Set version to 25.07

This option allows disabling some auth mechanisms
to be offered in SASL1 features. This makes adding
new password types easier, by ensuring that new
password use will be offered only to clients that
have new type stored (SASL2 clients that send us
user info before features need to be sent), but
not to clients where we don't know if they have
new passwords.

.github/container/Dockerfile

@@ -1,6 +1,6 @@
 #' Define default build variables
-ARG OTP_VSN='27.3.2'
-ARG ELIXIR_VSN='1.18.3'
+ARG OTP_VSN='27.3.4.1'
+ARG ELIXIR_VSN='1.18.4'
 ARG UID='9000'
 ARG USER='ejabberd'
 ARG HOME="opt/$USER"

.github/workflows/ci.yml

@@ -25,7 +25,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        otp: ['25', '26', '27']
+        otp: ['25', '26', '27', '28']
     runs-on: ubuntu-24.04
     services:
       redis:
@@ -120,6 +120,7 @@ jobs:
     - run: make dialyzer
     - run: make test-eunit
     - run: make elvis
+      if: matrix.otp >= '26'
 
     - name: Check Production Release
       run: |

.github/workflows/runtime.yml

@@ -31,11 +31,13 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        otp: ['20', '25', '26', '27']
+        otp: ['20', '25', '26', '27', '28']
         rebar: ['rebar', 'rebar3']
         exclude:
         - otp: '27'
           rebar: 'rebar'
+        - otp: '28'
+          rebar: 'rebar'
     runs-on: ubuntu-24.04
     container:
       image: public.ecr.aws/docker/library/erlang:${{ matrix.otp }}
@@ -44,7 +46,7 @@ jobs:
 
     - uses: actions/checkout@v4
 
-    - name: Get compatible Rebar binaries
+    - name: Get old compatible Rebar binaries
       if: matrix.otp < 24
       run: |
         rm rebar
@@ -54,6 +56,16 @@ jobs:
         chmod +x rebar
         chmod +x rebar3
 
+    - name: Get recent compatible Rebar binaries
+      if: matrix.otp > 23 && matrix.otp < 25
+      run: |
+        rm rebar
+        rm rebar3
+        wget https://github.com/processone/ejabberd/raw/24.12/rebar
+        wget https://github.com/processone/ejabberd/raw/24.12/rebar3
+        chmod +x rebar
+        chmod +x rebar3
+
     - name: Prepare libraries
       run: |
         apt-get -qq update
@@ -68,7 +80,7 @@ jobs:
           ~/.cache/rebar3/
         key: ${{matrix.otp}}-${{hashFiles('rebar.config')}}
 
-    - name: Get compatible Rebar binaries
+    - name: Unlock eredis dependency
       if: matrix.rebar == 'rebar3' && matrix.otp < 21
       run: rebar3 unlock eredis
 
@@ -77,6 +89,7 @@ jobs:
         ./autogen.sh
         ./configure --with-rebar=./${{ matrix.rebar }} \
                     --prefix=/tmp/ejabberd \
+                    --with-min-erlang=9.0.5 \
                     --enable-all \
                     --disable-elixir \
                     --disable-tools \
@@ -164,7 +177,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        elixir: ['1.13', '1.14', '1.15', '1.16', '1.17', '1.18']
+        elixir: ['1.14', '1.15', '1.16', '1.17', '1.18']
     runs-on: ubuntu-24.04
     container:
       image: public.ecr.aws/docker/library/elixir:${{ matrix.elixir }}
@@ -287,7 +300,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        elixir: ['1.13', '1.14', '1.15', '1.16', '1.17', '1.18']
+        elixir: ['1.14', '1.15', '1.16', '1.17', '1.18']
     runs-on: ubuntu-24.04
     container:
       image: public.ecr.aws/docker/library/elixir:${{ matrix.elixir }}
@@ -344,7 +357,6 @@ jobs:
     - run: make dialyzer
 
     - run: make edoc
-      if: matrix.elixir >= '1.14'
 
     - name: Run rel
       run: |

CHANGELOG.md

@@ -1,3 +1,74 @@
+## Version 25.07
+
+#### Security fix
+
+- `ext_mod`: Add temporary workaround for zip including absolute path
+
+#### Compilation
+
+- Raise the minimum Elixir tested version to 1.14.0 ([#4281](https://github.com/processone/ejabberd/issues/4281))
+- Raise Erlang/OTP minimum requirement to 25.0 ([#4281](https://github.com/processone/ejabberd/issues/4281))
+- `configure.ac`: Allow to specify minimal erlang version using `--with-min-erlang`
+- `Makefile.in`: Add target `test-<group>`
+- `rebar3-format.sh`: Replace csplit with perl
+- Container: Bump Erlang/OTP 27.3.4.1, Elixir 1.18.4
+- Installers: Bump Erlang/OTP 27.3.4.1, Elixir 1.18.4, libexpat 2.7.1, OpenSSL 3.5.1
+
+#### Configuration and Tests
+
+- Add `rest_proxy*` options to configure proxy used by rest module
+- `ejabberd_c2s`: Add `auth_password_types_hidden_in_scram1` option
+- `ejabberd_http`: Remove unused `default_host` option and state element
+- `ejabberd_http`: New option `hosts_alias` and function `resolve_host_alias/1` ([#4400](https://github.com/processone/ejabberd/issues/4400))
+- New predefined keywords: `CONFIG_PATH` and `LOG_PATH`
+- Fix macro used in string options when defined in env var
+- Use auxiliary function to get `$HOME`, use Mnesia directory when not set ([#4402](https://github.com/processone/ejabberd/issues/4402))
+- `ejabberd_config`: Better `lists:uniq` substitute
+- Tests: update readme and compose to work with current sw versions
+- Update Elvis to 4.1.1, fix some warnings and enable their tests
+
+#### Erlang/OTP 28 support
+
+- Add workaround in `p1_acme` for Jose 1.11.10 not supporting OTP 28 `ecPrivkeyVer1` ([#4393](https://github.com/processone/ejabberd/issues/4393))
+- Bump `fast_xml` and `xmpp` for improved Erlang/OTP 28 support
+- Bump `xmpp` and `p1_acme` patched with Erlang/OTP 28 support
+- Fix `make options` in Erlang/OTP 28 ([#4352](https://github.com/processone/ejabberd/issues/4352))
+- Fix crash in `rebar3 cover` with Erlang/OTP 28 ([#4353](https://github.com/processone/ejabberd/issues/4353))
+- Rebar/Rebar3: Update binaries to work with Erlang/OTP 25-28 ([#4354](https://github.com/processone/ejabberd/issues/4354))
+- CI and Runtime: Add Erlang/OTP 28 to the versions matrix
+
+#### SQL
+
+- Fix mnesia to sql exporter after changes to auth tables
+- Update code for switching to new schema type to users table changes
+- Add mssql specific implementation of `delete_old_mam_messages`
+- Make `delete_old_mam_messages_batch` work with sqlite
+- `ejabberd_sm_sql`: Use misc:encode_pid/1
+- `mysql.sql`: Fix typo in commit 7862c6a when creating users table
+- `pg.sql`: Fix missing comma in postgres schema ([#4409](https://github.com/processone/ejabberd/issues/4409))
+
+#### Core and Modules
+
+- `ejabberd_s2s_in`: Allow S2S connections to accept client certificates that have only server purpose ([#4392](https://github.com/processone/ejabberd/issues/4392))
+- `ext_mod`: Recommend to write README.md instead txt (processone/ejabberd-contrib#363)
+- `ext_mod`: Support library path installed from Debian (processone/ejabberd-contrib#363)
+- `ext_mod`: When upgrading module, clean also the compiled directories
+- `gen_mod`: Add support to prepare module stopping before actually stopping any module
+- `mod_antispam`: Imported from ejabberd-contrib and improved ([#4373](https://github.com/processone/ejabberd/issues/4373))
+- `mod_auth_fast`: Clear tokens on kick, change pass and unregister ([#4397](https://github.com/processone/ejabberd/issues/4397))([#4398](https://github.com/processone/ejabberd/issues/4398))([#4399](https://github.com/processone/ejabberd/issues/4399))
+- `mod_conversejs`: Add link in WebAdmin to local Converse if configured
+- `mod_mam`: Present mam full text search in xep-431 compatible way
+- `mod_mam_mnesia`: Handle objects that don't need conversion in `transform/0`
+- `mod_matrix_gw`: Don't send empty messages in Matrix rooms ([#4385](https://github.com/processone/ejabberd/issues/4385))
+- `mod_matrix_gw`: Support older Matrix rooms versions starting from version 4
+- `mod_matrix_gw`: When encoding JSON, handle term that is key-value list ([#4379](https://github.com/processone/ejabberd/issues/4379))
+- `mod_matrix_gw_s2s`: Fix key validation in `check_signature`
+- `mod_mix` and `mod_muc_rtbl`: Support list of IDs in `pubsub-items-retract` (processone/xmpp#100)
+- `mod_pubsub_serverinfo`: Imported module from ejabberd-contrib ([#4408](https://github.com/processone/ejabberd/issues/4408))
+- `mod_register`: Normalize username when determining if user want to change pass
+- `mod_register`: Strip query data when returning errors
+- WebAdmin: New hooks `webadmin_menu_system` to add items to system menu
+
 ## Version 25.04
 
 #### Security fixes

COMPILE.md

@@ -19,7 +19,7 @@ To compile ejabberd you need:
 - GCC
 - Libexpat ≥ 1.95
 - Libyaml ≥ 0.1.4
-- Erlang/OTP ≥ 20.0
+- Erlang/OTP ≥ 25.0
 - OpenSSL ≥ 1.0.0
 
 Other optional libraries are:
@@ -28,8 +28,7 @@ Other optional libraries are:
 - PAM library, for Pluggable Authentication Modules (PAM)
 - ImageMagick's Convert program and Ghostscript fonts, for CAPTCHA
   challenges
-- Elixir ≥ 1.10.3, for Elixir support. It is recommended Elixir 1.13.4 or higher
-  and Erlang/OTP 23.0 or higher.
+- Elixir ≥ 1.10.3, for Elixir support. It is recommended Elixir 1.14.0 or higher
 
 If your system splits packages in libraries and development headers,
 install the development packages too.

CONTAINER.md

@@ -310,6 +310,152 @@ now you can define the admin account JID using an environment variable:
 Check the [full example](#customized-example) for other example.
 
 
+### ejabberd-contrib
+
+This section addresses those topics related to
+[ejabberd-contrib](https://docs.ejabberd.im/admin/guide/modules/#ejabberd-contrib):
+
+- [Download source code](#download-source-code)
+- [Install a module](#install-a-module)
+- [Install git for dependencies](#install-git-for-dependencies)
+- [Install your module](#install-your-module)
+
+---
+
+#### Download source code
+
+The `ejabberd` container image includes the ejabberd-contrib git repository source code,
+but `ecs` does not, so first download it:
+```bash
+$ docker exec ejabberd ejabberdctl modules_update_specs
+```
+
+#### Install a module
+
+Compile and install any of the contributed modules, for example:
+```bash
+docker exec ejabberd ejabberdctl module_install mod_statsdx
+
+Module mod_statsdx has been installed and started.
+It's configured in the file:
+  /opt/ejabberd/.ejabberd-modules/mod_statsdx/conf/mod_statsdx.yml
+Configure the module in that file, or remove it
+and configure in your main ejabberd.yml
+```
+
+#### Install git for dependencies
+
+Some modules depend on erlang libraries,
+but the container images do not include `git` or `mix` to download them.
+Consequently, when you attempt to install such a module,
+there will be error messages like:
+
+```bash
+docker exec ejabberd ejabberdctl module_install ejabberd_observer_cli
+
+I'll download "recon" using git because I can't use Mix to fetch from hex.pm:
+  /bin/sh: mix: not found
+Fetching dependency observer_cli:
+  /bin/sh: git: not found
+...
+```
+
+the solution is to install `git` in the container image:
+
+```bash
+docker exec --user root ejabberd apk add git
+
+fetch https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz
+fetch https://dl-cdn.alpinelinux.org/alpine/v3.21/community/x86_64/APKINDEX.tar.gz
+(1/3) Installing pcre2 (10.43-r0)
+(2/3) Installing git (2.47.2-r0)
+(3/3) Installing git-init-template (2.47.2-r0)
+Executing busybox-1.37.0-r12.trigger
+OK: 27 MiB in 42 packages
+```
+
+and now you can upgrade the module:
+
+```bash
+docker exec ejabberd ejabberdctl module_upgrade ejabberd_observer_cli
+
+I'll download "recon" using git because I can't use Mix to fetch from hex.pm:
+/bin/sh: mix: not found
+Fetching dependency observer_cli: Cloning into 'observer_cli'...
+Fetching dependency os_stats: Cloning into 'os_stats'...
+Fetching dependency recon: Cloning into 'recon'...
+Inlining: inline_size=24 inline_effort=150
+Old inliner: threshold=0 functions=[{insert,2},{merge,2}]
+Module ejabberd_observer_cli has been installed.
+Now you can configure it in your ejabberd.yml
+I'll download "recon" using git because I can't use Mix to fetch from hex.pm:
+/bin/sh: mix: not found
+```
+
+#### Install your module
+
+If you [developed an ejabberd module](https://docs.ejabberd.im/developer/extending-ejabberd/modules/),
+you can install it in your container image:
+
+1. Create a local directory for `ejabberd-modules`:
+
+    ``` sh
+    mkdir docker-modules
+    ```
+
+2. Then create the directory structure for your custom module:
+
+    ``` sh
+    cd docker-modules
+
+    mkdir -p sources/mod_hello_world/
+    touch sources/mod_hello_world/mod_hello_world.spec
+
+    mkdir sources/mod_hello_world/src/
+    mv mod_hello_world.erl sources/mod_hello_world/src/
+
+    mkdir sources/mod_hello_world/conf/
+    echo -e "modules:\n  mod_hello_world: {}" > sources/mod_hello_world/conf/mod_hello_world.yml
+
+    cd ..
+    ```
+
+3. Grant ownership of that directory to the UID that ejabberd will use inside the Docker image:
+
+    ``` sh
+    sudo chown 9000 -R docker-modules/
+    ```
+
+4. Start ejabberd in the container:
+
+    ``` sh
+    sudo docker run \
+      --name hellotest \
+      -d \
+      --volume "$(pwd)/docker-modules:/home/ejabberd/.ejabberd-modules/" \
+      -p 5222:5222 \
+      -p 5280:5280 \
+      ejabberd/ecs
+    ```
+
+5. Check the module is available for installing, and then install it:
+
+    ``` sh
+    sudo docker exec -it hellotest ejabberdctl modules_available
+    mod_hello_world []
+
+    sudo docker exec -it hellotest ejabberdctl module_install mod_hello_world
+    ```
+
+6. If the module works correctly, you will see `Hello` in the ejabberd logs when it starts:
+
+    ``` sh
+    sudo docker exec -it hellotest grep Hello logs/ejabberd.log
+    2020-10-06 13:40:13.154335+00:00 [info]
+      <0.492.0>@mod_hello_world:start/2:15 Hello, ejabberd world!
+    ```
+
+
 ### ejabberdapi
 
 When the container is running (and thus ejabberd), you can exec commands inside the container
@@ -418,12 +564,12 @@ it is necessary to change the old hostname stored in Mnesia.
 This section is equivalent to the ejabberd Documentation
 [Change Computer Hostname](https://docs.ejabberd.im/admin/guide/managing/#change-computer-hostname),
 but particularized to containers that use this
-ecs container image from ejabberd 23.01 or older.
+`ecs` container image from ejabberd 23.01 or older.
 
