Meet Adam Rack, our new Business Development Manager.

Adam is all about building high-performing teams, driving innovation, and delivering solutions that make a difference.

In our latest chat, he talks about what excites him in this new chapter, his vision for growing our DACH presence, and why sustainability and community matter to him.

A big welcome to the team! Could you share more about your new role at Erlang Solutions?

For me, joining Erlang Solutions as a Business Development Manager means being part of change. What excites me most is that this is not a company standing still. As the market evolves, we are evolving too, moving towards being more solution- and product-driven.

I’m glad to contribute to this journey, learning from experienced leaders while sharing my own perspective. I want to support the team and help make Erlang Solutions a key player in the DACH region.

It has also felt like joining a big family: I was welcomed openly and immediately felt part of a supportive, knowledgeable community. Another aspect that matters to me is sustainability. I believe technology can play a big role here, using efficient architectures that need fewer servers, consume less energy, and still deliver world-class performance.

It’s motivating to know the systems we build aren’t just reliable but also lighter on resources, which I think will be essential in the years ahead.

Have you had any highlights from the job so far?

A highlight was attending ElixirConf US and seeing how central BEAM values are to the global community. Fault tolerance, scalability, concurrency, resilience: these aren’t just abstract concepts; they’re lived experiences for the people building with them. The community reflects those values too: highly collaborative, generous with knowledge, and positive.

What struck me most is how these values translate into mission-critical solutions that keep running for years without intervention. I even heard of a client returning after a decade because their system, untouched for ten years, was only now ready for an update. That kind of longevity proves both the robustness and efficiency of the technology: less waste, fewer rebuilds, and more sustainable impact.

What are you most looking forward to in your new position?

I’m looking forward to being part of the company’s ongoing transformation together with Trifork , building solutions, products, and community in equal measure. It’s inspiring that technology created decades ago is still future-proof and highly relevant in solving today’s challenges. Erlang and Elixir’s ability to deliver resilient, scalable systems with lower infrastructure requirements fits perfectly with the growing importance of sustainability in tech.

That vision, combined with a culture of innovation, makes me confident we’ll continue to play a critical role for our clients. My goal is to help establish Erlang Solutions as a defining player in the DACH region, shaping not just projects but the ecosystem around us.

Outside of work, how do you like to spend your time?

In my free time, I keep things down to earth. Sailing is one of the activities that truly switches me off, even if I didn’t manage to do it as often as I’d like this year. Being out on the water, away from screens, reminds me what balance feels like.

I also enjoy simple routines: cooking at home, walking my dog, or short trips exploring new corners of cities. The more green areas, forests, valleys, and mountains I can discover, the better. I’m not chasing extraordinary hobbies; everyday activities bring the most energy for the challenges at work.

Final thoughts

Catching up with Adam left us inspired about what’s ahead for the DACH region. His focus on innovation, teamwork, and sustainability sets the tone for exciting things to come.

We will be sharing more stories like Adam’s soon, so keep an eye out. And if you want to swap ideas or connect with him or the ESL team directly, feel free to drop a message.

The post Meet the Team: Adam Rack appeared first on Erlang Solutions .

On October 14th, the European Parliament will vote on a regulation that could effectively dismantle Europe&aposs emerging decentralized messaging ecosystem, and shake the broader European communication industry while failing to protect the children it claims to defend. Driven by Denmark&aposs fierce advocacy during its EU presidency, proposal 11596/25 – labeled &aposChat Control&apos by privacy advocates – finally faces a decisive moment after years of debate.

The proposal seems straightforward: require platforms to scan for child sexual abuse material. But the technical reality reveals a devastating contradiction : it demands the impossible from open, federated European alternatives while handing structural advantages to the very American tech giants Europe claims to want to regulate.

What the proposal actually requires

Proposal 11596/25 targets child sexual abuse material across a large range of services operating in the European Union: hosting services, interpersonal communications services, software application stores, internet access services, and online search engines. Under this regulation, these providers would be required to detect illegal content (images, URLs, text), report it to authorities, and remove it.

The scope goes far beyond what the European Parliament previously considered acceptable. In its balanced approach to child protection, Parliament explicitly rejected "widespread web scanning, blanket monitoring of private communications or the creation of backdoors in apps to weaken encryption." See: How the EU is fighting child abuse online .

This proposal abandons that restraint. It creates an obligation for service providers to scan all user traffic – encrypted or not – in search of illegal materials. More critically, it requires scanning private chat conversations before content is encrypted, not just publicly available content.

