MongooseIM

Communication & Email

A robust, scalable XMPP server platform for large‑scale instant messaging deployments

Track releases GitHub Website

Erlang Latest 6.7.0 · 21d ago Security brief →

Features

Supports vanilla XMPP, REST API, SSE, WebSockets and BOSH (HTTP long‑polling)
Clusterable across multiple machines for fault tolerance and horizontal scaling
Provides a test suite, metrics, load‑testing platform and monitoring server

Recent releases

View all 4 releases →

No immediate action

6.7.0 Breaking risk 21d

mod_jingle_sip removal + mod_muc_log deprecation

Open

6.6.0 Breaking risk 2mo

Breaking changes

Removed deprecated REST API (replaced by GraphQL)
Removed support for MS SQL database

Notable features

`mod_external_filter` module to filter messages via external GraphQL queries
`mod_blocklist` module allowing admins to block/unblock users
New GraphQL queries exposing host types, modules, services configuration and `allDomains`/`listUsers` pagination

Full changelog

Highlights

mod_external_filter allows MongooseIM to filter messages by sending GraphQL queries to an external service.
mod_blocklist allows administrators to block and unblock selected users.
New GraphQL queries provide insight into host types, modules, and services configuration.
Added support for XEP-0359, XEP-0431, and XEP-0440.
Refreshed audio-video capabilities.
Improved event pushing to external services like RabbitMQ and Redis.
Removed the deprecated REST API and support for the MS SQL database.

Added

GraphQL: allDomains query, listUsers pagination, host types with their configuration, all-stanzas subscription (#4597, #4606, #4607, #4618, #4656)
Prometheus support in anonymized Google Analytics (#4609)
Event pushing: auto-unarchive broadcast and dynamic domains support in mod_event_pusher (#4610, #4629)
Official support for full-text search (XEP-0431) (#4627)
SASL Channel-Binding Type Capability (XEP-0440) (#4631)
Stable stanza IDs (XEP-0359) (#4633)
SSLKEYLOGFILE support (#4634)
Blocklist administration module and API expansion (#4645, #4669)
External filter module for message delivery checks (#4651, #4658, #4661)
Additional validation of database configuration (#4659, #4667)
TURN REST API auth support (#4671)

Changed

RabbitMQ worker reconnection/refactor and outgoing pool queue limits (#4591, #4594, #4599)
TLS keyfile validation (#4595)
Redis connection username support (#4616)
Docker image improvements (#4617, #4632)
Reworked configuration for BOSH and WebSocket (#4623)
Enforced user agent for mod_fast_auth_token (#4628)
Audio/video capability refresh (#4640, #4650)
Deprecated mod_jingle_sip (#4660)

Fixed

Privacy blocking IQ should not stop stanzas sent by the server (#4600)
GraphQL API fixes for cets and roster (#4614, #4624)
Avoided noproc error in mongoose_epmd (#4637)
Fixed mongoose certificates (#4647)
Fixed global RabbitMQ pool crash (#4648)

Removed

MS SQL backend (#4603, #4604)
Deprecated REST API (already replaced by GraphQL) (#4635, #4664)

Other

CI/test reliability and coverage improvements (#4593, #4598, #4601, #4602, #4605, #4612, #4615, #4620, #4621, #4622, #4625, #4630, #4646, #4652, #4654, #4655, #4662, #4663, #4670, #4675)
Documentation updates for mod_muc, certificate reloading, and general cleanup (#4596, #4619, #4636, #4653)
Added .elp.toml for easier ELP usage (#4641)
Refactor (#4643, #4673)

Commits, merged PRs and closed issues

Special thanks to our contributors

@niecore for adding cets to GraphQL allowed categories (#4614)

View release on GitHub

6.5.0 Breaking risk 5mo

Breaking changes

Dropped support for Erlang 26 (#4549)
Minimum Erlang version raised to 28

Notable features

XEP-0402 PEP Native Bookmarks
User blocking in groupchat
TLS enabled for Redis connections

