v2.7.0-rc1 - a new name

We're pleased to be publishing Ergo 2.7.0-rc1, our first release candidate under our new name of Ergo. This release contains bug fixes and minor enhancements.

This release includes changes to the config file format, all of which are fully backwards-compatible and do not require updating the file before upgrading. This release includes no changes to the database format.

Because the name of the executable has changed from oragono to ergo (ergo.exe on Windows), you may need to update your system configuration (e.g., scripts or systemd unit files that reference the executable).

Many thanks to @ajaspers and @jesopo for contributing patches, to @ajaspers, @ChrisTX, @emersion, @jwheare, @kylef, @Mikaela, @mogad0n, and @ProgVal for reporting issues and helping test, and to our translators for contributing translations.

Changed

• The project was renamed from "Oragono" to "Ergo" (#897, thanks to everyone who contributed feedback or voted in the poll)

Config changes

• Entries in server.listeners now take a new key, min-tls-version, that can be used to set the minimum required TLS version; the recommended default value is 1.2 (#1611, thanks @ChrisTX!)
• Added max-conns (maximum connection count) and max-conn-lifetime (maximum lifetime of a connection before it is cycled) to datastore.mysql (#1622)
• Added massmessage operator capability to allow sending NOTICEs to all connected users (#1153, #1629, thanks @jesopo!)

Security

• If require-sasl.enabled is set to true, tor-listeners.require-sasl will be automatically set to true as well (#1636)
• It is now possible to set the minimum required TLS version, using the min-tls-version key in listener configuration
• Configurations that require SASL but allow user registration now produce a warning (#1637)

Added:

• Operators with the correct permissions can now send "mass messages", e.g. /NOTICE $$* will send a NOTICE to all users (#1153, #1629, thanks @jesopo!)
• Operators can now extend the maximum (non-tags) length of the IRC line using the server.max-line-len configuration key. This is not recommended for use outside of "closed-circuit" deployments where IRC operators have full control of all client software. (#1651)

Fixed

• RELAYMSG now sends a full NUH ("nick-user-host"), instead of only the relay nickname, as the message source (#1647, thanks @ProgVal, @jwheare, and @Mikaela!)
• Fixed a case where channels would remain visible in /LIST after unregistration (#1619, thanks @ajaspers!)
• Fixed incorrect tags on JOIN lines in +u ("auditorium") channels (#1642)
• Fixed an issue where LUSERS counts could get out of sync (#1617)
• It was impossible to add a restricted set of snomasks to an operator's permissions; this has been fixed (#1618)
• Fixed incorrect language in NS INFO responses (#1627, thanks @ajaspers!)
• Fixed a case where the REGISTER command would emit an invalid error message (#1633, thanks @ajaspers!)
• Fixed snomasks displaying in a nondeterministic order (#1669, thanks @Mikaela!)

Removed

• Removed the draft/resume-0.5 capability, and the associated RESUME and BRB commands (#1624)

Internal

• Optimized MySQL storage of direct messages (#1615)

v2.6.1 - a security fix

Oragono 2.6.1 is a bugfix release, fixing a security issue that is critical for some private server configurations. We regret the oversight.

The issue affects two classes of server configuration:

1. Private servers that use server.password (i.e., the PASS command) for protection. If accounts.registration.allow-before-connect is enabled, the REGISTER command can be used to bypass authentication. Affected operators should set this field to false, or upgrade to 2.6.1, which disallows the insecure configuration. (If the field does not appear in the configuration file, the configuration is secure since the value defaults to false when unset.)
2. Private servers that use accounts.require-sasl for protection. If these servers do not additionally set accounts.registration.enabled to false, the REGISTER command can potentially be used to bypass authentication. Affected operators should set accounts.registration.enabled to false; this recommendation appeared in the operator manual but was not emphasized sufficiently. (Configurations that require SASL but allow open registration are potentially valid, e.g., in the case of public servers that require everyone to use a registered account; accordingly, Oragono 2.6.1 continues to permit such configurations.)

This release includes no changes to the config file format or the database.

Many thanks to @ajaspers for reporting the issue.

Security

• Fixed and documented potential authentication bypasses via the REGISTER command (#1634, thanks [@ajaspers](https://
  github.com/ajaspers)!)

v2.6.0 - advancing standards

We're pleased to announce Oragono 2.6.0, a new stable release.

This release has some user-facing enhancements, but is primarily focused on fixing bugs and advancing the state of IRCv3 standardization (by publishing a release that implements the latest drafts). Some highlights:

• A new CHATHISTORY API for listing direct message conversations (#1592)
• The latest proposal for IRC-over-websockets, which should be backwards-compatible with existing clients (#1558)
• The latest specification for the bot usermode (+B in our implementation) (#1562)

This release includes changes to the config file format, all of which are fully backwards-compatible and do not require updating the file before upgrading.

This release includes no changes to the embedded database format. If you are using MySQL for history storage, it adds a new table; this change is backwards and forwards-compatible and does not require any manual intervention.

If you are using nginx as a reverse proxy for IRC-over-websockets, previous documentation did not recommend increasing proxy_read_timeout; the default value of 60s is too low and can lead to user disconnections. The current recommended value is proxy_read_timeout 600s;; see the manual for an example configuration.

Many thanks to @ajaspers and @Mikaela for contributing patches, to @aster1sk, @emersion, @eskimo, @hhirtz, @jlu5, @jwheare, @KoraggKnightWolf, @kylef, @Mikaela, @mogad0n, @ProgVal, and @szlend for reporting issues and helping test, and to our translators for contributing translations.