 #### Setup Old Container
 
 Let's assume a container running ejabberd 23.01 (or older) from
-this ecs container image, with the database directory binded
+this `ecs` container image, with the database directory binded
 and one registered account.
 This can be produced with:
 ```bash
@@ -926,10 +1072,10 @@ Let's summarize the differences between both container images. Legend:
 | Generated by          | [container.yml](https://github.com/processone/ejabberd/blob/master/.github/workflows/container.yml) | [tests.yml](https://github.com/processone/docker-ejabberd/blob/master/.github/workflows/tests.yml) |
 | Built for             | stable releases <br /> `master` branch | stable releases <br /> [`master` branch zip](https://github.com/processone/docker-ejabberd/actions/workflows/tests.yml) |
 | Architectures         | `linux/amd64` <br /> `linux/arm64` | `linux/amd64` |
-| Software              | Erlang/OTP 27.3.2-alpine <br /> Elixir 1.18.3 | Alpine 3.19 <br /> Erlang/OTP 26.2 <br /> Elixir 1.15.7 |
+| Software              | Erlang/OTP 27.3.4.1-alpine <br /> Elixir 1.18.4 | Alpine 3.19 <br /> Erlang/OTP 26.2 <br /> Elixir 1.15.7 |
 | Published in          | [ghcr.io/processone/ejabberd](https://github.com/processone/ejabberd/pkgs/container/ejabberd) | [docker.io/ejabberd/ecs](https://hub.docker.com/r/ejabberd/ecs/) <br /> [ghcr.io/processone/ecs](https://github.com/processone/docker-ejabberd/pkgs/container/ecs) |
 | :black_square_button: **Additional content** |
-| [ejabberd-contrib](https://docs.ejabberd.im/admin/guide/modules/#ejabberd-contrib) | included | not included |
+| [ejabberd-contrib](#ejabberd-contrib) | included | not included |
 | [ejabberdapi](#ejabberdapi) | included :orange_circle: | included |
 | :black_square_button: **Ports** |
 | [1880](#ports) for WebAdmin     | yes :orange_circle: | yes :orange_circle: |

Makefile.in

@@ -661,6 +661,17 @@ test:
 	@cd priv && ln -sf ../sql
 	$(REBAR) $(SKIPDEPS) ct
 
+.PHONY: test-%
+define test-group-target
+test-$1:
+	$(REBAR) $(SKIPDEPS) ct --suite=test/ejabberd_SUITE --group=$1
+endef
+
+ifneq ($(filter test-%,$(MAKECMDGOALS)),)
+group_to_test := $(patsubst test-%,%,$(filter test-%,$(MAKECMDGOALS)))
+$(eval $(call test-group-target,$(group_to_test)))
+endif
+
 test-eunit:
 	$(REBAR) $(SKIPDEPS) eunit --verbose
 
@@ -711,6 +722,7 @@ help:
 	@echo "  hooks          Run hooks validator"
 	@echo "  test           Run Common Tests suite [rebar3]"
 	@echo "  test-eunit     Run EUnit suite [rebar3]"
+	@echo "  test-<group>   Run Common Test suite for specific group only [rebar3]"
 	@echo "  xref           Run cross reference analysis [rebar3]"
 
 #.

configure.ac

@@ -2,8 +2,17 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.59)
-AC_INIT(ejabberd, m4_esyscmd([echo `git describe --tags 2>/dev/null || echo 25.04` | sed 's/-g.*//;s/-/./' | tr -d '\012']), [ejabberd@process-one.net], [ejabberd])
-REQUIRE_ERLANG_MIN="9.0.5 (Erlang/OTP 20.0)"
+AC_INIT(ejabberd, m4_esyscmd([echo `git describe --tags 2>/dev/null || echo 25.07` | sed 's/-g.*//;s/-/./' | tr -d '\012']), [ejabberd@process-one.net], [ejabberd])
+
+AC_ARG_WITH(min-erlang,
+	AS_HELP_STRING([--with-min-erlang=version],[set minimal required erlang version, default to OTP25]),
+[if test "X$withval" = "X"; then
+    REQUIRE_ERLANG_MIN="13.0 (Erlang/OTP 25.0)"
+else
+    REQUIRE_ERLANG_MIN="$withval"
+fi
+], [REQUIRE_ERLANG_MIN="13.0 (Erlang/OTP 25.0)"])
+
 REQUIRE_ERLANG_MAX="100.0.0 (No Max)"
 
 AC_CONFIG_MACRO_DIR([m4])

ejabberd.doap

@@ -773,6 +773,15 @@
         <xmpp:note>mod_mam</xmpp:note>
       </xmpp:SupportedXep>
     </implements>
+    <implements>
+      <xmpp:SupportedXep>
+        <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0431.html"/>
+        <xmpp:version>0.2.0</xmpp:version>
+        <xmpp:since>24.12</xmpp:since>
+        <xmpp:status>complete</xmpp:status>
+        <xmpp:note>mod_mam</xmpp:note>
+      </xmpp:SupportedXep>
+    </implements>
     <implements>
       <xmpp:SupportedXep>
         <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0440.html"/>
@@ -821,10 +830,19 @@
     <implements>
       <xmpp:SupportedXep>
         <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0485.html"/>
-        <xmpp:version>0.2.0</xmpp:version>
-        <xmpp:since>24.02</xmpp:since>
+        <xmpp:version>0.1.1</xmpp:version>
+        <xmpp:since>25.07</xmpp:since>
         <xmpp:status>complete</xmpp:status>
-        <xmpp:note>, mod_pubsub_serverinfo in ejabberd-contrib.git</xmpp:note>
+        <xmpp:note>mod_pubsub_serverinfo</xmpp:note>
+      </xmpp:SupportedXep>
+    </implements>
+    <implements>
+      <xmpp:SupportedXep>
+        <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0486.html"/>
+        <xmpp:version>0.1.0</xmpp:version>
+        <xmpp:since>24.07</xmpp:since>
+        <xmpp:status>complete</xmpp:status>
+        <xmpp:note>mod_muc</xmpp:note>
       </xmpp:SupportedXep>
     </implements>
   </Project>

elvis.config

@@ -16,17 +16,17 @@
                  {elvis_style, function_naming_convention, disable},
                  {elvis_style, god_modules, #{limit => 300}},
                  {elvis_style, invalid_dynamic_call, disable},
-                 {elvis_style, macro_module_names, disable},
-                 {elvis_style, macro_names, disable},
                  {elvis_style, max_function_arity, disable}, % #{max_arity => 15}},
                  {elvis_style, nesting_level, disable},
                  {elvis_style, no_author, disable},
+                 {elvis_style, no_boolean_in_comparison, disable},
                  {elvis_style, no_catch_expressions, disable},
                  {elvis_style, no_debug_call, disable},
                  {elvis_style, no_if_expression, disable},
                  {elvis_style, no_import, disable},
-                 {elvis_style, no_match_in_condition, disable},
                  {elvis_style, no_nested_try_catch, disable},
+                 {elvis_style, no_operation_on_same_value, disable},
+                 {elvis_style, no_receive_without_timeout, disable},
                  {elvis_style, no_single_clause_case, disable},
                  {elvis_style, no_spec_with_records, disable},
                  {elvis_style, no_throw, disable},

include/mod_antispam.hrl

@@ -0,0 +1,36 @@
+%%%----------------------------------------------------------------------
+%%%
+%%% ejabberd, Copyright (C) 2002-2025   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+
+-define(MODULE_ANTISPAM, mod_antispam).
+
+-type url() :: binary().
+-type filename() :: binary() | none | false.
+-type jid_set() :: sets:set(ljid()).
+-type url_set() :: sets:set(url()).
+
+-define(DEFAULT_RTBL_DOMAINS_NODE, <<"spam_source_domains">>).
+
+-record(rtbl_service,
+        {host = none                       :: binary() | none,
+         node = ?DEFAULT_RTBL_DOMAINS_NODE :: binary(),
+         subscribed = false                :: boolean(),
+         retry_timer = undefined           :: reference() | undefined}).
+
+-type rtbl_service() :: #rtbl_service{}.

include/mod_matrix_gw.hrl

@@ -21,6 +21,13 @@
 -record(room_version,
         {id :: binary(),
          %% use the same field names as in Synapse
+         enforce_key_validity :: boolean(),
+         special_case_aliases_auth :: boolean(),
+         strict_canonicaljson :: boolean(),
+         limit_notifications_power_levels :: boolean(),
+         knock_join_rule :: boolean(),
+         restricted_join_rule :: boolean(),
+         restricted_join_rule_fix :: boolean(),
          knock_restricted_join_rule :: boolean(),
          enforce_int_power_levels :: boolean(),
          implicit_room_creator :: boolean(),

man/ejabberd.yml.5

@@ -2,12 +2,12 @@
 .\"     Title: ejabberd.yml
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 04/16/2025
+.\"      Date: 07/11/2025
 .\"    Manual: \ \&
 .\"    Source: \ \&
 .\"  Language: English
 .\"
-.TH "EJABBERD\&.YML" "5" "04/16/2025" "\ \&" "\ \&"
+.TH "EJABBERD\&.YML" "5" "07/11/2025" "\ \&" "\ \&"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -82,12 +82,12 @@ All options can be changed in runtime by running \fIejabberdctl reload\-config\f
 .sp
 Some options can be specified for particular virtual host(s) only using \fIhost_config\fR or \fIappend_host_config\fR options\&. Such options are called \fIlocal\fR\&. Examples are \fImodules\fR, \fIauth_method\fR and \fIdefault_db\fR\&. The options that cannot be defined per virtual host are called \fIglobal\fR\&. Examples are \fIloglevel\fR, \fIcertfiles\fR and \fIlisten\fR\&. It is a configuration mistake to put \fIglobal\fR options under \fIhost_config\fR or \fIappend_host_config\fR section \- ejabberd will refuse to load such configuration\&.
 .sp
-It is not recommended to write ejabberd\&.yml from scratch\&. Instead it is better to start from "default" configuration file available at https://github\&.com/processone/ejabberd/blob/25\&.04/ejabberd\&.yml\&.example\&. Once you get ejabberd running you can start changing configuration options to meet your requirements\&.
+It is not recommended to write ejabberd\&.yml from scratch\&. Instead it is better to start from "default" configuration file available at https://github\&.com/processone/ejabberd/blob/25\&.07/ejabberd\&.yml\&.example\&. Once you get ejabberd running you can start changing configuration options to meet your requirements\&.
 .sp
 Note that this document is intended to provide comprehensive description of all configuration options that can be consulted to understand the meaning of a particular option, its format and possible values\&. It will be quite hard to understand how to configure ejabberd by reading this document only \- for this purpose the reader is recommended to read online Configuration Guide available at https://docs\&.ejabberd\&.im/admin/configuration\&.
 .SH "TOP LEVEL OPTIONS"
 .sp
-This section describes top level options of ejabberd 25\&.04\&. The options that changed in this version are marked with 🟤\&.
+This section describes top level options of ejabberd 25\&.07\&. The options that changed in this version are marked with 🟤\&.
 .PP
 \fBaccess_rules\fR: \fI{AccessName: {allow|deny: ACLName|ACLDefinition}}\fR
 .RS 4
@@ -461,6 +461,12 @@ option\&.
 .sp
 The default value is \fIplain\fR\&.
 .PP
+\fBauth_password_types_hidden_in_scram1 🟤\fR: \fI[plain | scram_sha1 | scram_sha256 | scram_sha512]\fR
+.RS 4
+\fINote\fR
+about this option: added in 25\&.07\&. List of password types that should not be offered in SCRAM1 authenticatication\&. Because SCRAM1, unlike SCRAM2, can\(cqt have list of available mechanisms tailored to individual user, it\(cqs possible that offered mechanisms will not be compatible with stored password, especially if new password type was added recently\&. This option allows disabling offering some mechanisms in SASL1, to a time until new password type will be available for all users\&.
+.RE
+.PP
 \fBauth_scram_hash\fR: \fIsha | sha256 | sha512\fR
 .RS 4
 Hash algorithm that should be used to store password in
@@ -951,6 +957,34 @@ List of one or more
 option\&.
 .RE
 .PP
+\fBhosts_alias 🟤\fR: \fI{Alias: Host}\fR
+.RS 4
+\fINote\fR
+about this option: added in 25\&.07\&. Define aliases for existing vhosts managed by ejabberd\&. An alias may be a regexp expression\&. This option is only consulted by the
+\fIejabberd_http\fR
+listener\&.
+.sp
+\fBExample\fR:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+hosts:
+  \- domain\&.tld
+  \- example\&.org
+
+hosts_alias:
+  xmpp\&.domain\&.tld: domain\&.tld
+  jabber\&.domain\&.tld: domain\&.tld
+  mytest\&.net: example\&.org
+  "exa*": example\&.org
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.PP
 \fBinclude_config_file\fR: \fI[Filename, \&.\&.\&.] | {Filename: Options}\fR
 .RS 4
 Read and
@@ -1246,7 +1280,7 @@ This option can be used to tune tick time parameter of
 .RS 4
 Whether to use the
 \fIdatabase\&.md#default\-and\-new\-schemas|new SQL schema\fR\&. All schemas are located at
-https://github\&.com/processone/ejabberd/tree/25\&.04/sql\&. There are two schemas available\&. The default legacy schema stores one XMPP domain into one ejabberd database\&. The
+https://github\&.com/processone/ejabberd/tree/25\&.07/sql\&. There are two schemas available\&. The default legacy schema stores one XMPP domain into one ejabberd database\&. The
 \fInew\fR
 schema can handle several XMPP domains in a single ejabberd database\&. Using this
 \fInew\fR
@@ -1513,6 +1547,30 @@ XMPP Core: section 7\&.7\&.2\&.2\&. The default value is
 \fIcloseold\fR\&.
 .RE
 .PP
+\fBrest_proxy 🟤\fR: \fIHost\fR
+.RS 4
+\fINote\fR
+about this option: added in 25\&.07\&. Address of a HTTP Connect proxy used by modules issuing rest calls (like ejabberd_oauth_rest)
+.RE
+.PP
+\fBrest_proxy_password 🟤\fR: \fIstring()\fR
+.RS 4
+\fINote\fR
+about this option: added in 25\&.07\&. Password used to authenticate to HTTP Connect proxy used by modules issuing rest calls (like ejabberd_oauth_rest)
+.RE
+.PP
+\fBrest_proxy_port 🟤\fR: \fI1\&.\&.65535\fR
+.RS 4
+\fINote\fR
+about this option: added in 25\&.07\&. Port of a HTTP Connect proxy used by modules issuing rest calls (like ejabberd_oauth_rest)
+.RE
+.PP
+\fBrest_proxy_username 🟤\fR: \fIstring()\fR
+.RS 4
+\fINote\fR
+about this option: added in 25\&.07\&. Username used to authenticate to HTTP Connect proxy used by modules issuing rest calls (like ejabberd_oauth_rest)
+.RE
+.PP
 \fBrouter_cache_life_time\fR: \fItimeout()\fR
 .RS 4
 Same as
@@ -2043,9 +2101,13 @@ seconds\&.
 .RE
 .SH "MODULES"
 .sp
-This section describes modules options of ejabberd 25\&.04\&. The modules that changed in this version are marked with 🟤\&.
+This section describes modules options of ejabberd 25\&.07\&. The modules that changed in this version are marked with 🟤\&.
 .SS "mod_adhoc"
 .sp
+def:ad\-hoc command
+.sp
+: Command that can be executed by an XMPP client using XEP\-0050\&.
+.sp
 This module implements XEP\-0050: Ad\-Hoc Commands\&. It\(cqs an auxiliary module and is only needed by some of the other modules\&.
 .sp
 .it 1 an-trap
@@ -2066,7 +2128,7 @@ Provide the Commands item in the Service Discovery\&. Default value:
 .sp
 \fINote\fR about this option: added in 25\&.03\&.
 .sp
-Execute API Commands in a XMPP client using XEP\-0050: Ad\-Hoc Commands\&. This module requires \fImod_adhoc\fR (to execute the commands), and recommends \fImod_disco\fR (to discover the commands)\&.
+Execute (def:API commands) in a XMPP client using XEP\-0050: Ad\-Hoc Commands\&. This module requires \fImod_adhoc\fR (to execute the commands), and recommends \fImod_disco\fR (to discover the commands)\&.
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -2078,7 +2140,7 @@ Execute API Commands in a XMPP client using XEP\-0050: Ad\-Hoc Commands\&. This
 .PP
 \fBdefault_version\fR: \fIinteger() | string()\fR
 .RS 4
-What API version to use\&. If setting an ejabberd version, it will use the latest API version that was available in that ejabberd version\&. For example, setting
+What API version to use\&. If setting an ejabberd version, it will use the latest API version that was available in that (def:c2s) ejabberd version\&. For example, setting
 \fI"24\&.06"\fR
 in this option implies
 \fI2\fR\&. The default value is the latest version\&.
@@ -2393,6 +2455,134 @@ Same as top\-level
 option, but applied to this module only\&.
 .RE
 .RE
+.SS "mod_antispam 🟤"
+.sp
+\fINote\fR about this option: added in 25\&.07\&.
+.sp
+Filter spam messages and subscription requests received from remote servers based on Real\-Time Block Lists (RTBL), lists of known spammer JIDs and/or URLs mentioned in spam messages\&. Traffic classified as spam is rejected with an error (and an \fI[info]\fR message is logged) unless the sender is subscribed to the recipient\(cqs presence\&.
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBAvailable options:\fR
+.RS 4
+.PP
+\fBaccess_spam\fR: \fIAccess\fR
+.RS 4
+Access rule that controls what accounts may receive spam messages\&. If the rule returns
+\fIallow\fR
+for a given recipient, spam messages aren\(cqt rejected for that recipient\&. The default value is
+\fInone\fR, which means that all recipients are subject to spam filtering verification\&.
+.RE
+.PP
+\fBcache_size\fR: \fIpos_integer()\fR
+.RS 4
+Maximum number of JIDs that will be cached due to sending spam URLs\&. If that limit is exceeded, the least recently used entries are removed from the cache\&. Setting this option to
+\fI0\fR
+disables the caching feature\&. Note that separate caches are used for each virtual host, and that the caches aren\(cqt distributed across cluster nodes\&. The default value is
+\fI10000\fR\&.
+.RE
+.PP
+\fBrtbl_services\fR: \fI[Service]\fR
+.RS 4
+Query a RTBL service to get domains to block, as provided by
+xmppbl\&.org\&. Please note right now this option only supports one service in that list\&. For blocking spam and abuse on MUC channels, please use
+\fImod_muc_rtbl\fR
+for now\&. If only the host is provided, the default node names will be assumed\&. If the node name is different than
+\fIspam_source_domains\fR, you can setup the custom node name with the option
+\fIspam_source_domains_node\fR\&. The default value is an empty list of services\&.
+.sp
+\fBExample\fR:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+rtbl_services:
+  \- pubsub\&.server1\&.localhost:
+      spam_source_domains_node: actual_custom_pubsub_node
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.PP
+\fBspam_domains_file\fR: \fInone | Path\fR
+.RS 4
+Path to a plain text file containing a list of known spam domains, one domain per line\&. Messages and subscription requests sent from one of the listed domains are classified as spam if sender is not in recipient\(cqs roster\&. This list of domains gets merged with the one retrieved by an RTBL host if any given\&. Use an absolute path, or the
+\fI@CONFIG_PATH@\fR
+predefined keyword
+if the file is available in the configuration directory\&. The default value is
+\fInone\fR\&.
+.RE
+.PP
+\fBspam_dump_file\fR: \fIfalse | true | Path\fR
+.RS 4
+Path to the file to store blocked messages\&. Use an absolute path, or the
+\fI@LOG_PATH@\fR
+predefined keyword
+to store logs in the same place that the other ejabberd log files\&. If set to
+\fIfalse\fR, it doesn\(cqt dump stanzas, which is the default\&. If set to
+\fItrue\fR, it stores in
+\fI"@LOG_PATH@/spam_dump_@HOST@\&.log"\fR\&.
+.RE
+.PP
+\fBspam_jids_file\fR: \fInone | Path\fR
+.RS 4
+Path to a plain text file containing a list of known spammer JIDs, one JID per line\&. Messages and subscription requests sent from one of the listed JIDs are classified as spam\&. Messages containing at least one of the listed JIDsare classified as spam as well\&. Furthermore, the sender\(cqs JID will be cached, so that future traffic originating from that JID will also be classified as spam\&. Use an absolute path, or the
+\fI@CONFIG_PATH@\fR
+predefined keyword
+if the file is available in the configuration directory\&. The default value is
+\fInone\fR\&.
+.RE
+.PP
+\fBspam_urls_file\fR: \fInone | Path\fR
+.RS 4
+Path to a plain text file containing a list of URLs known to be mentioned in spam message bodies\&. Messages containing at least one of the listed URLs are classified as spam\&. Furthermore, the sender\(cqs JID will be cached, so that future traffic originating from that JID will be classified as spam as well\&. Use an absolute path, or the
+\fI@CONFIG_PATH@\fR
+predefined keyword
+if the file is available in the configuration directory\&. The default value is
+\fInone\fR\&.
+.RE
+.PP
+\fBwhitelist_domains_file\fR: \fInone | Path\fR
+.RS 4
+Path to a file containing a list of domains to whitelist from being blocked, one per line\&. If either it is in
+\fIspam_domains_file\fR
+or more realistically in a domain sent by a RTBL host (see option
+\fIrtbl_services\fR) then this domain will be ignored and stanzas from there won\(cqt be blocked\&. Use an absolute path, or the
+\fI@CONFIG_PATH@\fR
+predefined keyword
+if the file is available in the configuration directory\&. The default value is
+\fInone\fR\&.
+.RE
+.RE
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBExample:\fR
+.RS 4
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modules:
+  mod_antispam:
+    rtbl_services:
+      \- xmppbl\&.org
+    spam_jids_file: "@CONFIG_PATH@/spam_jids\&.txt"
+    spam_dump_file: "@LOG_PATH@/spam/host\-@HOST@\&.log"
+.fi
+.if n \{\
+.RE
+.\}
+.RE
 .SS "mod_auth_fast"
 .sp
 \fINote\fR about this option: added in 24\&.12\&.
@@ -2844,9 +3034,9 @@ modules:
 .RE
 .\}
 .RE
-.SS "mod_conversejs"
+.SS "mod_conversejs 🟤"
 .sp
-\fINote\fR about this option: added in 21\&.12 and improved in 22\&.05\&.
+\fINote\fR about this option: improved in 25\&.07\&.
 .sp
 This module serves a simple page for the Converse XMPP web browser client\&.
 .sp
@@ -2856,6 +3046,8 @@ Make sure either \fImod_bosh\fR or \fIlisten\&.md#ejabberd_http_ws|ejabberd_http
 .sp
 When \fIconversejs_css\fR and \fIconversejs_script\fR are \fIauto\fR, by default they point to the public Converse client\&.
 .sp
+This module is available since ejabberd 21\&.12\&.
+.sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
@@ -3956,9 +4148,9 @@ When this option is disabled, for each individual subscriber a separate mucsub m
 \fIfalse\fR\&.
 .RE
 .RE
-.SS "mod_matrix_gw"
+.SS "mod_matrix_gw 🟤"
 .sp
-\fINote\fR about this option: improved in 25\&.03\&.
+\fINote\fR about this option: improved in 25\&.07\&.
 .sp
 Matrix gateway\&. Erlang/OTP 25 or higher is required to use this module\&. This module is available since ejabberd 24\&.02\&.
 .sp
@@ -6427,6 +6619,59 @@ modules:
 .RE
 .\}
 .RE
+.SS "mod_pubsub_serverinfo 🟤"
+.sp
+\fINote\fR about this option: added in 25\&.07\&.
+.sp
+This module adds support for XEP\-0485: PubSub Server Information to expose S2S information over the Pub/Sub service\&.
+.sp
+Active S2S connections are published to a local PubSub node\&. Currently the node name is hardcoded as \fI"serverinfo"\fR\&.
+.sp
+Connections that support this feature are exposed with their domain names, otherwise they are shown as anonymous nodes\&. At startup a list of well known public servers is fetched\&. Those are not shown as anonymous even if they don\(cqt support this feature\&.
+.sp
+Please note that the module only shows S2S connections established while the module is running\&. If you install the module at runtime, run \fIstop_s2s_connections\fR API or restart ejabberd to force S2S reconnections that the module will detect and publish\&.
+.sp
+This module depends on \fImod_pubsub\fR and \fImod_disco\fR\&.
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBAvailable options:\fR
+.RS 4
+.PP
+\fBpubsub_host\fR: \fIundefined | string()\fR
+.RS 4
+Use this local PubSub host to advertise S2S connections\&. This must be a host local to this service handled by
+\fImod_pubsub\fR\&. This option is only needed if your configuration has more than one host in mod_pubsub\(cqs
+\fIhosts\fR
+option\&. The default value is the first host defined in mod_pubsub
+\fIhosts\fR
+option\&.
+.RE
+.RE
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBExample:\fR
+.RS 4
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modules:
+  mod_pubsub_serverinfo:
+    pubsub_host: custom\&.pubsub\&.domain\&.local
+.fi
+.if n \{\
+.RE
+.\}
+.RE
 .SS "mod_push"
 .sp
 This module implements the XMPP server\(cqs part of the push notification solution specified in XEP\-0357: Push Notifications\&. It does not generate, for example, APNS or FCM notifications directly\&. Instead, it\(cqs designed to work with so\-called "app servers" operated by third\-party vendors of mobile apps\&. Those app servers will usually trigger notification delivery to the user\(cqs mobile device using platform\-dependent backend services such as FCM or APNS\&.
@@ -8372,7 +8617,7 @@ Should the operating system be revealed or not\&. The default value is
 .RE
 .SH "LISTENERS"
 .sp
-This section describes listeners options of ejabberd 25\&.04\&.
+This section describes listeners options of ejabberd 25\&.07\&.
 .sp
 TODO
 .SH "AUTHOR"
@@ -8380,13 +8625,13 @@ TODO
 ProcessOne\&.
 .SH "VERSION"
 .sp
-This document describes the configuration file of ejabberd 25\&.04\&. Configuration options of other ejabberd versions may differ significantly\&.
+This document describes the configuration file of ejabberd 25\&.07\&. Configuration options of other ejabberd versions may differ significantly\&.
 .SH "REPORTING BUGS"
 .sp
 Report bugs to https://github\&.com/processone/ejabberd/issues
 .SH "SEE ALSO"
 .sp
-Default configuration file: https://github\&.com/processone/ejabberd/blob/25\&.04/ejabberd\&.yml\&.example
+Default configuration file: https://github\&.com/processone/ejabberd/blob/25\&.07/ejabberd\&.yml\&.example
 .sp
 Main site: https://ejabberd\&.im
 .sp

mix.exs

@@ -120,17 +120,17 @@ defmodule Ejabberd.MixProject do
      {:dialyxir, "~> 1.2", only: [:test], runtime: false},
      {:eimp, "~> 1.0"},
      {:ex_doc, "~> 0.31", only: [:edoc], runtime: false},
-     {:fast_tls, "~> 1.1.22"},
-     {:fast_xml, "~> 1.1.53"},
+     {:fast_tls, "~> 1.1.24"},
+     {:fast_xml, "~> 1.1.56"},
      {:fast_yaml, "~> 1.0"},
      {:idna, "~> 6.0"},
      {:mqtree, "~> 1.0"},
-     {:p1_acme, "~> 1.0"},
+     {:p1_acme, "~> 1.0.27"},
      {:p1_oauth2, "~> 0.6"},
      {:p1_utils, "~> 1.0"},
      {:pkix, "~> 1.0"},
      {:stringprep, ">= 1.0.26"},
-     {:xmpp, "~> 1.10.0"},
+     {:xmpp, ">= 1.11.0"},
      {:yconf, ">= 1.0.18"}]
     ++ cond_deps()
   end

mix.lock

@@ -1,19 +1,19 @@
 %{
   "base64url": {:hex, :base64url, "1.0.1", "f8c7f2da04ca9a5d0f5f50258f055e1d699f0e8bf4cfdb30b750865368403cf6", [:rebar3], [], "hexpm", "f9b3add4731a02a9b0410398b475b33e7566a695365237a6bdee1bb447719f5c"},
-  "cache_tab": {:hex, :cache_tab, "1.0.31", "e4097b50a6f373ab1e0a5f01bab0bef6626771a4cd6c93404ed6d54810e11fbc", [:rebar3], [{:p1_utils, "1.0.26", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "8582b60a4a09b247ef86355ba9e07fce9e11edc0345a775c9171f971c72b6351"},
+  "cache_tab": {:hex, :cache_tab, "1.0.33", "e2542afb34f17ee3ca19d2b0f546a074922c2b99fb6b2acfb38160d7d0336ec3", [:rebar3], [{:p1_utils, "1.0.28", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "4258009eb050b22aabe0c848e230bba58401a6895c58c2ff74dfb635e3c35900"},
   "dialyxir": {:hex, :dialyxir, "1.4.5", "ca1571ac18e0f88d4ab245f0b60fa31ff1b12cbae2b11bd25d207f865e8ae78a", [:mix], [{:erlex, ">= 0.2.7", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "b0fb08bb8107c750db5c0b324fa2df5ceaa0f9307690ee3c1f6ba5b9eb5d35c3"},
   "earmark_parser": {:hex, :earmark_parser, "1.4.44", "f20830dd6b5c77afe2b063777ddbbff09f9759396500cdbe7523efd58d7a339c", [:mix], [], "hexpm", "4778ac752b4701a5599215f7030989c989ffdc4f6df457c5f36938cc2d2a2750"},
-  "eimp": {:hex, :eimp, "1.0.24", "853db317ba394d479d2f1181e0b0135a3cd3c2c7eb48ff6cfb035a28dd354b14", [:rebar3], [{:p1_utils, "~> 1.0.25", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "7d61432eb8a45659c0be475f44e75eeb651743aa64a1de8adf785cdad81961ad"},
+  "eimp": {:hex, :eimp, "1.0.26", "c0b05f32e35629c4d9bcfb832ff879a92b0f92b19844bc7835e0a45635f2899a", [:rebar3], [{:p1_utils, "~> 1.0.25", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "d96d4e8572b9dfc40f271e47f0cb1d8849373bc98a21223268781765ed52044c"},
   "epam": {:hex, :epam, "1.0.14", "aa0b85d27f4ef3a756ae995179df952a0721237e83c6b79d644347b75016681a", [:rebar3], [], "hexpm", "2f3449e72885a72a6c2a843f561add0fc2f70d7a21f61456930a547473d4d989"},
   "eredis": {:hex, :eredis, "1.7.1", "39e31aa02adcd651c657f39aafd4d31a9b2f63c6c700dc9cece98d4bc3c897ab", [:mix, :rebar3], [], "hexpm", "7c2b54c566fed55feef3341ca79b0100a6348fd3f162184b7ed5118d258c3cc1"},
   "erlex": {:hex, :erlex, "0.2.7", "810e8725f96ab74d17aac676e748627a07bc87eb950d2b83acd29dc047a30595", [:mix], [], "hexpm", "3ed95f79d1a844c3f6bf0cea61e0d5612a42ce56da9c03f01df538685365efb0"},
-  "esip": {:hex, :esip, "1.0.57", "4b14e4832d08b9ffc10d855b5d10b3083232b1d53deb4c046679496ce85569c4", [:rebar3], [{:fast_tls, "1.1.22", [hex: :fast_tls, repo: "hexpm", optional: false]}, {:p1_utils, "1.0.26", [hex: :p1_utils, repo: "hexpm", optional: false]}, {:stun, "1.2.17", [hex: :stun, repo: "hexpm", optional: false]}], "hexpm", "19c357e1817b1e04792ef359bf900400f3e6d0e5ade929fd72f88ea9b44af2ed"},
-  "ex_doc": {:hex, :ex_doc, "0.37.3", "f7816881a443cd77872b7d6118e8a55f547f49903aef8747dbcb345a75b462f9", [:mix], [{:earmark_parser, "~> 1.4.42", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_c, ">= 0.1.0", [hex: :makeup_c, repo: "hexpm", optional: true]}, {:makeup_elixir, "~> 0.14 or ~> 1.0", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1 or ~> 1.0", [hex: :makeup_erlang, repo: "hexpm", optional: false]}, {:makeup_html, ">= 0.1.0", [hex: :makeup_html, repo: "hexpm", optional: true]}], "hexpm", "e6aebca7156e7c29b5da4daa17f6361205b2ae5f26e5c7d8ca0d3f7e18972233"},
+  "esip": {:hex, :esip, "1.0.58", "96bf0c07271f86f03f42778d4a1237099baec0714d00b0b815eb42d0007f73b4", [:rebar3], [{:fast_tls, "1.1.24", [hex: :fast_tls, repo: "hexpm", optional: false]}, {:p1_utils, "1.0.28", [hex: :p1_utils, repo: "hexpm", optional: false]}, {:stun, "1.2.20", [hex: :stun, repo: "hexpm", optional: false]}], "hexpm", "e0f4204a5ede0fa7d00da3cc42f6440aa362bac7faf536f71ea29fa3f0fa7c75"},
+  "ex_doc": {:hex, :ex_doc, "0.38.2", "504d25eef296b4dec3b8e33e810bc8b5344d565998cd83914ffe1b8503737c02", [:mix], [{:earmark_parser, "~> 1.4.44", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_c, ">= 0.1.0", [hex: :makeup_c, repo: "hexpm", optional: true]}, {:makeup_elixir, "~> 0.14 or ~> 1.0", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1 or ~> 1.0", [hex: :makeup_erlang, repo: "hexpm", optional: false]}, {:makeup_html, ">= 0.1.0", [hex: :makeup_html, repo: "hexpm", optional: true]}], "hexpm", "732f2d972e42c116a70802f9898c51b54916e542cc50968ac6980512ec90f42b"},
   "exsync": {:hex, :exsync, "0.4.1", "0a14fe4bfcb80a509d8a0856be3dd070fffe619b9ba90fec13c58b316c176594", [:mix], [{:file_system, "~> 0.2 or ~> 1.0", [hex: :file_system, repo: "hexpm", optional: false]}], "hexpm", "cefb22aa805ec97ffc5b75a4e1dc54bcaf781e8b32564bf74abbe5803d1b5178"},
-  "ezlib": {:hex, :ezlib, "1.0.13", "3c7f62862850a241159c10b218ecf580bce54d0890601b65144dacc2633be2b0", [:rebar3], [{:p1_utils, "1.0.26", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "9ee62ab3f8ed55a0fd11a9569fcb8e458683f95575417272192b069f092abfbb"},
-  "fast_tls": {:hex, :fast_tls, "1.1.22", "44356b256afad4399c2fc5059a3066669dafd8bd4e4e796c9c1cf8910ddd265e", [:rebar3], [{:p1_utils, "1.0.26", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "e65779aefb7ab15c4755230fef8077e687d20cc5a3984a5974f9f657e8e2485b"},
-  "fast_xml": {:hex, :fast_xml, "1.1.55", "ace020f2521f2a484ac8467d2822af85534a346e2aae03ffcbc34f29318befaf", [:rebar3], [{:p1_utils, "1.0.26", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "83f3e23a780ed5f567cdec73953f06c95b838d709dbfa86b59a98a8d23c99f85"},
-  "fast_yaml": {:hex, :fast_yaml, "1.0.37", "f71d472fbf787ccd161b914d1eb486116a0f4f2e835337a378fbd31b59d2e74b", [:rebar3], [{:p1_utils, "1.0.26", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "8de868721bf7e2172414f7d3148ede0f3c922b496455cd625dd5c4429515a769"},
+  "ezlib": {:hex, :ezlib, "1.0.15", "d74f5df191784744726a5b1ae9062522c606334f11086363385eb3b772d91357", [:rebar3], [{:p1_utils, "1.0.28", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "dd14ba6c12521af5cfe6923e73e3d545f4a0897dc66bfab5287fbb7ae3962eab"},
+  "fast_tls": {:hex, :fast_tls, "1.1.24", "5492125689e3d84c101323a0bff3d3996b92a903832530fe4f0935ed30b1b7d1", [:rebar3], [{:p1_utils, "~> 1.0.26", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "fff88ada39fad10464567a160643f4529ef4aed49d156919f5d1f415b6cdbbb6"},
+  "fast_xml": {:hex, :fast_xml, "1.1.57", "31efc0f9bceda92069704f7a25830407da5dc3dad1272b810d6f2e13e73cc11a", [:rebar3], [{:p1_utils, "1.0.28", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "eec34e90adacafe467d5ddab635a014ded73b98b4061554b2d1972173d929c39"},
+  "fast_yaml": {:hex, :fast_yaml, "1.0.39", "2e71168091949bab0e5f583b340a99072b4d22d93eb86624e7850a12b1517be4", [:rebar3], [{:p1_utils, "1.0.28", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "24c7b9ab9e2b9269d64e45f4a2a1280966adb17d31e63365cfd3ee277fb0a78d"},
   "file_system": {:hex, :file_system, "1.1.0", "08d232062284546c6c34426997dd7ef6ec9f8bbd090eb91780283c9016840e8f", [:mix], [], "hexpm", "bfcf81244f416871f2a2e15c1b515287faa5db9c6bcf290222206d120b3d43f6"},
   "idna": {:hex, :idna, "6.1.1", "8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8d", [:rebar3], [{:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "92376eb7894412ed19ac475e4a86f7b413c1b9fbb5bd16dccd57934157944cea"},
   "jiffy": {:hex, :jiffy, "1.1.2", "a9b6c9a7ec268e7cf493d028f0a4c9144f59ccb878b1afe42841597800840a1b", [:rebar3], [], "hexpm", "bb61bc42a720bbd33cb09a410e48bb79a61012c74cb8b3e75f26d988485cf381"},
@@ -22,18 +22,18 @@
   "makeup": {:hex, :makeup, "1.2.1", "e90ac1c65589ef354378def3ba19d401e739ee7ee06fb47f94c687016e3713d1", [:mix], [{:nimble_parsec, "~> 1.4", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "d36484867b0bae0fea568d10131197a4c2e47056a6fbe84922bf6ba71c8d17ce"},
   "makeup_elixir": {:hex, :makeup_elixir, "1.0.1", "e928a4f984e795e41e3abd27bfc09f51db16ab8ba1aebdba2b3a575437efafc2", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}, {:nimble_parsec, "~> 1.2.3 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "7284900d412a3e5cfd97fdaed4f5ed389b8f2b4cb49efc0eb3bd10e2febf9507"},
   "makeup_erlang": {:hex, :makeup_erlang, "1.0.2", "03e1804074b3aa64d5fad7aa64601ed0fb395337b982d9bcf04029d68d51b6a7", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "af33ff7ef368d5893e4a267933e7744e46ce3cf1f61e2dccf53a111ed3aa3727"},
-  "mqtree": {:hex, :mqtree, "1.0.17", "82f54b8f2d22b4445db1d6cccb7fe9ead049d61410c29e32475f3ceb3ee62a89", [:rebar3], [{:p1_utils, "1.0.26", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "5fe8b7cf8fbc4783d0fceb94654ac2bbf3242a58cd0397d249ded8ae021be2a3"},
+  "mqtree": {:hex, :mqtree, "1.0.19", "d769c25f898810725fc7db0dbffe5f72098647048b1be2e6d772f1c2f31d8476", [:rebar3], [{:p1_utils, "1.0.28", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "c81065715c49a1882812f80a5ae2d842e80dd3f2d130530df35990248bf8ce3c"},
   "nimble_parsec": {:hex, :nimble_parsec, "1.4.2", "8efba0122db06df95bfaa78f791344a89352ba04baedd3849593bfce4d0dc1c6", [:mix], [], "hexpm", "4b21398942dda052b403bbe1da991ccd03a053668d147d53fb8c4e0efe09c973"},
-  "p1_acme": {:hex, :p1_acme, "1.0.25", "db91f0d6c193cd1d5c0b0fa3939a898dbf56a6075db4347cde26e802715de50c", [:rebar3], [{:base64url, "~> 1.0", [hex: :base64url, repo: "hexpm", optional: false]}, {:idna, "~> 6.0", [hex: :idna, repo: "hexpm", optional: false]}, {:jiffy, "~> 1.1.1", [hex: :jiffy, repo: "hexpm", optional: false]}, {:jose, "~> 1.11.10", [hex: :jose, repo: "hexpm", optional: false]}, {:yconf, "~> 1.0.17", [hex: :yconf, repo: "hexpm", optional: false]}], "hexpm", "a7b55b47495ddb4f98a15e65451ec3ad43f4637b955c74cd695d98e6a645d08c"},
+  "p1_acme": {:hex, :p1_acme, "1.0.27", "43d565cf0e22da51033ae329e773ccad0f44c4cb9c7199d0863f522e570f2767", [:rebar3], [{:base64url, "~> 1.0", [hex: :base64url, repo: "hexpm", optional: false]}, {:idna, "~> 6.0", [hex: :idna, repo: "hexpm", optional: false]}, {:jiffy, "~> 1.1.1", [hex: :jiffy, repo: "hexpm", optional: false]}, {:jose, "~> 1.11.10", [hex: :jose, repo: "hexpm", optional: false]}, {:yconf, "~> 1.0.17", [hex: :yconf, repo: "hexpm", optional: false]}], "hexpm", "aa64b6a8856b1a229a128bea27631de2e1a2219835e3a833fa11137143a8d773"},
   "p1_mysql": {:hex, :p1_mysql, "1.0.26", "574d07c9936c53b1ec3556db3cf064cc14a6c39039835b3d940471bfa5ac8e2b", [:rebar3], [], "hexpm", "ea138083f2c54719b9cf549dbf5802a288b0019ea3e5449b354c74cc03fafdec"},
   "p1_oauth2": {:hex, :p1_oauth2, "0.6.14", "1c5f82535574de87e2059695ac4b91f8f9aebacbc1c80287dae6f02552d47aea", [:rebar3], [], "hexpm", "1fd3ac474e43722d9d5a87c6df8d36f698ed87af7bb81cbbb66361451d99ae8f"},
-  "p1_pgsql": {:hex, :p1_pgsql, "1.1.32", "3f95d7e3413fc8f0be80abb4be1a0d7f67066a36905085cd5a423145598b0cb0", [:rebar3], [{:xmpp, "~> 1.10.0", [hex: :xmpp, repo: "hexpm", optional: false]}], "hexpm", "268b01e8f4eb75c211a31495a25c2815c549aecce2f0df1a161c6e0a2cde061e"},
-  "p1_utils": {:hex, :p1_utils, "1.0.26", "67b0c4ac9fa3ba3ef563b31aa111b0a004439a37fac85e027f1c3617e1c7ec6c", [:rebar3], [], "hexpm", "d0379e8c1156b98bd64f8129c1de022fcca4f2fdb7486ce73bf0ed2c3376b04c"},
+  "p1_pgsql": {:hex, :p1_pgsql, "1.1.34", "d36bd0d6c9765a47d075a87ad5e3fc3bfd153bdc4c07a1217b9979f33f73e9aa", [:rebar3], [{:xmpp, "~> 1.11.0", [hex: :xmpp, repo: "hexpm", optional: false]}], "hexpm", "cb0e32e086c9c35d0e3e966e3863d832737c7b4d2b5f147316a465c0b243ea7f"},
+  "p1_utils": {:hex, :p1_utils, "1.0.28", "9a7088a98d788b4c4880fd3c82d0c135650db13f2e4ef7e10db179791bc94d59", [:rebar3], [], "hexpm", "c49bd44bc4a40ad996691af826dd7e0aa56d4d0cd730817190a1f84d1a7f0033"},
   "pkix": {:hex, :pkix, "1.0.10", "d3bfadf7b7cfe2a3636f1b256c9cce5f646a07ce31e57ee527668502850765a0", [:rebar3], [], "hexpm", "e02164f83094cb124c41b1ab28988a615d54b9adc38575f00f19a597a3ac5d0e"},
   "sqlite3": {:hex, :sqlite3, "1.1.15", "e819defd280145c328457d7af897d2e45e8e5270e18812ee30b607c99cdd21af", [:rebar3], [], "hexpm", "3c0ba4e13322c2ad49de4e2ddd28311366adde54beae8dba9d9e3888f69d2857"},
-  "stringprep": {:hex, :stringprep, "1.0.31", "fa1688c156dd271722aa18c423a4163e710d2f4f475ad0bc220910df669b53af", [:rebar3], [{:p1_utils, "1.0.26", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "e9699c88e8db16b3a41f0e45ac6874a4da81a6e4854a77d76ede6d09b08e3530"},
-  "stun": {:hex, :stun, "1.2.17", "c54614a592812ea125a2e6827aac5a438571b591616426ec1419ba9b48252f54", [:rebar3], [{:fast_tls, "1.1.22", [hex: :fast_tls, repo: "hexpm", optional: false]}, {:p1_utils, "1.0.26", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "6b318244c21e8524a9aae3ac9a05cd8234ee994c1c2c815de68d306086ad768d"},
-  "unicode_util_compat": {:hex, :unicode_util_compat, "0.7.0", "bc84380c9ab48177092f43ac89e4dfa2c6d62b40b8bd132b1059ecc7232f9a78", [:rebar3], [], "hexpm", "25eee6d67df61960cf6a794239566599b09e17e668d3700247bc498638152521"},
-  "xmpp": {:hex, :xmpp, "1.10.0", "68a6dff8db8987c4592b2d5dd71d3f947b4ebd15209c9acaca5909a642670630", [:rebar3], [{:ezlib, "~> 1.0.12", [hex: :ezlib, repo: "hexpm", optional: false]}, {:fast_tls, "~> 1.1.19", [hex: :fast_tls, repo: "hexpm", optional: false]}, {:fast_xml, "~> 1.1.51", [hex: :fast_xml, repo: "hexpm", optional: false]}, {:idna, "~> 6.0", [hex: :idna, repo: "hexpm", optional: false]}, {:p1_utils, "~> 1.0.25", [hex: :p1_utils, repo: "hexpm", optional: false]}, {:stringprep, "~> 1.0.29", [hex: :stringprep, repo: "hexpm", optional: false]}], "hexpm", "ceeae43b8fe97649d8f8546b3f7f2b38ecfc931c0cdd5c7445ffb3f80fcb7d85"},
-  "yconf": {:hex, :yconf, "1.0.18", "e565edc8aabb8164c3bebc86969095d296ad315dcbb46af65dccbc6c71eae0f6", [:rebar3], [{:fast_yaml, "1.0.37", [hex: :fast_yaml, repo: "hexpm", optional: false]}], "hexpm", "fa950ec6503f92d6417fb8cc1d982403f041697e8e1bbf4d4588fb919b9562ea"},
+  "stringprep": {:hex, :stringprep, "1.0.33", "22f42866b4f6f3c238ea2b9cb6241791184ddedbab55e94a025511f46325f3ca", [:rebar3], [{:p1_utils, "1.0.28", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "96f8b30bc50887f605b33b46bca1d248c19a879319b8c482790e3b4da5da98c0"},
+  "stun": {:hex, :stun, "1.2.20", "62a149cea122a78a104b9e064a12d9e33105b26c23168ecf3aea6e0c26de0748", [:rebar3], [{:fast_tls, "1.1.24", [hex: :fast_tls, repo: "hexpm", optional: false]}, {:p1_utils, "1.0.28", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "79e49f826a4f7d522c939ab633d935c79d7d6b229e4cb7e05f62f33b50177414"},
+  "unicode_util_compat": {:hex, :unicode_util_compat, "0.7.1", "a48703a25c170eedadca83b11e88985af08d35f37c6f664d6dcfb106a97782fc", [:rebar3], [], "hexpm", "b3a917854ce3ae233619744ad1e0102e05673136776fb2fa76234f3e03b23642"},
+  "xmpp": {:hex, :xmpp, "1.11.0", "a3158c486c9b86a7090c361d876db622381f4312ede8c125d7a52ad390387932", [:rebar3], [{:ezlib, "~> 1.0.12", [hex: :ezlib, repo: "hexpm", optional: false]}, {:fast_tls, "~> 1.1.19", [hex: :fast_tls, repo: "hexpm", optional: false]}, {:fast_xml, "~> 1.1.51", [hex: :fast_xml, repo: "hexpm", optional: false]}, {:idna, "~> 6.0", [hex: :idna, repo: "hexpm", optional: false]}, {:p1_utils, "~> 1.0.26", [hex: :p1_utils, repo: "hexpm", optional: false]}, {:stringprep, "~> 1.0.29", [hex: :stringprep, repo: "hexpm", optional: false]}], "hexpm", "34a191d6a3b74e8f0a42346f859e2cab5b3a2ae7e5c28f392e5cb56612e7ce85"},
+  "yconf": {:hex, :yconf, "1.0.20", "f2b38db613fa826966e8d22bdc3e3ebae46919f2a27ab149a5a086c1d99d3bbd", [:rebar3], [{:fast_yaml, "1.0.39", [hex: :fast_yaml, repo: "hexpm", optional: false]}], "hexpm", "f2b3d730756fc2e4afd1c0b0ab6efb99f0e448952d25dc15ed75ac1635bf8882"},
 }

priv/css/admin.css

@@ -131,9 +131,12 @@ ul li #navhead a, ul li #navheadsub a, ul li #navheadsubsub a {
   background: #424a55;
   color: #fff;
 }
+
+#navitemlogin-start {
+  border-top: 0.2em solid #cae7e4;
+}
 #navitemlogin {
   padding: 0.5em;
-  border-top: 0.2em solid #cae7e4;
   border-bottom: 0.2em solid #cae7e4;
   padding-left: 0.5em;
 }

priv/msgs/el.msg

@@ -12,9 +12,10 @@
 {"A Web Page","Μία ιστοσελίδα"}.
 {"Accept","Αποδοχή"}.
 {"Access denied by service policy","Άρνηση πρόσβασης, λόγω τακτικής παροχής υπηρεσιών"}.
-{"Access model","Καθορίστε το μοντέλο πρόσβασης"}.
+{"Access model","Μοντέλο πρόσβασης"}.
 {"Account doesn't exist","Ο λογαριασμός δεν υπάρχει"}.
 {"Action on user","Eνέργεια για το χρήστη"}.
+{"Add a hat to a user","Προσθέστε ένα καπέλο σε έναν χρήστη"}.
 {"Add User","Προσθήκη Χρήστη"}.
 {"Administration of ","Διαχείριση του "}.
 {"Administration","Διαχείριση"}.
@@ -45,7 +46,9 @@
 {"Anyone with a presence subscription of both or from may subscribe and retrieve items","Όποιος έχει συνδρομή παρουσίας και των δύο ή από μπορεί να εγγραφεί και να ανακτήσει στοιχεία"}.
 {"Anyone with Voice","Οποιοσδήποτε με Φωνή"}.
 {"Anyone","Οποιοσδήποτε"}.
+{"API Commands","Εντολές του API"}.
 {"April","Απρίλιος"}.
+{"Arguments","Επιχειρήματα"}.
 {"Attribute 'channel' is required for this request","Το δηλωτικό 'channel' απαιτείται για αυτό το Ερώτημα"}.
 {"Attribute 'id' is mandatory for MIX messages","Το δηλωτικό 'id' επιτακτικό για μηνύματα MIX"}.
 {"Attribute 'jid' is not allowed here","Το δηλωτικό 'jid' δεν επιτρέπεται εδώ"}.
@@ -71,6 +74,7 @@
 {"Changing role/affiliation is not allowed","Η αλλαγή ρόλου/ομάδας δεν επιτρέπεται"}.
 {"Channel already exists","Το κανάλι υπάρχει ήδη"}.
 {"Channel does not exist","Το κανάλι δεν υπάρχει"}.
+{"Channel JID","JID καναλιού"}.
 {"Channels","Κανάλια"}.
 {"Characters not allowed:","Χαρακτήρες που δεν επιτρέπονται:"}.
 {"Chatroom configuration modified","Η ρύθμιση παραμέτρων της αίθουσας σύνεδριασης τροποποιηθηκε"}.
@@ -84,6 +88,7 @@
 {"Choose whether to approve this entity's subscription.","Επιλέξτε αν θα εγκρίθεί η εγγραφή αυτής της οντότητας."}.
 {"City","Πόλη"}.
 {"Client acknowledged more stanzas than sent by server","Ο πελάτης γνωρίζει περισσότερα δωμάτια από αυτά που στάλθηκαν από τον εξυπηρετητή"}.
+{"Clustering","Συσταδοποίηση"}.
 {"Commands","Εντολές"}.
 {"Conference room does not exist","Η αίθουσα σύνεδριασης δεν υπάρχει"}.
 {"Configuration of room ~s","Διαμόρφωση δωματίου ~ s"}.
@@ -119,6 +124,7 @@
 {"ejabberd","ejabberd"}.
 {"Email Address","Ηλεκτρονική Διεύθυνση"}.
 {"Email","Ηλεκτρονικό ταχυδρομείο"}.
+{"Enable hats","Ενεργοποίηση καπέλων"}.
 {"Enable logging","Ενεργοποίηση καταγραφής"}.
 {"Enable message archiving","Ενεργοποιήστε την αρχειοθέτηση μηνυμάτων"}.
 {"Enabling push without 'node' attribute is not supported","Η ενεργοποίηση της ώθησης χωρίς το χαρακτηριστικό 'κόμβος' δεν υποστηρίζεται"}.
@@ -151,6 +157,8 @@
 {"Full List of Room Admins","Πλήρης Κατάλογος Διαχειριστών αιθουσών"}.
 {"Full List of Room Owners","Πλήρης Κατάλογος Ιδιοκτητών αιθουσών"}.
 {"Full Name","Ονοματεπώνυμο"}.
+{"Get List of Online Users","Λίστα online χρηστών"}.
+{"Get List of Registered Users","Λίστα εγγεγραμμένων χρηστών"}.
 {"Get Number of Online Users","Έκθεση αριθμού συνδεδεμένων χρηστών"}.
 {"Get Number of Registered Users","Έκθεση αριθμού εγγεγραμμένων χρηστών"}.
 {"Get Pending","Λήψη των εκκρεμοτήτων"}.
@@ -163,6 +171,10 @@
 {"has been kicked because of an affiliation change","έχει αποβληθεί λόγω αλλαγής υπαγωγής"}.
 {"has been kicked because the room has been changed to members-only","αποβλήθηκε επειδή η αίθουσα αλλάξε γιά μέλη μόνο"}.
 {"has been kicked","αποβλήθηκε"}.
+{"Hash of the vCard-temp avatar of this room","Hash του vCard-temp avatar αυτού του δωματίου"}.
+{"Hat title","Τίτλος καπέλου"}.
+{"Hat URI","Καπέλο URI"}.
+{"Hats limit exceeded","Υπέρβαση του ορίου καπέλων"}.
 {"Host unknown","Άγνωστος εξυπηρετητής"}.
 {"HTTP File Upload","Ανέβασμα αρχείου"}.
 {"Idle connection","Αδρανής σύνδεση"}.
@@ -183,6 +195,8 @@
 {"Incorrect value of 'action' attribute","Λανθασμένη τιμή του χαρακτηριστικού 'action'"}.
 {"Incorrect value of 'action' in data form","Λανθασμένη τιμή 'action' στη φόρμα δεδομένων"}.
 {"Incorrect value of 'path' in data form","Λανθασμένη τιμή 'path' στη φόρμα δεδομένων"}.
+{"Installed Modules:","Εγκατεστημένες ενότητες:"}.
+{"Install","Εγκατάσταση"}.
 {"Insufficient privilege","Ανεπαρκή προνόμια"}.
 {"Internal server error","Εσωτερικό σφάλμα"}.
 {"Invalid 'from' attribute in forwarded message","Μη έγκυρο χαρακτηριστικό 'από' στο προωθούμενο μήνυμα"}.
@@ -198,6 +212,8 @@
 {"January","Ιανουάριος"}.
 {"JID normalization denied by service policy","Απετράπη η κανονικοποίηση του JID, λόγω της τακτικής Παροχής Υπηρεσιών"}.
 {"JID normalization failed","Απετράπη η κανονικοποίηση του JID"}.
+{"Joined MIX channels of ~ts","Ενσωματωμένα κανάλια MIX του ~ts"}.
+{"Joined MIX channels:","Ενσωματωμένα κανάλια MIX:"}.
 {"joins the room","συνδέεται στην αίθουσα"}.
 {"July","Ιούλιος"}.
 {"June","Ιούνιος"}.
@@ -209,6 +225,9 @@
 {"Last year","Πέρυσι"}.
 {"Least significant bits of SHA-256 hash of text should equal hexadecimal label","Τα ψηφία μικρότερης αξίας του αθροίσματος SHA-256 του κειμένου θα έπρεπε να ισούνται με την δεκαεξαδική ετικέτα"}.
