Pidgin Changelog

What's new in Pidgin 2.12.0

Mar 10, 2017

libpurple:
Fix an out of bounds memory read in purple_markup_unescape_entity. CVE-2017-2640
Fix use of uninitialised memory if running non-debug-enabled versions of glib
Updated AIM dev and dist ID's to new ones that were assigned by AOL.
TLS certificate verification now uses SHA-256 checksums.
Fixed SASL external auth for Freenode.
Removed the MSN protocol plugin. It has been unusable and dormant for some time. MSNP18 has been discontinued and the protocol plugin would require a large update to start working again. See: http://ismsndeadyet.com/ The third-party Pidgin SkypeWeb plugin, however, should provide enough functionality as a replacement if people still want to use MSN: https://github.com/EionRobb/skype4pidgin/tree/master/skypeweb
Removed Mxit protocol plugin. The service was closed at the end of September 2016. See https://pidgin.im/pipermail/devel/2016-September/024078.htm
Removed the MySpaceIM protocol plugin. The service has been defunct for a long time. (#15356)
Remove the Yahoo! protocol plugin. Yahoo has completely reimplemented their protocol, so this version is no longer operable as of August 5th, 2016. A new protocol plugin has been written to support the new protocol. It can be found here. This also removes support for Yahoo! Japan. According to http://messenger.yahoo.co.jp/ the service ended March 26th, 2014.
Remove the Facebook (XMPP) account option. According to https://developers.facebook.com/docs/chat the XMPP Chat API service ended April 30th, 2015. A new protocol plugin has been written, using a different method, to support Facebook. It can be found at https://github.com/dequis/purple-facebook/wiki
Fixed gnutls certificate validation errors that mainly affected google (Dequis)
General:
Replaced instances of d.pidgin.im with developer.pidgin.im and updated the urls to use https. (#17036)
IRC:
Fixed issue of messages being silently cut off at 500 characters. Large messages are now split into parts and sent one by one. (#4753)

New in Pidgin 2.11.0 (Jun 21, 2016)

General:
2.10.12 was accidentally released with new additions to the API and should have been released as 2.11.0. Unfortunately, we did not catch the mistake until after 2.10.12 was released, but we're fixing it now. See ChangeLog.API for more information.
Include the Mozilla certificate bundle. This fixes connecting to servers with certificates from Let's Encrypt. Remove all 1024-bit CAs
libpurple:
media: fix an issue with ximagesink displaying only a corner cut-out of a larger webcam video (Jakub Adam)
mediamanager: update output window destruction so that it reflects recent changes in the media pipeline structure (Jakub Adam)
Ported Instantbird's CommandUiOps to libpurple (Dequis)
Pidgin:
Fixed #14962
Fixed alignment of incoming right-to-left messages in protocols that don't support rich text
Fix a potential crash while exiting pidgin
AIM:
Add support for the newer kerberos-based authentication of AIM 8.x
Windows-Specific Changes:
Use getaddrinfo for DNS to enable IPv6 (#1075)
Updates to dependencies: NSS 3.24 and NSPR 4.12.
Bonjour
Fixed building on Mac OSX (Patrick Cloke) (#16883)
ICQ:
Stop truncating passwords to 8 characters like old ICQ clients did. (#16692). If you actually needed this, truncate your password manually by pressing backspace a few times.
IRC:
Base64-decode SASL messages before passing to libsasl (#16268)
MXit:
Fixed a buffer overflow. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0120)
Fixed a remote out-of-bounds read. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0140)
Fixed a remote out-of-band read. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0138, TALOS-CAN-0135)
Fixed an invalid read. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0118)
Fixed a remote buffer overflow vulnerability. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0119)
Fixed an out-of-bounds read discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0123)
Fixed a directory traversal issue. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0128)
Fixed a remote denial of service vulnerability that could result in a null pointer dereference. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0133)
Fixed a remote denial of service that could result in an out-of-bounds read. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0134)
Fixed multiple remote buffer overflows. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0136)
Fixed a remote NULL pointer dereference. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0137)
Fixed a remote code execution issue discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0142)
Fixed a remote denial of service vulnerability in contact mood handling. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0141)
Fixed a remote out-of-bounds write vulnerability. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0139)
Fix a remote out-of-bounds read. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0143)

New in Pidgin 2.10.12 (Jan 4, 2016)

New in Pidgin 2.10.11 (Nov 24, 2014)

