Assets 13

There's been a host of changes in the past six months, and this Halloween release has a number of very useful improvements.

For example, passwords are now hashed in a much better way than we did it before (jlatt's original method back from Ergonomadic was the right way to do things), the database now auto-upgrades for you when it detects a new version, thanks to Slingamn we now have vhosts, and there's been a ton of rewrites under-the-hood to improve stability and performance.

If you have any trouble with this release, please let us know with an issue on our tracker, or by talking to us in #oragono on Freenode.

Thanks to slingamn for a lot of heavy lifting this release and to vilmibm for contributing a documentation fix!

Config Changes

  • allow-multiple-per-connection key removed from accounts.
  • autoupgrade key added under datastore, specifying whether to upgrade to new database versions automatically.
  • bcrypt-cost key added under accounts, to control how strongly account passwords are hashed.
  • stackimpact section removed from debug.
  • unix-bind-mode key added under server, controlling the bind mode used for unix listening sockets.
  • vhosts section added under accounts, configuring our new vhost support.
  • new oper capabilities accreg, sajoin, vhosts and chanreg added.

Security

  • Password hashing has been improved (with current passwords being automatically upgraded to use the new method).
  • Various crashes have been resolved.

Added

  • Added database auto-upgrades.
  • Added new subcommands to ChanServ including:
    • AMODE to allow setting persistent channel modes for users.
    • DROP to unregister a channel.
  • Added vhosts (virtual/vanity hosts), controlled via HostServ.

Changed

  • ChanServ and NickServ now show in their help output when commands have been disabled.
  • Channel keys and modes are now stored for registered channels.
  • Client capability handling rewritten under-the-hood.
  • Disabled services commands now show as disabled (rather than being completely hidden).
  • Many under-the-hood optimisations (thanks @slingamn!).
  • Rehashing is now more consistent and safe.

Removed

  • Removed StackImpact debug support, as we don't find it useful these days.

Fixed

  • Fixed LUSERS to make it display correct client count and output correct params (thanks @moortens!.
  • Fixed PROXY support for IPv6 clients.
  • Fixed SAMODE crash when using it on a channel you're not joined to.
  • Fixed WHOIS so that RPL_WHOISACCOUNT is now sent correctly.
  • Fixed fakelag timing to better match expected values.
  • Fixed issue where incoming and outgoing private messages were being incorrectly modified (a space was being added to the end) due to a bug with our protocol handling.
  • Fixed password hashing method, with existing passwords being auto-upgraded to use the new method.