Movim

Pl chevron_right

ProcessOne: ejabberd 25.07

news.movim.eu / PlanetJabber • 11 July 2025 • 11 minutes

Release Highlights:

This release focus on integration in a wider federated network, with support for spam fighting features, better compliance with Matrix network and native support for PubSub Server Information to have your server count as part of the wider XMPP network (for example, you can register your server on XMPP Network Graph ).

Spam filter with block lists support
Support for XEP-0485: PubSub Server Information
Support for older Matrix rooms in ejabberd XMPP <-> Matrix Gateway

If you are upgrading from a previous version, there are no changes in SQL schemas, configuration, API commands or hooks.

List of Contents:

Workaround for zip module in unpatched Erlang
Erlang/OTP 28 supported
Erlang/OTP 25 required
New mod_antispam with RTBL support
New `mod_pubsub_serverinfo `
Improvements in Matrix gateway
XEP-0431: Full Text Search in MAM
New rest_proxy options
New auth_password_types_hidden_in_scram1 option
New host_alias option
New predefined keywords
Link to Converse in WebAdmin
Updates in source code formatting
New target test-group
Acknowledgments
Improvements in ejabberd Business Edition
ChangeLog
ejabberd 25.07 download & feedback

Below is a detailed breakdown of the improvements and enhancements:

Workaround for `zip` module in unpatched Erlang

A vulnerability was published three weeks ago that affects the zip library included in Erlang/OTP: CVE-2025-4748: Absolute path in zip module .

The ejabberd installers and the ejabberd container image already use a patched version Erlang/OTP 27.3.4.1, but the ecs container image uses Erlang/OTP 26.2.

ejabberd 25.07 includes a specific protection that workarounds that vulnerability regardless of what Erlang/OTP version you are using.

Erlang/OTP 28 supported

Updating ejabberd to support Erlang/OTP 28 has required quite some work due to the replacement of ancient ASN.1 modules from Erlang/OTP public_key library.

Improvements were done on ejabberd, fast_xml , p1_acme , xmpp libraries, and also rebar / rebar3 binaries were recompiled.

However, there is still one last problem not yet solved which implies that ACME support is broken when using Erlang/OTP 28.0.1. The fix will probably be included in the next Erlang/OTP 28 release.

Erlang/OTP 25 required

The minimum Erlang/OTP version supported since now is 25.0.

However, we are aware there are still a few specific cases where older Erlang/OTP versions are being used. For that reason, the source code support for those versions is still available, and static source code analysis tools like xref and dialyzer are still run with Erlang/OTP 20 in runtime.yml .

If you really need to use ejabberd with Erlang/OTP 20 - 24, you can bypass the version check during compilation with this ./configure option: ./configure --with-min-erlang=9.0.5

New `mod_antispam` with RTBL support

mod_antispam is a new module that filters spam messages and subscription requests received from remote servers based on Real-Time Block Lists (RTBL) , text lists of known spammer JIDs and/or URLs mentioned in spam messages.

This module is based in mod_spam_filter which was originally published in ejabberd-contrib . If you were using that module, you can update your configuration and start using mod_antispam instead.

New `mod_pubsub_serverinfo`

mod_pubsub_serverinfo adds support for XEP-0485: PubSub Server Information to expose S2S information over the Pub/Sub service.

This module was originally published in ejabberd-contrib . If you were using that module, you can remove it, as now it&aposs included in ejabberd.

Improvements in Matrix gateway

While we are preparing another big update for the Matrix gateway. The most important change is that we added support to a larger number of room versions. It allows users to let them join a lot of rooms that were already created a while back and running an older version of the room protocol.

Here is the main list of changes to the matrix gateway:

mod_matrix_gw : Support older Matrix rooms versions starting from version 4
mod_matrix_gw : Don&apost send empty messages in Matrix rooms (#4385)
mod_matrix_gw : Fix key validation in mod_matrix_gw_s2s:check_signature
mod_matrix_gw : When encoding JSON, handle term that is key-value list (#4379)

XEP-0431: Full Text Search in MAM

Support for XEP-0431: Full Text Search in MAM has been added. For now, it only works if mod_mam is using the MySQL storage backend.

New `rest_proxy` options

With those new options you can make modules using rest.erl module (like ejabberd_oauth_rest ) use HTTP proxy when performing HTTP requests.

The related new top level options are:

rest_proxy : Address of a HTTP Connect proxy
rest_proxy_port : Port of a HTTP Connect proxy
rest_proxy_username : Username used to authenticate to HTTP Connect proxy (optional)
rest_proxy_password : Password used to authenticate to HTTP Connect proxy (optional)

New `auth_password_types_hidden_in_scram1` option

This option was added to help with adding new password types in auth_stored_password_types option to existing installations. Adding new password type made server advertise it to clients, but that caused problems for users that didn&apost have new password type stored, and which clients used SASL1 authentication, if client tried to authenticate with it, authentications would fail.

With this new option, server admin can choose which password types should not be presented to SASL1 clients (they still will be offered to SASL2 clients for users that have password compatible with this type), to later after users update password to have new type, being able to enable them.

This option takes list of password types from auth_stored_password_types that should be disabled

auth_password_types_hidden_in_scram1:
  - scram_sha512
  - scram_sha256

New `hosts_alias` option

The new hosts_alias toplevel option is used by the ejabberd_http listener to resolve domain names into vhosts served by ejabberd.

For example, ejabberd is serving the vhost redacted.lan , but you configured DNS so xmpp.redacted.lan resolves to that host. If you configure in ejabberd:

hosts:
  - redacted.lan

hosts_alias:
  xmpp.redacted.lan: redacted.lan

listen:
  -
    port: 443
    ip: "::"
    tls: true
    module: ejabberd_http
    request_handlers:
      "/bosh": mod_bosh
      "/ws": ejabberd_http_ws
      "/conversejs": mod_conversejs

modules:
  mod_bosh:
  mod_conversejs:
    bosh_service_url: "https://xmpp.redacted.lan/bosh"
    websocket_url: "wss://xmpp.redacted.lan/ws"

then ejabberd_http will accept https://xmpp.redacted.lan/conversejs and deliver it to vhost redacted.lan

In previous ejabberd releases, an option called default_host was documented for the ejabberd_http listener, but it didn&apost work at all correctly.

New predefined keywords

A few months ago, ejabberd 25.03 introduced new predefined keywords like HOST , HOME , VERSION and SEMVER .

And now two more predefined keywords are added:

CONFIG_PATH : Path to the configuration directory, for example "/home/ejabberd/opt/ejabberd/conf"
LOG_PATH : Path to the log directory, for example "/home/ejabberd/opt/ejabberd/logs"

Those keywords are specially useful when configuring mod_antispam : you can copy text files to the configuration directory where the module will read them, and also configure the module to write the dump file on the log directory.

Link to Converse in WebAdmin

mod_conversejs has a new tiny improvement: it adds a link in the WebAdmin menu to the local Converse instance.

Additionally, when HTTPS with encryption is enabled, that link logins directly with the account used in WebAdmin.

Updates in source code formatting

A year ago, ejabberd 24.06 introduced make format and make indent .

Now that script uses Perl to work correctly in Mac OS too.

And there&aposs a new section in the documentation, see Format that describes how to use that feature, and tips for Git hooks and Git alias.

New target `test-group`

ejabberd includes a Common Test suite with 1456 test cases, which typically takes around 10 minutes to run.

When developing new source code, you may want to run only tests from a specific group and a specific storage backend, as documented in the ejabberd testing documentation :

CT_BACKENDS=mnesia rebar3 ct --suite=test/ejabberd_SUITE --group=antispam_single

To facilitate this usage, a new target is available:

CT_BACKENDS=mnesia make test-antispam_single

Acknowledgments

We would like to thank the contributions to the source code, documentation, and translation provided for this release by:

Stefan Strigler and Holger Weiß for mod_antispam and the original mod_spam_filter
Stefan Strigler for mod_pubsub_serverinfo and test-group target
Bruno MATEU for the missing comma in postgres schema
GiannosOB updated the Greek translation
Tamil Neram updated the Tamil translation
Максим Горпиніч updated the Ukrainian translation

And also to all the people contributing in the ejabberd chatroom, issue tracker...

Improvements in ejabberd Business Edition

Customers of the ejabberd Business Edition , in addition to all those improvements and bugfixes, also get the following changes.

Monitoring

The following new metrics has been added to mod_mon :

message_receive_packet : number of message stanzas of any type received by the server on c2s connections
message_send_packet : number of message stanzas of any type send by the server on c2s connections
iq_receive_packet : number of IQ stanzas received by the server on c2s connections
iq_send_packet : number of IQ stanzas send by the server on c2s connections
iq_get_receive_packet : number of IQ stanzas of type get received by the server on c2s connections
iq_set_receive_packet : number of IQ stanzas of type set received by the server on c2s connections
iq_result_receive_packet : number of IQ stanzas of type result received by the server on c2s connections
iq_error_receive_packet : number of IQ stanzas of type error received by the server on c2s connections
iq_get_send_packet : number of IQ stanzas of type get send by the server on c2s connections
iq_set_send_packet : number of IQ stanzas of type set send by the server on c2s connections
iq_result_send_packet : number of IQ stanzas of type result send by the server on c2s connections
iq_error_send_packet : number of IQ stanzas of type error send by the server on c2s connections

The metrics c2s_receive & c2s_send now count all stanzas on c2s connections.