New in Pidgin 2.10.10 (Oct 22, 2014)

General:
Check the basic constraints extension when validating SSL/TLS certificates. This fixes a security hole that allowed a malicious man-in-the-middle to impersonate an IM server or any other https endpoint. This affected both the NSS and GnuTLS plugins. (Discovered by an anonymous person and Jacob Appelbaum of the Tor Project, with thanks to Moxie Marlinspike for first publishing about this type of vulnerability. Thanks to Kai Engert for guidance and for some of the NSS changes) (CVE-2014-3694)
Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL. (Elrond and Ashish Gupta) (#15909)
libpurple3 compatibility:
Encrypted account passwords are preserved until the new one is set.
Fix loading Google Talk and Facebook XMPP accounts.
Windows-Specific Changes:
Don't allow overwriting arbitrary files on the file system when the user installs a smiley theme via drag-and-drop. (Discovered by Yves Younan of Cisco Talos) (CVE-2014-3697)
Updates to dependencies
NSS 3.17.1 and NSPR 4.10.7
Finch:
Fix build against Python 3. (Ed Catmur) (#15969)
Gadu-Gadu:
Updated internal libgadu to version 1.12.0.
Groupwise:
Fix potential remote crash parsing server message that indicates that a large amount of memory should be allocated. (Discovered by Yves Younan and Richard Johnson of Cisco Talos) (CVE-2014-3696)
IRC:
Fix a possible leak of unencrypted data when using /me command with OTR. (Thijs Alkemade) (#15750)
MXit:
Fix potential remote crash parsing a malformed emoticon response. (Discovered by Yves Younan and Richard Johnson of Cisco Talos) (CVE-2014-3695)
XMPP:
Fix potential information leak where a malicious XMPP server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul Aurich) (CVE-2014-3698)
Fix Facebook XMPP roster quirks. (#15041, #15957)
Yahoo:
Fix login when using the GnuTLS library for TLS connections. (#16172)

New in Pidgin 2.10.9 (Feb 3, 2014)

New in Pidgin 2.10.8 (Jan 28, 2014)