 {"leaves the room","εγκαταλείπει την αίθουσα"}.
+{"List of users with hats","Λίστα των χρηστών με καπέλα"}.
+{"List users with hats","Λίστα χρηστών με καπέλα"}.
+{"Logged Out","Αποσυνδεδεμένος"}.
 {"Logging","Καταγραφή"}.
 {"Make participants list public","Κάντε δημόσιο τον κατάλογο συμμετεχόντων"}.
 {"Make room CAPTCHA protected","Κάντε την αίθουσα προστατεύομενη με CAPTCHA"}.
@@ -220,6 +239,7 @@
 {"Malformed username","Λανθασμένη μορφή ονόματος χρήστη"}.
 {"MAM preference modification denied by service policy","Άρνηση αλλαγής προτιμήσεων MAM, λόγω της τακτικής Παροχής Υπηρεσιών"}.
 {"March","Μάρτιος"}.
+{"Max # of items to persist, or `max` for no specific limit other than a server imposed maximum","Μέγιστος αριθμός στοιχείων που πρέπει να παραμείνουν, ή « Μέγιστο » για κανένα συγκεκριμένο όριο εκτός από το μέγιστο που επιβάλλει ο διακομιστής"}.
 {"Max payload size in bytes","Μέγιστο μέγεθος φορτίου σε bytes"}.
 {"Maximum file size","Μέγιστο μέγεθος αρχείου"}.
 {"Maximum Number of History Messages Returned by Room","Μέγιστος αριθμός μηνυμάτων Ιστορικού που επιστρέφονται από την Αίθουσα"}.
@@ -290,6 +310,7 @@
 {"Node ~p","Κόμβος ~p"}.
 {"Nodeprep has failed","Το Nodeprep απέτυχε"}.
 {"Nodes","Κόμβοι"}.
+{"Node","Κόμβος"}.
 {"None","Κανένα"}.
 {"Not allowed","Δεν επιτρέπεται"}.
 {"Not Found","Δε βρέθηκε"}.
@@ -303,7 +324,9 @@
 {"Number of Offline Messages","Πλήθος μηνυμάτων Χωρίς Σύνδεση"}.
 {"Number of online users","Αριθμός συνδεδεμένων χρηστών"}.
 {"Number of registered users","Αριθμός εγγεγραμμένων χρηστών"}.
+{"Number of seconds after which to automatically purge items, or `max` for no specific limit other than a server imposed maximum","Αριθμός δευτερολέπτων μετά από τα οποία θα καθαρίζονται αυτόματα τα στοιχεία, ή `max` για κανένα συγκεκριμένο όριο εκτός από το μέγιστο που επιβάλλει ο διακομιστής"}.
 {"Occupants are allowed to invite others","Οι συμμετέχοντες μπορούν να προσκαλέσουν και άλλους"}.
+{"Occupants are allowed to query others","Οι κάτοικοι επιτρέπεται να ρωτούν άλλους"}.
 {"Occupants May Change the Subject","Επιτρέψτε στους χρήστες να αλλάζουν το Θέμα"}.
 {"October","Οκτώβριος"}.
 {"OK","Εντάξει"}.
@@ -317,6 +340,7 @@
 {"Only members may query archives of this room","Μόνο μέλη μπορούν να δούνε τα αρχεία αυτής της αίθουσας"}.
 {"Only moderators and participants are allowed to change the subject in this room","Μόνο οι συντονιστές και οι συμμετέχοντες μπορούν να αλλάξουν το θέμα αυτής της αίθουσας"}.
 {"Only moderators are allowed to change the subject in this room","Μόνο οι συντονιστές μπορούν να αλλάξουν το θέμα αυτής της αίθουσας"}.
+{"Only moderators are allowed to retract messages","Μόνο οι συντονιστές επιτρέπεται να αποσύρουν μηνύματα"}.
 {"Only moderators can approve voice requests","Μόνο οι συντονιστές μπορούν να εγκρίνουν τις αιτήσεις φωνής"}.
 {"Only occupants are allowed to send messages to the conference","Μόνο οι συμμετέχοντες επιτρέπεται να στέλνουν μηνύματα στο συνέδριο"}.
 {"Only occupants are allowed to send queries to the conference","Μόνο οι συμμετέχοντες επιτρέπεται να στείλουν ερωτήματα στη διάσκεψη"}.
@@ -326,9 +350,11 @@
 {"Only those on a whitelist may subscribe and retrieve items","Μόνο όσοι βρίσκονται στη λίστα επιτρεπόμενων μπορούν να εγγραφούν και να ανακτήσουν αντικείμενα"}.
 {"Organization Name","Όνομα Οργανισμού"}.
 {"Organization Unit","Μονάδα Οργανισμού"}.
+{"Other Modules Available:","Διαθέσιμες άλλες ενότητες:"}.
 {"Outgoing s2s Connections","Εξερχόμενες S2S Συνδέσεις"}.
 {"Owner privileges required","Aπαιτούνται προνόμια ιδιοκτήτη"}.
 {"Packet relay is denied by service policy","Απαγορεύεται η αναμετάδοση πακέτων, λόγω της τακτικής Παροχής Υπηρεσιών"}.
+{"Participant ID","ID συμμετέχοντος"}.
 {"Participant","Συμμετέχων"}.
 {"Password Verification","Επαλήθευση κωδικού πρόσβασης"}.
 {"Password Verification:","Επαλήθευση κωδικού πρόσβασης:"}.
@@ -336,6 +362,7 @@
 {"Password:","Κωδικός πρόσβασης:"}.
 {"Path to Dir","Τοποθεσία κατάλογου αρχείων"}.
 {"Path to File","Τοποθεσία Αρχείου"}.
+{"Payload semantic type information","Πληροφορίες σημασιολογικού τύπου ωφέλιμου φορτίου"}.
 {"Period: ","Περίοδος: "}.
 {"Persist items to storage","Μόνιμη αποθήκευση στοιχείων"}.
 {"Persistent","Μόνιμη"}.
@@ -371,6 +398,7 @@
 {"Register an XMPP account","Καταχωρείστε έναν XMPP λογαριασμό χρήστη"}.
 {"Register","Καταχωρήστε"}.
 {"Remote copy","Εξ αποστάσεως αντίγραφο"}.
+{"Remove a hat from a user","Αφαίρεση ενός καπέλου από έναν χρήστη"}.
 {"Remove User","Αφαίρεση χρήστη"}.
 {"Replaced by new connection","Αντικαταστάθηκε από μια νέα σύνδεση"}.
 {"Request has timed out","Το αίτημα έληξε"}.
@@ -383,6 +411,7 @@
 {"Restore binary backup immediately:","Επαναφορά δυαδικού αντιγράφου ασφαλείας αμέσως:"}.
 {"Restore plain text backup immediately:","Επαναφορά αντιγράφου ασφαλείας από αρχείο κειμένου αμέσως:"}.
 {"Restore","Επαναφορά Αντιγράφου Ασφαλείας"}.
+{"Result","Αποτέλεσμα"}.
 {"Roles and Affiliations that May Retrieve Member List","Ρόλοι και δεσμοί που μπορούν να λάβουν την λίστα μελών"}.
 {"Roles for which Presence is Broadcasted","Ρόλοι των οποίων η παρουσία δηλώνεται δημόσια"}.
 {"Roles that May Send Private Messages","Ρόλοι που επιτρέπεται να αποστέλλουν ιδιωτικά μηνύματα"}.
@@ -414,13 +443,16 @@
 {"Set message of the day on all hosts and send to online users","Ορίστε μήνυμα ημέρας και άμεση αποστολή στους συνδεδεμένους χρήστες σε όλους τους κεντρικούς υπολογιστές"}.
 {"Shared Roster Groups","Κοινές Ομάδες Καταλόγων Επαφών"}.
 {"Show Integral Table","Δείτε Ολοκληρωτικό Πίνακα"}.
+{"Show Occupants Join/Leave","Εμφάνιση ενοίκων Join/Leave"}.
 {"Show Ordinary Table","Δείτε Κοινό Πίνακα"}.
 {"Shut Down Service","Τερματισμός Υπηρεσίας"}.
 {"SOCKS5 Bytestreams","Bytestreams του SOCKS5"}.
 {"Some XMPP clients can store your password in the computer, but you should do this only in your personal computer for safety reasons.","Ορισμένοι πελάτες XMPP μπορούν να αποθηκεύσουν τον κωδικό πρόσβασής σας στον υπολογιστή, αλλά θα πρέπει να το κάνετε μόνο στον προσωπικό σας υπολογιστή για λόγους ασφαλείας."}.
+{"Sources Specs:","Πηγές Προδιαγραφές:"}.
 {"Specify the access model","Καθορίστε το μοντέλο πρόσβασης"}.
 {"Specify the event message type","Καθορίστε τον τύπο μηνύματος συμβάντος"}.
 {"Specify the publisher model","Καθορίστε το μοντέλο εκδότη"}.
+{"Stanza id is not valid","Το Stanza id δεν είναι έγκυρο"}.
 {"Stanza ID","Ταυτότητα Δωματίου"}.
 {"Statically specify a replyto of the node owner(s)","Προσδιορίστε (στατικά) το Απάντηση Προς του ιδιοκτήτη-ων του κόμβου"}.
 {"Stopped Nodes","Σταματημένοι Κόμβοι"}.
@@ -457,7 +489,10 @@
 {"The JIDs of those to contact with questions","Το JID αυτών με τους οποίους θα επικοινωνήσετε με ερωτήσεις"}.
 {"The JIDs of those with an affiliation of owner","Το JID αυτών που σχετίζονται με τον ιδιοκτήτη"}.
 {"The JIDs of those with an affiliation of publisher","Το JID αυτών που σχετίζονται με τον εκδότη"}.
+{"The list of all online users","Ο κατάλογος όλων των online χρηστών"}.
+{"The list of all users","Ο κατάλογος όλων των χρηστών"}.
 {"The list of JIDs that may associate leaf nodes with a collection","Λίστα των JIDs που μπορούν να σχετίζουν leaf κόμβους με μια Συλλογή"}.
+{"The maximum number of child nodes that can be associated with a collection, or `max` for no specific limit other than a server imposed maximum","Ο μέγιστος αριθμός των παιδικών κόμβων που μπορούν να συσχετιστούν με μια συλλογή, ή `max` για κανένα συγκεκριμένο όριο εκτός από το μέγιστο που επιβάλλει ο διακομιστής"}.
 {"The minimum number of milliseconds between sending any two notification digests","Το ελάχιστο πλήθος χιλιοστών του δευτερολέπτου μεταξύ της αποστολής δύο συγχωνεύσεων ειδοποιήσεων"}.
 {"The name of the node","Το όνομα του κόμβου"}.
 {"The node is a collection node","Ο κόμβος είναι κόμβος Συλλογής"}.
@@ -476,6 +511,7 @@
 {"The query is only allowed from local users","Το ερώτημα επιτρέπεται μόνο από τοπικούς χρήστες"}.
 {"The query must not contain <item/> elements","Το ερώτημα δεν πρέπει να περιέχει στοιχείο <item/>"}.
 {"The room subject can be modified by participants","Το θέμα μπορεί να τροποποιηθεί από τους συμμετέχοντες"}.
+{"The semantic type information of data in the node, usually specified by the namespace of the payload (if any)","Οι πληροφορίες σημασιολογικού τύπου των δεδομένων στον κόμβο, που συνήθως καθορίζονται από το χώρο ονομάτων του ωφέλιμου φορτίου (εάν υπάρχει)"}.
 {"The sender of the last received message","Ο αποστολέας του τελευταίου εισερχομένου μηνύματος"}.
 {"The stanza MUST contain only one <active/> element, one <default/> element, or one <list/> element","Η stanza ΠΡΕΠΕΙ να περιέχει μόνο ένα στοιχείο <active />, ένα στοιχείο <default /> ή ένα στοιχείο <list />"}.
 {"The subscription identifier associated with the subscription request","Το αναγνωριστικό συνδρομής συσχετίστηκε με το αίτημα συνδρομής"}.
@@ -505,6 +541,7 @@
 {"Too many unacked stanzas","Πάρα πολλές μη αναγνωρισμένες stanzas"}.
 {"Too many users in this conference","Πάρα πολλοί χρήστες σε αυτή τη διάσκεψη"}.
 {"Traffic rate limit is exceeded","Υπέρφορτωση"}.
+{"~ts's MAM Archive","Αρχείο MAM του ~ts"}.
 {"~ts's Offline Messages Queue","~ts's Χωρίς Σύνδεση Μηνύματα"}.
 {"Tuesday","Τρίτη"}.
 {"Unable to generate a CAPTCHA","Αδύνατη η δημιουργία CAPTCHA"}.
@@ -512,17 +549,23 @@
 {"Unauthorized","Χωρίς Εξουσιοδότηση"}.
 {"Unexpected action","Απροσδόκητη ενέργεια"}.
 {"Unexpected error condition: ~p","Απροσδόκητες συνθήκες σφάλματος: ~p"}.
+{"Uninstall","Απεγκατάσταση"}.
 {"Unregister an XMPP account","Καταργήση λογαριασμού XMPP"}.
 {"Unregister","Καταργήση εγγραφής"}.
 {"Unsupported <index/> element","Μη υποστηριζόμενο στοιχείο <index />"}.
 {"Unsupported version","Μη υποστηριζόμενη έκδοση"}.
 {"Update message of the day (don't send)","Ενημέρωση μηνύματος ημέρας (χωρίς άμεση αποστολή)"}.
 {"Update message of the day on all hosts (don't send)","Ενημέρωση μηνύματος ημέρας σε όλους τους κεντρικούς υπολογιστές (χωρίς άμεση αποστολή)"}.
+{"Update specs to get modules source, then install desired ones.","Ενημερώστε τις προδιαγραφές για να λάβετε την πηγή των ενοτήτων και, στη συνέχεια, εγκαταστήστε τις επιθυμητές."}.
+{"Update Specs","Προδιαγραφές ενημέρωσης"}.
+{"Updating the vCard is not supported by the vCard storage backend","Η ενημέρωση της vCard δεν υποστηρίζεται από το backend αποθήκευσης vCard"}.
+{"Upgrade","Αναβάθμιση"}.
 {"URL for Archived Discussion Logs","URL αρχειοθετημένων καταγραφών συζητήσεων"}.
 {"User already exists","Ο χρήστης υπάρχει ήδη"}.
 {"User JID","JID Χρήστη"}.
 {"User (jid)","Χρήστης (jid)"}.
 {"User Management","Διαχείριση χρηστών"}.
+{"User not allowed to perform an IQ set on another user's vCard.","Ο χρήστης δεν επιτρέπεται να εκτελέσει ένα σετ IQ στην vCard ενός άλλου χρήστη."}.
 {"User removed","Ο Χρήστης αφαιρέθηκε"}.
 {"User session not found","Η περίοδος σύνδεσης χρήστη δεν βρέθηκε"}.
 {"User session terminated","Η περίοδος σύνδεσης χρήστη τερματίστηκε"}.
@@ -538,12 +581,14 @@
 {"Value of '~s' should be integer","Η τιμή του '~s' θα πρέπει να είναι ακέραιος"}.
 {"Value 'set' of 'type' attribute is not allowed","Δεν επιτρέπεται η παράμετρος 'set' του 'type'"}.
 {"vCard User Search","vCard Αναζήτηση χρηστών"}.
+{"View joined MIX channels","Προβολή ενταγμένων καναλιών MIX"}.
 {"Virtual Hosts","Eικονικοί κεντρικοί υπολογιστές"}.
 {"Visitors are not allowed to change their nicknames in this room","Οι επισκέπτες δεν επιτρέπεται να αλλάξουν τα ψευδώνυμα τους σε αυτή την αίθουσα"}.
 {"Visitors are not allowed to send messages to all occupants","Οι επισκέπτες δεν επιτρέπεται να στείλουν μηνύματα σε όλους τους συμμετέχοντες"}.
 {"Visitor","Επισκέπτης"}.
 {"Voice requests are disabled in this conference","Τα αιτήματα φωνής είναι απενεργοποιημένα, σε αυτό το συνέδριο"}.
 {"Voice request","Αίτημα φωνής"}.
+{"Web client which allows to join the room anonymously","Web client που επιτρέπει την ανώνυμη είσοδο στην αίθουσα"}.
 {"Wednesday","Τετάρτη"}.
 {"When a new subscription is processed and whenever a subscriber comes online","Όταν μία νέα συνδρομή βρίσκεται εν επεξεργασία και όποτε ένας συνδρομητής συνδεθεί"}.
 {"When a new subscription is processed","Όταν μία νέα συνδρομή βρίσκεται εν επεξεργασία"}.
@@ -556,6 +601,7 @@
 {"Whether to allow subscriptions","Εάν επιτρέπονται συνδρομές"}.
 {"Whether to make all subscriptions temporary, based on subscriber presence","Αν επιτρέπεται να γίνουν όλες οι συνδρομές προσωρινές, βασιζόμενοι στην παρουσία του συνδρομητή"}.
 {"Whether to notify owners about new subscribers and unsubscribes","Αν πρέπει να ειδοποιούνται οι ιδιοκτήτες για νέους συνδρομητές και αποχωρήσεις"}.
+{"Who can send private messages","Ποιος μπορεί να στείλει ιδιωτικά μηνύματα"}.
 {"Who may associate leaf nodes with a collection","Ποιός μπορεί να συσχετίζει leaf nodes με μία συλλογή"}.
 {"Wrong parameters in the web formulary","Εσφαλμένες παράμετροι στην διαμόρφωση τυπικότητας του δυκτίου"}.
 {"Wrong xmlns","Εσφαλμένο xmlns"}.
@@ -567,6 +613,7 @@
 {"XMPP Show Value of XA (Extended Away)","Δείξε τιμή XMPP Αξία του Λίαν Απομακρυσμένος"}.
 {"XMPP URI of Associated Publish-Subscribe Node","XMPP URI του συσχετισμένου κόμβου Δημοσίευσης-Εγγραφής"}.
 {"You are being removed from the room because of a system shutdown","Απαιτείται η απομάκρυνσή σας από την αίθουσα, λόγω τερματισμού συστήματος"}.
+{"You are not allowed to send private messages","Δεν επιτρέπεται η αποστολή ιδιωτικών μηνυμάτων"}.
 {"You are not joined to the channel","Δεν λαμβάνετε μέρος στο κανάλι"}.
 {"You can later change your password using an XMPP client.","Μπορείτε αργότερα να αλλάξετε τον κωδικό πρόσβασής σας χρησιμοποιώντας ένα πρόγραμμα-πελάτη XMPP."}.
 {"You have been banned from this room","Σας έχει απαγορευθεί η είσοδος σε αυτή την αίθουσα"}.

priv/msgs/ta.msg

@@ -46,7 +46,9 @@
 {"Anyone with a presence subscription of both or from may subscribe and retrieve items","அல்லது இரண்டின் இருப்பு சந்தா உள்ள எவரும் உருப்படிகளை குழுசேர் மற்றும் மீட்டெடுக்கலாம்"}.
 {"Anyone with Voice","குரல் உள்ள எவரும்"}.
 {"Anyone","யாரும்"}.
+{"API Commands","பநிஇ கட்டளைகள்"}.
 {"April","ப-சித்திரை"}.
+{"Arguments","வாதங்கள்"}.
 {"Attribute 'channel' is required for this request","இந்த கோரிக்கைக்கு 'சேனல்' என்ற பண்புக்கூறு தேவை"}.
 {"Attribute 'id' is mandatory for MIX messages","கலவை செய்திகளுக்கு 'ஐடி' கட்டாயமாகும்"}.
 {"Attribute 'jid' is not allowed here","'சிட்' என்ற பண்புக்கூறு இங்கே அனுமதிக்கப்படவில்லை"}.
@@ -86,6 +88,7 @@
 {"Choose whether to approve this entity's subscription.","இந்த நிறுவனத்தின் சந்தாவை அங்கீகரிக்க வேண்டுமா என்பதைத் தேர்வுசெய்க."}.
 {"City","நகரம்"}.
 {"Client acknowledged more stanzas than sent by server","சேவையகத்தால் அனுப்பப்பட்டதை விட கிளையன்ட் அதிக சரணத்தை ஒப்புக் கொண்டார்"}.
+{"Clustering","கிளச்டரிங்"}.
 {"Commands","கட்டளைகள்"}.
 {"Conference room does not exist","மாநாட்டு அறை இல்லை"}.
 {"Configuration of room ~s","அறையின் உள்ளமைவு ~s"}.
@@ -259,7 +262,7 @@
 {"Module failed to handle the query","தொகுதி வினவலைக் கையாளத் தவறிவிட்டது"}.
 {"Monday","திங்கள்"}.
 {"Multicast","மல்டிகாச்ட்"}.
-{"Multiple <item/> elements are not allowed by RFC6121","பல <உருப்படி/> கூறுகள் RFC6121 ஆல் அனுமதிக்கப்படாது"}.
+{"Multiple <item/> elements are not allowed by RFC6121","பல <item/> கூறுகள் RFC6121 ஆல் அனுமதிக்கப்படாது"}.
 {"Multi-User Chat","பல பயனர் அரட்டை"}.
 {"Name","பெயர்"}.
 {"Natural Language for Room Discussions","அறை விவாதங்களுக்கு இயற்கை மொழி"}.
@@ -281,7 +284,7 @@
 {"No data form found","தரவு படிவம் எதுவும் கிடைக்கவில்லை"}.
 {"No Data","தரவு இல்லை"}.
 {"No features available","நற்பொருத்தங்கள் எதுவும் கிடைக்கவில்லை"}.
-{"No <forwarded/> element found","இல்லை <முன்னோக்கி/> உறுப்பு காணப்பட்டது"}.
+{"No <forwarded/> element found","இல்லை <forwarded/> உறுப்பு காணப்பட்டது"}.
 {"No hook has processed this command","இந்த கட்டளையை எந்த ஊக்கும் செயலாக்கவில்லை"}.
 {"No info about last activity found","கடைசி செயல்பாட்டைப் பற்றிய எந்த தகவலும் கிடைக்கவில்லை"}.
 {"No 'item' element found","'உருப்படி' உறுப்பு இல்லை"}.
@@ -332,8 +335,8 @@
 {"Online","ஆன்லைனில்"}.
 {"Only collection node owners may associate leaf nodes with the collection","சேகரிப்பு முனை உரிமையாளர்கள் மட்டுமே இலை முனைகளை சேகரிப்புடன் தொடர்புபடுத்தலாம்"}.
 {"Only deliver notifications to available users","கிடைக்கக்கூடிய பயனர்களுக்கு மட்டுமே அறிவிப்புகளை வழங்கவும்"}.
-{"Only <enable/> or <disable/> tags are allowed","<anafice/> அல்லது <முடக்கு/> குறிச்சொற்கள் மட்டுமே அனுமதிக்கப்படுகின்றன"}.
-{"Only <list/> element is allowed in this query","இந்த வினவலில் <பட்டியல்/> உறுப்பு மட்டுமே அனுமதிக்கப்படுகிறது"}.
+{"Only <enable/> or <disable/> tags are allowed","<enable/>அல்லது <disable/> குறிச்சொற்கள் மட்டுமே அனுமதிக்கப்படுகின்றன"}.
+{"Only <list/> element is allowed in this query","இந்த வினவலில் <list/> உறுப்பு மட்டுமே அனுமதிக்கப்படுகிறது"}.
 {"Only members may query archives of this room","உறுப்பினர்கள் மட்டுமே இந்த அறையின் காப்பகங்களை வினவலாம்"}.
 {"Only moderators and participants are allowed to change the subject in this room","இந்த அறையில் உள்ள விசயத்தை மாற்ற மதிப்பீட்டாளர்கள் மற்றும் பங்கேற்பாளர்கள் மட்டுமே அனுமதிக்கப்படுகிறார்கள்"}.
 {"Only moderators are allowed to change the subject in this room","இந்த அறையில் உள்ள விசயத்தை மாற்ற மதிப்பீட்டாளர்கள் மட்டுமே அனுமதிக்கப்படுகிறார்கள்"}.
@@ -408,6 +411,7 @@
 {"Restore binary backup immediately:","பைனரி காப்புப்பிரதியை உடனடியாக மீட்டமைக்கவும்:"}.
 {"Restore plain text backup immediately:","எளிய உரை காப்புப்பிரதியை உடனடியாக மீட்டெடுக்கவும்:"}.
 {"Restore","மீட்டமை"}.
+{"Result","விளைவு"}.
 {"Roles and Affiliations that May Retrieve Member List","உறுப்பினர் பட்டியலை மீட்டெடுக்கக்கூடிய பாத்திரங்கள் மற்றும் இணைப்புகள்"}.
 {"Roles for which Presence is Broadcasted","இருப்பு ஒளிபரப்பப்படும் பாத்திரங்கள்"}.
 {"Roles that May Send Private Messages","தனிப்பட்ட செய்திகளை அனுப்பக்கூடிய பாத்திரங்கள்"}.
@@ -505,11 +509,11 @@
 {"The passwords are different","கடவுச்சொற்கள் வேறுபட்டவை"}.
 {"The presence states for which an entity wants to receive notifications","ஒரு நிறுவனம் அறிவிப்புகளைப் பெற விரும்பும் இருப்பு நிலைகள்"}.
 {"The query is only allowed from local users","வினவல் உள்ளக பயனர்களிடமிருந்து மட்டுமே அனுமதிக்கப்படுகிறது"}.
-{"The query must not contain <item/> elements","வினவலில் <பொருள்/> கூறுகள் இருக்கக்கூடாது"}.
+{"The query must not contain <item/> elements","வினவலில் <item/>கூறுகள் இருக்கக் கூடாது"}.
 {"The room subject can be modified by participants","அறை பொருள் பங்கேற்பாளர்களால் மாற்றப்படலாம்"}.
 {"The semantic type information of data in the node, usually specified by the namespace of the payload (if any)","முனையில் உள்ள தரவின் சொற்பொருள் வகை செய்தி, பொதுவாக பேலோடின் பெயர்வெளியால் குறிப்பிடப்படுகிறது (ஏதேனும் இருந்தால்)"}.
 {"The sender of the last received message","கடைசியாக பெறப்பட்ட செய்தியை அனுப்பு"}.
-{"The stanza MUST contain only one <active/> element, one <default/> element, or one <list/> element","ச்டான்சாவில் ஒரே <செயலில்/> உறுப்பு, ஒரு <இயல்புநிலை/> உறுப்பு அல்லது ஒரு <பட்டியல்/> உறுப்பு மட்டுமே இருக்க வேண்டும்"}.
+{"The stanza MUST contain only one <active/> element, one <default/> element, or one <list/> element","ச்டான்சாவில் ஒரே <active/> உறுப்பு, ஒரு <default/>உறுப்பு அல்லது ஒரு <list/>உறுப்பு மட்டுமே இருக்க வேண்டும்"}.
 {"The subscription identifier associated with the subscription request","சந்தா கோரிக்கையுடன் தொடர்புடைய சந்தா அடையாளங்காட்டி"}.
 {"The URL of an XSL transformation which can be applied to payloads in order to generate an appropriate message body element.","பொருத்தமான செய்தி உடல் உறுப்பை உருவாக்குவதற்காக பேலோடுகளுக்கு பயன்படுத்தக்கூடிய எக்ச்எச்எல் மாற்றத்தின் முகவரி."}.
 {"The URL of an XSL transformation which can be applied to the payload format in order to generate a valid Data Forms result that the client could display using a generic Data Forms rendering engine","செல்லுபடியாகும் தரவு படிவங்களை உருவாக்குவதற்காக பேலோட் வடிவத்தில் பயன்படுத்தக்கூடிய ஒரு எக்ச்எச்எல் உருமாற்றத்தின் முகவரி, கிளையன்ட் பொதுவான தரவு படிவங்கள் வழங்குதல் எஞ்சின் பயன்படுத்தி காண்பிக்க முடியும்"}.
@@ -530,8 +534,8 @@
 {"Too many active bytestreams","பல செயலில் உள்ள பைட்டிரீம்கள்"}.
 {"Too many CAPTCHA requests","பல கேப்ட்சா கோரிக்கைகள்"}.
 {"Too many child elements","பல குழந்தை கூறுகள்"}.
-{"Too many <item/> elements","பல <உருப்படி/> கூறுகள்"}.
-{"Too many <list/> elements","பல <பட்டியல்/> கூறுகள்"}.
+{"Too many <item/> elements","பல <item/> கூறுகள்"}.
+{"Too many <list/> elements","பல <list/> கூறுகள்"}.
 {"Too many (~p) failed authentications from this IP address (~s). The address will be unblocked at ~s UTC","இந்த ஐபி முகவரியிலிருந்து (~p) பல (~s) தோல்வியுற்ற அங்கீகாரங்கள் ~s. முகவரி UTC இல் தடைசெய்யப்படும்"}.
 {"Too many receiver fields were specified","அதிகமான ரிசீவர் புலங்கள் குறிப்பிடப்பட்டன"}.
 {"Too many unacked stanzas","பல அறியப்படாத சரணங்கள்"}.
@@ -548,7 +552,7 @@
 {"Uninstall","நிறுவல் நீக்க"}.
 {"Unregister an XMPP account","ஒரு எக்ச்எம்பிபி கணக்கை பதிவு செய்யவும்"}.
 {"Unregister","பதிவு செய்யப்படாதது"}.
-{"Unsupported <index/> element","ஆதரிக்கப்படாத <குறியீட்டு/> உறுப்பு"}.
+{"Unsupported <index/> element","ஆதரிக்கப்படாத <index/> உறுப்பு"}.
 {"Unsupported version","ஆதரிக்கப்படாத பதிப்பு"}.
 {"Update message of the day (don't send)","அன்றைய செய்தியைப் புதுப்பிக்கவும் (அனுப்ப வேண்டாம்)"}.
 {"Update message of the day on all hosts (don't send)","எல்லா ஓச்ட்களிலும் அன்றைய செய்தியைப் புதுப்பிக்கவும் (அனுப்ப வேண்டாம்)"}.
@@ -584,6 +588,7 @@
 {"Visitor","பார்வையாளர்"}.
 {"Voice requests are disabled in this conference","இந்த மாநாட்டில் குரல் கோரிக்கைகள் முடக்கப்பட்டுள்ளன"}.
 {"Voice request","குரல் கோரிக்கை"}.
+{"Web client which allows to join the room anonymously","அநாமதேயமாக அறையில் சேர அனுமதிக்கும் வலை கிளையண்ட்"}.
 {"Wednesday","புதன்கிழமை"}.
 {"When a new subscription is processed and whenever a subscriber comes online","புதிய சந்தா செயலாக்கப்படும் போது, சந்தாதாரர் ஆன்லைனில் வரும்போதெல்லாம்"}.
 {"When a new subscription is processed","புதிய சந்தா செயலாக்கப்படும் போது"}.

priv/msgs/uk.msg

@@ -149,7 +149,7 @@
 {"Failed to process option '~s'","Не вдалося обробити параметр \"~s\""}.
 {"Family Name","Прізвище"}.
 {"FAQ Entry","Запис в ЧаПи"}.
-{"February","лютого"}.
+{"February","Лютого"}.
 {"File larger than ~w bytes","Файл більший, ніж ~w байт"}.
 {"Fill in the form to search for any matching XMPP User","Заповніть форму для пошуку будь-якого відповідного користувача XMPP"}.
 {"Friday","П'ятниця"}.
@@ -209,14 +209,14 @@
 {"It is not allowed to send private messages of type \"groupchat\"","Не дозволяється надсилати приватні повідомлення типу \"groupchat\""}.
 {"It is not allowed to send private messages to the conference","Не дозволяється надсилати приватні повідомлення в конференцію"}.
 {"Jabber ID","Jabber ID"}.
-{"January","січня"}.
+{"January","Січня"}.
 {"JID normalization denied by service policy","Створювати конференцію заборонено політикою служби"}.
 {"JID normalization failed","Помилка нормалізації JID"}.
 {"Joined MIX channels of ~ts","Приєднався до каналів MIX ~ts"}.
 {"Joined MIX channels:","Приєднався до каналів MIX:"}.
 {"joins the room","увійшов(ла) в кімнату"}.
-{"July","липня"}.
-{"June","червня"}.
+{"July","Липня"}.
+{"June","Червня"}.
 {"Just created","Щойно створено"}.
 {"Last Activity","Останнє підключення"}.
 {"Last login","Останнє підключення"}.
@@ -313,12 +313,12 @@
 {"Node","Вузол"}.
 {"None","Немає"}.
 {"Not allowed","Не дозволяється"}.
-{"Not Found","не знайдено"}.
+{"Not Found","Не знайдено"}.
 {"Not subscribed","Не підписаний"}.
 {"Notify subscribers when items are removed from the node","Повідомляти абонентів про видалення публікацій із збірника"}.
 {"Notify subscribers when the node configuration changes","Повідомляти абонентів про зміни в конфігурації збірника"}.
 {"Notify subscribers when the node is deleted","Повідомляти абонентів про видалення збірника"}.
-{"November","листопада"}.
+{"November","Листопада"}.
 {"Number of answers required","Кількість необхідних відповідей"}.
 {"Number of occupants","Кількість присутніх"}.
 {"Number of Offline Messages","Кількість автономних повідомлень"}.
@@ -397,7 +397,7 @@
 {"Recipient is not in the conference room","Адресата немає в конференції"}.
 {"Register an XMPP account","Зареєструвати XMPP-запис"}.
 {"Register","Реєстрація"}.
-{"Remote copy","не зберігаеться локально"}.
+{"Remote copy","Віддалене копіювання"}.
 {"Remove a hat from a user","Зняти шапку з користувача"}.
 {"Remove User","Видалити користувача"}.
 {"Replaced by new connection","Замінено новим з'єднанням"}.
@@ -435,7 +435,7 @@
 {"Send announcement to all online users","Надіслати сповіщення всім підключеним користувачам"}.
 {"Send announcement to all users on all hosts","Надіслати сповіщення до усіх користувачів на усіх хостах"}.
 {"Send announcement to all users","Надіслати сповіщення всім користувачам"}.
-{"September","вересня"}.
+{"September","Вересня"}.
 {"Server:","Сервер:"}.
 {"Service list retrieval timed out","Час очікування отримання списку послуг минув"}.
 {"Session state copying timed out","Час очікування копіювання стану сеансу минув"}.
@@ -551,7 +551,7 @@
 {"Unexpected error condition: ~p","Умова несподіваної помилки: ~p"}.
 {"Uninstall","Видалити"}.
 {"Unregister an XMPP account","Видалити обліковий запис XMPP"}.
-{"Unregister","Видалити"}.
+{"Unregister","Скасувати реєстрацію"}.
 {"Unsupported <index/> element","Непідтримуваний елемент <index/>"}.
 {"Unsupported version","Непідтримувана версія"}.
 {"Update message of the day (don't send)","Оновити повідомлення дня (не надсилати)"}.
@@ -582,7 +582,7 @@
 {"Value 'set' of 'type' attribute is not allowed","Значення 'set' атрибута 'type' не допускається"}.
 {"vCard User Search","Пошук користувачів по vCard"}.
 {"View joined MIX channels","Перегляд приєднаних каналів MIX"}.
-{"Virtual Hosts","віртуальні хости"}.
+{"Virtual Hosts","Віртуальні хости"}.
 {"Visitors are not allowed to change their nicknames in this room","Відвідувачам не дозволяється змінювати псевдонім в цій кімнаті"}.
 {"Visitors are not allowed to send messages to all occupants","Відвідувачам не дозволяється надсилати повідомлення всім присутнім"}.
 {"Visitor","Відвідувач"}.

rebar.config

@@ -26,8 +26,8 @@
          {if_version_below, "24",
           {base64url, "~> 1.0", {git, "https://github.com/dvv/base64url", {tag, "1.0.1"}}}
         }},
-        {cache_tab, "~> 1.0.31", {git, "https://github.com/processone/cache_tab", {tag, "1.0.31"}}},
-        {eimp, "~> 1.0.24", {git, "https://github.com/processone/eimp", {tag, "1.0.24"}}},
+        {cache_tab, "~> 1.0.33", {git, "https://github.com/processone/cache_tab", {tag, "1.0.33"}}},
+        {eimp, "~> 1.0.26", {git, "https://github.com/processone/eimp", {tag, "1.0.26"}}},
         {if_var_true, pam,
          {epam, "~> 1.0.14", {git, "https://github.com/processone/epam", {tag, "1.0.14"}}}},
         {if_var_true, redis,
@@ -41,12 +41,12 @@
            {eredis, "~> 1.7.1", {git, "https://github.com/Nordix/eredis/", {tag, "v1.7.1"}}}
         }}},
         {if_var_true, sip,
-         {esip, "~> 1.0.57", {git, "https://github.com/processone/esip", {tag, "1.0.57"}}}},
+         {esip, "~> 1.0.58", {git, "https://github.com/processone/esip", {tag, "1.0.58"}}}},
         {if_var_true, zlib,
-         {ezlib, "~> 1.0.13", {git, "https://github.com/processone/ezlib", {tag, "1.0.13"}}}},
-        {fast_tls, "~> 1.1.22", {git, "https://github.com/processone/fast_tls", {tag, "1.1.22"}}},
-        {fast_xml, "~> 1.1.55", {git, "https://github.com/processone/fast_xml", {tag, "1.1.55"}}},
-        {fast_yaml, "~> 1.0.37", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.37"}}},
+         {ezlib, "~> 1.0.15", {git, "https://github.com/processone/ezlib", {tag, "1.0.15"}}}},
+        {fast_tls, "~> 1.1.24", {git, "https://github.com/processone/fast_tls", {tag, "1.1.24"}}},
+        {fast_xml, "~> 1.1.57", {git, "https://github.com/processone/fast_xml", {tag, "1.1.57"}}},
+        {fast_yaml, "~> 1.0.39", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.39"}}},
         {idna, "~> 6.0", {git, "https://github.com/benoitc/erlang-idna", {tag, "6.0.0"}}},
         {if_version_below, "27",
          {jiffy, "~> 1.1.1", {git, "https://github.com/davisp/jiffy", {tag, "1.1.1"}}}
@@ -63,22 +63,22 @@
           {luerl, "1.0.0", {git, "https://github.com/rvirding/luerl", {tag, "1.0"}}},
           {luerl, "~> 1.2.0", {git, "https://github.com/rvirding/luerl", {tag, "1.2"}}}
         }},
-        {mqtree, "~> 1.0.17", {git, "https://github.com/processone/mqtree", {tag, "1.0.17"}}},
-        {p1_acme, "~> 1.0.25", {git, "https://github.com/processone/p1_acme", {tag, "1.0.25"}}},
+        {mqtree, "~> 1.0.19", {git, "https://github.com/processone/mqtree", {tag, "1.0.19"}}},
+        {p1_acme, "~> 1.0.27", {git, "https://github.com/processone/p1_acme", {tag, "1.0.27"}}},
         {if_var_true, mysql,
          {p1_mysql, "~> 1.0.26", {git, "https://github.com/processone/p1_mysql", {tag, "1.0.26"}}}},
         {p1_oauth2, "~> 0.6.14", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.14"}}},
         {if_var_true, pgsql,
-         {p1_pgsql, "~> 1.1.32", {git, "https://github.com/processone/p1_pgsql", {tag, "1.1.32"}}}},
-        {p1_utils, "~> 1.0.27", {git, "https://github.com/processone/p1_utils", {tag, "1.0.27"}}},
+         {p1_pgsql, "~> 1.1.34", {git, "https://github.com/processone/p1_pgsql", {tag, "1.1.34"}}}},
+        {p1_utils, "~> 1.0.28", {git, "https://github.com/processone/p1_utils", {tag, "1.0.28"}}},
         {pkix, "~> 1.0.10", {git, "https://github.com/processone/pkix", {tag, "1.0.10"}}},
         {if_var_true, sqlite,
          {sqlite3, "~> 1.1.15", {git, "https://github.com/processone/erlang-sqlite3", {tag, "1.1.15"}}}},
-        {stringprep, "~> 1.0.31", {git, "https://github.com/processone/stringprep", {tag, "1.0.31"}}},
+        {stringprep, "~> 1.0.33", {git, "https://github.com/processone/stringprep", {tag, "1.0.33"}}},
         {if_var_true, stun,
-         {stun, "~> 1.2.17", {git, "https://github.com/processone/stun", {tag, "1.2.17"}}}},
-        {xmpp, "~> 1.10.0", {git, "https://github.com/processone/xmpp", {tag, "1.10.0"}}},
-        {yconf, "~> 1.0.18", {git, "https://github.com/processone/yconf", {tag, "1.0.18"}}}
+         {stun, "~> 1.2.20", {git, "https://github.com/processone/stun", {tag, "1.2.20"}}}},
+        {xmpp, "~> 1.11.0", {git, "https://github.com/processone/xmpp", {tag, "1.11.0"}}},
+        {yconf, "~> 1.0.20", {git, "https://github.com/processone/yconf", {tag, "1.0.20"}}}
        ]}.
 
 {gitonly_deps, [ejabberd_po]}.
@@ -165,7 +165,7 @@
                        }]}}.
 {if_rebar3, {project_plugins, [configure_deps,
                                {if_var_true, tools, rebar3_format},
-                               {if_var_true, tools, rebar3_lint}
+                               {if_var_true, tools, {rebar3_lint, "4.1.1"}}
                               ]}}.
 {if_not_rebar3, {plugins, [
                            deps_erl_opts, override_deps_versions2, override_opts, configure_deps
@@ -255,6 +255,7 @@
 
 {cover_enabled, true}.
 {cover_export_enabled, true}.
+{cover_excl_mods, [eldap_filter_yecc]}.
 {coveralls_coverdata, "_build/test/cover/ct.coverdata"}.
 {coveralls_service_name, "github"}.
 

rebar.lock

@@ -1,86 +1,86 @@
 {"1.2.0",
 [{<<"base64url">>,{pkg,<<"base64url">>,<<"1.0.1">>},1},
- {<<"cache_tab">>,{pkg,<<"cache_tab">>,<<"1.0.31">>},0},
- {<<"eimp">>,{pkg,<<"eimp">>,<<"1.0.24">>},0},
+ {<<"cache_tab">>,{pkg,<<"cache_tab">>,<<"1.0.33">>},0},
+ {<<"eimp">>,{pkg,<<"eimp">>,<<"1.0.26">>},0},
  {<<"epam">>,{pkg,<<"epam">>,<<"1.0.14">>},0},
  {<<"eredis">>,{pkg,<<"eredis">>,<<"1.7.1">>},0},
- {<<"esip">>,{pkg,<<"esip">>,<<"1.0.57">>},0},
- {<<"ezlib">>,{pkg,<<"ezlib">>,<<"1.0.13">>},0},
- {<<"fast_tls">>,{pkg,<<"fast_tls">>,<<"1.1.22">>},0},
- {<<"fast_xml">>,{pkg,<<"fast_xml">>,<<"1.1.55">>},0},
- {<<"fast_yaml">>,{pkg,<<"fast_yaml">>,<<"1.0.37">>},0},
+ {<<"esip">>,{pkg,<<"esip">>,<<"1.0.58">>},0},
+ {<<"ezlib">>,{pkg,<<"ezlib">>,<<"1.0.15">>},0},
+ {<<"fast_tls">>,{pkg,<<"fast_tls">>,<<"1.1.24">>},0},
+ {<<"fast_xml">>,{pkg,<<"fast_xml">>,<<"1.1.57">>},0},
+ {<<"fast_yaml">>,{pkg,<<"fast_yaml">>,<<"1.0.39">>},0},
  {<<"idna">>,{pkg,<<"idna">>,<<"6.1.1">>},0},
  {<<"jiffy">>,{pkg,<<"jiffy">>,<<"1.1.2">>},1},
  {<<"jose">>,{pkg,<<"jose">>,<<"1.11.10">>},0},
  {<<"luerl">>,{pkg,<<"luerl">>,<<"1.2.3">>},0},
- {<<"mqtree">>,{pkg,<<"mqtree">>,<<"1.0.17">>},0},
- {<<"p1_acme">>,{pkg,<<"p1_acme">>,<<"1.0.25">>},0},
+ {<<"mqtree">>,{pkg,<<"mqtree">>,<<"1.0.19">>},0},
+ {<<"p1_acme">>,{pkg,<<"p1_acme">>,<<"1.0.27">>},0},
  {<<"p1_mysql">>,{pkg,<<"p1_mysql">>,<<"1.0.26">>},0},
  {<<"p1_oauth2">>,{pkg,<<"p1_oauth2">>,<<"0.6.14">>},0},
- {<<"p1_pgsql">>,{pkg,<<"p1_pgsql">>,<<"1.1.32">>},0},
- {<<"p1_utils">>,{pkg,<<"p1_utils">>,<<"1.0.27">>},0},
+ {<<"p1_pgsql">>,{pkg,<<"p1_pgsql">>,<<"1.1.34">>},0},
+ {<<"p1_utils">>,{pkg,<<"p1_utils">>,<<"1.0.28">>},0},
  {<<"pkix">>,{pkg,<<"pkix">>,<<"1.0.10">>},0},
  {<<"sqlite3">>,{pkg,<<"sqlite3">>,<<"1.1.15">>},0},
- {<<"stringprep">>,{pkg,<<"stringprep">>,<<"1.0.31">>},0},
- {<<"stun">>,{pkg,<<"stun">>,<<"1.2.17">>},0},
- {<<"unicode_util_compat">>,{pkg,<<"unicode_util_compat">>,<<"0.7.0">>},1},
- {<<"xmpp">>,{pkg,<<"xmpp">>,<<"1.10.0">>},0},
- {<<"yconf">>,{pkg,<<"yconf">>,<<"1.0.18">>},0}]}.
+ {<<"stringprep">>,{pkg,<<"stringprep">>,<<"1.0.33">>},0},
+ {<<"stun">>,{pkg,<<"stun">>,<<"1.2.20">>},0},
+ {<<"unicode_util_compat">>,{pkg,<<"unicode_util_compat">>,<<"0.7.1">>},1},
+ {<<"xmpp">>,{pkg,<<"xmpp">>,<<"1.11.0">>},0},
+ {<<"yconf">>,{pkg,<<"yconf">>,<<"1.0.20">>},0}]}.
 [
 {pkg_hash,[
  {<<"base64url">>, <<"F8C7F2DA04CA9A5D0F5F50258F055E1D699F0E8BF4CFDB30B750865368403CF6">>},
- {<<"cache_tab">>, <<"E4097B50A6F373AB1E0A5F01BAB0BEF6626771A4CD6C93404ED6D54810E11FBC">>},
- {<<"eimp">>, <<"853DB317BA394D479D2F1181E0B0135A3CD3C2C7EB48FF6CFB035A28DD354B14">>},
+ {<<"cache_tab">>, <<"E2542AFB34F17EE3CA19D2B0F546A074922C2B99FB6B2ACFB38160D7D0336EC3">>},
+ {<<"eimp">>, <<"C0B05F32E35629C4D9BCFB832FF879A92B0F92B19844BC7835E0A45635F2899A">>},
  {<<"epam">>, <<"AA0B85D27F4EF3A756AE995179DF952A0721237E83C6B79D644347B75016681A">>},
  {<<"eredis">>, <<"39E31AA02ADCD651C657F39AAFD4D31A9B2F63C6C700DC9CECE98D4BC3C897AB">>},
- {<<"esip">>, <<"4B14E4832D08B9FFC10D855B5D10B3083232B1D53DEB4C046679496CE85569C4">>},
- {<<"ezlib">>, <<"3C7F62862850A241159C10B218ECF580BCE54D0890601B65144DACC2633BE2B0">>},
- {<<"fast_tls">>, <<"44356B256AFAD4399C2FC5059A3066669DAFD8BD4E4E796C9C1CF8910DDD265E">>},
- {<<"fast_xml">>, <<"ACE020F2521F2A484AC8467D2822AF85534A346E2AAE03FFCBC34F29318BEFAF">>},
- {<<"fast_yaml">>, <<"F71D472FBF787CCD161B914D1EB486116A0F4F2E835337A378FBD31B59D2E74B">>},
+ {<<"esip">>, <<"96BF0C07271F86F03F42778D4A1237099BAEC0714D00B0B815EB42D0007F73B4">>},
+ {<<"ezlib">>, <<"D74F5DF191784744726A5B1AE9062522C606334F11086363385EB3B772D91357">>},
+ {<<"fast_tls">>, <<"5492125689E3D84C101323A0BFF3D3996B92A903832530FE4F0935ED30B1B7D1">>},
+ {<<"fast_xml">>, <<"31EFC0F9BCEDA92069704F7A25830407DA5DC3DAD1272B810D6F2E13E73CC11A">>},
+ {<<"fast_yaml">>, <<"2E71168091949BAB0E5F583B340A99072B4D22D93EB86624E7850A12B1517BE4">>},
  {<<"idna">>, <<"8A63070E9F7D0C62EB9D9FCB360A7DE382448200FBBD1B106CC96D3D8099DF8D">>},
  {<<"jiffy">>, <<"A9B6C9A7EC268E7CF493D028F0A4C9144F59CCB878B1AFE42841597800840A1B">>},
  {<<"jose">>, <<"A903F5227417BD2A08C8A00A0CBCC458118BE84480955E8D251297A425723F83">>},
  {<<"luerl">>, <<"DF25F41944E57A7C4D9EF09D238BC3E850276C46039CFC12B8BB42ECCF36FCB1">>},
- {<<"mqtree">>, <<"82F54B8F2D22B4445DB1D6CCCB7FE9EAD049D61410C29E32475F3CEB3EE62A89">>},
- {<<"p1_acme">>, <<"DB91F0D6C193CD1D5C0B0FA3939A898DBF56A6075DB4347CDE26E802715DE50C">>},
+ {<<"mqtree">>, <<"D769C25F898810725FC7DB0DBFFE5F72098647048B1BE2E6D772F1C2F31D8476">>},
+ {<<"p1_acme">>, <<"43D565CF0E22DA51033AE329E773CCAD0F44C4CB9C7199D0863F522E570F2767">>},
  {<<"p1_mysql">>, <<"574D07C9936C53B1EC3556DB3CF064CC14A6C39039835B3D940471BFA5AC8E2B">>},
  {<<"p1_oauth2">>, <<"1C5F82535574DE87E2059695AC4B91F8F9AEBACBC1C80287DAE6F02552D47AEA">>},
- {<<"p1_pgsql">>, <<"3F95D7E3413FC8F0BE80ABB4BE1A0D7F67066A36905085CD5A423145598B0CB0">>},
- {<<"p1_utils">>, <<"F468D84C6FFA6E4B12A6160826DCF2D015527189D57865568A78B49C5ED972A1">>},
+ {<<"p1_pgsql">>, <<"D36BD0D6C9765A47D075A87AD5E3FC3BFD153BDC4C07A1217B9979F33F73E9AA">>},
+ {<<"p1_utils">>, <<"9A7088A98D788B4C4880FD3C82D0C135650DB13F2E4EF7E10DB179791BC94D59">>},
  {<<"pkix">>, <<"D3BFADF7B7CFE2A3636F1B256C9CCE5F646A07CE31E57EE527668502850765A0">>},
  {<<"sqlite3">>, <<"E819DEFD280145C328457D7AF897D2E45E8E5270E18812EE30B607C99CDD21AF">>},
- {<<"stringprep">>, <<"FA1688C156DD271722AA18C423A4163E710D2F4F475AD0BC220910DF669B53AF">>},
- {<<"stun">>, <<"C54614A592812EA125A2E6827AAC5A438571B591616426EC1419BA9B48252F54">>},
- {<<"unicode_util_compat">>, <<"BC84380C9AB48177092F43AC89E4DFA2C6D62B40B8BD132B1059ECC7232F9A78">>},
- {<<"xmpp">>, <<"68A6DFF8DB8987C4592B2D5DD71D3F947B4EBD15209C9ACACA5909A642670630">>},
- {<<"yconf">>, <<"E565EDC8AABB8164C3BEBC86969095D296AD315DCBB46AF65DCCBC6C71EAE0F6">>}]},
+ {<<"stringprep">>, <<"22F42866B4F6F3C238EA2B9CB6241791184DDEDBAB55E94A025511F46325F3CA">>},
+ {<<"stun">>, <<"62A149CEA122A78A104B9E064A12D9E33105B26C23168ECF3AEA6E0C26DE0748">>},
+ {<<"unicode_util_compat">>, <<"A48703A25C170EEDADCA83B11E88985AF08D35F37C6F664D6DCFB106A97782FC">>},
+ {<<"xmpp">>, <<"A3158C486C9B86A7090C361D876DB622381F4312EDE8C125D7A52AD390387932">>},
+ {<<"yconf">>, <<"F2B38DB613FA826966E8D22BDC3E3EBAE46919F2A27AB149A5A086C1D99D3BBD">>}]},
 {pkg_hash_ext,[
  {<<"base64url">>, <<"F9B3ADD4731A02A9B0410398B475B33E7566A695365237A6BDEE1BB447719F5C">>},
- {<<"cache_tab">>, <<"8582B60A4A09B247EF86355BA9E07FCE9E11EDC0345A775C9171F971C72B6351">>},
- {<<"eimp">>, <<"7D61432EB8A45659C0BE475F44E75EEB651743AA64A1DE8ADF785CDAD81961AD">>},
+ {<<"cache_tab">>, <<"4258009EB050B22AABE0C848E230BBA58401A6895C58C2FF74DFB635E3C35900">>},
+ {<<"eimp">>, <<"D96D4E8572B9DFC40F271E47F0CB1D8849373BC98A21223268781765ED52044C">>},
  {<<"epam">>, <<"2F3449E72885A72A6C2A843F561ADD0FC2F70D7A21F61456930A547473D4D989">>},
  {<<"eredis">>, <<"7C2B54C566FED55FEEF3341CA79B0100A6348FD3F162184B7ED5118D258C3CC1">>},
- {<<"esip">>, <<"19C357E1817B1E04792EF359BF900400F3E6D0E5ADE929FD72F88EA9B44AF2ED">>},
- {<<"ezlib">>, <<"9EE62AB3F8ED55A0FD11A9569FCB8E458683F95575417272192B069F092ABFBB">>},
- {<<"fast_tls">>, <<"E65779AEFB7AB15C4755230FEF8077E687D20CC5A3984A5974F9F657E8E2485B">>},
- {<<"fast_xml">>, <<"83F3E23A780ED5F567CDEC73953F06C95B838D709DBFA86B59A98A8D23C99F85">>},
- {<<"fast_yaml">>, <<"8DE868721BF7E2172414F7D3148EDE0F3C922B496455CD625DD5C4429515A769">>},
+ {<<"esip">>, <<"E0F4204A5EDE0FA7D00DA3CC42F6440AA362BAC7FAF536F71EA29FA3F0FA7C75">>},
+ {<<"ezlib">>, <<"DD14BA6C12521AF5CFE6923E73E3D545F4A0897DC66BFAB5287FBB7AE3962EAB">>},
+ {<<"fast_tls">>, <<"FFF88ADA39FAD10464567A160643F4529EF4AED49D156919F5D1F415B6CDBBB6">>},
+ {<<"fast_xml">>, <<"EEC34E90ADACAFE467D5DDAB635A014DED73B98B4061554B2D1972173D929C39">>},
+ {<<"fast_yaml">>, <<"24C7B9AB9E2B9269D64E45F4A2A1280966ADB17D31E63365CFD3EE277FB0A78D">>},
  {<<"idna">>, <<"92376EB7894412ED19AC475E4A86F7B413C1B9FBB5BD16DCCD57934157944CEA">>},
  {<<"jiffy">>, <<"BB61BC42A720BBD33CB09A410E48BB79A61012C74CB8B3E75F26D988485CF381">>},
  {<<"jose">>, <<"0D6CD36FF8BA174DB29148FC112B5842186B68A90CE9FC2B3EC3AFE76593E614">>},
  {<<"luerl">>, <<"1B4B9D0CA5D7D280D1D2787A6A5EE9F5A212641B62BFF91556BAA53805DF3AED">>},
- {<<"mqtree">>, <<"5FE8B7CF8FBC4783D0FCEB94654AC2BBF3242A58CD0397D249DED8AE021BE2A3">>},
- {<<"p1_acme">>, <<"A7B55B47495DDB4F98A15E65451EC3AD43F4637B955C74CD695D98E6A645D08C">>},
+ {<<"mqtree">>, <<"C81065715C49A1882812F80A5AE2D842E80DD3F2D130530DF35990248BF8CE3C">>},
+ {<<"p1_acme">>, <<"AA64B6A8856B1A229A128BEA27631DE2E1A2219835E3A833FA11137143A8D773">>},
  {<<"p1_mysql">>, <<"EA138083F2C54719B9CF549DBF5802A288B0019EA3E5449B354C74CC03FAFDEC">>},
  {<<"p1_oauth2">>, <<"1FD3AC474E43722D9D5A87C6DF8D36F698ED87AF7BB81CBBB66361451D99AE8F">>},
- {<<"p1_pgsql">>, <<"268B01E8F4EB75C211A31495A25C2815C549AECCE2F0DF1A161C6E0A2CDE061E">>},
- {<<"p1_utils">>, <<"F1AF942B0A62BCFA0D59FBE30679BE4FFEB5E241A0C49ED5F094DB2F5B80F5E0">>},
+ {<<"p1_pgsql">>, <<"CB0E32E086C9C35D0E3E966E3863D832737C7B4D2B5F147316A465C0B243EA7F">>},
+ {<<"p1_utils">>, <<"C49BD44BC4A40AD996691AF826DD7E0AA56D4D0CD730817190A1F84D1A7F0033">>},
  {<<"pkix">>, <<"E02164F83094CB124C41B1AB28988A615D54B9ADC38575F00F19A597A3AC5D0E">>},
  {<<"sqlite3">>, <<"3C0BA4E13322C2AD49DE4E2DDD28311366ADDE54BEAE8DBA9D9E3888F69D2857">>},
- {<<"stringprep">>, <<"E9699C88E8DB16B3A41F0E45AC6874A4DA81A6E4854A77D76EDE6D09B08E3530">>},
- {<<"stun">>, <<"6B318244C21E8524A9AAE3AC9A05CD8234EE994C1C2C815DE68D306086AD768D">>},
- {<<"unicode_util_compat">>, <<"25EEE6D67DF61960CF6A794239566599B09E17E668D3700247BC498638152521">>},
- {<<"xmpp">>, <<"CEEAE43B8FE97649D8F8546B3F7F2B38ECFC931C0CDD5C7445FFB3F80FCB7D85">>},
- {<<"yconf">>, <<"FA950EC6503F92D6417FB8CC1D982403F041697E8E1BBF4D4588FB919B9562EA">>}]}
+ {<<"stringprep">>, <<"96F8B30BC50887F605B33B46BCA1D248C19A879319B8C482790E3B4DA5DA98C0">>},
+ {<<"stun">>, <<"79E49F826A4F7D522C939AB633D935C79D7D6B229E4CB7E05F62F33B50177414">>},
+ {<<"unicode_util_compat">>, <<"B3A917854CE3AE233619744AD1E0102E05673136776FB2FA76234F3E03B23642">>},
+ {<<"xmpp">>, <<"34A191D6A3B74E8F0A42346F859E2CAB5B3A2AE7E5C28F392E5CB56612E7CE85">>},
+ {<<"yconf">>, <<"F2B3D730756FC2E4AFD1C0B0AB6EFB99F0E448952D25DC15ED75AC1635BF8882">>}]}
 ].

sql/mysql.sql

@@ -18,7 +18,7 @@
 
 CREATE TABLE users (
     username varchar(191) NOT NULL,
-    type smallint NOT NULL,,
+    type smallint NOT NULL,
     password text NOT NULL,
     serverkey varchar(128) NOT NULL DEFAULT '',
     salt varchar(128) NOT NULL DEFAULT '',

sql/pg.new.sql

@@ -20,7 +20,7 @@
 
 -- ALTER TABLE users ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
 -- ALTER TABLE users DROP CONSTRAINT users_pkey;
--- ALTER TABLE users ADD PRIMARY KEY (server_host, username);
+-- ALTER TABLE users ADD PRIMARY KEY (server_host, username, "type");
 -- ALTER TABLE users ALTER COLUMN server_host DROP DEFAULT;
 
 -- ALTER TABLE last ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';

sql/pg.sql

@@ -18,7 +18,7 @@
 
 CREATE TABLE users (
     username text NOT NULL,
-    "type" smallint NOT NULL
+    "type" smallint NOT NULL,
     "password" text NOT NULL,
     serverkey text NOT NULL DEFAULT '',
     salt text NOT NULL DEFAULT '',

src/ejabberd.erl

@@ -42,7 +42,6 @@
 -protocol({xep, 388, '0.4.0', '24.02', "complete", ""}).
 -protocol({xep, 440, '0.4.0', '24.02', "complete", ""}).
 -protocol({xep, 474, '0.4.0', '24.02', "complete", "0.4.0 since 25.03"}).
--protocol({xep, 485, '0.2.0', '24.02', "complete", "mod_pubsub_serverinfo in ejabberd-contrib.git"}).
 
 -export([start/0, stop/0, halt/0, start_app/1, start_app/2,
 	 get_pid_file/0, check_apps/0, module_name/1, is_loaded/0]).

src/ejabberd_app.erl

@@ -44,6 +44,7 @@ start(normal, _Args) ->
 	ejabberd_logger:start(),
 	write_pid_file(),
 	start_included_apps(),
+	misc:warn_unset_home(),
 	start_elixir_application(),
 	setup_if_elixir_conf_used(),
 	case ejabberd_config:load() of
@@ -108,6 +109,7 @@ prep_stop(State) ->
     ejabberd_service:stop(),
     ejabberd_s2s:stop(),
     ejabberd_system_monitor:stop(),
+    gen_mod:prep_stop(),
     gen_mod:stop(),
     State.
 
@@ -176,6 +178,10 @@ file_queue_init() ->
 	Err -> throw({?MODULE, Err})
     end.
 
+%%%
+%%% Elixir
+%%%
+
 -ifdef(ELIXIR_ENABLED).
 is_using_elixir_config() ->
     Config = ejabberd_config:path(),

src/ejabberd_auth.erl

@@ -423,9 +423,8 @@ count_users(Server, Opts) ->
 
 -spec get_password(binary(), binary()) -> false | [password()].
 get_password(User, Server) ->
-    case get_password_with_authmodule(User, Server) of
-	{Passwords, _} -> Passwords
-    end.
+    {Passwords, _} = get_password_with_authmodule(User, Server),
+    Passwords.
 
 -spec get_password_s(binary(), binary()) -> password().
 get_password_s(User, Server) ->
@@ -756,7 +755,7 @@ db_set_password(User, Server, PlainPassword, Passwords, Mod) ->
 		  end
 	  end,
     case Ret of
-	{ok, _} -> ok;
+	{ok, _} -> ejabberd_hooks:run(set_password, Server, [User, Server]);
 	{error, _} = Err -> Err
     end.
 
@@ -815,7 +814,7 @@ db_user_exists(User, Server, Mod) ->
 			  end,
 		    case Val of
 			{ok, _} ->
-			    {true, Mod /= ejabberd_auth_anonymous} ;
+			    {true, Mod /= ejabberd_auth_anonymous};
 			not_found ->
 			    {false, Mod /= ejabberd_auth_anonymous};
 			error ->

src/ejabberd_auth_sql.erl

@@ -258,13 +258,6 @@ drop_password_type(LServer, Hash) ->
 	?SQL("delete from users"
 	     " where type=%(Type)d and %(LServer)H")).
 
-scram_hash_encode(Hash, StoreKey) ->
-    case Hash of
-	sha -> StoreKey;
-	sha256 -> <<"sha256:", StoreKey/binary>>;
-	sha512 -> <<"sha512:", StoreKey/binary>>
-    end.
-
 set_password_scram_t(LUser, LServer, Hash,
                      StoredKey, ServerKey, Salt, IterationCount) ->
     Type = hash_to_num(Hash),
@@ -406,40 +399,44 @@ which_users_exists(LServer, LUsers) ->
 
 export(_Server) ->
     [{passwd,
-      fun(Host, #passwd{us = {LUser, LServer}, password = Password})
+      fun(Host, #passwd{us = {LUser, LServer, plain}, password = Password})
             when LServer == Host,
                  is_binary(Password) ->
-              [?SQL("delete from users where username=%(LUser)s and %(LServer)H;"),
+              [?SQL("delete from users where username=%(LUser)s and type=1 and %(LServer)H;"),
                ?SQL_INSERT(
                   "users",
                   ["username=%(LUser)s",
                    "server_host=%(LServer)s",
+                   "type=1",
                    "password=%(Password)s"])];
-         (Host, {passwd, {LUser, LServer},
-                         {scram, StoredKey1, ServerKey, Salt, IterationCount}})
+         (Host, {passwd, {LUser, LServer, _},
+                         {scram, StoredKey, ServerKey, Salt, IterationCount}})
             when LServer == Host ->
               Hash = sha,
-              StoredKey = scram_hash_encode(Hash, StoredKey1),
-              [?SQL("delete from users where username=%(LUser)s and %(LServer)H;"),