The cpu_usage probe now gives more reliable values.

Prometheus support has been improved.

A new mod_mon_dump command has been added to dump probe values to help debug the monitoring setup.r

Mobile push

It is now possible to use rest_proxy* options to use a HTTP proxy for mod_applepush & mod_gcm outgoing calls.

ChangeLog

This is a more complete list of changes in this ejabberd release:

Security fix

ext_mod : Add temporary workaround for zip including absolute path

Compilation

Raise the minimum Elixir tested version to 1.14.0 ( #4281 )
Raise Erlang/OTP minimum requirement to 25.0 ( #4281 )
configure.ac : Allow to specify minimal erlang version using --with-min-erlang
Makefile.in : Add target test-<group>
rebar3-format.sh : Replace csplit with perl
Container: Bump Erlang/OTP 27.3.4.1, Elixir 1.18.4
Installers: Bump Erlang/OTP 27.3.4.1, Elixir 1.18.4, libexpat 2.7.1, OpenSSL 3.5.1

Configuration and Tests

Add rest_proxy* options to configure proxy used by rest module
ejabberd_c2s : Add auth_password_types_hidden_in_scram1 option
ejabberd_http : Remove unused default_host option and state element
ejabberd_http : New option hosts_alias and function resolve_host_alias/1 ( #4400 )
New predefined keywords: CONFIG_PATH and LOG_PATH
Fix macro used in string options when defined in env var
Use auxiliary function to get $HOME , use Mnesia directory when not set ( #4402 )
ejabberd_config : Better lists:uniq substitute
Tests: update readme and compose to work with current sw versions
Update Elvis to 4.1.1, fix some warnings and enable their tests

Erlang/OTP 28 support

Add workaround in p1_acme for Jose 1.11.10 not supporting OTP 28 ecPrivkeyVer1 ( #4393 )
Bump fast_xml and xmpp for improved Erlang/OTP 28 support
Bump xmpp and p1_acme patched with Erlang/OTP 28 support
Fix make options in Erlang/OTP 28 ( #4352 )
Fix crash in rebar3 cover with Erlang/OTP 28 ( #4353 )
Rebar/Rebar3: Update binaries to work with Erlang/OTP 25-28 ( #4354 )
CI and Runtime: Add Erlang/OTP 28 to the versions matrix

SQL

Fix mnesia to sql exporter after changes to auth tables
Update code for switching to new schema type to users table changes
Add mssql specific implementation of delete_old_mam_messages
Make delete_old_mam_messages_batch work with sqlite
ejabberd_sm_sql : Use misc:encode_pid/1
mysql.sql : Fix typo in commit 7862c6a when creating users table
pg.sql : Fix missing comma in postgres schema ( #4409 )

Core and Modules

ejabberd_s2s_in : Allow S2S connections to accept client certificates that have only server purpose ( #4392 )
ext_mod : Recommend to write README.md instead txt (processone/ejabberd-contrib#363)
ext_mod : Support library path installed from Debian (processone/ejabberd-contrib#363)
ext_mod : When upgrading module, clean also the compiled directories
gen_mod : Add support to prepare module stopping before actually stopping any module
mod_antispam : Imported from ejabberd-contrib and improved ( #4373 )
mod_auth_fast : Clear tokens on kick, change pass and unregister ( #4397 )( #4398 )( #4399 )
mod_conversejs : Add link in WebAdmin to local Converse if configured
mod_mam : Present mam full text search in xep-431 compatible way
mod_mam_mnesia : Handle objects that don&apost need conversion in transform/0
mod_matrix_gw : Don&apost send empty messages in Matrix rooms ( #4385 )
mod_matrix_gw : Support older Matrix rooms versions starting from version 4
mod_matrix_gw : When encoding JSON, handle term that is key-value list ( #4379 )
mod_matrix_gw_s2s : Fix key validation in check_signature
mod_mix and mod_muc_rtbl : Support list of IDs in pubsub-items-retract (processone/xmpp#100)
mod_pubsub_serverinfo : Imported module from ejabberd-contrib ( #4408 )
mod_register : Normalize username when determining if user want to change pass
mod_register : Strip query data when returning errors
WebAdmin: New hooks webadmin_menu_system to add items to system menu

Full Changelog

https://github.com/processone/ejabberd/compare/25.04...25.07

ejabberd 25.07 download & feedback

As usual, the release is tagged in the Git source code repository on GitHub .

The source package and installers are available in ejabberd Downloads page. To check the *.asc signature files, see How to verify ProcessOne downloads integrity .

For convenience, there are alternative download locations like the ejabberd DEB/RPM Packages Repository and the GitHub Release / Tags .

The ecs container image is available in docker.io/ejabberd/ecs and ghcr.io/processone/ecs . The alternative ejabberd container image is available in ghcr.io/processone/ejabberd .

If you consider that you&aposve found a bug, please search or fill a bug report on GitHub Issues .

Pl chevron_right

ProcessOne: ejabberd 25.07

news.movim.eu / PlanetJabber • 11 July 2025 • 11 minutes

Release Highlights:

This release focus on integration in a wider federated network, with support for spam fighting features, better compliance with Matrix network and native support for PubSub Server Information to have your server count as part of the wider XMPP network (for example, you can register your server on XMPP Network Graph ).

Spam filter with block lists support
Support for XEP-0485: PubSub Server Information
Support for older Matrix rooms in ejabberd XMPP <-> Matrix Gateway

If you are upgrading from a previous version, there are no changes in SQL schemas, configuration, API commands or hooks.

List of Contents:

Workaround for zip module in unpatched Erlang
Erlang/OTP 28 supported
Erlang/OTP 25 required
New mod_antispam with RTBL support
New `mod_pubsub_serverinfo `
Improvements in Matrix gateway
XEP-0431: Full Text Search in MAM
New rest_proxy options
New auth_password_types_hidden_in_scram1 option
New host_alias option
New predefined keywords
Link to Converse in WebAdmin
Updates in source code formatting
New target test-group
Acknowledgments
Improvements in ejabberd Business Edition
ChangeLog
ejabberd 25.07 download & feedback

Below is a detailed breakdown of the improvements and enhancements:

Workaround for `zip` module in unpatched Erlang

A vulnerability was published three weeks ago that affects the zip library included in Erlang/OTP: CVE-2025-4748: Absolute path in zip module .

The ejabberd installers and the ejabberd container image already use a patched version Erlang/OTP 27.3.4.1, but the ecs container image uses Erlang/OTP 26.2.

ejabberd 25.07 includes a specific protection that workarounds that vulnerability regardless of what Erlang/OTP version you are using.

Erlang/OTP 28 supported

Updating ejabberd to support Erlang/OTP 28 has required quite some work due to the replacement of ancient ASN.1 modules from Erlang/OTP public_key library.

Improvements were done on ejabberd, fast_xml , p1_acme , xmpp libraries, and also rebar / rebar3 binaries were recompiled.

However, there is still one last problem not yet solved which implies that ACME support is broken when using Erlang/OTP 28.0.1. The fix will probably be included in the next Erlang/OTP 28 release.

Erlang/OTP 25 required

The minimum Erlang/OTP version supported since now is 25.0.

However, we are aware there are still a few specific cases where older Erlang/OTP versions are being used. For that reason, the source code support for those versions is still available, and static source code analysis tools like xref and dialyzer are still run with Erlang/OTP 20 in runtime.yml .

If you really need to use ejabberd with Erlang/OTP 20 - 24, you can bypass the version check during compilation with this ./configure option: ./configure --with-min-erlang=9.0.5

New `mod_antispam` with RTBL support

mod_antispam is a new module that filters spam messages and subscription requests received from remote servers based on Real-Time Block Lists (RTBL) , text lists of known spammer JIDs and/or URLs mentioned in spam messages.

This module is based in mod_spam_filter which was originally published in ejabberd-contrib . If you were using that module, you can update your configuration and start using mod_antispam instead.

New `mod_pubsub_serverinfo`

mod_pubsub_serverinfo adds support for XEP-0485: PubSub Server Information to expose S2S information over the Pub/Sub service.

This module was originally published in ejabberd-contrib . If you were using that module, you can remove it, as now it&aposs included in ejabberd.

Improvements in Matrix gateway

While we are preparing another big update for the Matrix gateway. The most important change is that we added support to a larger number of room versions. It allows users to let them join a lot of rooms that were already created a while back and running an older version of the room protocol.

Here is the main list of changes to the matrix gateway:

mod_matrix_gw : Support older Matrix rooms versions starting from version 4
mod_matrix_gw : Don&apost send empty messages in Matrix rooms (#4385)
mod_matrix_gw : Fix key validation in mod_matrix_gw_s2s:check_signature
mod_matrix_gw : When encoding JSON, handle term that is key-value list (#4379)

XEP-0431: Full Text Search in MAM

Support for XEP-0431: Full Text Search in MAM has been added. For now, it only works if mod_mam is using the MySQL storage backend.

New `rest_proxy` options

With those new options you can make modules using rest.erl module (like ejabberd_oauth_rest ) use HTTP proxy when performing HTTP requests.

