|
|
| Line 1: |
Line 1: |
| {{ChangeLog}}
| | [default] |
| | | default_md = sha512 |
| <!-- last commit: aab76567662f770ed763c6ae25be1cbe8d9fd3cf -->
| | name_opt = ca_default |
| | | cert_opt = ca_default |
| // TODO: cleanup this list, reorder, recategorize, fix grammar
| | default_days = 375 |
| | | policy = @policy_selfsigned |
| == New == | | |
| * Add CMake build. Minimum supported CMake version is 3.1. For now ZNC can be built with either CMake or autoconf. In future autoconf is going to be removed.
| | [ req ] |
| ** Currently <code>znc-buildmod</code> requires python if CMake was used; if that's a concern for you, please open a bug.
| | #Options from the [ req ] section are applied |
| * Increase minimum GCC version from 4.7 to 4.8. Minimum Clang version stays at 3.2.
| | #when creating certificates or certificate signing requests. |
| * Make ZNC UI translateable to different languages, add partial Russian translation. If you want to translate ZNC to your language, great! Please say.
| | # Options for the `req` tool (`man req`). |
| * Configs written before ZNC 0.206 can't be read anymore {{GH|929}}
| | default_bits = 4096 |
| * Implement IRCv3.2 capability <code>echo-message</code> on the "client side" {{GH|950}}
| | distinguished_name = req_selfsigned |
| * Implement IRCv3.2 capabilities <code>cap-notify</code>, <code>away-notify</code>, <code>account-notify</code>, <code>extended-join</code> {{GH|315}} {{GH|316}}
| | string_mask = utf8only |
| * Update capability names as they are named in IRCv3.2: <code>znc.in/server-time-iso</code>→<code>server-time</code>, <code>znc.in/batch</code>→<code>batch</code>. Old names will continue working for a while, then will be removed in some future version.
| | default_md = sha512 |
| * Make ZNC request <code>server-time</code> from server when available {{GH|839}}
| | |
| * Increase accepted line length from 1024 to 2048 to give some space to message tags
| | |
| * Separate buffer size settings for channels and queries {{GH|967}}
| | [ req_selfsigned ] |
| * Support separate <code>SSLKeyFile</code> and <code>SSLDHParamFile</code> configuration in addition to existing <code>SSLCertFile</code> {{GH|1192}}
| | # The [ req_dn ] section declares the information |
| * Add "AuthOnlyViaModule" global/user setting {{GH|331}}
| | # normally required in a certificate signing request. |
| * Added [[pyeval]] module
| | # You can optionally specify some defaults. |
| * Added [[stripcontrols]] module {{GH|387}}
| | # See <https://en.wikipedia.org/wiki/Certificate_signing_request>. |
| * Add new substitutions to [[ExpandString]]: <code>%empty%</code> and <code>%network%</code>. {{GH|1049}} {{GH|1139}}
| | countryName = Country Name (2 letter code) |
| * Stop defaulting real name to "Got ZNC?" {{GH|818}}
| | countryName_min = 2 |
| * Added <code>ClearAllBuffers</code> command {{GH|852}}
| | countryName_max = 2 |
| * Don't require CSRF token for POSTs if the request uses HTTP Basic auth. {{GH|946}}
| | stateOrProvinceName = State or Province Name (full name) |
| * Set <code>HttpOnly</code> and <code>SameSite=strict</code> for session cookies {{GH|1077}} {{GH|1450}}
| | localityName = Locality Name (eg, city) |
| * Add SNI SSL client support {{GH|1200}}
| | organizationName = Organization Name (eg, company) |
| * Add support for CIDR notation in allowed hosts list and in trusted proxy list {{GH|207}} {{GH|1219}}
| | organizationalUnitName = Organizational Unit Name (eg, section) |
| * Add network-specific config for cert validation in addition to user-supplied fingerprints: <code>TrustAllCerts</code>, defaults to false, and <code>TrustPKI</code>, defaults to true. {{GH|866}}
| | commonName = Common Name (e.g. server FQDN or YOUR name) |
| * Add <code>/attach</code> command for symmetry with <code>/detach</code>. Unlike <code>/join</code> it allows wildcards.