General:
Python build scripts and example plugins are now compatible with Python 3. (Ashish Gupta) (#15624)
libpurple:
Fix potential crash if libpurple gets an error attempting to read a reply from a STUN server. (Discovered by Coverity static analysis) (CVE-2013-6484)
Fix potential crash parsing a malformed HTTP response. (Discovered by Jacob Appelbaum of the Tor Project) (CVE-2013-6479)
Fix buffer overflow when parsing a malformed HTTP response with chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent) (CVE-2013-6485)
Better handling of HTTP proxy responses with negative Content-Lengths. (Discovered by Matt Jones, Volvent)
Fix handling of SSL certificates without subjects when using libnss.
Fix handling of SSL certificates with timestamps in the distant future when using libnss. (#15586)
Impose maximum download size for all HTTP fetches.
Pidgin:
Fix crash displaying tooltip of long URLs. (CVE-2013-6478)
Better handling of URLs longer than 1000 letters.
Fix handling of multibyte UTF-8 characters in smiley themes. (#15756)
Windows-Specific Changes:
When clicking file:// links, show the file in Explorer rather than attempting to run the file. This reduces the chances of a user clicking on a link and mistakenly running a malicious file. (Originally discovered by James Burton, Insomnia Security. Rediscovered by Yves Younan of Sourcefire VRT.) (CVE-2013-6486)
Fix Tcl scripts. (#15520)
Fix crash-on-startup when ASLR is always on. (#15521)
Updates to dependencies:
NSS 3.15.4 and NSPR 4.10.2
Pango 1.29.4-1daa. Patched for https://bugzilla.gnome.org/show_bug.cgi?id=668154
AIM:
Fix untrusted certificate error.
AIM and ICQ:
Fix a possible crash when receiving a malformed message in a Direct IM session.
Gadu-Gadu:
Fix buffer overflow with remote code execution potential. Only triggerable by a Gadu-Gadu server or a man-in-the-middle. (Discovered by Yves Younan and Ryan Pentney of Sourcefire VRT) (CVE-2013-6487)
Disabled buddy list import/export from/to server (it didn't work anymore). Buddy list synchronization will be implemented in 3.0.0.
Disabled new account registration and password change options, as it didn't work either. Account registration also caused a crash. Both functions are available using official Gadu-Gadu website.
IRC:
Fix bug where a malicious server or man-in-the-middle could trigger a crash by not sending enough arguments with various messages. (Discovered by Daniel Atallah) (CVE-2014-0020)
Fix bug where initial IRC status would not be set correctly.
Fix bug where IRC wasn't available when libpurple was compiled with Cyrus SASL support. (#15517)
MSN:
Fix NULL pointer dereference parsing headers in MSN. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6482)
Fix NULL pointer dereference parsing OIM data in MSN. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6482)
Fix NULL pointer dereference parsing SOAP data in MSN. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6482)
Fix possible crash when sending very long messages. Not remotely-triggerable. (Discovered by Matt Jones, Volvent)
MXit:
Fix buffer overflow with remote code execution potential. (Discovered by Yves Younan and Pawel Janic of Sourcefire VRT) (CVE-2013-6489)
Fix sporadic crashes that can happen after user is disconnected.
Fix crash when attempting to add a contact via search results.
Show error message if file transfer fails.
Fix compiling with InstantBird.
Fix display of some custom emoticons.
SILC:
Correctly set whiteboard dimensions in whiteboard sessions.
SIMPLE:
Fix buffer overflow with remote code execution potential. (Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6490)
XMPP:
Prevent spoofing of iq replies by verifying that the 'from' address matches the 'to' address of the iq request. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen, fixed by Thijs Alkemade) (CVE-2013-6483)
Fix crash on some systems when receiving fake delay timestamps with extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477)
Fix possible crash or other erratic behavior when selecting a very small file for your own buddy icon.
Fix crash if the user tries to initiate a voice/video session with a resourceless JID.
Fix login errors when the first two available auth mechanisms fail but a subsequent mechanism would otherwise work when using Cyrus SASL. (#15524)
Fix dropping incoming stanzas on BOSH connections when we receive multiple HTTP responses at once. (Issa Gorissen) (#15684)
Yahoo!:
Fix possible crashes handling incoming strings that are not UTF-8. (Discovered by Thijs Alkemade and Robert Vehse) (CVE-2012-6152)
Fix a bug reading a peer to peer message where a remote user could trigger a crash. (CVE-2013-6481)
Plugins:
Fix crash in contact availability plugin.
Fix perl function Purple::Network::ip_atoi
Add Unity integration plugin.

New in Pidgin 2.10.7 (Feb 13, 2013)

General:
The configure script will now exit with status 1 when specifying invalid protocol plugins using the --with-static-prpls and --with-dynamic-prpls arguments. (Michael Fiedler) (#15316)
libpurple:
Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274)
Don't link directly to libgcrypt when building with GnuTLS support. (Bartosz Brachaczek) (#15329)
Fix UPnP mappings on routers that return empty elements in their response. (Ferdinand Stehle) (#15373)
Tcl plugin uses saner, race-free plugin loading.
Fix the Tcl signals-test plugin for savedstatus-changed. (Andrew Shadura) (#15443)
Pidgin:
Make Pidgin more friendly to non-X11 GTK+, such as MacPorts?' +no_x11 variant.
Gadu-Gadu:
Fix a crash at startup with large contact list. Avatar support for buddies will be disabled until 3.0.0. (#15226, #14305)
IRC:
Support for SASL authentication. (Thijs Alkemade, Andy Spencer) (#13270)
Print topic setter information at channel join. (#13317)
MSN:
Fix SSL certificate issue when signing into MSN for some users.
Fix a crash when removing a user before its icon is loaded. (Mark Barfield) (#15217)
MXit:
Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271)
Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272)
Display farewell messages in a different colour to distinguish them from normal messages.
Add support for typing notification.
Add support for the Relationship Status profile attribute.
Remove all reference to Hidden Number.
Ignore new invites to join a GroupChat? if you're already joined, or still have a pending invite.
The buddy's name was not centered vertically in the buddy-list if they did not have a status-message or mood set.
Fix decoding of font-size changes in the markup of received messages.
Increase the maximum file size that can be transferred to 1 MB.
When setting an avatar image, no longer downscale it to 96x96.
Sametime:
Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273)
Yahoo:
Fix a double-free in profile/picture loading code. (Mihai Serban) (#15053)
Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381)
Plugins:
The Voice/Video? Settings plugin supports using the sndio GStreamer backends. (Brad Smith) (#14414)
Fix a crash in the Contact Availability Detection plugin. (Mark) (#15327)
Make the Message Notification plugin more friendly to non-X11 GTK+, such as MacPorts?' +no_x11 variant.

