Releases: ergochat/ergo
v2.13.1
Ergo 2.13.1 is a bugfix release, fixing an exploitable deadlock that could lead to a denial of service. We regret the oversight.
This release includes no changes to the config file format or database format.
Security
- Fixed an exploitable deadlock that could lead to a denial of service (#2149)
Internal
- Official release builds use Go 1.22.2
v2.13.0
We're pleased to be publishing v2.13.0, a new stable release. This is a bugfix release that fixes some issues, including a crash.
This release includes no changes to the config file format or database format.
Many thanks to @dallemon, @jwheare, @Mikaela, @nealey, and @Sheikah45 for contributing patches, reporting issues, and helping test.
Fixed
- Fixed a (hopefully rare) crash when persisting always-on client statuses (#2113, #2117, thanks @Sheikah45!)
- Fixed not being able to message channels with
/
(or the configuredRELAYMSG
separator) in their names (#2114, thanks @Mikaela!) - Verification emails now always include a
Message-ID
header, improving compatibility with Gmail (#2108, #2110) - Improved human-readable description of
REDACT_FORBIDDEN
(#2101, thanks @jwheare!)
Removed
Internal
- Upgraded the Docker base image from Alpine 3.13 to 3.19. The resulting images are incompatible with Docker 19.x and lower (all currently non-EOL Docker versions should be supported). (#2103)
- Official release builds use Go 1.21.6
v2.13.0-rc1
We're pleased to be publishing the release candidate for v2.13.0 (the official release should follow within a week or so). This is a bugfix release that fixes some issues, including a crash.
This release includes no changes to the config file format or database format.
Many thanks to @dallemon, @jwheare, @Mikaela, and @Sheikah45 for contributing patches, reporting issues, and helping test.
Fixed
- Fixed a (hopefully rare) crash when persisting always-on client statuses (#2113, #2117, thanks @Sheikah45!)
- Fixed not being able to message channels with
/
(or the configuredRELAYMSG
separator) in their names (#2114, thanks @Mikaela!) - Verification emails now always include a
Message-ID
header, improving compatibility with Gmail (#2108, #2110) - Improved human-readable description of
REDACT_FORBIDDEN
(#2101, thanks @jwheare!)
Removed
Internal
- Upgraded the Docker base image from Alpine 3.13 to 3.19. The resulting images are incompatible with Docker 19.x and lower (all currently non-EOL Docker versions should be supported). (#2103)
- Official release builds use Go 1.21.5
v2.12.0
We're pleased to be publishing v2.12.0, a new stable release. This is another bugfix release aimed at improving client compatibility and keeping up with the IRCv3 specification process.
This release includes changes to the config file format, one of which is a compatibility break: if you were using accounts.email-verification.blacklist-regexes
, you can restore the previous functionality by renaming blacklist-regexes
to address-blacklist
and setting the additional key address-blacklist-syntax: regex
. See default.yaml for an example; for more details, see the "Changed" section below.
This release includes a database change. If you have datastore.autoupgrade
set to true
in your configuration, it will be automatically applied when you restart Ergo. Otherwise, you can update the database manually by running ergo upgradedb
(see the manual for complete instructions).
Many thanks to @adsr, @avollmerhaus, @csmith, @EchedeyLR, @emersion, @eskimo, @julio-b, knolle, @KoxSosen, @Mikaela, @mogad0n, and @progval for contributing patches, reporting issues, and helping test.
Config changes
- Removed
accounts.email-verification.blacklist-regexes
in favor ofaddress-blacklist
,address-blacklist-syntax
, andaddress-blacklist-file
. See the "Changed" section below for the semantics of these new keys. (#1997, #2088) - Added
implicit-tls
(TLS from the first byte) support for MTAs (#2048, #2049, thanks @EchedeyLR!)