The risk of surveillance overreach

While child protection is undeniably crucial, the surveillance mechanisms described in this regulation create infrastructure that could threaten fundamental civil liberties . Once governments possess the technical capability to scan all private communications before encryption, the temptation to expand its use becomes overwhelming.

The concern isn&apost about protecting illegal content, it&aposs about protecting democratic discourse. Private conversations could become subject to monitoring based on shifting political definitions of harmful speech. What begins as child protection infrastructure could evolve into a tool for suppressing political opposition or monitoring dissenting opinions in private communications.

The infrastructure created for child protection becomes the foundation that future governments — potentially less democratic ones — could leverage to monitor any communications they consider threatening to their power.

This is what privacy advocates primarily focus on, and their concerns are valid. However, as operators of messaging infrastructure, we face more immediate technical realities that make this regulation unworkable regardless of its civil liberties implications.

Why the technical requirements are impossible to implement

As operators of XMPP messaging infrastructure in sensitive industries, like for example the medical sector, we face the practical reality of what this regulation would require. The technical demands in Articles 7 and 10 reveal fundamental misunderstandings about how modern communication systems actually work.

The architectural reality: In-band vs. out-of-band content

Modern messaging platforms fundamentally separate data types. Messages and protocol data transfer "in-band" through the messaging protocol, while binary content like images and documents transfers "out-of-band" because files are too large for messaging channels.

This creates an immediate problem for the regulation&aposs scanning requirements. When doctors share diagnostic images through our XMPP platform, the system works like this:

• Clients negotiate the exchange via XMPP (metadata visible to server)
• The medical file transfers peer-to-peer or via HTTPS upload with a unique, secure link
• The messaging server never sees the actual content – only the negotiation

The regulation can only scan in-band messaging content and metadata, not the out-of-band transfers where sensitive material could actually reside. It will break confidentiality of legitimate medical discussions without accessing the data it claims to monitor.

The open protocols impossibility

Article 10.1&aposs requirement to scan "prior to transmission" in end-to-end encrypted services assumes complete client control -- something impossible with open protocols like XMPP.

The regulation demands that service providers guarantee scanning occurs before encryption on every client. But XMPP is a standardized, open protocol where anyone can develop compatible clients. On an average XMPP server, more than 30 different clients coexist. How can we guarantee that each client respects scanning obligations when we cannot control their code?

The problem deepens with federation. XMPP servers interconnect, allowing users on different servers to exchange messages. When a message arrives from another server, it&aposs already been end-to-end encrypted by a client we have no control over. There&aposs no technical mechanism for the receiving server operator to enforce scanning requirements on clients that are not directly connected on its platform.

This creates an absurd regulatory requirement: we would need to either abandon open standards entirely or somehow police every piece of software that implements XMPP, including modified open-source clients that users could easily deploy to bypass scanning.

The circumvention reality

Real criminals can easily bypass these measures through three complementary approaches that the regulation fails to address:

Distributed architecture: Store content on external servers and share only URLs through chat, exactly what legitimate services like our XMPP platform already do naturally for file transfers.

External encryption: Encrypt content with PGP, GnuPG, or OpenSSL before uploading it anywhere, making scanning meaningless regardless of the platform&aposs capabilities.

Modified clients: Use altered XMPP or Matrix clients that automatically implement these behaviors, exploiting the same open-source flexibility that makes compliance impossible.

The result is predictable: the regulation will only catch criminals amateur enough to send illegal content directly as unencrypted attachments through unmodified clients. Meanwhile, it subjects all legitimate communications of European citizens to mass surveillance.

This isn&apost theoretical speculation. These methods are already standard practice across European messaging infrastructure, used by both legitimate services and bad actors alike.

The programmed death of European alternatives

This regulation creates a structural disadvantage for European communication services trying to build alternatives to American tech giants.

Complexity favors incumbents

Annex XIV reveals a scoring system of Kafkaesque complexity, requiring considerable resources for compliance. This complexity structurally favors large platforms, usually Americans, that can:

• Deploy massive financial resources to adapt their systems
• Control their closed ecosystems completely
• Distribute compliance costs across billions of users

The decentralized ecosystem under threat

Meanwhile, Europe&aposs emerging decentralized alternatives face impossible technical requirements. There are currently tens of thousands of independent XMPP servers, federated Matrix deployments, and GDPR-compliant solutions that represent Europe&aposs best chance for digital messaging independence . Can they comply with obligations designed around centralized architectures?

We operate several messaging servers on behalf of customers. Under this regulation, we face a stark choice: shut down services we cannot control completely, from clients to servers, or force our European clients to migrate for example to Microsoft Teams to avoid regulatory complications.