Full changelog

Highlights

Enhanced and enriched implementation of mod_event_pusher_rabbit
Enabled TLS support for Redis and RabbitMQ connections
Support for XEP-0402 PEP Native Bookmarks
Support for Erlang 28 and dropped support for Erlang 26
Various enhancements and bug fixes
Refactoring and improvements of tests

Added

XEP-0402 PEP Native Bookmarks (#4545)
Implement support for blocking a user for any groupchat (#4548)
Support Erlang 28 (#4549)
Enable selected rabbit exchanges (#4576)
Enable TLS connections to Redis (#4579)
Support common name prefix/suffix for SASL External (#4580)
Support durable exchanges in mod_event_pusher_rabbit (#4582)
Support TLS in RabbitMQ connection pools (#4583)
Support RabbitMQ virtual hosts (#4585)

Changed

Use cached affiliations in MUC Light API (#4552)
Refactor logging to use c2s_data consistently in log messages (#4561)
Separate certfile and keyfile (#4566)
Deprecate MSSQL backend (#4574)
Skip all messages without body in mod_event_pusher_rabbit (#4577)
Use a hook with handlers in mod_event_pusher (#4578)

Fixed

Fix and update GraphiQL (#4543)
Strip Acc when it is buffered to save memory (#4544)
Fix missing presence unavailable notifications in Stream Management (#4557)
Fix missing stream tag for connection-timeout errors (#4559)
Fix TLS error logs (#4565)
Fix component IsValidFromJid returning non boolean (#4572)
Fix colon escaping in Redis session backend (#4584)
Fix race condition in mod_mam create_user_archive (#4592)

Removed

Drop support for Erlang 26 (#4549)

Other

Update Debian release and minor OTP versions (#4555)
Rework tests for invalid stream opening tag/element (#4556)
Fix documentation of mod_blocking (#4560)
Use the PGDATA directory in docker-setup-postgres (#4563)
Fix heading levels in mod_inbox doc (#4570)
Fix the test runner script (#4573)
Refactor mod_muc_api:create_instant_room/3 (#4575)
Refactor sasl_external_SUITE (#4581)
Enable "Rerun Failed Tests" for Small Tests (#4586)

Commits, merged PRs and closed issues

View release on GitHub

6.4.0 Breaking risk 11mo

Breaking changes

Removed dead `max_fsm_queue` option (#4521)
Removed last mention of unused `EJABBERD_DIR` variable (#4533)

Notable features

Added TLS 1.3 `tls-exporter` channel binding
Added 0‑RTT and channel binding in FAST authentication (mod_fast_auth_token)
Support dynamic domains for components

Full changelog

Highlights

Reworked S2S and component listeners
Added TLS 1.3 tls-exporter channel binding
Added 0-RTT, and channel binding in FAST authentication
Unified connection and TLS handling
Improved XMPP traffic shaper configuration with validation and clearer defaults
Cleanup of legacy modules and updated dependencies
Reworked application startup order (start applications only when needed)
Use system CA certificates if not provided in a file
Various enhancements and bug fixes

Added

Support dynamic domains for components (#4450)
TLS listeners for components (#4453)
TLS 0-RTT to mod_fast_auth_token (#4478)
Channel binding in FAST authentication (#4494)
Option to clear inbox after destroying MUC Light room (#4522)

Changed

Reworked listeners and TLS (#4452, #4509)
- Reworked component connection handling (#4442)
- Changed component listener naming scheme to match XMPP specification (#4451)
- Reworked S2S listeners (#4455)
- Unified listener TLS configuration via fast_tls removal and channel binding (#4458)
- Unified listener handling (#4460)
- Reworked adding dynamic domains to components (#4461)
- Improved consistency of just_tls filters (#4467)
- Reworked S2S incoming connections (#4470, #4513)
- Reworked S2S outgoing connections (#4479)
- System certificates are used if CA certs are not provided in a file (#4493)
- Reorganized S2S configuration options (#4515)
- Improved instrumentation consistency (#4517)
- Simplified and unified XMPP metrics (#4520)
- Minor optimizations and cleanups (#4480, #4512, #4514, #4516)
Increased rate for the default normal shaper (#4540)
Reworked application startup order and FIPS config (#4524, #4528, #4542)