v1.0.0-rc1 - Almost ready!

Our v1.0.0 is finally here! Well, almost. The final v1.0.0 should be released in a week or two, after our last bits of testing is complete and the documentation has been double and triple-checked. This version rounds out most of our need-to-haves, and leaves us with a bunch of nice-to-haves that we'll be looking at going forward. Thanks to all of our amazing translators and contributors for the work they've done this release (we'll have a proper thanks section when v1.0.0 drops).

Highlights include:

• Support for storing and replaying message history with: the draft/resume-0.3 capability, the CHATHISTORY command, and a custom HISTORY command.
• Better detection of confusing nick/account/channel names.
• User-customizable nickname protection methods.
• An account-only mode in which all clients must have an account and login to it (using SASL) before they can join the server.

Config Changes

• allow-custom-enforcement key added under accounts.
• allow-plaintext-resume key added under server.
• history section added.
• identlen key added under limits.
• login-throttling section added under accounts.
• method key now under accounts now allows the value "optional".
• Logging type server has been added, replacing the startup, rehash, and shutdown types.
• We no longer listen on port 6668 by default (this fixes Docker installs).
• The default logging configuration now logs to stderr only, rather than to both stderr and a file.
• max-channels-per-client key added under channels (limiting the number of channels that can be joined).
• max-channels-per-account key added under channels.registration (limiting the number of channels that can be registered).
• Exemption lists now accept localhost as a value, meaning any loopback IPV4, loopback IPV6, or unix domain address.

Security

• Added a SASL-only mode in which all clients must authenticate with SASL.
• Added login throttling as a hardening measure against password guessing.
• Configurable limits are imposed on how many channels clients can join or register.

Added

• Added automagic datastore creation on oragono run.
• Added limited message history for connection resuming (to be extended in future).
• Added new Español (es) translation (thanks to Mauropek!)).
• Added new Polski (pl) translation (thanks to Sebastian Korotkiewicz (modinfi)!)).
• Added new Română (ro) translation (thanks to Bogdan Mințoi!)).
• Added new Ελληνικά (el) translation (thanks to Nicholas Kyriakides (Shillos)!)).
• Added new 简体中文 (zh-CN) translation (thanks to Tony Chen and Remini!)).
• Added new subcommands to NICKSERV, including:
  • PASSWD to change account passwords.
  • ENFORCE to set a specific enforcement mechanism on your nick.
  • SAREGISTER to allow operators to manually create new user accounts.
• Added Unicode confusable detection and prevention when changing nicknames and registering accounts.
• Added proposed IRCv3 capability draft/setname.

Changed

• SASL PLAIN logins now log more correctly.
• Database upgrade failures now provide information about the error that occurred.
• Idents (sometimes called "usernames") are now restricted to ASCII, similar to other servers.
• In addition to the founder, now auto-ops (halfop and higher) automatically bypass channel join restrictions.
• Log lines now display time down to milliseconds, instead of just seconds.
• Updated all translation files (thanks to our amazing translators!).
• Updated proposed IRCv3 capability to version draft/resume-0.3.
• When nick ownership is enabled, users can now select which enforcement mechanism to use with their nickname.
• Improved compatibility with ZNC's nickserv module.
• Halfops can now kick unprivileged users.

Removed

Fixed

• oragono.io/maxline capability was accidentally disabled, now re-enabled.
• INVITE: Fixed bug where invited users could not join the channel they were invited to.
• PRIVMSG: Messages sent to multiple clients (such as channel messages) now share the same timestamp (previously each client got a very slightly different time).
• WHOIS: Now responds properly for NickServ, ChanServ, etc.
• Channel names with right-to-left characters are now casefolded correctly.
• Fixed incorrect rejection of nickmasks with Unicode RTL nicknames.
• Fixed nickname sync issue which could cause clients to fail to see each other.
• Invalid ISUPPORT tokens are now explicitly rejected.
• Made server-time timestamp format more consistent and safer.
• Oragono now exits with status (1) if it fails to start.
• Prevent logging in multiple times when using /NS IDENTIFY.
• Prevented the db handler from automagically creating the database without initializing it (thanks @enckse!). We also now automatically create the datastore on run.
• Updated internal command line parsing (thanks @iNecas!).
• oragono genpasswd now works when piping input in (fixes Docker installs).
• Fixed handling of CIDR width in connection limiting/throttling.
• Fixed many responses that violated the specifications (thanks to Ascrod, bogdomania, csmith, jesopo, jwheare).
• Fixed incorrect behavior of CHANSERV OP command.