Fixed
- Fixed an edge case under
allow-truncation: true
(the recommended default isfalse
) where Ergo could truncate a message in the middle of a UTF-8 codepoint (#2074) - Fixed
CHATHISTORY TARGETS
being sent in a batch even without negotiation of thebatch
capability (#2066, thanks @julio-b!) - Errors from
/REHASH
are now properly sanitized before being sent to the user, fixing an edge case where they would be dropped (#2031, thanks @eskimo! - Fixed some edge cases in auto-away aggregation (#2044)
- Fixed a FAIL code sent by draft/account-registration (#2092, thanks @progval!)
- Fixed a socket leak in the ident client (default/recommended configurations of Ergo disable ident and are not affected by this issue) (#2089)
Changed
- Bouncer reattach from an "insecure" session is no longer disallowed. We continue to recommend that operators preemptively disable all insecure transports, such as plaintext listeners (#2013)
- Email addresses are now converted to lowercase before checking them against the blacklist (#1997, #2088)
- The default syntax for the email address blacklist is now "glob" (expressions with
*
and?
as wildcard characters), as opposed to the full Go regular expression syntax. To enable full regular expression syntax, setaddress-blacklist-syntax: regex
. - Due to line length limitations, some capabilities are now hidden from clients that only support version 301 CAP negotiation. To the best of our knowledge, all clients that support these capabilities also support version 302 CAP negotiation, rendering this moot (#2068)
- The default/recommended configuration now advertises the SCRAM-SHA-256 SASL method. We still do not recommend using this method in production. (#2032)
- Improved KILL messages (#2053, #2041, thanks @mogad0n!)
Added
- Added support for automatically joining new clients to a channel or channels (#2077, #2079, thanks @adsr!)
- Added implicit TLS (TLS from the first byte) support for MTAs (#2048, #2049, thanks @EchedeyLR!)
- Added support for draft/message-redaction (#2065, thanks @progval!)
- Added support for draft/pre-away (#2044)
- Added support for draft/no-implicit-names (#2083)
- Added support for the MSGREFTYPES 005 token (#2042)
- Ergo now advertises the standard-replies capability. Requesting this capability does not change Ergo's behavior.
Internal
- Release builds are now statically linked by default. This should not affect normal chat operations, but may disrupt attempts to connect to external services (e.g. MTAs) that are configured using a hostname that relies on libc's name resolution behavior. To restore the old behavior, build from source with
CGO_ENABLED=1
. (#2023) - Upgraded to Go 1.21 (#2045, #2084); official release builds use Go 1.21.3, which includes a fix for CVE-2023-44487
- The default
make
target is nowbuild
(which builds anergo
binary in the working directory) instead ofinstall
(which builds and installs anergo
binary to${GOPATH}/bin/ergo
). Take note if building from source, or testing Ergo in development! (#2047) make irctest
now depends onmake install
, in an attempt to ensure that irctest runs against the intended development version of Ergo (#2047)
v2.12.0-rc1
We're pleased to be publishing the release candidate for v2.12.0 (the official release should follow within a few weeks). This is another bugfix release aimed at improving client compatibility and keeping up with the IRCv3 specification process.
This release includes changes to the config file format, one of which is a compatibility break: if you were using accounts.email-verification.blacklist-regexes
, you can restore the previous functionality by renaming blacklist-regexes
to address-blacklist
and setting the additional key address-blacklist-syntax: regex
. See default.yaml for an example; for more details, see the "Changed" section below.
This release includes a database change. If you have datastore.autoupgrade
set to true
in your configuration, it will be automatically applied when you restart Ergo. Otherwise, you can update the database manually by running ergo upgradedb
(see the manual for complete instructions).
Many thanks to @adsr, @avollmerhaus, @csmith, @EchedeyLR, @emersion, @eskimo, @julio-b, knolle, @KoxSosen, @mogad0n, and @progval for contributing patches, reporting issues, and helping test.
Config changes
- Removed
accounts.email-verification.blacklist-regexes
in favor ofaddress-blacklist
,address-blacklist-syntax
, andaddress-blacklist-file
. See the "Changed" section below for the semantics of these new keys. (#1997, #2088) - Added
implicit-tls
(TLS from the first byte) support for MTAs (#2048, #2049, thanks @EchedeyLR!)