The related new top level options are:

rest_proxy : Address of a HTTP Connect proxy
rest_proxy_port : Port of a HTTP Connect proxy
rest_proxy_username : Username used to authenticate to HTTP Connect proxy (optional)
rest_proxy_password : Password used to authenticate to HTTP Connect proxy (optional)

New `auth_password_types_hidden_in_scram1` option

This option was added to help with adding new password types in auth_stored_password_types option to existing installations. Adding new password type made server advertise it to clients, but that caused problems for users that didn&apost have new password type stored, and which clients used SASL1 authentication, if client tried to authenticate with it, authentications would fail.

With this new option, server admin can choose which password types should not be presented to SASL1 clients (they still will be offered to SASL2 clients for users that have password compatible with this type), to later after users update password to have new type, being able to enable them.

This option takes list of password types from auth_stored_password_types that should be disabled

auth_password_types_hidden_in_scram1:
  - scram_sha512
  - scram_sha256

New `hosts_alias` option

The new hosts_alias toplevel option is used by the ejabberd_http listener to resolve domain names into vhosts served by ejabberd.

For example, ejabberd is serving the vhost redacted.lan , but you configured DNS so xmpp.redacted.lan resolves to that host. If you configure in ejabberd:

hosts:
  - redacted.lan

hosts_alias:
  xmpp.redacted.lan: redacted.lan

listen:
  -
    port: 443
    ip: "::"
    tls: true
    module: ejabberd_http
    request_handlers:
      "/bosh": mod_bosh
      "/ws": ejabberd_http_ws
      "/conversejs": mod_conversejs

modules:
  mod_bosh:
  mod_conversejs:
    bosh_service_url: "https://xmpp.redacted.lan/bosh"
    websocket_url: "wss://xmpp.redacted.lan/ws"

then ejabberd_http will accept https://xmpp.redacted.lan/conversejs and deliver it to vhost redacted.lan

In previous ejabberd releases, an option called default_host was documented for the ejabberd_http listener, but it didn&apost work at all correctly.

New predefined keywords

A few months ago, ejabberd 25.03 introduced new predefined keywords like HOST , HOME , VERSION and SEMVER .

And now two more predefined keywords are added:

CONFIG_PATH : Path to the configuration directory, for example "/home/ejabberd/opt/ejabberd/conf"
LOG_PATH : Path to the log directory, for example "/home/ejabberd/opt/ejabberd/logs"

Those keywords are specially useful when configuring mod_antispam : you can copy text files to the configuration directory where the module will read them, and also configure the module to write the dump file on the log directory.

Link to Converse in WebAdmin

mod_conversejs has a new tiny improvement: it adds a link in the WebAdmin menu to the local Converse instance.

Additionally, when HTTPS with encryption is enabled, that link logins directly with the account used in WebAdmin.

Updates in source code formatting

A year ago, ejabberd 24.06 introduced make format and make indent .

Now that script uses Perl to work correctly in Mac OS too.

And there&aposs a new section in the documentation, see Format that describes how to use that feature, and tips for Git hooks and Git alias.

New target `test-group`

ejabberd includes a Common Test suite with 1456 test cases, which typically takes around 10 minutes to run.

When developing new source code, you may want to run only tests from a specific group and a specific storage backend, as documented in the ejabberd testing documentation :

CT_BACKENDS=mnesia rebar3 ct --suite=test/ejabberd_SUITE --group=antispam_single

To facilitate this usage, a new target is available:

CT_BACKENDS=mnesia make test-antispam_single

Acknowledgments

We would like to thank the contributions to the source code, documentation, and translation provided for this release by:

Stefan Strigler and Holger Weiß for mod_antispam and the original mod_spam_filter
Stefan Strigler for mod_pubsub_serverinfo and test-group target
Bruno MATEU for the missing comma in postgres schema
GiannosOB updated the Greek translation
Tamil Neram updated the Tamil translation
Максим Горпиніч updated the Ukrainian translation

And also to all the people contributing in the ejabberd chatroom, issue tracker...

Improvements in ejabberd Business Edition

Customers of the ejabberd Business Edition , in addition to all those improvements and bugfixes, also get the following changes.

Monitoring

The following new metrics has been added to mod_mon :

message_receive_packet : number of message stanzas of any type received by the server on c2s connections
message_send_packet : number of message stanzas of any type send by the server on c2s connections
iq_receive_packet : number of IQ stanzas received by the server on c2s connections
iq_send_packet : number of IQ stanzas send by the server on c2s connections
iq_get_receive_packet : number of IQ stanzas of type get received by the server on c2s connections
iq_set_receive_packet : number of IQ stanzas of type set received by the server on c2s connections
iq_result_receive_packet : number of IQ stanzas of type result received by the server on c2s connections
iq_error_receive_packet : number of IQ stanzas of type error received by the server on c2s connections
iq_get_send_packet : number of IQ stanzas of type get send by the server on c2s connections
iq_set_send_packet : number of IQ stanzas of type set send by the server on c2s connections
iq_result_send_packet : number of IQ stanzas of type result send by the server on c2s connections
iq_error_send_packet : number of IQ stanzas of type error send by the server on c2s connections

The metrics c2s_receive & c2s_send now count all stanzas on c2s connections.

The cpu_usage probe now gives more reliable values.

Prometheus support has been improved.

A new mod_mon_dump command has been added to dump probe values to help debug the monitoring setup.r

Mobile push

It is now possible to use rest_proxy* options to use a HTTP proxy for mod_applepush & mod_gcm outgoing calls.

ChangeLog

This is a more complete list of changes in this ejabberd release:

Security fix

ext_mod : Add temporary workaround for zip including absolute path

Compilation

Raise the minimum Elixir tested version to 1.14.0 ( #4281 )
Raise Erlang/OTP minimum requirement to 25.0 ( #4281 )
configure.ac : Allow to specify minimal erlang version using --with-min-erlang
Makefile.in : Add target test-<group>
rebar3-format.sh : Replace csplit with perl
Container: Bump Erlang/OTP 27.3.4.1, Elixir 1.18.4
Installers: Bump Erlang/OTP 27.3.4.1, Elixir 1.18.4, libexpat 2.7.1, OpenSSL 3.5.1

Configuration and Tests

Add rest_proxy* options to configure proxy used by rest module
ejabberd_c2s : Add auth_password_types_hidden_in_scram1 option
ejabberd_http : Remove unused default_host option and state element
ejabberd_http : New option hosts_alias and function resolve_host_alias/1 ( #4400 )
New predefined keywords: CONFIG_PATH and LOG_PATH
Fix macro used in string options when defined in env var
Use auxiliary function to get $HOME , use Mnesia directory when not set ( #4402 )
ejabberd_config : Better lists:uniq substitute
Tests: update readme and compose to work with current sw versions
Update Elvis to 4.1.1, fix some warnings and enable their tests

Erlang/OTP 28 support

Add workaround in p1_acme for Jose 1.11.10 not supporting OTP 28 ecPrivkeyVer1 ( #4393 )
Bump fast_xml and xmpp for improved Erlang/OTP 28 support
Bump xmpp and p1_acme patched with Erlang/OTP 28 support
Fix make options in Erlang/OTP 28 ( #4352 )
Fix crash in rebar3 cover with Erlang/OTP 28 ( #4353 )
Rebar/Rebar3: Update binaries to work with Erlang/OTP 25-28 ( #4354 )
CI and Runtime: Add Erlang/OTP 28 to the versions matrix

SQL

Fix mnesia to sql exporter after changes to auth tables
Update code for switching to new schema type to users table changes
Add mssql specific implementation of delete_old_mam_messages
Make delete_old_mam_messages_batch work with sqlite
ejabberd_sm_sql : Use misc:encode_pid/1
mysql.sql : Fix typo in commit 7862c6a when creating users table
pg.sql : Fix missing comma in postgres schema ( #4409 )

Core and Modules

ejabberd_s2s_in : Allow S2S connections to accept client certificates that have only server purpose ( #4392 )
ext_mod : Recommend to write README.md instead txt (processone/ejabberd-contrib#363)
ext_mod : Support library path installed from Debian (processone/ejabberd-contrib#363)
ext_mod : When upgrading module, clean also the compiled directories
gen_mod : Add support to prepare module stopping before actually stopping any module
mod_antispam : Imported from ejabberd-contrib and improved ( #4373 )
mod_auth_fast : Clear tokens on kick, change pass and unregister ( #4397 )( #4398 )( #4399 )
mod_conversejs : Add link in WebAdmin to local Converse if configured
mod_mam : Present mam full text search in xep-431 compatible way
mod_mam_mnesia : Handle objects that don&apost need conversion in transform/0
mod_matrix_gw : Don&apost send empty messages in Matrix rooms ( #4385 )
mod_matrix_gw : Support older Matrix rooms versions starting from version 4
mod_matrix_gw : When encoding JSON, handle term that is key-value list ( #4379 )
mod_matrix_gw_s2s : Fix key validation in check_signature
mod_mix and mod_muc_rtbl : Support list of IDs in pubsub-items-retract (processone/xmpp#100)
mod_pubsub_serverinfo : Imported module from ejabberd-contrib ( #4408 )
mod_register : Normalize username when determining if user want to change pass
mod_register : Strip query data when returning errors
WebAdmin: New hooks webadmin_menu_system to add items to system menu

Full Changelog

https://github.com/processone/ejabberd/compare/25.04...25.07

ejabberd 25.07 download & feedback

As usual, the release is tagged in the Git source code repository on GitHub .