| | emailAddress = Email Address |
| * [[Timestamps#Format|Timestamp format]] now supports sub-second precision with <code>%f</code>. Used in [[awaystore]], [[listsockets]], [[log]] modules and buffer playback when client doesn't support server-time {{GH|1455}}
| | |
| * Build on macOS using ICU, Python, and OpenSSL from Homebrew, if available {{GH|894}}
| | # Optionally, specify some defaults. |
| | | countryName_default = IT |
| == Fixes == | | stateOrProvinceName_default = Italy |
| * Revert tables to how they were in ZNC 1.4 {{GH|914}}
| | localityName_default = Italy |
| * Remove flawed Add/Del/List/BindHost(s). They didn't correctly do what they were supposed to do, but users often confused them with the SetBindHost option. SetBindHost still works. {{GH|983}}
| | organizationName_default = ZNC.in |
| * Fix disconnection issues when being behind NAT by decreasing the interval how often PING is sent and making it configurable via a setting to change ping timeout time {{GH|979}}
| | #organizationalUnitName_default = ZNC Service |
| * Change default flood rates to match RFC1459, prevent excess flood problems {{GH|1416}} {{GH|1418}}
| | #commonName_default = wiki.znc.in |
| * Match channel names and hostmasks case-insensitively in [[autoattach]], [[autocycle]], [[autoop]], [[autovoice]], [[log]], [[watch]] modules {{GH|822}}
| | emailAddress_default = user [at] example [dot] com |
| * Fix crash in [[shell]] module which happens if client disconnects at a wrong time {{GH|1248}}
| | |
| * Decrease CPU usage when joining channels during startup or reconnect, add config write delay setting {{GH|1250}}
| | [ policy_selfsigned ] |
| * modperl: Fix reloading of module which couldn't be loaded before
| | # See the POLICY FORMAT section of the `ca` man page. |
| * modperl: Explain modperl that ZNC uses UTF-8 internally
| | countryName = optional |
| * Always send the users name in NOTICE when logging in. {{GH|1282}}
| | stateOrProvinceName = optional |
| * Don't try to quit multiple times {{GH|1392}}
| | localityName = optional |
| * Don't send PART to client which sent QUIT
| | organizationName = optional |
| * Send failed logins to NOTICE instead of PRIVMSG {{GH|1472}}
| | organizationalUnitName = optional |
| * Stop creating files with odd permissions on Solaris {{GH|1492}}
| | commonName = optional |
| * Save channel key on JOIN even if user was not on the channel yet {{GH|1223}}
| | emailAddress = optional |
| * Stop buffering and echoing CTCP requests and responses to other clients with self-message, except for /me {{GH|1488}}
| | |
| * Support discovery of tcl 8.6 during <code>./configure</code>
| | [ usr_cert ] |
| | | # We’ll apply the usr_cert extension when signing client certificates, |
| == Modules == | | # such as those used for remote user authentication. |
| * adminlog: make path configurable {{GH|1001}}
| | # Extensions for client certificates (`man x509v3_config`). |
| * alias: add DUMP command to copy your config between users {{GH|1114}}
| | basicConstraints = critical, CA:FALSE |
| * awaystore: add -chans option which records channel highlights {{GH|851}}
| | subjectKeyIdentifier = hash |
| * blockmotd: add GetMotd command {{GH|783}} {{GH|1361}}
| | authorityKeyIdentifier = keyid:always, issuer:always |
| * clearbufferonmsg: add options which events trigger clearation of buffers. {{GH|825}}
| | keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement |
| * controlpanel: add the <code>DelServer</code> command. {{GH|810}}
| | extendedKeyUsage = critical, clientAuth, emailProtection, codeSigning |
| * controlpanel: add $user and $network aliases {{GH|847}}
| | |
| * controlpanel: Allow reseting channel specific AutoClearChanBuffer and BufferSize settings by setting them to "-" {{GH|990}}
| | [ server_cert ] |
| * controlpanel: Change "double" to "number" {{GH|1468}}
