0.7.1:
New features:
- New plugin mod_ucmd: publishes the hub's registered commands as ADC user-command (UCMD) context-menu entries for clients that support the UCM0 extension. Every command available at a user's credential level appears in the client's right-click menu — user-targeting commands (kick, ban, getip, ...) in the user-list menu and the rest in the hub menu — and selecting an entry sends the corresponding +command on the user's behalf.

Plugin API:
- Added a command_foreach() hub callback (and a read-only plugin_command_info view) so plugins can enumerate the registered hub commands available to a given credential level.

0.7.0:
Federation and scaling:
- Hub linking: multiple uhubs can be linked into a single logical hub with a partitioned SID space, a dedicated hub-to-hub link protocol (challenge-response authenticated with a shared secret), and cross-hub routing of chat, private messages, searches, results and connect requests. Links reuse the normal client port and are auto-detected.
- Cluster roster sync: linked hubs exchange their user lists and live join/quit/INF updates so every client sees one unified user list; a netsplit cleanly removes the far side's users.
- Dynamic SID-window leasing and coordinator election, so nodes can join a cluster without a statically assigned node id.
- Linked hubs propagate the topic and cluster-wide bans.
- Master-slave authentication for linked hubs: a slave hub proxies login lookups and password verification to the master, so passwords live in one place (see doc/linking.txt).
- Multi-process mode: with workers=N the hub forks N worker processes that share the client port and run as one logical hub across CPU cores.
- New link/federation options: link_peer, link_secret, node_id, node_count, workers, worker_socket_dir, auth_proxy (see doc/linking.txt).

Performance:
- Broadcast writes are deferred and coalesced: queued messages are flushed once per event-loop iteration and gathered into a single writev()/SSL_write() per connection, collapsing the login/presence storm from ~M*N syscalls toward ~N.
- The DNS resolver now uses a configurable worker-thread pool instead of spawning one thread per lookup.
- The hard per-user send-queue limit scales with the number of connected users.

New features:
- Prometheus metrics endpoint served over the existing port (off by default, bearer-token gated), with message-type counters, per-user gauges and an event-loop processing-time histogram.
- ADC NATT extension (NAT traversal) support.
- Experimental HBRI hybrid IPv4/IPv6 connectivity (issue #79).
- The hub can announce itself to an ADC registration server at startup and advertises a complete adc(s):// URL with port (issue #105), plus the HH/WS/NE/OW hub-info fields for the ADC PING extension.
- Added limit_min_search to reject overly short substring searches (issue #71).
- mod_auth_sqlite: added !regme / !passwd self-service commands (fixes #84).
- Flood control is now a detect-in-core / act-in-plugin event, so plugins can decide how to respond to detected floods.

Security and hardening:
- Removed a debug build flag (DEBUG_SQL) that logged nicknames and plaintext passwords to stdout on every SQLite-backed login.
- Enabled binary-hardening flags (stack protector, FORTIFY, full RELRO/BIND_NOW, non-executable stack, PIE) in both build systems.
- Verify that the privilege drop actually took effect (real/effective ids changed and root cannot be regained) and abort otherwise.
- Reap dead/half-open client connections with tuned TCP keepalive.
- Hardened the TLS server: honour server cipher preference and refuse client-initiated renegotiation; clear the OpenSSL error queue before handshake calls.
- Compare password responses in constant time.
- Refuse to load group- or world-writable plugins.
- uhub-passwd now creates the password database mode 0600.
- Sanitize control characters in log lines to prevent log injection.
- Clamp the !history count, warn when the metrics endpoint runs without TLS, and bound the accumulated -v/-q verbosity.
- Derive the login password challenge from the per-hub secret.
- Give defined behaviour to signed overflow and type punning (-fwrapv, -fno-strict-aliasing).

Portability and bug fixes:
- Fixed non-blocking connect result retrieval on BSD/macOS (getsockopt(SO_ERROR) instead of re-calling connect()), and only report connect failure once all resolved addresses are exhausted.
- Fixed the kqueue backend on the BSDs and macOS, and stopped surfacing spurious "not a socket" errors for pipes on macOS.
- Made the HBRI address regexes portable (fixes BSD/macOS regcomp) and validate string config values against a POSIX regex on load.
- Cap concurrent connections and bounds-check the fd-indexed backend tables.
- Fixed a login send-queue crash and several out-of-memory NULL-dereferences on the login path; added defensive guards to ADC message unescape / named-argument handling.
- Strip the ADC0 support flag for non-TLS client connections, and skip no-op fields in INF updates.
- !broadcast is now sent as a private message from the hub rather than from the sender.
- Applied Debian packaging patches for GNU Hurd and RISC-V.

