechanisms or serverless messaging
- xmpp_conn_t object is reusable now and can be reconnected with saving
all handlers, flags, jid and password
- New API:
- xmpp_uuid_gen()
- xmpp_connect_raw()
- xmpp_conn_open_stream_default()
- xmpp_conn_open_stream()
- xmpp_conn_tls_start()
- xmpp_conn_get_flags()
- xmpp_conn_set_flags()
- xmpp_conn_set_keepalive()
- xmpp_conn_is_secured()
- xmpp_stanza_del_attribute()
- xmpp_stanza_get_to()
- xmpp_stanza_get_from()
- xmpp_stanza_set_to()
- xmpp_stanza_set_from()
- xmpp_stanza_reply()
- xmpp_message_new()
- xmpp_message_get_body()
- xmpp_message_set_body()
- xmpp_iq_new()
- xmpp_presence_new()
- Exposed private API:
- xmpp_jid_new()
- xmpp_jid_bare()
- xmpp_jid_node()
- xmpp_jid_domain()
- xmpp_jid_resource()
- xmpp_stanza_get_attribute_count()
- xmpp_stanza_get_attributes()
0.8.8
- XML namespace support
- XEP-0114 support
0.8.7
- SCRAM-SHA-1 authentication mechanism
- pkg-config support
0.8.5
- libtoolize to generate .so