Fixed
- Fixed an edge case under
allow-truncation: true
(the recommended default isfalse
) where Ergo could truncate a message in the middle of a UTF-8 codepoint (#2074) - Fixed
CHATHISTORY TARGETS
being sent in a batch even without negotiation of thebatch
capability (#2066, thanks @julio-b!) - Errors from
/REHASH
are now properly sanitized before being sent to the user, fixing an edge case where they would be dropped (#2031, thanks @eskimo! - Fixed some edge cases in auto-away aggregation (#2044)
- Fixed a socket leak in the ident client (default/recommended configurations of Ergo disable ident and are not affected by this issue) (#2089)
Changed
- Bouncer reattach from an "insecure" session is no longer disallowed. We continue to recommend that operators preemptively disable all insecure transports, such as plaintext listeners (#2013)
- Email addresses are now converted to lowercase before checking them against the blacklist (#1997, #2088)
- The default syntax for the email address blacklist is now "glob" (expressions with
*
and?
as wildcard characters), as opposed to the full Go regular expression syntax. To enable full regular expression syntax, setaddress-blacklist-syntax: regex
. - Due to line length limitations, some capabilities are now hidden from clients that only support version 301 CAP negotiation. To the best of our knowledge, all clients that support these capabilities also support version 302 CAP negotiation, rendering this moot (#2068)
- The default/recommended configuration now advertises the SCRAM-SHA-256 SASL method. We still do not recommend using this method in production. (#2032)
- Improved KILL messages (#2053, #2041, thanks @mogad0n!)
Added
- Added support for automatically joining new clients to a channel or channels (#2077, #2079, thanks @adsr!)
- Added implicit TLS (TLS from the first byte) support for MTAs (#2048, #2049, thanks @EchedeyLR!)
- Added support for draft/message-redaction (thanks @progval!)
- Added support for draft/pre-away
- Added support for draft/no-implicit-names
- Added support for the MSGREFTYPES 005 token (#2042)
- Ergo now advertises the standard-replies capability. Requesting this capability does not change Ergo's behavior.
Internal
- Release builds are now statically linked by default. This should not affect normal chat operations, but may disrupt attempts to connect to external services (e.g. MTAs) that are configured using a hostname that relies on libc's name resolution behavior. To restore the old behavior, build from source with
CGO_ENABLED=1
. (#2023) - Upgraded to Go 1.21 (#2045, #2084)
- The default
make
target is nowbuild
(which builds anergo
binary in the working directory) instead ofinstall
(which builds and installs anergo
binary to${GOPATH}/bin/ergo
). Take note if building from source, or testing Ergo in development! (#2047) make irctest
now depends onmake install
, in an attempt to ensure that irctest runs against the intended development version of Ergo (#2047)
v2.11.1
v2.11.0
We're pleased to be publishing v2.11.0, a new stable release. This is another bugfix release aimed at improving client compatibility and keeping up with the IRCv3 specification process.
This release includes changes to the config file format, all of which are fully backwards-compatible and do not require updating the file before upgrading. It includes no changes to the database file format.
Many thanks to dedekro, @emersion, @eskimo, @FiskFan1999, hauser, @jwheare, @kingter-sutjiadi, knolle, @Mikaela, @mogad0n, @PeGaSuS-Coder, and @progval for contributing patches, reporting issues, and helping test.
Config changes
- Added
fakelag.command-budgets
, which allows each client session a limited number of specific commands that are exempt from fakelag. This improves compatibility with Goguma in particular. For the current recommended default, seedefault.yaml
(#1978, thanks @emersion!) - The recommended value of
server.casemapping
is nowascii
instead ofprecis
. PRECIS remains fully supported; if you are already running an Ergo instance, we do not recommend changing the value unless you are confident that your existing users are not relying on non-ASCII nicknames and channel names. (#1718)
Changed
- Network services like
NickServ
now appear inWHO
responses where applicable (#1850, thanks @emersion!) - The
extended-monitor
capability now appears under its ratified name (#2006, thanks @progval!) TAGMSG
no longer receives automaticRPL_AWAY
responses (#1983, thanks @eskimo!)UBAN
now states explicitly that bans without a time limit have "indefinite" duration (#1988, thanks @mogad0n!)
