# News
-This is charybdis 3.5.0, Copyright (c) 2005-2016 Charybdis team.
+This is solanum 1.0-dev.
See LICENSE for licensing details (GPL v2).
+## solanum-1.0
+
+Includes changes from charybdis-4.1.3-dev.
+
+**This release includes breaking changes from charybdis 4.x.** Please pay close attention to
+bolded warnings in the full release notes below.
+
+### build
+- Add `--with-asan` to configure to produce an ASan instrumented build
+
+### server protocol
+- OPER is now propagated globally, as :operator OPER opername privset
+
+### user
+- **Breaking:** invite-notify is now enabled by loading the invite-notify extension
+- Prioritise older, more important client capabilities for clients that can only accept
+ one line of CAP LS
+- Add the solanum.chat/realhost vendor capability (provided by extensions/cap\_realhost)
+- Add the solanum.chat/identify-msg vendor capability (provided by extensions/identify\_msg)
+- Server-side aliases preserve protocol framing characters
+- Add the +G user mode for soft callerid (implicitly allow users with a common channel)
+- /invite no longer punches through callerid
+- invite-notify now works
+- Rejectcached users are now sent the reason of the ban that caused their reject in most cases
+- Rejectcache entries expire when their corresponding K-lines do
+- One-argument /stats and zero-argument /motd are no longer ratelimited
+- Channel bans don't see through IP spoofs
+- Global /names now respects userhost-in-names
+- The `$j` extban is no longer usable inside ban exceptions
+- TLSv1 connections are accepted. They can still be disabled using OpenSSL config if you don't
+ want them. TLSv1 existing is not thought to be a threat to up-to-date clients.
+
+### oper
+- **Breaking:** Kick immunity for override is now its own extension, override\_kick\_immunity
+- **Breaking:** /stats A output now follows the same format as other stats letters
+- **Breaking:** helpops now uses +h instead of +H
+- **Breaking:** sno\_whois and the spy\_ extensions have been removed
+- Opers now have their privset (identified by name) on remote servers
+- Oper-only umodes are refreshed after rehash and /grant
+- Extension modules can be reloaded
+- Override no longer spams about being enabled/disabled. It continues to spam on each use.
+- Add /testkline, which has the same syntax as /testline but doesn't check if the mask is ilined
+- /privs is now remote-capable and can respond with more than one line
+- Most commands now respect oper hiding
+- Massnotice (notice/privmsg to $$.../$#...) now alerts opers
+- Massnotice no longer imposes any restrictions on the target mask
+- /kline and /dline are hardened to invalid inputs
+- K/D-lines are more consistent about checking for encoded ipv4-in-ipv6 addresses
+- Add extensions/drain to reject new connections
+- Add extensions/filter to filter messages, parts and quits with a Hyperscan database
+- Add extensions/sasl\_usercloak to interpolate SASL account names into I-line spoofs
+
+### conf
+- **Breaking:** Completely overhaul oper privs. All privset configs will need to be rewritten.
+ See reference.conf for details.
+- Add the `kline_spoof_ip` I-line flag to make any spoof opaque to K-line matching
+- Add general::hide\_tkline\_duration to remove durations from user-visible ban reasons
+- Add general::hide\_opers, which behaves as if all opers have oper:hidden
+- Add general::post\_registration\_delay
+- Add general::tls\_ciphers\_oper\_only to hide TLS cipher details in /whois
+- Add channel::opmod\_send\_statusmsg to send messages allowed by +z to @#channel
+- Add class::max\_autoconn, with the behaviour of class::max\_number for servers prior to
+ charybdis 4
+- Add `secure {}` blocks. Networks listed in a secure block gain +Z and can match `need_ssl` I-
+ and O-lines.
+- Remove general::kline\_delay
+- If m\_webirc is loaded, connections that try to use a webirc auth block as their I-line will
+ be disconnected on registration
+
+### misc
+- **Breaking:** WEBIRC now processes the "secure" option as specified by IRCv3. Web gateways that
+ do not set this option will need to be updated or their connections will show as insecure.
+- Successfully changing IP with WEBIRC now drops an identd username
+
+### code
+- Channel lists are now kept sorted. A for-loop macro, `ITER_COMM_CHANNELS`, is introduced to
+ efficiently compare two such lists.
+
+
+## charybdis-4.1.2
+
+### user
+- src/s\_user.c: don't corrupt usermodes on module unload/reload
+
+## charybdis-4.1.1
+
+### security
+- Fix an issue with the PASS command and duplicate server instances.
+
+### misc
+- Fix connection hang with blacklist/opm when ident is disabled.
+- Improve SASL CAP notification when the services server disconnects.
+- MbedTLS: Support ChaCha20-Poly1305 in default cipher suites.
+
+## charybdis-4.1
+
+### misc
+- SCTP is now supported for server connections (and optionally, user connections)
+
+## charybdis-4.0.1
+
+### server protocol
+- SJOIN messages were being constructed in a 1024 byte buffer and truncated to 512 bytes
+ when sending. This caused channels with more than 50 users to fail to propagate all of
+ them during a net join.
+
+## charybdis-4.0
+
+### build
+- Build system has been converted to libtool + automake for sanity reasons.