Internal Notes

• DLINE and KLINE refactored, and expired bans are now removed from the database.
• Logging system optimised.
• Services handlers refactored.
• Translations are now sent to/PR'd from CrowdIn automagically as we develop the software.
• Direct responses to client commands are now sent "synchronously", bypassing the sendq.

v0.12.0 - The Spookiest IRCd

There's been a host of changes in the past six months, and this Halloween release has a number of very useful improvements.

For example, passwords are now hashed in a much better way than we did it before (jlatt's original method back from Ergonomadic was the right way to do things), the database now auto-upgrades for you when it detects a new version, thanks to Slingamn we now have vhosts, and there's been a ton of rewrites under-the-hood to improve stability and performance.

If you have any trouble with this release, please let us know with an issue on our tracker, or by talking to us in #oragono on Freenode.

Thanks to slingamn for a lot of heavy lifting this release and to vilmibm for contributing a documentation fix!

Config Changes

• allow-multiple-per-connection key removed from accounts.
• autoupgrade key added under datastore, specifying whether to upgrade to new database versions automatically.
• bcrypt-cost key added under accounts, to control how strongly account passwords are hashed.
• stackimpact section removed from debug.
• unix-bind-mode key added under server, controlling the bind mode used for unix listening sockets.
• vhosts section added under accounts, configuring our new vhost support.
• new oper capabilities accreg, sajoin, vhosts and chanreg added.

Security

• Password hashing has been improved (with current passwords being automatically upgraded to use the new method).
• Various crashes have been resolved.

Added

• Added database auto-upgrades.
• Added new subcommands to ChanServ including:
  • AMODE to allow setting persistent channel modes for users.
  • DROP to unregister a channel.
• Added vhosts (virtual/vanity hosts), controlled via HostServ.

Changed

• ChanServ and NickServ now show in their help output when commands have been disabled.
• Channel keys and modes are now stored for registered channels.
• Client capability handling rewritten under-the-hood.
• Disabled services commands now show as disabled (rather than being completely hidden).
• Many under-the-hood optimisations (thanks @slingamn!).
• Rehashing is now more consistent and safe.

Removed

• Removed StackImpact debug support, as we don't find it useful these days.

Fixed

• Fixed LUSERS to make it display correct client count and output correct params (thanks @moortens!.
• Fixed PROXY support for IPv6 clients.
• Fixed SAMODE crash when using it on a channel you're not joined to.
• Fixed WHOIS so that RPL_WHOISACCOUNT is now sent correctly.
• Fixed fakelag timing to better match expected values.
• Fixed issue where incoming and outgoing private messages were being incorrectly modified (a space was being added to the end) due to a bug with our protocol handling.
• Fixed password hashing method, with existing passwords being auto-upgraded to use the new method.

Lotsa Changes

And v0.11.0 finally comes along! This release has been in the works for almost four months now, with an alpha and beta helping square away the issues.

We're adding a lot of features to improve debugging, better support international users, and make things better for network administrators. Among the new features, you can use the LANGUAGE command to set a custom server language (see our CrowdIn to contribute), expose a debugging pprof endpoint, reserve nicknames with NickServ, and force email verification for new user accounts. On the improvements side we have a CAP REQ fix, and we now have a manual that contains a nice overview of Oragono's documentation.

If you have any trouble with this release, please let us know with an issue on our tracker, or by talking to us in #oragono on Freenode.

Thanks a bunch to everyone for the help with this release – especially to our translators and to Slingamn for being an awesome co-maintainer!

