mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-05 15:53:13 +02:00
138 lines
7.2 KiB
Plaintext
138 lines
7.2 KiB
Plaintext
UnrealIRCd 4.2.0 Release Notes
|
|
===============================
|
|
|
|
There have been so many changes in this and the last few 4.0.x versions,
|
|
it justifies calling this new release "UnrealIRCd 4.2.0".
|
|
|
|
Marking the beginning of the 4.2 series, this release introduces features
|
|
such as "soft klines" and "soft actions". A significant number of optional
|
|
modules are now loaded as default, including timed channel bans and
|
|
textbans. Also, a lot more smaller changes are included in this release,
|
|
such as fixes for TLSv1.3 and experimental WHOX support.
|
|
See further down for a full list of changes.
|
|
|
|
NOTE: Version 4.2.0 is the direct successor to 4.0.18. There will be
|
|
no further 4.0.x releases (in particular there will be no 4.0.19).
|
|
https://www.unrealircd.org/docs/FAQ#Questions_about_the_new_4.2.x_series
|
|
|
|
Upgrade advice: if you are conservative about upgrades then feel free to
|
|
wait for 4.2.1. Other than some blacklist fixes there are no major bugs
|
|
fixed. This release is mostly about new features + some minor fixes.
|
|
|
|
Enhancements:
|
|
* New option to disable a module: blacklist-module "modulename";
|
|
This will cause any 'loadmodule' lines for that module to be ignored.
|
|
This is especially useful if you only want to disable a few modules
|
|
that are (normally) automatically loaded by conf/modules.default.conf.
|
|
https://www.unrealircd.org/docs/Blacklist-module_directive
|
|
* Next three new features have to do with SASL. More information on SASL
|
|
in general can be found at https://www.unrealircd.org/docs/SASL
|
|
* A new require sasl { } block which allows you to force users on the
|
|
specified hostmask to use SASL. Any unauthenticated users matching
|
|
the specified hostmask are are rejected.
|
|
See https://www.unrealircd.org/docs/Require_sasl_block
|
|
* New "soft kline" and "soft gline". These will not be applied to users
|
|
that are authenticated to services using SASL.
|
|
These are just GLINE/KLINE's but prefixed with a percent sign:
|
|
Example: /GLINE %*@10.* 0 Only SASL allowed from here
|
|
* New "soft" ban actions for spamfilter, blacklist, antirandom, etc.
|
|
Actions such as "soft-kline" and "soft-kill" will only be applied to
|
|
unauthenticated users. Users who are authenticated to services (SASL)
|
|
are exempt from the corresponding spamfilter/blacklist/antirandom/..
|
|
See https://www.unrealircd.org/docs/Actions for the full action list.
|
|
* WARNING: If your network also contains UnrealIRCd servers below v4.2.0
|
|
then it is not recommended to use global soft bans (such as soft gline
|
|
or any spamfilter with soft-xx actions). There won't be havoc, but the
|
|
bans won't be effective on parts of the network.
|
|
* The following extban modules are not new but are now enabled by default:
|
|
extbans/textban, extbans/timedban and extbans/msgbypass.
|
|
In case you don't like them, use blacklist-module as mentioned earlier.
|
|
Just as a reminder, they provide the following functionality:
|
|
* TextBan: +b ~T:block:*badword* to block sentences with 'badword'
|
|
* Timed bans: ~t:duration:mask
|
|
These are bans that are automatically removed by the server.
|
|
The duration is in minutes and the mask can be any ban mask.
|
|
Some examples:
|
|
* A 5 minute ban on a host:
|
|
+b ~t:5:*!*@host
|
|
* A 5 minute quiet ban on a host (unable to speak):
|
|
+b ~t:5:~q:*!*@host
|
|
* An invite exception for 24 hours (1440 minutes):
|
|
+I ~t:1440:*!*@host
|
|
* A temporary exempt ban for a services account:
|
|
+e ~t:1440:~a:Account
|
|
* Allows someone to speak through +m for the next 24hrs:
|
|
+e ~t:1440:~m:moderated:*!*@host
|
|
* And any other crazy ideas you can come up with...
