Build 2026-06-20

This release contains the following new features:

• Functions with string-valued arguments have been refactored to more easily access values from string-like arguments.

• New chat admin command availble: block Endpoint to block endpoints in the login auditor, via the Chat Admin interface.

This release also contains the following fixes:

• Improved error messages when requesting accounts or API keys
• Markdown table result for LegalId chat admin command has been fixed.
• Generic masking of passwords in XMPP sniffers to avoid leaking sensitive information.
• Correct encoding of case-insensitive strings in scalar string functions in script.

peter@waher.se
6/20/2026, 11:35:44 PM

Build 2026-06-19

This release contains the following fix:

• A recent update protecting XMPP HTTP uploads broke secondary backup uploads. This has been fixed.

peter@waher.se
6/19/2026, 12:28:12 PM

Build 2026-06-18

This release contains the following important fix:

• The administrative portal Login page has been updated, and now checks the from query parameter for two things: Length, and that it is a valid HTTP(S) URI to a local resource. All other URIs will return an error, and the endpoints will be flagged in the Login Auditor, and may result in temporary and permanent blocks.

peter@waher.se
6/18/2026, 1:49:44 PM6/18/2026, 1:50:32 PM

Build 2026-06-16

This release contains the following new features:

• JSON-RPC web services have been refactored, to support a declarative approach using attributes.

  • Support for Server-Sent events in JSON-RPC web services

  • Special Arguments (of Type HttpRequest, HttpResponse) supported in JSON-RPC methods.

  • Support for default parameter values, permitting parameter names to be omitted in JSON-RPC calls.

This release also contains the following fixes:

• XMPP HTTP File upload has received multiple fixes:

  • The Content-Type provided when requesting an upload slot, and performing the HTTP PUT is checked to ensure they are the same.

  • Uploaded content is checked they can be decoded, if a content decoder is available for the Content-Type. Invalid content will be rejected.

peter@waher.se
6/16/2026, 11:52:27 PM

Build 2026-06-11

This release contains the following new features:

• White-lists for peer reviews can be created, where the operator can list JIDs and/or Legal IDs that are allowed to perform peer review.

  • A new environment variable exists for configuring peer review white-lists: BROKER_REVIEW_WHITELIST

• Access to local content without using loopback interface using the static LocalContent class is now possible. This makes internal transfers of content more efficient.

• HttpFileUploadClient now has a PrepareFileUpload method allowing the client to tell the server the purpose of a file upload, before the upload is requested. This allows the server to assign resources accordingly. Available purposes are: Temporary, Backup, Encrypted, PubSub, InternalTransfer.

  • NOTE: 3rd party applications should call HttpFileUploadClient.PrepareFileUpload before any call to HttpFileUploadClient.RequestUploadSlotAsync.

• Identity and Contract attachments hare now more securely and more efficiently managed. The are uploaded using Purpose.InternalTransfer. This makes uploads not accessible via GET. The file also gets immediately deleted when added as an attachment.

  • NOTE: 3rd parties should use ContractsClient.UploadLegalIdAttachmentAsync instead of uploading attachment separately followed by ContractsClient.AddLegalIdAttachmentAsync.

This release also contains the following fixes:

• SessionVariables implements IDisposable to dispose internal SemaphoreSlim.

• Peer-review configuration now permits zero required photos for peer review.

peter@waher.se
6/11/2026, 10:38:16 PM