| | # We’ll apply the server_cert extension when signing server certificates, |
| * crypt: cover notices, actions and topics {{GH|813}}
| | # such as those used for web servers. |
| * crypt: Don't use the same or overlapping NickPrefix as StatusPrefix {{GH|1377}}
| | # Extensions for server certificates (`man x509v3_config`). |
| * crypt: Add DH1080 key exchange {{GH|1378}}
| | basicConstraints = critical, CA:FALSE |
| * crypt: Add Get/SetNickPrefix commands, Hide the internal keyword from ListKeys {{GH|1382}}
| | subjectKeyIdentifier = hash |
| * crypt: fix build with LibreSSL {{GH|1439}}
| | authorityKeyIdentifier = keyid:always, issuer:always |
| * cyrusauth: improve UI
| | keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement |
| * fail2ban: make timeout and attempts configurable, add BAN, UNBAN and LIST commands {{GH|534}}
| | extendedKeyUsage = critical, serverAuth |
| * flooddetach: detach on nick floods {{GH|941}}
| |
| * keepnick: improve behaviour by listening to ircd-side numeric errors {{GH|945}}
| |
| * log: Add -timestamp option {{GH|978}}
| |
| * log: Add options to hide joins, quits and nick changes. {{GH|601}}
| |
| * log: stop forcing username and network name to be lower case in filenames {{GH|1171}}
| |
| * log: Log user quit messages {{GH|1395}}
| |
| * missingmotd: Include nick in IRC numeric command, reduce client confusion {{GH|1399}}
| |
| * modperl: provide operator "" for ZNC::String
| |
| * modperl: Honor PERL5LIB env var
| |
| * modperl: fix functions like HasPerm() which accept char {{GH|1486}}
| |
| * modpython: Disable legacy encoding mode when modpython is loaded. {{GH|1229}}
| |
| * modpython: Add CQuery(s) and CServer(s) {{GH|1436}}
| |
| * modperl, modpython: support ValidateWebRequestCSRFCheck {{GH|1424}}
| |
| * nickserv: use <code>/nickserv identify</code> by default instead of <code>/msg nickserv</code>. {{GH|786}}
| |
| * nickserv: support messages from X3 services {{GH|1322}}
| |
| * notify_connect: Show client identification {{GH|1195}}
| |
| * sasl: add web interface {{GH|910}}
| |
| * sasl: enable all known mechanisms by default {{GH|938}}
| |
| * sasl: Make the first requirement for SET actually mandatory, return information about settings if no input for SET {{GH|1338}}
| |
| * schat: Require explicit path to certificate.
| |
| * simple_away: use ExpandString for away reason, rename old %s to %awaytime% {{GH|1149}}
| |
| * simple_away: Add MinClients option {{GH|1133}}
| |
| * stickychan: save registry on every stick/unstick action, auto-save if channel key changes {{GH|881}}
| |
| * stickychan: stop checking so often, increase delay to once every 3 minutes {{GH|1333}}
| |
| * webadmin: allow reseting chan buffer size by entering an empty value
| |
| * webadmin: make tables sortable. {{GH|40}}
| |
| * webadmin: Make server editor and CTCP replies editor more fancy, when JS is enabled {{GH|145}}
| |
| * webadmin: show per-network traffic info {{GH|963}}
| |
| * webadmin: make the traffic info page visible for non-admins, non-admins can see only their traffic {{GH|1020}}
| |
| | |
| == Internal == | |
| * Stop pretending that ZNC ABI is stable, when it's not. Make module version checks more strict and prevent crashes when loading a module which are built for the wrong ZNC version. {{GH|1353}}
| |
| * Allow modules to override CSRF protection. {{GH|1180}}
| |
| * Various HTML changes {{GH|1308}}
| |
| * Introduce a CMessage class and its subclasses {{GH|506}}
| |
| * Add module callbacks which accept CMessage, deprecate old callbacks
| |
| * Modernize code to use more C++11 features
| |
| * Various code cleanups
| |
| * Fix CSS of <code>_default_</code> skin for Fingerprints section
| |
| * Remove <code>--with-openssl=/path</code> option from ./configure. SSL is still supported and is still configurable
| |
| * Add <code>OnUserQuitMessage()</code> module hook.
