PLAIN mechanism sends password in BASE64 encoding which everyone can read. As result, debug logs expose password and users often don't remove it when post the logs in the Internet. Usually, both a secure mechanism and PLAIN are used in the scenario when username or password is incorrect. PLAIN fails in this scenario anyway.
84 lines
2.5 KiB
Plaintext
84 lines
2.5 KiB
Plaintext
0.9.3
|
|
- PLAIN mechanism is used only when no other mechanisms are supported
|
|
- Legacy authentication is disabled by default, can be enabled with
|
|
connection flag XMPP_CONN_FLAG_LEGACY_AUTH
|
|
- Session is not established if it is optional
|
|
- Fixed a bug causing a reused connection not to cleanup properly
|
|
- Improved debug logging in OpenSSL module
|
|
- Few memory leaks fixed
|
|
|
|
0.9.2
|
|
- OpenSSL tls module verifies certificate by default. Set flag
|
|
XMPP_CONN_FLAG_TRUST_TLS to ignore result of the verification
|
|
- Certificate hostname verification is forced for openssl-1.0.2 and
|
|
newer
|
|
- OpenSSL tls module disables insecure SSLv2 SSLv3 and TLSv1
|
|
- Support of handlers with the same callback function, but different
|
|
userdata
|
|
- System handlers are deleted on xmpp_conn_t reconnection. Old system
|
|
handlers could cause problems
|
|
- Default timeout for xmpp_run() is increased from 1 millisecond to 1
|
|
second in order to reduce CPU consumption
|
|
- Reduced memory usage in expat module
|
|
- New functions:
|
|
- xmpp_error_new()
|
|
- xmpp_send_error()
|
|
- xmpp_ctx_set_timeout()
|
|
- xmpp_sha1_digest()
|
|
|
|
0.9.1
|
|
- Fixed bug #95 (DNS lookup failing on Cygwin)
|
|
- Removed dependency on the check package
|
|
|
|
0.9.0
|
|
- IPv6 support
|
|
- Legacy SSL support
|
|
- Initial Android support
|
|
- Resolver returns all SRV records instead of one. Lookup is performed
|
|
according to RFC2052
|
|
- xmpp_connect_raw() provides access to a xmpp_conn object just after
|
|
establishing TCP connection. This allows to implement in-band
|
|
registration, authentication mechanisms or serverless messaging
|
|
- xmpp_conn_t object is reusable now and can be reconnected with saving
|
|
all handlers, flags, jid and password
|
|
- New API:
|
|
- xmpp_uuid_gen()
|
|
- xmpp_connect_raw()
|
|
- xmpp_conn_open_stream_default()
|
|
- xmpp_conn_open_stream()
|
|
- xmpp_conn_tls_start()
|
|
- xmpp_conn_get_flags()
|
|
- xmpp_conn_set_flags()
|
|
- xmpp_conn_set_keepalive()
|
|
- xmpp_conn_is_secured()
|
|
- xmpp_stanza_del_attribute()
|
|
- xmpp_stanza_get_to()
|
|
- xmpp_stanza_get_from()
|
|
- xmpp_stanza_set_to()
|
|
- xmpp_stanza_set_from()
|
|
- xmpp_stanza_reply()
|
|
- xmpp_message_new()
|
|
- xmpp_message_get_body()
|
|
- xmpp_message_set_body()
|
|
- xmpp_iq_new()
|
|
- xmpp_presence_new()
|
|
- Exposed private API:
|
|
- xmpp_jid_new()
|
|
- xmpp_jid_bare()
|
|
- xmpp_jid_node()
|
|
- xmpp_jid_domain()
|
|
- xmpp_jid_resource()
|
|
- xmpp_stanza_get_attribute_count()
|
|
- xmpp_stanza_get_attributes()
|
|
|
|
0.8.8
|
|
- XML namespace support
|
|
- XEP-0114 support
|
|
|
|
0.8.7
|
|
- SCRAM-SHA-1 authentication mechanism
|
|
- pkg-config support
|
|
|
|
0.8.5
|
|
- libtoolize to generate .so
|