The source package and installers are available in ejabberd Downloads page. To check the *.asc signature files, see How to verify ProcessOne downloads integrity .

For convenience, there are alternative download locations like the ejabberd DEB/RPM Packages Repository and the GitHub Release / Tags .

The ecs container image is available in docker.io/ejabberd/ecs and ghcr.io/processone/ecs . The alternative ejabberd container image is available in ghcr.io/processone/ejabberd .

If you consider that you&aposve found a bug, please search or fill a bug report on GitHub Issues .

Pl chevron_right

ProcessOne: ejabberd 25.07

news.movim.eu / PlanetJabber • 11 July 2025 • 11 minutes

Release Highlights:

This release focus on integration in a wider federated network, with support for spam fighting features, better compliance with Matrix network and native support for PubSub Server Information to have your server count as part of the wider XMPP network (for example, you can register your server on XMPP Network Graph ).

Spam filter with block lists support
Support for XEP-0485: PubSub Server Information
Support for older Matrix rooms in ejabberd XMPP <-> Matrix Gateway

If you are upgrading from a previous version, there are no changes in SQL schemas, configuration, API commands or hooks.

List of Contents:

Workaround for zip module in unpatched Erlang
Erlang/OTP 28 supported
Erlang/OTP 25 required
New mod_antispam with RTBL support
New `mod_pubsub_serverinfo `
Improvements in Matrix gateway
XEP-0431: Full Text Search in MAM
New rest_proxy options
New auth_password_types_hidden_in_scram1 option
New host_alias option
New predefined keywords
Link to Converse in WebAdmin
Updates in source code formatting
New target test-group
Acknowledgments
Improvements in ejabberd Business Edition
ChangeLog
ejabberd 25.07 download & feedback

Below is a detailed breakdown of the improvements and enhancements:

Workaround for `zip` module in unpatched Erlang

A vulnerability was published three weeks ago that affects the zip library included in Erlang/OTP: CVE-2025-4748: Absolute path in zip module .

The ejabberd installers and the ejabberd container image already use a patched version Erlang/OTP 27.3.4.1, but the ecs container image uses Erlang/OTP 26.2.

ejabberd 25.07 includes a specific protection that workarounds that vulnerability regardless of what Erlang/OTP version you are using.

Erlang/OTP 28 supported

Updating ejabberd to support Erlang/OTP 28 has required quite some work due to the replacement of ancient ASN.1 modules from Erlang/OTP public_key library.

Improvements were done on ejabberd, fast_xml , p1_acme , xmpp libraries, and also rebar / rebar3 binaries were recompiled.

However, there is still one last problem not yet solved which implies that ACME support is broken when using Erlang/OTP 28.0.1. The fix will probably be included in the next Erlang/OTP 28 release.

Erlang/OTP 25 required

The minimum Erlang/OTP version supported since now is 25.0.

However, we are aware there are still a few specific cases where older Erlang/OTP versions are being used. For that reason, the source code support for those versions is still available, and static source code analysis tools like xref and dialyzer are still run with Erlang/OTP 20 in runtime.yml .

If you really need to use ejabberd with Erlang/OTP 20 - 24, you can bypass the version check during compilation with this ./configure option: ./configure --with-min-erlang=9.0.5

New `mod_antispam` with RTBL support

mod_antispam is a new module that filters spam messages and subscription requests received from remote servers based on Real-Time Block Lists (RTBL) , text lists of known spammer JIDs and/or URLs mentioned in spam messages.

This module is based in mod_spam_filter which was originally published in ejabberd-contrib . If you were using that module, you can update your configuration and start using mod_antispam instead.

New `mod_pubsub_serverinfo`

mod_pubsub_serverinfo adds support for XEP-0485: PubSub Server Information to expose S2S information over the Pub/Sub service.

This module was originally published in ejabberd-contrib . If you were using that module, you can remove it, as now it&aposs included in ejabberd.

Improvements in Matrix gateway

While we are preparing another big update for the Matrix gateway. The most important change is that we added support to a larger number of room versions. It allows users to let them join a lot of rooms that were already created a while back and running an older version of the room protocol.

Here is the main list of changes to the matrix gateway:

mod_matrix_gw : Support older Matrix rooms versions starting from version 4
mod_matrix_gw : Don&apost send empty messages in Matrix rooms (#4385)
mod_matrix_gw : Fix key validation in mod_matrix_gw_s2s:check_signature
mod_matrix_gw : When encoding JSON, handle term that is key-value list (#4379)

XEP-0431: Full Text Search in MAM

Support for XEP-0431: Full Text Search in MAM has been added. For now, it only works if mod_mam is using the MySQL storage backend.

New `rest_proxy` options

With those new options you can make modules using rest.erl module (like ejabberd_oauth_rest ) use HTTP proxy when performing HTTP requests.

The related new top level options are:

rest_proxy : Address of a HTTP Connect proxy
rest_proxy_port : Port of a HTTP Connect proxy
rest_proxy_username : Username used to authenticate to HTTP Connect proxy (optional)
rest_proxy_password : Password used to authenticate to HTTP Connect proxy (optional)

New `auth_password_types_hidden_in_scram1` option

This option was added to help with adding new password types in auth_stored_password_types option to existing installations. Adding new password type made server advertise it to clients, but that caused problems for users that didn&apost have new password type stored, and which clients used SASL1 authentication, if client tried to authenticate with it, authentications would fail.

With this new option, server admin can choose which password types should not be presented to SASL1 clients (they still will be offered to SASL2 clients for users that have password compatible with this type), to later after users update password to have new type, being able to enable them.

This option takes list of password types from auth_stored_password_types that should be disabled

auth_password_types_hidden_in_scram1:
  - scram_sha512
  - scram_sha256

New `hosts_alias` option

The new hosts_alias toplevel option is used by the ejabberd_http listener to resolve domain names into vhosts served by ejabberd.

For example, ejabberd is serving the vhost redacted.lan , but you configured DNS so xmpp.redacted.lan resolves to that host. If you configure in ejabberd:

hosts:
  - redacted.lan

hosts_alias:
  xmpp.redacted.lan: redacted.lan

listen:
  -
    port: 443
    ip: "::"
    tls: true
    module: ejabberd_http
    request_handlers:
      "/bosh": mod_bosh
      "/ws": ejabberd_http_ws
      "/conversejs": mod_conversejs

modules:
  mod_bosh:
  mod_conversejs:
    bosh_service_url: "https://xmpp.redacted.lan/bosh"
    websocket_url: "wss://xmpp.redacted.lan/ws"

then ejabberd_http will accept https://xmpp.redacted.lan/conversejs and deliver it to vhost redacted.lan

In previous ejabberd releases, an option called default_host was documented for the ejabberd_http listener, but it didn&apost work at all correctly.

New predefined keywords

A few months ago, ejabberd 25.03 introduced new predefined keywords like HOST , HOME , VERSION and SEMVER .

And now two more predefined keywords are added:

CONFIG_PATH : Path to the configuration directory, for example "/home/ejabberd/opt/ejabberd/conf"
LOG_PATH : Path to the log directory, for example "/home/ejabberd/opt/ejabberd/logs"

Those keywords are specially useful when configuring mod_antispam : you can copy text files to the configuration directory where the module will read them, and also configure the module to write the dump file on the log directory.

Link to Converse in WebAdmin

mod_conversejs has a new tiny improvement: it adds a link in the WebAdmin menu to the local Converse instance.

Additionally, when HTTPS with encryption is enabled, that link logins directly with the account used in WebAdmin.

Updates in source code formatting

A year ago, ejabberd 24.06 introduced make format and make indent .

Now that script uses Perl to work correctly in Mac OS too.

And there&aposs a new section in the documentation, see Format that describes how to use that feature, and tips for Git hooks and Git alias.

New target `test-group`

ejabberd includes a Common Test suite with 1456 test cases, which typically takes around 10 minutes to run.

When developing new source code, you may want to run only tests from a specific group and a specific storage backend, as documented in the ejabberd testing documentation :

CT_BACKENDS=mnesia rebar3 ct --suite=test/ejabberd_SUITE --group=antispam_single

To facilitate this usage, a new target is available:

CT_BACKENDS=mnesia make test-antispam_single

Acknowledgments

We would like to thank the contributions to the source code, documentation, and translation provided for this release by:

Stefan Strigler and Holger Weiß for mod_antispam and the original mod_spam_filter
Stefan Strigler for mod_pubsub_serverinfo and test-group target
Bruno MATEU for the missing comma in postgres schema
GiannosOB updated the Greek translation
Tamil Neram updated the Tamil translation
Максим Горпиніч updated the Ukrainian translation

And also to all the people contributing in the ejabberd chatroom, issue tracker...

Improvements in ejabberd Business Edition

Customers of the ejabberd Business Edition , in addition to all those improvements and bugfixes, also get the following changes.

