The 7.2 branch is only going to receive security fixes now. For new features, please consider upgrading to 7.3; see its NEWS.md file first.

Changes since v7.2.11:

• Minor improvements to the build system
• Don't try to write the database if we couldn't open it
• Keep track of pending entity ID for SASL login

This release addresses an SASL security issue when used with InspIRCd 3.0+ servers. If you use Atheme IRC Services with such a server, you MUST upgrade.

This same security issue also affects version 7.1 of services, which is no longer receiving security updates or support; if you are using version 7.1 of services with such a server, you MUST upgrade.

NOTE: Please DO NOT use the "Source code" links below; an atheme-services-v7.2.12.tar.xz file has been attached for download instead.

The 7.2 branch is only going to receive security fixes now. For new features, please consider upgrading to 7.3; see its NEWS.md file first.

Changes since v7.2.10:

• Support building contrib modules on most non-Linux Operating Systems
• Add a preliminary Turkish translation
• Add HMAC-MD5 verify-only support to crypto/pbkdf2v2
• atheme.conf.example: document needoper not being inherited
• modules/chanserv/akick: fix unload crash with akicks that have timeouts
• modules/nickserv/register: check e-mail address validity earlier in the process
• modules/nickserv/multimark: use IRC case canonicalisation for restored nicks
• modules/nickserv/multimark: forbid unloading due to the potential for data loss
• CA_ constants: include CA_EXEMPT (+e) where appropriate
• libathemecore/conf.c: fix minor memory leak with hide_xop

NOTE: Please DO NOT use the "Source code" links below; an atheme-services-v7.2.11.tar.xz file has been attached for download instead.

NOTE: Please DO NOT use the "Source code" links below; an atheme-v7.2.10-r2.tar.xz file has been attached for download instead.

NOTE: This is likely to be the last v7.2 release, unless a bug is discovered that requires fixing.

Changes since v7.2.9:

• Bugfixes and better logic in verify_password()
• Fix potential NULL dereference in modules/crypto/posix
• Backport some modules/crypto/pbkdf2v2 improvements from master
• Backport modules/crypto/argon2d from master
• Backport Base-64 codec from master
• Backport some build/configuration system improvements from master
• Bump E-Mail address maximum length to 254 characters
• Use flags setter information in modules/chanserv/access & modules/chanserv/flags
• Fix issue where modules/misc/httpd wasn't closing its listening socket on deinit
• Fix GroupServ data loss issue when a group was the founder of another group

This is a security release fixing use after free that could potentially be abused
by an attacker already having the privilege to use SASL impersonation to cause a
denial of service. Users of 7.2.8 should update to version 7.2.9; older releases
are not affected.

This is a security release closing a memory leak that could be exploited by attackers to potentially cause a denial of service. Release 7.2.7 is affected; older releases are unaffected. See #539 for technical information.