| |
| * Add <code>OnPrivBufferStarting()</code> and <code>OnPrivBufferEnding()</code> hooks {{GH|1294}}
| |
| * <code>CString::WildCmp()</code>: add an optional case-sensitivity argument
| |
| * Do not call <code>OnAddUser()</code> hook during ZNC startup {{GH|929}}
| |
| * Rehash now reloads only global settings {{GH|929}}
| |
| * Remove <code>CAP CLEAR</code>
| |
| * <code>CChan::GetNetwork()</code>
| |
| * <code>CUser</code>: add API for removing and clearing allowed hosts
| |
| * <code>CZNC</code>: add missing SSL-related getters and setters
| |
| * Add a possibility (not an "option") to disable launch after --makeconf {{GH|257}}
| |
| * Add an integration test {{GH|772}}
| |
| * Move Unix signal processing to a dedicated thread.
| |
| * Add clang-format configuration, switch tabs to spaces.
| |
| * CString::StripControls: Strip background colors when we reset foreground {{GH|1261}}
| |
| * Make chan modes and permissions to be char instead of unsigned char. {{GH|1486}}
| |
| | |
| == Cosmetic == | |
| * autoconf/makefile: alphabetically sort the modules we compile {{GH|1358}}
| |
| * Alphabetically sort output of znc --help {{GH|1367}}
| |
| * Change output during startup {{GH|1124}}
| |
| * Show new server name when jumping server {{GH|1147}}
| |
| * Hide passwords in listservers output {{GH|1320}}
| |
| * Filter out ZNC passwords in output of `znc -D` {{GH|1445}}
| |
| * Make the user aware that debug mode is enabled. {{GH|1446}}
| |
| * Switch znc.in URLs to https
| |
[default]
default_md = sha512
name_opt = ca_default
cert_opt = ca_default
default_days = 375
policy = @policy_selfsigned
[ req ]
#Options from the [ req ] section are applied
#when creating certificates or certificate signing requests.
# Options for the `req` tool (`man req`).
default_bits = 4096
distinguished_name = req_selfsigned
string_mask = utf8only
default_md = sha512
[ req_selfsigned ]
# The [ req_dn ] section declares the information
# normally required in a certificate signing request.
# You can optionally specify some defaults.
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (e.g. server FQDN or YOUR name)
emailAddress = Email Address
# Optionally, specify some defaults.
countryName_default = IT
stateOrProvinceName_default = Italy
localityName_default = Italy
organizationName_default = ZNC.in
#organizationalUnitName_default = ZNC Service
#commonName_default = wiki.znc.in
emailAddress_default = user [at] example [dot] com
[ policy_selfsigned ]
# See the POLICY FORMAT section of the `ca` man page.
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional
[ usr_cert ]
# We’ll apply the usr_cert extension when signing client certificates,
# such as those used for remote user authentication.
# Extensions for client certificates (`man x509v3_config`).
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement
extendedKeyUsage = critical, clientAuth, emailProtection, codeSigning
[ server_cert ]
# We’ll apply the server_cert extension when signing server certificates,
# such as those used for web servers.
# Extensions for server certificates (`man x509v3_config`).
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage = critical, serverAuth