|
|
* Ban exception ~m:type:mask to allow bypassing of message restrictions.
|
|
Valid types are: 'external' (bypass +n), moderated (bypass +m/+M),
|
|
'censor' (bypass +G), 'color' (bypass +S/+c) and 'notice' (bypass +T).
|
|
Some examples:
|
|
* Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
|
|
* Let ops in #otherchan bypass +m: +e ~m:moderated:~c:@#otherchan
|
|
* Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
|
|
* Allow a services account to use color: +e ~m:color:~a:ColorBot
|
|
* Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
|
|
* AntiRandom: The module will now (by default) exempt WEBIRC gateways
|
|
from antirandom checking because they frequently cause false positives.
|
|
This new behavior can be disabled via:
|
|
set { antirandom { except-webirc no; }; };
|
|
* Server linking attempts and errors are now also put in the log file.
|
|
* A new module that provides WHOX support, an enhanced and more standard
|
|
version of WHO (NOTE: the command is still "WHO").
|
|
This allows, among other things, the client to request additional
|
|
information, such as which services account each channel member is using.
|
|
The module is currently experimental. To use it, add this to your conf:
|
|
loadmodule "m_whox";
|
|
|
|
Major issues fixed:
|
|
* Blacklist: Potential crash issue when concurrently checking DNSBL
|
|
for the WEBIRC gateway and the spoofed host.
|
|
* Blacklist: In case of multiple blacklists the 2nd/3rd/.. blacklists
|
|
were not always checked properly.
|
|
|
|
Minor issues fixed:
|
|
* Remote includes: ./Config didn't properly detect libcurl on Ubuntu 18
|
|
(and possibly other Linux distributions as well)
|
|
* Timeouts during server linking attempts were not displayed.
|
|
* Delayjoin: Halfops did not see JOIN's when channel mode +D was set.
|
|
* IRCOps with minimal privileges lost their user modes on MODE change.
|
|
* IRCOps could not override channel mode +z (when not using SSL/TLS)
|
|
* Channel names sometimes truncated if using accents or special chars.
|
|
* TLSv1.3 ciphersuite setting was changed to reflect OpenSSL's behavior.
|
|
There is now set::ssl::ciphersuites, specifically for TLSv1.3.
|
|
Note that the default is perfectly fine so at this point in time it
|
|
shouldn't need any adjustment (but the option is there...).
|
|
* Windows: conf\modules.optional.conf was missing.
|
|
|
|
Removed:
|
|
* allow::options::sasl has been removed. Use the new and more flexible
|
|
require sasl { } block instead.
|
|
|
|
Other changes:
|
|
* Windows users may be prompted to install the Visual C++ redistributable
|
|
package for Visual Studio 2017. This is because we now build on VS 2017
|
|
instead of VS 2012.
|
|
* We now use standard formatted messages for all K-Lines, G-Lines and
|
|
any other bans that will cause the user to be disconnected.
|
|
For technical details see the banned_client() function.
|
|
* The except throttle { } block now also overrides any limitations from
|
|
set::max-unknown-connection-per-ip. Useful for WEBIRC/cgiirc gateways.
|
|
* Localhost connections are considered secure, so these can be used even
|
|
if you have a plaintext-policy of 'deny' or 'warn'. (This was already
|
|
the case for servers, but now also for users and opers)
|
|
* Allow slashes in vhost/chghost/sethost/.. (but not through DNS)
|
|
|
|
Module coders:
|
|
* Windows: Be aware that we now build with Visual Studio 2017. This means
|
|
3rd party modules should be compiled with VS 2017 (or VS 2015) as well.
|
|
|
|
Future versions:
|
|
* We intend to change the default plaintext oper policy from 'warn' to 'deny'
|
|
later this year. This will deny /OPER when used from a non-SSL connection.
|
|
For security, IRC Operators should really use SSL/TLS!
|
|
|
|
==[ CHANGES IN OLDER RELEASES ]==
|
|
For changes in previous UnrealIRCd releases see doc/RELEASE-NOTES.old or
|
|
https://raw.githubusercontent.com/unrealircd/unrealircd/unreal40/doc/RELEASE-NOTES.old
|