New in Pidgin 2.10.6 (Sep 28, 2012)

New in Pidgin 2.10.5 (Jul 6, 2012)

New in Pidgin 2.10.4 (May 7, 2012)

New in Pidgin 2.10.3 (Mar 26, 2012)

New in Pidgin 2.10.2 (Mar 14, 2012)

New in Pidgin 2.10.1 (Dec 12, 2011)

New in Pidgin 2.10.0 (Aug 22, 2011)

Pidgin:
Make the max size of incoming smileys a pref instead of hardcoding it. (Quentin Brandon) (#5231)
Added a plugin information dialog to show information for plugins that aren't otherwise visible in the plugins dialog.
Fix building with GTK+ earlier than 2.14.0 (GTK+ 2.10 is still the minimum supported) (#14261)
libpurple:
Fix a potential crash in the Log Reader plugin when reading QIP logs.
Fix a large number of strcpy() and strcat() invocations to use strlcpy() and strlcat(), etc., forestalling an entire class of string buffer overrun bugs. (The Electronic Frontier Foundation, Dan Auerbach, Chris Palmer, Jacob Appelbaum)
Change some filename manipulations in filectl.c to use MAXPATHLEN instead of arbitrary length constants. (The Electronic Frontier Foundation, Dan Auerbach, Chris Palmer, Jacob Appelbaum)
Fix endianness-related crash in NTLM authentication (Jon Goldberg) (#14163)
Gadu-Gadu:
Fixed searching for buddies in public directory. (Tomasz Wasilczyk) (#5242)
Better status message handling. (Tomasz Wasilczyk) (#14314)
Merged two buddy blocking methods. (Tomasz Wasilczyk) (#5303)
Fix building of the bundled libgadu library with older versions of GnuTLS. (patch plucked from upstream) (#14365)
ICQ:
Fix crash selecting Tools->Set Mood when you're online with an ICQ account that is configured as an AIM account. (#14437)
IRC:
Fix a crash when remote users have certain characters in their nicknames. (Discovered by Djego Ibanez) (#14341)
Fix the handling of formatting following mIRC O (#14436)
Fix crash when NAMES is empty. (James McLaughlin?) (#14518)
MSN:
Fix incorrect handling of HTTP 100 responses when using the HTTP connection method. This can lead to a crash. (Discovered by Marius Wachtler)
Fix seemingly random crashing. (#14307)
Fix a crash when the account is disconnected at the time we are doing a SB request. (Hanzz, ported by shlomif) (#12431)
XMPP:
Do not generate malformed XML ("") when setting an empty mood. (#14342)
Fix the /join behavior. (Broken when adding support for @) (#14205)
Yahoo!/Yahoo! JAPAN:
Fix coming out of idle while in an unavailable state
Fix logging into Yahoo! JAPAN. (#14259)
Windows-Specific Changes:
Open an explorer.exe window at the location of the file when clicking on a file link instead of executing the file, because executing a file can be potentially dangerous. (Discovered by James Burton of Insomnia Security) (Fixed by Eion Robb)

New in Pidgin 2.9.0 (Jun 24, 2011)

New in Pidgin 2.8.0 (Jun 7, 2011)