Build system and tests:
- The Zig build now builds a bundled LibreSSL and SQLite from package dependencies, making it self-contained; adapted to Zig 0.16.
- The autotest driver (autotest/test.c) is generated at build time from the .tcc sources; added test_config and test_auth coverage.
- Removed the god-header "uhub.h" and the dead thirdparty/sqlite submodule; always export compile_commands.json; assorted CMake and compiler-warning cleanups.

0.6.0:
- TLS is now mandatory: the SSL_SUPPORT build option is gone and a TLS library (OpenSSL or LibreSSL) is always required.
- LibreSSL is now a first-class, supported TLS provider alongside OpenSSL.
- Require OpenSSL >= 3.0 or LibreSSL >= 3.4 and modernized the OpenSSL API usage (TLS_method + minimum-protocol-version instead of per-version methods).
- The lowest selectable TLS version is now 1.2; tls_version accepts only "1.2" or "1.3" (TLS 1.0 and 1.1 are no longer offered).
- Added the tls_ciphersuites option to configure the TLS 1.3 cipher suites; tls_ciphersuite continues to govern TLS 1.2 and earlier.
- Removed the long-dead GnuTLS backend and the USE_OPENSSL option.
- Advertise the ADC protocol via TLS ALPN and improve TLS protocol negotiation.
- Fix CPU spikes caused by clients connecting with an incompatible TLS protocol version.
- Report TLS statistics (handshakes, closes and errors) via the !stats command.
- Hardened the ADC message parser against malformed and malicious input: fixed out-of-bounds reads, integer overflows/underflows and negative array indexing reachable before authentication (including issue #85). The parser is now exercised by fuzz targets.
- Fixed a login race (issue #86) that could allow duplicate CID/nick registrations.
- Fixed deny_ip ACL entries being silently ignored at login, and tightened ACL keyword matching to avoid prefix collisions.
- Avoid leaking credentials by zeroing authentication state, and clear supplementary groups when dropping privileges.
- Improved ghost-user detection (issue #72).
- Fixed a crash in the SID allocator when exceeding one million sessions, and made session-id handling more robust.
- Enforce a per-user send-queue cap and disconnect clients that overflow it; handle socket errors from connected clients more gracefully.
- Fixed outbound-connection failover so the hub tries all resolved addresses.
- Fixed numerous out-of-memory, buffer-overflow and integer-overflow bugs across the hub, plugins, DNS resolver and admin tooling, including possible SQL injection in the admin tool.
- mod_chat_is_privileged: notify unprivileged users when chat is denied (issue #65).
- mod_chat_history (sqlite): fixed a buffer overflow when storing long messages.
- Fixed escaping of !broadcast messages (issue #83).
- Improved the ADC stress-test client: password login, status/error reporting, connect and connect-failure callbacks, and safer message parsing.
- Build system modernized: builds as C23, an alternative build.zig is provided, fuzzing support was added, and there is now a Dockerfile.
- Added support for the aarch64 and LoongArch architectures and fixed MinGW cross-compilation.

0.5.1:
- Add support for OpenSSL 1.1.
- Stricter UTF-8 handling, including support for 4-byte UTF-8 characters.
- Added op-bots and unrestricted bots, and taught uhub-passwd to manage bots.
- Added tools to import users from FlexHub and PtokaX (< 0.5.0).
- mod_chat_history (sqlite): fixed truncation of long messages and added VACUUM during cleanup.
- mod_logging: fixed an inverted syslog config check.
- Fixed compilation on systemd > 210.
- Made the config and helper scripts Python 3 compatible.
- Reduced log noise from net_send debug messages and give a clearer error when sqlite3 is missing.
- The test binary is now installed as autotest-bin to avoid name clashes.

0.5.0:
- Use TLS 1.2 and strong ciphers by default, but made this configurable.
- Fix TLS event handling which caused some busy loops
- TLS: Support certificate chains
- Fix bug #211: Better Hublist pinger support by adding the AP flag of the INF message.
- Fix bug #198:  Timers could cause infinite loops
- Sqlite3 is now mandatory
- Added mod_chat_history_sqlite and mod_chat_is_privileged.
- Support for systemd notify and journal logging
- Improved flood control counting to strictly not allow more than the given amount of messages in the configured interval.
- Optimize lookups by CID and nick.
- Added an NMDC and ADC hub redirectors written in Python.
- Fix all Clang compile warnings.
- Install uhub-passwd also.
- Add support for detecting HTTP connections to the hub. Enough to tell browsers to stop calling.
- Compile fixes for OpenBSD, including warnings about strcat.
- Fix crashing autotest due to wrong initialization of the usermanager.
- mod_topic: check argument for NULL
- rename !cleartopic to !resettopic

0.4.1:
- Converted to CMake which replaces Visual Studio project files and GNU makefiles
- Fix issues with SSL causing excessive CPU usage.
- Fix TLS/SSL handshake detection issues
- Fixed crash in mod_chat_only.
- Implemented red-black tree for better performance for certain lookups.
- Better network statistics using the !stats command.
- Improved protocol parsing, especially escape handling.
- Fix cbuffer initialization.
- Install plugins in /usr/lib/uhub, not /var/lib/uhub.
- Improved init scripts and added a upstart script.
- Work-around client security bugs by disallowing UCMD messages from being relayed.
- Added asynchronous DNS resolver.


