Highlights

• Moving away from self-hosted gitlab (mathieui)
• Fix connection to Snikket instances (pep., mathieui)
• Performance fix for XEP-0115 queries
• New documentation listing projects using slixmpp (genghis)
• Bugfix and improvements (nicoco, mostly)

Details

• Gitlab migration: see the other blogpost
• Fix connections to Snikket instances:

Snikket decided to forbid PLAIN authentication, which is good but exposed a bug in slixmpp, which was trying to do SCRAM-SHA-1-PLUS authentication on TLSv1.3 using the tls-unique channel binding, which is forbidden by spec on this version of TLS as it has various known attacks. TLSv1.3 has the tls-exporter binding which replaces tls-unique, but we cannot currently use it in slixmpp because CPython does not support it. For now, connections to Snikket instances will use SCRAM-SHA-1 without binding (note that the stanzas may say SCRAM-SHA-1-PLUS, but it is the SCRAM payload which is important here).

• Performance fix for XEP-0115 (Entity Capabilities):

previously, when receiving the same hash many times, while it was not in cache, slixmpp would fire tons of similar requests at the same time, which would predictably yield the same result. Nicoco made a fix, tested it in Slidge and upstreamed it, which will greatly improve the situation.

• Documentation:

New contributor genghis has taken the task of adding a page listing various projects and bots that use slixmpp, both for their own visibility and to give more examples of projects using slixmpp.

• Bugfixes:

nicoco has made various improvements to XEP plugins used in Slidge, such as XEP-0356, XEP-0428, XEP-0461, or XEP-0313 plugins. sxavier added helpful documentation and example to the XEP-0221 plugin, and Daniel Roschka fixed an issue where repeatedly calling connect() would wipe the previously set connection parameters.

Thanks to all new and returning contributors and maintainers for this release. It can be found on codeberg.