Config changes

• Listeners now support multiple TLS certificates for use with SNI; see the manual for details (#875, thanks @Mikaela!)
• Added server.compatibility.allow-truncation, controlling whether the server accepts messages that are too long to be relayed intact; this value defaults to true when unset (#1577, #1586, thanks @kylef!)
• Added new snomasks operator capability; operators must have either the ban or snomasks capability to subscribe to additional snomasks (#1176)

Security

• Fixed several edge cases where Oragono might relay invalid UTF8 despite the UTF8ONLY guarantee, or to a text-mode websocket client (#1575, #1596, thanks @ProgVal!)
• All operator privilege checks now use the capabilities system, making it easier to define operators with restricted powers (#1176)
• Adding and removing bans with UBAN now produces snomasks and audit loglines (#1518, thanks @mogad0n!)

Fixed

• Fixed an edge case in line buffering that could result in client disconnections (#1572, thanks @ProgVal!)
• Upgraded buntdb, our embedded database library, fixing an edge case that could cause data corruption (#1603, thanks @Mikaela, @tidwall!)
• Improved compatibility with the published draft/register specification (#1568, thanks @ProgVal!)
• 433 ERR_NICKNAMEINUSE is no longer sent when a fully connected ("registered") client fails to claim a reserved nickname, fixing a bad interaction with some client software (#1594, thanks @ProgVal!)
• Fixed znc.in/playback commands causing client disconnections when history is disabled (#1552, thanks @szlend!)
• Fixed syntactically invalid 696 ERR_INVALIDMODEPARAM response for invalid channel keys (#1563, thanks @ProgVal!)
• User-set nickserv settings now display as "enabled" instead of "mandatory" (#1544, thanks @Mikaela!)
• Improved error messages for some invalid configuration cases (#1559, thanks @aster1sk!)
• Improved CS TRANSFER error messages (#1534, thanks burning!)
• Handle panics caused when rehashing with SIGHUP (#1570)

Changed

• Registered channels will always appear in /LIST output, even with no members (#1507)
• In the new recommended default configuration, Oragono will preemptively reject messages that are too long to be relayed to clients without truncation. This is controlled by the config variable server.compatibility.allow-truncation; this field defaults to true when unset, preserving the legacy behavior for older config files (#1577, #1586, thanks @kylef!)
• Auto-away behavior now respects individual clients; the user is not considered away unless all clients are away or disconnected (#1531, thanks @kylef!)
• Direct messages rejected due to the +R registered-only usermode now produce an error message (#1064, thanks @KoraggKnightWolf, @ajaspers!)
• RELAYMSG identifiers now respect bans and mutes (#1502)
• If end user message deletion is enabled, channel operators can now delete channel messages (#1565, thanks @Mikaela!)
• Halfops can change the channel topic (#1523)
• Snomask add/remove syntax now matches other ircds more closely (#1074)
• CS OP will regrant your channel AMODE, in case you removed it (#1516, #1307, thanks @jlu5!)
• User passwords may no longer begin with : (#1571)
• Improved documentation of CS AMODE and NS UNREGISTER (#1524, #1545, thanks @Mikaela!)
• Disabling history disables history-related CAPs (#1549)

Added

• Implemented the new CHATHISTORY TARGETS API for listing direct message conversations (#1592, thanks @emersion, @hhirtz, @jwheare, @kylef!)
• Implemented the new IRC-over-websockets draft, adding support for binary websockets and subprotocol negotiation (#1558, thanks @jwheare!)
• Implemented the new bot mode spec (#1562)
• Implemented the new forward mode spec (#1612, thanks @ProgVal!)
• WARN NICK ACCOUNT_REQUIRED is sent on failed attempts to claim a reserved nickname (#1594)
• NS CLIENTS LIST displays enabled client capabilities (#1576)
• CS INFO with no arguments lists your registered channels (#765)
• NS PASSWORD is now accepted as an alias for NS PASSWD (#1547)

Internal

• Upgraded to Go 1.16 (#1510)

v2.6.0-rc1 - advancing standards

We're pleased to be publishing the release candidate for 2.6.0 (the official release should follow in a week or so).

This release has some user-facing enhancements, but is primarily focused on fixing bugs and advancing the state of IRCv3 standardization (by publishing a release that implements the latest drafts). Some highlights:

• A new CHATHISTORY API for listing direct message conversations (#1592)
• The latest proposal for IRC-over-websockets, which should be backwards-compatible with existing clients (#1558)
• The latest specification for the bot usermode (+B in our implementation) (#1562)

This release includes changes to the config file format, all of which are fully backwards-compatible and do not require updating the file before upgrading.

This release includes no changes to the embedded database format. If you are using MySQL for history storage, it adds a new table; this change is backwards and forwards-compatible and does not require any manual intervention.

If you are using nginx as a reverse proxy for IRC-over-websockets, previous documentation did not recommend increasing proxy_read_timeout; the default value of 60s is too low and can lead to user disconnections. The current recommended value is proxy_read_timeout 600s;; see the manual for an example configuration.

Many thanks to @ajaspers and @Mikaela for contributing patches, to @aster1sk, @emersion, @eskimo, @hhirtz, @jlu5, @jwheare, @KoraggKnightWolf, @kylef, @Mikaela, @mogad0n, @ProgVal, and @szlend for reporting issues and helping test, and to our translators for contributing translations.

