UnrealIRCd 4.0.13 released

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

(You can unsubscribe from this list here
<https://sourceforge.net/projects/unreal/lists/unreal-notify/unsubscribe>)

Hi everyone,

UnrealIRCd 4.0.13 is now available. It adds support for two
SSL/TLS-related features: STS
<https://www.unrealircd.org/docs/SSL/TLS#Strict_Transport_Security>
(Strict Transport Security) and SNI
<https://www.unrealircd.org/docs/Sni_block> (Server Name Indication).
This release also fixes a number of bugs, the most encountered ones
being related to 'simple' spamfilters and the previously introduced +Z
user mode.

If you have twitter, consider following @Unreal_IRCd
<https://twitter.com/Unreal_IRCd> where we post more frequent updates.
In particular, release candidates and insignificant dot-releases are not
announced via this mailing list to keep it low-volume.

*Changes between version 4.0.12 and 4.0.13
*Improvements

  * Support for Strict Transport Security
    <https://www.unrealircd.org/docs/SSL/TLS#Strict_Transport_Security>
    (draft/sts). When enabled, this tells capable clients to (re)connect
    using SSL/TLS. This is a nice security feature, although only a few
    clients support it as of writing.
  * Support for Server Name Indication (SNI) via the new sni { } block
    <https://www.unrealircd.org/docs/Sni_block>
  * Add conf/modules.optional.conf. This loads all additional modules
    that are not in modules.default.conf (m_ircops, m_staff, nocodes,
    textban, hideserver, antirandom and websocket)

Major issues fixed

  * 'simple' spamfilters ended up being 'posix' after server linking.
  * User mode +Z (secureonly) not working properly across server links.
  * REHASH from WebSocket connection would cause a crash (requires ircop
    privileges)

Minor issues fixed

  * Prevent /OPER for oper blocks with non-existant operclass
  * Bump MAXCONNECTIONS for Windows, allowing you to hold more clients.
  * The 'ban too broad' checking was broken. This permitted glines such
    as 192.168.0.0/1 being set. Now it rejects CIDR of /15 and lower. To
    disable this safety measure you can (still) use: set { options {
    allow-insane-bans; }; };

*Other changes
*

  * The websocket module now no longer sends \r\n in the websocket data
    and no longer requires it on incoming messages (but you can still
    send it if you like). Also version bumped to 1.0.0.
  * Mark all shipped modules as official (non-3rd-party)
  * Verify certificate when submitting crash reports
  * Support --without-privatelibdir for packagers

*For module coders*

  * CAP API changes:
      o The cap->visible(void) callback is now cap->visible(aClient *)
      o There is a new cap->parameter(aClient *) callback function, see
        the cap/sts module for how it can be used.
      o Various updates to subfunctions to pass 'sptr' (due to the
        above), including clicap_find(sptr, ...)
      o New CLICAP_FLAGS_ADVERTISE_ONLY flag (CAP cannot be REQ'd, such
        as with draft/sts)

*Download*
As always, you can download UnrealIRCd from https://www.unrealircd.org/
All releases are signed with our PGP key (key id 0xA7A21B0A108FF4A9)

*Bug reports and feature enhancements
*Please report all bugs and feature suggestions at
https://bugs.unrealircd.org/
Our GitHub repository is available on
https://github.com/unrealircd/unrealircd/

-- 
Bram Matthys
Security researcher                     sy...@vu...
Website:                                  www.vulnscan.org
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: EBCA 8977 FCA6 0AB0 6EDB  04A7 6E67 6D45 7FE1 99A6