mirror of
https://github.com/ergochat/ergo.git
synced 2025-10-24 11:27:28 +02:00

1. Fix auth bypass in the default configuration with the addition of server.password (the REGISTER command was allowed before connection registration, allowing unauthenticated users to REGISTER and then take advantage of skip-server-password) 2. Caution operators against the use of require-sasl without disabling user-initiated account registration. (Such a configuration is still valid in the case of a public server that requires everyone to register.)