Config changes

• Listeners now support multiple TLS certificates for use with SNI; see the manual for details (#875, thanks @Mikaela!)
• Added server.compatibility.allow-truncation, controlling whether the server accepts messages that are too long to be relayed intact; this value defaults to true when unset (#1596, thanks @kylef!)
• Added new snomasks operator capability; operators must have either the ban or snomasks capability to subscribe to additional snomasks (#1176)

Security

• Fixed several edge cases where Oragono might relay invalid UTF8 despite the UTF8ONLY guarantee, or to a text-mode websocket client (#1575, #1596, thanks @ProgVal!)
• All operator privilege checks now use the capabilities system, making it easier to define operators with restricted powers (#1176)
• Adding and removing bans with UBAN now produces snomasks and audit loglines (#1518, thanks @mogad0n!)

Fixed

• Fixed an edge case in line buffering that could result in client disconnections (#1572, thanks @ProgVal!)
• Upgraded buntdb, our embedded database library, fixing an edge case that could cause data corruption (#1603, thanks @Mikaela, @tidwall!)
• Improved compatibility with the published draft/register specification (#1568, thanks @ProgVal!)
• 433 ERR_NICKNAMEINUSE is no longer sent when a fully connected ("registered") client fails to claim a reserved nickname, fixing a bad interaction with some client software (#1594, thanks @ProgVal!)
• Fixed znc.in/playback commands causing client disconnections when history is disabled (#1552, thanks @szlend!)
• Fixed syntactically invalid 696 ERR_INVALIDMODEPARAM response for invalid channel keys (#1563, thanks @ProgVal!)
• User-set nickserv settings now display as "enabled" instead of "mandatory" (#1544, thanks @Mikaela!)
• Improved error messages for some invalid configuration cases (#1559, thanks @aster1sk!)
• Improved CS TRANSFER error messages (#1534, thanks burning!)
• Handle panics caused when rehashing with SIGHUP (#1570)

Changed

• Registered channels will always appear in /LIST output, even with no members (#1507)
• In the new recommended default configuration, Oragono will preemptively reject messages that are too long to be relayed to clients without truncation. This is controlled by the config variable server.compatibility.allow-truncation; this field defaults to true when unset, preserving the legacy behavior for older config files (#1577, #1586, thanks @kylef!)
• Auto-away behavior now respects individual clients; the user is not considered away unless all clients are away or disconnected (#1531, thanks @kylef!)
• Direct messages rejected due to the +R registered-only usermode now produce an error message (#1064, thanks @KoraggKnightWolf, @ajaspers!)
• RELAYMSG identifiers now respect bans and mutes (#1502)
• If end user message deletion is enabled, channel operators can now delete channel messages (#1565, thanks @Mikaela!)
• Halfops can change the channel topic (#1523)
• Snomask add/remove syntax now matches other ircds more closely (#1074)
• CS OP will regrant your channel AMODE, in case you removed it (#1516, #1307, thanks @jlu5!)
• User passwords may no longer begin with : (#1571)
• Improved documentation of CS AMODE and NS UNREGISTER (#1524, #1545, thanks @Mikaela!)
• Disabling history disables history-related CAPs (#1549)

Added

• Implemented the new CHATHISTORY TARGETS API for listing direct message conversations (#1592, thanks @emersion, @hhirtz, @jwheare, @kylef!)
• Implemented the new IRC-over-websockets draft, adding support for binary websockets and subprotocol negotiation (#1558, thanks @jwheare!)
• Implemented the new bot mode spec (#1562)
• Implemented the new forward mode spec (#1612, thanks @ProgVal!)
• WARN NICK ACCOUNT_REQUIRED is sent on failed attempts to claim a reserved nickname (#1594)
• NS CLIENTS LIST displays enabled client capabilities (#1576)
• CS INFO with no arguments lists your registered channels (#765)
• NS PASSWORD is now accepted as an alias for NS PASSWD (#1547)

Internal

• Upgraded to Go 1.16 (#1510)

v2.5.1 - a security fix

Oragono 2.5.1 is a bugfix release that fixes a significant security issue. We apologize for the oversight.

This release includes no changes to the config file format or the database.

Many thanks to @xnaas for reporting the issue.

Security

• Fix an incorrect permissions check in NickServ (#1520, thanks @xnaas!)

v2.5.0 - iterative enhancements

We're pleased to announce Oragono 2.5.0, a new stable release.

This release includes enhancements based on the needs of real-world operators, as well as bug fixes. Highlights include:

• UBAN, a new "unified ban" system for server operators, with a corresponding CHANSERV HOWTOBAN command for channel operators (#1447)
• A new forwarding/overflow channel mode +f (#1260)
• Support for PROXY protocol v2 (#1389)

This release includes changes to the config file format, including two breaking changes. One is fairly significant: enabling a websocket listener now requires the use of server.enforce-utf8, as has been the recommended default since 2.2.0 (so continuing to accept legacy non-UTF-8 content will require disabling websockets). The other is that the "unban" operator capability has been removed (it is now included in the "ban" capability). Other config changes are backwards compatible and do not require updating the file before upgrading.

This release includes a database change. If you have datastore.autoupgrade set to true in your configuration, it will be automatically applied when you restart Oragono. Otherwise, you can update the database manually by running oragono upgradedb (see the manual for complete instructions).

Many thanks to @jlu5, @kylef and @Mikaela for contributing patches, to @bogdomania, @eskimo, @happyhater, @jlu5, @kylef, @LukeHoersten, @Mikaela, @mogad0n, @robinlemon, and @vertisan for reporting issues and helping test, and to our translators for contributing translations.