Conclusion

This technical analysis reveals a regulation that fails on multiple levels. It demands technical impossibilities from European service providers while offering trivial workarounds for actual criminals. It structurally advantages American tech giants over European alternatives at precisely the moment Europe seeks digital independence.

For communication service operators, this regulation creates an impossible choice : abandon open protocols and federated architectures that represent Europe&aposs best path to messaging independence, or face legal risks with high mitigation costs even in lawful, legitimate use cases.

The October 14th vote represents more than a policy choice about child protection. It&aposs a decision about whether Europe will cripple its own communication infrastructure in pursuit of surveillance capabilities that won&apost work as promised.

The current compromise proposal has been shared here: Proposal for a Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse - Presidency compromise texts . This seems is the most up to date version of the text I could find. Read the text and make your own assessment of whether Europe can afford to implement technical requirements that its own industry cannot comply with.

The IgniteRealtime community is happy to announce a new release of its open source, real-time communications server server Openfire! Version 5.0.2 brings a number of stability improvements and bug fixes.

Notably, it addresses a recently identified security vulnerability, identifies as CVE-2025-59154 . The issue allows for potential identity spoofing via unsafe Common Name attribute parsing. It is mostly applicable to what we perceive to be niche use-cases of Openfire. Please read the full security advisory for more information.

Openfire 5.0.2 is a bugfix release, with various bugfixes and improvements. Of particular interest to some will be the improvements made to the SystemD-based scripts (used in many Linux environments), which remove a few annoyances that were introduced in Openfire 5.0.1. Please refer to the full changelog for more details.

You can obtain the new version of Openfire for your platform from its download page . The checksums for the binaries are:

4e907c615b3a19af0a1b5ab68ae24825b737496f9cf1715c9feafe8f909086da  openfire-5.0.2-1.noarch.rpm
21271a6f22895852e50712236c45c7d213430171d5a3178474b8398f036ac07a  openfire_5.0.2_all.deb
06794a12acdd8f23ca3c40fcd7af1677d8108b4b23bb72424c2751b30cfb3d14  openfire_5_0_2.dmg
c1e830b5e016d0bcff40005cc7bb14c846fe0ec26fc5a3fc967c30e5b6d2e356  openfire_5_0_2.exe
c84ca15cd470d3233add97c852c738eb373859dc9968ad34ec581725164c8114  openfire_5_0_2.tar.gz
98b5cf96326c668efb18cd9347b808a5ef85162b4a0b703aaf8e29d82cc6c727  openfire_5_0_2_x64.exe
8e09ca3dc7fb84b116ce95d10bfa3ff045708cdac4b23bd3d78ccf318e8742d8  openfire_5_0_2.zip

We’d love to hear from you! Please join our community forum or group chat and let us know what you think!

For other release announcements and news follow us on Mastodon or X

1 post - 1 participant

Read full topic

Joining conferences is one of the best perks of working as a Developer at Erlang Solutions. Despite having attended multiple Code BEAM conferences in Europe, ElixirConf US 2025 was my first. The conference had 3 tracks, filled with talks from 45+ speakers and 400+ attendees, both in-person and virtual.

ElixirConf is one of the great occasions to connect with other Elixir enthusiasts in the community and get to learn what others have been doing as well as what the Elixir core team is planning for the future of the language.

The Atmosphere

Most of the faces were unfamiliar to me, but as expected from the BEAM community, everyone was super friendly. Most were not shy about approaching others, sharing about their own or their company’s experiences. The “hallway track” was always lively during the coffee break or during the talks.

Before the conference began, I had a tough time deciding which talk to attend. At other conferences I’ve been to, most of the talks were interesting, but not all were relevant to my daily work as an Elixir developer. That made it easier to prioritise which talks to attend live and which ones I could catch up on later if they overlapped.

ElixirConf was different. Many of the talks were not only interesting but also directly relevant to my work, and several were scheduled at the same time. This made it very difficult to decide which session to attend in person and which to leave for the recordings.

Some standout talks

Chris McCord’s Keynote: Elixir’s AI Future

One of the talks I was most looking forward to was the keynote by Chris McCord. I had previously watched the recording of his ElixirConfEU keynote about phoenix.new and was eager to see what new ideas he would bring to Elixir and the Phoenix framework, especially in terms of AI.

Chris talked about AI agents, how Elixir is well-suited for building them, and what the future of Elixir and AI might look like. He emphasised that it is not about chasing hype but about staying on the bleeding edge of technology: “building the things we want to build, building the things we want to see.”

