v2.12.0
We're pleased to be publishing v2.12.0, a new stable release. This is another bugfix release aimed at improving client compatibility and keeping up with the IRCv3 specification process.
This release includes changes to the config file format, one of which is a compatibility break: if you were using accounts.email-verification.blacklist-regexes
, you can restore the previous functionality by renaming blacklist-regexes
to address-blacklist
and setting the additional key address-blacklist-syntax: regex
. See default.yaml for an example; for more details, see the "Changed" section below.
This release includes a database change. If you have datastore.autoupgrade
set to true
in your configuration, it will be automatically applied when you restart Ergo. Otherwise, you can update the database manually by running ergo upgradedb
(see the manual for complete instructions).
Many thanks to @adsr, @avollmerhaus, @csmith, @EchedeyLR, @emersion, @eskimo, @julio-b, knolle, @KoxSosen, @Mikaela, @mogad0n, and @progval for contributing patches, reporting issues, and helping test.
Config changes
- Removed
accounts.email-verification.blacklist-regexes
in favor ofaddress-blacklist
,address-blacklist-syntax
, andaddress-blacklist-file
. See the "Changed" section below for the semantics of these new keys. (#1997, #2088) - Added
implicit-tls
(TLS from the first byte) support for MTAs (#2048, #2049, thanks @EchedeyLR!)
Fixed
- Fixed an edge case under
allow-truncation: true
(the recommended default isfalse
) where Ergo could truncate a message in the middle of a UTF-8 codepoint (#2074) - Fixed
CHATHISTORY TARGETS
being sent in a batch even without negotiation of thebatch
capability (#2066, thanks @julio-b!) - Errors from
/REHASH
are now properly sanitized before being sent to the user, fixing an edge case where they would be dropped (#2031, thanks @eskimo! - Fixed some edge cases in auto-away aggregation (#2044)
- Fixed a FAIL code sent by draft/account-registration (#2092, thanks @progval!)
- Fixed a socket leak in the ident client (default/recommended configurations of Ergo disable ident and are not affected by this issue) (#2089)
Changed
- Bouncer reattach from an "insecure" session is no longer disallowed. We continue to recommend that operators preemptively disable all insecure transports, such as plaintext listeners (#2013)
- Email addresses are now converted to lowercase before checking them against the blacklist (#1997, #2088)
- The default syntax for the email address blacklist is now "glob" (expressions with
*
and?
as wildcard characters), as opposed to the full Go regular expression syntax. To enable full regular expression syntax, setaddress-blacklist-syntax: regex
. - Due to line length limitations, some capabilities are now hidden from clients that only support version 301 CAP negotiation. To the best of our knowledge, all clients that support these capabilities also support version 302 CAP negotiation, rendering this moot (#2068)
- The default/recommended configuration now advertises the SCRAM-SHA-256 SASL method. We still do not recommend using this method in production. (#2032)
- Improved KILL messages (#2053, #2041, thanks @mogad0n!)
Added
- Added support for automatically joining new clients to a channel or channels (#2077, #2079, thanks @adsr!)
- Added implicit TLS (TLS from the first byte) support for MTAs (#2048, #2049, thanks @EchedeyLR!)
- Added support for draft/message-redaction (#2065, thanks @progval!)
- Added support for draft/pre-away (#2044)
- Added support for draft/no-implicit-names (#2083)
- Added support for the MSGREFTYPES 005 token (#2042)
- Ergo now advertises the standard-replies capability. Requesting this capability does not change Ergo's behavior.
Internal
- Release builds are now statically linked by default. This should not affect normal chat operations, but may disrupt attempts to connect to external services (e.g. MTAs) that are configured using a hostname that relies on libc's name resolution behavior. To restore the old behavior, build from source with
CGO_ENABLED=1
. (#2023) - Upgraded to Go 1.21 (#2045, #2084); official release builds use Go 1.21.3, which includes a fix for CVE-2023-44487
- The default
make
target is nowbuild
(which builds anergo
binary in the working directory) instead ofinstall
(which builds and installs anergo
binary to${GOPATH}/bin/ergo
). Take note if building from source, or testing Ergo in development! (#2047) make irctest
now depends onmake install
, in an attempt to ensure that irctest runs against the intended development version of Ergo (#2047)