Monitoring

The following new metrics has been added to mod_mon :

message_receive_packet : number of message stanzas of any type received by the server on c2s connections
message_send_packet : number of message stanzas of any type send by the server on c2s connections
iq_receive_packet : number of IQ stanzas received by the server on c2s connections
iq_send_packet : number of IQ stanzas send by the server on c2s connections
iq_get_receive_packet : number of IQ stanzas of type get received by the server on c2s connections
iq_set_receive_packet : number of IQ stanzas of type set received by the server on c2s connections
iq_result_receive_packet : number of IQ stanzas of type result received by the server on c2s connections
iq_error_receive_packet : number of IQ stanzas of type error received by the server on c2s connections
iq_get_send_packet : number of IQ stanzas of type get send by the server on c2s connections
iq_set_send_packet : number of IQ stanzas of type set send by the server on c2s connections
iq_result_send_packet : number of IQ stanzas of type result send by the server on c2s connections
iq_error_send_packet : number of IQ stanzas of type error send by the server on c2s connections

The metrics c2s_receive & c2s_send now count all stanzas on c2s connections.

The cpu_usage probe now gives more reliable values.

Prometheus support has been improved.

A new mod_mon_dump command has been added to dump probe values to help debug the monitoring setup.r

Mobile push

It is now possible to use rest_proxy* options to use a HTTP proxy for mod_applepush & mod_gcm outgoing calls.

ChangeLog

This is a more complete list of changes in this ejabberd release:

Security fix

ext_mod : Add temporary workaround for zip including absolute path

Compilation

Raise the minimum Elixir tested version to 1.14.0 ( #4281 )
Raise Erlang/OTP minimum requirement to 25.0 ( #4281 )
configure.ac : Allow to specify minimal erlang version using --with-min-erlang
Makefile.in : Add target test-<group>
rebar3-format.sh : Replace csplit with perl
Container: Bump Erlang/OTP 27.3.4.1, Elixir 1.18.4
Installers: Bump Erlang/OTP 27.3.4.1, Elixir 1.18.4, libexpat 2.7.1, OpenSSL 3.5.1

Configuration and Tests

Add rest_proxy* options to configure proxy used by rest module
ejabberd_c2s : Add auth_password_types_hidden_in_scram1 option
ejabberd_http : Remove unused default_host option and state element
ejabberd_http : New option hosts_alias and function resolve_host_alias/1 ( #4400 )
New predefined keywords: CONFIG_PATH and LOG_PATH
Fix macro used in string options when defined in env var
Use auxiliary function to get $HOME , use Mnesia directory when not set ( #4402 )
ejabberd_config : Better lists:uniq substitute
Tests: update readme and compose to work with current sw versions
Update Elvis to 4.1.1, fix some warnings and enable their tests

Erlang/OTP 28 support

Add workaround in p1_acme for Jose 1.11.10 not supporting OTP 28 ecPrivkeyVer1 ( #4393 )
Bump fast_xml and xmpp for improved Erlang/OTP 28 support
Bump xmpp and p1_acme patched with Erlang/OTP 28 support
Fix make options in Erlang/OTP 28 ( #4352 )
Fix crash in rebar3 cover with Erlang/OTP 28 ( #4353 )
Rebar/Rebar3: Update binaries to work with Erlang/OTP 25-28 ( #4354 )
CI and Runtime: Add Erlang/OTP 28 to the versions matrix

SQL

Fix mnesia to sql exporter after changes to auth tables
Update code for switching to new schema type to users table changes
Add mssql specific implementation of delete_old_mam_messages
Make delete_old_mam_messages_batch work with sqlite
ejabberd_sm_sql : Use misc:encode_pid/1
mysql.sql : Fix typo in commit 7862c6a when creating users table
pg.sql : Fix missing comma in postgres schema ( #4409 )

Core and Modules

ejabberd_s2s_in : Allow S2S connections to accept client certificates that have only server purpose ( #4392 )
ext_mod : Recommend to write README.md instead txt (processone/ejabberd-contrib#363)
ext_mod : Support library path installed from Debian (processone/ejabberd-contrib#363)
ext_mod : When upgrading module, clean also the compiled directories
gen_mod : Add support to prepare module stopping before actually stopping any module
mod_antispam : Imported from ejabberd-contrib and improved ( #4373 )
mod_auth_fast : Clear tokens on kick, change pass and unregister ( #4397 )( #4398 )( #4399 )
mod_conversejs : Add link in WebAdmin to local Converse if configured
mod_mam : Present mam full text search in xep-431 compatible way
mod_mam_mnesia : Handle objects that don&apost need conversion in transform/0
mod_matrix_gw : Don&apost send empty messages in Matrix rooms ( #4385 )
mod_matrix_gw : Support older Matrix rooms versions starting from version 4
mod_matrix_gw : When encoding JSON, handle term that is key-value list ( #4379 )
mod_matrix_gw_s2s : Fix key validation in check_signature
mod_mix and mod_muc_rtbl : Support list of IDs in pubsub-items-retract (processone/xmpp#100)
mod_pubsub_serverinfo : Imported module from ejabberd-contrib ( #4408 )
mod_register : Normalize username when determining if user want to change pass
mod_register : Strip query data when returning errors
WebAdmin: New hooks webadmin_menu_system to add items to system menu

Full Changelog

https://github.com/processone/ejabberd/compare/25.04...25.07

ejabberd 25.07 download & feedback

As usual, the release is tagged in the Git source code repository on GitHub .

The source package and installers are available in ejabberd Downloads page. To check the *.asc signature files, see How to verify ProcessOne downloads integrity .

For convenience, there are alternative download locations like the ejabberd DEB/RPM Packages Repository and the GitHub Release / Tags .

The ecs container image is available in docker.io/ejabberd/ecs and ghcr.io/processone/ecs . The alternative ejabberd container image is available in ghcr.io/processone/ejabberd .

If you consider that you&aposve found a bug, please search or fill a bug report on GitHub Issues .

Pl chevron_right

The XMPP Standards Foundation: The XMPP Newsletter June 2025

news.movim.eu / PlanetJabber • 5 July 2025 • 7 minutes

XMPP Newsletter Banner

Welcome to the XMPP Newsletter, great to have you here again! This issue covers the month of June 2025.

Like this newsletter, many projects and their efforts in the XMPP community are a result of people’s voluntary work. If you are happy with the services and software you may be using, please consider saying thanks or help these projects! Interested in supporting the Newsletter team? Read more at the bottom .

XSF Announcements

XSF Membership

If you are interested in joining the XMPP Standards Foundation as a member, please apply before August 17th, 2025 00:00 UTC .

XMPP Events

DebConf25 : The 26th Debian Conference in Brest, France, from July 14th to 19th 2025, will feature:
- Federated instant messaging, 100% debianized by Elena Grandi . A short talk (20 minutes) that will take place at the Grand amphi room on Monday, July 14th at 18:00 hours.
- Jabber/XMPP BoF session , hosted by Martin . A BoF (Birds of a Feather) meeting (45 minutes) that will take place at ‘Room: B03-035’ on monday July 14th at 14:00 hours.
XMPP Italian happy hour [IT]: monthly Italian XMPP web meeting, every third Monday of the month at 7:00 PM UTC+2 (online event, with web meeting mode and live streaming).

Videos

Comunicación Libre, Segura y Descentralizada: Taller abierto de XMPP by Gnuxero for the Club de Software Libre . [ES]

XMPP Articles

Introducción a XMPP - Capítulo 1 by Jacobo Da Riva Muñoz . [ES]
Introducción a XMPP - Capítulo 2 - OMEMO by Jacobo Da Riva Muñoz . [ES]
Introducción a XMPP - Capítulo 3 - Grupos by Jacobo Da Riva Muñoz . [ES]
Mensajería segura y abierta mediante CONVERSATIONS Xmpp on alt43.es . [ES]
Recuperando a soberania e a privacidade da sua comunicação pessoal e corporativa by Isadora Ribeiro . [PT_BR]
Mitigating MITMs in XMPP by Amolith for the JMP Blog .
Setting up Slidge Gateway with Openfire for use with Whatsapp, Matrix and Telegram by surfbum for the Ignite Realtime Community .
Per-application passwords in Tigase from the Tigase Posts .
Join the XMPP-IT Community: Your Help Matters! The XMPP-IT community is launching a call for active collaboration — no need to be an expert, and it’s not paid work, just shared participation. From translations to testing software, writing wiki content or contributing code, there’s room for everyone. [IT]

XMPP Software News

XMPP Clients and Applications

Cheogram has released version 2.17.10-2 for Android.
Converse.js has released version 11.0.1 of its open-source and web-based XMPP chat client. The desktop version can be downloaded from here . Make sure to check out the release link for all the details!
Gajim has released version 2.3.0 ( 2.3.1 and 2.3.2 ) with a fresh new look featuring Adwaita , adding new features, improvements, quite a few changes and bug fixes. Head over to their news section for more information. And don’t forget to read the changelog for all the details!

Gajim’s 2.3.0 sleek fresh new look featuring Adwaita

Libervia has received NLnet funding to ‘Implement serverless (with RELOAD) and reduce metadata exposure’ ( Serverless and Metadata Reduction for XMPP ). This project will reduce metadata exposure and enable decentralized, serverless communication. Work will focus on end-to-end encryption specs for roster (contact list) information. These changes will be implemented in the Libervia ecosystem through Tor integration, which will help anonymize connections and reduce IP tracking. A second focus area is advancing serverless communication by implementing the RELOAD protocol XEP-0415 and leveraging end-to-end authentication via XEP-0416 and XEP-0417 . This project will strengthen XMPP and Libervia’s privacy and availability, enabling their use in environments where servers may be unavailable or inaccessible.
Monocles has released versions 2.0.8 , 2.0.9 , 2.0.10 and 2.0.11 of its chat client for Android, featuring many new functions and fixes.
Prose has released versions 0.10.2 and 0.11.0 of its web frontend prose-web-app .