He also shared his perspective on code generation, noting that it has made it easier for newcomers to get started with Elixir and Phoenix. In his view, the community is now in a strong position to attract developers from outside the ecosystem to give it a try.

Panel: Building Careers, Balancing Life

Another talk I was eager to hear was the panel discussion hosted by my Erlang Solutions colleague Lorena, together with Allison Randal, Savannah Manning, and Anna Sherman, three women from different backgrounds and stages of their careers.

It was great hearing stories from other women in the tech community and feeling inspired. The three panellists shared the stories and challenges they had faced in their careers. They also talked about the importance of having mentors, the community, and knowing the big picture, which helped them grow. The advice they gave during the talk was both very relatable and inspiring.

Joe Harrow: Beyond Safe Migrations

I also found Beyond Safe Migrations to be great food for thought. This talk was a very practical and solid example of what could go wrong in a live database migration, and the tool Cars Commerce was using to prevent that. Over the span of my career, I have written many database migrations, from small startup projects altering a table with only a few hundred rows to large-scale projects where the tables had millions of rows.

My team sometimes discussed strategies for altering existing tables, but most of the time we would just go ahead and make the changes. Listening to Joe, I learned about things that could have gone really wrong and that there is a systematic way of mitigating those risks.

Key Takeaways

All in all, Elixir Conf US was a great conference, packed with talks about experiences and challenges, new and upcoming technologies, and also about growing the community. There was, of course, a surge in AI-related talks, both from early adopters to the future of Elixir with AI.

I found that the main theme running through the conference was the growth and sustainability of the Elixir community. ElixirConf is well worth attending, whether you are just starting out or already an experienced developer.

The post ElixirConf US 2025: Highlights from My First ElixirConf appeared first on Erlang Solutions .

Last week, Spotify quietly launched direct messaging across its platform in selected areas, allowing users to share tracks and playlists through private conversations within the app. The feature was rolled out with minimal fanfare but significant media coverage, positioning itself as a complement to existing sharing mechanisms through Facebook, WhatsApp, and TikTok.

When I read this, I immediately wondered why they were bothering. We do not especially lack communication channels these days. So, Let’s take a step back and examine what Spotify is actually trying to accomplish here.

The Strange Case of Another Messaging App

We already have too many messaging apps to choose, either on mobile or mobile phones. Before I try to initiate a conversation with someone I do not often chat with, I find myself trying to remember what is her preferred messaging platform. So, adding to an app some sorts of real time messaging and live interaction features can bring value, but it has to serve a purpose and respond to some user needs.

In that context, Spotify’s decision to roll out direct messaging support feels odd. Users can already share music through established platforms where their friends actually are. They can post discoveries on social media, send links through WhatsApp, or create collaborative playlists. Why would anyone choose to message someone specifically within Spotify when they’re already connected elsewhere?

The problem is that Spotify failed to make a compelling argument for why users should discuss with friends through yet another messaging system, even if this is to talk about music. Launching a special purpose communication service is risky. When Apple Music attempted to build Ping, a social network of music fans, it failed spectacularly. Spotify’s own social experiments haven’t fared much better. Remember Greenroom, their audio-focused social platform that quietly disappeared?

This initiative becomes even more puzzling when we consider Spotify’s own history. The company built its initial viral growth through Facebook integration, leveraging social connections to drive adoption.

And now, seemingly, they are trying to reclaim that social layer for themselves?

What’s Really Happening Under the Hood

The technical implementation reveals interesting choices. According to available reports, the messaging system relies on a RESTful API over HTTPS with TLS 1.3 encryption and JSON Web Tokens for session authentication. Notably absent? End-to-end encryption.

And this absence tells us that the feature is not considered as a standard messaging service yet, but simply an alternative way to share favorite tracks and discuss them, and a possible a move to reduce the amount of data exposed to other social networks and messaging.

The Data Intelligence Play

Messaging features can provide enormous value when you have a strong daily user base, but only when they address a clear user need. Spotify’s messaging doesn’t seem designed for users. It feels designed for Spotify’s recommendation algorithms.

Every shared track, every reaction, every conversation thread becomes a new data point in Spotify’s machine learning models. Who shares what with whom? Which songs generate discussion? How do musical tastes spread through social networks? This intelligence is pure gold for a recommendation engine that already struggles to compete with YouTube Music’s discovery capabilities.

Private messaging amplifies this data collection while keeping the intelligence proprietary, unlike public social sharing, where competitors might also benefit.