Config Changes

• callbacks section added under accounts/registration, configuring our new email verification (disabled by default).
• fakelag section added, configuring our new fakelag implementation.
• ips-per-subnet key renamed to connections-per-subnet.
• motd-formatting is now enabled by default.
• nick-reservation section added under accounts, configuring our new nickname ownership abilities.
• nofakelag and unregister oper classes added.
• pprof-listener key added under debug (disabled by default).
• skip-server-password key added under accounts, to better support certain clients.
• verify-timeout default value changed from 120 hours to 32 hours under accounts/registration.

Added

• Added 32-bit builds.
• Added a debug pprof endpoint, which is disabled by default and can be exposed in the config.
• Added a manual to our documentation! This is primarily where we'll be adding user-facing information and instructions from now on.
• Added current running git commit to the sent version string.
• Added fakelag, so that the server can slow down clients hitting it too aggressively. Disabled by default while we work out the kinks and the specific settings (thanks @slingamn!).
• Added IRCv3 capability batch and draft capability draft/labeled-response.
• Added listening support for unix sockets.
• Added new Brazilian Portuguese translation (thanks to Alexandre Oliveira!)).
• Added new French translation (thanks to Joshua!).
• Added new Norwegian translation (thanks to Morten!).
• Added new subcommands to CHANSERV, including:
  • OP to op yourself or the given user (can only be run by channel founders).
• Added new subcommands to NICKSERV, including:
  • DROP to de-associate a nickname from your current account.
  • GHOST to remove the given client (if they're logged in with your user account).
  • GROUP to associate a nickname with your current account.
  • IDENTIFY to login to an account.
  • INFO to see information about the given (or your own) account.
  • REGISTER to register an account.
  • UNREGISTER to delete your account.
• Added new Turkish translation (thanks to Yaser!).
• Added proposed IRCv3 capabilities draft/languages and draft/resume.
• Added the ability to associate multiple nicknames with your account, and enforce nickname ownership.
• Added the ability to force email verification when users register accounts.
• Added user modes, including:
  • B: Mark yourself as a bot, and display that you're a bot in WHOIS.

Changed

• genpasswd now requires that you confirm the input passphrase.
• Message IDs are now much shorter and easier to read – down from 39 characters to 16 while preserving a very similar gaurantee of uniqueness (thanks @prawnsalad for bringing up this issue).

Fixed

• We now correctly suspend registration when receiving a CAP REQ, as per the spec.
• We now properly cut off clients who try to send us too much data at once.

v0.11.0-beta release

This is a beta preview of the v0.11.0 release, which is actually likely to come this weekend. There's a whole lot of useful, important changes in this release including better debugging features, languages, nick reservation, email verification for new accounts, and a CAP REQ fix! However, it could be pretty unstable on a count of being a beta and simply the number of changes packed into it.

If you have any trouble with this release, please let us know with an issue on our tracker, or by talking to us in #oragono on Freenode.

Thanks a bunch for all the help with this release – especially to our translators and to Slingamn for being an awesome co-maintainer!

Config Changes

• callbacks section added under accounts/registration, configuring our new email verification (disabled by default).
• fakelag section added, configuring our new fakelag implementation.
• ips-per-subnet key renamed to connections-per-subnet.
• motd-formatting is now enabled by default.
• nick-reservation section added under accounts, configuring our new nickname ownership abilities.
• nofakelag and unregister oper classes added.
• pprof-listener key added under debug (disabled by default).
• skip-server-password key added under accounts, to better support certain clients.
• verify-timeout default value changed from 120 hours to 32 hours under accounts/registration.