XMPP Servers

The Ignite Realtime community is thrilled to announce the release of the latest versions of their popular open-source XMPP server. Openfire 5.0.0 just came out, immediately followed by Openfire 5.0.1 which should be its drop-in replacement. The new releases come packed with a host of new features, improvements, and bug fixes that enhance its performance, security, and usability. You can download Openfire 5.0.1 straight from the website and read the documentation to get started. Don’t forget to check out the changelog for a list of all the changes that have been made!
MongooseIM has released version 6.4.0 of its Enterprise Instant Messaging Solution. This release brings new features, changes, various fixes and improvements. For more information, make sure to check out the changelog and the documentation .

XMPP Libraries & Tools

go-xmpp versions 0.2.15 and 0.2.16 have been released.
peertube-plugin-livechat versions 13.0.0 and 14.0.0 have been released.

Extensions and specifications

The XMPP Standards Foundation develops extensions to XMPP in its XEP series in addition to XMPP RFCs . Developers and other standards experts from around the world collaborate on these extensions, developing new specifications for emerging practices, and refining existing ways of doing things. Proposed by anybody, the particularly successful ones end up as Final or Active - depending on their type - while others are carefully archived as Deferred. This life cycle is described in XEP-0001 , which contains the formal and canonical definitions for the types, states, and processes. Read more about the standards process . Communication around Standards and Extensions happens in the Standards Mailing List ( online archive ).

Proposed

The XEP development process starts by writing up an idea and submitting it to the XMPP Editor . Within two weeks, the Council decides whether to accept this proposal as an Experimental XEP.

Data Policy
- This document specifies metadata on how an entity handles its data (encryption, data retention, etc).
Data Forms File Input Element
- This specification defines an element which can be used with data forms to let users upload one or more files.

New

No New XEPs this month.

Deferred

If an experimental XEP is not updated for more than twelve months, it will be moved off Experimental to Deferred. If there is another update, it will put the XEP back onto Experimental.

No XEPs deferred this month.

Updated

Version 0.1.4 of XEP-0284 (Shared XML Editing)
- Fix the registrar section.
- Format the glossary better.
- Add missing <state/> wrappers in examples.
- Write an XML Schema. (egp)
Version 0.9.0 of XEP-0384 (OMEMO Encryption)
- Device labels must be signed
- Allow empty device list in XML schema
- Reworded security consideration that could be interpreted as forbidding trust mechanisms like BTBV/TOFU
- Added section about dealing with lack of presence subscription
- Removed reference to omemo-session-healing (th)
Version 1.0.3 of XEP-0388 (Extensible SASL Profile)
- Add missing minOccurs=‘0’ to additional-data in <continue/> in XML schema. (lnj)
Version 0.1.1 of XEP-0485 (PubSub Server Information)
- Fixed references to XEP identifier. (gdk)
Version 0.1.1 of XEP-0498 (Pubsub File Sharing)
- Fix wrong shortname and add tags. (jp)

Last Call

Last calls are issued once everyone seems satisfied with the current XEP status. After the Council decides whether the XEP seems ready, the XMPP Editor issues a Last Call for comments. The feedback gathered during the Last Call can help improve the XEP before returning it to the Council for advancement to Stable.

No Last Call this month.

Stable

No XEPs moved to Stable this month.

Deprecated

No XEPs deprecated this month.

Rejected

No XEPs rejected this month.

Spread the news

Please share the news on other networks:

Subscribe to the monthly XMPP newsletter

Subscribe

Also check out our RSS Feed !

Looking for job offers or want to hire a professional consultant for your XMPP project? Visit our XMPP job board .

Newsletter Contributors & Translations

This is a community effort, and we would like to thank translators for their contributions. Volunteers and more languages are welcome! Translations of the XMPP Newsletter will be released here (with some delay):

English (original): xmpp.org
- General contributors: Adrien Bourmault (neox), Alexander “PapaTutuWawa”, Arne, Badri Sunderarajan, Benson Muite, cal0pteryx, emus, Federico, Gonzalo Raúl Nemmi, Jonas Stein, Kris “poVoq”, Licaon_Kter, Ludovic Bocquet, Mario Sabatino, melvo, MSavoritias (fae,ve), nicola, Schimon Zachary, Simone Canaletti, singpolyma, XSF iTeam
French: jabberfr.org and linuxfr.org
- Translators: Adrien Bourmault (neox), alkino, anubis, Arkem, Benoît Sibaud, mathieui, nyco, Pierre Jarillon, Ppjet6, Ysabeau
German: xmpp.org
- Translators: Millesimus
Italian: notes.nicfab.eu
- Translators: nicola
Portuguese: xmpp.org
- Translators: Paulo
Spanish: xmpp.org
- Translators: Gonzalo Raúl Nemmi

Help us to build the newsletter

This XMPP Newsletter is produced collaboratively by the XMPP community. Each month’s newsletter issue is drafted in this simple pad . At the end of each month, the pad’s content is merged into the XSF GitHub repository . We are always happy to welcome contributors. Do not hesitate to join the discussion in our Comm-Team group chat (MUC) and thereby help us sustain this as a community effort. You have a project and want to spread the news? Please consider sharing your news or events here, and promote it to a large audience.

Tasks we do on a regular basis:

gathering news in the XMPP universe
short summaries of news and events
summary of the monthly communication on extensions (XEPs)
review of the newsletter draft
preparation of media images
translations
communication via media accounts

XSF Fiscal Hosting Projects

The XSF offers fiscal hosting for XMPP projects. Please apply via Open Collective . For more information, see the announcement blog post . Current projects you can support:

Unsubscribe from the XMPP Newsletter

To unsubscribe from this list, please log in first . If you have not previously logged in, you may need to set up an account with the appropriate email address.

License

This newsletter is published under CC BY-SA license .

Pl chevron_right

The XMPP Standards Foundation: The XMPP Newsletter June 2025

news.movim.eu / PlanetJabber • 5 July 2025 • 7 minutes

XMPP Newsletter Banner

Welcome to the XMPP Newsletter, great to have you here again! This issue covers the month of June 2025.

Like this newsletter, many projects and their efforts in the XMPP community are a result of people’s voluntary work. If you are happy with the services and software you may be using, please consider saying thanks or help these projects! Interested in supporting the Newsletter team? Read more at the bottom .

XSF Announcements

XSF Membership

If you are interested in joining the XMPP Standards Foundation as a member, please apply before August 17th, 2025 00:00 UTC .

XMPP Events

DebConf25 : The 26th Debian Conference in Brest, France, from July 14th to 19th 2025, will feature:
- Federated instant messaging, 100% debianized by Elena Grandi . A short talk (20 minutes) that will take place at the Grand amphi room on Monday, July 14th at 18:00 hours.
- Jabber/XMPP BoF session , hosted by Martin . A BoF (Birds of a Feather) meeting (45 minutes) that will take place at ‘Room: B03-035’ on monday July 14th at 14:00 hours.
XMPP Italian happy hour [IT]: monthly Italian XMPP web meeting, every third Monday of the month at 7:00 PM UTC+2 (online event, with web meeting mode and live streaming).

Videos

Comunicación Libre, Segura y Descentralizada: Taller abierto de XMPP by Gnuxero for the Club de Software Libre . [ES]

XMPP Articles

Introducción a XMPP - Capítulo 1 by Jacobo Da Riva Muñoz . [ES]
Introducción a XMPP - Capítulo 2 - OMEMO by Jacobo Da Riva Muñoz . [ES]
Introducción a XMPP - Capítulo 3 - Grupos by Jacobo Da Riva Muñoz . [ES]
Mensajería segura y abierta mediante CONVERSATIONS Xmpp on alt43.es . [ES]
Recuperando a soberania e a privacidade da sua comunicação pessoal e corporativa by Isadora Ribeiro . [PT_BR]
Mitigating MITMs in XMPP by Amolith for the JMP Blog .
Setting up Slidge Gateway with Openfire for use with Whatsapp, Matrix and Telegram by surfbum for the Ignite Realtime Community .
Per-application passwords in Tigase from the Tigase Posts .
Join the XMPP-IT Community: Your Help Matters! The XMPP-IT community is launching a call for active collaboration — no need to be an expert, and it’s not paid work, just shared participation. From translations to testing software, writing wiki content or contributing code, there’s room for everyone. [IT]

XMPP Software News

XMPP Clients and Applications

Cheogram has released version 2.17.10-2 for Android.
Converse.js has released version 11.0.1 of its open-source and web-based XMPP chat client. The desktop version can be downloaded from here . Make sure to check out the release link for all the details!
Gajim has released version 2.3.0 ( 2.3.1 and 2.3.2 ) with a fresh new look featuring Adwaita , adding new features, improvements, quite a few changes and bug fixes. Head over to their news section for more information. And don’t forget to read the changelog for all the details!