Strategic Confusion or Calculated Move?

So, is this really all about data collection and control?

This is where Spotify’s European identity becomes relevant. As a Swedish company competing against American tech giants, there may be strategic value in reducing dependence on US or controlled Chinese social platforms. Every track shared through WhatsApp (Meta) or TikTok (ByteDance) represents data flowing to potential competitors or partners with their own agenda.

Building an internal messaging system allows Spotify to capture that social intelligence directly while reducing what they share with other platforms. From a data sovereignty perspective, this makes sense, especially for a European player navigating an increasingly fragmented global tech landscape.

And they may hope at some point to play a larger role in messaging platforms in general, as we deeply miss a large player in the messaging field in Europe. It may be a play to test the waters.

As we help companies reclaim their independence by building their own messaging service, this goal resonates strongly with us. However, building a successful messaging platform requires being able to create momentum around the service if it wants to attract enough users and traffic. It cannot be launched halfheartedly.

The Missing Strategic Vision

The fundamental problem isn’t technical. It’s strategic clarity. Spotify has a recommendation engine that could benefit from social signals, a creator platform focused on podcasts and videos, and a user base that already shares music socially. The ingredients for a compelling set of social features exist.

But launching messaging without addressing the basic question of “Why would I message someone here instead of where we already talk?” suggests a feature developed in isolation from user needs. It resembles the countless platform features that launch with media coverage but die quietly when adoption numbers disappoint.

What would make this feature compelling? Integration with Spotify’s creator tools, perhaps allowing artists to connect directly with fans. Or collaborative listening live sessions where messaging enhances shared musical experiences. Or leveraging Spotify’s podcast ecosystem to enable discussion around episodes.

Instead, we get generic messaging that competes with platforms where users’ friends actually are.

So, what’s Spotify’s real goal?

I see two possible options here: a pessimistic and a more optimistic one.

Perhaps the most interesting aspect of this launch is what it reveals about Spotify’s growth concerns. A mature platform doesn’t typically add generic social features unless it’s worried about engagement metrics or looking for new growth vectors.

They may want their users to spend more time in its interface, instead of most of the time, passively using that app through a player exposed as a widget in the mobile operating system.

The timing suggests Spotify sees either limited growth ahead or a competitive threat that requires better user data. Given the AI revolution in music generation and the ongoing battles over royalty structures, capturing more nuanced data about user preferences and social music behavior could be crucial for maintaining relevance.

But there’s a more optimistic reading: this could represent a European tech company trying to assert more independence from American social platforms. In a world where data is power, controlling your own social graph has strategic value.

The execution, however, suggests Spotify hasn’t quite figured out how to articulate this vision to users. Until they do, this messaging feature risks joining the graveyard of platform additions that made sense to product managers but never found their audience.

In a world already oversaturated with communication channels, every new messaging system needs to answer a simple question: Why here instead of everywhere else users are already talking? Spotify hasn’t answered that question yet.

This new version includes a few new XEP plugins as well as fixes, notably for some leftover issues in our rust JID code, as well as one for a bug that caused issues in Home Assistant.

Thanks to everyone who contributed with code, issues, suggestions, and reviews!

Healthcare is moving quickly, and technology is playing a big part in that shift. The way information is collected, the way patients are cared for, and the way hospitals run are all changing.

Over the past year, our team has written about some of the most important trends shaping the future of healthcare. In this round-up, we bring together three of those articles: remote patient monitoring, big data, and generative AI.

Maybe you have been following along, or maybe one or two of these slipped past you. Either way, this is a chance to catch up on the ideas that are influencing healthcare right now.

What is Remote Patient Monitoring?

Remote Patient Monitoring (RPM) is already changing everyday care. With the help of connected devices, clinicians can see what’s happening with patients at home, step in earlier when something changes, and prevent unnecessary hospital stays.

“ What is Remote Patient Monitoring? ” sets out how RPM works, the devices that make it possible (from blood pressure monitors to smart inhalers), and why it is now a priority for healthcare leaders. The article shows how RPM is transforming chronic disease management, post-operative recovery, elderly care, and clinical trials, while driving down system costs by up to 40 per cent.

Digital care models like virtual wards are no longer experiments. They are reshaping the NHS and health systems worldwide, and this guide explains why.

Understanding Big Data in Healthcare

Healthcare produces enormous amounts of information every day. Patient records, medical scans, wearables, and research all add to the mix, and the real challenge is turning it into something useful. Done well, big data can improve care, reduce costs, and even speed up medical breakthroughs.

