Release Highlights:
This release includes the support for Hydra rooms in our Matrix gateway, which fixes high severity protocol vulnerabilities.
If you are upgrading from a previous version, there are no changes in SQL schemas, configuration, API commands or hooks.
Other contents:
Below is a detailed breakdown of the improvements and enhancements:
Improvements in Matrix gateway
The ejabberd
Matrix gateway
now supports
Hydra rooms
(Matrix room version 12). This fix some
high severity protocol vulnerabilities
. The state resolution has been partially rewritten in our gateway.
A double colon is used for separating a matrix server from a room ID in JID with Hydra rooms.
Other changes to the matrix gateway:
-
The new option
notary_servers
of
mod_matrix_gw
can now be used to set a list of notary servers.
-
Add
leave_timeout
option to
mod_matrix_gw
(#4386)
-
Don&apost send empty direct Matrix messages (thanks to snoopcatt) (#4420)
Fixed ACME in Erlang/OTP 28.0.2
The
ejabberd 25.07 release notes
mentioned that Erlang/OTP 28.0.1 was not yet fully supported because there was a problem with ACME support.
Good news! this problem with ACME is fixed and tested to work when using Erlang/OTP 28.0.2, the latest
p1_acme
library, and ejabberd 25.08.
If you are playing with ejabberd and Erlang/OTP 28, please report any problem you find. If you are running ejabberd in production, better stick with Erlang/OTP 27.3, this is the one used in installers and container images.
New mod_providers to serve XMPP Providers file
mod_providers
is a new module to serve easily
XMPP Providers
files.
The standard way to perform this task is to first
generate the Provider File
, store in the disk with the proper name, and then serve the file using an HTTP server or
mod_http_fileserver
. And repeat this for each vhost.
Now this can be replaced with mod_providers, which automatically sets some values according to your configuration. Try configuring ejabberd like:
listen:
-
port: 443
module: ejabberd_http
tls: true
request_handlers:
/.well-known/xmpp-provider-v2.json: mod_providers
modules:
mod_providers: {}
Check the URL
https://localhost:443/.well-known/xmpp-provider-v2.json
, and finetune it by setting a few
mod_providers
options.
Improved Unicode support in configuration
When using non-latin characters in a vhost served by ejabberd, you can write it in the configuration file as unicode, or using the IDNA/punycode. For example:
hosts:
- localhost1
- locälhost2
- xn--loclhost4-x2a
- 日本語
host_config:
"locälhost2":
modules:
mod_disco: {}
mod_muc:
host: "conference3.@HOST@"
"xn--loclhost4-x2a":
modules:
mod_disco: {}
mod_muc:
host: "conference4.@HOST@"
This raises a problem in
mod_http_upload
if the option
put_url
contains the
@HOST@
keyword. In that case, please use the new
predefined keyword
HOST_URL_ENCODE
.
This change was also applied to
ejabberd.yml.example
.
New option conversejs_plugins to enable OMEMO
mod_conversejs
gets a new option
conversejs_plugins
that points to additional local files to include as scripts in the homepage.
Right now this is useful to enable
OMEMO encryption
.
Please make sure those files are available in the path specified in
conversejs_resources
option, in subdirectory
plugins/
. For example, copy a file to path
/home/ejabberd/conversejs-x.y.z/package/dist/plugins/libsignal-protocol.min.js
and then configure like:
modules:
mod_conversejs:
conversejs_resources: "/home/ejabberd/conversejs-x.y.z/package/dist"
conversejs_plugins: ["libsignal-protocol.min.js"]
If you are using the public Converse client, then you can set
\"libsignal\"
, which gets replaced with the URL of the public library. For example:
modules:
mod_conversejs:
conversejs_plugins: ["libsignal"]
websocket_url: "ws://@HOST@:5280/websocket"
Easier erlang node name change with mnesia_change
ejabberd uses by default the distributed Mnesia database. Being distributed, Mnesia enforces consistency of its file, so it stores the Erlang node name, which may include the hostname of the computer.