+              Type = hash_to_num(Hash),
+              [?SQL("delete from users where username=%(LUser)s and type=%(Type)d and %(LServer)H;"),
                ?SQL_INSERT(
                   "users",
                   ["username=%(LUser)s",
                    "server_host=%(LServer)s",
+                   "type=%(Type)d",
                    "password=%(StoredKey)s",
                    "serverkey=%(ServerKey)s",
                    "salt=%(Salt)s",
                    "iterationcount=%(IterationCount)d"])];
-         (Host, #passwd{us = {LUser, LServer}, password = #scram{} = Scram})
+         (Host, #passwd{us = {LUser, LServer, _}, password = #scram{} = Scram})
             when LServer == Host ->
-	      StoredKey = scram_hash_encode(Scram#scram.hash, Scram#scram.storedkey),
+	      StoredKey = Scram#scram.storedkey,
               ServerKey = Scram#scram.serverkey,
               Salt = Scram#scram.salt,
               IterationCount = Scram#scram.iterationcount,
-              [?SQL("delete from users where username=%(LUser)s and %(LServer)H;"),
+              Type = hash_to_num(Scram#scram.hash),
+              [?SQL("delete from users where username=%(LUser)s and type=%(Type)d and %(LServer)H;"),
                ?SQL_INSERT(
                   "users",
                   ["username=%(LUser)s",
                    "server_host=%(LServer)s",
+                   "type=%(Type)d",
                    "password=%(StoredKey)s",
                    "serverkey=%(ServerKey)s",
                    "salt=%(Salt)s",

src/ejabberd_c2s.erl

@@ -440,21 +440,32 @@ sasl_mechanisms(Mechs, #{lserver := LServer, stream_encrypted := Encrypted} = St
 	end,
     %% I re-created it from cyrsasl ets magic, but I think it's wrong
     %% TODO: need to check before 18.09 release
-    lists:filter(
-      fun(<<"ANONYMOUS">>) ->
-	      ejabberd_auth_anonymous:is_sasl_anonymous_enabled(LServer);
-	 (<<"DIGEST-MD5">>) -> Digest;
-	 (<<"SCRAM-SHA-1">>) -> ShaAv;
-	 (<<"SCRAM-SHA-1-PLUS">>) -> ShaAv andalso Encrypted;
-	 (<<"SCRAM-SHA-256">>) -> Sha256Av;
-	 (<<"SCRAM-SHA-256-PLUS">>) -> Sha256Av andalso Encrypted;
-	 (<<"SCRAM-SHA-512">>) -> Sha512Av;
-	 (<<"SCRAM-SHA-512-PLUS">>) -> Sha512Av andalso Encrypted;
-	 (<<"PLAIN">>) -> true;
-	 (<<"X-OAUTH2">>) -> [ejabberd_auth_anonymous] /= ejabberd_auth:auth_modules(LServer);
-	 (<<"EXTERNAL">>) -> maps:get(tls_verify, State, false);
-	 (_) -> false
-      end, Mechs -- Mechs1).
+    Mechs2 = lists:filter(
+	fun(<<"ANONYMOUS">>) ->
+	    ejabberd_auth_anonymous:is_sasl_anonymous_enabled(LServer);
+	   (<<"DIGEST-MD5">>) -> Digest;
+	   (<<"SCRAM-SHA-1">>) -> ShaAv;
+	   (<<"SCRAM-SHA-1-PLUS">>) -> ShaAv andalso Encrypted;
+	   (<<"SCRAM-SHA-256">>) -> Sha256Av;
+	   (<<"SCRAM-SHA-256-PLUS">>) -> Sha256Av andalso Encrypted;
+	   (<<"SCRAM-SHA-512">>) -> Sha512Av;
+	   (<<"SCRAM-SHA-512-PLUS">>) -> Sha512Av andalso Encrypted;
+	   (<<"PLAIN">>) -> true;
+	   (<<"X-OAUTH2">>) -> [ejabberd_auth_anonymous] /= ejabberd_auth:auth_modules(LServer);
+	   (<<"EXTERNAL">>) -> maps:get(tls_verify, State, false);
+	   (_) -> false
+	end, Mechs -- Mechs1),
+    case ejabberd_option:auth_password_types_hidden_in_scram1() of
+	[] -> Mechs2;
+	List ->
+	    Mechs3 = lists:foldl(
+		fun(plain, Acc) -> Acc -- [<<"PLAIN">>];
+		   (scram_sha1, Acc) -> Acc -- [<<"SCRAM-SHA-1">>, <<"SCRAM-SHA-1-PLUS">>];
+		   (scram_sha256, Acc) -> Acc -- [<<"SCRAM-SHA-256">>, <<"SCRAM-SHA-256-PLUS">>];
+		   (scram_sha512, Acc) -> Acc -- [<<"SCRAM-SHA-512">>, <<"SCRAM-SHA-512-PLUS">>]
+		end, Mechs2, List),
+	    {Mechs3, Mechs2}
+    end.
 
 sasl_options(#{lserver := LServer}) ->
     case ejabberd_option:disable_sasl_scram_downgrade_protection(LServer) of

src/ejabberd_commands_doc.erl

@@ -398,7 +398,7 @@ gen_doc(#ejabberd_commands{name=Name, tags=Tags, desc=Desc, longdesc=LongDesc,
         TagsText = ?RAW(string:join(["_`"++atom_to_list(Tag)++"`_" || Tag <- Tags], ", ")),
         IsDefinerMod = case Definer of
                          unknown -> false;
-                         _ -> lists:member(gen_mod, proplists:get_value(behaviour, Definer:module_info(attributes)))
+                         _ -> lists:member(gen_mod, lists:flatten(proplists:get_all_values(behaviour, Definer:module_info(attributes))))
                      end,
         ModuleText = case IsDefinerMod of
                        true ->

src/ejabberd_config.erl

@@ -39,6 +39,7 @@
 -export([callback_modules/1]).
 -export([set_option/2]).
 -export([get_defined_keywords/1, get_predefined_keywords/1, replace_keywords/2, replace_keywords/3]).
+-export([resolve_host_alias/1]).
 
 %% Deprecated functions
 -export([get_option/2]).
@@ -340,7 +341,12 @@ may_hide_data(Data) ->
 -spec env_binary_to_list(atom(), atom()) -> {ok, any()} | undefined.
 env_binary_to_list(Application, Parameter) ->
     %% Application need to be loaded to allow setting parameters
-    application:load(Application),
+    case proplists:is_defined(Application, application:loaded_applications()) of
+        true ->
+            ok;
+        false ->
+            application:load(Application)
+    end,
     case application:get_env(Application, Parameter) of
         {ok, Val} when is_binary(Val) ->
             BVal = binary_to_list(Val),
@@ -503,13 +509,60 @@ get_predefined_keywords(Host) ->
             _ ->
                 [{<<"HOST">>, Host}]
         end,
-    {ok, [[Home]]} = init:get_argument(home),
+    Home = misc:get_home(),
+    ConfigDirPath =
+        iolist_to_binary(filename:dirname(
+                             ejabberd_config:path())),
+    LogDirPath =
+        iolist_to_binary(filename:dirname(
+                             ejabberd_logger:get_log_path())),
     HostList
     ++ [{<<"HOME">>, list_to_binary(Home)},
+        {<<"CONFIG_PATH">>, ConfigDirPath},
+        {<<"LOG_PATH">>, LogDirPath},
         {<<"SEMVER">>, ejabberd_option:version()},
         {<<"VERSION">>,
          misc:semver_to_xxyy(
              ejabberd_option:version())}].
+
+resolve_host_alias(Host) ->
+    case lists:member(Host, ejabberd_option:hosts()) of
+        true ->
+            Host;
+        false ->
+            resolve_host_alias2(Host)
+    end.
+
+resolve_host_alias2(Host) ->
+    Result =
+        lists:filter(fun({Alias1, _Vhost}) -> is_glob_match(Host, Alias1) end,
+                     ejabberd_option:hosts_alias()),
+    case Result of
+        [{_, Vhost} | _] when is_binary(Vhost) ->
+            ?DEBUG("(~p) Alias host '~s' resolved into vhost '~s'", [self(), Host, Vhost]),
+            Vhost;
+        [] ->
+            ?DEBUG("(~p) Request sent to host '~s', which isn't a vhost or an alias",
+                   [self(), Host]),
+            Host
+    end.
+
+%% Copied from ejabberd-2.0.0/src/acl.erl
+is_regexp_match(String, RegExp) ->
+    case ejabberd_regexp:run(String, RegExp) of
+        nomatch ->
+            false;
+        match ->
+            true;
+        {error, ErrDesc} ->
+            io:format("Wrong regexp ~p in ACL: ~p", [RegExp, ErrDesc]),
+            false
+    end.
+
+is_glob_match(String, <<"!", Glob/binary>>) ->
+    not is_regexp_match(String, ejabberd_regexp:sh_to_awk(Glob));
+is_glob_match(String, Glob) ->
+    is_regexp_match(String, ejabberd_regexp:sh_to_awk(Glob)).
 %% @format-end
 
 %%%===================================================================
@@ -582,7 +635,14 @@ callback_modules(all) ->
 
 -ifdef(OTP_BELOW_25).
 lists_uniq(List) ->
-    lists:usort(List).
+    {Res, _} = lists:foldr(
+	fun(El, {Result, Existing} = Acc) ->
+	    case maps:is_key(El, Existing) of
+		true -> Acc;
+		_ -> {[El | Result], Existing#{El => true}}
+	    end
+	end, {[], #{}}, List),
+    Res.
 -else.
 lists_uniq(List) ->
     lists:uniq(List).
@@ -656,7 +716,7 @@ get_additional_macros() ->
 
 parse_macro_string(MacroString) ->
     [NameString, ValueString] = string:split(MacroString, "="),
-    {ok, [ValueDecoded]} = fast_yaml:decode(ValueString, [plain_as_atom]),
+    {ok, [ValueDecoded]} = fast_yaml:decode(ValueString),
     {list_to_atom(NameString), ValueDecoded}.
 
 read_yaml_files(Files, Opts) ->

src/ejabberd_http.erl

@@ -66,7 +66,6 @@
 		request_headers = [],
 		end_of_request = false,
 		options = [],
-		default_host,
 		custom_headers,
 		trail = <<>>,
 		allow_unencrypted_sasl2,
@@ -170,9 +169,8 @@ send_file(State, Fd, Size, FileName) ->
     try
 	case State#state.sockmod of
 	    gen_tcp ->
-		case file:sendfile(Fd, State#state.socket, 0, Size, []) of
-		    {ok, _} -> ok
-		end;
+		{ok, _} = file:sendfile(Fd, State#state.socket, 0, Size, []),
+		ok;
 	    _ ->
 		case file:read(Fd, ?SEND_BUF) of
 		    {ok, Data} ->
@@ -275,7 +273,7 @@ process_header(State, Data) ->
 		      request_headers = add_header(Name, Langs, State)};
       {ok, {http_header, _, 'Host' = Name, _, Value}} ->
 	  {Host, Port, TP} = get_transfer_protocol(State#state.addr_re, SockMod, Value),
-	  State#state{request_host = Host,
+	  State#state{request_host = ejabberd_config:resolve_host_alias(Host),
 		      request_port = Port,
 		      request_tp = TP,
 		      request_headers = add_header(Name, Value, State)};
@@ -301,7 +299,6 @@ process_header(State, Data) ->
 		    #state{sockmod = SockMod, socket = Socket,
 			   trail = State3#state.trail,
 			   options = State#state.options,
-			   default_host = State#state.default_host,
 			   custom_headers = State#state.custom_headers,
 			   request_handlers = State#state.request_handlers,
 			   addr_re = State#state.addr_re};
@@ -309,7 +306,6 @@ process_header(State, Data) ->
 		    #state{end_of_request = true,
 			   trail = State3#state.trail,
 			   options = State#state.options,
-			   default_host = State#state.default_host,
 			   custom_headers = State#state.custom_headers,
 			   request_handlers = State#state.request_handlers,
 			   addr_re = State#state.addr_re}
@@ -317,7 +313,6 @@ process_header(State, Data) ->
       _ ->
 	  #state{end_of_request = true,
 		 options = State#state.options,
-		 default_host = State#state.default_host,
 		 custom_headers = State#state.custom_headers,
 		 request_handlers = State#state.request_handlers,
 		 addr_re = State#state.addr_re}
@@ -927,8 +922,6 @@ listen_opt_type(request_handlers) ->
 	econf:binary(),
 	fun(Path) -> str:tokens(Path, <<"/">>) end),
       econf:beam([[{socket_handoff, 3}, {process, 2}]]));
-listen_opt_type(default_host) ->
-    econf:domain();
 listen_opt_type(custom_headers) ->
     econf:map(
       econf:binary(),
@@ -944,5 +937,4 @@ listen_options() ->
      {allow_unencrypted_sasl2, false},
      {request_handlers, []},
      {tag, <<>>},
-     {default_host, undefined},
      {custom_headers, []}].

src/ejabberd_listener.erl

@@ -222,7 +222,7 @@ setup_provisional_udsocket_dir(DefinitivePath) ->
 
 get_provisional_udsocket_path(Path) ->
     PathBase64 = misc:term_to_base64(Path),
-    PathBuild = filename:join(os:getenv("HOME"), PathBase64),
+    PathBuild = filename:join(misc:get_home(), PathBase64),
     %% Shorthen the path, a long path produces a crash when opening the socket.
     binary:part(PathBuild, {0, erlang:min(107, byte_size(PathBuild))}).
 
@@ -297,11 +297,11 @@ maybe_delete_udsocket_file(_Port) ->
 split_opts(Transport, Opts) ->
     maps:fold(
       fun(Opt, Val, {ModOpts, SockOpts}) ->
-	      case OptVal = {Opt, Val} of
+	      case {Opt, Val} of
 		  {ip, _} ->
-		      {ModOpts, [OptVal|SockOpts]};
+		      {ModOpts, [{Opt, Val} | SockOpts]};
 		  {backlog, _} when Transport == tcp ->
-		      {ModOpts, [OptVal|SockOpts]};
+		      {ModOpts, [{Opt, Val} | SockOpts]};
 		  {backlog, _} ->
 		      {ModOpts, SockOpts};
 		  _ ->

src/ejabberd_option.erl

@@ -18,6 +18,7 @@
 -export([auth_method/0, auth_method/1]).
 -export([auth_opts/0, auth_opts/1]).
 -export([auth_password_format/0, auth_password_format/1]).
+-export([auth_password_types_hidden_in_scram1/0, auth_password_types_hidden_in_scram1/1]).
 -export([auth_scram_hash/0, auth_scram_hash/1]).
 -export([auth_stored_password_types/0, auth_stored_password_types/1]).
 -export([auth_use_cache/0, auth_use_cache/1]).
@@ -55,6 +56,7 @@
 -export([hide_sensitive_log_data/0, hide_sensitive_log_data/1]).
 -export([host_config/0]).
 -export([hosts/0]).
+-export([hosts_alias/0]).
 -export([include_config_file/0, include_config_file/1]).
 -export([install_contrib_modules/0]).
 -export([jwt_auth_only_rule/0, jwt_auth_only_rule/1]).
@@ -119,6 +121,10 @@
 -export([redis_server/0]).
 -export([registration_timeout/0]).
 -export([resource_conflict/0, resource_conflict/1]).
+-export([rest_proxy/0, rest_proxy/1]).
+-export([rest_proxy_password/0, rest_proxy_password/1]).
+-export([rest_proxy_port/0, rest_proxy_port/1]).
+-export([rest_proxy_username/0, rest_proxy_username/1]).
 -export([router_cache_life_time/0]).
 -export([router_cache_missed/0]).
 -export([router_cache_size/0]).
@@ -258,6 +264,13 @@ auth_password_format() ->
 auth_password_format(Host) ->
     ejabberd_config:get_option({auth_password_format, Host}).
 
+-spec auth_password_types_hidden_in_scram1() -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512'].
+auth_password_types_hidden_in_scram1() ->
+    auth_password_types_hidden_in_scram1(global).
+-spec auth_password_types_hidden_in_scram1(global | binary()) -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512'].
+auth_password_types_hidden_in_scram1(Host) ->
+    ejabberd_config:get_option({auth_password_types_hidden_in_scram1, Host}).
+
 -spec auth_scram_hash() -> 'sha' | 'sha256' | 'sha512'.
 auth_scram_hash() ->
     auth_scram_hash(global).
@@ -475,6 +488,10 @@ host_config() ->
 hosts() ->
     ejabberd_config:get_option({hosts, global}).
 
+-spec hosts_alias() -> [{binary(),binary()}].
+hosts_alias() ->
+    ejabberd_config:get_option({hosts_alias, global}).
+
 -spec include_config_file() -> any().
 include_config_file() ->
     include_config_file(global).
@@ -833,6 +850,34 @@ resource_conflict() ->
 resource_conflict(Host) ->
     ejabberd_config:get_option({resource_conflict, Host}).
 
+-spec rest_proxy() -> binary().
+rest_proxy() ->
+    rest_proxy(global).
+-spec rest_proxy(global | binary()) -> binary().
+rest_proxy(Host) ->
+    ejabberd_config:get_option({rest_proxy, Host}).
+
+-spec rest_proxy_password() -> string().
+rest_proxy_password() ->
+    rest_proxy_password(global).
+-spec rest_proxy_password(global | binary()) -> string().
+rest_proxy_password(Host) ->
+    ejabberd_config:get_option({rest_proxy_password, Host}).
+
+-spec rest_proxy_port() -> char().
+rest_proxy_port() ->
+    rest_proxy_port(global).
+-spec rest_proxy_port(global | binary()) -> char().
+rest_proxy_port(Host) ->
+    ejabberd_config:get_option({rest_proxy_port, Host}).
+
+-spec rest_proxy_username() -> string().
+rest_proxy_username() ->
+    rest_proxy_username(global).
+-spec rest_proxy_username(global | binary()) -> string().
+rest_proxy_username(Host) ->
+    ejabberd_config:get_option({rest_proxy_username, Host}).
+
 -spec router_cache_life_time() -> 'infinity' | pos_integer().
 router_cache_life_time() ->
     ejabberd_config:get_option({router_cache_life_time, global}).

src/ejabberd_options.erl

@@ -79,6 +79,8 @@ opt_type(auth_opts) ->
     end;
 opt_type(auth_stored_password_types) ->
     econf:list(econf:enum([plain, scram_sha1, scram_sha256, scram_sha512]));
+opt_type(auth_password_types_hidden_in_scram1) ->
+    econf:list(econf:enum([plain, scram_sha1, scram_sha256, scram_sha512]));
 opt_type(auth_password_format) ->
     econf:enum([plain, scram]);
 opt_type(auth_scram_hash) ->
@@ -182,6 +184,13 @@ opt_type(host_config) ->
         [unique]));
 opt_type(hosts) ->
     econf:non_empty(econf:list(econf:domain(), [unique]));
+opt_type(hosts_alias) ->
+    econf:and_then(
+      econf:map(econf:domain(), econf:domain(), [unique]),
+      econf:map(
+        econf:domain(),
+        econf:enum(ejabberd_config:get_option(hosts)),
+        [unique]));
 opt_type(include_config_file) ->
     econf:any();
 opt_type(install_contrib_modules) ->
@@ -333,6 +342,14 @@ opt_type(registration_timeout) ->
     econf:timeout(second, infinity);
 opt_type(resource_conflict) ->
     econf:enum([setresource, closeold, closenew, acceptnew]);
+opt_type(rest_proxy) ->
+    econf:domain();
+opt_type(rest_proxy_port) ->
+    econf:port();
+opt_type(rest_proxy_username) ->
+    econf:string();
+opt_type(rest_proxy_password) ->
+    econf:string();
 opt_type(router_cache_life_time) ->
     econf:timeout(second, infinity);
 opt_type(router_cache_missed) ->
@@ -549,6 +566,7 @@ options() ->
      {auth_password_format, plain},
      {auth_scram_hash, sha},
      {auth_stored_password_types, []},
+     {auth_password_types_hidden_in_scram1, []},
      {auth_external_user_exists_check, true},
      {auth_use_cache,
       fun(Host) -> ejabberd_config:get_option({use_cache, Host}) end},
@@ -579,6 +597,7 @@ options() ->
      {extauth_program, undefined},
      {fqdn, fun fqdn/1},
      {hide_sensitive_log_data, false},
+     {hosts_alias, []},
      {host_config, []},
      {include_config_file, []},
      {language, <<"en">>},
@@ -652,6 +671,10 @@ options() ->
      {redis_server, "localhost"},
      {registration_timeout, timer:seconds(600)},
      {resource_conflict, acceptnew},
+     {rest_proxy, <<>>},
+     {rest_proxy_port, 0},
+     {rest_proxy_username, ""},
+     {rest_proxy_password, ""},
      {router_cache_life_time,
       fun(Host) -> ejabberd_config:get_option({cache_life_time, Host}) end},
      {router_cache_missed,
@@ -754,6 +777,7 @@ globals() ->
      ext_api_path_oauth,
      fqdn,
      hosts,
+     hosts_alias,
      host_config,
      install_contrib_modules,
      listen,

src/ejabberd_options_doc.erl

@@ -392,6 +392,17 @@ doc() ->
                "SASL PLAIN and SASL SCRAM-SHA-1/256/512(-PLUS). The SCRAM variant "
                "depends on the _`auth_scram_hash`_ option."), "",
             ?T("The default value is 'plain'."), ""]}},
+
+     {auth_password_types_hidden_in_scram1,
+      #{value => "[plain | scram_sha1 | scram_sha256 | scram_sha512]",
+        note => "added in 25.07",
+        desc =>
+        ?T("List of password types that should not be offered in SCRAM1 authenticatication. "
+           "Because SCRAM1, unlike SCRAM2, can't have list of available mechanisms tailored to "
+           "individual user, it's possible that offered mechanisms will not be compatible "
+           "with stored password, especially if new password type was added recently. "
+           "This option allows disabling offering some mechanisms in SASL1, to a time until new "
+           "password type will be available for all users.")}},
      {auth_scram_hash,
       #{value => "sha | sha256 | sha512",
         desc =>
@@ -712,6 +723,23 @@ doc() ->
              "  domain.tld:",
              "    auth_method:",
              "      - ldap"]}},
+     {hosts_alias,
+      #{value => "{Alias: Host}",
+        desc =>
+            ?T("Define aliases for existing vhosts managed by ejabberd. "
+               "An alias may be a regexp expression. "
+               "This option is only consulted by the 'ejabberd_http' listener."),
+        note => "added in 25.07",
+        example =>
+            ["hosts:",
+             "  - domain.tld",
+             "  - example.org",
+             "",
+             "hosts_alias:",
+             "  xmpp.domain.tld: domain.tld",
+             "  jabber.domain.tld: domain.tld",
+             "  mytest.net: example.org",
+             "  \"exa*\": example.org"]}},
      {include_config_file,
       #{value => "[Filename, ...\\] | {Filename: Options}",
         desc =>
@@ -1194,6 +1222,26 @@ doc() ->
                "uses old Jabber Non-SASL authentication (XEP-0078), "
                "then this option is not respected, and the action performed "
                "is 'closeold'.")}},
+     {rest_proxy,
+      #{value => "Host",
+        note => "added in 25.07",
+        desc => ?T("Address of a HTTP Connect proxy used by modules issuing rest calls "
+                   "(like ejabberd_oauth_rest)")}},
+      {rest_proxy_port,
+       #{value => "1..65535",
+        note => "added in 25.07",
+         desc => ?T("Port of a HTTP Connect proxy used by modules issuing rest calls "
+                    "(like ejabberd_oauth_rest)")}},
+      {rest_proxy_username,
+       #{value => "string()",
+        note => "added in 25.07",
+         desc => ?T("Username used to authenticate to HTTP Connect proxy used by modules issuing rest calls "
+                    "(like ejabberd_oauth_rest)")}},
+      {rest_proxy_password,
+       #{value => "string()",
+        note => "added in 25.07",
+         desc => ?T("Password used to authenticate to HTTP Connect proxy used by modules issuing rest calls "
+                    "(like ejabberd_oauth_rest)")}},
      {router_cache_life_time,
       #{value => "timeout()",
         desc =>

src/ejabberd_s2s_in.erl

@@ -138,7 +138,7 @@ process_closed(#{server := LServer} = State, Reason) ->
 %%% xmpp_stream_in callbacks
 %%%===================================================================
 tls_options(#{tls_options := TLSOpts, lserver := LServer, server_host := ServerHost}) ->
-    ejabberd_s2s:tls_options(LServer, ServerHost, TLSOpts).
+    [override_cert_purpose | ejabberd_s2s:tls_options(LServer, ServerHost, TLSOpts)].
 
 tls_required(#{server_host := ServerHost}) ->
     ejabberd_s2s:tls_required(ServerHost).

src/ejabberd_sm.erl

@@ -481,8 +481,10 @@ c2s_handle_info(#{lang := Lang, bind2_session_id := {Tag, _}} = State,
     {stop, ejabberd_c2s:send(State1, Err)};
 c2s_handle_info(State, {replaced_with_bind_tag, _}) ->
     State;
-c2s_handle_info(#{lang := Lang} = State, kick) ->
+c2s_handle_info(#{lang := Lang, jid := JID} = State, kick) ->
     Err = xmpp:serr_policy_violation(?T("has been kicked"), Lang),
+    ejabberd_hooks:run(sm_kick_user, JID#jid.lserver,
+                       [JID#jid.luser, JID#jid.lserver]),
     {stop, ejabberd_c2s:send(State, Err)};
 c2s_handle_info(#{lang := Lang} = State, {exit, Reason}) ->
     Err = xmpp:serr_conflict(Reason, Lang),

src/ejabberd_sm_sql.erl

@@ -109,7 +109,7 @@ set_session(#session{sid = {Now, Pid}, usr = {U, LServer, R},
 
 delete_session(#session{usr = {_, LServer, _}, sid = {Now, Pid}}) ->
     TS = now_to_timestamp(Now),
-    PidS = list_to_binary(erlang:pid_to_list(Pid)),
+    PidS = misc:encode_pid(Pid),
     case ejabberd_sql:sql_query(
 	   LServer,
 	   ?SQL("delete from sm where usec=%(TS)d and pid=%(PidS)s")) of

src/ejabberd_sql.erl

@@ -1376,7 +1376,7 @@ write_file_if_new(File, Payload) ->
 
 tmp_dir() ->
     case os:type() of
-	{win32, _} -> filename:join([os:getenv("HOME"), "conf"]);
+	{win32, _} -> filename:join([misc:get_home(), "conf"]);
 	_ -> filename:join(["/tmp", "ejabberd"])
     end.
 

src/ejabberd_web_admin.erl

@@ -1660,9 +1660,19 @@ make_login_items(#request{us = {Username, Host}} = R, Level) ->
             _ ->
                 UserEl
         end,
+    MenuPost =
+        case ejabberd_hooks:run_fold(webadmin_menu_system_post, [], [R]) of
+            [] ->
+                [];
+            PostElements ->
+                [{xmlel,
+                  <<"div">>,
+                  [{<<"id">>, <<"navitemlogin">>}],
+                  [?XE(<<"ul">>, PostElements)]}]
+        end,
     [{xmlel,
       <<"li">>,
-      [],
+      [{<<"id">>, <<"navitemlogin-start">>}],
       [{xmlel,
         <<"div">>,
         [{<<"id">>, <<"navitemlogin">>}],
@@ -1673,10 +1683,12 @@ make_login_items(#request{us = {Username, Host}} = R, Level) ->
                                 R,
                                 [{<<"sentence">>, misc:atom_to_binary(node())}],
                                 [{only, value},
-                                 {result_links, [{sentence, node, Level, <<"">>}]}])]),
-              ?LI([?C(unicode:characters_to_binary("📤")),
-                   ?AC(<<(binary:copy(<<"../">>, Level))/binary, "logout/">>,
-                       <<"Logout">>)])])]}]}].
+                                 {result_links, [{sentence, node, Level, <<"">>}]}])])]
+             ++ ejabberd_hooks:run_fold(webadmin_menu_system_inside, [], [R])
+             ++ [?LI([?C(unicode:characters_to_binary("📤")),
+                      ?AC(<<(binary:copy(<<"../">>, Level))/binary, "logout/">>,
+                          <<"Logout">>)])])]}]
+      ++ MenuPost}].
 
 %%%==================================
 
@@ -1925,7 +1937,9 @@ lists_zipwith3(Combine, [E1 | List1], [E2 | List2], [], DefX, DefY, DefZ, Res) -
     E123 = Combine(E1, E2, DefZ),
     lists_zipwith3(Combine, List1, List2, [], DefX, DefY, DefZ, [E123 | Res]).
 
--else.
+-endif.
+
+-ifndef(OTP_BELOW_26).
 
 lists_zipwith3(Combine, List1, List2, List3, How) ->
     lists:zipwith3(Combine, List1, List2, List3, How).

src/ext_mod.erl

@@ -49,6 +49,7 @@
 -include("logger.hrl").
 -include("translate.hrl").
 -include_lib("xmpp/include/xmpp.hrl").
+-include_lib("stdlib/include/zip.hrl").
 
 -define(REPOS, "git@github.com:processone/ejabberd-contrib.git").
 
@@ -148,7 +149,8 @@ get_commands_spec() ->
      #ejabberd_commands{name = module_upgrade,
                         tags = [modules],
                         desc = "Upgrade the running code of an installed module",
-                        longdesc = "In practice, this uninstalls and installs the module",
+                        longdesc = "In practice, this uninstalls, cleans the compiled files, and installs the module",
+                        note = "improved in 25.07",
                         module = ?MODULE, function = upgrade,
                         args_desc = ["Module name"],
                         args_example = [<<"mod_rest">>],
@@ -289,8 +291,19 @@ upgrade(Module) when is_atom(Module) ->
     upgrade(misc:atom_to_binary(Module));
 upgrade(Package) when is_binary(Package) ->
     uninstall(Package),
+    clean(Package),
     install(Package).
 
+clean(Package) ->
+    Spec = [S || {Mod, S} <- available(), misc:atom_to_binary(Mod)==Package],
+    case Spec of
+        [] ->
+            {error, not_available};
+        [Attrs] ->
+            Path = proplists:get_value(path, Attrs),
+            [delete_path(SubPath) || SubPath <- filelib:wildcard(Path++"/{deps,ebin}")]
+    end.
+
 add_sources(Path) when is_list(Path) ->
     add_sources(iolist_to_binary(module_name(Path)), Path).
 add_sources(_, "") ->
@@ -371,8 +384,6 @@ geturl(Url) ->
             {error, Reason}
     end.
 
-getenv(Env) ->
-    getenv(Env, "").
 getenv(Env, Default) ->
     case os:getenv(Env) of
         false -> Default;
@@ -389,6 +400,23 @@ extract(tar, {ok, _, Body}, DestDir) ->
 extract(_, {error, Reason}, _) ->
     {error, Reason};
 extract(zip, Zip, DestDir) ->
+    {ok, DirList} = zip:list_dir(Zip),
+    Offending =
+        lists:filter(fun (#zip_comment{}) ->
+                             false;
+                         (#zip_file{name = Filename}) ->
+                             absolute == filename:pathtype(Filename)
+                     end,
+                     DirList),
+    case Offending of
+        [] ->
+            extract(zip_verified, Zip, DestDir);
+        _ ->
+            Filenames = [F#zip_file.name || F <- Offending],
+            ?ERROR_MSG("The zip file includes absolute file paths:~n  ~p", [Filenames]),
+            {error, {zip_absolute_path, Filenames}}
+    end;
+extract(zip_verified, Zip, DestDir) ->
     case zip:extract(Zip, [{cwd, DestDir}]) of
         {ok, _} -> ok;
         Error -> Error
@@ -453,7 +481,7 @@ delete_path(Path, Package) ->
     delete_path(filename:join(filename:dirname(Path), Package)).
 
 modules_dir() ->
-    DefaultDir = filename:join(getenv("HOME"), ".ejabberd-modules"),
+    DefaultDir = filename:join(misc:get_home(), ".ejabberd-modules"),
     getenv("CONTRIB_MODULES_PATH", DefaultDir).
 
 sources_dir() ->
@@ -543,7 +571,7 @@ check_sources(Module) ->
                     true -> Acc;
                     false -> [{missing, Name}|Acc]
                 end
-            end, HaveSrc, [{is_file, "README.txt"},
+            end, HaveSrc, [{is_file, "README.md"},
                            {is_file, "COPYING"},
                            {is_file, SpecFile}]),
     SpecCheck = case consult(SpecFile) of
@@ -645,6 +673,8 @@ compile_options() ->
     ++ maybe_define_lager_macro()
     ++ [{i, filename:join(app_dir(App), "include")}
         || App <- [fast_xml, xmpp, p1_utils, ejabberd]]
+    ++ [{i, filename:join(app_dir(App), "include")}
+        || App <- [p1_xml, p1_xmpp]] % paths used in Debian packages
     ++ [{i, filename:join(mod_dir(Mod), "include")}
         || Mod <- installed()].
 

src/gen_mod.erl

@@ -27,7 +27,7 @@
 -author('alexey@process-one.net').
 
 -export([init/1, start_link/0, start_child/3, start_child/4,
-	 stop_child/1, stop_child/2, stop/0, config_reloaded/0]).
+	 stop_child/1, stop_child/2, prep_stop/0, stop/0, config_reloaded/0]).
 -export([start_module/2, stop_module/2, stop_module_keep_config/2,
 	 get_opt/2, set_opt/3, get_opt_hosts/1, is_equal_opt/3,
 	 get_module_opt/3, get_module_opts/2, get_module_opt_hosts/2,
@@ -76,6 +76,7 @@
 -callback start(binary(), opts()) ->
     ok | {ok, pid()} |
     {ok, [registration()]} | {error, term()}.
+-callback prep_stop(binary()) -> any().
 -callback stop(binary()) -> any().
 -callback reload(binary(), opts(), opts()) -> ok | {ok, pid()} | {error, term()}.
 -callback mod_opt_type(atom()) -> econf:validator().
@@ -86,7 +87,7 @@
                          example => [string()] | [{binary(), [string()]}]}.
 -callback depends(binary(), opts()) -> [{module(), hard | soft}].
 
--optional_callbacks([mod_opt_type/1, reload/3]).
+-optional_callbacks([mod_opt_type/1, reload/3, prep_stop/1]).
 
 -export_type([opts/0]).
 -export_type([db_type/0]).
@@ -114,6 +115,10 @@ init([]) ->
 	     {read_concurrency, true}]),
     {ok, {{one_for_one, 10, 1}, []}}.
 
+-spec prep_stop() -> ok.
+prep_stop() ->
+    prep_stop_modules().
+
 -spec stop() -> ok.
 stop() ->
     ejabberd_hooks:delete(config_reloaded, ?MODULE, config_reloaded, 60),
@@ -301,6 +306,21 @@ is_app_running(AppName) ->
     lists:keymember(AppName, 1,
 		    application:which_applications(Timeout)).
 
+-spec prep_stop_modules() -> ok.
+prep_stop_modules() ->
+    lists:foreach(
+      fun(Host) ->
+	      prep_stop_modules(Host)
+      end, ejabberd_option:hosts()).
+
+-spec prep_stop_modules(binary()) -> ok.
+prep_stop_modules(Host) ->
+    Modules = lists:reverse(loaded_modules_with_opts(Host)),
+    lists:foreach(
+	fun({Module, _Args}) ->
+		prep_stop_module_keep_config(Host, Module)
+	end, Modules).
+
 -spec stop_modules() -> ok.
 stop_modules() ->
     lists:foreach(
@@ -320,6 +340,22 @@ stop_modules(Host) ->
 stop_module(Host, Module) ->
     stop_module_keep_config(Host, Module).
 
+-spec prep_stop_module_keep_config(binary(), atom()) -> error | ok.
+prep_stop_module_keep_config(Host, Module) ->
+    ?DEBUG("Preparing to stop ~ts at ~ts", [Module, Host]),
+    try Module:prep_stop(Host) of
+	_ ->
+	    ok
+    catch ?EX_RULE(error, undef, _St) ->
+	    ok;
+          ?EX_RULE(Class, Reason, St) ->
+            StackTrace = ?EX_STACK(St),
+            ?ERROR_MSG("Failed to prepare stop module ~ts at ~ts:~n** ~ts",
+                       [Module, Host,
+                        misc:format_exception(2, Class, Reason, StackTrace)]),
+	    error
+    end.
+
 -spec stop_module_keep_config(binary(), atom()) -> error | ok.
 stop_module_keep_config(Host, Module) ->
     ?DEBUG("Stopping ~ts at ~ts", [Module, Host]),

src/misc.erl

@@ -36,13 +36,14 @@
 	 l2i/1, i2l/1, i2l/2, expr_to_term/1, term_to_expr/1,
 	 now_to_usec/1, usec_to_now/1, encode_pid/1, decode_pid/2,
 	 compile_exprs/2, join_atoms/2, try_read_file/1, get_descr/2,
+	 get_home/0, warn_unset_home/0,
 	 css_dir/0, img_dir/0, js_dir/0, msgs_dir/0, sql_dir/0, lua_dir/0,
 	 read_css/1, read_img/1, read_js/1, read_lua/1,
 	 intersection/2, format_val/1, cancel_timer/1, unique_timestamp/0,
 	 is_mucsub_message/1, best_match/2, pmap/2, peach/2, format_exception/4,
 	 get_my_ipv4_address/0, get_my_ipv6_address/0, parse_ip_mask/1,
 	 crypto_hmac/3, crypto_hmac/4, uri_parse/1, uri_parse/2, uri_quote/1,
-         json_encode/1, json_decode/1, json_encode_with_kv_lists/1,
+         json_encode/1, json_decode/1,
 	 set_proc_label/1,
 	 match_ip_mask/3, format_hosts_list/1, format_cycle/1, delete_dir/1,
 	 semver_to_xxyy/1, logical_processors/0, get_mucsub_event_type/1]).
@@ -132,20 +133,18 @@ crypto_hmac(Type, Key, Data, MacL) -> crypto:macN(hmac, Type, Key, Data, MacL).
 -endif.
 
 -ifdef(OTP_BELOW_27).
-json_encode_with_kv_lists(Term) ->
-    jiffy:encode(Term).
 json_encode(Term) ->
     jiffy:encode(Term).
 json_decode(Bin) ->
     jiffy:decode(Bin, [return_maps]).
 -else.
-json_encode_with_kv_lists(Term) ->
+json_encode({[{_Key, _Value} | _]} = Term) ->
     iolist_to_binary(json:encode(Term,
 		     fun({Val}, Encoder) when is_list(Val) ->
 			 json:encode_key_value_list(Val, Encoder);
 			(Val, Encoder) ->
-			    json:encode_value(Val, Encoder)
-		     end)).
+			 json:encode_value(Val, Encoder)
+		     end));
 json_encode(Term) ->
     iolist_to_binary(json:encode(Term)).
 json_decode(Bin) ->
@@ -472,6 +471,25 @@ get_descr(Lang, Text) ->
     Copyright = ejabberd_config:get_copyright(),
     <<Desc/binary, $\n, Copyright/binary>>.
 
+-spec get_home() -> string().
+get_home() ->
+    case init:get_argument(home) of
+        {ok, [[Home]]} ->
+            Home;
+        error ->
+            mnesia:system_info(directory)
+    end.
+
+warn_unset_home() ->
+    case init:get_argument(home) of
+        {ok, [[_Home]]} ->
+            ok;
+        error ->
+            ?INFO_MSG("The 'HOME' environment variable is not set, "
+                 "ejabberd will use as HOME the Mnesia directory: ~s.",
+                 [mnesia:system_info(directory)])
+    end.
+
 -spec intersection(list(), list()) -> list().
 intersection(L1, L2) ->
     lists:filter(

src/mod_adhoc.erl

@@ -252,9 +252,11 @@ mod_options(_Host) ->
 
 mod_doc() ->
     #{desc =>
-          ?T("This module implements https://xmpp.org/extensions/xep-0050.html"
+          [?T("def:ad-hoc command"), "",
+           ?T(": Command that can be executed by an XMPP client using XEP-0050."), "",
+           ?T("This module implements https://xmpp.org/extensions/xep-0050.html"
              "[XEP-0050: Ad-Hoc Commands]. It's an auxiliary module and is "
-             "only needed by some of the other modules."),
+             "only needed by some of the other modules.")],
       opts =>
           [{report_commands_node,
             #{value => "true | false",

src/mod_adhoc_api.erl

@@ -90,7 +90,7 @@ depends(_Host, _Opts) ->
 
 mod_doc() ->
     #{desc =>
-          ?T("Execute https://docs.ejabberd.im/developer/ejabberd-api/[API Commands] "
+          ?T("Execute (def:API commands) "
              "in a XMPP client using "
              "https://xmpp.org/extensions/xep-0050.html[XEP-0050: Ad-Hoc Commands]. "
              "This module requires _`mod_adhoc`_ (to execute the commands), "
@@ -102,7 +102,7 @@ mod_doc() ->
               desc =>
                   ?T("What API version to use. "
                      "If setting an ejabberd version, it will use the latest API "
-                     "version that was available in that ejabberd version. "
+                     "version that was available in that (def:c2s) ejabberd version. "
                      "For example, setting '\"24.06\"' in this option implies '2'. "
                      "The default value is the latest version.")}}],
       example =>
@@ -664,7 +664,9 @@ lists_zip3_pad([A | As], Nil, Nil, Xs) when (Nil == none) or (Nil == []) ->
 lists_zip3_pad([], Nil, Nil, Xs) when (Nil == none) or (Nil == []) ->
     lists:reverse(Xs).
 
--else.
+-endif.
+
+-ifndef(OTP_BELOW_26).
 
 lists_zip3_pad(As, Bs, Cs) ->
     lists:zip3(As, Bs, Cs, {pad, {error_missing_args_def, "", ""}}).

src/mod_admin_update_sql.erl

@@ -130,7 +130,7 @@ update_tables(State) ->
     case add_sh_column(State, "users") of
         true ->
             drop_pkey(State, "users"),
-            add_pkey(State, "users", ["server_host", "username"]),
+            add_pkey(State, "users", ["server_host", "username", "type"]),
             drop_sh_default(State, "users");
         false ->
             ok
@@ -443,7 +443,8 @@ drop_pkey(#state{dbtype = mysql} = State, Table) ->
       ["ALTER TABLE ", Table, " DROP PRIMARY KEY;"]).
 
 add_pkey(#state{dbtype = pgsql} = State, Table, Cols) ->
-    SCols = string:join(Cols, ", "),
+    Cols2 = lists:map(fun("type") -> "\"type\""; (V) -> V end, Cols),
+    SCols = string:join(Cols2, ", "),
     sql_query(
       State#state.host,
       ["ALTER TABLE ", Table, " ADD PRIMARY KEY (", SCols, ");"]);

src/mod_antispam.erl

@@ -0,0 +1,913 @@
+%%%----------------------------------------------------------------------
+%%% File    : mod_antispam.erl
+%%% Author  : Holger Weiss <holger@zedat.fu-berlin.de>
+%%% Author  : Stefan Strigler <stefan@strigler.de>
+%%% Purpose : Filter spam messages based on sender JID and content
+%%% Created : 31 Mar 2019 by Holger Weiss <holger@zedat.fu-berlin.de>
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2019-2025 ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+
+%%| definitions
+
+-module(mod_antispam).
+-author('holger@zedat.fu-berlin.de').
+-author('stefan@strigler.de').
+
+-behaviour(gen_server).
+-behaviour(gen_mod).
+
+%% gen_mod callbacks.
+-export([start/2,
+	 prep_stop/1,
+	 stop/1,
+	 reload/3,
+	 depends/2,
+	 mod_doc/0,
+	 mod_opt_type/1,
+	 mod_options/1]).
+
+%% gen_server callbacks.
+-export([init/1,
+	 handle_call/3,
+	 handle_cast/2,
+	 handle_info/2,
+	 terminate/2,
+	 code_change/3]).
+
+-export([get_rtbl_services_option/1]).
+
+%% ejabberd_commands callbacks.
+-export([add_blocked_domain/2,
+	 add_to_spam_filter_cache/2,
+	 drop_from_spam_filter_cache/2,
+	 expire_spam_filter_cache/2,
+	 get_blocked_domains/1,
+	 get_commands_spec/0,
+	 get_spam_filter_cache/1,
+	 reload_spam_filter_files/1,
+	 remove_blocked_domain/2]).
+
+-include("ejabberd_commands.hrl").
+-include("logger.hrl").
+-include("mod_antispam.hrl").
+-include("translate.hrl").
+
+-include_lib("xmpp/include/xmpp.hrl").
+
+-record(state,
+	{host = <<>>			:: binary(),
+	 dump_fd = undefined		:: file:io_device() | undefined,
+	 url_set = sets:new()		:: url_set(),
+	 jid_set = sets:new()		:: jid_set(),
+	 jid_cache = #{}		:: map(),
+	 max_cache_size = 0		:: non_neg_integer() | unlimited,
+	 rtbl_host = none		:: binary() | none,
+	 rtbl_subscribed = false	:: boolean(),
+	 rtbl_retry_timer = undefined	:: reference() | undefined,
+	 rtbl_domains_node		:: binary(),
+	 blocked_domains = #{}		:: #{binary() => any()},
+	 whitelist_domains = #{}	:: #{binary() => false}
+	}).
+
+-type state() :: #state{}.
+
+-define(COMMAND_TIMEOUT, timer:seconds(30)).
+-define(DEFAULT_CACHE_SIZE, 10000).
+
+%% @format-begin
+
+%%--------------------------------------------------------------------
+%%| gen_mod callbacks
+
+-spec start(binary(), gen_mod:opts()) -> ok | {error, any()}.
+start(Host, Opts) ->
+    case gen_mod:is_loaded_elsewhere(Host, ?MODULE) of
+        false ->
+            ejabberd_commands:register_commands(?MODULE, get_commands_spec());
+        true ->
+            ok
+    end,
+    gen_mod:start_child(?MODULE, Host, Opts).
+
+-spec prep_stop(binary()) -> ok | {error, any()}.
+prep_stop(Host) ->
+    case try_call_by_host(Host, prepare_stop) of
+        ready_to_stop ->
+            ok
+    end.
+
+-spec stop(binary()) -> ok | {error, any()}.
+stop(Host) ->
+    case gen_mod:is_loaded_elsewhere(Host, ?MODULE) of
+        false ->
+            ejabberd_commands:unregister_commands(get_commands_spec());
+        true ->
+            ok
+    end,
+    gen_mod:stop_child(?MODULE, Host).
+
+-spec reload(binary(), gen_mod:opts(), gen_mod:opts()) -> ok.
+reload(Host, NewOpts, OldOpts) ->
+    ?DEBUG("reloading", []),
+    Proc = get_proc_name(Host),
+    gen_server:cast(Proc, {reload, NewOpts, OldOpts}).
+
+-spec depends(binary(), gen_mod:opts()) -> [{module(), hard | soft}].
+depends(_Host, _Opts) ->
+    [{mod_pubsub, soft}].
+
+-spec mod_opt_type(atom()) -> econf:validator().
+mod_opt_type(access_spam) ->
+    econf:acl();
+mod_opt_type(cache_size) ->
+    econf:pos_int(unlimited);
+mod_opt_type(rtbl_services) ->
+    econf:list(
+        econf:either(
+            econf:binary(),
+            econf:map(
+                econf:binary(),
+                econf:map(
+                    econf:enum([spam_source_domains_node]), econf:binary()))));
+mod_opt_type(spam_domains_file) ->
+    econf:either(
+        econf:enum([none]), econf:file());
+mod_opt_type(spam_dump_file) ->
+    econf:either(
+        econf:bool(), econf:file(write));
+mod_opt_type(spam_jids_file) ->
+    econf:either(
+        econf:enum([none]), econf:file());
+mod_opt_type(spam_urls_file) ->
+    econf:either(
+        econf:enum([none]), econf:file());
+mod_opt_type(whitelist_domains_file) ->
+    econf:either(
+        econf:enum([none]), econf:file()).
+
+-spec mod_options(binary()) -> [{rtbl_services, [tuple()]} | {atom(), any()}].
+mod_options(_Host) ->
+    [{access_spam, none},
+     {cache_size, ?DEFAULT_CACHE_SIZE},
+     {rtbl_services, []},
+     {spam_domains_file, none},
+     {spam_dump_file, false},
+     {spam_jids_file, none},
+     {spam_urls_file, none},
+     {whitelist_domains_file, none}].
+
+mod_doc() ->
+    #{desc =>
+          ?T("Filter spam messages and subscription requests received from "
+             "remote servers based on "
+             "https://xmppbl.org/[Real-Time Block Lists (RTBL)], "
+             "lists of known spammer JIDs and/or URLs mentioned in spam messages. "
+             "Traffic classified as spam is rejected with an error "
+             "(and an '[info]' message is logged) unless the sender "
+             "is subscribed to the recipient's presence."),
+      note => "added in 25.07",
+      opts =>
+          [{access_spam,
+            #{value => ?T("Access"),
+              desc =>
+                  ?T("Access rule that controls what accounts may receive spam messages. "
+                     "If the rule returns 'allow' for a given recipient, "
+                     "spam messages aren't rejected for that recipient. "
+                     "The default value is 'none', which means that all recipients "
+                     "are subject to spam filtering verification.")}},
+           {cache_size,
+            #{value => "pos_integer()",
+              desc =>
+                  ?T("Maximum number of JIDs that will be cached due to sending spam URLs. "
+                     "If that limit is exceeded, the least recently used "
+                     "entries are removed from the cache. "
+                     "Setting this option to '0' disables the caching feature. "
+                     "Note that separate caches are used for each virtual host, "
+                     " and that the caches aren't distributed across cluster nodes. "
+                     "The default value is '10000'.")}},
+           {rtbl_services,
+            #{value => ?T("[Service]"),
+              example =>
+                  ["rtbl_services:",
+                   "  - pubsub.server1.localhost:",
+                   "      spam_source_domains_node: actual_custom_pubsub_node"],
+              desc =>
+                  ?T("Query a RTBL service to get domains to block, as provided by "
+                     "https://xmppbl.org/[xmppbl.org]. "
+                     "Please note right now this option only supports one service in that list. "
+                     "For blocking spam and abuse on MUC channels, please use _`mod_muc_rtbl`_ for now. "
+                     "If only the host is provided, the default node names will be assumed. "
+                     "If the node name is different than 'spam_source_domains', "
+                     "you can setup the custom node name with the option 'spam_source_domains_node'. "
+                     "The default value is an empty list of services.")}},
+           {spam_domains_file,
+            #{value => ?T("none | Path"),
+              desc =>
+                  ?T("Path to a plain text file containing a list of "
+                     "known spam domains, one domain per line. "
+                     "Messages and subscription requests sent from one of the listed domains "
+                     "are classified as spam if sender is not in recipient's roster. "
+                     "This list of domains gets merged with the one retrieved "
+                     "by an RTBL host if any given. "
+                     "Use an absolute path, or the '@CONFIG_PATH@' "
+                     "https://docs.ejabberd.im/admin/configuration/file-format/#predefined-keywords[predefined keyword] "
+                     "if the file is available in the configuration directory. "
+                     "The default value is 'none'.")}},
+           {spam_dump_file,
+            #{value => ?T("false | true | Path"),
+              desc =>
+                  ?T("Path to the file to store blocked messages. "
+                     "Use an absolute path, or the '@LOG_PATH@' "
+                     "https://docs.ejabberd.im/admin/configuration/file-format/#predefined-keywords[predefined keyword] "
+                     "to store logs "
+                     "in the same place that the other ejabberd log files. "
+                     "If set to 'false', it doesn't dump stanzas, which is the default. "
+                     "If set to 'true', it stores in '\"@LOG_PATH@/spam_dump_@HOST@.log\"'.")}},
+           {spam_jids_file,
+            #{value => ?T("none | Path"),
+              desc =>
+                  ?T("Path to a plain text file containing a list of "
+                     "known spammer JIDs, one JID per line. "
+                     "Messages and subscription requests sent from one of "