Config changes

• Enabling websockets now requires server.enforce-utf8 = true (#1483)
• proxy is now a top-level field of the listener config block; in particular, the PROXY protocol (v1 or v2) can now be required ahead of a plaintext connection. The field is still accepted in its legacy position (inside the tls block). (#1389, thanks @robinlemon!)
• Added accounts.multiclient.always-on-expiration, allowing always-on clients to be timed out for inactivity (#810, thanks @bogdomania!)
• local_ prefixes have been stripped from operator capability names, so that, e.g., local_ban is now just ban. The old names are still accepted. (#1442)
• The local_unban operator capability has been removed (unbanning is now contained in the ban permission). (#1442)
• The recommended value of accounts.bcrypt-cost is now 4, the minimum acceptable value (#1497)
• server.ip-limits.custom-limits now accepts networks that contain multiple CIDRs; the old syntax is still accepted (#1421, thanks @Mikaela!
• A new field, history.restrictions.query-cutoff, generalizes the old history.restrictions.enforce-registration-date (the old field is still accepted) (#1490, thanks @Mikaela!)
• Added server.override-services-hostname, allowing the hostname of NickServ, ChanServ, etc. to be overridden (#1407, thanks @Mikaela!)
• Added a boolean hide-sts key to the listener block; this can be used to hide the STS CAP when the listener is secured at layer 3 or 4 (e.g., by a VPN or an E2E mixnet). It will still be necessary to add the relevant IPs to secure-nets. (#1428, thanks @Mikaela!)

Security

• Improved validation of names and encodings for client-only tags (#1385)
• Improved auditability of sensitive operator actions (#1443, thanks @mogad0n!)
• DEFCON 4 and lower now require Tor users to authenticate with SASL (#1450)

Fixed

• Fixed NS UNSUSPEND requiring the casefolded / lowercase version of the account name (#1382, thanks @mogad0n!)
• Fixed client-only tags in direct (user-to-user) PRIVMSG not being replayed (#1411)
• Fixed many bugs in import of Anope and Atheme databases (#1403, #1423, #1424, #1431, #1435, #1439, #1444, thanks @jlu5, @kylef, and @Mikaela!)
• Fixed case-handling bugs in RENAME (i.e., channel rename) (#1456, thanks @mogad0n!)
• Fixed incorrect processing of color code escapes in MOTD files (#1467, thanks @mogad0n!)
• STS is no longer advertised to Tor clients (#1428, thanks @Mikaela!)
• Fixed HELP/HELPOP numerics not including the nick as an argument (#1472, thanks @kylef!)
• Made connection registration snomasks less confusing (#1396, thanks @eskimo!)
• Fixed duplicated nicks in KLINE response (#1379, thanks @mogad0n!)
• The RELAYMSG tag name is now draft/relaymsg, conforming to the amended draft specification (#1468, thanks @jlu5!)
• Fixed SAJOIN not sending a MODE line to the originating client (#1383, thanks @mogad0n!)
• Improved consistency of message sources sent by CS AMODE (#1383, thanks @mogad0n!)
• Fixed duplicated JOIN line sent to some clients using the draft/resume-0.5 extension (#1397, thanks @kylef!)
• Added a warning that MySQL cannot be enabled by rehash (#1452, thanks @Mikaela!)

Changed

• Channel-user modes (e.g., +o, +v) of always-on clients are now persisted in the database (#1345)
• /CHANSERV PURGE now takes ADD, DEL, and LIST subcommands; the separate UNPURGE command has been removed; PURGE ADD now requires a confirmation code (#1294, thanks @mogad0n!)
• The characters <, >, ', ", and ; are no longer allowed in nicknames (previously registered account names containing these characters are still accepted) (#1436, thanks @happyhater!)
• Authenticated clients from Tor now receive their (account-unique) always-on cloaked hostname; this allows channel operators to ban unauthenticated Tor users by banning *!*@tor-network.onion (#1479, thanks @mogad0n!)
• Included the network name in the human-readable final parameter of 001 RPL_WELCOME (#1410)
• RELAYMSG can now take client-only tags (#1470)
• WebSocket listeners will attempt to negotiate the text.ircv3.net subprotocol; negotiating this is optional for clients (#1483)

Added

• Added UBAN, a new command giving server operators a unified interface to D-LINEs (IP bans), K-LINEs (NUH mask bans, which are now deprecated), and account suspensions (NS SUSPEND) (#1447)
• Added CHANSERV HOWTOBAN, a ChanServ subcommand that helps channel operators choose an appropriate ban (#1447)
• Added a new channel mode +f; users who cannot join the channel due to +i or +l will be forwarded to the channel specified by +f. (#1260)
• Added support for the PROXY protocol v2 (#1389, thanks @robinlemon!)
• Added support for /JOIN 0 (part all channels), requiring a confirmation code (#1417, thanks @Mikaela!)
• Added support for grouped nicknames as SASL usernames (#1476, thanks @eskimo!)
• Added history support for INVITE (#1409, thanks @Mikaela!)
• Added a new channel setting accessible via /CS SET: history-cutoff, allowing the channel owner more fine-grained control over who can see history (#1490, thanks @Mikaela!)
• Added the UTF8ONLY ISUPPORT token, allowing the server to advertise to clients that only UTF-8 content is accepted (#1483)
• Added /NICKSERV RENAME, an operator-only command that can change the case of an account name (#1380, thanks @LukeHoersten!)

Internal

• Added caching for serialized messages (#1387)
• Improved memory efficiency of line reading (#1231)

v2.5.0-rc1 - iterative enhancements

We're pleased to be publishing the release candidate for 2.5.0 (the official release should follow in a week or so).