Gajim’s 2.3.0 sleek fresh new look featuring Adwaita

Libervia has received NLnet funding to ‘Implement serverless (with RELOAD) and reduce metadata exposure’ ( Serverless and Metadata Reduction for XMPP ). This project will reduce metadata exposure and enable decentralized, serverless communication. Work will focus on end-to-end encryption specs for roster (contact list) information. These changes will be implemented in the Libervia ecosystem through Tor integration, which will help anonymize connections and reduce IP tracking. A second focus area is advancing serverless communication by implementing the RELOAD protocol XEP-0415 and leveraging end-to-end authentication via XEP-0416 and XEP-0417 . This project will strengthen XMPP and Libervia’s privacy and availability, enabling their use in environments where servers may be unavailable or inaccessible.
Monocles has released versions 2.0.8 , 2.0.9 , 2.0.10 and 2.0.11 of its chat client for Android, featuring many new functions and fixes.
Prose has released versions 0.10.2 and 0.11.0 of its web frontend prose-web-app .

XMPP Servers

The Ignite Realtime community is thrilled to announce the release of the latest versions of their popular open-source XMPP server. Openfire 5.0.0 just came out, immediately followed by Openfire 5.0.1 which should be its drop-in replacement. The new releases come packed with a host of new features, improvements, and bug fixes that enhance its performance, security, and usability. You can download Openfire 5.0.1 straight from the website and read the documentation to get started. Don’t forget to check out the changelog for a list of all the changes that have been made!
MongooseIM has released version 6.4.0 of its Enterprise Instant Messaging Solution. This release brings new features, changes, various fixes and improvements. For more information, make sure to check out the changelog and the documentation .

XMPP Libraries & Tools

go-xmpp versions 0.2.15 and 0.2.16 have been released.
peertube-plugin-livechat versions 13.0.0 and 14.0.0 have been released.

Extensions and specifications

The XMPP Standards Foundation develops extensions to XMPP in its XEP series in addition to XMPP RFCs . Developers and other standards experts from around the world collaborate on these extensions, developing new specifications for emerging practices, and refining existing ways of doing things. Proposed by anybody, the particularly successful ones end up as Final or Active - depending on their type - while others are carefully archived as Deferred. This life cycle is described in XEP-0001 , which contains the formal and canonical definitions for the types, states, and processes. Read more about the standards process . Communication around Standards and Extensions happens in the Standards Mailing List ( online archive ).

Proposed

The XEP development process starts by writing up an idea and submitting it to the XMPP Editor . Within two weeks, the Council decides whether to accept this proposal as an Experimental XEP.

Data Policy
- This document specifies metadata on how an entity handles its data (encryption, data retention, etc).
Data Forms File Input Element
- This specification defines an element which can be used with data forms to let users upload one or more files.

New

No New XEPs this month.

Deferred

If an experimental XEP is not updated for more than twelve months, it will be moved off Experimental to Deferred. If there is another update, it will put the XEP back onto Experimental.

No XEPs deferred this month.

Updated

Version 0.1.4 of XEP-0284 (Shared XML Editing)
- Fix the registrar section.
- Format the glossary better.
- Add missing <state/> wrappers in examples.
- Write an XML Schema. (egp)
Version 0.9.0 of XEP-0384 (OMEMO Encryption)
- Device labels must be signed
- Allow empty device list in XML schema
- Reworded security consideration that could be interpreted as forbidding trust mechanisms like BTBV/TOFU
- Added section about dealing with lack of presence subscription
- Removed reference to omemo-session-healing (th)
Version 1.0.3 of XEP-0388 (Extensible SASL Profile)
- Add missing minOccurs=‘0’ to additional-data in <continue/> in XML schema. (lnj)
Version 0.1.1 of XEP-0485 (PubSub Server Information)
- Fixed references to XEP identifier. (gdk)
Version 0.1.1 of XEP-0498 (Pubsub File Sharing)
- Fix wrong shortname and add tags. (jp)

Last Call

Last calls are issued once everyone seems satisfied with the current XEP status. After the Council decides whether the XEP seems ready, the XMPP Editor issues a Last Call for comments. The feedback gathered during the Last Call can help improve the XEP before returning it to the Council for advancement to Stable.

No Last Call this month.

Stable

No XEPs moved to Stable this month.

Deprecated

No XEPs deprecated this month.

Rejected

No XEPs rejected this month.

Spread the news

Please share the news on other networks:

Subscribe to the monthly XMPP newsletter

Subscribe

Also check out our RSS Feed !

Looking for job offers or want to hire a professional consultant for your XMPP project? Visit our XMPP job board .

Newsletter Contributors & Translations

This is a community effort, and we would like to thank translators for their contributions. Volunteers and more languages are welcome! Translations of the XMPP Newsletter will be released here (with some delay):

English (original): xmpp.org
- General contributors: Adrien Bourmault (neox), Alexander “PapaTutuWawa”, Arne, Badri Sunderarajan, Benson Muite, cal0pteryx, emus, Federico, Gonzalo Raúl Nemmi, Jonas Stein, Kris “poVoq”, Licaon_Kter, Ludovic Bocquet, Mario Sabatino, melvo, MSavoritias (fae,ve), nicola, Schimon Zachary, Simone Canaletti, singpolyma, XSF iTeam
French: jabberfr.org and linuxfr.org
- Translators: Adrien Bourmault (neox), alkino, anubis, Arkem, Benoît Sibaud, mathieui, nyco, Pierre Jarillon, Ppjet6, Ysabeau
German: xmpp.org
- Translators: Millesimus
Italian: notes.nicfab.eu
- Translators: nicola
Portuguese: xmpp.org
- Translators: Paulo
Spanish: xmpp.org
- Translators: Gonzalo Raúl Nemmi

Help us to build the newsletter

This XMPP Newsletter is produced collaboratively by the XMPP community. Each month’s newsletter issue is drafted in this simple pad . At the end of each month, the pad’s content is merged into the XSF GitHub repository . We are always happy to welcome contributors. Do not hesitate to join the discussion in our Comm-Team group chat (MUC) and thereby help us sustain this as a community effort. You have a project and want to spread the news? Please consider sharing your news or events here, and promote it to a large audience.

Tasks we do on a regular basis:

gathering news in the XMPP universe
short summaries of news and events
summary of the monthly communication on extensions (XEPs)
review of the newsletter draft
preparation of media images
translations
communication via media accounts

XSF Fiscal Hosting Projects

The XSF offers fiscal hosting for XMPP projects. Please apply via Open Collective . For more information, see the announcement blog post . Current projects you can support:

Unsubscribe from the XMPP Newsletter

To unsubscribe from this list, please log in first . If you have not previously logged in, you may need to set up an account with the appropriate email address.

License

This newsletter is published under CC BY-SA license .

Pl chevron_right

The XMPP Standards Foundation: The XMPP Newsletter June 2025

news.movim.eu / PlanetJabber • 5 July 2025 • 7 minutes

XMPP Newsletter Banner

Welcome to the XMPP Newsletter, great to have you here again! This issue covers the month of June 2025.

Like this newsletter, many projects and their efforts in the XMPP community are a result of people’s voluntary work. If you are happy with the services and software you may be using, please consider saying thanks or help these projects! Interested in supporting the Newsletter team? Read more at the bottom .

XSF Announcements

XSF Membership

If you are interested in joining the XMPP Standards Foundation as a member, please apply before August 17th, 2025 00:00 UTC .

XMPP Events

DebConf25 : The 26th Debian Conference in Brest, France, from July 14th to 19th 2025, will feature:
- Federated instant messaging, 100% debianized by Elena Grandi . A short talk (20 minutes) that will take place at the Grand amphi room on Monday, July 14th at 18:00 hours.
- Jabber/XMPP BoF session , hosted by Martin . A BoF (Birds of a Feather) meeting (45 minutes) that will take place at ‘Room: B03-035’ on monday July 14th at 14:00 hours.
XMPP Italian happy hour [IT]: monthly Italian XMPP web meeting, every third Monday of the month at 7:00 PM UTC+2 (online event, with web meeting mode and live streaming).

Videos

Comunicación Libre, Segura y Descentralizada: Taller abierto de XMPP by Gnuxero for the Club de Software Libre . [ES]

XMPP Articles

Introducción a XMPP - Capítulo 1 by Jacobo Da Riva Muñoz . [ES]
Introducción a XMPP - Capítulo 2 - OMEMO by Jacobo Da Riva Muñoz . [ES]
Introducción a XMPP - Capítulo 3 - Grupos by Jacobo Da Riva Muñoz . [ES]
Mensajería segura y abierta mediante CONVERSATIONS Xmpp on alt43.es . [ES]
Recuperando a soberania e a privacidade da sua comunicação pessoal e corporativa by Isadora Ribeiro . [PT_BR]
Mitigating MITMs in XMPP by Amolith for the JMP Blog .
Setting up Slidge Gateway with Openfire for use with Whatsapp, Matrix and Telegram by surfbum for the Ignite Realtime Community .
Per-application passwords in Tigase from the Tigase Posts .
Join the XMPP-IT Community: Your Help Matters! The XMPP-IT community is launching a call for active collaboration — no need to be an expert, and it’s not paid work, just shared participation. From translations to testing software, writing wiki content or contributing code, there’s room for everyone. [IT]

XMPP Software News

XMPP Clients and Applications

Cheogram has released version 2.17.10-2 for Android.
Converse.js has released version 11.0.1 of its open-source and web-based XMPP chat client. The desktop version can be downloaded from here . Make sure to check out the release link for all the details!
Gajim has released version 2.3.0 ( 2.3.1 and 2.3.2 ) with a fresh new look featuring Adwaita , adding new features, improvements, quite a few changes and bug fixes. Head over to their news section for more information. And don’t forget to read the changelog for all the details!