+- The compile date is now set at configure time rather than build time, allowing for
+ reproducible builds. (#148, #149)
+- Support for GNUTLS 3.4 has been added.
+
+### user
+- Import the ability to exceed MAXCHANNELS from ircd-seven.
+- Implement IRCv3.2 enhanced capability negotiation (`CAP LS 302`).
+- Implement support for receiving and sending IRCv3 message tags.
+- Implement IRCv3.2 capabilities: (#141)
+ - account-tag
+ - echo-message
+ - invite-notify
+ - sasl
+ - server-time
+- SASL: certificate fingerprints are now always sent to the SASL agent, allowing for
+ the certificate to be used as a second authentication factor.
+
+### oper
+- Merge several features from ircd-seven:
+ - Implement support for remote DIE/RESTART.
+ - Implement support for remote MODLOAD et al commands.
+ - Add the GRANT command which allows for temporarily opering a client.
+ - Implement the hidden oper-only channel modes framework.
+ - Implement a channel mode that disallows kicking IRC operators (+M).
+- Enhance the oper override system, allowing more flexibility and detail
+ in network-wide notices.
+- DNS, ident, and blacklist lookups have been moved to a dedicated daemon known
+ as authd. Some cosmetic changes to blacklist statistics and rejection notices
+ have resulted.
+- An experimental OPM scanner has been added to authd. Plaintext SOCKS4,
+ SOCKS5, and HTTP CONNECT proxies can be checked for.
+- The LOCOPS command has been moved from core to an extension.
+- All core modules in charybdis have descriptions, which are shown in MODLIST.
+- Suffixes should not be used when doing /MODLOAD, /MODUNLOAD, /MODRELOAD, etc.
+
+### misc
+- Support for WebSocket has been added, use the listen::wsock option to switch
+ a listener into websocket mode.
+
+### conf
+- Add the ability to strip color codes from topics unconditionally.
+- The obsolete hub option from server info has been removed.
+
+### docs
+- The documentation has been cleaned up; obsolete files have been purged, and
+ files have been renamed and shuffled around to be more consistent.
+
+### code
+- `common.h` is gone. Everything useful in it was moved to `ircd_defs.h`.
+- `config.h` is gone; the few remaining knobs in it were not for configuration
+ by mere mortals, and mostly existed as a 2.8 relic. Most of the knobs live in
+ `defaults.h`, but one is well-advised to stay away unless they know exactly
+ what they are doing.
+- A new module API has been introduced, known as AV2. It includes things such as
+ module datecodes (to ensure modules don't fall out of sync with the code),
+ module descriptions, and other fun things.
+- Alias and module commands are now in m_alias and m_modules, respectively, and
+ can be reloaded if need be. For sanity reasons, m_modules is a core module,
+ and cannot be unloaded.
+- irc_dictionary and irc_radixtree related functions are now in librb, and
+ prefixed accordingly. Typedefs have been added for consistency with existing
+ data structures. For example, now you would write `rb_dictionary *foo` and
+ `RB_DICTIONARY_FOREACH`.
+- C99 bools are now included and used in the code. Don't use ints as simple true
+ or false flags anymore. In accordance with this change, the `YES`/`NO` and
+ `TRUE`/`FALSE` macros have been removed.
+- Return types from command handlers have been axed, as they have been useless
+ for years.
+- libratbox has been renamed to librb, as we have diverged from upstream long
+ ago.
+- Almost all 2.8-style hashtable structures have been moved to dictionaries or
+ radix trees, resulting in significant memory savings.
+- The block allocator has been disabled and is no longer used.
+- The ratbox client capabilities have been ported to use the ircd capabilities
+ framework, allowing for modules to provide capabilities.
+- Support for restarting ssld has been added. ssld processes which are still
+ servicing clients will remain in use, but not service new connections, and
+ are garbage collected when they are no longer servicing connections.
+- Support for ratbox-style 'iodebug' hooks has been removed.
+- New channel types may be added by modules, see `extensions/chantype_dummy.c`
+ for a very simple example.
+
## charybdis-3.5.0
### server protocol
- $& combines 1 or more child extbans as an AND expression
- $| combines 1 or more child extbans as an OR expression
- $m provides normal hostmask matching as an extban for the above
+- Do not allow STARTTLS if a connection is already using TLS.
+- Display an operator's privilege set in WHOIS.
+- The $o extban now matches against privilege set names as well as individual
+ privileges. Privilege set names are preferred over individual privileges.
### oper
- Fix a crash with /testline.
- Add DNSBL snotes on snomask +r.
### config
-
+- Add hide_uncommon_channels extension to hide uncommon channel memberships in WHOIS,
+ like in ircd-seven.
- Add chm_nonotice extension, cmode +T to reject notices.
- Add restrict-unauthenticated extension, prevents unauthenticated users from
doing anything as channel operator.
## charybdis-1.0
- Implement channel mode +L for channel list limit exemptions.
-- Implement channel mode +P primarily as a status mode, permanant
+- Implement channel mode +P primarily as a status mode, permanant
channel -- this is usually enforced via services registrations.
- Change behaviour of /stats p: now displays all staff members instead
of local ones only.