When the erlang node name changes (which may happen when changing the computer name, or moving ejabberd to another computer), then mnesia refused to start with an error message like this:
2025-08-21 11:06:31.831594+02:00 [critical]
Erlang node name mismatch:
I&aposm running in node [ejabberd2@localhost],
but the mnesia database is owned by [ejabberd@localhost]
2025-08-21 11:06:31.831782+02:00 [critical]
Either set ERLANG_NODE in ejabberdctl.cfg
or change node name in Mnesia
To change the computer hostname in the mnesia database, it was required to follow a
tutorial with 10 steps
that starts ejabberd a pair of times and runs the
mnesia_change_nodename
API command.
Well, now all this tutorial is implemented in one single command for the
ejabberdctl
command line script. When mnesia refuses to start due to an erlang node name change, it mentions that new solution:
$ echo "ERLANG_NODE=ejabberd2@localhost" >>_build/relive/conf/ejabberdctl.cfg
$ ejabberdctl live
2025-08-21 11:06:31.831594+02:00 [critical]
Erlang node name mismatch:
I&aposm running in node [ejabberd2@localhost],
but the mnesia database is owned by [ejabberd@localhost]
2025-08-21 11:06:31.831782+02:00 [critical]
Either set ERLANG_NODE in ejabberdctl.cfg
or change node name in Mnesia by running:
ejabberdctl mnesia_change ejabberd@localhost
Let&aposs use the new command to change the erlang node name stored in the mnesia database:
$ ejabberdctl mnesia_change ejabberd@localhost
==> This changes your mnesia database from node name &aposejabberd@localhost&apos to &aposejabberd2@localhost&apos
...
==> Finished, now you can start ejabberd normally
Great! Now ejabberd can start correctly:
$ ejabberdctl live
...
2025-08-21 11:18:52.154718+02:00 [info]
ejabberd 25.07.51 is started in the node ejabberd2@localhost in 1.77s
Notice that the command
mnesia_change
must start and stop ejabberd a pair of times. For that reason, it cannot be implemented as an
API command
. Instead, it is implemented as an
ejabberdctl command
directly in the
ejabberdctl
command line script.
Colorized interactive log
When ejabberd starts with an erlang shell using Mix, it prints error lines in a remarkable color: orange for warnings and red for errors. This helps to detect those lines when reading the log interactively.
Now this is also supported when using Rebar3. To test it, start ejabberd either:
-
ejabberdctl live
: to start interactive mode with erlang shell
-
ejabberdctl foreground
: to start in server mode with attached log output
You will see log lines colorized with:
-
green+white for informative log messages
-
grey for debug
-
yellow for warnings
-
red for errors
-
magenta for messages coming from other Erlang libraries (xmpp, OTP library), not ejabberd itself
Document API Tags in modules
Many
ejabberd modules
implement their own
API commands
, and now the documentation of those modules mention which tags contain their commands.
See for example at the end of modules
mod_muc_admin
,
mod_private
or
mod_antispam
.
Unfortunately, many early API commands were implemented in
mod_admin_extra
, which includes commands related to account management, vcard, roster, private, ... and consequently those are not mentioned in their corresponding modules documentation.
Acknowledgments
We would like to thank the contributions to the source code provided for this release by:
-
mod_matrix_gw: Don&apost send empty direct Matrix messages (thanks to snoopcatt) (#4420)
-
Holger Weiß
for improvements in the installers, HTTP file upload and mod_register
-
marc0s
for the improvement in MUC
And also to all the people contributing in the ejabberd chatroom, issue tracker...
Improvements in ejabberd Business Edition
Customers of the
ejabberd Business Edition
, in addition to all those improvements and bugfixes, also get the following changes:
New module
mod_dedup
This module removes duplicates of read receipts sent by concurrent sessions of single user, this will prevent both delivery and storage in archive of duplicates.