0.4.0:
- Cleaned up code generator for config file parsing.
- Merge pull request #5 from yorhel/master
- Print error message in case of shutting down due to errors loading plugins.
- Fix Windows file read discrepancy.
- convert_to_sqlite.pl: Update to the latest SQL schema + be more Perlish
- Fix VS2010 project file - missing .c file.
- Merge https://github.com/Tilka/uhub
- use "I64u" instead of PRIu64 on Windows
- remove obsolete settings in uhub.conf
- fix uhub_itoa() and uhub_ulltoa()
- marked plugin callbacks that are not called yet
- add on_change_nick() to struct plugin_funcs
- minimal changes
- Updated init script in Debian package.
- Updated list of man pages in Debian package.
- Added man page for uhub-passwd.
- Merge branch 'master' of https://github.com/Tilka/uhub
- Fix issue with QUI messages being allowed through the hub
- don't show error on SIGTERM in select() backend
- fix dependency of 'install' target
- changed all calls to assert() to uhub_assert()
- Don't strip the U4/U6 port numbers if updated after login.
- Fix compile issue with double typedefs.
- Remove list assertion when removing element that is not in the list. Breaks autotest.
- Cleaned up command handling code, by splitting into multiple files.
- Fix bug #183 - Added proper OpenSSL license exception for the GPL.
- OMG OPTIMIZED
- use dh_prep instead of dh_clean -k
- fix double free
- use "0" instead of "false"
- fix use of uninitialized struct ip_range
- fix random crashes upon !reload
- fix command syntax
- use arg parser in !broadcast
- Fixed tiny memory leak on reload/shutdown.
- Merge https://github.com/Tilka/uhub
- fix multiple optional arguments
- small cleanup
- also clean uhub-passwd
- ignore files generated by dpkg-buildpackage
- automatically clean up plugin commands
- minimal documentation fixes
- update client software link
- update compile howto link
- fix Debian changelog
- Fix bug #158 - Added plugin for setting topic (hub description).
- Command arguments handling + cleanups


0.3.2:
- Fixed bugs in the kqueue network backend (OSX/BSD)
- Rewrote the configuration backend code.
- Added support for escaping characters in the configuration files.
- Updated the !broadcast command to send private messages instead of main chat messages.
- Adding support for redirecting clients to other hubs when they fail to log in.
- Fix some out of memory related crashes.
- Fixed minor memory leaks.


0.3.1:
- Fixed bug where !getip did not work.
- Added flood control configuration options.
- Added configuration options to disallow old/obsolete ADC clients.
- Fixed crash bugs, an freezes.
- SSL/TLS fix for tls_require configuration option.
- Fixed disconnect messages, so that clients can interpret them.
- Fixed bugs where share limits could be circumvented.
- Added support for listening to multiple ports.
- kqueue backend for Mac OS X, and BSD systems.


0.3.0:
- More user commands: ban, broadcast, mute, rules, history, myip, whoip, log
- Experimental SSL support
- Large rewrite of the network stack in order to support SSL.
- Added rule file for defining hub rules.
- Many crash fixes and other important bug fixes.
- Optimizations: O(1) timeout scheduler
- New sid allocation code.
- Added configurable server_listen_backlog (default 50).
- Added init.d scripts for RedHat/CentOS


0.2.8:
- Fix bug #13: getsockname() failure, use sockaddr from accept() instead.
- Fix bug #10: Improve logging, ensure logs are machine readable.
- Fix bug #12: asserts in adc_msg_parse -> enabled strict utf8 parsing.


0.2.7:
- Fixed a nasty crash (bug #11), Thanks Toast for finding it.
- Fix bug #9 - net_get_peer_address() failure on CentOS/Xen configurations.
- Write a log message if an operator reloads the config file.
- Don't print OK or ERROR when using '-s' or '-S' show the configuration.
- Cleanup credential string handling
- Made sure "!help" only display accessible commands.
- Cleanup in-hub command parsing
- Fix a possible crash if multiple INF messages are sent during login.
- Rewrote the mainloop to not use a timer.