This release includes enhancements based on the needs of real-world operators, as well as bug fixes. Highlights include:

• UBAN, a new "unified ban" system for server operators, with a corresponding CHANSERV HOWTOBAN command for channel operators (#1447)
• A new forwarding/overflow channel mode +f (#1260)
• Support for PROXY protocol v2 (#1389)

This release includes changes to the config file format, including two breaking changes. One is fairly significant: enabling a websocket listener now requires the use of server.enforce-utf8, as has been the recommended default since 2.2.0 (so continuing to accept legacy non-UTF-8 content will require disabling websockets). The other is that the "unban" operator capability has been removed (it is now included in the "ban" capability). Other config changes are backwards compatible and do not require updating the file before upgrading.

This release includes a database change. If you have datastore.autoupgrade set to true in your configuration, it will be automatically applied when you restart Oragono. Otherwise, you can update the database manually by running oragono upgradedb (see the manual for complete instructions).

Many thanks to @jlu5, @kylef and @Mikaela for contributing patches, to @bogdomania, @eskimo, @happyhater, @jlu5, @kylef, @LukeHoersten, @Mikaela, @mogad0n, @robinlemon, and @vertisan for reporting issues and helping test, and to our translators for contributing translations.

Config changes

• Enabling websockets now requires server.enforce-utf8 = true (#1483)
• proxy is now a top-level field of the listener config block; in particular, the PROXY protocol (v1 or v2) can now be required ahead of a plaintext connection. The field is still accepted in its legacy position (inside the tls block). (#1389, thanks @robinlemon!)
• Added accounts.multiclient.always-on-expiration, allowing always-on clients to be timed out for inactivity (#810, thanks @bogdomania!)
• local_ prefixes have been stripped from operator capability names, so that, e.g., local_ban is now just ban. The old names are still accepted. (#1442)
• The local_unban operator capability has been removed (unbanning is now contained in the ban permission). (#1442)
• The recommended value of accounts.bcrypt-cost is now 4, the minimum acceptable value (#1497)
• server.ip-limits.custom-limits now accepts networks that contain multiple CIDRs; the old syntax is still accepted (#1421, thanks @Mikaela!
• A new field, history.restrictions.query-cutoff, generalizes the old history.restrictions.enforce-registration-date (the old field is still accepted) (#1490, thanks @Mikaela!)
• Added server.override-services-hostname, allowing the hostname of NickServ, ChanServ, etc. to be overridden (#1407, thanks @Mikaela!)
• Added a boolean hide-sts key to the listener block; this can be used to hide the STS CAP when the listener is secured at layer 3 or 4 (e.g., by a VPN or an E2E mixnet). It will still be necessary to add the relevant IPs to secure-nets. (#1428, thanks @Mikaela!)

Security

• Improved validation of names and encodings for client-only tags (#1385)
• Improved auditability of sensitive operator actions (#1443, thanks @mogad0n!)
• DEFCON 4 and lower now require Tor users to authenticate with SASL (#1450)

Fixed

• Fixed NS UNSUSPEND requiring the casefolded / lowercase version of the account name (#1382, thanks @mogad0n!)
• Fixed client-only tags in direct (user-to-user) PRIVMSG not being replayed (#1411)
• Fixed many bugs in import of Anope and Atheme databases (#1403, #1423, #1424, #1431, #1435, #1439, #1444, thanks @jlu5, @kylef, and @Mikaela!)
• Fixed case-handling bugs in RENAME (i.e., channel rename) (#1456, thanks @mogad0n!)
• Fixed incorrect processing of color code escapes in MOTD files (#1467, thanks @mogad0n!)
• STS is no longer advertised to Tor clients (#1428, thanks @Mikaela!)
• Fixed HELP/HELPOP numerics not including the nick as an argument (#1472, thanks @kylef!)
• Made connection registration snomasks less confusing (#1396, thanks @eskimo!)
• Fixed duplicated nicks in KLINE response (#1379, thanks @mogad0n!)
• The RELAYMSG tag name is now draft/relaymsg, conforming to the amended draft specification (#1468, thanks @jlu5!)
• Fixed SAJOIN not sending a MODE line to the originating client (#1383, thanks @mogad0n!)
• Improved consistency of message sources sent by CS AMODE (#1383, thanks @mogad0n!)
• Fixed duplicated JOIN line sent to some clients using the draft/resume-0.5 extension (#1397, thanks @kylef!)
• Added a warning that MySQL cannot be enabled by rehash (#1452, thanks @Mikaela!)

Changed

• Channel-user modes (e.g., +o, +v) of always-on clients are now persisted in the database (#1345)
• /CHANSERV PURGE now takes ADD, DEL, and LIST subcommands; the separate UNPURGE command has been removed; PURGE ADD now requires a confirmation code (#1294, thanks @mogad0n!)
• The characters <, >, ', ", and ; are no longer allowed in nicknames (previously registered account names containing these characters are still accepted) (#1436, thanks @happyhater!)
• Authenticated clients from Tor now receive their (account-unique) always-on cloaked hostname; this allows channel operators to ban unauthenticated Tor users by banning *!*@tor-network.onion (#1479, thanks @mogad0n!)
• Included the network name in the human-readable final parameter of 001 RPL_WELCOME (#1410)
• RELAYMSG can now take client-only tags (#1470)
• WebSocket listeners will attempt to negotiate the text.ircv3.net subprotocol; negotiating this is optional for clients (#1483)

Added

• Added UBAN, a new command giving server operators a unified interface to D-LINEs (IP bans), K-LINEs (NUH mask bans, which are now deprecated), and account suspensions (NS SUSPEND) (#1447)
• Added CHANSERV HOWTOBAN, a ChanServ subcommand that helps channel operators choose an appropriate ban (#1447)
• Added a new channel mode +f; users who cannot join the channel due to +i or +l will be forwarded to the channel specified by +f. (#1260)
• Added support for the PROXY protocol v2 (#1389, thanks @robinlemon!)
• Added support for /JOIN 0 (part all channels), requiring a confirmation code (#1417, thanks @Mikaela!)
• Added support for grouped nicknames as SASL usernames (#1476, thanks @eskimo!)
• Added history support for INVITE (#1409, thanks @Mikaela!)
• Added a new channel setting accessible via /CS SET: history-cutoff, allowing the channel owner more fine-grained control over who can see history (#1490, thanks @Mikaela!)
• Added the UTF8ONLY ISUPPORT token, allowing the server to advertise to clients that only UTF-8 content is accepted (#1483)
• Added /NICKSERV RENAME, an operator-only command that can change the case of an account name (#1380, thanks @LukeHoersten!)