Limits in
mod_unread
queries
Queries issued to
mod_unread
can now declare maximum number and age of returned results. This can also be tweaked with new options of that module.
ChangeLog
This is a more complete list of changes in this ejabberd release:
API Commands
-
ban_account
: Run
sm_kick_user
event when kicking account (
#4415
)
-
ban_account
: No need to change password (
#4415
)
-
mnesia_change
: New command in
ejabberdctl
script that helps changing the mnesia node name
Configuration
-
Rename
auth_password_types_hidden_in_scram1
option to
auth_password_types_hidden_in_sasl1
-
econf
: If a host in configuration is encoded IDNA, decode it (
#3519
)
-
ejabberd_config
: New predefined keyword
HOST_URL_ENCODE
-
ejabberd.yml.example
: Use
HOST_URL_ENCODE
to handle case when vhost is non-latin1
-
mod_conversejs
: Add option
conversejs_plugins
(
#4413
)
-
mod_matrix_gw
: Add
leave_timeout
option (
#4386
)
Documentation and Tests
-
COMPILE.md
: Mention dependencies and add link to Docs (
#4431
)
-
ejabberd_doc
: Document commands tags for modules
-
CI: bump XMPP-Interop-Testing/xmpp-interop-tests-action (
#4425
)
-
Runtime: Raise the minimum Erlang tested to Erlang/OTP 24
Installers and Container
-
Bump Erlang/OTP version to 27.3.4.2
-
Bump OpenSSL version to 3.5.2
-
make-binaries
: Disable Linux-PAM&aposs
logind
support
Core and Modules
-
Bump
p1_acme
to fix
&aposAttributePKCS-10&apos
and OTP 28 (
processone/p1_acme#4
)
-
Prevent loops in
xml_compress:decode
with corrupted data
-
ejabberd_auth_mnesia
: Fix issue with filtering duplicates in
get_users()
-
ejabberd_listener
: Add secret in temporary unix domain socket path (
#4422
)
-
ejabberd_listener
: Log error when cannot set definitive unix socket (
#4422
)
-
ejabberd_listener
: Try to create provisional socket in final directory (
#4422
)
-
ejabberd_logger
: Print log lines colorized in console when using rebar3
-
mod_conversejs
: Ensure assets_path ends in
/
as required by Converse (
#4414
)
-
mod_conversejs
: Ensure plugins URL is separated with
/
(
#4413
)
-
mod_http_upload
: Encode URLs into IDNA when showing to XMPP client (
#3519
)
-
mod_matrix_gw
: Add support for null values in
is_canonical_json
(
#4421
)
-
mod_matrix_gw
: Don&apost send empty direct Matrix messages (
#4420
)
-
mod_matrix_gw
: Matrix gateway updates
-
mod_muc
: Report db failures when restoring rooms
-
mod_muc
: Unsubscribe users from members-only rooms when expelled (
#4412
)
-
mod_providers
: New module to serve easily XMPP Providers files
-
mod_register
: Don&apost duplicate welcome subject and message
-
mod_scram_upgrade
: Fix format of passwords updates
-
mod_scram_upgrade
: Only offer upgrades to methods that aren&apost already stored
Full Changelog
https://github.com/processone/ejabberd/compare/25.07...25.08
ejabberd 25.08 download & feedback
As usual, the release is tagged in the Git source code repository on
GitHub
.
The source package and installers are available in
ejabberd Downloads
page. To check the
*.asc
signature files, see
How to verify ProcessOne downloads integrity
.
For convenience, there are alternative download locations like the
ejabberd DEB/RPM Packages Repository
and the
GitHub Release / Tags
.
The
ecs
container image is available in
docker.io/ejabberd/ecs
and
ghcr.io/processone/ecs
. The alternative
ejabberd
container image is available in
ghcr.io/processone/ejabberd
.
If you consider that you&aposve found a bug, please search or fill a bug report on
GitHub Issues
.