Service Notices

To learn about major updates related to the jabber.org IM service, please follow us on identi.ca or Twitter, or subscribe to the JUser email list.

2014-04-08: OpenSSL Upgrade
In response to the Heartbleed bug, upgraded the version of OpenSSL used at jabber.org to help prevent information leakage.
2014-03-19: Cipher Suite Upgrades for Improved Security
In order to improve the security of your connections to the jabber.org IM service, we have upgraded the list of cipher suites that we support for Transport Layer Security (TLS). Specifically, we have removed a number of weak cipher suites that provide low levels of protection. As a result of these changes, it is possible that some client software will not able to connect (e.g., very old clients, and software exported to certain countries). Please post to the juser@jabber.org discussion list if you experience difficulties.
2014-02-06: Distributed Denial of Service Attacks
The jabber.org IM service has been under attack over the last several days. As a result, your connectivity might be intermittent and message delivery might be slow. In addition, we have temporarily blocked communication with a number of other XMPP servers on the Internet to protect the jabber.org server. Please see our post at http://mail.jabber.org/pipermail/juser/2014-February/007048.html for further details.
2014-01-03: First Encryption Test Day
On January 4, we will perform a test of requiring encrypted connections to other XMPP services on the Internet. During this test, it is possible that you will not be able to chat with friends at other domains, including Google Talk. Please visit http://www.jabber.org/security.html for details.
2013-12-18: Security Plan
We are planning a series of security improvements, including mandated encryption of client connections. Please visit http://www.jabber.org/security.html for details.
2013-09-24: Where We Stand
We seem to be over the worst of the upgrade issues now. Reliability appears better than before, we are supporting nearly twice as many concurrent users, and many new features have been added. Please let us know if you notice any odd behaviors, and thanks for bearing with us.
2013-08-21: Certificate Fix
After completing the server upgrade, we also corrected the order of information in the digital certificate for jabber.org, which means you should no longer receive certificate warnings when logging in.
2013-08-20: Migration Complete
The server migration was completed earlier today. Expect some residual instability as we iron out various wrinkles. Many thanks to the Isode team for all their hard work on the upgrade! And thanks to the users of jabber.org for your patience. :-)
2013-08-18: Server Migration
On Tuesday, August 20, the jabber.org IM service will be migrated to a new server machine, generously donated by Isode. If all goes well, we will have a few hours of downtime. If not all goes well, we will most likely revert to the current machine and attempt the migration on another day. Please follow us on Identi.ca or Twitter for real-time updates.
2013-06-25: IPv6 Restored
IPv6 support was restored today around 07:00 local time (U.S. Central Time).
2013-06-25: Registration Disabled
We have temporarily disabled account registration at the jabber.org IM service while we migrate the account database to a new machine. We will enable the web registration form again as soon as possible! In the meantime, you can create an account at any other public XMPP service.
2013-06-24: IPv6 Outage
Our hosting provider is experiencing an outage with IPv6 support. No ETA for a fix. We'll post again when we know more.
2013-03-05: Corrected Security Certificate
The security certificate that we installed in December used a SHA-256 fingerprint, which theoretically is more secure but which some existing software can't handle yet. Therefore we have installed a corrected certificate using a SHA-1 fingerprint. If you've been receiving a certificate warning for the last few months, you shouldn't receive those anymore.
2013-01-15: Non-ASCII Characters Disallowed in New Accounts
In response to several recent instances of abuse, we have disallowed non-ASCII characters in new accounts registered at the jabber.org IM service. This policy does not apply to existing accounts.
2012-10-09: Registration Re-Opened
We have re-opened account registration at <https://register.jabber.org/>.
2012-09-25: Updated Service Policy
Version 1.1 of the jabber.org service policy is now in effect.
2012-08-22: Disabled Accounts
Recently the jabber.org IM service has been the victim of massive and repeated denial of service attacks. The admin team strongly suspects that these attacks are related to the widespread and abusive use of jabber.org accounts by "customers" of KBot, a program for cheating at the DarkOrbit game. Even if the DoS attacks prove to be unrelated to KBot, the admin team has decided that use of jabber.org to communicate with KBot violates the jabber.org service policy. Although we are in the process of updating the service policy to more clearly define how this kind of usage is abusive, the dire nature of the current threat has forced us to take more immediate action. Therefore, we are disabling the accounts of every jabber.org user who communicates with KBot, and we have disabled new account registration to prevent further communication between jabber.org users and KBot. We do not take this step lightly, but given the current circumstances we have no other choice.
2012-08-22: Account Registration Disabled
As part of our defensive measures against repeated DoS attacks, we have disabled new account registration until further notice.
2012-08-21: Another Denial of Service
The previous DDoS attack has started again. As before, fallback measures are in place, but if your IM client doesn't handle DNS SRV records correctly then you might not be able to connect.
2012-08-20: Proposed Changes to the Service Policy
We have posted proposed changes to the policy that governs use of the jabber.org IM service. Details, links, and instructions for providing feedback can be found in our post to the juser@jabber.org email list, see http://mail.jabber.org/pipermail/juser/2012-August/006869.html.
2012-08-15: Service Restored
We were able to completely restore service today. However, it is quite possible that the denial of service attack could be launched again at any time. If you were unable to connect during the outage, we recommend that you consider using a different IM client or reporting a bug to the developers of the IM client you use, since standard DNS fallback and XMPP reconnection methods should have been sufficient to keep you online after the first few hours of the attack.
2012-08-12: Denial of Service
Today we have experienced a distributed denial of service attack against the jabber.org IM service. Although the web server and email server are running fine, we have been forced to take the IM service offline until your (volunteer!) admin team has time to determine appropriate countermeasures. UPDATE 2012-08-12: We've made some DNS fixes and some clients are now able to connect.