Gajim’s 2.3.0 sleek fresh new look featuring Adwaita

Libervia has received NLnet funding to ‘Implement serverless (with RELOAD) and reduce metadata exposure’ ( Serverless and Metadata Reduction for XMPP ). This project will reduce metadata exposure and enable decentralized, serverless communication. Work will focus on end-to-end encryption specs for roster (contact list) information. These changes will be implemented in the Libervia ecosystem through Tor integration, which will help anonymize connections and reduce IP tracking. A second focus area is advancing serverless communication by implementing the RELOAD protocol XEP-0415 and leveraging end-to-end authentication via XEP-0416 and XEP-0417 . This project will strengthen XMPP and Libervia’s privacy and availability, enabling their use in environments where servers may be unavailable or inaccessible.
Monocles has released versions 2.0.8 , 2.0.9 , 2.0.10 and 2.0.11 of its chat client for Android, featuring many new functions and fixes.
Prose has released versions 0.10.2 and 0.11.0 of its web frontend prose-web-app .

XMPP Servers

The Ignite Realtime community is thrilled to announce the release of the latest versions of their popular open-source XMPP server. Openfire 5.0.0 just came out, immediately followed by Openfire 5.0.1 which should be its drop-in replacement. The new releases come packed with a host of new features, improvements, and bug fixes that enhance its performance, security, and usability. You can download Openfire 5.0.1 straight from the website and read the documentation to get started. Don’t forget to check out the changelog for a list of all the changes that have been made!
MongooseIM has released version 6.4.0 of its Enterprise Instant Messaging Solution. This release brings new features, changes, various fixes and improvements. For more information, make sure to check out the changelog and the documentation .

XMPP Libraries & Tools

go-xmpp versions 0.2.15 and 0.2.16 have been released.
peertube-plugin-livechat versions 13.0.0 and 14.0.0 have been released.

Extensions and specifications

The XMPP Standards Foundation develops extensions to XMPP in its XEP series in addition to XMPP RFCs . Developers and other standards experts from around the world collaborate on these extensions, developing new specifications for emerging practices, and refining existing ways of doing things. Proposed by anybody, the particularly successful ones end up as Final or Active - depending on their type - while others are carefully archived as Deferred. This life cycle is described in XEP-0001 , which contains the formal and canonical definitions for the types, states, and processes. Read more about the standards process . Communication around Standards and Extensions happens in the Standards Mailing List ( online archive ).

Proposed

The XEP development process starts by writing up an idea and submitting it to the XMPP Editor . Within two weeks, the Council decides whether to accept this proposal as an Experimental XEP.

Data Policy
- This document specifies metadata on how an entity handles its data (encryption, data retention, etc).
Data Forms File Input Element
- This specification defines an element which can be used with data forms to let users upload one or more files.

New

No New XEPs this month.

Deferred

If an experimental XEP is not updated for more than twelve months, it will be moved off Experimental to Deferred. If there is another update, it will put the XEP back onto Experimental.

No XEPs deferred this month.

Updated

Version 0.1.4 of XEP-0284 (Shared XML Editing)
- Fix the registrar section.
- Format the glossary better.
- Add missing <state/> wrappers in examples.
- Write an XML Schema. (egp)
Version 0.9.0 of XEP-0384 (OMEMO Encryption)
- Device labels must be signed
- Allow empty device list in XML schema
- Reworded security consideration that could be interpreted as forbidding trust mechanisms like BTBV/TOFU
- Added section about dealing with lack of presence subscription
- Removed reference to omemo-session-healing (th)
Version 1.0.3 of XEP-0388 (Extensible SASL Profile)
- Add missing minOccurs=‘0’ to additional-data in <continue/> in XML schema. (lnj)
Version 0.1.1 of XEP-0485 (PubSub Server Information)
- Fixed references to XEP identifier. (gdk)
Version 0.1.1 of XEP-0498 (Pubsub File Sharing)
- Fix wrong shortname and add tags. (jp)

Last Call

Last calls are issued once everyone seems satisfied with the current XEP status. After the Council decides whether the XEP seems ready, the XMPP Editor issues a Last Call for comments. The feedback gathered during the Last Call can help improve the XEP before returning it to the Council for advancement to Stable.

No Last Call this month.

Stable

No XEPs moved to Stable this month.

Deprecated

No XEPs deprecated this month.

Rejected

No XEPs rejected this month.

Spread the news

Please share the news on other networks:

Subscribe to the monthly XMPP newsletter

Subscribe

Also check out our RSS Feed !

Looking for job offers or want to hire a professional consultant for your XMPP project? Visit our XMPP job board .

Newsletter Contributors & Translations

This is a community effort, and we would like to thank translators for their contributions. Volunteers and more languages are welcome! Translations of the XMPP Newsletter will be released here (with some delay):

English (original): xmpp.org
- General contributors: Adrien Bourmault (neox), Alexander “PapaTutuWawa”, Arne, Badri Sunderarajan, Benson Muite, cal0pteryx, emus, Federico, Gonzalo Raúl Nemmi, Jonas Stein, Kris “poVoq”, Licaon_Kter, Ludovic Bocquet, Mario Sabatino, melvo, MSavoritias (fae,ve), nicola, Schimon Zachary, Simone Canaletti, singpolyma, XSF iTeam
French: jabberfr.org and linuxfr.org
- Translators: Adrien Bourmault (neox), alkino, anubis, Arkem, Benoît Sibaud, mathieui, nyco, Pierre Jarillon, Ppjet6, Ysabeau
German: xmpp.org
- Translators: Millesimus
Italian: notes.nicfab.eu
- Translators: nicola
Portuguese: xmpp.org
- Translators: Paulo
Spanish: xmpp.org
- Translators: Gonzalo Raúl Nemmi

Help us to build the newsletter

This XMPP Newsletter is produced collaboratively by the XMPP community. Each month’s newsletter issue is drafted in this simple pad . At the end of each month, the pad’s content is merged into the XSF GitHub repository . We are always happy to welcome contributors. Do not hesitate to join the discussion in our Comm-Team group chat (MUC) and thereby help us sustain this as a community effort. You have a project and want to spread the news? Please consider sharing your news or events here, and promote it to a large audience.

Tasks we do on a regular basis:

gathering news in the XMPP universe
short summaries of news and events
summary of the monthly communication on extensions (XEPs)
review of the newsletter draft
preparation of media images
translations
communication via media accounts

XSF Fiscal Hosting Projects

The XSF offers fiscal hosting for XMPP projects. Please apply via Open Collective . For more information, see the announcement blog post . Current projects you can support:

Unsubscribe from the XMPP Newsletter

To unsubscribe from this list, please log in first . If you have not previously logged in, you may need to set up an account with the appropriate email address.

License

This newsletter is published under CC BY-SA license .

Pl chevron_right

Ignite Realtime Blog: WebRTC based audio and video in Openfire 2025

news.movim.eu / PlanetJabber • 4 July 2025 • 1 minute

In January 2007 , Ignite Realtime released the red5 plugin for Openfire which added the flash based open source Red5 media server as a plugin to Openfire (Wildfire). A year later , we added red5Phone, the first open source SIP based soft phone in a web browser.

Eighteen years later, WebRTC is now well established as the leading standard for audio and video conferencing and all that leading edge pioneer work here at Ignite evolved into Pàdé the web client, it’s supporting Openfire plugin and other plugins and clients supporting other audio and video use cases beyond meetings.

XMPP is now back in fashion and Openfire has always been a choice XMPP solution because it has the X factor. It is eXperienced, eXtensible, fleXible, eXperimental and eXciting and allowing use to easily integrate it with a wider diversity of signalling and media protocols and services.

However, the new attraction for XMPP is the push for open standards and messaging interoperability. Consequently, being able to also provide media (audio and video) interoperability in XMPP through Openfire will become one of the things we choose to focus on at Ignite going forward with audio and video communications. As previously hinted , we are moving forward with simplified, easy to maintain open standards that make media interoperability possible.

For now, that will be Online Meetings for audio and video conferencing services that have a web front end UI like Jitsi, Galene and BroadcastBox. For deeper integration into XMPP, that will be the Media Streams which is the XMPP wrapper to WHIP and WHEP.

In practice, it means development will stop on the Pade plugin for Openfire and all Jitsi based development and integration will only continue with Openfire Meetings plugin (ofmeet) which will become XEP 483 compliant. The Galene plugin for Openfire will also become XEP 483 compliant and both plugins can serve the new Online Meetings plugin for in ConverseJS web client .

The Openfire plugin called Ohun for audio conferencing is deprecated and a new plugin called OrinAyo which supports both music streaming and audio conferencing is in development and will become available very soon.

For other release announcements and news follow us on Mastodon or X

2 posts - 2 participants

Read full topic

Pl chevron_right

Ignite Realtime Blog: WebRTC based audio and video in Openfire 2025

news.movim.eu / PlanetJabber • 4 July 2025 • 1 minute