Details
- Gitlab migration: see the other blogpost
- Fix connections to Snikket instances:
Snikket decided to forbid PLAIN
authentication, which is good but exposed a bug in slixmpp, which was trying
to do SCRAM-SHA-1-PLUS authentication on TLSv1.3 using the tls-unique channel
binding, which is forbidden by spec on this version of TLS as it has various
known attacks. TLSv1.3 has the tls-exporter binding which replaces tls-unique,
but we cannot currently use it in slixmpp because CPython does not support it.
For now, connections to Snikket instances will use SCRAM-SHA-1 without binding
(note that the stanzas may say SCRAM-SHA-1-PLUS, but it is the SCRAM payload
which is important here).
- Performance fix for XEP-0115 (Entity Capabilities):
previously, when receiving
the same hash many times, while it was not in cache, slixmpp would fire tons of
similar requests at the same time, which would predictably yield the same result.
Nicoco made a fix, tested it in Slidge and upstreamed it, which will greatly improve
the situation.
New contributor genghis has taken the task of adding a page listing
various projects and bots that use slixmpp, both for their own visibility and to give
more examples of projects using slixmpp.
nicoco has made various improvements to XEP plugins used in Slidge, such
as XEP-0356, XEP-0428, XEP-0461, or XEP-0313 plugins. sxavier added helpful documentation
and example to the XEP-0221 plugin, and Daniel Roschka fixed an issue where repeatedly
calling connect() would wipe the previously set connection parameters.
Thanks to all new and returning contributors and maintainers for this release.
It can be found on codeberg.