Releases: atheme/atheme
Atheme IRC Services v7.2.12
The 7.2 branch is only going to receive security fixes now. For new features, please consider upgrading to 7.3; see its NEWS.md file first.
Changes since v7.2.11:
- Minor improvements to the build system
- Don't try to write the database if we couldn't open it
- Keep track of pending entity ID for SASL login
This release addresses an SASL security issue when used with InspIRCd 3.0+ servers. If you use Atheme IRC Services with such a server, you MUST upgrade.
This same security issue also affects version 7.1 of services, which is no longer receiving security updates or support; if you are using version 7.1 of services with such a server, you MUST upgrade.
NOTE: Please DO NOT use the "Source code" links below; an atheme-services-v7.2.12.tar.xz
file has been attached for download instead.
Atheme IRC Services v7.2.11
The 7.2 branch is only going to receive security fixes now. For new features, please consider upgrading to 7.3; see its NEWS.md file first.
Changes since v7.2.10:
- Support building contrib modules on most non-Linux Operating Systems
- Add a preliminary Turkish translation
- Add HMAC-MD5 verify-only support to
crypto/pbkdf2v2
atheme.conf.example
: documentneedoper
not being inheritedmodules/chanserv/akick
: fix unload crash with akicks that have timeoutsmodules/nickserv/register
: check e-mail address validity earlier in the processmodules/nickserv/multimark
: use IRC case canonicalisation for restored nicksmodules/nickserv/multimark
: forbid unloading due to the potential for data lossCA_
constants: includeCA_EXEMPT
(+e
) where appropriatelibathemecore/conf.c
: fix minor memory leak withhide_xop
NOTE: Please DO NOT use the "Source code" links below; an atheme-services-v7.2.11.tar.xz
file has been attached for download instead.
Atheme v7.2.10-r2
NOTE: Please DO NOT use the "Source code" links below; an atheme-v7.2.10-r2.tar.xz
file has been attached for download instead.
NOTE: This is likely to be the last v7.2 release, unless a bug is discovered that requires fixing.
Changes since v7.2.9:
- Bugfixes and better logic in
verify_password()
- Fix potential NULL dereference in
modules/crypto/posix
- Backport some
modules/crypto/pbkdf2v2
improvements from master - Backport
modules/crypto/argon2d
from master - Backport Base-64 codec from master
- Backport some build/configuration system improvements from master
- Bump E-Mail address maximum length to 254 characters
- Use flags setter information in
modules/chanserv/access
&modules/chanserv/flags
- Fix issue where
modules/misc/httpd
wasn't closing its listening socket on deinit - Fix GroupServ data loss issue when a group was the founder of another group
Atheme v7.2.9
This is a security release fixing use after free that could potentially be abused
by an attacker already having the privilege to use SASL impersonation to cause a
denial of service. Users of 7.2.8 should update to version 7.2.9; older releases
are not affected.
Atheme v7.2.8
This is a security release closing a memory leak that could be exploited by attackers to potentially cause a denial of service. Release 7.2.7 is affected; older releases are unaffected. See #539 for technical information.
Atheme v7.2.7
atheme 7.2.7