0.2.6:
- Better "!uptime" command formatting.
- Better "!stats"; can display peak and current bandwidth usage.
- Added "+myip" command.
- Ensure super users and hub owners also have the operator flag set.
- Bug #1: Disconnecting users due to excessive "send queue".
- Bug #5: Always provide IP-address for all users, not just for active clients.
- Better send queue priorities.
- Dump configuration does not quote integer and boolean settings.
- Sources hosted by GitHub.com, and bug tracker on bugs.extatic.org
- Minor optimizations.


0.2.5-3487:
- Fixed out of memory situations, used when uhub operates on a limited heap.
- Code cleanups, reduced heap memory footprint.
- Fixed bug throwing users out due to exessive send queue when logging into a large hub.
- Added some simple hub commands (!stats, !uptime, !version, !help, etc).


0.2.4-3470:
- Added option chat_is_privileged, which makes chat for privileged users only.
- Started working on hub commands.
- Fixed a double free() related crash / abort.
- Fixed several send() -> EPIPE related crashes.


0.2.3-3429:
- Fixed one crash bug (jump to NULL).
- Fixed IPv6 dual stack issues on Winsock, but needs Vista or later to compile.
- Disable IPv6 if dual stack is not supported (WinXP with IPv6).
- Fixed bind issue for IPv4 addresses.
- Made sure no chat message could have PM context flag, unless set by the hub.
- Ignore empty INF update messages.


0.2.2-3393:
- Fixed a crash related to hub login.
- Added some fixes for older versions of libevent
- Added option to log messages through syslog.
- Added low bandwidth mode for really big hubs.
- Started writing a benchmark tool for the hub.
- Fix bug: reload configuration reset uptime.
- Experimental support for NetBSD 3.1.


0.2.1-3321:
- Added more robust configuration file parsing.
- Use defaults if config file is not found, unless a file is specified.
- Added user class super user (above operator, below admin).
- Added NAT override for clients behind the same NAT as the hub.
- Fixed a bug summarizing shared size and files for the PING extension.
- Fixed bugs related to hub limits.


0.2.0-3293:
- Fixed multiple crash bugs.
- Fully compatible with ADC/1.0.
- Protocol extensions: 'TIGR' and 'PING'
- Added support for configuring min/max share size, slots, concurrent hubs, not very well tested.
- Made all status message strings configurable.
- Various BSD issues fixed. Should perform equally well as Linux.
- Allow ignored configuration options (used when deprecating configuration options).
- Added command line options for checking configuration.
- A windows port is more or less done (MinGW)
- Lots of new auto tests added.


0.1.6-2608:
- Changes required for the ADC/0.14 specification.
- Stability fixes.
- Win32 fixes, it compiles and runs, but not quite ported yet.
- Added CMAKE files, which can be used instead of GNU make.
- Made sure all messages are terminated when created.
- Use length of messages, instead of strlen() to determine them.
- Added more asserts for messages. Spotted a few errors as a result of that.
- Added support for more sophisticated memory allocation debugging.


0.1.5-2462
- Fixed double free (crash).
- Fixed password challenge/response coding error (crash).
- Changes required for the new ADC/0.13 specification.
- Fixed IPv6 netmask matching (banning)
- Added UDP server, needed for auto-configure extension (AUT0)
- Send 'ping' messages periodically if nothing heard from clients.
- Print IP when client disconnects.
- Lots of automatic testcases added, fix many bugs in the process.
- GCC 2.95 compile fixes.


0.1.4-2301:
- uHub now requires and utilizes libevent. This allows for greater code
portability, and less code complexity.
- Various FreeBSD/OpenBSD/NetBSD fixes have been applied.
- Can now log files other than stderr.
- Added several automatic testcases.
- The application should now be much more stable, and never consume much CPU.
- Fixed several small annoying bugs.


0.1.3-2147:
- Changed license to GPL3
- Fixed several crashes
- Major code cleanups
- Refactored event handling
- Log file format change (minor)
- Automatic regression testing of code base (via exotic).
- Memory handling debug infrastructure.


0.1.2-2020:
- Fix infinite loops
- Don't log users leaving unless they are logged in.
- Fix private messages in chat only hubs.
- Operators/admins override chat only hub settings.
- Fix client/server protocol support negotiation handling
- IP banning should now work (IPv6 is not tested yet).


0.1.1-1956:
- Fixed memory leaks in ACL handling
- Prevent unneeded malloc's in command handling when buffers are big enough.
- Code cleanups and more doxygen style comments added.
- Fixed crashes and infinite loops
- FreeBSD compile fixes
- Timestamp log messages.
- Log network/bandwidth statistics


0.1.0-1840:
- First public release