“ Understanding Big Data in Healthcare” breaks down the fundamentals, including the three V’s that define it: volume, velocity, and variety. You’ll see how providers are already using data to personalise treatments, predict health trends, and cut readmissions by up to 20 per cent. The article also shows how it can shorten clinical trial times by 30 per cent and reduce costs by as much as 50 per cent.

But with opportunity comes risk. The average cost of a healthcare data breach now stands at $9.77 million, making security a top priority for every provider. The article looks at the biggest threats, the regulations shaping data use, and how technologies like Erlang, Elixir, and SAFE can help keep information secure and systems reliable.

How Generative AI is Transforming Healthcare

With adoption already valued at more than $1.6 billion, generative AI is fast becoming one of the biggest drivers of change in healthcare. The global AI in healthcare market is projected to hit $45.2 billion by 2026, reflecting the scale of its potential to improve patient outcomes, support clinicians, and make systems more efficient.

In “How Generative AI is Transforming Healthcare” , we look at how it differs from traditional AI and why its flexibility makes it such a powerful tool for the industry. The article explores real-world applications such as personalised treatment plans, predictive analytics, enhanced diagnostics, virtual health assistants, and even accelerating drug discovery.

It also considers the future of AI in healthcare, including the need to address challenges around privacy, regulation, and patient trust. With the right planning and technologies like Elixir supporting scalable and reliable systems, generative AI could help shape a new era of patient-centred care.

To conclude

That wraps up our latest healthcare round-up. We hope this guide helps you cut through the noise and get a clear picture of the trends that matter most right now.

If something here has sparked your interest, whether it’s the possibilities of remote monitoring, the power of data, or the promise of generative AI, we would love to keep the conversation going. So get in touch .

Here’s to smarter systems, healthier outcomes, and more confident decision-making in healthcare.

The post Healthcare Blog Round-Up appeared first on Erlang Solutions .

Release Highlights:

This release includes the support for Hydra rooms in our Matrix gateway, which fixes high severity protocol vulnerabilities.

• Improvements in Matrix gateway
• Fixed ACME in Erlang/OTP 28.0.2
• New mod_providers to serve XMPP Providers file

If you are upgrading from a previous version, there are no changes in SQL schemas, configuration, API commands or hooks.

Other contents:

• Improved Unicode support in configuration
• New option conversejs_plugins to enable OMEMO
• Easier erlang node name change with mnesia_change
• Colorized interactive log
• Document API tags in modules
• Acknowledgments
• Improvements in ejabberd Business Edition
• ChangeLog
• ejabberd 25.08 download & feedback

Below is a detailed breakdown of the improvements and enhancements:

Improvements in Matrix gateway

The ejabberd Matrix gateway now supports Hydra rooms (Matrix room version 12). This fix some high severity protocol vulnerabilities . The state resolution has been partially rewritten in our gateway.

A double colon is used for separating a matrix server from a room ID in JID with Hydra rooms.

Other changes to the matrix gateway:

• The new option notary_servers of mod_matrix_gw can now be used to set a list of notary servers.
• Add leave_timeout option to mod_matrix_gw (#4386)
• Don&apost send empty direct Matrix messages (thanks to snoopcatt) (#4420)

Fixed ACME in Erlang/OTP 28.0.2

The ejabberd 25.07 release notes mentioned that Erlang/OTP 28.0.1 was not yet fully supported because there was a problem with ACME support.

Good news! this problem with ACME is fixed and tested to work when using Erlang/OTP 28.0.2, the latest p1_acme library, and ejabberd 25.08.

If you are playing with ejabberd and Erlang/OTP 28, please report any problem you find. If you are running ejabberd in production, better stick with Erlang/OTP 27.3, this is the one used in installers and container images.

New mod_providers to serve XMPP Providers file

mod_providers is a new module to serve easily XMPP Providers files.

The standard way to perform this task is to first generate the Provider File , store in the disk with the proper name, and then serve the file using an HTTP server or mod_http_fileserver . And repeat this for each vhost.

Now this can be replaced with mod_providers, which automatically sets some values according to your configuration. Try configuring ejabberd like:

listen:
  -
    port: 443
    module: ejabberd_http
    tls: true
    request_handlers:
      /.well-known/xmpp-provider-v2.json: mod_providers

modules:
  mod_providers: {}

Check the URL https://localhost:443/.well-known/xmpp-provider-v2.json , and finetune it by setting a few mod_providers options.

