ngIRCd - Next Generation IRC Server
http://ngircd.barton.de/
- (c)2001-2012 Alexander Barton and Contributors.
+ (c)2001-2013 Alexander Barton and Contributors.
ngIRCd is free software and published under the
terms of the GNU General Public License.
-- NEWS --
-ngIRCd
+ngIRCd 20.3 (2013-08-23)
+
+ - This release is a bugfix release only, without new features.
+ - Security: Fix a denial of service bug (server crash) which could happen
+ when the configuration option "NoticeAuth" is enabled (which is NOT the
+ default) and ngIRCd failed to send the "notice auth" messages to new
+ clients connecting to the server (CVE-2013-5580).
+
+ngIRCd 20.2 (2013-02-15)
+
+ - This release is a bugfix release only, without new features.
+ - Security: Fix a denial of service bug in the function handling KICK
+ commands that could be used by arbitrary users to to crash the daemon
+ (CVE-2013-1747).
+
+ngIRCd 20.1 (2013-01-02)
+
+ - This release is a bugfix release only, without new features.
+
+ngIRCd 20 (2012-12-17)
+
+ - Allow user names ("INDENT") up to 20 characters when ngIRCd has not
+ been configured for "strict RFC mode". This is useful if you are using
+ external (PAM) authenticaion mechanisms that require longer user names.
+ Patch suggested by Brett Smith <brett@w3.org>, see
+ <http://arthur.barton.de/pipermail/ngircd-ml/2012-October/000579.html>.
ngIRCd 20~rc2 (2012-12-02)
- Rework cloaked hostname handling and implement the "METADATA cloakhost"