Added

• Added a debug pprof endpoint, which is disabled by default and can be exposed in the config.
• Added a manual to our documentation! This is primarily where we'll be adding user-facing information and instructions from now on.
• Added current running git commit to the sent version string.
• Added fakelag, so that the server can slow down clients hitting it too aggressively. Disabled by default while we work out the kinks and the specific settings (thanks @slingamn!).
• Added IRCv3 capability batch and draft capability draft/labeled-response.
• Added listening support for unix sockets.
• Added new Brazilian Portuguese translation (thanks to Alexandre Oliveira!)).
• Added new French translation (thanks to Joshua!).
• Added new Norwegian translation (thanks to Morten!).
• Added new subcommands to CHANSERV, including:
  • OP to op yourself or the given user (can only be run by channel founders).
• Added new subcommands to NICKSERV, including:
  • DROP to de-associate a nickname from your current account.
  • GHOST to remove the given client (if they're logged in with your user account).
  • GROUP to associate a nickname with your current account.
  • IDENTIFY to login to an account.
  • INFO to see information about the given (or your own) account.
  • REGISTER to register an account.
  • UNREGISTER to delete your account.
• Added new Turkish translation (thanks to Yaser!).
• Added proposed IRCv3 capabilities draft/languages and draft/resume.
• Added the ability to associate multiple nicknames with your account, and enforce nickname ownership.
• Added the ability to force email verification when users register accounts.
• Added user modes, including:
  • B: Mark yourself as a bot, and display that you're a bot in WHOIS.

Changed

• genpasswd now requires that you confirm the input passphrase.
• Message IDs are now much shorter and easier to read – down from 39 characters to 16 while preserving a very similar gaurantee of uniqueness (thanks @prawnsalad for bringing up this issue).

Fixed

• We now correctly suspend registration when receiving a CAP REQ, as per the spec.
• We now properly cut off clients who try to send us too much data at once.

v0.11.0-alpha release

This is an alpha preview of the v0.11.0 release, which is likely to come next weekend.

We've introduced a lot and fixed a pretty serious bug around CAP! To be specific, we've included translation support, along with a fairly fully-fleshed-out Turkish translation and some extra proposed spec support.

To enable translations, just change enabled to true, in the languages section (and make sure the path is correct). After this, connect and send LANGUAGE tr_TR as noted in the related spec, and you'll be using Turkish!

Added

• Added new Turkish translation (thanks to Yaser!).
• Added proposed IRCv3 capability draft/languages.
• Added proposed IRCv3 capability draft/resume.
• Added user modes, including:
  • B: Mark yourself as a bot, and display that you're a bot in WHOIS.

Changed

• Message IDs are now much shorter and easier to read – down from 39 characters to 16 while preserving a very similar gaurantee of uniqueness (thanks @prawnsalad for bringing up this issue).

Fixed

• We now correctly suspend registration when receiving a CAP REQ, as per the spec.

Christmas Bugfixes and Updates!

This patch fixes a couple bugs, updates cap/isupport token names in response to spec changes, and allows unprivileged users to list channel bans. Ah, DLINE and KLINE also store oper names, so you can see who set those pesky bans later on!

Overall, a fairly standard patch that just improves things. No config changes, no database changes.

Also, Merry Christmas and Happy Holidays!

Added

• DLINE/KLINE: We now save the name of whichever oper set the ban (and display it later).

Changed

• draft/maxline capability is now oragono.io/maxline.
• WHO: First parameter now must be a mask or channel name, cannot be ommitted.
• Casemapping is now advertised using the UTF8MAPPING token, matching the new spec changes.
• We now allow unprivileged users to list channel bans.

Fixed

• Fixed a bug around removing channel bans.
• Fixed a client timeout bug.

Patch fix for lots of crashes

This patch release fixes a bunch of crashes that were introduced in the last release, 0.10.1.

If you have 0.10.1 running, replace it with this release.

For a more in-depth explanation, we refactored how we referred to channels in the code. With those changes we introduced a bug that incorrectly dereferences channels in certain situations. That bug is fixed by this latest release. Because we refer to channels in a lot of places, this bug can occur in a lot of places.

Security

• Fixed lots of miscellaneous crashes.

Security channel mode fix, error-recovery and SAMODE improvements

This patch release of Oragono fixes a fairly big channel mode bug, where users could set channel modes when they weren't actually allowed to.

Config Changes

• recover-from-errors key added under debug, which enables recovery from client-caused errors (at the cost of possible server instability).

Security

• Clients could set channel modes when they weren't supposed to be able to.

Added

• We now allow recovering from client-caused panics.