Fixed
WHO
with a bare nickname as an argument now shows invisible users, comparable toWHOIS
(#1991, thanks @emersion!)- MySQL did not work on 32-bit architectures; this has been fixed (#1969, thanks hauser!)
- Fixed the name of the
CHATHISTORY
005 token (#2008, #2009, thanks @emersion!) - Fixed handling of the address
::1
in WHOX output (#1980, thanks knolle!) - Fixed handling of
AWAY
with an empty parameter (the de facto standard is to treat as a synonym for no parameter, which means "back") (#1996, thanks @emersion, @jwheare!) - Fixed incorrect handling of some invalid modes in
CS AMODE
(#2002, thanks @eskimo!) - Fixed incorrect help text for
NS SAVERIFY
(#2021, thanks @FiskFan1999!)
Added
- Added the
draft/persistence
capability and associatedPERSISTENCE
command. This is a first attempt to standardize Ergo's "always-on" functionality so that clients can interact with it programmatically. (#1982) - Sending
SIGUSR1
to the Ergo process now prints a full goroutine stack dump to stderr, allowing debugging even when the HTTP pprof listener is disabled (#1975)
Internal
v2.11.0-rc1
We're pleased to be publishing the release candidate for 2.11.0 (the official release should follow in a week or so). This is another bugfix release aimed at improving client compatibility and keeping up with the IRCv3 specification process.
This release includes changes to the config file format, all of which are fully backwards-compatible and do not require updating the file before upgrading. It includes no changes to the database file format.
Many thanks to dedekro, @emersion, @eskimo, hauser, @jwheare, @kingter-sutjiadi, knolle, @Mikaela, @mogad0n, @PeGaSuS-Coder, and @progval for contributing patches, reporting issues, and helping test.
Config changes
- Added
fakelag.command-budgets
, which allows each client session a limited number of specific commands that are exempt from fakelag. This improves compatibility with Goguma in particular. For the current recommended default, seedefault.yaml
(#1978, thanks @emersion!) - The recommended value of
server.casemapping
is nowascii
instead ofprecis
. PRECIS remains fully supported; if you are already running an Ergo instance, we do not recommend changing the value unless you are confident that your existing users are not relying on non-ASCII nicknames and channel names. (#1718)
Changed
- Network services like
NickServ
now appear inWHO
responses where applicable (#1850, thanks @emersion!) - The
extended-monitor
capability now appears under its ratified name (#2006, thanks @progval!) TAGMSG
no longer receives automaticRPL_AWAY
responses (#1983, thanks @eskimo!)- Sending
SIGUSR1
to the Ergo process now prints a full goroutine stack dump to stderr, allowing debugging even when the HTTP pprof listener is disabled (#1975) UBAN
now states explicitly that bans without a time limit have "indefinite" duration (#1988, thanks @mogad0n!)
Fixed
WHO
with a bare nickname as an argument now shows invisible users, comparable toWHOIS
(#1991, thanks @emersion!)- MySQL did not work on 32-bit architectures; this has been fixed (#1969, thanks hauser!)
- Fixed the name of the
CHATHISTORY
005 token (#2008, #2009, thanks @emersion!) - Fixed handling of the address
::1
in WHOX output (#1980, thanks knolle!) - Fixed handling of
AWAY
with an empty parameter (the de facto standard is to treat as a synonym for no parameter, which means "back") (#1996, thanks @emersion, @jwheare!) - Fixed incorrect handling of some invalid modes in
CS AMODE
(#2002, thanks @eskimo!)