Improved Unicode support in configuration

When using non-latin characters in a vhost served by ejabberd, you can write it in the configuration file as unicode, or using the IDNA/punycode. For example:

hosts:
  - localhost1
  - locälhost2
  - xn--loclhost4-x2a
  - 日本語

host_config:
  "locälhost2":
    modules:
      mod_disco: {}
      mod_muc:
        host: "conference3.@HOST@"
  "xn--loclhost4-x2a":
    modules:
      mod_disco: {}
      mod_muc:
        host: "conference4.@HOST@"

This raises a problem in mod_http_upload if the option put_url contains the @HOST@ keyword. In that case, please use the new predefined keyword HOST_URL_ENCODE .

This change was also applied to ejabberd.yml.example .

New option conversejs_plugins to enable OMEMO

mod_conversejs gets a new option conversejs_plugins that points to additional local files to include as scripts in the homepage.

Right now this is useful to enable OMEMO encryption .

Please make sure those files are available in the path specified in conversejs_resources option, in subdirectory plugins/ . For example, copy a file to path /home/ejabberd/conversejs-x.y.z/package/dist/plugins/libsignal-protocol.min.js and then configure like:

modules:
  mod_conversejs:
    conversejs_resources: "/home/ejabberd/conversejs-x.y.z/package/dist"
    conversejs_plugins: ["libsignal-protocol.min.js"]

If you are using the public Converse client, then you can set \"libsignal\" , which gets replaced with the URL of the public library. For example:

modules:
  mod_conversejs:
    conversejs_plugins: ["libsignal"]
    websocket_url: "ws://@HOST@:5280/websocket"

Easier erlang node name change with mnesia_change

ejabberd uses by default the distributed Mnesia database. Being distributed, Mnesia enforces consistency of its file, so it stores the Erlang node name, which may include the hostname of the computer.

When the erlang node name changes (which may happen when changing the computer name, or moving ejabberd to another computer), then mnesia refused to start with an error message like this:

2025-08-21 11:06:31.831594+02:00 [critical]
  Erlang node name mismatch:
  I&aposm running in node [ejabberd2@localhost],
  but the mnesia database is owned by [ejabberd@localhost]
2025-08-21 11:06:31.831782+02:00 [critical]
  Either set ERLANG_NODE in ejabberdctl.cfg
  or change node name in Mnesia

To change the computer hostname in the mnesia database, it was required to follow a tutorial with 10 steps that starts ejabberd a pair of times and runs the mnesia_change_nodename API command.

Well, now all this tutorial is implemented in one single command for the ejabberdctl command line script. When mnesia refuses to start due to an erlang node name change, it mentions that new solution:

$ echo "ERLANG_NODE=ejabberd2@localhost" >>_build/relive/conf/ejabberdctl.cfg

$ ejabberdctl live
2025-08-21 11:06:31.831594+02:00 [critical]
  Erlang node name mismatch:
  I&aposm running in node [ejabberd2@localhost],
  but the mnesia database is owned by [ejabberd@localhost]
2025-08-21 11:06:31.831782+02:00 [critical]
  Either set ERLANG_NODE in ejabberdctl.cfg
  or change node name in Mnesia by running:
  ejabberdctl mnesia_change ejabberd@localhost

Let&aposs use the new command to change the erlang node name stored in the mnesia database:

$ ejabberdctl mnesia_change ejabberd@localhost

==> This changes your mnesia database from node name &aposejabberd@localhost&apos to &aposejabberd2@localhost&apos

...

==> Finished, now you can start ejabberd normally

Great! Now ejabberd can start correctly:

$ ejabberdctl live
...
2025-08-21 11:18:52.154718+02:00 [info]
  ejabberd 25.07.51 is started in the node ejabberd2@localhost in 1.77s

Notice that the command mnesia_change must start and stop ejabberd a pair of times. For that reason, it cannot be implemented as an API command . Instead, it is implemented as an ejabberdctl command directly in the ejabberdctl command line script.

Colorized interactive log

When ejabberd starts with an erlang shell using Mix, it prints error lines in a remarkable color: orange for warnings and red for errors. This helps to detect those lines when reading the log interactively.

Now this is also supported when using Rebar3. To test it, start ejabberd either:

• ejabberdctl live : to start interactive mode with erlang shell
• ejabberdctl foreground : to start in server mode with attached log output

You will see log lines colorized with:

• green+white for informative log messages
• grey for debug
• yellow for warnings
• red for errors
• magenta for messages coming from other Erlang libraries (xmpp, OTP library), not ejabberd itself

Document API Tags in modules

Many ejabberd modules implement their own API commands , and now the documentation of those modules mention which tags contain their commands.