Fixed

• SAMODE now lists other users' modes.
• Removed some possible crashes and races.

Updates, Fixes, and More!

There has been a bunch of new changes in this release! From sts being ratified to supporting WEBIRC to rewriting a whole lot of our internals, 0.10.0 represents a real step forward in terms of where Oragono's going.

In addition to the new features, this issue fixes a bunch of fairly large bugs (such as an errant INVITE being able to crash the server, the +mRchannel modes not working at all, and making rehashing safer).

I'd like to thank @slingamn for really contributing a lot in this release! He's done a whole bunch of the internal work, cleaned up the code, and in general just been a great help while developing. Running Oragono on an actual network has really helped find and track down some serious bugs, and lead us to some much-needed improvements.

Config Changes

• motd-formatting key added under server, which supports MOTD formatting characters.
• rest-api section removed from server (since we no longer support the Rest API).
• webirc section added under server, which specifies the gateways can use the WEBIRC command.
• ws-listen key removed from server (since we no longer support websocket ports).
• Connection limits and connection throttling has become more relaxed by default.

Security

• INVITE: Fixed a server crash when sending an invite for a channel that doesn't exist (thanks @josephbisch for telling me about the bug!).

Added

• Added support for the WEBIRC command, allowing gateways to connect.
• We now list XLINEs with DLINE LIST and KLINE LIST.
• We now support using escaped formatting codes in the MOTD (tl;dr easy colors, bold and italics).

Changed

• D-LINE and K-LINE code is now cleaner under the hood and less likely to crash.
• Ident (looking up usernames) now times out a whole lot quicker, meaning you connect to the server more quickly.
• IRCv3 capability draft/sts has been renamed to sts, since it's now been ratified.
• Rehashing is now safer.
• Server opers could always speak on channels, even when they shouldn't be able to. Now they aren't above the law.

Removed

• Removed the draft/message-ids cap since... it doesn't actually exist. The feature is now enabled by default when clients request the draft/message-tags-0.2 capability, as written in the Message IDs spec.
• Removed websocket support (conflicted with existing larger IRCd's implementations and not used by any real clients).
• REST API has been removed, until we can build up the web interface in parallel with it.

Fixed

• AWAY was sending an incorrect mode string, and now sends the correct mode string (thanks @jwheare for pointing this out).
• Fixed some bugs with our MONITOR implementation which meant we weren't returning the right info to clients.
• The Moderated (+m) and RegisteredOnly (+R) channel modes could not be set. Now they can be set.

v0.9.2-beta patch release

Another day, another release. I think this should be pretty stable, but there have been a whole lot of changes underneath the hood (to try and make things cleaner, safer, and more stable). The main visible changes between this and -alpha are the addition of a new way to format MOTDs (add colours, bold, and italics), and that we've removed the REST API!

Config Changes

• motd-formatting key added under server, which supports MOTD formatting characters.
• rest-api section removed from server (since we no longer support the Rest API).
• ws-listen key removed from server (since we no longer support websocket ports).

Added

• We now support the PROXY command (letting people use HAProxy to terminate TLS and similar).
• We now support using escaped formatting codes in the MOTD (tl;dr easy colors, bold and italics).

Changed

• D-LINE and K-LINE code is now cleaner under the hood and less likely to crash.
• Rehashing is now safer.
• Server opers could always speak on channels, even when they shouldn't be able to. Now they aren't above the law.

Removed

• Removed the draft/message-ids cap since... it doesn't actually exist. The feature is now enabled by default when clients request the draft/message-tags-0.2 capability, as written in the Message IDs spec.
• Removed websocket support (conflicted with existing larger IRCd's implementations and not used by any real clients).
• REST API has been removed, until we can build up the web interface in parallel with it.

Fixed

• AWAY was sending an incorrect mode string, and now sends the correct mode string (thanks @jwheare for pointing this out).
• Fixed some bugs with our MONITOR implementation which meant we weren't returning the right info to clients.
• The Moderated (+m) and RegisteredOnly (+R) channel modes could not be set. Now they can be set.