diff --git a/DIFFERENCES.md b/DIFFERENCES.md index 511561d2..a2231ffa 100644 --- a/DIFFERENCES.md +++ b/DIFFERENCES.md @@ -61,4 +61,7 @@ - Basic validation/checks on user-specified room aliases and custom room ID creations - Warn on unknown config options specified - Add support for preventing certain room alias names and usernames using regex (via upstream MR) and extended to custom room IDs -- Revamp appservice registration to ruma's `Registration` type which fixes various appservice registration issues, including fixing crashing upon no URL specified (via upstream MR) \ No newline at end of file +- Revamp appservice registration to ruma's `Registration` type which fixes various appservice registration issues, including fixing crashing upon no URL specified (via upstream MR) +- URL preview support (via upstream MR) with various improvements +- Increased graceful shutdown timeout from a low 60 seconds to 180 seconds to avoid killing connections and let the remaining ones finish processing, and ask systemd for more time to shutdown if needed to prevent systemd's default [`TimeoutStopSec=`](https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html#TimeoutStopSec=) of 90 seconds from killing conduwuit +- Bumped default max_concurrent_requests to 500 diff --git a/debian/postinst b/debian/postinst index 7f588689..ea52b0ca 100644 --- a/debian/postinst +++ b/debian/postinst @@ -204,16 +204,22 @@ allow_device_name_federation = false # Vector list of domains allowed to send requests to for URL previews. Defaults to none. # Note: this is a *contains* match, not an explicit match. Putting "google.com" will match "https://google.com" and "http://mymaliciousdomainexamplegoogle.com" +# Setting this to "*" will allow all URL previews. Please note that this opens up significant attack surface to your server, you are expected to be aware of the risks by doing so. url_preview_domain_contains_allowlist = [] # Vector list of explicit domains allowed to send requests to for URL previews. Defaults to none. # Note: This is an *explicit* match, not a ccontains match. Putting "google.com" will match "https://google.com", "http://google.com", but not "https://mymaliciousdomainexamplegoogle.com" +# Setting this to "*" will allow all URL previews. Please note that this opens up significant attack surface to your server, you are expected to be aware of the risks by doing so. url_preview_domain_explicit_allowlist = [] # Vector list of URLs allowed to send requests to for URL previews. Defaults to none. -# Note that this is a *contains* match, not an explicit match. Putting "https://google.com" will match "https://google.com/" and "https://google.com/url?q=https://mymaliciousdomainexample.com" +# Note that this is a *contains* match, not an explicit match. Putting "google.com" will match "https://google.com/", "https://google.com/url?q=https://mymaliciousdomainexample.com", and "https://mymaliciousdomainexample.com/hi/google.com" +# Setting this to "*" will allow all URL previews. Please note that this opens up significant attack surface to your server, you are expected to be aware of the risks by doing so. url_preview_url_contains_allowlist = [] +# Maximum amount of bytes allowed in a URL preview body size when spidering. Defaults to 1MB (1_000_000 bytes) +url_preview_max_spider_size = 1_000_000 + ### Misc @@ -278,6 +284,7 @@ enable_lightning_bolt = false # Config option to control local (your server only) presence updates/requests. Defaults to false. # Note that presence on conduwuit is very fast unlike Synapse's. +# If using outgoing presence, this MUST be enabled. #allow_local_presence = false # Config option to control incoming federated presence updates/requests. Defaults to false. @@ -288,6 +295,7 @@ enable_lightning_bolt = false # Config option to control outgoing presence updates/requests. Defaults to false. # This option sends presence updates to other servers, but does not receive any unless `allow_incoming_presence` is true. # Note that presence on conduwuit is very fast unlike Synapse's. +# If using outgoing presence, you MUST enable `allow_local_presence` as well. # # Warning: Outgoing federated presence is not spec compliant due to relying on PDUs and EDUs combined. # Outgoing presence will not be very reliable due to this and any issues with federated outgoing presence are very likely attributed to this issue.