General:
Implement simple silence suppression for voice calls, preventing wasted bandwidth for silent periods during a call. (Jakub Adam) (half of #13180)
Added the DigiCert? High Assurance CA-3 intermediate CA, needed for validation of the Facebook XMPP interface's certificate.
Removed the QQ protocol plugin. It hasn't worked in a long time and isn't being maintained, therefore we no longer want it.
Pidgin:
Duplicate code cleanup. (Gabriel Schulhof) (#10599)
Voice/Video call window adapts correctly to adding or removing streams on the fly. (Jakub Adam) (half of #13535)
Don't cancel an ongoing call when rejecting the addition of a stream to the existing call. (Jakub Adam) (#13537)
Pidgin plugins can now override tab completion and detect clicks on usernames in the chat userlist. (kawaii.neko) (#12599)
Fix the tooltip being destroyed when it is full of information and cover the mouse (dliang) (#10510)
libpurple:
media: Allow obtaining active local and remote candidates. (Jakub Adam) (#11830)
media: Allow getting/setting video capabilities. (Jakub Adam) (half of #13095)
Simple Silence Suppression is optional per-account. (Jakub Adam) (half of #13180)
Fix purple-url-handler being unable to find an account.
media: Allow adding/removing streams on the fly. (Jakub Adam) (half of #13535)
Support new connection states in NetworkManager 0.9. (Dan Williams) (#13505)
When removing a buddy, delete the pounces associated with it. (Kartik Mohta) (#1131)
media: Allow libpurple and plugins to set SDES properties for RTP conferences. (Jakub Adam) (#12981)
proxy: Add new "Tor/Privacy" proxy type that can be used to restrict operations that could leak potentially sensitive data (e.g. DNS queries). (#11110, #13928)
media: Add support for using TCP relaying with TURN (will only work with libnice 0.1.0 and later).
AIM:
Fix setting icons with dimensions greater than 64x64 pixels by scaling them down to at most 64x64. (#12874, #13165)
Gadu-Gadu:
Allow showing your status only to buddies. (Mateusz Piękos) (#13358)
Updated internal libgadu to version 1.10.1. (Robert Matusewicz, Krzysztof Klinikowski) (#13525)
Updated internal libgadu to version 1.11.0. (Tomasz Wasilczyk) (#14248)
Suppress blank messages that happen when receiving inline images. (Tomasz Wasilczyk) (#13554)
Fix sending inline images to remote users, don't crash when trying to send large (> 256kB) images. (Tomasz Wasilczyk) (#13580)
Support typing notifications. (Jan Zachorowski, Tomasz Wasilczyk, Krzysztof Klinikowski) (#13362, #13590)
Require libgadu 1.11.0 to avoid using internal libgadu.
Optional SSL connection support for GNUTLS users (not on Windows yet!). (Tomasz Wasilczyk) (#13613, #13894)
Don't count received messages or statuses when determining whether to send a keepalive packet. (Jan Zachorowski) (#13699)
Fix a crash when receiving images on Windows or an incorrect timestamp in the log when receiving images on Linux. (Tomasz Wasilczyk) (#10268)
Support XML events, resulting in immediate update of other users' buddy icons. (Tomasz Wasilczyk) (#13739)
Accept poorly formatted URLs from other third-party clients in the same manner as the official client. (Tomasz Wasilczyk) (#13886)
ICQ:
Fix setting icons with dimensions greater than 64x64 pixels by scaling them down to at most 64x64. (#12874, #13165)
Fix unsetting your mood when "None" is selected. (Dustin Gathmann) (#11895)
Ignore Daylight Saving Time when performing calculations related to birthdays. (Dustin Gathmann) (#13533)
It is now possible to specify multiple encodings on the Advanced tab of an ICQ account's settings by using a comma-delimited list. (Dmitry Utkin (#13496))
IRC:
Add "authserv" service command. (tomos) (#13337)
MSN:
Fix a hard-to-exploit crash in the MSN protocol when using the HTTP connection method (Reported by Marius Wachtler).
MXit:
Support for an Invite Message when adding a buddy.
Fixed bug in splitting-up of messages that contain a lot of links.
Fixed crash caused by timer not being disabled on disconnect. (introduced in 2.7.11)
Clearing of the conversation window now works.
When receiving an invite you can display the sender's profile information, avatar image, invite message.
The Change PIN option was moved into separate action.
New profile attributes added and shown.
Update to protocol v6.3.
Added the ability to view and invite your Suggested Friends, and to search for contacts.
Also display the Status Message of offline contacts in their profile information.
XMPP:
Remember the previously entered user directory when searching. (Keith Moyer) (#12451)
Correctly handle a buddy's unsetting his/her vCard-based avatar. (Matthew W.S. Bell) (#13370)
Squash one more situation that resulted in duplicate entries in the roster (this one where the server reports the buddy as being in the same (empty) group. (Reported by Danny Mayer)
Plugins:
The Voice/Video Settings plugin now includes the ability to test microphone settings. (Jakub Adam) (#13182)
Fix a crash when handling some saved settings in the Voice/Video Settings plugin. (Pat Erley) (13290, #13774)
Windows-Specific Changes:
Fix building libpurple with Visual C++ .NET 2005. This was accidentally broken in 2.7.11. (Florian Quèze)
Build internal libgadu using packed structs, fixing several long-standing Gadu-Gadu issues. (#11958, #6297)