+                     "the listed JIDs are classified as spam. "
+                     "Messages containing at least one of the listed JIDs"
+                     "are classified as spam as well. "
+                     "Furthermore, the sender's JID will be cached, "
+                     "so that future traffic originating from that JID will also be classified as spam. "
+                     "Use an absolute path, or the '@CONFIG_PATH@' "
+                     "https://docs.ejabberd.im/admin/configuration/file-format/#predefined-keywords[predefined keyword] "
+                     "if the file is available in the configuration directory. "
+                     "The default value is 'none'.")}},
+           {spam_urls_file,
+            #{value => ?T("none | Path"),
+              desc =>
+                  ?T("Path to a plain text file containing a list of "
+                     "URLs known to be mentioned in spam message bodies. "
+                     "Messages containing at least one of the listed URLs are classified as spam. "
+                     "Furthermore, the sender's JID will be cached, "
+                     "so that future traffic originating from that JID will be classified as spam as well. "
+                     "Use an absolute path, or the '@CONFIG_PATH@' "
+                     "https://docs.ejabberd.im/admin/configuration/file-format/#predefined-keywords[predefined keyword] "
+                     "if the file is available in the configuration directory. "
+                     "The default value is 'none'.")}},
+           {whitelist_domains_file,
+            #{value => ?T("none | Path"),
+              desc =>
+                  ?T("Path to a file containing a list of "
+                     "domains to whitelist from being blocked, one per line. "
+                     "If either it is in 'spam_domains_file' or more realistically "
+                     "in a domain sent by a RTBL host (see option 'rtbl_services') "
+                     "then this domain will be ignored and stanzas from there won't be blocked. "
+                     "Use an absolute path, or the '@CONFIG_PATH@' "
+                     "https://docs.ejabberd.im/admin/configuration/file-format/#predefined-keywords[predefined keyword] "
+                     "if the file is available in the configuration directory. "
+                     "The default value is 'none'.")}}],
+      example =>
+          ["modules:",
+           "  mod_antispam:",
+           "    rtbl_services:",
+           "      - xmppbl.org",
+           "    spam_jids_file: \"@CONFIG_PATH@/spam_jids.txt\"",
+           "    spam_dump_file: \"@LOG_PATH@/spam/host-@HOST@.log\""]}.
+
+%%--------------------------------------------------------------------
+%%| gen_server callbacks
+
+-spec init(list()) -> {ok, state()} | {stop, term()}.
+init([Host, Opts]) ->
+    process_flag(trap_exit, true),
+    mod_antispam_files:init_files(Host),
+    FilesResults = read_files(Host),
+    #{jid := JIDsSet,
+      url := URLsSet,
+      domains := SpamDomainsSet,
+      whitelist_domains := WhitelistDomains} =
+        FilesResults,
+    ejabberd_hooks:add(local_send_to_resource_hook,
+                       Host,
+                       mod_antispam_rtbl,
+                       pubsub_event_handler,
+                       50),
+    [#rtbl_service{host = RTBLHost, node = RTBLDomainsNode}] = get_rtbl_services_option(Opts),
+    mod_antispam_filter:init_filtering(Host),
+    InitState =
+        #state{host = Host,
+               jid_set = JIDsSet,
+               url_set = URLsSet,
+               dump_fd = mod_antispam_dump:init_dumping(Host),
+               max_cache_size = gen_mod:get_opt(cache_size, Opts),
+               blocked_domains = set_to_map(SpamDomainsSet),
+               whitelist_domains = set_to_map(WhitelistDomains, false),
+               rtbl_host = RTBLHost,
+               rtbl_domains_node = RTBLDomainsNode},
+    mod_antispam_rtbl:request_blocked_domains(RTBLHost, RTBLDomainsNode, Host),
+    {ok, InitState}.
+
+-spec handle_call(term(), {pid(), term()}, state()) ->
+                     {reply, {spam_filter, term()}, state()} | {noreply, state()}.
+handle_call({check_jid, From}, _From, #state{jid_set = JIDsSet} = State) ->
+    {Result, State1} = filter_jid(From, JIDsSet, State),
+    {reply, {spam_filter, Result}, State1};
+handle_call({check_body, URLs, JIDs, From},
+            _From,
+            #state{url_set = URLsSet, jid_set = JIDsSet} = State) ->
+    {Result1, State1} = filter_body(URLs, URLsSet, From, State),
+    {Result2, State2} = filter_body(JIDs, JIDsSet, From, State1),
+    Result =
+        if Result1 == spam ->
+               Result1;
+           true ->
+               Result2
+        end,
+    {reply, {spam_filter, Result}, State2};
+handle_call(reload_spam_files, _From, State) ->
+    {Result, State1} = reload_files(State),
+    {reply, {spam_filter, Result}, State1};
+handle_call({expire_cache, Age}, _From, State) ->
+    {Result, State1} = expire_cache(Age, State),
+    {reply, {spam_filter, Result}, State1};
+handle_call({add_to_cache, JID}, _From, State) ->
+    {Result, State1} = add_to_cache(JID, State),
+    {reply, {spam_filter, Result}, State1};
+handle_call({drop_from_cache, JID}, _From, State) ->
+    {Result, State1} = drop_from_cache(JID, State),
+    {reply, {spam_filter, Result}, State1};
+handle_call(get_cache, _From, #state{jid_cache = Cache} = State) ->
+    {reply, {spam_filter, maps:to_list(Cache)}, State};
+handle_call({add_blocked_domain, Domain},
+            _From,
+            #state{blocked_domains = BlockedDomains} = State) ->
+    BlockedDomains1 = maps:merge(BlockedDomains, #{Domain => true}),
+    Txt = format("~s added to blocked domains", [Domain]),
+    {reply, {spam_filter, {ok, Txt}}, State#state{blocked_domains = BlockedDomains1}};
+handle_call({remove_blocked_domain, Domain},
+            _From,
+            #state{blocked_domains = BlockedDomains} = State) ->
+    BlockedDomains1 = maps:remove(Domain, BlockedDomains),
+    Txt = format("~s removed from blocked domains", [Domain]),
+    {reply, {spam_filter, {ok, Txt}}, State#state{blocked_domains = BlockedDomains1}};
+handle_call(get_blocked_domains,
+            _From,
+            #state{blocked_domains = BlockedDomains, whitelist_domains = WhitelistDomains} =
+                State) ->
+    {reply, {blocked_domains, maps:merge(BlockedDomains, WhitelistDomains)}, State};
+handle_call({is_blocked_domain, Domain},
+            _From,
+            #state{blocked_domains = BlockedDomains, whitelist_domains = WhitelistDomains} =
+                State) ->
+    {reply,
+     maps:get(Domain, maps:merge(BlockedDomains, WhitelistDomains), false) =/= false,
+     State};
+handle_call(prepare_stop,
+            _From,
+            #state{host = Host,
+                   rtbl_host = RTBLHost,
+                   rtbl_domains_node = RTBLDomainsNode} =
+                State) ->
+    mod_antispam_rtbl:unsubscribe(RTBLHost, RTBLDomainsNode, Host),
+    {reply, ready_to_stop, State};
+handle_call(Request, From, State) ->
+    ?ERROR_MSG("Got unexpected request from ~p: ~p", [From, Request]),
+    {noreply, State}.
+
+-spec handle_cast(term(), state()) -> {noreply, state()}.
+handle_cast({dump_stanza, XML}, #state{dump_fd = Fd} = State) ->
+    mod_antispam_dump:write_stanza_dump(Fd, XML),
+    {noreply, State};
+handle_cast(reopen_log, #state{host = Host, dump_fd = Fd} = State) ->
+    {noreply, State#state{dump_fd = mod_antispam_dump:reopen_dump_file(Host, Fd)}};
+handle_cast({reload, NewOpts, OldOpts},
+            #state{host = Host,
+                   dump_fd = Fd,
+                   rtbl_host = OldRTBLHost,
+                   rtbl_domains_node = OldRTBLDomainsNode,
+                   rtbl_retry_timer = RTBLRetryTimer} =
+                State) ->
+    misc:cancel_timer(RTBLRetryTimer),
+    State1 =
+        State#state{dump_fd = mod_antispam_dump:reload_dumping(Host, Fd, OldOpts, NewOpts)},
+    State2 =
+        case {gen_mod:get_opt(cache_size, OldOpts), gen_mod:get_opt(cache_size, NewOpts)} of
+            {OldMax, NewMax} when NewMax < OldMax ->
+                shrink_cache(State1#state{max_cache_size = NewMax});
+            {OldMax, NewMax} when NewMax > OldMax ->
+                State1#state{max_cache_size = NewMax};
+            {_OldMax, _NewMax} ->
+                State1
+        end,
+    ok = mod_antispam_rtbl:unsubscribe(OldRTBLHost, OldRTBLDomainsNode, Host),
+    {_Result, State3} = reload_files(State2#state{blocked_domains = #{}}),
+    [#rtbl_service{host = RTBLHost, node = RTBLDomainsNode}] =
+        get_rtbl_services_option(NewOpts),
+    ok = mod_antispam_rtbl:request_blocked_domains(RTBLHost, RTBLDomainsNode, Host),
+    {noreply, State3#state{rtbl_host = RTBLHost, rtbl_domains_node = RTBLDomainsNode}};
+handle_cast({update_blocked_domains, NewItems},
+            #state{blocked_domains = BlockedDomains} = State) ->
+    {noreply, State#state{blocked_domains = maps:merge(BlockedDomains, NewItems)}};
+handle_cast(Request, State) ->
+    ?ERROR_MSG("Got unexpected request from: ~p", [Request]),
+    {noreply, State}.
+
+-spec handle_info(term(), state()) -> {noreply, state()}.
+handle_info({iq_reply, timeout, blocked_domains}, State) ->
+    ?WARNING_MSG("Fetching blocked domains failed: fetch timeout. Retrying in 60 seconds",
+                 []),
+    {noreply,
+     State#state{rtbl_retry_timer =
+                     erlang:send_after(60000, self(), request_blocked_domains)}};
+handle_info({iq_reply, #iq{type = error} = IQ, blocked_domains}, State) ->
+    ?WARNING_MSG("Fetching blocked domains failed: ~p. Retrying in 60 seconds",
+                 [xmpp:format_stanza_error(
+                      xmpp:get_error(IQ))]),
+    {noreply,
+     State#state{rtbl_retry_timer =
+                     erlang:send_after(60000, self(), request_blocked_domains)}};
+handle_info({iq_reply, IQReply, blocked_domains},
+            #state{blocked_domains = OldBlockedDomains,
+                   rtbl_host = RTBLHost,
+                   rtbl_domains_node = RTBLDomainsNode,
+                   host = Host} =
+                State) ->
+    case mod_antispam_rtbl:parse_blocked_domains(IQReply) of
+        undefined ->
+            ?WARNING_MSG("Fetching initial list failed: invalid result payload", []),
+            {noreply, State#state{rtbl_retry_timer = undefined}};
+        NewBlockedDomains ->
+            ok = mod_antispam_rtbl:subscribe(RTBLHost, RTBLDomainsNode, Host),
+            {noreply,
+             State#state{rtbl_retry_timer = undefined,
+                         rtbl_subscribed = true,
+                         blocked_domains = maps:merge(OldBlockedDomains, NewBlockedDomains)}}
+    end;
+handle_info({iq_reply, timeout, subscribe_result}, State) ->
+    ?WARNING_MSG("Subscription error: request timeout", []),
+    {noreply, State#state{rtbl_subscribed = false}};
+handle_info({iq_reply, #iq{type = error} = IQ, subscribe_result}, State) ->
+    ?WARNING_MSG("Subscription error: ~p",
+                 [xmpp:format_stanza_error(
+                      xmpp:get_error(IQ))]),
+    {noreply, State#state{rtbl_subscribed = false}};
+handle_info({iq_reply, IQReply, subscribe_result}, State) ->
+    ?DEBUG("Got subscribe result: ~p", [IQReply]),
+    {noreply, State#state{rtbl_subscribed = true}};
+handle_info({iq_reply, _IQReply, unsubscribe_result}, State) ->
+    %% FIXME: we should check it's true (of type `result`, not `error`), but at that point, what
+    %% would we do?
+    {noreply, State#state{rtbl_subscribed = false}};
+handle_info(request_blocked_domains,
+            #state{host = Host,
+                   rtbl_host = RTBLHost,
+                   rtbl_domains_node = RTBLDomainsNode} =
+                State) ->
+    mod_antispam_rtbl:request_blocked_domains(RTBLHost, RTBLDomainsNode, Host),
+    {noreply, State};
+handle_info(Info, State) ->
+    ?ERROR_MSG("Got unexpected info: ~p", [Info]),
+    {noreply, State}.
+
+-spec terminate(normal | shutdown | {shutdown, term()} | term(), state()) -> ok.
+terminate(Reason,
+          #state{host = Host,
+                 dump_fd = Fd,
+                 rtbl_host = RTBLHost,
+                 rtbl_domains_node = RTBLDomainsNode,
+                 rtbl_retry_timer = RTBLRetryTimer} =
+              _State) ->
+    ?DEBUG("Stopping spam filter process for ~s: ~p", [Host, Reason]),
+    misc:cancel_timer(RTBLRetryTimer),
+    mod_antispam_dump:terminate_dumping(Host, Fd),
+    mod_antispam_files:terminate_files(Host),
+    mod_antispam_filter:terminate_filtering(Host),
+    ejabberd_hooks:delete(local_send_to_resource_hook,
+                          Host,
+                          mod_antispam_rtbl,
+                          pubsub_event_handler,
+                          50),
+    mod_antispam_rtbl:unsubscribe(RTBLHost, RTBLDomainsNode, Host),
+    ok.
+
+-spec code_change({down, term()} | term(), state(), term()) -> {ok, state()}.
+code_change(_OldVsn, #state{host = Host} = State, _Extra) ->
+    ?DEBUG("Updating spam filter process for ~s", [Host]),
+    {ok, State}.
+
+%%--------------------------------------------------------------------
+%%| Internal functions
+
+-spec filter_jid(ljid(), jid_set(), state()) -> {ham | spam, state()}.
+filter_jid(From, Set, #state{host = Host} = State) ->
+    case sets:is_element(From, Set) of
+        true ->
+            ?DEBUG("Spam JID found: ~s", [jid:encode(From)]),
+            ejabberd_hooks:run(spam_found, Host, [{jid, From}]),
+            {spam, State};
+        false ->
+            case cache_lookup(From, State) of
+                {true, State1} ->
+                    ?DEBUG("Spam JID found: ~s", [jid:encode(From)]),
+                    ejabberd_hooks:run(spam_found, Host, [{jid, From}]),
+                    {spam, State1};
+                {false, State1} ->
+                    ?DEBUG("JID not listed: ~s", [jid:encode(From)]),
+                    {ham, State1}
+            end
+    end.
+
+-spec filter_body({urls, [url()]} | {jids, [ljid()]} | none,
+                  url_set() | jid_set(),
+                  jid(),
+                  state()) ->
+                     {ham | spam, state()}.
+filter_body({_, Addrs}, Set, From, #state{host = Host} = State) ->
+    case lists:any(fun(Addr) -> sets:is_element(Addr, Set) end, Addrs) of
+        true ->
+            ?DEBUG("Spam addresses found: ~p", [Addrs]),
+            ejabberd_hooks:run(spam_found, Host, [{body, Addrs}]),
+            {spam, cache_insert(From, State)};
+        false ->
+            ?DEBUG("Addresses not listed: ~p", [Addrs]),
+            {ham, State}
+    end;
+filter_body(none, _Set, _From, State) ->
+    {ham, State}.
+
+-spec reload_files(state()) -> {ok | {error, binary()}, state()}.
+reload_files(#state{host = Host, blocked_domains = BlockedDomains} = State) ->
+    case read_files(Host) of
+        #{jid := JIDsSet,
+          url := URLsSet,
+          domains := SpamDomainsSet,
+          whitelist_domains := WhitelistDomains} ->
+            case sets_equal(JIDsSet, State#state.jid_set) of
+                true ->
+                    ?INFO_MSG("Reloaded spam JIDs for ~s (unchanged)", [Host]);
+                false ->
+                    ?INFO_MSG("Reloaded spam JIDs for ~s (changed)", [Host])
+            end,
+            case sets_equal(URLsSet, State#state.url_set) of
+                true ->
+                    ?INFO_MSG("Reloaded spam URLs for ~s (unchanged)", [Host]);
+                false ->
+                    ?INFO_MSG("Reloaded spam URLs for ~s (changed)", [Host])
+            end,
+            {ok,
+             State#state{jid_set = JIDsSet,
+                         url_set = URLsSet,
+                         blocked_domains = maps:merge(BlockedDomains, set_to_map(SpamDomainsSet)),
+                         whitelist_domains = set_to_map(WhitelistDomains, false)}};
+        {config_error, ErrorText} ->
+            {{error, ErrorText}, State}
+    end.
+
+set_to_map(Set) ->
+    set_to_map(Set, true).
+
+set_to_map(Set, V) ->
+    sets:fold(fun(K, M) -> M#{K => V} end, #{}, Set).
+
+read_files(Host) ->
+    AccInitial =
+        #{jid => sets:new(),
+          url => sets:new(),
+          domains => sets:new(),
+          whitelist_domains => sets:new()},
+    Files =
+        #{jid => gen_mod:get_module_opt(Host, ?MODULE, spam_jids_file),
+          url => gen_mod:get_module_opt(Host, ?MODULE, spam_urls_file),
+          domains => gen_mod:get_module_opt(Host, ?MODULE, spam_domains_file),
+          whitelist_domains => gen_mod:get_module_opt(Host, ?MODULE, whitelist_domains_file)},
+    ejabberd_hooks:run_fold(antispam_get_lists, Host, AccInitial, [Files]).
+
+get_rtbl_services_option(Host) when is_binary(Host) ->
+    get_rtbl_services_option(gen_mod:get_module_opts(Host, ?MODULE));
+get_rtbl_services_option(Opts) when is_map(Opts) ->
+    Services = gen_mod:get_opt(rtbl_services, Opts),
+    case length(Services) =< 1 of
+        true ->
+            ok;
+        false ->
+            ?WARNING_MSG("Option rtbl_services only supports one service, but several "
+                         "were configured. Will use only first one",
+                         [])
+    end,
+    case Services of
+        [] ->
+            [#rtbl_service{}];
+        [Host | _] when is_binary(Host) ->
+            [#rtbl_service{host = Host, node = ?DEFAULT_RTBL_DOMAINS_NODE}];
+        [[{Host, [{spam_source_domains_node, Node}]}] | _] ->
+            [#rtbl_service{host = Host, node = Node}]
+    end.
+
+-spec get_proc_name(binary()) -> atom().
+get_proc_name(Host) ->
+    gen_mod:get_module_proc(Host, ?MODULE).
+
+-spec get_spam_filter_hosts() -> [binary()].
+get_spam_filter_hosts() ->
+    [H || H <- ejabberd_option:hosts(), gen_mod:is_loaded(H, ?MODULE)].
+
+-spec sets_equal(sets:set(), sets:set()) -> boolean().
+sets_equal(A, B) ->
+    sets:is_subset(A, B) andalso sets:is_subset(B, A).
+
+-spec format(io:format(), [term()]) -> binary().
+format(Format, Data) ->
+    iolist_to_binary(io_lib:format(Format, Data)).
+
+%%--------------------------------------------------------------------
+%%| Caching
+
+-spec cache_insert(ljid(), state()) -> state().
+cache_insert(_LJID, #state{max_cache_size = 0} = State) ->
+    State;
+cache_insert(LJID, #state{jid_cache = Cache, max_cache_size = MaxSize} = State)
+    when MaxSize /= unlimited, map_size(Cache) >= MaxSize ->
+    cache_insert(LJID, shrink_cache(State));
+cache_insert(LJID, #state{jid_cache = Cache} = State) ->
+    ?INFO_MSG("Caching spam JID: ~s", [jid:encode(LJID)]),
+    Cache1 = Cache#{LJID => erlang:monotonic_time(second)},
+    State#state{jid_cache = Cache1}.
+
+-spec cache_lookup(ljid(), state()) -> {boolean(), state()}.
+cache_lookup(LJID, #state{jid_cache = Cache} = State) ->
+    case Cache of
+        #{LJID := _Timestamp} ->
+            Cache1 = Cache#{LJID => erlang:monotonic_time(second)},
+            State1 = State#state{jid_cache = Cache1},
+            {true, State1};
+        #{} ->
+            {false, State}
+    end.
+
+-spec shrink_cache(state()) -> state().
+shrink_cache(#state{jid_cache = Cache, max_cache_size = MaxSize} = State) ->
+    ShrinkedSize = round(MaxSize / 2),
+    N = map_size(Cache) - ShrinkedSize,
+    L = lists:keysort(2, maps:to_list(Cache)),
+    Cache1 =
+        maps:from_list(
+            lists:nthtail(N, L)),
+    State#state{jid_cache = Cache1}.
+
+-spec expire_cache(integer(), state()) -> {{ok, binary()}, state()}.
+expire_cache(Age, #state{jid_cache = Cache} = State) ->
+    Threshold = erlang:monotonic_time(second) - Age,
+    Cache1 = maps:filter(fun(_, TS) -> TS >= Threshold end, Cache),
+    NumExp = map_size(Cache) - map_size(Cache1),
+    Txt = format("Expired ~B cache entries", [NumExp]),
+    {{ok, Txt}, State#state{jid_cache = Cache1}}.
+
+-spec add_to_cache(ljid(), state()) -> {{ok, binary()}, state()}.
+add_to_cache(LJID, State) ->
+    State1 = cache_insert(LJID, State),
+    Txt = format("~s added to cache", [jid:encode(LJID)]),
+    {{ok, Txt}, State1}.
+
+-spec drop_from_cache(ljid(), state()) -> {{ok, binary()}, state()}.
+drop_from_cache(LJID, #state{jid_cache = Cache} = State) ->
+    Cache1 = maps:remove(LJID, Cache),
+    if map_size(Cache1) < map_size(Cache) ->
+           Txt = format("~s removed from cache", [jid:encode(LJID)]),
+           {{ok, Txt}, State#state{jid_cache = Cache1}};
+       true ->
+           Txt = format("~s wasn't cached", [jid:encode(LJID)]),
+           {{ok, Txt}, State}
+    end.
+
+%%--------------------------------------------------------------------
+%%| ejabberd command callbacks
+
+-spec get_commands_spec() -> [ejabberd_commands()].
+get_commands_spec() ->
+    [#ejabberd_commands{name = reload_spam_filter_files,
+                        tags = [spam],
+                        desc = "Reload spam JID/URL files",
+                        module = ?MODULE,
+                        function = reload_spam_filter_files,
+                        note = "added in 25.07",
+                        args = [{host, binary}],
+                        result = {res, rescode}},
+     #ejabberd_commands{name = get_spam_filter_cache,
+                        tags = [spam],
+                        desc = "Show spam filter cache contents",
+                        module = ?MODULE,
+                        function = get_spam_filter_cache,
+                        note = "added in 25.07",
+                        args = [{host, binary}],
+                        result =
+                            {spammers,
+                             {list, {spammer, {tuple, [{jid, string}, {timestamp, integer}]}}}}},
+     #ejabberd_commands{name = expire_spam_filter_cache,
+                        tags = [spam],
+                        desc = "Remove old/unused spam JIDs from cache",
+                        module = ?MODULE,
+                        function = expire_spam_filter_cache,
+                        note = "added in 25.07",
+                        args = [{host, binary}, {seconds, integer}],
+                        result = {res, restuple}},
+     #ejabberd_commands{name = add_to_spam_filter_cache,
+                        tags = [spam],
+                        desc = "Add JID to spam filter cache",
+                        module = ?MODULE,
+                        function = add_to_spam_filter_cache,
+                        note = "added in 25.07",
+                        args = [{host, binary}, {jid, binary}],
+                        result = {res, restuple}},
+     #ejabberd_commands{name = drop_from_spam_filter_cache,
+                        tags = [spam],
+                        desc = "Drop JID from spam filter cache",
+                        module = ?MODULE,
+                        function = drop_from_spam_filter_cache,
+                        note = "added in 25.07",
+                        args = [{host, binary}, {jid, binary}],
+                        result = {res, restuple}},
+     #ejabberd_commands{name = get_blocked_domains,
+                        tags = [spam],
+                        desc = "Get list of domains being blocked",
+                        module = ?MODULE,
+                        function = get_blocked_domains,
+                        note = "added in 25.07",
+                        args = [{host, binary}],
+                        result = {blocked_domains, {list, {jid, string}}}},
+     #ejabberd_commands{name = add_blocked_domain,
+                        tags = [spam],
+                        desc = "Add domain to list of blocked domains",
+                        module = ?MODULE,
+                        function = add_blocked_domain,
+                        note = "added in 25.07",
+                        args = [{host, binary}, {domain, binary}],
+                        result = {res, restuple}},
+     #ejabberd_commands{name = remove_blocked_domain,
+                        tags = [spam],
+                        desc = "Remove domain from list of blocked domains",
+                        module = ?MODULE,
+                        function = remove_blocked_domain,
+                        note = "added in 25.07",
+                        args = [{host, binary}, {domain, binary}],
+                        result = {res, restuple}}].
+
+for_all_hosts(F, A) ->
+    try lists:map(fun(Host) -> apply(F, [Host | A]) end, get_spam_filter_hosts()) of
+        List ->
+            case lists:filter(fun ({error, _}) ->
+                                      true;
+                                  (_) ->
+                                      false
+                              end,
+                              List)
+            of
+                [] ->
+                    hd(List);
+                Errors ->
+                    hd(Errors)
+            end
+    catch
+        error:{badmatch, {error, _Reason} = Error} ->
+            Error
+    end.
+
+try_call_by_host(Host, Call) ->
+    LServer = jid:nameprep(Host),
+    Proc = get_proc_name(LServer),
+    try gen_server:call(Proc, Call, ?COMMAND_TIMEOUT) of
+        Result ->
+            Result
+    catch
+        exit:{noproc, _} ->
+            {error, "Not configured for " ++ binary_to_list(Host)};
+        exit:{timeout, _} ->
+            {error, "Timeout while querying ejabberd"}
+    end.
+
+-spec reload_spam_filter_files(binary()) -> ok | {error, string()}.
+reload_spam_filter_files(<<"global">>) ->
+    for_all_hosts(fun reload_spam_filter_files/1, []);
+reload_spam_filter_files(Host) ->
+    case try_call_by_host(Host, reload_spam_files) of
+        {spam_filter, ok} ->
+            ok;
+        {spam_filter, {error, Txt}} ->
+            {error, Txt};
+        {error, _R} = Error ->
+            Error
+    end.
+
+-spec get_blocked_domains(binary()) -> [binary()].
+get_blocked_domains(Host) ->
+    case try_call_by_host(Host, get_blocked_domains) of
+        {blocked_domains, BlockedDomains} ->
+            maps:keys(
+                maps:filter(fun (_, false) ->
+                                    false;
+                                (_, _) ->
+                                    true
+                            end,
+                            BlockedDomains));
+        {error, _R} = Error ->
+            Error
+    end.
+
+-spec add_blocked_domain(binary(), binary()) -> {ok, string()}.
+add_blocked_domain(<<"global">>, Domain) ->
+    for_all_hosts(fun add_blocked_domain/2, [Domain]);
+add_blocked_domain(Host, Domain) ->
+    case try_call_by_host(Host, {add_blocked_domain, Domain}) of
+        {spam_filter, {Status, Txt}} ->
+            {Status, binary_to_list(Txt)};
+        {error, _R} = Error ->
+            Error
+    end.
+
+-spec remove_blocked_domain(binary(), binary()) -> {ok, string()}.
+remove_blocked_domain(<<"global">>, Domain) ->
+    for_all_hosts(fun remove_blocked_domain/2, [Domain]);
+remove_blocked_domain(Host, Domain) ->
+    case try_call_by_host(Host, {remove_blocked_domain, Domain}) of
+        {spam_filter, {Status, Txt}} ->
+            {Status, binary_to_list(Txt)};
+        {error, _R} = Error ->
+            Error
+    end.
+
+-spec get_spam_filter_cache(binary()) -> [{binary(), integer()}] | {error, string()}.
+get_spam_filter_cache(Host) ->
+    case try_call_by_host(Host, get_cache) of
+        {spam_filter, Cache} ->
+            [{jid:encode(JID), TS + erlang:time_offset(second)} || {JID, TS} <- Cache];
+        {error, _R} = Error ->
+            Error
+    end.
+
+-spec expire_spam_filter_cache(binary(), integer()) -> {ok | error, string()}.
+expire_spam_filter_cache(<<"global">>, Age) ->
+    for_all_hosts(fun expire_spam_filter_cache/2, [Age]);
+expire_spam_filter_cache(Host, Age) ->
+    case try_call_by_host(Host, {expire_cache, Age}) of
+        {spam_filter, {Status, Txt}} ->
+            {Status, binary_to_list(Txt)};
+        {error, _R} = Error ->
+            Error
+    end.
+
+-spec add_to_spam_filter_cache(binary(), binary()) ->
+                                  [{binary(), integer()}] | {error, string()}.
+add_to_spam_filter_cache(<<"global">>, JID) ->
+    for_all_hosts(fun add_to_spam_filter_cache/2, [JID]);
+add_to_spam_filter_cache(Host, EncJID) ->
+    try jid:decode(EncJID) of
+        #jid{} = JID ->
+            LJID =
+                jid:remove_resource(
+                    jid:tolower(JID)),
+            case try_call_by_host(Host, {add_to_cache, LJID}) of
+                {spam_filter, {Status, Txt}} ->
+                    {Status, binary_to_list(Txt)};
+                {error, _R} = Error ->
+                    Error
+            end
+    catch
+        _:{bad_jid, _} ->
+            {error, "Not a valid JID: " ++ binary_to_list(EncJID)}
+    end.
+
+-spec drop_from_spam_filter_cache(binary(), binary()) -> {ok | error, string()}.
+drop_from_spam_filter_cache(<<"global">>, JID) ->
+    for_all_hosts(fun drop_from_spam_filter_cache/2, [JID]);
+drop_from_spam_filter_cache(Host, EncJID) ->
+    try jid:decode(EncJID) of
+        #jid{} = JID ->
+            LJID =
+                jid:remove_resource(
+                    jid:tolower(JID)),
+            case try_call_by_host(Host, {drop_from_cache, LJID}) of
+                {spam_filter, {Status, Txt}} ->
+                    {Status, binary_to_list(Txt)};
+                {error, _R} = Error ->
+                    Error
+            end
+    catch
+        _:{bad_jid, _} ->
+            {error, "Not a valid JID: " ++ binary_to_list(EncJID)}
+    end.
+
+%%--------------------------------------------------------------------
+
+%%| vim: set foldmethod=marker foldmarker=%%|,%%-:

src/mod_antispam_dump.erl

@@ -0,0 +1,186 @@
+%%%----------------------------------------------------------------------
+%%% File    : mod_antispam_dump.erl
+%%% Author  : Holger Weiss <holger@zedat.fu-berlin.de>
+%%% Author  : Stefan Strigler <stefan@strigler.de>
+%%% Purpose : Manage dump file for filtered spam messages
+%%% Created : 31 Mar 2019 by Holger Weiss <holger@zedat.fu-berlin.de>
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2019-2025 ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+
+%%| Definitions
+%% @format-begin
+
+-module(mod_antispam_dump).
+
+-author('holger@zedat.fu-berlin.de').
+-author('stefan@strigler.de').
+
+-export([init_dumping/1, terminate_dumping/2, reload_dumping/4, reopen_dump_file/2,
+         write_stanza_dump/2]).
+%% ejabberd_hooks callbacks
+-export([dump_spam_stanza/1, reopen_log/0]).
+
+-include("logger.hrl").
+-include("mod_antispam.hrl").
+-include("translate.hrl").
+
+-include_lib("xmpp/include/xmpp.hrl").
+
+%%--------------------------------------------------------------------
+%%| Exported
+
+init_dumping(Host) ->
+    case get_path_option(Host) of
+        false ->
+            undefined;
+        DumpFile when is_binary(DumpFile) ->
+            case filelib:ensure_dir(DumpFile) of
+                ok ->
+                    ejabberd_hooks:add(spam_stanza_rejected, Host, ?MODULE, dump_spam_stanza, 50),
+                    ejabberd_hooks:add(reopen_log_hook, ?MODULE, reopen_log, 50),
+                    open_dump_file(DumpFile);
+                {error, Reason} ->
+                    Dirname = filename:dirname(DumpFile),
+                    throw({open, Dirname, Reason})
+            end
+    end.
+
+terminate_dumping(_Host, false) ->
+    ok;
+terminate_dumping(Host, Fd) ->
+    DumpFile1 = get_path_option(Host),
+    close_dump_file(Fd, DumpFile1),
+    ejabberd_hooks:delete(spam_stanza_rejected, Host, ?MODULE, dump_spam_stanza, 50),
+    case gen_mod:is_loaded_elsewhere(Host, ?MODULE) of
+        false ->
+            ejabberd_hooks:delete(reopen_log_hook, ?MODULE, reopen_log, 50);
+        true ->
+            ok
+    end.
+
+reload_dumping(Host, Fd, OldOpts, NewOpts) ->
+    case {get_path_option(Host, OldOpts), get_path_option(Host, NewOpts)} of
+        {Old, Old} ->
+            Fd;
+        {Old, New} ->
+            reopen_dump_file(Fd, Old, New)
+    end.
+
+-spec reopen_dump_file(binary(), file:io_device()) -> file:io_device().
+reopen_dump_file(Host, Fd) ->
+    DumpFile1 = get_path_option(Host),
+    reopen_dump_file(Fd, DumpFile1, DumpFile1).
+
+%%--------------------------------------------------------------------
+%%| Hook callbacks
+
+-spec dump_spam_stanza(message()) -> ok.
+dump_spam_stanza(#message{to = #jid{lserver = LServer}} = Msg) ->
+    By = jid:make(<<>>, LServer),
+    Proc = get_proc_name(LServer),
+    Time = erlang:timestamp(),
+    Msg1 = misc:add_delay_info(Msg, By, Time),
+    XML = fxml:element_to_binary(
+              xmpp:encode(Msg1)),
+    gen_server:cast(Proc, {dump_stanza, XML}).
+
+-spec reopen_log() -> ok.
+reopen_log() ->
+    lists:foreach(fun(Host) ->
+                     Proc = get_proc_name(Host),
+                     gen_server:cast(Proc, reopen_log)
+                  end,
+                  get_spam_filter_hosts()).
+
+%%--------------------------------------------------------------------
+%%| File management
+
+-spec open_dump_file(filename()) -> undefined | file:io_device().
+open_dump_file(false) ->
+    undefined;
+open_dump_file(Name) ->
+    Modes = [append, raw, binary, delayed_write],
+    case file:open(Name, Modes) of
+        {ok, Fd} ->
+            ?DEBUG("Opened ~s", [Name]),
+            Fd;
+        {error, Reason} ->
+            ?ERROR_MSG("Cannot open dump file ~s: ~s", [Name, file:format_error(Reason)]),
+            undefined
+    end.
+
+-spec close_dump_file(undefined | file:io_device(), filename()) -> ok.
+close_dump_file(undefined, false) ->
+    ok;
+close_dump_file(Fd, Name) ->
+    case file:close(Fd) of
+        ok ->
+            ?DEBUG("Closed ~s", [Name]);
+        {error, Reason} ->
+            ?ERROR_MSG("Cannot close ~s: ~s", [Name, file:format_error(Reason)])
+    end.
+
+-spec reopen_dump_file(file:io_device(), binary(), binary()) -> file:io_device().
+reopen_dump_file(Fd, OldDumpFile, NewDumpFile) ->
+    close_dump_file(Fd, OldDumpFile),
+    open_dump_file(NewDumpFile).
+
+write_stanza_dump(Fd, XML) ->
+    case file:write(Fd, [XML, <<$\n>>]) of
+        ok ->
+            ok;
+        {error, Reason} ->
+            ?ERROR_MSG("Cannot write spam to dump file: ~s", [file:format_error(Reason)])
+    end.
+
+%%--------------------------------------------------------------------
+%%| Auxiliary
+
+get_path_option(Host) ->
+    Opts = gen_mod:get_module_opts(Host, ?MODULE_ANTISPAM),
+    get_path_option(Host, Opts).
+
+get_path_option(Host, Opts) ->
+    case gen_mod:get_opt(spam_dump_file, Opts) of
+        false ->
+            false;
+        true ->
+            LogDirPath =
+                iolist_to_binary(filename:dirname(
+                                     ejabberd_logger:get_log_path())),
+            filename:join([LogDirPath, <<"spam_dump_", Host/binary, ".log">>]);
+        B when is_binary(B) ->
+            B
+    end.
+
+%%--------------------------------------------------------------------
+%%| Copied from mod_antispam.erl
+
+-spec get_proc_name(binary()) -> atom().
+get_proc_name(Host) ->
+    gen_mod:get_module_proc(Host, ?MODULE_ANTISPAM).
+
+-spec get_spam_filter_hosts() -> [binary()].
+get_spam_filter_hosts() ->
+    [H || H <- ejabberd_option:hosts(), gen_mod:is_loaded(H, ?MODULE_ANTISPAM)].
+
+%%--------------------------------------------------------------------
+
+%%| vim: set foldmethod=marker foldmarker=%%|,%%-:

src/mod_antispam_files.erl

@@ -0,0 +1,181 @@
+%%%----------------------------------------------------------------------
+%%% File    : mod_antispam_files.erl
+%%% Author  : Holger Weiss <holger@zedat.fu-berlin.de>
+%%% Author  : Stefan Strigler <stefan@strigler.de>
+%%% Purpose : Filter spam messages based on sender JID and content
+%%% Created : 31 Mar 2019 by Holger Weiss <holger@zedat.fu-berlin.de>
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2019-2025 ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+
+%%| definitions
+%% @format-begin
+
+-module(mod_antispam_files).
+
+-author('holger@zedat.fu-berlin.de').
+-author('stefan@strigler.de').
+
+%% Exported
+-export([init_files/1, terminate_files/1]).
+% Hooks
+-export([get_files_lists/2]).
+
+-include("ejabberd_commands.hrl").
+-include("logger.hrl").
+-include("mod_antispam.hrl").
+-include("translate.hrl").
+
+-include_lib("xmpp/include/xmpp.hrl").
+
+-type files_map() :: #{atom() => filename()}.
+-type lists_map() ::
+    #{jid => jid_set(),
+      url => url_set(),
+      atom() => sets:set(binary())}.
+
+-define(COMMAND_TIMEOUT, timer:seconds(30)).
+-define(DEFAULT_CACHE_SIZE, 10000).
+-define(HTTPC_TIMEOUT, timer:seconds(3)).
+
+%%--------------------------------------------------------------------
+%%| Exported
+
+init_files(Host) ->
+    ejabberd_hooks:add(antispam_get_lists, Host, ?MODULE, get_files_lists, 50).
+
+terminate_files(Host) ->
+    ejabberd_hooks:delete(antispam_get_lists, Host, ?MODULE, get_files_lists, 50).
+
+%%--------------------------------------------------------------------
+%%| Hooks
+
+-spec get_files_lists(lists_map(), files_map()) -> lists_map().
+get_files_lists(#{jid := AccJids,
+                  url := AccUrls,
+                  domains := AccDomains,
+                  whitelist_domains := AccWhitelist} =
+                    Acc,
+                Files) ->
+    try read_files(Files) of
+        #{jid := JIDsSet,
+          url := URLsSet,
+          domains := SpamDomainsSet,
+          whitelist_domains := WhitelistDomains} ->
+            Acc#{jid => sets:union(AccJids, JIDsSet),
+                 url => sets:union(AccUrls, URLsSet),
+                 domains => sets:union(AccDomains, SpamDomainsSet),
+                 whitelist_domains => sets:union(AccWhitelist, WhitelistDomains)}
+    catch
+        {Op, File, Reason} when Op == open; Op == read ->
+            ErrorText = format("Error trying to ~s file ~s: ~s", [Op, File, format_error(Reason)]),
+            ?CRITICAL_MSG(ErrorText, []),
+            {stop, {config_error, ErrorText}}
+    end.
+
+%%--------------------------------------------------------------------
+%%| read_files
+
+-spec read_files(files_map()) -> lists_map().
+read_files(Files) ->
+    maps:map(fun(Type, Filename) -> read_file(Filename, line_parser(Type)) end, Files).
+
+-spec line_parser(Type :: atom()) -> fun((binary()) -> binary()).
+line_parser(jid) ->
+    fun parse_jid/1;
+line_parser(url) ->
+    fun parse_url/1;
+line_parser(_) ->
+    fun trim/1.
+
+-spec read_file(filename(), fun((binary()) -> ljid() | url())) -> jid_set() | url_set().
+read_file(none, _ParseLine) ->
+    sets:new();
+read_file(File, ParseLine) ->
+    case file:open(File, [read, binary, raw, {read_ahead, 65536}]) of
+        {ok, Fd} ->
+            try
+                read_line(Fd, ParseLine, sets:new())
+            catch
+                E ->
+                    throw({read, File, E})
+            after
+                ok = file:close(Fd)
+            end;
+        {error, Reason} ->
+            throw({open, File, Reason})
+    end.
+
+-spec read_line(file:io_device(),
+                fun((binary()) -> ljid() | url()),
+                jid_set() | url_set()) ->
+                   jid_set() | url_set().
+read_line(Fd, ParseLine, Set) ->
+    case file:read_line(Fd) of
+        {ok, Line} ->
+            read_line(Fd, ParseLine, sets:add_element(ParseLine(Line), Set));
+        {error, Reason} ->
+            throw(Reason);
+        eof ->
+            Set
+    end.
+
+-spec parse_jid(binary()) -> ljid().
+parse_jid(S) ->
+    try jid:decode(trim(S)) of
+        #jid{} = JID ->
+            jid:remove_resource(
+                jid:tolower(JID))
+    catch
+        _:{bad_jid, _} ->
+            throw({bad_jid, S})
+    end.
+
+-spec parse_url(binary()) -> url().
+parse_url(S) ->
+    URL = trim(S),
+    RE = <<"https?://\\S+$">>,
+    Options = [anchored, caseless, {capture, none}],
+    case re:run(URL, RE, Options) of
+        match ->
+            URL;
+        nomatch ->
+            throw({bad_url, S})
+    end.
+
+-spec trim(binary()) -> binary().
+trim(S) ->
+    re:replace(S, <<"\\s+$">>, <<>>, [{return, binary}]).
+
+%% Function copied from mod_antispam.erl
+-spec format(io:format(), [term()]) -> binary().
+format(Format, Data) ->
+    iolist_to_binary(io_lib:format(Format, Data)).
+
+-spec format_error(atom() | tuple()) -> binary().
+format_error({bad_jid, JID}) ->
+    <<"Not a valid JID: ", JID/binary>>;
+format_error({bad_url, URL}) ->
+    <<"Not an HTTP(S) URL: ", URL/binary>>;
+format_error(Reason) ->
+    list_to_binary(file:format_error(Reason)).
+
+%%--------------------------------------------------------------------
+
+%%| vim: set foldmethod=marker foldmarker=%%|,%%-:

src/mod_antispam_filter.erl

@@ -0,0 +1,298 @@
+%%%----------------------------------------------------------------------
+%%% File    : mod_antispam_filter.erl
+%%% Author  : Holger Weiss <holger@zedat.fu-berlin.de>
+%%% Author  : Stefan Strigler <stefan@strigler.de>
+%%% Purpose : Filter C2S and S2S stanzas
+%%% Created : 31 Mar 2019 by Holger Weiss <holger@zedat.fu-berlin.de>
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2019-2025 ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+
+%%| Definitions
+%% @format-begin
+
+-module(mod_antispam_filter).
+
+-author('holger@zedat.fu-berlin.de').
+-author('stefan@strigler.de').
+
+-export([init_filtering/1, terminate_filtering/1]).
+%% ejabberd_hooks callbacks
+-export([s2s_in_handle_info/2, s2s_receive_packet/1, sm_receive_packet/1]).
+
+-include("logger.hrl").
+-include("translate.hrl").
+-include("mod_antispam.hrl").
+
+-include_lib("xmpp/include/xmpp.hrl").
+
+-type s2s_in_state() :: ejabberd_s2s_in:state().
+
+-define(HTTPC_TIMEOUT, timer:seconds(3)).
+
+%%--------------------------------------------------------------------
+%%| Exported
+
+init_filtering(Host) ->
+    ejabberd_hooks:add(s2s_in_handle_info, Host, ?MODULE, s2s_in_handle_info, 90),
+    ejabberd_hooks:add(s2s_receive_packet, Host, ?MODULE, s2s_receive_packet, 50),
+    ejabberd_hooks:add(sm_receive_packet, Host, ?MODULE, sm_receive_packet, 50).
+
+terminate_filtering(Host) ->
+    ejabberd_hooks:delete(s2s_receive_packet, Host, ?MODULE, s2s_receive_packet, 50),
+    ejabberd_hooks:delete(sm_receive_packet, Host, ?MODULE, sm_receive_packet, 50),
+    ejabberd_hooks:delete(s2s_in_handle_info, Host, ?MODULE, s2s_in_handle_info, 90).
+
+%%--------------------------------------------------------------------
+%%| Hook callbacks
+
+-spec s2s_receive_packet({stanza() | drop, s2s_in_state()}) ->
+                            {stanza() | drop, s2s_in_state()} | {stop, {drop, s2s_in_state()}}.
+s2s_receive_packet({A, State}) ->
+    case sm_receive_packet(A) of
+        {stop, drop} ->
+            {stop, {drop, State}};
+        Result ->
+            {Result, State}
+    end.
+
+-spec sm_receive_packet(stanza() | drop) -> stanza() | drop | {stop, drop}.
+sm_receive_packet(drop = Acc) ->
+    Acc;
+sm_receive_packet(#message{from = From,
+                           to = #jid{lserver = LServer} = To,
+                           type = Type} =
+                      Msg)
+    when Type /= groupchat, Type /= error ->
+    do_check(From, To, LServer, Msg);
+sm_receive_packet(#presence{from = From,
+                            to = #jid{lserver = LServer} = To,
+                            type = subscribe} =
+                      Presence) ->
+    do_check(From, To, LServer, Presence);
+sm_receive_packet(Acc) ->
+    Acc.
+
+%%--------------------------------------------------------------------
+%%| Filtering deciding
+
+do_check(From, To, LServer, Stanza) ->
+    case needs_checking(From, To) of
+        true ->
+            case check_from(LServer, From) of
+                ham ->
+                    case check_stanza(LServer, From, Stanza) of
+                        ham ->
+                            Stanza;
+                        spam ->
+                            reject(Stanza),
+                            {stop, drop}
+                    end;
+                spam ->
+                    reject(Stanza),
+                    {stop, drop}
+            end;
+        false ->
+            Stanza
+    end.
+
+check_stanza(LServer, From, #message{body = Body}) ->
+    check_body(LServer, From, xmpp:get_text(Body));
+check_stanza(_, _, _) ->
+    ham.
+
+-spec s2s_in_handle_info(s2s_in_state(), any()) ->
+                            s2s_in_state() | {stop, s2s_in_state()}.
+s2s_in_handle_info(State, {_Ref, {spam_filter, _}}) ->
+    ?DEBUG("Dropping expired spam filter result", []),
+    {stop, State};
+s2s_in_handle_info(State, _) ->
+    State.
+
+-spec needs_checking(jid(), jid()) -> boolean().
+needs_checking(#jid{lserver = FromHost} = From, #jid{lserver = LServer} = To) ->
+    case gen_mod:is_loaded(LServer, ?MODULE_ANTISPAM) of
+        true ->
+            Access = gen_mod:get_module_opt(LServer, ?MODULE_ANTISPAM, access_spam),
+            case acl:match_rule(LServer, Access, To) of
+                allow ->
+                    ?DEBUG("Spam not filtered for ~s", [jid:encode(To)]),
+                    false;
+                deny ->
+                    ?DEBUG("Spam is filtered for ~s", [jid:encode(To)]),
+                    not mod_roster:is_subscribed(From, To)
+                    andalso not
+                                mod_roster:is_subscribed(
+                                    jid:make(<<>>, FromHost),
+                                    To) % likely a gateway
+            end;
+        false ->
+            ?DEBUG("~s not loaded for ~s", [?MODULE_ANTISPAM, LServer]),
+            false
+    end.
+
+-spec check_from(binary(), jid()) -> ham | spam.
+check_from(Host, From) ->
+    Proc = get_proc_name(Host),
+    LFrom =
+        {_, FromDomain, _} =
+            jid:remove_resource(
+                jid:tolower(From)),
+    try
+        case gen_server:call(Proc, {is_blocked_domain, FromDomain}) of