Internal

• Added caching for serialized messages (#1387)
• Improved memory efficiency of line reading (#1231)

v2.4.0 - feature parity

We're pleased to announce Oragono 2.4.0, a new stable release.

This release includes a number of exciting enhancements and fixes. Here are some highlights:

• Support for migrating an Anope or Atheme database to Oragono (#1042)
• A pluggable system for validating external IPs, e.g., via DNSBLs (#68, thanks @moortens!)
• draft/relaymsg, a new draft extension simplifying bridging with other chat systems (thanks @jlu5!)
• New moderation tools: +u ("auditorium", #1300), +U ("op-moderated", #1178), +M ("moderated-registered", #1182, thanks @ajaspers!), and +b m: (an extban for muting users, #307)

This release includes changes to the config file format, including one breaking change: roleplay.enabled now defaults to false (the new recommended default) instead of true when unset. Other config changes are backwards compatible and do not require updating the file before upgrading.

This release includes a database change. If you have datastore.autoupgrade set to true in your configuration, it will be automatically applied when you restart Oragono. Otherwise, you can update the database manually by running oragono upgradedb (see the manual for complete instructions).

Many thanks to @ajaspers, @jesopo, @moortens, and @RunBarryRun for contributing patches, to @csmith for contributing code reviews, to @ajaspers, @Amiga60077, @bogdomania, @csmith, @edk0, @eskimo, @jlu5, @jwheare, @KoraggKnightWolf, @Mitaka8, @mogad0n, @RyanSquared, and @vertisan for reporting issues and helping test, and to our translators for contributing translations.

Config changes

• Added server.ip-cloaking.enabled-for-always-on, which generates a unique hostname for each always-on client. The recommended default value of this field is true (#1312)
• Added server.coerce-ident; if this is set to a string value, all user/ident fields supplied by clients are ignored and replaced with this value. The recommended default value of this field is ~u. This simplifies bans. (#1340)
• Simplified the config file format for email verification into a new accounts.nick-reservation.email-verification section. The old format (callbacks) is still accepted (#1075)
• The recommended value of roleplay.enabled is now false; this field now defaults to false when unset (#1240, #1271)
• Added server.relaymsg section for configuring the new draft/relaymsg capability; added the new relaymsg operator capability for exercising it (#1119)
• Added allow-environment-overrides config variable, allowing config options to be overridden by environment variables. See the manual for more details. (#1049, thanks @csmith!)
• Added server.ip-check-script for configuring IP check plugins (#68, #1267, thanks @moortens!)
• Added max-concurrency restriction to accounts.auth-script section. The recommended default value is 64 (0 or unset disable the restriction) (#1267)
• Added accounts.registration.allow-before-connect; this allows the use of the new REGISTER command before connecting to the server (#1075)
• Added hidden option in operator blocks: if set to true, operator status is hidden from commands like WHOIS that would otherwise display it (#1194)
• Added accounts.nick-reservation.forbid-anonymous-nick-changes, which forbids anonymous users from changing their nicknames after initially connecting (#1337, thanks @Amiga60077!)
• Added channels.invite-expiration, allowing invites to +i channels to expire after a given amount of time (#1171)

Security

• Added /NICKSERV CLIENTS LOGOUT command for disconnecting clients connected to a user account (#1072, #1272, thanks @ajaspers!)
• Disallowed the use of service nicknames during roleplaying (#1240, thanks @Mitaka8!)
• Improved security properties of INVITE for invite-only channels, including an UNINVITE command (#1171)

Removed

• Removed the request queue system for HostServ, i.e., the REQUEST, APPROVE, and REJECT subcommands of HOSTSERV (#1346)

Fixed

• PONG is now sent with the server name as the first parameter, matching the behavior of other ircds (#1249, thanks @jesopo!)
• It was not possible to set or unset the +T no-CTCP user mode; this has been fixed (#1299, thanks @mogad0n!)
• Fixed edge cases with /NICKSERV SAREGISTER of confusable nicknames (#1322, thanks @mogad0n!)
• Fixed websocket listeners with proxy-before-TLS enabled closing on invalid PROXY lines (#1269, thanks @RyanSquared!)
• Fixed error responses and history for SANICK (#1277, #1278, thanks @eskimo!)
• Ensured that stored realnames of always-on clients are deleted during account unregistration (#1330)
• Whitespace is now stripped from KLINEs (#1327, thanks @mogad0n!)
• Fixed incorrect LUSERS counts caused by KLINE (#1303, thanks @mogad0n!)
• CHATHISTORY queries for invalid channels now get an empty batch instead of a FAIL (#1322)
• fakelag.messages-per-window = 0 no longer causes a panic (#861, thanks @vertisan!)