See for example at the end of modules mod_muc_admin , mod_private or mod_antispam .

Unfortunately, many early API commands were implemented in mod_admin_extra , which includes commands related to account management, vcard, roster, private, ... and consequently those are not mentioned in their corresponding modules documentation.

Acknowledgments

We would like to thank the contributions to the source code provided for this release by:

• mod_matrix_gw: Don&apost send empty direct Matrix messages (thanks to snoopcatt) (#4420)
• Holger Weiß for improvements in the installers, HTTP file upload and mod_register
• marc0s for the improvement in MUC

And also to all the people contributing in the ejabberd chatroom, issue tracker...

Improvements in ejabberd Business Edition

Customers of the ejabberd Business Edition , in addition to all those improvements and bugfixes, also get the following changes:

New module mod_dedup

This module removes duplicates of read receipts sent by concurrent sessions of single user, this will prevent both delivery and storage in archive of duplicates.

Limits in mod_unread queries

Queries issued to mod_unread can now declare maximum number and age of returned results. This can also be tweaked with new options of that module.

ChangeLog

This is a more complete list of changes in this ejabberd release:

API Commands

• ban_account : Run sm_kick_user event when kicking account ( #4415 )
• ban_account : No need to change password ( #4415 )
• mnesia_change : New command in ejabberdctl script that helps changing the mnesia node name

Configuration

• Rename auth_password_types_hidden_in_scram1 option to auth_password_types_hidden_in_sasl1
• econf : If a host in configuration is encoded IDNA, decode it ( #3519 )
• ejabberd_config : New predefined keyword HOST_URL_ENCODE
• ejabberd.yml.example : Use HOST_URL_ENCODE to handle case when vhost is non-latin1
• mod_conversejs : Add option conversejs_plugins ( #4413 )
• mod_matrix_gw : Add leave_timeout option ( #4386 )

Documentation and Tests

• COMPILE.md : Mention dependencies and add link to Docs ( #4431 )
• ejabberd_doc : Document commands tags for modules
• CI: bump XMPP-Interop-Testing/xmpp-interop-tests-action ( #4425 )
• Runtime: Raise the minimum Erlang tested to Erlang/OTP 24

Installers and Container

• Bump Erlang/OTP version to 27.3.4.2
• Bump OpenSSL version to 3.5.2
• make-binaries : Disable Linux-PAM&aposs logind support

Core and Modules

• Bump p1_acme to fix &aposAttributePKCS-10&apos and OTP 28 ( processone/p1_acme#4 )
• Prevent loops in xml_compress:decode with corrupted data
• ejabberd_auth_mnesia : Fix issue with filtering duplicates in get_users()
• ejabberd_listener : Add secret in temporary unix domain socket path ( #4422 )
• ejabberd_listener : Log error when cannot set definitive unix socket ( #4422 )
• ejabberd_listener : Try to create provisional socket in final directory ( #4422 )
• ejabberd_logger : Print log lines colorized in console when using rebar3
• mod_conversejs : Ensure assets_path ends in / as required by Converse ( #4414 )
• mod_conversejs : Ensure plugins URL is separated with / ( #4413 )
• mod_http_upload : Encode URLs into IDNA when showing to XMPP client ( #3519 )
• mod_matrix_gw : Add support for null values in is_canonical_json ( #4421 )
• mod_matrix_gw : Don&apost send empty direct Matrix messages ( #4420 )
• mod_matrix_gw : Matrix gateway updates
• mod_muc : Report db failures when restoring rooms
• mod_muc : Unsubscribe users from members-only rooms when expelled ( #4412 )
• mod_providers : New module to serve easily XMPP Providers files
• mod_register : Don&apost duplicate welcome subject and message
• mod_scram_upgrade : Fix format of passwords updates
• mod_scram_upgrade : Only offer upgrades to methods that aren&apost already stored

Full Changelog

https://github.com/processone/ejabberd/compare/25.07...25.08

ejabberd 25.08 download & feedback

As usual, the release is tagged in the Git source code repository on GitHub .

The source package and installers are available in ejabberd Downloads page. To check the *.asc signature files, see How to verify ProcessOne downloads integrity .

For convenience, there are alternative download locations like the ejabberd DEB/RPM Packages Repository and the GitHub Release / Tags .

The ecs container image is available in docker.io/ejabberd/ecs and ghcr.io/processone/ecs . The alternative ejabberd container image is available in ghcr.io/processone/ejabberd .

If you consider that you&aposve found a bug, please search or fill a bug report on GitHub Issues .