+            true ->
+                ?DEBUG("Spam JID found in blocked domains: ~p", [From]),
+                ejabberd_hooks:run(spam_found, Host, [{jid, From}]),
+                spam;
+            false ->
+                case gen_server:call(Proc, {check_jid, LFrom}) of
+                    {spam_filter, Result} ->
+                        Result
+                end
+        end
+    catch
+        exit:{timeout, _} ->
+            ?WARNING_MSG("Timeout while checking ~s against list of blocked domains or spammers",
+                         [jid:encode(From)]),
+            ham
+    end.
+
+-spec check_body(binary(), jid(), binary()) -> ham | spam.
+check_body(Host, From, Body) ->
+    case {extract_urls(Host, Body), extract_jids(Body)} of
+        {none, none} ->
+            ?DEBUG("No JIDs/URLs found in message", []),
+            ham;
+        {URLs, JIDs} ->
+            Proc = get_proc_name(Host),
+            LFrom =
+                jid:remove_resource(
+                    jid:tolower(From)),
+            try gen_server:call(Proc, {check_body, URLs, JIDs, LFrom}) of
+                {spam_filter, Result} ->
+                    Result
+            catch
+                exit:{timeout, _} ->
+                    ?WARNING_MSG("Timeout while checking body", []),
+                    ham
+            end
+    end.
+
+%%--------------------------------------------------------------------
+%%| Auxiliary
+
+-spec extract_urls(binary(), binary()) -> {urls, [url()]} | none.
+extract_urls(Host, Body) ->
+    RE = <<"https?://\\S+">>,
+    Options = [global, {capture, all, binary}],
+    case re:run(Body, RE, Options) of
+        {match, Captured} when is_list(Captured) ->
+            Urls = resolve_redirects(Host, lists:flatten(Captured)),
+            {urls, Urls};
+        nomatch ->
+            none
+    end.
+
+-spec resolve_redirects(binary(), [url()]) -> [url()].
+resolve_redirects(_Host, URLs) ->
+    try do_resolve_redirects(URLs, []) of
+        ResolvedURLs ->
+            ResolvedURLs
+    catch
+        exit:{timeout, _} ->
+            ?WARNING_MSG("Timeout while resolving redirects: ~p", [URLs]),
+            URLs
+    end.
+
+-spec do_resolve_redirects([url()], [url()]) -> [url()].
+do_resolve_redirects([], Result) ->
+    Result;
+do_resolve_redirects([URL | Rest], Acc) ->
+    case httpc:request(get,
+                       {URL, [{"user-agent", "curl/8.7.1"}]},
+                       [{autoredirect, false}, {timeout, ?HTTPC_TIMEOUT}],
+                       [])
+    of
+        {ok, {{_, StatusCode, _}, Headers, _Body}} when StatusCode >= 300, StatusCode < 400 ->
+            Location = proplists:get_value("location", Headers),
+            case Location == undefined orelse lists:member(Location, Acc) of
+                true ->
+                    do_resolve_redirects(Rest, [URL | Acc]);
+                false ->
+                    do_resolve_redirects([Location | Rest], [URL | Acc])
+            end;
+        _Res ->
+            do_resolve_redirects(Rest, [URL | Acc])
+    end.
+
+-spec extract_jids(binary()) -> {jids, [ljid()]} | none.
+extract_jids(Body) ->
+    RE = <<"\\S+@\\S+">>,
+    Options = [global, {capture, all, binary}],
+    case re:run(Body, RE, Options) of
+        {match, Captured} when is_list(Captured) ->
+            {jids, lists:filtermap(fun try_decode_jid/1, lists:flatten(Captured))};
+        nomatch ->
+            none
+    end.
+
+-spec try_decode_jid(binary()) -> {true, ljid()} | false.
+try_decode_jid(S) ->
+    try jid:decode(S) of
+        #jid{} = JID ->
+            {true,
+             jid:remove_resource(
+                 jid:tolower(JID))}
+    catch
+        _:{bad_jid, _} ->
+            false
+    end.
+
+-spec reject(stanza()) -> ok.
+reject(#message{from = From,
+                to = To,
+                type = Type,
+                lang = Lang} =
+           Msg)
+    when Type /= groupchat, Type /= error ->
+    ?INFO_MSG("Rejecting unsolicited message from ~s to ~s",
+              [jid:encode(From), jid:encode(To)]),
+    Txt = <<"Your message is unsolicited">>,
+    Err = xmpp:err_policy_violation(Txt, Lang),
+    ejabberd_hooks:run(spam_stanza_rejected, To#jid.lserver, [Msg]),
+    ejabberd_router:route_error(Msg, Err);
+reject(#presence{from = From,
+                 to = To,
+                 lang = Lang} =
+           Presence) ->
+    ?INFO_MSG("Rejecting unsolicited presence from ~s to ~s",
+              [jid:encode(From), jid:encode(To)]),
+    Txt = <<"Your traffic is unsolicited">>,
+    Err = xmpp:err_policy_violation(Txt, Lang),
+    ejabberd_router:route_error(Presence, Err);
+reject(_) ->
+    ok.
+
+-spec get_proc_name(binary()) -> atom().
+get_proc_name(Host) ->
+    gen_mod:get_module_proc(Host, ?MODULE_ANTISPAM).
+
+%%--------------------------------------------------------------------
+
+%%| vim: set foldmethod=marker foldmarker=%%|,%%-:

src/mod_antispam_opt.erl

@@ -0,0 +1,62 @@
+%% Generated automatically
+%% DO NOT EDIT: run `make options` instead
+
+-module(mod_antispam_opt).
+
+-export([access_spam/1]).
+-export([cache_size/1]).
+-export([rtbl_services/1]).
+-export([spam_domains_file/1]).
+-export([spam_dump_file/1]).
+-export([spam_jids_file/1]).
+-export([spam_urls_file/1]).
+-export([whitelist_domains_file/1]).
+
+-spec access_spam(gen_mod:opts() | global | binary()) -> 'none' | acl:acl().
+access_spam(Opts) when is_map(Opts) ->
+    gen_mod:get_opt(access_spam, Opts);
+access_spam(Host) ->
+    gen_mod:get_module_opt(Host, mod_antispam, access_spam).
+
+-spec cache_size(gen_mod:opts() | global | binary()) -> 'unlimited' | pos_integer().
+cache_size(Opts) when is_map(Opts) ->
+    gen_mod:get_opt(cache_size, Opts);
+cache_size(Host) ->
+    gen_mod:get_module_opt(Host, mod_antispam, cache_size).
+
+-spec rtbl_services(gen_mod:opts() | global | binary()) -> [binary() | [{binary(),[{'spam_source_domains_node',binary()}]}]].
+rtbl_services(Opts) when is_map(Opts) ->
+    gen_mod:get_opt(rtbl_services, Opts);
+rtbl_services(Host) ->
+    gen_mod:get_module_opt(Host, mod_antispam, rtbl_services).
+
+-spec spam_domains_file(gen_mod:opts() | global | binary()) -> 'none' | binary().
+spam_domains_file(Opts) when is_map(Opts) ->
+    gen_mod:get_opt(spam_domains_file, Opts);
+spam_domains_file(Host) ->
+    gen_mod:get_module_opt(Host, mod_antispam, spam_domains_file).
+
+-spec spam_dump_file(gen_mod:opts() | global | binary()) -> boolean() | binary().
+spam_dump_file(Opts) when is_map(Opts) ->
+    gen_mod:get_opt(spam_dump_file, Opts);
+spam_dump_file(Host) ->
+    gen_mod:get_module_opt(Host, mod_antispam, spam_dump_file).
+
+-spec spam_jids_file(gen_mod:opts() | global | binary()) -> 'none' | binary().
+spam_jids_file(Opts) when is_map(Opts) ->
+    gen_mod:get_opt(spam_jids_file, Opts);
+spam_jids_file(Host) ->
+    gen_mod:get_module_opt(Host, mod_antispam, spam_jids_file).
+
+-spec spam_urls_file(gen_mod:opts() | global | binary()) -> 'none' | binary().
+spam_urls_file(Opts) when is_map(Opts) ->
+    gen_mod:get_opt(spam_urls_file, Opts);
+spam_urls_file(Host) ->
+    gen_mod:get_module_opt(Host, mod_antispam, spam_urls_file).
+
+-spec whitelist_domains_file(gen_mod:opts() | global | binary()) -> 'none' | binary().
+whitelist_domains_file(Opts) when is_map(Opts) ->
+    gen_mod:get_opt(whitelist_domains_file, Opts);
+whitelist_domains_file(Host) ->
+    gen_mod:get_module_opt(Host, mod_antispam, whitelist_domains_file).
+

src/mod_antispam_rtbl.erl

@@ -0,0 +1,147 @@
+%%%----------------------------------------------------------------------
+%%% File    : mod_antispam_rtbl.erl
+%%% Author  : Stefan Strigler <stefan@strigler.de>
+%%% Purpose : Collection of RTBL specific functionality
+%%% Created : 20 Mar 2025 by Stefan Strigler <stefan@strigler.de>
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2025 ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+-module(mod_antispam_rtbl).
+-author('stefan@strigler.de').
+
+-include_lib("xmpp/include/xmpp.hrl").
+-include("logger.hrl").
+-include("mod_antispam.hrl").
+
+-define(SERVICE_MODULE, mod_antispam).
+-define(SERVICE_JID_PREFIX, "rtbl-").
+
+-export([parse_blocked_domains/1,
+	 parse_pubsub_event/1,
+	 pubsub_event_handler/1,
+	 request_blocked_domains/3,
+	 subscribe/3,
+	 unsubscribe/3]).
+
+%% @format-begin
+
+subscribe(RTBLHost, RTBLDomainsNode, From) ->
+    FromJID = service_jid(From),
+    SubIQ =
+        #iq{type = set,
+            to = jid:make(RTBLHost),
+            from = FromJID,
+            sub_els = [#pubsub{subscribe = #ps_subscribe{jid = FromJID, node = RTBLDomainsNode}}]},
+    ?DEBUG("Sending subscription request:~n~p", [xmpp:encode(SubIQ)]),
+    ejabberd_router:route_iq(SubIQ, subscribe_result, self()).
+
+-spec unsubscribe(binary() | none, binary(), binary()) -> ok.
+unsubscribe(none, _PSNode, _From) ->
+    ok;
+unsubscribe(RTBLHost, RTBLDomainsNode, From) ->
+    FromJID = jid:make(From),
+    SubIQ =
+        #iq{type = set,
+            to = jid:make(RTBLHost),
+            from = FromJID,
+            sub_els =
+                [#pubsub{unsubscribe = #ps_unsubscribe{jid = FromJID, node = RTBLDomainsNode}}]},
+    ejabberd_router:route_iq(SubIQ, unsubscribe_result, self()).
+
+-spec request_blocked_domains(binary() | none, binary(), binary()) -> ok.
+request_blocked_domains(none, _PSNode, _From) ->
+    ok;
+request_blocked_domains(RTBLHost, RTBLDomainsNode, From) ->
+    IQ = #iq{type = get,
+             from = jid:make(From),
+             to = jid:make(RTBLHost),
+             sub_els = [#pubsub{items = #ps_items{node = RTBLDomainsNode}}]},
+    ?DEBUG("Requesting RTBL blocked domains from ~s:~n~p", [RTBLHost, xmpp:encode(IQ)]),
+    ejabberd_router:route_iq(IQ, blocked_domains, self()).
+
+-spec parse_blocked_domains(stanza()) -> #{binary() => any()} | undefined.
+parse_blocked_domains(#iq{to = #jid{lserver = LServer}, type = result} = IQ) ->
+    ?DEBUG("parsing iq-result items: ~p", [IQ]),
+    [#rtbl_service{node = RTBLDomainsNode}] = mod_antispam:get_rtbl_services_option(LServer),
+    case xmpp:get_subtag(IQ, #pubsub{}) of
+        #pubsub{items = #ps_items{node = RTBLDomainsNode, items = Items}} ->
+            ?DEBUG("Got items:~n~p", [Items]),
+            parse_items(Items);
+        _ ->
+            undefined
+    end.
+
+-spec parse_pubsub_event(stanza()) -> #{binary() => any()}.
+parse_pubsub_event(#message{to = #jid{lserver = LServer}} = Msg) ->
+    [#rtbl_service{node = RTBLDomainsNode}] = mod_antispam:get_rtbl_services_option(LServer),
+    case xmpp:get_subtag(Msg, #ps_event{}) of
+        #ps_event{items =
+                      #ps_items{node = RTBLDomainsNode,
+                                items = Items,
+                                retract = RetractIds}} ->
+            maps:merge(retract_items(RetractIds), parse_items(Items));
+        Other ->
+            ?WARNING_MSG("Couldn't extract items: ~p", [Other]),
+            #{}
+    end.
+
+-spec parse_items([ps_item()]) -> #{binary() => any()}.
+parse_items(Items) ->
+    lists:foldl(fun(#ps_item{id = ID}, Acc) ->
+                   %% TODO extract meta/extra instructions
+                   maps:put(ID, true, Acc)
+                end,
+                #{},
+                Items).
+
+-spec retract_items([binary()]) -> #{binary() => false}.
+retract_items(Ids) ->
+    lists:foldl(fun(ID, Acc) -> Acc#{ID => false} end, #{}, Ids).
+
+-spec service_jid(binary()) -> jid().
+service_jid(Host) ->
+    jid:make(<<>>, Host, <<?SERVICE_JID_PREFIX, (ejabberd_cluster:node_id())/binary>>).
+
+%%--------------------------------------------------------------------
+%% Hook callbacks.
+%%--------------------------------------------------------------------
+
+-spec pubsub_event_handler(stanza()) -> drop | stanza().
+pubsub_event_handler(#message{from = FromJid,
+                              to =
+                                  #jid{lserver = LServer,
+                                       lresource = <<?SERVICE_JID_PREFIX, _/binary>>}} =
+                         Msg) ->
+    ?DEBUG("Got RTBL message:~n~p", [Msg]),
+    From = jid:encode(FromJid),
+    [#rtbl_service{host = RTBLHost}] = mod_antispam:get_rtbl_services_option(LServer),
+    case RTBLHost of
+        From ->
+            ParsedItems = parse_pubsub_event(Msg),
+            Proc = gen_mod:get_module_proc(LServer, ?SERVICE_MODULE),
+            gen_server:cast(Proc, {update_blocked_domains, ParsedItems}),
+            %% FIXME what's the difference between `{drop, ...}` and `{stop, {drop, ...}}`?
+            drop;
+        _Other ->
+            ?INFO_MSG("Got unexpected message from ~s to rtbl resource:~n~p", [From, Msg]),
+            Msg
+    end;
+pubsub_event_handler(Acc) ->
+    ?DEBUG("unexpected something on pubsub_event_handler: ~p", [Acc]),
+    Acc.

src/mod_auth_fast.erl

@@ -30,7 +30,7 @@
 -export([mod_doc/0]).
 %% Hooks
 -export([c2s_inline_features/2, c2s_handle_sasl2_inline/1,
-	 get_tokens/3, get_mechanisms/1]).
+	 get_tokens/3, get_mechanisms/1, remove_user_tokens/2]).
 
 -include_lib("xmpp/include/xmpp.hrl").
 -include_lib("xmpp/include/scram.hrl").
@@ -54,7 +54,10 @@ start(Host, Opts) ->
     Mod = gen_mod:db_mod(Opts, ?MODULE),
     Mod:init(Host, Opts),
     {ok, [{hook, c2s_inline_features, c2s_inline_features, 50},
-	  {hook, c2s_handle_sasl2_inline, c2s_handle_sasl2_inline, 10}]}.
+	  {hook, c2s_handle_sasl2_inline, c2s_handle_sasl2_inline, 10},
+	  {hook, set_password, remove_user_tokens, 50},
+	  {hook, sm_kick_user, remove_user_tokens, 50},
+	  {hook, remove_user, remove_user_tokens, 50}]}.
 
 -spec stop(binary()) -> ok.
 stop(_Host) ->
@@ -165,3 +168,10 @@ c2s_handle_sasl2_inline({#{server := Server, user := User, sasl2_ua_id := UA,
 	_ ->
 	    Acc
     end.
+
+-spec remove_user_tokens(binary(), binary()) -> ok.
+remove_user_tokens(User, Server) ->
+    LUser = jid:nodeprep(User),
+    LServer = jid:nameprep(Server),
+    Mod = gen_mod:db_mod(LServer, ?MODULE),
+    Mod:del_tokens(LServer, LUser).

src/mod_auth_fast_mnesia.erl

@@ -28,12 +28,12 @@
 
 %% API
 -export([init/2]).
--export([get_tokens/3, del_token/4, set_token/6, rotate_token/3]).
+-export([get_tokens/3, del_token/4, del_tokens/2, set_token/6, rotate_token/3]).
 
 -include_lib("xmpp/include/xmpp.hrl").
 -include("logger.hrl").
 
--record(mod_auth_fast, {key = {<<"">>, <<"">>, <<"">>} :: {binary(), binary(), binary()} | '$1',
+-record(mod_auth_fast, {key = {<<"">>, <<"">>, <<"">>} :: {binary(), binary(), binary() | '_'} | '$1',
 			token = <<>> :: binary() | '_',
 			created_at = 0 :: non_neg_integer() | '_',
 			expires_at = 0 :: non_neg_integer() | '_'}).
@@ -94,6 +94,14 @@ del_token(LServer, LUser, UA, Type) ->
 	end,
     transaction(F).
 
+-spec del_tokens(binary(), binary()) -> ok | {error, atom()}.
+del_tokens(LServer, LUser) ->
+    F = fun() ->
+        Elements = mnesia:match_object(#mod_auth_fast{key = {LServer, LUser, '_'}, _ = '_'}),
+	[mnesia:delete_object(E) || E <- Elements]
+	end,
+    transaction(F).
+
 -spec set_token(binary(), binary(), binary(), current | next, binary(), non_neg_integer()) ->
     ok | {error, atom()}.
 set_token(LServer, LUser, UA, Type, Token, Expires) ->

src/mod_conversejs.erl

@@ -31,6 +31,7 @@
 
 -export([start/2, stop/1, reload/3, process/2, depends/2,
          mod_opt_type/1, mod_options/1, mod_doc/0]).
+-export([web_menu_system/2]).
 
 -include_lib("xmpp/include/xmpp.hrl").
 -include("logger.hrl").
@@ -39,7 +40,7 @@
 -include("ejabberd_web_admin.hrl").
 
 start(_Host, _Opts) ->
-    ok.
+    {ok, [{hook, webadmin_menu_system_post, web_menu_system, 50, global}]}.
 
 stop(_Host) ->
     ok.
@@ -50,8 +51,10 @@ reload(_Host, _NewOpts, _OldOpts) ->
 depends(_Host, _Opts) ->
     [].
 
-process([], #request{method = 'GET', host = Host, raw_path = RawPath}) ->
+process([], #request{method = 'GET', host = Host, q = Query, raw_path = RawPath1}) ->
+    [RawPath | _] = string:split(RawPath1, "?"),
     ExtraOptions = get_auth_options(Host)
+        ++ get_autologin_options(Query)
         ++ get_register_options(Host)
         ++ get_extra_options(Host),
     Domain = mod_conversejs_opt:default_domain(Host),
@@ -221,6 +224,71 @@ get_auto_file_url(Host, Filename, Default) ->
         _ -> Filename
     end.
 
+%%----------------------------------------------------------------------
+%% WebAdmin link and autologin
+%%----------------------------------------------------------------------
+
+%% @format-begin
+
+web_menu_system(Result,
+                #request{host = Host,
+                         auth = Auth,
+                         tp = Protocol}) ->
+    AutoUrl = mod_host_meta:get_auto_url(any, ?MODULE),
+    ConverseUrl = misc:expand_keyword(<<"@HOST@">>, AutoUrl, Host),
+    AutologinQuery =
+        case {Protocol, Auth} of
+            {http, {Jid, _Password}} ->
+                <<"/?autologinjid=", Jid/binary>>;
+            {https, {Jid, Password}} ->
+                AuthToken = build_token(Jid, Password),
+                <<"/?autologinjid=", Jid/binary, "&autologintoken=", AuthToken/binary>>;
+            _ ->
+                <<"">>
+        end,
+    ConverseEl =
+        ?LI([?C(unicode:characters_to_binary("☯️")),
+             ?XAE(<<"a">>,
+                  [{<<"href">>, <<ConverseUrl/binary, AutologinQuery/binary>>},
+                   {<<"target">>, <<"_blank">>}],
+                  [?C(unicode:characters_to_binary("Converse"))])]),
+    [ConverseEl | Result].
+
+get_autologin_options(Query) ->
+    case {proplists:get_value(<<"autologinjid">>, Query),
+          proplists:get_value(<<"autologintoken">>, Query)}
+    of
+        {undefined, _} ->
+            [];
+        {Jid, Token} ->
+            [{<<"auto_login">>, <<"true">>},
+             {<<"jid">>, <<"admin@localhost">>},
+             {<<"password">>, check_token_get_password(Jid, Token)}]
+    end.
+
+build_token(Jid, Password) ->
+    Minutes =
+        integer_to_binary(calendar:datetime_to_gregorian_seconds(
+                              calendar:universal_time())
+                          div 60),
+    Cookie =
+        misc:atom_to_binary(
+            erlang:get_cookie()),
+    str:sha(<<Jid/binary, Password/binary, Minutes/binary, Cookie/binary>>).
+
+check_token_get_password(_, undefined) ->
+    <<"">>;
+check_token_get_password(JidString, TokenProvided) ->
+    Jid = jid:decode(JidString),
+    Password = ejabberd_auth:get_password_s(Jid#jid.luser, Jid#jid.lserver),
+    case build_token(JidString, Password) of
+        TokenProvided ->
+            Password;
+        _ ->
+            <<"">>
+    end.
+%% @format-end
+
 %%----------------------------------------------------------------------
 %%
 %%----------------------------------------------------------------------
@@ -259,9 +327,10 @@ mod_doc() ->
            ?T("Make sure either _`mod_bosh`_ or _`listen.md#ejabberd_http_ws|ejabberd_http_ws`_ "
               "are enabled in at least one 'request_handlers'."), "",
            ?T("When 'conversejs_css' and 'conversejs_script' are 'auto', "
-              "by default they point to the public Converse client.")
+              "by default they point to the public Converse client."), "",
+           ?T("This module is available since ejabberd 21.12.")
           ],
-      note => "added in 21.12 and improved in 22.05",
+      note => "improved in 25.07",
       example =>
           [{?T("Manually setup WebSocket url, and use the public Converse client:"),
             ["listen:",

src/mod_host_meta.erl

@@ -34,7 +34,7 @@
 -export([start/2, stop/1, reload/3, process/2,
          mod_opt_type/1, mod_options/1, depends/2]).
 -export([mod_doc/0]).
--export([get_url/4]).
+-export([get_url/4, get_auto_url/2]).
 
 -include("logger.hrl").
 
@@ -151,10 +151,10 @@ get_auto_url(Tls, Module) ->
         [] -> undefined;
         [{ThisTls, Port, Path} | _] ->
             Protocol = case {ThisTls, Module} of
-                           {false, mod_bosh} -> <<"http">>;
-                           {true, mod_bosh} -> <<"https">>;
                            {false, ejabberd_http_ws} -> <<"ws">>;
-                           {true, ejabberd_http_ws} -> <<"wss">>
+                           {true, ejabberd_http_ws} -> <<"wss">>;
+                           {false, _} -> <<"http">>;
+                           {true, _} -> <<"https">>
                        end,
             <<Protocol/binary,
               "://@HOST@:",

src/mod_http_upload.erl

@@ -717,7 +717,7 @@ get_proc_name(ServerHost, ModuleName, PutURL) ->
 
 -spec expand_home(binary()) -> binary().
 expand_home(Input) ->
-    {ok, [[Home]]} = init:get_argument(home),
+    Home = misc:get_home(),
     misc:expand_keyword(<<"@HOME@">>, Input, Home).
 
 -spec expand_host(binary(), binary()) -> binary().

src/mod_mam.erl

@@ -31,6 +31,7 @@
 -protocol({xep, 424, '0.4.2', '24.02', "partial", "Tombstones not implemented"}).
 -protocol({xep, 425, '0.3.0', '24.06', "complete", ""}).
 -protocol({xep, 441, '0.2.0', '15.06', "complete", ""}).
+-protocol({xep, 431, '0.2.0', '24.12', "complete", ""}).
 
 -behaviour(gen_mod).
 
@@ -78,7 +79,7 @@
 -callback delete_old_messages(binary() | global,
 			      erlang:timestamp(),
 			      all | chat | groupchat) -> any().
--callback extended_fields() -> [mam_query:property() | #xdata_field{}].
+-callback extended_fields(binary()) -> [mam_query:property() | #xdata_field{}].
 -callback store(xmlel(), binary(), {binary(), binary()}, chat | groupchat,
 		jid(), binary(), recv | send, integer(), binary(),
                 {true, binary()} | false) -> ok | any().
@@ -605,8 +606,18 @@ parse_query(#mam_query{xdata = #xdata{}} = Query, Lang) ->
 	  #xdata_field{var = <<"FORM_TYPE">>,
 		       type = hidden, values = [?NS_MAM_1]},
 	  Query#mam_query.xdata),
-    try	mam_query:decode(X#xdata.fields) of
-	Form -> {ok, Form}
+    {Fields, WithText} = case lists:keytake(<<"{urn:xmpp:fulltext:0}fulltext">>, #xdata_field.var, X#xdata.fields) of
+			     false -> {X#xdata.fields, <<>>};
+			     {value, #xdata_field{values = [V]}, F} -> {F, V};
+			     {value, _, F} -> {F, <<>>}
+			 end,
+    try	mam_query:decode(Fields) of
+	Form ->
+	    if WithText /= <<>> ->
+		    {ok, lists:keystore(withtext, 1, Form, {withtext, WithText})};
+		true ->
+		    {ok, Form}
+	    end
     catch _:{mam_query, Why} ->
 	    Txt = mam_query:format_error(Why),
 	    {error, xmpp:err_bad_request(Txt, Lang)}
@@ -818,7 +829,7 @@ process_iq(LServer, #iq{sub_els = [#mam_query{xmlns = NS}]} = IQ) ->
     CommonFields = [{with, undefined},
 		    {start, undefined},
 		    {'end', undefined}],
-    ExtendedFields = Mod:extended_fields(),
+    ExtendedFields = Mod:extended_fields(LServer),
     Fields = mam_query:encode(CommonFields ++ ExtendedFields),
     X = xmpp_util:set_xdata_field(
 	  #xdata_field{var = <<"FORM_TYPE">>, type = hidden, values = [NS]},

src/mod_mam_mnesia.erl

@@ -28,7 +28,7 @@
 
 %% API
 -export([init/2, remove_user/2, remove_room/3, delete_old_messages/3,
-	 extended_fields/0, store/10, write_prefs/4, get_prefs/2, select/6,
+	 extended_fields/1, store/10, write_prefs/4, get_prefs/2, select/6,
          remove_from_archive/3,
 	 is_empty_for_user/2, is_empty_for_room/3, delete_old_messages_batch/5,
          transform/1]).
@@ -185,7 +185,7 @@ delete_old_messages_batch(LServer, TimeStamp, Type, Batch, LastUS) ->
 	    {error, Err}
     end.
 
-extended_fields() ->
+extended_fields(_) ->
     [].
 
 store(Pkt, _, {LUser, LServer}, Type, Peer, Nick, _Dir, TS,
@@ -365,4 +365,6 @@ transform({archive_msg, US, ID, Timestamp, Peer, BarePeer,
        packet = Packet,
        nick = Nick,
        type = Type,
-       origin_id = <<"">>}.
+       origin_id = <<"">>};
+transform(Other) ->
+    Other.

src/mod_mam_sql.erl

@@ -29,7 +29,7 @@
 
 %% API
 -export([init/2, remove_user/2, remove_room/3, delete_old_messages/3,
-	 extended_fields/0, store/10, write_prefs/4, get_prefs/2, select/7, export/1, remove_from_archive/3,
+	 extended_fields/1, store/10, write_prefs/4, get_prefs/2, select/7, export/1, remove_from_archive/3,
 	 is_empty_for_user/2, is_empty_for_room/3, select_with_mucsub/6,
 	 delete_old_messages_batch/4, count_messages_to_delete/3]).
 -export([sql_schemas/0]).
@@ -213,21 +213,47 @@ count_messages_to_delete(ServerHost, TimeStamp, Type) ->
 delete_old_messages_batch(ServerHost, TimeStamp, Type, Batch) ->
     TS = misc:now_to_usec(TimeStamp),
     Res =
-    case Type of
-	all ->
-	    ejabberd_sql:sql_query(
-		ServerHost,
-		?SQL("delete from archive"
-		     " where timestamp < %(TS)d and %(ServerHost)H limit %(Batch)d"));
-	_ ->
-	    SType = misc:atom_to_binary(Type),
-	    ejabberd_sql:sql_query(
-		ServerHost,
-		?SQL("delete from archive"
-		     " where timestamp < %(TS)d"
-		     " and kind=%(SType)s"
-		     " and %(ServerHost)H limit %(Batch)d"))
-    end,
+	case Type of
+	    all ->
+		ejabberd_sql:sql_query(
+		    ServerHost,
+		    fun(sqlite, _) ->
+			ejabberd_sql:sql_query_t(
+			    ?SQL("delete from archive where rowid in "
+				 "(select rowid from archive where timestamp < %(TS)d and %(ServerHost)H limit %(Batch)d)"));
+		       (mssql, _) ->
+			   ejabberd_sql:sql_query_t(
+			       ?SQL("delete top(%(Batch)d)§ from archive"
+				    " where timestamp < %(TS)d and %(ServerHost)H"));
+		       (_, _) ->
+			   ejabberd_sql:sql_query_t(
+			       ?SQL("delete from archive"
+				    " where timestamp < %(TS)d and %(ServerHost)H limit %(Batch)d"))
+		    end);
+	    _ ->
+		SType = misc:atom_to_binary(Type),
+		ejabberd_sql:sql_query(
+		    ServerHost,
+		    fun(sqlite,_)->
+			ejabberd_sql:sql_query_t(
+			    ?SQL("delete from archive where rowid in ("
+				 " select rowid from archive where timestamp < %(TS)d"
+				 " and kind=%(SType)s"
+				 " and %(ServerHost)H limit %(Batch)d)"));
+		       (mssql, _)->
+			   ejabberd_sql:sql_query_t(
+			       ?SQL("delete top(%(Batch)d) from archive"
+				    " where timestamp < %(TS)d"
+				    " and kind=%(SType)s"
+				    " and %(ServerHost)H"));
+		       (_,_)->
+			   ejabberd_sql:sql_query_t(
+			       ?SQL("delete from archive"
+				    " where timestamp < %(TS)d"
+				    " and kind=%(SType)s"
+				    " and %(ServerHost)H limit %(Batch)d"))
+		    end)
+	end,
     case Res of
 	{updated, Count} ->
 	    {ok, Count};
@@ -254,8 +280,17 @@ delete_old_messages(ServerHost, TimeStamp, Type) ->
     end,
     ok.
 
-extended_fields() ->
-    [{withtext, <<"">>}].
+extended_fields(LServer) ->
+    case ejabberd_option:sql_type(LServer) of
+	mysql ->
+	    [{withtext, <<"">>},
+	     #xdata_field{var = <<"{urn:xmpp:fulltext:0}fulltext">>,
+			  type = 'text-single',
+			  label = <<"Search the text">>,
+			  values = []}];
+	_ ->
+	    []
+    end.
 
 store(Pkt, LServer, {LUser, LHost}, Type, Peer, Nick, _Dir, TS,
       OriginID, Retract) ->

src/mod_matrix_gw.erl

@@ -41,6 +41,7 @@
 	 handle_info/2, terminate/2, code_change/3,
          depends/2, mod_opt_type/1, mod_options/1, mod_doc/0]).
 -export([parse_auth/1, encode_canonical_json/1,
+         is_canonical_json/1,
          get_id_domain_exn/1,
          base64_decode/1, base64_encode/1,
          prune_event/2, get_event_id/2, content_hash/1,
@@ -155,8 +156,8 @@ process([<<"federation">>, <<"v2">>, <<"invite">>, RoomID, EventID],
                     %% TODO: check type and userid
                     Host = ejabberd_config:get_myname(),
                     PrunedEvent = prune_event(Event, RoomVersion),
-                    ?DEBUG("invite ~p~n", [{RoomID, EventID, Event, RoomVer, catch mod_matrix_gw_s2s:check_signature(Host, PrunedEvent), get_pruned_event_id(PrunedEvent)}]),
-                    case mod_matrix_gw_s2s:check_signature(Host, PrunedEvent) of
+                    %?DEBUG("invite ~p~n", [{RoomID, EventID, Event, RoomVer, catch mod_matrix_gw_s2s:check_signature(Host, PrunedEvent, RoomVersion), get_pruned_event_id(PrunedEvent)}]),
+                    case mod_matrix_gw_s2s:check_signature(Host, PrunedEvent, RoomVersion) of
                         true ->
                             case get_pruned_event_id(PrunedEvent) of
                                 EventID ->
@@ -629,9 +630,15 @@ prune_event(#{<<"type">> := Type, <<"content">> := Content} = Event,
     Content2 =
         case Type of
             <<"m.room.member">> ->
-                C3 = maps:with([<<"membership">>,
-                                <<"join_authorised_via_users_server">>],
-                               Content),
+                C3 =
+                    case RoomVersion#room_version.restricted_join_rule_fix of
+                        true ->
+                            maps:with([<<"membership">>,
+                                       <<"join_authorised_via_users_server">>],
+                                      Content);
+                        false ->
+                            maps:with([<<"membership">>], Content)
+                    end,
                 case RoomVersion#room_version.updated_redaction_rules of
                     false ->
                         C3;
@@ -653,7 +660,12 @@ prune_event(#{<<"type">> := Type, <<"content">> := Content} = Event,
                         Content
                 end;
             <<"m.room.join_rules">> ->
-                maps:with([<<"join_rule">>, <<"allow">>], Content);
+                case RoomVersion#room_version.restricted_join_rule of
+                    false ->
+                        maps:with([<<"join_rule">>], Content);
+                    true ->
+                        maps:with([<<"join_rule">>, <<"allow">>], Content)
+                end;
             <<"m.room.power_levels">> ->
                 case RoomVersion#room_version.updated_redaction_rules of
                     false ->
@@ -677,6 +689,8 @@ prune_event(#{<<"type">> := Type, <<"content">> := Content} = Event,
                     true ->
                         maps:with([<<"redacts">>], Content)
                 end;
+            <<"m.room.aliases">> when RoomVersion#room_version.special_case_aliases_auth ->
+                maps:with([<<"aliases">>], Content);
             _ -> #{}
         end,
     Event2#{<<"content">> := Content2}.
@@ -704,7 +718,7 @@ get_pruned_event_id(PrunedEvent) ->
 
 encode_canonical_json(JSON) ->
     JSON2 = sort_json(JSON),
-    misc:json_encode_with_kv_lists(JSON2).
+    misc:json_encode(JSON2).
 
 sort_json(#{} = Map) ->
     Map2 = maps:map(fun(_K, V) ->
@@ -716,6 +730,27 @@ sort_json(List) when is_list(List) ->
 sort_json(JSON) ->
     JSON.
 
+is_canonical_json(N) when is_integer(N),
+                          -16#1FFFFFFFFFFFFF =< N,
+                          N =< 16#1FFFFFFFFFFFFF ->
+    true;
+is_canonical_json(B) when is_binary(B) ->
+    true;
+is_canonical_json(B) when is_boolean(B) ->
+    true;
+is_canonical_json(Map) when is_map(Map) ->
+    maps:fold(
+      fun(_K, V, true) ->
+              is_canonical_json(V);
+         (_K, _V, false) ->
+              false
+      end, true, Map);
+is_canonical_json(List) when is_list(List) ->
+    lists:all(fun is_canonical_json/1, List);
+is_canonical_json(_) ->
+    false.
+
+
 base64_decode(B) ->
     Fixed =
         case size(B) rem 4 of
@@ -958,7 +993,7 @@ mod_doc() ->
           [?T("https://matrix.org/[Matrix] gateway. "),
            ?T("Erlang/OTP 25 or higher is required to use this module."),
            ?T("This module is available since ejabberd 24.02.")],
-      note => "improved in 25.03",
+      note => "improved in 25.07",
       example =>
 	  ["listen:",
 	   "  -",

src/mod_matrix_gw_room.erl

@@ -103,6 +103,7 @@
 -define(ROOM_MESSAGE, <<"m.room.message">>).
 -define(ROOM_HISTORY_VISIBILITY, <<"m.room.history_visibility">>).
 -define(ROOM_TOPIC, <<"m.room.topic">>).
+-define(ROOM_ALIASES, <<"m.room.aliases">>).
 
 -define(MAX_DEPTH, 16#7FFFFFFFFFFFFFFF).
 -define(MAX_TXN_RETRIES, 5).
@@ -221,35 +222,39 @@ route(#message{from = From, to = #jid{luser = <<C, _/binary>>} = To,
   when C == $!;
        C == $# ->
     Host = ejabberd_config:get_myname(),
-    case room_id_from_xmpp(Host, To#jid.luser) of
-        {ok, RoomID} ->
-            case From#jid.lserver of
-                Host ->
-                    case user_id_from_jid(From, Host) of
-                        {ok, UserID} ->
-                            case get_existing_room_pid(Host, RoomID) of
-                                {ok, Pid} ->
-                                    Text = xmpp:get_text(Body),
-                                    JSON =
-                                        #{<<"content">> =>
-                                              #{<<"body">> => Text,
-                                                <<"msgtype">> => <<"m.text">>,
-                                                <<"net.process-one.xmpp-id">> => MsgID},
-                                          <<"sender">> => UserID,
-                                          <<"type">> => ?ROOM_MESSAGE},
-                                    gen_statem:cast(Pid, {add_event, JSON}),
-                                    ok;
-                                _ ->
+    case xmpp:get_text(Body) of
+        <<"">> ->
+            ok;
+        Text ->
+            case room_id_from_xmpp(Host, To#jid.luser) of
+                {ok, RoomID} ->
+                    case From#jid.lserver of
+                        Host ->
+                            case user_id_from_jid(From, Host) of
+                                {ok, UserID} ->
+                                    case get_existing_room_pid(Host, RoomID) of
+                                        {ok, Pid} ->
+                                            JSON =
+                                                #{<<"content">> =>
+                                                      #{<<"body">> => Text,
+                                                        <<"msgtype">> => <<"m.text">>,
+                                                        <<"net.process-one.xmpp-id">> => MsgID},
+                                                  <<"sender">> => UserID,
+                                                  <<"type">> => ?ROOM_MESSAGE},
+                                            gen_statem:cast(Pid, {add_event, JSON}),
+                                            ok;
+                                        _ ->
+                                            ok
+                                    end;
+                                error ->
                                     ok
                             end;
-                        error ->
+                        _ ->
                             ok
                     end;
-                _ ->
+                error ->
                     ok
-            end;
-        error ->
-            ok
+            end
     end;
 route(#message{from = From, to = To, body = Body} = _Pkt) ->
     Host = ejabberd_config:get_myname(),
@@ -650,9 +655,7 @@ handle_event(cast, {join_direct, MatrixServer, RoomID, Sender, UserID}, State, D
                   Host, get, MatrixServer,
                   [<<"_matrix">>, <<"federation">>, <<"v1">>, <<"make_join">>,
                    RoomID, UserID],
-                  [{<<"ver">>, <<"9">>},
-                   {<<"ver">>, <<"10">>},
-                   {<<"ver">>, <<"11">>}],
+                  [{<<"ver">>, V} || V <- supported_versions()],
                   none,
                   [{timeout, 5000}],
                   [{sync, true},
@@ -770,9 +773,7 @@ handle_event(cast, {join, UserJID, Packet}, _State, Data) ->
                           Host, get, MatrixServer,
                           [<<"_matrix">>, <<"federation">>, <<"v1">>, <<"make_join">>,
                            RoomID, UserID],
-                          [{<<"ver">>, <<"9">>},
-                           {<<"ver">>, <<"10">>},
-                           {<<"ver">>, <<"11">>}],
+                          [{<<"ver">>, V} || V <- supported_versions()],
                           none,
                           [{timeout, 5000}],
                           [{sync, true},
@@ -1280,7 +1281,7 @@ check_event_auth(Event, StateMap, Data) ->
                                         <<"ban">> ->
                                             check_event_auth_ban(
                                               Event, StateMap, Data);
-                                        <<"knock">> ->
+                                        <<"knock">> when (Data#data.room_version)#room_version.knock_join_rule ->
                                             check_event_auth_knock(
                                               Event, StateMap, Data);
                                         _ ->
@@ -1289,6 +1290,18 @@ check_event_auth(Event, StateMap, Data) ->
                                 _ ->
                                     false
                             end;
+                        ?ROOM_ALIASES when (Data#data.room_version)#room_version.special_case_aliases_auth ->
+                            case Event#event.state_key of
+                                undefined ->
+                                    false;
+                                StateKey ->
+                                    case mod_matrix_gw:get_id_domain_exn(Event#event.sender) of
+                                        StateKey ->
+                                            true;
+                                        _ ->
+                                            false
+                                    end
+                            end;
                         _ ->
                             Sender = Event#event.sender,
                             case maps:find({?ROOM_MEMBER, Sender}, StateMap) of
@@ -1372,8 +1385,11 @@ check_event_auth_join(Event, StateMap, Data) ->
                             case {JoinRule, SenderMembership} of
                                 {<<"public">>, _} -> true;
                                 {<<"invite">>, <<"invite">>} -> true;
-                                {<<"knock">>, <<"invite">>} -> true;
-                                {<<"restricted">>, <<"invite">>} ->
+                                {<<"knock">>, <<"invite">>}
+                                  when (Data#data.room_version)#room_version.knock_join_rule ->
+                                    true;
+                                {<<"restricted">>, <<"invite">>}
+                                  when (Data#data.room_version)#room_version.restricted_join_rule ->
                                     %% TODO
                                     true;
                                 {<<"knock_restricted">>, <<"invite">>}
@@ -1442,7 +1458,7 @@ check_event_auth_leave(Event, StateMap, Data) ->
                     case SenderMembership of
                         <<"invite">> -> true;
                         <<"join">> -> true;
-                        <<"knock">> -> true;
+                        <<"knock">> when (Data#data.room_version)#room_version.knock_join_rule -> true;
                         _ -> false
                     end;
                 _ ->
@@ -1609,6 +1625,13 @@ check_event_auth_power_levels(Event, StateMap, Data) ->
     try
         case Event#event.json of
             #{<<"content">> := NewPL = #{<<"users">> := Users}} when is_map(Users) ->
+                CheckKeys =
+                    case (Data#data.room_version)#room_version.limit_notifications_power_levels of
+                        false ->
+                            [<<"events">>, <<"users">>];
+                        true ->
+                            [<<"events">>, <<"users">>, <<"notifications">>]
+                    end,
                 case (Data#data.room_version)#room_version.enforce_int_power_levels of
                     true ->
                         lists:foreach(
@@ -1632,7 +1655,7 @@ check_event_auth_power_levels(Event, StateMap, Data) ->
                                             end
                                     end, [], NewMap)
                           end,
-                          [<<"events">>, <<"users">>, <<"notifications">>]);
+                          CheckKeys);
                     false ->
                         ok
                 end,
@@ -1677,7 +1700,7 @@ check_event_auth_power_levels(Event, StateMap, Data) ->
                                             end
                                     end, [], maps:merge(OldMap, NewMap))
                           end,
-                          [<<"events">>, <<"users">>, <<"notifications">>]),
+                          CheckKeys),
                         true;
                     _ ->
                         true
@@ -1772,7 +1795,7 @@ fill_event(JSON, Data) ->
                         _ -> []
                     end
             end,
-            compute_event_auth_keys(JSON))),
+            compute_event_auth_keys(JSON, Data#data.room_version))),
     {JSON#{<<"auth_events">> => AuthEvents,
            <<"depth">> => Depth2,
            <<"origin">> => MatrixServer,
@@ -1923,7 +1946,8 @@ get_latest_events(Pid) ->
 check_event_signature(Host, Event) ->
     PrunedEvent = mod_matrix_gw:prune_event(Event#event.json,
                                             Event#event.room_version),
-    mod_matrix_gw_s2s:check_signature(Host, PrunedEvent).
+    mod_matrix_gw_s2s:check_signature(Host, PrunedEvent,
+                                      Event#event.room_version).
 
 find_event(Pid, EventID) ->
     gen_statem:call(Pid, {find_event, EventID}).
@@ -2526,8 +2550,85 @@ find_power_level_event(EventID, Data) ->
       end, undefined, Event#event.auth_events).
 
 
+binary_to_room_version(<<"4">>) ->
+    #room_version{id = <<"4">>,
+                  enforce_key_validity = false,
+                  special_case_aliases_auth = true,
+                  strict_canonicaljson = false,
+                  limit_notifications_power_levels = false,
+                  knock_join_rule = false,
+                  restricted_join_rule = false,
+                  restricted_join_rule_fix = false,
+                  knock_restricted_join_rule = false,
+                  enforce_int_power_levels = false,
+                  implicit_room_creator = false,
+                  updated_redaction_rules = false
+                 };
+binary_to_room_version(<<"5">>) ->
+    #room_version{id = <<"5">>,
+                  enforce_key_validity = true,
+                  special_case_aliases_auth = true,
+                  strict_canonicaljson = false,
+                  limit_notifications_power_levels = false,
+                  knock_join_rule = false,
+                  restricted_join_rule = false,
+                  restricted_join_rule_fix = false,
+                  knock_restricted_join_rule = false,
+                  enforce_int_power_levels = false,
+                  implicit_room_creator = false,
+                  updated_redaction_rules = false
+                 };
+binary_to_room_version(<<"6">>) ->
+    #room_version{id = <<"6">>,
+                  enforce_key_validity = true,
+                  special_case_aliases_auth = false,
+                  strict_canonicaljson = true,
+                  limit_notifications_power_levels = true,
+                  knock_join_rule = false,
+                  restricted_join_rule = false,
+                  restricted_join_rule_fix = false,
+                  knock_restricted_join_rule = false,
+                  enforce_int_power_levels = false,
+                  implicit_room_creator = false,
+                  updated_redaction_rules = false
+                 };
+binary_to_room_version(<<"7">>) ->
+    #room_version{id = <<"7">>,
+                  enforce_key_validity = true,
+                  special_case_aliases_auth = false,
+                  strict_canonicaljson = true,
+                  limit_notifications_power_levels = true,
+                  knock_join_rule = true,
+                  restricted_join_rule = false,
+                  restricted_join_rule_fix = false,
+                  knock_restricted_join_rule = false,
+                  enforce_int_power_levels = false,
+                  implicit_room_creator = false,
+                  updated_redaction_rules = false
+                 };
+binary_to_room_version(<<"8">>) ->
+    #room_version{id = <<"8">>,
+                  enforce_key_validity = true,
+                  special_case_aliases_auth = false,
+                  strict_canonicaljson = true,
+                  limit_notifications_power_levels = true,
+                  knock_join_rule = true,
+                  restricted_join_rule = true,
+                  restricted_join_rule_fix = false,
+                  knock_restricted_join_rule = false,
+                  enforce_int_power_levels = false,
+                  implicit_room_creator = false,
+                  updated_redaction_rules = false
+                 };
 binary_to_room_version(<<"9">>) ->
     #room_version{id = <<"9">>,
+                  enforce_key_validity = true,
+                  special_case_aliases_auth = false,
+                  strict_canonicaljson = true,
+                  limit_notifications_power_levels = true,
+                  knock_join_rule = true,
+                  restricted_join_rule = true,
+                  restricted_join_rule_fix = true,
                   knock_restricted_join_rule = false,
                   enforce_int_power_levels = false,
                   implicit_room_creator = false,
@@ -2535,6 +2636,13 @@ binary_to_room_version(<<"9">>) ->
                  };
 binary_to_room_version(<<"10">>) ->
     #room_version{id = <<"10">>,
+                  enforce_key_validity = true,
+                  special_case_aliases_auth = false,
+                  strict_canonicaljson = true,
+                  limit_notifications_power_levels = true,
+                  knock_join_rule = true,
+                  restricted_join_rule = true,
+                  restricted_join_rule_fix = true,