Added

• Added oragono importdb command for importing a converted Anope or Atheme database; see the manual for details (#1042)
• Added support for the new draft/relaymsg extension, which simplifies bridging IRC with other protocols relaymsg (#1119, thanks @jlu5!)
• Added ip-check-script, a scripting API for restricting access by client IP. We provide oragono-dnsbl, an external script that can query DNSBLs for this purpose (#68, #1267, thanks @moortens!)
• Added channel mode +u. This is an "auditorium" mode that prevents unprivileged users from seeing each other's JOIN and PART lines. It's useful for large public-announcement channels, possibly in conjunction with +m (#1300)
• Added channel mode +U. This is an "op-moderated" mode; messages from unprivileged users are sent only to channel operators, who can then choose to grant them +v. (#1178)
• Added a mute extban +b m:: users matching the ban expression (e.g., +b m:*!*@j6dwi4vacx47y.irc) will be able to join the channel, but will be unable to speak. (#307)
• Added support for the new draft/register extension, which exposes a cleaner account registration API to clients (#1075, thanks @edk0!)
• Added a 379 RPL_WHOISMODES line to the WHOIS response, making it easier for operators to see other users' modes (#769, thanks @Amiga60077 and @KoraggKnightWolf!)
• Added /CHANSERV DEOP command for removing channel operator privileges (#361, thanks @RunBarryRun!)
• Added r flag to /WHO responses for registered nicknames (#1366, thanks @Amiga60077!)

Changed

• Always-on clients now receive a user/ident of ~u by default, instead of ~user; this can be changed by setting the coerce-ident field (#1340)
• /NICKSERV SUSPEND has been modified to take subcommands (ADD, DEL, and LIST); the ADD subcommand now accepts time duration and reason arguments. See /msg NickServ HELP SUSPEND for details. (#1274, thanks @mogad0n!)
• Only the channel founder can kick the channel founder, regardless of either party's modes (#1262)
• /NICKSERV SESSIONS is now /NICKSERV CLIENTS LIST, but the old command is still accepted (#1272, thanks @ajaspers!)
• Improved SETNAME behavior for legacy clients (#1358, thanks @KoraggKnightWolf!)
• Halfops can set the channel topic (#1306)
• Full client certificates are now passed to auth scripts. This allows for more flexible checks on certificates, including verification against an internal CA (#414)

Internal

• Added a logline for debugging client disconnections (#1293)
• Renamed conventional.yaml to traditional.yaml (#1350)
• Integration tests are now run during CI (#1279)

v2.4.0-rc1 - feature parity

We're pleased to be publishing the release candidate for 2.4.0 (the official release should follow in a week or so).

This release includes a number of exciting enhancements and fixes. Here are some highlights:

• Support for migrating an Anope or Atheme database to Oragono (#1042)
• A pluggable system for validating external IPs, e.g., via DNSBLs (#68, thanks @moortens!)
• draft/relaymsg, a new draft extension simplifying bridging with other chat systems (thanks @jlu5!)
• New moderation tools: +u ("auditorium", #1300), +U ("op-moderated", #1178), +M ("moderated-registered", #1182, thanks @ajaspers!), and +b m: (an extban for muting users, #307)

This release includes changes to the config file format, including one breaking change: roleplay.enabled now defaults to false (the new recommended default) instead of true when unset. Other config changes are backwards compatible and do not require updating the file before upgrading.

This release includes a database change. If you have datastore.autoupgrade set to true in your configuration, it will be automatically applied when you restart Oragono. Otherwise, you can update the database manually by running oragono upgradedb (see the manual for complete instructions).

Many thanks to @ajaspers, @jesopo, @moortens, and @RunBarryRun for contributing patches, to @csmith for contributing code reviews, to @ajaspers, @Amiga60077, @bogdomania, @csmith, @edk0, @eskimo, @jlu5, @jwheare, @KoraggKnightWolf, @Mitaka8, @mogad0n, @RyanSquared, and @vertisan for reporting issues and helping test, and to our translators for contributing translations.

Config changes

• Added server.ip-cloaking.enabled-for-always-on, which generates a unique hostname for each always-on client. The recommended default value of this field is true (#1312)
• Added server.coerce-ident; if this is set to a string value, all user/ident fields supplied by clients are ignored and replaced with this value. The recommended default value of this field is ~u. This simplifies bans. (#1340)
• Simplified the config file format for email verification into a new accounts.nick-reservation.email-verification section. The old format (callbacks) is still accepted (#1075)
• The recommended value of roleplay.enabled is now false; this field now defaults to false when unset (#1240, #1271)
• Added server.relaymsg section for configuring the new draft/relaymsg capability; added the new relaymsg operator capability for exercising it (#1119)
• Added allow-environment-overrides config variable, allowing config options to be overridden by environment variables. See the manual for more details. (#1049, thanks @csmith!)
• Added server.ip-check-script for configuring IP check plugins (#68, #1267, thanks @moortens!)
• Added max-concurrency restriction to accounts.auth-script section. The recommended default value is 64 (0 or unset disable the restriction) (#1267)
• Added accounts.registration.allow-before-connect; this allows the use of the new REGISTER command before connecting to the server (#1075)
• Added hidden option in operator blocks: if set to true, operator status is hidden from commands like WHOIS that would otherwise display it (#1194)
• Added accounts.nick-reservation.forbid-anonymous-nick-changes, which forbids anonymous users from changing their nicknames after initially connecting (#1337, thanks @Amiga60077!)
• Added channels.invite-expiration, allowing invites to +i channels to expire after a given amount of time (#1171)