Added
- Added the
draft/persistence
capability and associatedPERSISTENCE
command. This is a first attempt to standardize Ergo's "always-on" functionality so that clients can interact with it programmatically. (#1982)
Internal
v2.10.0
We're pleased to be publishing v2.10.0, a new stable release.
This release contains no changes to the config file format or database file format.
Many thanks to @csmith, @FiskFan1999, @Mikaela, @progval, and @thesamesam for contributing patches, and to @emersion, @eskimo, @FiskFan1999, @jigsy1, @Mikaela, @mogad0n, @progval, and @xnaas for reporting issues and helping test.
Config changes
- For better interoperability with Goguma, the recommended value of
history.chathistory-maxmessages
has been increased to1000
(previously100
) (#1919)
Changed
- Persistent voice (
AMODE +v
) in a channel is now treated as a permanent invite (i.e. overriding+i
on the channel) (#1901, thanks @eskimo!) - If you are
+R
, sending a direct message to an anonymous user allows them to send you replies (#1687, #1688, thanks @Mikaela and @progval!) 0
is no longer valid as a nickname or account name, with a grandfather exception if it was registered on a previous version of Ergo (#1896)- Implemented the ratified version of the bot mode spec; the tag name is now
bot
instead ofdraft/bot
(#1938) - Privileged WHOX on a user with multiclient shows an arbitrarily chosen client IP address, comparable to WHO (#1897)
SAREGISTER
is allowed even underDEFCON
levels 4 and lower (#1922)- Operators with the
history
capability are now exempted from time cutoff restrictions on history retrieval (#1593, #1955)
Added
- Added
draft/read-marker
capability, allowing server-side tracking of read messages for synchronization across multiple clients. (#1926, thanks @emersion!) INFO
now includes the server start time (#1895, thanks @xnaas!)- Added
ACCEPT
command modeled on Charybdis/Solanum, allowing+R
users to whitelist users who can DM them (#1688, thanks @Mikaela!) - Added
NS SAVERIFY
for operators to manually complete an account verification (#1924, #1952, thanks @tacerus!)
Fixed
- Having the
samode
operator capability made all uses of theKICK
command privileged (i.e. overriding normal channel privilege checks); this has been fixed (#1906, thanks @pcho!) - Fixed
LIST <n
always returning no results (#1934, thanks @progval and @mitchr!) - NickServ commands are now more clear about when a nickname is unavailable because it was previously registered and unregistered (#1886, thanks @Mikaela!)
- Fixed KLINE'd clients producing a
QUIT
snotice without a correspondingCONNECT
snotice (#1941, thanks @tacerus, @xnaas!) - Fixed incorrect handling of long/multiline
319 RPL_WHOISCHANNELS
responses (#1935, thanks @Mikaela!) - Fixed
LIST
returning403 ERR_NOSUCHCHANNEL
for a nonexistent channel; the correct response is an empty list (#1928, thanks @emersion!) - Fixed
+s
("secret") channels not appearing inLIST
even when the client is already a member (#1911, #1923, thanks @jigsy1 and @FiskFan1999!) - Fixed a spurious success message in
HISTSERV DELETE
by always requiring a consistent number of parameters (#1881, #1927, thanks @FiskFan1999!) - Sending the empty string as a nickname would not always produce the expected error numeric
431 ERR_NONICKNAMEGIVEN
; this has been fixed (#1933, #1936, thanks @kylef!) znc.in/playback
timestamps are now parsed as pairs of exact integers, not as floats (#1918)
Internal
- Upgraded to Go 1.18 (#1925)
- Upgraded Alpine version in official Docker image
- Fixed some issues in the example OpenRC init scripts (#1914, #1920, thanks @thesamesam!)
v2.10.0-rc2
Testing of 2.10.0-rc1 revealed serious bugs in the new draft/read-marker
implementation. Consequently, we're publishing a second release candidate that fixes these issues. The final release is expected within a week or so; we apologize for the delay.