                   knock_restricted_join_rule = true,
                   enforce_int_power_levels = true,
                   implicit_room_creator = false,
@@ -2542,6 +2650,13 @@ binary_to_room_version(<<"10">>) ->
                  };
 binary_to_room_version(<<"11">>) ->
     #room_version{id = <<"11">>,
+                  enforce_key_validity = true,
+                  special_case_aliases_auth = false,
+                  strict_canonicaljson = true,
+                  limit_notifications_power_levels = true,
+                  knock_join_rule = true,
+                  restricted_join_rule = true,
+                  restricted_join_rule_fix = true,
                   knock_restricted_join_rule = true,
                   enforce_int_power_levels = true,
                   implicit_room_creator = true,
@@ -2550,6 +2665,10 @@ binary_to_room_version(<<"11">>) ->
 binary_to_room_version(_) ->
     false.
 
+supported_versions() ->
+    [<<"4">>, <<"5">>, <<"6">>, <<"7">>, <<"8">>, <<"9">>,
+     <<"10">>, <<"11">>].
+
 json_to_event(#{<<"type">> := Type,
                 <<"room_id">> := RoomID,
                 <<"depth">> := Depth,
@@ -2562,6 +2681,17 @@ json_to_event(#{<<"type">> := Type,
        is_list(AuthEvents) ->
     StateKey = maps:get(<<"state_key">>, JSON, undefined),
     EventID = mod_matrix_gw:get_event_id(JSON, RoomVersion),
+    case RoomVersion#room_version.strict_canonicaljson of
+        true ->
+            case mod_matrix_gw:is_canonical_json(JSON) of
+                true ->
+                    ok;
+                false ->
+                    throw(non_canonical_json)
+            end;
+        false ->
+            ok
+    end,
     #event{id = EventID,
            room_version = RoomVersion,
            room_id = RoomID,
@@ -3162,12 +3292,13 @@ new_room_id() ->
     MatrixServer = mod_matrix_gw_opt:matrix_domain(Host),
     <<$!, S/binary, $:, MatrixServer/binary>>.
 
-compute_event_auth_keys(#{<<"type">> := ?ROOM_CREATE}) ->
+compute_event_auth_keys(#{<<"type">> := ?ROOM_CREATE}, _RoomVersion) ->
     [];
 compute_event_auth_keys(#{<<"type">> := ?ROOM_MEMBER,
                           <<"sender">> := Sender,
                           <<"content">> := #{<<"membership">> := Membership} = Content,
-                          <<"state_key">> := StateKey}) ->
+                          <<"state_key">> := StateKey},
+                        RoomVersion) ->
     Common = [{?ROOM_CREATE, <<"">>},
               {?ROOM_POWER_LEVELS, <<"">>},
               {?ROOM_MEMBER, Sender},
@@ -3175,7 +3306,8 @@ compute_event_auth_keys(#{<<"type">> := ?ROOM_MEMBER,
     case Membership of
         <<"join">> ->
             case Content of
-                #{<<"join_authorised_via_users_server">> := AuthUser} ->
+                #{<<"join_authorised_via_users_server">> := AuthUser}
+                  when RoomVersion#room_version.restricted_join_rule ->
                     [{?ROOM_MEMBER, AuthUser}, {?ROOM_JOIN_RULES, <<"">>} | Common];
                 _ ->
                     [{?ROOM_JOIN_RULES, <<"">>} | Common]
@@ -3192,7 +3324,7 @@ compute_event_auth_keys(#{<<"type">> := ?ROOM_MEMBER,
         _ ->
             Common
     end;
-compute_event_auth_keys(#{<<"type">> := _, <<"sender">> := Sender}) ->
+compute_event_auth_keys(#{<<"type">> := _, <<"sender">> := Sender}, _RoomVersion) ->
     [{?ROOM_CREATE, <<"">>},
      {?ROOM_POWER_LEVELS, <<"">>},
      {?ROOM_MEMBER, Sender}].

src/mod_matrix_gw_s2s.erl

@@ -28,7 +28,7 @@
 
 %% API
 -export([start_link/2, supervisor/1, create_db/0,
-         get_connection/2, check_auth/5, check_signature/2,
+         get_connection/2, check_auth/5, check_signature/3,
          get_matrix_host_port/2]).
 
 %% gen_statem callbacks
@@ -38,6 +38,7 @@
 -include("logger.hrl").
 -include("ejabberd_http.hrl").
 -include_lib("kernel/include/inet.hrl").
+-include("mod_matrix_gw.hrl").
 
 -record(matrix_s2s,
         {to  :: binary(),
@@ -169,23 +170,29 @@ check_auth(Host, MatrixServer, AuthParams, Content, Request) ->
             false
     end.
 
-check_signature(Host, JSON) ->
+check_signature(Host, JSON, RoomVersion) ->
     case JSON of
         #{<<"sender">> := Sender,
-          <<"signatures">> := Sigs} ->
+          <<"signatures">> := Sigs,
+          <<"origin_server_ts">> := OriginServerTS} ->
             MatrixServer = mod_matrix_gw:get_id_domain_exn(Sender),
             case Sigs of
                 #{MatrixServer := #{} = KeySig} ->
                     case maps:next(maps:iterator(KeySig)) of
                         {KeyID, _Sig, _} ->
                             case catch get_key(Host, MatrixServer, KeyID) of
-                                {ok, VerifyKey, _ValidUntil} ->
-                                    %% TODO: check ValidUntil
-                                    case check_signature(JSON, MatrixServer, KeyID, VerifyKey) of
+                                {ok, VerifyKey, ValidUntil} ->
+                                    if
+                                        not RoomVersion#room_version.enforce_key_validity or
+                                        (OriginServerTS =< ValidUntil) ->
+                                            case check_signature(JSON, MatrixServer, KeyID, VerifyKey) of
+                                                true ->
+                                                    true;
+                                                false ->
+                                                    ?WARNING_MSG("Failed authentication: ~p", [JSON]),
+                                                    false
+                                            end;
                                         true ->
-                                            true;
-                                        false ->
-                                            ?WARNING_MSG("Failed authentication: ~p", [JSON]),
                                             false
                                     end;
                                 _ ->

src/mod_mix.erl

@@ -626,7 +626,7 @@ notify_participant_joined(Mod, LServer, To, From, ID, Nick) ->
 notify_participant_left(Mod, LServer, To, ID) ->
     {Chan, Host, _} = jid:tolower(To),
     Items = #ps_items{node = ?NS_MIX_NODES_PARTICIPANTS,
-		      retract = ID},
+		      retract = [ID]},
     Event = #ps_event{items = Items},
     Msg = #message{from = jid:remove_resource(To),
 		   id = p1_rand:get_string(),

src/mod_mix_mnesia.erl

@@ -128,6 +128,7 @@ set_participant(_LServer, Channel, Service, JID, ID, Nick) ->
 	 nick = Nick,
 	 created_at = erlang:timestamp()}).
 
+-spec get_participant(binary(), binary(), binary(), jid:jid()) -> {ok, {binary(), binary()}} | {error, notfound}.
 get_participant(_LServer, Channel, Service, JID) ->
     {User, Domain, _} = jid:tolower(JID),
     case mnesia:dirty_read(mix_participant, {User, Domain, Channel, Service}) of

src/mod_mix_sql.erl

@@ -167,6 +167,7 @@ set_participant(LServer, Channel, Service, JID, ID, Nick) ->
 	_Err -> {error, db_failure}
     end.
 
+-spec get_participant(binary(), binary(), binary(), jid:jid()) -> {ok, {binary(), binary()}} | {error, notfound | db_failure}.
 get_participant(LServer, Channel, Service, JID) ->
     {User, Domain, _} = jid:tolower(JID),
     case ejabberd_sql:sql_query(

src/mod_muc.erl

@@ -26,6 +26,7 @@
 -author('alexey@process-one.net').
 -protocol({xep, 45, '1.25', '0.5.0', "complete", ""}).
 -protocol({xep, 249, '1.2', '0.5.0', "complete", ""}).
+-protocol({xep, 486, '0.1.0', '24.07', "complete", ""}).
 -ifndef(GEN_SERVER).
 -define(GEN_SERVER, gen_server).
 -endif.

src/mod_muc_admin.erl

@@ -2230,9 +2230,8 @@ find_services_validate(Global, _Name) when Global == global;
     Global == <<"global">> ->
     find_services(Global);
 find_services_validate(Service, Name) ->
-    case validate_muc(Service, Name) of
-	Service2 -> find_services(Service2)
-    end.
+    Service2 = validate_muc(Service, Name),
+    find_services(Service2).
 
 find_services(Global) when Global == global;
 			Global == <<"global">> ->

src/mod_muc_rtbl.erl

@@ -151,9 +151,9 @@ pubsub_event_handler(#message{from = #jid{luser = <<>>, lserver = SServer},
     SNode = mod_muc_rtbl_opt:rtbl_node(Server),
     if SServer == SServer2 ->
 	case xmpp:get_subtag(Msg, #ps_event{}) of
-	    #ps_event{items = #ps_items{node = Node, retract = Retract}} when Node == SNode,
+	    #ps_event{items = #ps_items{node = Node, retract = [Retract | _] = RetractList}} when Node == SNode,
 									      is_binary(Retract) ->
-		mnesia:dirty_delete(muc_rtbl, {Server, Retract});
+		[mnesia:dirty_delete(muc_rtbl, {Server, R1}) || R1 <- RetractList];
 	    #ps_event{items = #ps_items{node = Node, items = Items}} when Node == SNode ->
 		Added = lists:foldl(
 		    fun(#ps_item{id = ID}, Acc) ->

src/mod_pubsub_serverinfo.erl

@@ -0,0 +1,391 @@
+%%%----------------------------------------------------------------------
+%%% File    : mod_pubsub_serverinfo.erl
+%%% Author  : Stefan Strigler <stefan@strigler.de>
+%%% Purpose : Exposes server information over Pub/Sub
+%%% Created : 26 Dec 2023 by Guus der Kinderen <guus.der.kinderen@gmail.com>
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2023 - 2025   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+
+-module(mod_pubsub_serverinfo).
+-author('stefan@strigler.de').
+
+-protocol({xep, 485, '0.1.1', '25.07', "complete", ""}).
+
+-behaviour(gen_mod).
+-behaviour(gen_server).
+
+-include("logger.hrl").
+-include("translate.hrl").
+
+-include_lib("xmpp/include/xmpp.hrl").
+
+%% gen_mod callbacks.
+-export([start/2, stop/1, depends/2, mod_options/1, mod_opt_type/1, get_local_features/5, mod_doc/0]).
+-export([init/1, handle_cast/2, handle_call/3, handle_info/2, terminate/2]).
+-export([in_auth_result/3, out_auth_result/2, get_info/5]).
+
+-define(NS_URN_SERVERINFO, <<"urn:xmpp:serverinfo:0">>).
+-define(PUBLIC_HOSTS_URL, <<"https://data.xmpp.net/providers/v2/providers-Ds.json">>).
+
+-record(state, {host, pubsub_host, node, monitors = #{}, timer = undefined, public_hosts = []}).
+
+%% @format-begin
+
+start(Host, Opts) ->
+    case pubsub_host(Host, Opts) of
+        {error, _Reason} = Error ->
+            Error;
+        PubsubHost ->
+            ejabberd_hooks:add(disco_local_features, Host, ?MODULE, get_local_features, 50),
+            ejabberd_hooks:add(disco_info, Host, ?MODULE, get_info, 50),
+            ejabberd_hooks:add(s2s_out_auth_result, Host, ?MODULE, out_auth_result, 50),
+            ejabberd_hooks:add(s2s_in_auth_result, Host, ?MODULE, in_auth_result, 50),
+            gen_mod:start_child(?MODULE, Host, PubsubHost)
+    end.
+
+stop(Host) ->
+    ejabberd_hooks:delete(disco_local_features, Host, ?MODULE, get_local_features, 50),
+    ejabberd_hooks:delete(disco_info, Host, ?MODULE, get_info, 50),
+    ejabberd_hooks:delete(s2s_out_auth_result, Host, ?MODULE, out_auth_result, 50),
+    ejabberd_hooks:delete(s2s_in_auth_result, Host, ?MODULE, in_auth_result, 50),
+    gen_mod:stop_child(?MODULE, Host).
+
+init([Host, PubsubHost]) ->
+    TRef =
+        timer:send_interval(
+            timer:minutes(5), self(), update_pubsub),
+    Monitors = init_monitors(Host),
+    PublicHosts = fetch_public_hosts(),
+    State =
+        #state{host = Host,
+               pubsub_host = PubsubHost,
+               node = <<"serverinfo">>,
+               timer = TRef,
+               monitors = Monitors,
+               public_hosts = PublicHosts},
+    self() ! update_pubsub,
+    {ok, State}.
+
+-spec init_monitors(binary()) -> map().
+init_monitors(Host) ->
+    lists:foldl(fun(Domain, Monitors) ->
+                   RefIn = make_ref(), % just dummies
+                   RefOut = make_ref(),
+                   maps:merge(#{RefIn => {incoming, {Host, Domain, true}},
+                                RefOut => {outgoing, {Host, Domain, true}}},
+                              Monitors)
+                end,
+                #{},
+                ejabberd_option:hosts() -- [Host]).
+
+-spec fetch_public_hosts() -> list().
+fetch_public_hosts() ->
+    try
+        {ok, {{_, 200, _}, _Headers, Body}} =
+            httpc:request(get, {?PUBLIC_HOSTS_URL, []}, [{timeout, 1000}], [{body_format, binary}]),
+        case misc:json_decode(Body) of
+            PublicHosts when is_list(PublicHosts) ->
+                PublicHosts;
+            Other ->
+                ?WARNING_MSG("Parsed JSON for public hosts was not a list: ~p", [Other]),
+                []
+        end
+    catch
+        E:R ->
+            ?WARNING_MSG("Failed fetching public hosts (~p): ~p", [E, R]),
+            []
+    end.
+
+handle_cast({Event, Domain, Pid}, #state{host = Host, monitors = Mons} = State)
+    when Event == register_in; Event == register_out ->
+    Ref = monitor(process, Pid),
+    IsPublic = check_if_public(Domain, State),
+    NewMons = maps:put(Ref, {event_to_dir(Event), {Host, Domain, IsPublic}}, Mons),
+    {noreply, State#state{monitors = NewMons}};
+handle_cast(_, State) ->
+    {noreply, State}.
+
+event_to_dir(register_in) ->
+    incoming;
+event_to_dir(register_out) ->
+    outgoing.
+
+handle_call(pubsub_host, _From, #state{pubsub_host = PubsubHost} = State) ->
+    {reply, {ok, PubsubHost}, State};
+handle_call(_Request, _From, State) ->
+    {noreply, State}.
+
+handle_info({iq_reply, IQReply, {LServer, RServer}}, #state{monitors = Mons} = State) ->
+    case IQReply of
+        #iq{type = result, sub_els = [El]} ->
+            case xmpp:decode(El) of
+                #disco_info{features = Features} ->
+                    case lists:member(?NS_URN_SERVERINFO, Features) of
+                        true ->
+                            NewMons =
+                                maps:fold(fun (Ref, {Dir, {LServer0, RServer0, _}}, Acc)
+                                                  when LServer == LServer0, RServer == RServer0 ->
+                                                  maps:put(Ref,
+                                                           {Dir, {LServer, RServer, true}},
+                                                           Acc);
+                                              (Ref, Other, Acc) ->
+                                                  maps:put(Ref, Other, Acc)
+                                          end,
+                                          #{},
+                                          Mons),
+                            {noreply, State#state{monitors = NewMons}};
+                        _ ->
+                            {noreply, State}
+                    end;
+                _ ->
+                    {noreply, State}
+            end;
+        _ ->
+            {noreply, State}
+    end;
+handle_info(update_pubsub, State) ->
+    update_pubsub(State),
+    {noreply, State};
+handle_info({'DOWN', Mon, process, _Pid, _Info}, #state{monitors = Mons} = State) ->
+    {noreply, State#state{monitors = maps:remove(Mon, Mons)}};
+handle_info(_Request, State) ->
+    {noreply, State}.
+
+terminate(_Reason, #state{monitors = Mons, timer = Timer}) ->
+    case is_reference(Timer) of
+        true ->
+            case erlang:cancel_timer(Timer) of
+                false ->
+                    receive
+                        {timeout, Timer, _} ->
+                            ok
+                    after 0 ->
+                        ok
+                    end;
+                _ ->
+                    ok
+            end;
+        _ ->
+            ok
+    end,
+    maps:fold(fun(Mon, _, _) -> demonitor(Mon) end, ok, Mons).
+
+depends(_Host, _Opts) ->
+    [{mod_pubsub, hard}].
+
+mod_options(_Host) ->
+    [{pubsub_host, undefined}].
+
+mod_opt_type(pubsub_host) ->
+    econf:either(undefined, econf:host()).
+
+mod_doc() ->
+    #{desc =>
+          [?T("This module adds support for "
+              "https://xmpp.org/extensions/xep-0485.html[XEP-0485: PubSub Server Information] "
+              "to expose S2S information over the Pub/Sub service."),
+           "",
+           ?T("Active S2S connections are published to a local PubSub node. "
+              "Currently the node name is hardcoded as '\"serverinfo\"'."),
+           "",
+           ?T("Connections that support this feature are exposed with their domain names, "
+              "otherwise they are shown as anonymous nodes. "
+              "At startup a list of well known public servers is fetched. "
+              "Those are not shown as anonymous even if they don't support this feature."),
+           "",
+           ?T("Please note that the module only shows S2S connections established while the module is running. "
+              "If you install the module at runtime, run _`stop_s2s_connections`_ API or restart ejabberd "
+              "to force S2S reconnections that the module will detect and publish."),
+           "",
+           ?T("This module depends on _`mod_pubsub`_ and _`mod_disco`_.")],
+      note => "added in 25.07",
+      opts =>
+          [{pubsub_host,
+            #{value => "undefined | string()",
+              desc =>
+                  ?T("Use this local PubSub host to advertise S2S connections. "
+                     "This must be a host local to this service handled by _`mod_pubsub`_. "
+                     "This option is only needed if your configuration has more than one host in mod_pubsub's 'hosts' option. "
+                     "The default value is the first host defined in mod_pubsub 'hosts' option.")}}],
+      example =>
+          ["modules:", "  mod_pubsub_serverinfo:", "    pubsub_host: custom.pubsub.domain.local"]}.
+
+in_auth_result(#{server_host := Host, remote_server := RServer} = State, true, _Server) ->
+    gen_server:cast(
+        gen_mod:get_module_proc(Host, ?MODULE), {register_in, RServer, self()}),
+    State;
+in_auth_result(State, _, _) ->
+    State.
+
+out_auth_result(#{server_host := Host, remote_server := RServer} = State, true) ->
+    gen_server:cast(
+        gen_mod:get_module_proc(Host, ?MODULE), {register_out, RServer, self()}),
+    State;
+out_auth_result(State, _) ->
+    State.
+
+check_if_public(Domain, State) ->
+    maybe_send_disco_info(is_public(Domain, State) orelse is_monitored(Domain, State),
+                          Domain,
+                          State).
+
+is_public(Domain, #state{public_hosts = PublicHosts}) ->
+    lists:member(Domain, PublicHosts).
+
+is_monitored(Domain, #state{host = Host, monitors = Mons}) ->
+    maps:size(
+        maps:filter(fun (_Ref, {_Dir, {LServer, RServer, IsPublic}})
+                            when LServer == Host, RServer == Domain ->
+                            IsPublic;
+                        (_Ref, _Other) ->
+                            false
+                    end,
+                    Mons))
+    =/= 0.
+
+maybe_send_disco_info(true, _Domain, _State) ->
+    true;
+maybe_send_disco_info(false, Domain, #state{host = Host}) ->
+    Proc = gen_mod:get_module_proc(Host, ?MODULE),
+    IQ = #iq{type = get,
+             from = jid:make(Host),
+             to = jid:make(Domain),
+             sub_els = [#disco_info{}]},
+    ejabberd_router:route_iq(IQ, {Host, Domain}, Proc),
+    false.
+
+update_pubsub(#state{host = Host,
+                     pubsub_host = PubsubHost,
+                     node = Node,
+                     monitors = Mons}) ->
+    Map = maps:fold(fun(_, {Dir, {MyDomain, Target, IsPublic}}, Acc) ->
+                       maps:update_with(MyDomain,
+                                        fun(Acc2) ->
+                                           maps:update_with(Target,
+                                                            fun({Types, _}) ->
+                                                               {Types#{Dir => true}, IsPublic}
+                                                            end,
+                                                            {#{Dir => true}, IsPublic},
+                                                            Acc2)
+                                        end,
+                                        #{Target => {#{Dir => true}, IsPublic}},
+                                        Acc)
+                    end,
+                    #{},
+                    Mons),
+    Domains =
+        maps:fold(fun(MyDomain, Targets, Acc) ->
+                     Remote =
+                         maps:fold(fun (Remote, {Types, true}, Acc2) ->
+                                           [#pubsub_serverinfo_remote_domain{name = Remote,
+                                                                             type =
+                                                                                 maps:keys(Types)}
+                                            | Acc2];
+                                       (_HiddenRemote, {Types, false}, Acc2) ->
+                                           [#pubsub_serverinfo_remote_domain{type =
+                                                                                 maps:keys(Types)}
+                                            | Acc2]
+                                   end,
+                                   [],
+                                   Targets),
+                     [#pubsub_serverinfo_domain{name = MyDomain, remote_domain = Remote} | Acc]
+                  end,
+                  [],
+                  Map),
+
+    PubOpts = [{persist_items, true}, {max_items, 1}, {access_model, open}],
+    ?DEBUG("Publishing serverinfo pubsub item on ~s: ~p", [PubsubHost, Domains]),
+    mod_pubsub:publish_item(PubsubHost,
+                            Host,
+                            Node,
+                            jid:make(Host),
+                            <<"current">>,
+                            [xmpp:encode(#pubsub_serverinfo{domain = Domains})],
+                            PubOpts,
+                            all).
+
+get_local_features({error, _} = Acc, _From, _To, _Node, _Lang) ->
+    Acc;
+get_local_features(Acc, _From, _To, Node, _Lang) when Node == <<>> ->
+    case Acc of
+        {result, Features} ->
+            {result, [?NS_URN_SERVERINFO | Features]};
+        empty ->
+            {result, [?NS_URN_SERVERINFO]}
+    end;
+get_local_features(Acc, _From, _To, _Node, _Lang) ->
+    Acc.
+
+get_info(Acc, Host, Mod, Node, Lang)
+    when Mod == undefined orelse Mod == mod_disco, Node == <<"">> ->
+    case mod_disco:get_info(Acc, Host, Mod, Node, Lang) of
+        [#xdata{fields = Fields} = XD | Rest] ->
+            PubsubHost = pubsub_host(Host),
+            NodeField =
+                #xdata_field{var = <<"serverinfo-pubsub-node">>,
+                             values = [<<"xmpp:", PubsubHost/binary, "?;node=serverinfo">>]},
+            {stop, [XD#xdata{fields = Fields ++ [NodeField]} | Rest]};
+        _ ->
+            Acc
+    end;
+get_info(Acc, Host, Mod, Node, _Lang) when Node == <<"">>, is_atom(Mod) ->
+    PubsubHost = pubsub_host(Host),
+    [#xdata{type = result,
+            fields =
+                [#xdata_field{type = hidden,
+                              var = <<"FORM_TYPE">>,
+                              values = [?NS_SERVERINFO]},
+                 #xdata_field{var = <<"serverinfo-pubsub-node">>,
+                              values = [<<"xmpp:", PubsubHost/binary, "?;node=serverinfo">>]}]}
+     | Acc];
+get_info(Acc, _Host, _Mod, _Node, _Lang) ->
+    Acc.
+
+pubsub_host(Host) ->
+    {ok, PubsubHost} =
+        gen_server:call(
+            gen_mod:get_module_proc(Host, ?MODULE), pubsub_host),
+    PubsubHost.
+
+pubsub_host(Host, Opts) ->
+    case gen_mod:get_opt(pubsub_host, Opts) of
+        undefined ->
+            PubsubHost = hd(get_mod_pubsub_hosts(Host)),
+            ?INFO_MSG("No pubsub_host in configuration for ~p, choosing ~s", [?MODULE, PubsubHost]),
+            PubsubHost;
+        PubsubHost ->
+            case check_pubsub_host_exists(Host, PubsubHost) of
+                true ->
+                    PubsubHost;
+                false ->
+                    {error, {pubsub_host_does_not_exist, PubsubHost}}
+            end
+    end.
+
+check_pubsub_host_exists(Host, PubsubHost) ->
+    lists:member(PubsubHost, get_mod_pubsub_hosts(Host)).
+
+get_mod_pubsub_hosts(Host) ->
+    case gen_mod:get_module_opt(Host, mod_pubsub, hosts) of
+        [] ->
+            [gen_mod:get_module_opt(Host, mod_pubsub, host)];
+        PubsubHosts ->
+            PubsubHosts
+    end.

src/mod_pubsub_serverinfo_opt.erl

@@ -0,0 +1,13 @@
+%% Generated automatically
+%% DO NOT EDIT: run `make options` instead
+
+-module(mod_pubsub_serverinfo_opt).
+
+-export([pubsub_host/1]).
+
+-spec pubsub_host(gen_mod:opts() | global | binary()) -> 'undefined' | binary().
+pubsub_host(Opts) when is_map(Opts) ->
+    gen_mod:get_opt(pubsub_host, Opts);
+pubsub_host(Host) ->
+    gen_mod:get_module_opt(Host, mod_pubsub_serverinfo, pubsub_host).
+

src/mod_register.erl

@@ -87,7 +87,7 @@ c2s_unauthenticated_packet(#{ip := IP, server := Server} = State,
     catch _:{xmpp_codec, Why} ->
 	    Txt = xmpp:io_format_error(Why),
 	    Lang = maps:get(lang, State),
-	    Err = xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang)),
+	    Err = make_stripped_error(IQ, xmpp:err_bad_request(Txt, Lang)),
 	    {stop, ejabberd_c2s:send(State, Err)}
     end;
 c2s_unauthenticated_packet(State, _) ->
@@ -116,7 +116,7 @@ process_iq(#iq{type = set, lang = Lang,
 	       sub_els = [#register{remove = true}]} = IQ,
 	   _Source, _IsCaptchaEnabled, _AllowRemove = false) ->
     Txt = ?T("Access denied by service policy"),
-    xmpp:make_error(IQ, xmpp:err_forbidden(Txt, Lang));
+    make_stripped_error(IQ, xmpp:err_forbidden(Txt, Lang));
 process_iq(#iq{type = set, lang = Lang, to = To, from = From,
 	       sub_els = [#register{remove = true,
 				    username = User,
@@ -141,12 +141,12 @@ process_iq(#iq{type = set, lang = Lang, to = To, from = From,
                                     ignore;
                                 false ->
                                     Txt = ?T("Incorrect password"),
-                                    xmpp:make_error(
+                                    make_stripped_error(
                                       IQ, xmpp:err_forbidden(Txt, Lang))
                             end;
 		       true ->
 			    Txt = ?T("No 'password' found in this query"),
-			    xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang))
+			    make_stripped_error(IQ, xmpp:err_bad_request(Txt, Lang))
 		    end
 	    end;
        true ->
@@ -158,7 +158,7 @@ process_iq(#iq{type = set, lang = Lang, to = To, from = From,
 		    ignore;
 		_ ->
 		    Txt = ?T("The query is only allowed from local users"),
-		    xmpp:make_error(IQ, xmpp:err_not_allowed(Txt, Lang))
+		    make_stripped_error(IQ, xmpp:err_not_allowed(Txt, Lang))
 	    end
     end;
 process_iq(#iq{type = set, to = To,
@@ -186,17 +186,17 @@ process_iq(#iq{type = set, to = To,
 		      User, Server, Password, IQ, Source, true);
 		_ ->
 		    Txt = ?T("Incorrect data form"),
-		    xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang))
+		    make_stripped_error(IQ, xmpp:err_bad_request(Txt, Lang))
 	    end;
 	{error, malformed} ->
 	    Txt = ?T("Incorrect CAPTCHA submit"),
-	    xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang));
+	    make_stripped_error(IQ, xmpp:err_bad_request(Txt, Lang));
 	_ ->
 	    ErrText = ?T("The CAPTCHA verification has failed"),
-	    xmpp:make_error(IQ, xmpp:err_not_allowed(ErrText, Lang))
+	    make_stripped_error(IQ, xmpp:err_not_allowed(ErrText, Lang))
     end;
 process_iq(#iq{type = set} = IQ, _Source, _IsCaptchaEnabled, _AllowRemove) ->
-    xmpp:make_error(IQ, xmpp:err_bad_request());
+    make_stripped_error(IQ, xmpp:err_bad_request());
 process_iq(#iq{type = get, from = From, to = To, id = ID, lang = Lang} = IQ,
 	   Source, IsCaptchaEnabled, _AllowRemove) ->
     Server = To#jid.lserver,
@@ -248,11 +248,11 @@ process_iq(#iq{type = get, from = From, to = To, id = ID, lang = Lang} = IQ,
 				    sub_els = [Xdata | CaptchaEls2]});
 		{error, limit} ->
 		    ErrText = ?T("Too many CAPTCHA requests"),
-		    xmpp:make_error(
+		    make_stripped_error(
 		      IQ, xmpp:err_resource_constraint(ErrText, Lang));
 		_Err ->
 		    ErrText = ?T("Unable to generate a CAPTCHA"),
-		    xmpp:make_error(
+		    make_stripped_error(
 		      IQ, xmpp:err_internal_server_error(ErrText, Lang))
 	    end;
        true ->
@@ -267,8 +267,11 @@ process_iq(#iq{type = get, from = From, to = To, id = ID, lang = Lang} = IQ,
 try_register_or_set_password(User, Server, Password,
 			     #iq{from = From, lang = Lang} = IQ,
 			     Source, CaptchaSucceed) ->
-    case From of
-	#jid{user = User, lserver = Server} ->
+    case {jid:nodeprep(User), From} of
+	{error, _} ->
+	    Err = xmpp:err_jid_malformed(format_error(invalid_jid), Lang),
+	    make_stripped_error(IQ, Err);
+	{UserP, #jid{user = User2, lserver = Server}} when UserP == User2 ->
 	    try_set_password(User, Server, Password, IQ);
 	_ when CaptchaSucceed ->
 	    case check_from(From, Server) of
@@ -277,14 +280,14 @@ try_register_or_set_password(User, Server, Password,
 			ok ->
 			    xmpp:make_iq_result(IQ);
 			{error, Error} ->
-			    xmpp:make_error(IQ, Error)
+			    make_stripped_error(IQ, Error)
 		    end;
 		deny ->
 		    Txt = ?T("Access denied by service policy"),
-		    xmpp:make_error(IQ, xmpp:err_forbidden(Txt, Lang))
+		    make_stripped_error(IQ, xmpp:err_forbidden(Txt, Lang))
 	    end;
 	_ ->
-	    xmpp:make_error(IQ, xmpp:err_not_allowed())
+	    make_stripped_error(IQ, xmpp:err_not_allowed())
     end.
 
 try_set_password(User, Server, Password) ->
@@ -307,15 +310,15 @@ try_set_password(User, Server, Password, #iq{lang = Lang, meta = M} = IQ) ->
 	    xmpp:make_iq_result(IQ);
 	{error, not_allowed} ->
 	    Txt = ?T("Changing password is not allowed"),
-	    xmpp:make_error(IQ, xmpp:err_not_allowed(Txt, Lang));
+	    make_stripped_error(IQ, xmpp:err_not_allowed(Txt, Lang));
 	{error, invalid_jid = Why} ->
-	    xmpp:make_error(IQ, xmpp:err_jid_malformed(format_error(Why), Lang));
+	    make_stripped_error(IQ, xmpp:err_jid_malformed(format_error(Why), Lang));
 	{error, invalid_password = Why} ->
-	    xmpp:make_error(IQ, xmpp:err_not_allowed(format_error(Why), Lang));
+	    make_stripped_error(IQ, xmpp:err_not_allowed(format_error(Why), Lang));
 	{error, weak_password = Why} ->
-	    xmpp:make_error(IQ, xmpp:err_not_acceptable(format_error(Why), Lang));
+	    make_stripped_error(IQ, xmpp:err_not_acceptable(format_error(Why), Lang));
 	{error, db_failure = Why} ->
-	    xmpp:make_error(IQ, xmpp:err_internal_server_error(format_error(Why), Lang))
+	    make_stripped_error(IQ, xmpp:err_internal_server_error(format_error(Why), Lang))
     end.
 
 try_register(User, Server, Password, SourceRaw, Module) ->
@@ -562,6 +565,9 @@ is_strong_password2(Server, Password) ->
             ejabberd_auth:entropy(Password) >= Entropy
     end.
 
+make_stripped_error(IQ, Err) ->
+    xmpp:make_error(xmpp:remove_subtag(IQ, #register{}), Err).
+
 %%%
 %%% ip_access management
 %%%

src/mod_scram_upgrade.erl

@@ -112,10 +112,8 @@ c2s_handle_sasl2_task_data({_, #{user := User, server := Server,
 					      serverkey = ServerKey, storedkey = StoredKey}),
 	    State2 = maps:remove(scram_upgrade, State),
 	    InlineEls2 = lists:keydelete(sasl_upgrade, 1, InlineEls),
-	    case ejabberd_c2s:handle_sasl2_inline(InlineEls2, State2) of
-		{State3, NewEls, Results} ->
-		    {success, NewEls, Results, State3}
-	    end;
+	    {State3, NewEls, Results} = ejabberd_c2s:handle_sasl2_inline(InlineEls2, State2),
+	    {success, NewEls, Results, State3};
 	_ ->
 	    {abort, State}
     end.

src/pubsub_db_sql.erl

@@ -56,7 +56,7 @@ delete_subscription(SubID) ->
            "where subid = %(SubID)s")),
     ok.
 
--spec update_subscription(#pubsub_subscription{}) -> ok .
+-spec update_subscription(#pubsub_subscription{}) -> ok.
 update_subscription(#pubsub_subscription{subid = SubId} = Sub) ->
     delete_subscription(SubId), add_subscription(Sub).
 

src/rest.erl

@@ -38,7 +38,14 @@
 start(Host) ->
     application:start(inets),
     Size = ejabberd_option:ext_api_http_pool_size(Host),
-    httpc:set_options([{max_sessions, Size}]).
+    Proxy = case {ejabberd_option:rest_proxy(Host),
+                  ejabberd_option:rest_proxy_port(Host)} of
+                {<<>>, _} ->
+                    [];
+                {Host, Port} ->
+                    [{proxy, {{binary_to_list(Host), Port}, []}}]
+            end,
+    httpc:set_options([{max_sessions, Size}] ++ Proxy).
 
 stop(_Host) ->
     ok.
@@ -87,8 +94,15 @@ request(Server, Method, Path, Params, Mime, Data) ->
 			_ -> {Params, []}
 		   end,
     URI = to_list(url(Server, Path, Query)),
-    HttpOpts = [{connect_timeout, ?CONNECT_TIMEOUT},
-		{timeout, ?HTTP_TIMEOUT}],
+    HttpOpts = case {ejabberd_option:rest_proxy_username(Server),
+                     ejabberd_option:rest_proxy_password(Server)} of
+                   {"", _} -> [{connect_timeout, ?CONNECT_TIMEOUT},
+                               {timeout, ?HTTP_TIMEOUT}];
+                   {User, Pass} ->
+                       [{connect_timeout, ?CONNECT_TIMEOUT},
+                        {timeout, ?HTTP_TIMEOUT},
+                        {proxy_auth, {User, Pass}}]
+               end,
     Hdrs = [{"connection", "keep-alive"},
             {"Accept", "application/json"},
 	    {"User-Agent", "ejabberd"}]

test/antispam_tests.erl

@@ -0,0 +1,290 @@
+%%%-------------------------------------------------------------------
+%%% Author  : Stefan Strigler <stefan@strigler.de>
+%%% Created : 8 May 2025 by Stefan Strigler
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2025   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+
+-module(antispam_tests).
+
+-compile(export_all).
+
+-import(suite, [recv_presence/1, send_recv/2, my_jid/1, muc_room_jid/1,
+		send/2, recv_message/1, recv_iq/1, muc_jid/1,
+		alt_room_jid/1, wait_for_slave/1, wait_for_master/1,
+		disconnect/1, put_event/2, get_event/1, peer_muc_jid/1,
+		my_muc_jid/1, get_features/2, set_opt/3]).
+-include("suite.hrl").
+-include("mod_antispam.hrl").
+
+%% @format-begin
+
+%%%===================================================================
+%%% API
+%%%===================================================================
+%%%===================================================================
+%%% Single tests
+%%%===================================================================
+
+single_cases() ->
+    {antispam_single,
+     [sequence],
+     [single_test(block_by_jid),
+      single_test(block_by_url),
+      single_test(blocked_jid_is_cached),
+      single_test(uncache_blocked_jid),
+      single_test(check_blocked_domain),
+      single_test(unblock_domain),
+      single_test(empty_domain_list),
+      single_test(block_domain_globally),
+      single_test(check_domain_blocked_globally),
+      single_test(unblock_domain_in_vhost),
+      single_test(unblock_domain_globally),
+      single_test(block_domain_in_vhost),
+      single_test(unblock_domain_in_vhost2),
+      single_test(jid_cache),
+      single_test(rtbl_domains),
+      single_test(rtbl_domains_whitelisted),
+      single_test(spam_dump_file)]}.
+
+%%%===================================================================
+
+block_by_jid(Config) ->
+    is_spam(message_hello(<<"spammer_jid">>, <<"localhost">>, Config)).
+
+block_by_url(Config) ->
+    From = jid:make(<<"spammer">>, <<"localhost">>, <<"spam_client">>),
+    To = my_jid(Config),
+    is_not_spam(message_hello(<<"spammer">>, <<"localhost">>, Config)),
+    is_spam(message(From, To, <<"hello world\nhttps://spam.domain.url">>)).
+
+blocked_jid_is_cached(Config) ->
+    is_spam(message_hello(<<"spammer">>, <<"localhost">>, Config)).
+
+uncache_blocked_jid(Config) ->
+    Host = ?config(server, Config),
+    Spammer = jid:make(<<"spammer">>, <<"localhost">>, <<"">>),
+    mod_antispam:drop_from_spam_filter_cache(Host, jid:to_string(Spammer)),
+    is_not_spam(message_hello(<<"spammer">>, <<"localhost">>, Config)).
+
+check_blocked_domain(Config) ->
+    is_spam(message_hello(<<"other_spammer">>, <<"spam_domain.org">>, Config)).
+
+unblock_domain(Config) ->
+    Host = ?config(server, Config),
+    ?match({ok, _}, mod_antispam:remove_blocked_domain(Host, <<"spam_domain.org">>)),
+    ?match([], mod_antispam:get_blocked_domains(Host)),
+    is_not_spam(message_hello(<<"spammer">>, <<"spam_domain.org">>, Config)).
+
+%%%===================================================================
+
+empty_domain_list(Config) ->
+    Host = ?config(server, Config),
+    ?match([], mod_antispam:get_blocked_domains(Host)),
+    SpamFrom = jid:make(<<"spammer">>, <<"spam.domain">>, <<"spam_client">>),
+    To = my_jid(Config),
+    Msg = message(SpamFrom, To, <<"hello world">>),
+    is_not_spam(Msg).
+
+block_domain_globally(Config) ->
+    ?match({ok, _}, mod_antispam:add_blocked_domain(<<"global">>, <<"spam.domain">>)),
+    SpamFrom = jid:make(<<"spammer">>, <<"spam.domain">>, <<"spam_client">>),
+    To = my_jid(Config),
+    is_spam(message(SpamFrom, To, <<"hello world">>)).
+
+check_domain_blocked_globally(_Config) ->
+    Vhosts = [H || H <- ejabberd_option:hosts(), gen_mod:is_loaded(H, mod_antispam)],
+    NumVhosts = length(Vhosts),
+    ?match(NumVhosts, length(lists:filter(has_spam_domain(<<"spam.domain">>), Vhosts))).
+
+unblock_domain_in_vhost(Config) ->
+    Host = ?config(server, Config),
+    ?match({ok, _}, mod_antispam:remove_blocked_domain(Host, <<"spam.domain">>)),
+    ?match([], mod_antispam:get_blocked_domains(Host)),
+    SpamFrom = jid:make(<<"spammer">>, <<"spam.domain">>, <<"spam_client">>),
+    To = my_jid(Config),
+    is_not_spam(message(SpamFrom, To, <<"hello world">>)).
+
+unblock_domain_globally(_Config) ->
+    Vhosts = [H || H <- ejabberd_option:hosts(), gen_mod:is_loaded(H, mod_antispam)],
+    NumVhosts = length(Vhosts),
+    ?match(NumVhosts, length(lists:filter(has_spam_domain(<<"spam.domain">>), Vhosts)) + 1),
+    ?match({ok, _}, mod_antispam:remove_blocked_domain(<<"global">>, <<"spam.domain">>)),
+    ?match([], lists:filter(has_spam_domain(<<"spam.domain">>), Vhosts)).
+
+block_domain_in_vhost(Config) ->
+    Host = ?config(server, Config),
+    Vhosts = [H || H <- ejabberd_option:hosts(), gen_mod:is_loaded(H, mod_antispam)],
+    ?match({ok, _}, mod_antispam:add_blocked_domain(Host, <<"spam.domain">>)),
+    ?match([Host], lists:filter(has_spam_domain(<<"spam.domain">>), Vhosts)),
+    SpamFrom = jid:make(<<"spammer">>, <<"spam.domain">>, <<"spam_client">>),
+    To = my_jid(Config),
+    is_spam(message(SpamFrom, To, <<"hello world">>)).
+
+unblock_domain_in_vhost2(Config) ->
+    Host = ?config(server, Config),
+    ?match({ok, _}, mod_antispam:remove_blocked_domain(Host, <<"spam.domain">>)),
+    SpamFrom = jid:make(<<"spammer">>, <<"spam.domain">>, <<"spam_client">>),
+    To = my_jid(Config),
+    is_not_spam(message(SpamFrom, To, <<"hello world">>)),
+    disconnect(Config).
+
+%%%===================================================================
+
+jid_cache(Config) ->
+    Host = ?config(server, Config),
+    SpamFrom = jid:make(<<"spammer">>, Host, <<"spam_client">>),
+    is_not_spam(message_hello(<<"spammer">>, Host, Config)),
+    mod_antispam:add_to_spam_filter_cache(Host, jid:to_string(SpamFrom)),
+    is_spam(message_hello(<<"spammer">>, Host, Config)),
+    mod_antispam:drop_from_spam_filter_cache(Host, jid:to_string(SpamFrom)),
+    is_not_spam(message_hello(<<"spammer">>, Host, Config)),
+    disconnect(Config).
+
+%%%===================================================================
+
+rtbl_domains(Config) ->
+    Host = ?config(server, Config),
+    RTBLHost =
+        jid:to_string(
+            suite:pubsub_jid(Config)),
+    RTBLDomainsNode = <<"spam_source_domains">>,
+    OldOpts = gen_mod:get_module_opts(Host, mod_antispam),
+    NewOpts =
+        maps:merge(OldOpts,
+                   #{rtbl_services => [#rtbl_service{host = RTBLHost, node = RTBLDomainsNode}]}),
+    Owner = jid:make(?config(user, Config), ?config(server, Config), <<>>),
+    {result, _} =
+        mod_pubsub:create_node(RTBLHost,
+                               ?config(server, Config),
+                               RTBLDomainsNode,
+                               Owner,
+                               <<"flat">>),
+    {result, _} =
+        mod_pubsub:publish_item(RTBLHost,
+                                ?config(server, Config),
+                                RTBLDomainsNode,
+                                Owner,
+                                <<"spam.source.domain">>,
+                                [xmpp:encode(#ps_item{id = <<"spam.source.domain">>,
+                                                      sub_els = []})]),
+    mod_antispam:reload(Host, OldOpts, NewOpts),
+    ?match({ok, _}, mod_antispam:remove_blocked_domain(Host, <<"spam_domain.org">>)),
+    ?retry(100,
+           10,
+           ?match([<<"spam.source.domain">>], mod_antispam:get_blocked_domains(Host))),
+    {result, _} =
+        mod_pubsub:publish_item(RTBLHost,
+                                ?config(server, Config),
+                                RTBLDomainsNode,
+                                Owner,
+                                <<"spam.source.another">>,
+                                [xmpp:encode(#ps_item{id = <<"spam.source.another">>,
+                                                      sub_els = []})]),
+    ?retry(100, 10, ?match(true, (has_spam_domain(<<"spam.source.another">>))(Host))),
+    {result, _} =
+        mod_pubsub:delete_item(RTBLHost, RTBLDomainsNode, Owner, <<"spam.source.another">>, true),
+    ?retry(100, 10, ?match(false, (has_spam_domain(<<"spam.source.another">>))(Host))),
+    {result, _} = mod_pubsub:delete_node(RTBLHost, RTBLDomainsNode, Owner),
+    disconnect(Config).
+
+rtbl_domains_whitelisted(Config) ->
+    Host = ?config(server, Config),
+    RTBLHost =
+        jid:to_string(
+            suite:pubsub_jid(Config)),
+    RTBLDomainsNode = <<"spam_source_domains">>,
+    OldOpts = gen_mod:get_module_opts(Host, mod_antispam),
+    NewOpts =
+        maps:merge(OldOpts,
+                   #{rtbl_services => [#rtbl_service{host = RTBLHost, node = RTBLDomainsNode}]}),
+    Owner = jid:make(?config(user, Config), ?config(server, Config), <<>>),
+    {result, _} =
+        mod_pubsub:create_node(RTBLHost,
+                               ?config(server, Config),
+                               RTBLDomainsNode,
+                               Owner,
+                               <<"flat">>),
+    {result, _} =
+        mod_pubsub:publish_item(RTBLHost,
+                                ?config(server, Config),
+                                RTBLDomainsNode,
+                                Owner,
+                                <<"whitelisted.domain">>,
+                                [xmpp:encode(#ps_item{id = <<"whitelisted.domain">>,
+                                                      sub_els = []})]),
+    mod_antispam:reload(Host, OldOpts, NewOpts),
+    {result, _} =
+        mod_pubsub:publish_item(RTBLHost,
+                                ?config(server, Config),
+                                RTBLDomainsNode,
+                                Owner,
+                                <<"yetanother.domain">>,
+                                [xmpp:encode(#ps_item{id = <<"yetanother.domain">>,
+                                                      sub_els = []})]),
+    ?retry(100, 10, ?match(true, (has_spam_domain(<<"yetanother.domain">>))(Host))),
+    %% we assume that the previous "whitelisted.domain" pubsub item has been consumed by now, so we
+    %% can check that it doesn't exist
+    ?match(false, (has_spam_domain(<<"whitelisted.domain">>))(Host)),
+    {result, _} = mod_pubsub:delete_node(RTBLHost, RTBLDomainsNode, Owner),
+    disconnect(Config).
+
+%%%===================================================================
+
+spam_dump_file(Config) ->
+    {ok, CWD} = file:get_cwd(),
+    Filename = filename:join([CWD, "spam.log"]),
+    ?retry(100, 100, ?match(true, size(get_bytes(Filename)) > 0)),
+    From = jid:make(<<"spammer_jid">>, <<"localhost">>, <<"spam_client">>),
+    To = my_jid(Config),
+    is_spam(message(From, To, <<"A very specific spam message">>)),
+    ?retry(100,
+           100,
+           ?match({match, _}, re:run(get_bytes(Filename), <<"A very specific spam message">>))).
+
+%%%===================================================================
+%%% Internal functions
+%%%===================================================================
+single_test(T) ->
+    list_to_atom("antispam_" ++ atom_to_list(T)).
+
+has_spam_domain(Domain) ->
+    fun(Host) -> lists:member(Domain, mod_antispam:get_blocked_domains(Host)) end.
+
+is_not_spam(Msg) ->
+    ?match({Msg, undefined}, mod_antispam_filter:s2s_receive_packet({Msg, undefined})).
+
+is_spam(Spam) ->
+    ?match({stop, {drop, undefined}},
+           mod_antispam_filter:s2s_receive_packet({Spam, undefined})).
+
+message_hello(Username, Host, Config) ->
+    SpamFrom = jid:make(Username, Host, <<"spam_client">>),
+    To = my_jid(Config),
+    message(SpamFrom, To, <<"hello world">>).
+
+message(From, To, BodyText) ->
+    #message{from = From,
+             to = To,
+             type = chat,
+             body = [#text{data = BodyText}]}.
+
+get_bytes(Filename) ->
+    {ok, Bytes} = file:read_file(Filename),
+    Bytes.

test/docker/README.md

@@ -10,7 +10,7 @@ attached to it.
 ```
 mkdir test/docker/db/mysql/data
 mkdir test/docker/db/postgres/data
-(cd test/docker; docker-compose up)
+(cd test/docker; docker compose up)
 ```
 
 You can stop all the databases with CTRL-C.
@@ -20,8 +20,8 @@ You can stop all the databases with CTRL-C.
 The following commands will create the necessary login, user and database, will grant rights on the database in MSSQL and create the ejabberd schema:
 