Security

• Added /NICKSERV CLIENTS LOGOUT command for disconnecting clients connected to a user account (#1072, #1272, thanks @ajaspers!)
• Disallowed the use of service nicknames during roleplaying (#1240, thanks @Mitaka8!)
• Improved security properties of INVITE for invite-only channels, including an UNINVITE command (#1171)

Removed

• Removed the request queue system for HostServ, i.e., the REQUEST, APPROVE, and REJECT subcommands of HOSTSERV (#1346)

Fixed

• PONG is now sent with the server name as the first parameter, matching the behavior of other ircds (#1249, thanks @jesopo!)
• It was not possible to set or unset the +T no-CTCP user mode; this has been fixed (#1299, thanks @mogad0n!)
• Fixed edge cases with /NICKSERV SAREGISTER of confusable nicknames (#1322, thanks @mogad0n!)
• Fixed websocket listeners with proxy-before-TLS enabled closing on invalid PROXY lines (#1269, thanks @RyanSquared!)
• Fixed error responses and history for SANICK (#1277, #1278, thanks @eskimo!)
• Ensured that stored realnames of always-on clients are deleted during account unregistration (#1330)
• Whitespace is now stripped from KLINEs (#1327, thanks @mogad0n!)
• Fixed incorrect LUSERS counts caused by KLINE (#1303, thanks @mogad0n!)
• CHATHISTORY queries for invalid channels now get an empty batch instead of a FAIL (#1322)
• fakelag.messages-per-window = 0 no longer causes a panic (#861, thanks @vertisan!)

Added

• Added oragono importdb command for importing a converted Anope or Atheme database; see the manual for details (#1042)
• Added support for the new draft/relaymsg extension, which simplifies bridging IRC with other protocols relaymsg (#1119, thanks @jlu5!)
• Added ip-check-script, a scripting API for restricting access by client IP. We provide oragono-dnsbl, an external script that can query DNSBLs for this purpose (#68, #1267, thanks @moortens!)
• Added channel mode +u. This is an "auditorium" mode that prevents unprivileged users from seeing each other's JOIN and PART lines. It's useful for large public-announcement channels, possibly in conjunction with +m (#1300)
• Added channel mode +U. This is an "op-moderated" mode; messages from unprivileged users are sent only to channel operators, who can then choose to grant them +v. (#1178)
• Added a mute extban +b m:: users matching the ban expression (e.g., +b m:*!*@j6dwi4vacx47y.irc) will be able to join the channel, but will be unable to speak. (#307)
• Added support for the new draft/register extension, which exposes a cleaner account registration API to clients (#1075, thanks @edk0!)
• Added a 379 RPL_WHOISMODES line to the WHOIS response, making it easier for operators to see other users' modes (#769, thanks @Amiga60077 and @KoraggKnightWolf!)
• Added /CHANSERV DEOP command for removing channel operator privileges (#361, thanks @RunBarryRun!)
• Added r flag to /WHO responses for registered nicknames (#1366, thanks @Amiga60077!)

Changed

• Always-on clients now receive a user/ident of ~u by default, instead of ~user; this can be changed by setting the coerce-ident field (#1340)
• /NICKSERV SUSPEND has been modified to take subcommands (ADD, DEL, and LIST); the ADD subcommand now accepts time duration and reason arguments. See /msg NickServ HELP SUSPEND for details. (#1274, thanks @mogad0n!)
• Only the channel founder can kick the channel founder, regardless of either party's modes (#1262)
• /NICKSERV SESSIONS is now /NICKSERV CLIENTS LIST, but the old command is still accepted (#1272, thanks @ajaspers!)
• Improved SETNAME behavior for legacy clients (#1358, thanks @KoraggKnightWolf!)
• Halfops can set the channel topic (#1306)
• Full client certificates are now passed to auth scripts. This allows for more flexible checks on certificates, including verification against an internal CA (#414)

Internal

• Added a logline for debugging client disconnections (#1293)
• Renamed conventional.yaml to traditional.yaml (#1350)
• Integration tests are now run during CI (#1279)

v2.3.0 - a bugfix release

We're pleased to announce Oragono 2.3.0, a new stable release.

This release contains primarily bug fixes, but includes one notable feature enhancement: a change contributed by @hhirtz that updates the draft/rename specification to correspond to the new (soon-to-be) published draft.

Many thanks to @hhirtz for contributing patches, to @bogdomania, @digitalcircuit, @ivan-avalos, @jesopo, @kylef, @Mitaka8, @mogad0n, and @ProgVal for reporting issues and helping test, and to our translators for contributing translations.

This release includes no changes to the config file format or database changes.

Config changes

• The recommended value of lookup-hostnames for configurations that cloak IPs (as has been the default since 2.1.0) is now false (#1228)

Security

• Mitigated a potential DoS attack on websocket listeners (#1226)

Removed

• Removed /HOSTSERV OFFERLIST and related commands; this functionality is superseded by IP cloaking (#1190)

Fixed

• Fixed an edge case in handling no-op nick changes (#1242)
• Fixed edge cases with users transitioning in and out of always-on status (#1218, #1219, thanks @bogdomania!)
• Fixed a race condition related to the registration timeout (#1225, thanks @hhirtz!)
• Fixed incorrectly formatted account tags on some messages (#1254, thanks @digitalcircuit!)
• Improved checks for invalid config files (#1244, thanks @ivan-avalos!)
• Fixed messages to services and *playback not receiving echo-message when applicable (#1204, thanks @kylef!)
• Fixed a help string (#1237, thanks @Mitaka8!)

Changed

• Updated draft/rename implementation to the latest draft (#1223, thanks @hhirtz!)

Internal

• Official release builds now use Go 1.15 (#1195)
• /INFO now includes the Go version (#1234)