 ```
-docker exec ejabberd-mssql /opt/mssql-tools/bin/sqlcmd -U SA -P ejabberd_Test1 -S localhost -i /initdb_mssql.sql
-docker exec ejabberd-mssql /opt/mssql-tools/bin/sqlcmd -U SA -P ejabberd_Test1 -S localhost -d ejabberd_test -i /mssql.sql
+docker exec ejabberd-mssql /opt/mssql-tools18/bin/sqlcmd -U SA -P ejabberd_Test1 -S localhost -i /initdb_mssql.sql -C
+docker exec ejabberd-mssql /opt/mssql-tools18/bin/sqlcmd -U SA -P ejabberd_Test1 -S localhost -d ejabberd_test -i /mssql.sql -C
 ```
 
 ## Running tests
@@ -44,7 +44,7 @@ make test
 You can fully clean up the environment with:
 
 ```
-(cd test/docker; docker-compose down)
+(cd test/docker; docker compose down)
 ```
 
 If you want to clean the data, you can remove the data volumes after the `docker-compose down` command:

test/docker/docker-compose.yml

@@ -7,7 +7,6 @@ services:
     volumes:
       - mysqldata:/var/lib/mysql
       - ../../sql/mysql.sql:/docker-entrypoint-initdb.d/mysql.sql:ro
-    command: --default-authentication-plugin=mysql_native_password
     restart: always
     ports:
       - 3306:3306

test/ejabberd_SUITE.erl

@@ -339,6 +339,10 @@ init_per_testcase(TestCase, OrigConfig) ->
             bind(auth(connect(Config)));
 	"replaced" ++ _ ->
 	    auth(connect(Config));
+        "antispam" ++ _ ->
+            Password = ?config(password, Config),
+            ejabberd_auth:try_register(User, Server, Password),
+            open_session(bind(auth(connect(Config))));
         _ when IsMaster or IsSlave ->
             Password = ?config(password, Config),
             ejabberd_auth:try_register(User, Server, Password),
@@ -425,6 +429,7 @@ db_tests(DB) when DB == mnesia; DB == redis ->
        auth_md5,
        presence_broadcast,
        last,
+       antispam_tests:single_cases(),
        webadmin_tests:single_cases(),
        roster_tests:single_cases(),
        private_tests:single_cases(),
@@ -436,6 +441,7 @@ db_tests(DB) when DB == mnesia; DB == redis ->
        mam_tests:single_cases(),
        csi_tests:single_cases(),
        push_tests:single_cases(),
+       test_pass_change,
        test_unregister]},
      muc_tests:master_slave_cases(),
      privacy_tests:master_slave_cases(),
@@ -465,6 +471,7 @@ db_tests(DB) ->
        offline_tests:single_cases(),
        mam_tests:single_cases(),
        push_tests:single_cases(),
+       test_pass_change,
        test_unregister]},
      muc_tests:master_slave_cases(),
      privacy_tests:master_slave_cases(),
@@ -683,6 +690,25 @@ register(Config) ->
                                    password = ?config(password, Config)}]}),
     Config.
 
+test_pass_change(Config) ->
+    case ?config(register, Config) of
+	true ->
+	    #iq{type = result, sub_els = []} =
+		send_recv(
+		    Config,
+		    #iq{type = set,
+			sub_els = [#register{username = ?config(user, Config),
+					     password = ?config(password, Config)}]}),
+	    #iq{type = result, sub_els = []} =
+		send_recv(
+		    Config,
+		    #iq{type = set,
+			sub_els = [#register{username = str:to_upper(?config(user, Config)),
+					     password = ?config(password, Config)}]});
+	_ ->
+	    {skipped, 'registration_not_available'}
+    end.
+
 test_unregister(Config) ->
     case ?config(register, Config) of
         true ->

test/ejabberd_SUITE_data/ejabberd.mnesia.yml

@@ -6,6 +6,14 @@ define_macro:
       mod_announce:
         db_type: internal
         access: local
+      mod_antispam:
+        rtbl_services:
+          - "pubsub.mnesia.localhost"
+        spam_jids_file: spam_jids.txt
+        spam_domains_file: spam_domains.txt
+        spam_urls_file: spam_urls.txt
+        whitelist_domains_file: whitelist_domains.txt
+        spam_dump_file: spam.log
       mod_blocking: []
       mod_caps:
         db_type: internal

test/ejabberd_SUITE_data/ejabberd.redis.yml

@@ -7,6 +7,14 @@ define_macro:
       mod_announce:
         db_type: internal
         access: local
+      mod_antispam:
+        rtbl_services:
+          - "pubsub.redis.localhost"
+        spam_jids_file: spam_jids.txt
+        spam_domains_file: spam_domains.txt
+        spam_urls_file: spam_urls.txt
+        whitelist_domains_file: whitelist_domains.txt
+        spam_dump_file: spam.log
       mod_blocking: []
       mod_caps:
         db_type: internal

test/ejabberd_SUITE_data/spam_domains.txt

@@ -0,0 +1 @@
+spam_domain.org

test/ejabberd_SUITE_data/spam_jids.txt

@@ -0,0 +1 @@
+spammer_jid@localhost

test/ejabberd_SUITE_data/spam_urls.txt

@@ -0,0 +1 @@
+https://spam.domain.url

test/ejabberd_SUITE_data/whitelist_domains.txt

@@ -0,0 +1 @@
+whitelisted.domain

test/json_test.erl

@@ -11,7 +11,6 @@ encode_binary_test() ->
     Encoded = <<"\"This is an error text.\"">>,
     ?assertMatch(Encoded, misc:json_encode(Binary)).
 
--ifdef(OTP_BELOW_27).
 -ifdef(OTP_BELOW_26).
 
 %% OTP 25 or lower
@@ -24,7 +23,11 @@ encode_map_test() ->
         <<"{\"service\":\"conference\",\"name\":\"room\",\"jid\":\"user@server\",\"affiliation\":\"member\"}">>,
     ?assertMatch(Encoded, misc:json_encode(Map)).
 
--else.
+-endif.
+
+-ifdef(OTP_BELOW_27).
+
+-ifndef(OTP_BELOW_26).
 
 %% OTP 26
 encode_map_test() ->
@@ -37,8 +40,9 @@ encode_map_test() ->
     ?assertMatch(Encoded, misc:json_encode(Map)).
 
 -endif.
+-endif.
 
--else.
+-ifndef(OTP_BELOW_27).
 
 %% OTP 27 or higher or higher
 encode_map_test() ->

test/muc_tests.erl

@@ -313,8 +313,6 @@ duplicate_occupantid_master(Config) ->
     PeerJID = ?config(slave, Config),
     PeerNick = ?config(slave_nick, Config),
     PeerNickJID = jid:replace_resource(Room, PeerNick),
-    MyNick = ?config(nick, Config),
-    MyNickJID = jid:replace_resource(Room, MyNick),
     ok = join_new(Config),
     wait_for_slave(Config),
     Pres = ?match(#presence{from = PeerNickJID, type = available} = Pres,

test/suite.erl

@@ -51,6 +51,11 @@ init_config(Config) ->
     {ok, _} = file:copy(SelfSignedCertFile,
 			filename:join([CWD, "self-signed-cert.pem"])),
     {ok, _} = file:copy(CAFile, filename:join([CWD, "ca.pem"])),
+    copy_file(Config, "spam_jids.txt"),
+    copy_file(Config, "spam_urls.txt"),
+    copy_file(Config, "spam_domains.txt"),
+    copy_file(Config, "whitelist_domains.txt"),
+    file:write_file(filename:join([CWD, "spam.log"]), []),
     {ok, MacrosContentTpl} = file:read_file(MacrosPathTpl),
     Password = <<"password!@#$%^&*()'\"`~<>+-/;:_=[]{}|\\">>,
     Backends = get_config_backends(),
@@ -138,6 +143,11 @@ init_config(Config) ->
      {backends, Backends}
      |Config].
 
+copy_file(Config, File) ->
+    {ok, CWD} = file:get_cwd(),
+    DataDir = proplists:get_value(data_dir, Config),
+    {ok, _} = file:copy(filename:join([DataDir, File]), filename:join([CWD, File])).
+
 copy_configtest_yml(DataDir, CWD) ->
     Files = filelib:wildcard(filename:join([DataDir, "configtest.yml"])),
     lists:foreach(
@@ -906,6 +916,21 @@ receiver(NS, Owner, Socket, MRef) ->
 	    receiver(NS, Owner, Socket, MRef)
     end.
 
+%% @doc Retry an action until success, at max N times with an interval
+%% `Interval'
+%% Shamlessly stolen (with slight adaptations) from snabbkaffee.
+-spec retry(integer(), non_neg_integer(), fun(() -> Ret)) -> Ret.
+retry(_, 0, Fun) ->
+    Fun();
+retry(Interval, N, Fun) ->
+    try Fun()
+    catch
+        EC:Err  ->
+            timer:sleep(Interval),
+            ct:pal("retrying ~p more times, result was ~p:~p", [N, EC, Err]),
+            retry(Interval, N - 1, Fun)
+    end.
+
 %%%===================================================================
 %%% Clients puts and gets events via this relay.
 %%%===================================================================

test/suite.hrl

@@ -89,6 +89,8 @@
 -define(send_recv(Send, Recv),
     ?match(Recv, suite:send_recv(Config, Send))).
 
+-define(retry(TIMEOUT, N, FUN), suite:retry(TIMEOUT, N, fun() -> FUN end)).
+
 -define(COMMON_VHOST, <<"localhost">>).
 -define(MNESIA_VHOST, <<"mnesia.localhost">>).
 -define(REDIS_VHOST, <<"redis.localhost">>).

tools/make-binaries

@@ -67,12 +67,12 @@ rel_vsn=$(git describe --tags | sed -e 's/-g.*//' -e 's/-/./' | tr -d '[:space:]
 mix_vsn=$(mix_version "$rel_vsn")
 crosstool_vsn='1.27.0'
 termcap_vsn='1.3.1'
-expat_vsn='2.6.4'
+expat_vsn='2.7.1'
 zlib_vsn='1.3.1'
 yaml_vsn='0.2.5'
-ssl_vsn='3.4.1'
-otp_vsn='27.3.2'
-elixir_vsn='1.18.3'
+ssl_vsn='3.5.1'
+otp_vsn='27.3.4.1'
+elixir_vsn='1.18.4'
 pam_vsn='1.6.1' # Newer Linux-PAM versions use Meson, we don't support that yet.
 png_vsn='1.6.45'
 jpeg_vsn='9f'

tools/opt_types.sh

@@ -11,6 +11,7 @@
 		mod_specs = #{} :: map()}).
 
 main([Mod|Paths]) ->
+    put(otp_version, list_to_integer(erlang:system_info(otp_release))),
     State = fold_beams(
 	      fun(File, Form, StateAcc) ->
 		      append(Form, File, StateAcc)
@@ -453,6 +454,17 @@ t_from_form(Spec) ->
     T.
 
 t_remote(Mod, Type) ->
+    case get(otp_version) >= 28  of
+        true ->
+            t_remote_newopt(Mod, Type);
+        false ->
+            t_remote_oldopt(Mod, Type)
+    end.
+
+t_remote_newopt(Mod, Type) ->
+    erl_types:t_nominal({Mod, Type, 0, opaque}, opaque).
+
+t_remote_oldopt(Mod, Type) ->
     D = maps:from_list([{{opaque, Type, []},
                          {{Mod, 1, 2, []}, type}}]),
     [T] = erl_types:t_opaque_from_records(D),

tools/rebar3-format.sh

@@ -17,7 +17,7 @@ FPATH=$1
 ERLS=$(git grep --name-only @format-begin "$FPATH"/)
 
 for ERL in $ERLS; do
-    csplit --quiet --prefix=$ERL-format- $ERL /@format-/ "{*}"
+    perl -n -e 'sub o { open(OUT, ">", sprintf("%s-format-%02d", $f, $n++));}; BEGIN{($f)=@ARGV;o()}; o() if /\@format-/; print OUT $_;' $ERL
 done
 
 EFMTS=$(find "$FPATH"/*-format-* -type f -exec grep --files-with-matches "@format-begin" '{}' ';')