New in Pidgin 2.7.11 (Mar 11, 2011)

New in Pidgin 2.7.9 (Dec 28, 2010)

New in Pidgin 2.7.8 (Dec 20, 2010)

New in Pidgin 2.7.6 (Nov 22, 2010)

New in Pidgin 2.7.5 (Nov 1, 2010)

New in Pidgin 2.7.4 (Oct 21, 2010)

General:
Fix search path for Tk when compiling on Debian Squeeze. (#12465)
purple-remote now expects and produces UTF-8. (Guillaume Brunerie)(#12049)
Add Deutsche Telekom, Thawte Primary, and Go Daddy Class 2 root CAs (#12667, #12668, and #12594)
Fix CVE-2010-3711 by properly validating return values from the purple_base64_decode() function before using them.
Fix two local crash bugs by properly validating return values from the purple_base16_decode() function before using them.
libpurple:
Fall back to an ordinary request if a UI does not support showing a request with an icon. Fixes receiving MSN file transfer requests including a thumbnail in Finch. (#12561)
Fix an invalid memory access when removing UPnP mappings that could cause sporadic crashes, most notably when MSN Direct Connections are enabled. (#12387)
Add a sentence to the certificate warning for expired certificates suggesting the user check their computer's date and time. (#12654)
Pidgin:
Add support for the Gadu-Gadu protocol in the gevolution plugin to provide Evolution integration with contacts with GG IDs. (#10709)
Remap the "Set User Mood" shortcut to Control-D, which does not conflict with the previous shortcut for Get Buddy Info on the selected buddy.
Add a plugin action menu (under Tools) for the Voice and Video Settings plugin.
Use GRegex for the debug window where available. This brings regex filtering to the debug window on Windows. (Eion Robb) (#12601)
Add Google Chrome to the list of possible browsers on non-Windows systems.
Add Chromium to the list of possible browsers on non-Windows systems.
The "Manual" browser option is now stored as a string. It is no longer necessary to specify a full path to the browser command. (Rodrigo Tobar Carrizo) (#12024)
The Send To menu can now be used if the active account in the conversation becomes disabled or inactive. (Keith Moyer) (#12471)
xdg-open is now the default browser for new users on non-Windows platforms. (Stanislav Brabec) (#12505)
Finch:
Add support for drop-down account options (like the SILC cipher and HMAC options or the QQ protocol version).
XMPP:
Unify the connection security-related settings into one dropdown.
Fix a crash when multiple accounts are simultaneously performing SASL authentication when built with Cyrus SASL support. (thanks to Jan Kaluza) (#11560)
Restore the ability to connect to XMPP servers that do not offer Stream ID. (#12331)
Added support for using Google's relay servers when making voice and video calls to Google clients.
Fix detecting file transfer proxies advertised by the server.
Advertise support for Google Talk's JID Domain Discovery extension in all cases again (changed in 2.7.0), not just when the domain is "gmail.com" or "googlemail.com" (it's also needed for Google Talk used for accounts on arbitrary domains not using Google Apps for Your Domain). (#a14153)
Improved handling of adding oneself to your buddy list when using Non-SASL (legacy) authentication. (#12499)
Generate a connection error instead of just stalling when the _xmppconnect TXT record returns results, but none of them result in a valid BOSH URI. (#a14367, #12744)
Yahoo/Yahoo JAPAN:
Stop doing unnecessary lookups of certain alias information. This solves deadlocks when a given Yahoo account has a ridiculously large (>500 buddies) list and may improve login speed for those on slow connections. (#12532)
Fix sending SMS messages. The lookup host changed on us. (Thanks to todo) (#12688).
Improvements for some file transfer scenarios, but not all.
Windows:
Bonjour support now requires Apple Bonjour Print Services version 2.0.0 or newer (http://support.apple.com/kb/dl999).

New in Pidgin 2.7.3 (Aug 11, 2010)

General:
Use silent build rules for automake >1.11. You can enable verbose builds with the --disable-silent-rules configure option, or using make V=1.
libpurple:
Fix the TURN server settings (broken in 2.7.0).
Pidgin:
Re-focus the input area after clicking the attention toolbar button.
Re-arrange media window to make it more netbook-friendly.
Finch:
Rebindable 'suggest-next-page' and 'suggest-prev-page' actions for textboxes (GntEntry) to scroll through list of suggestions.
Rebindable 'dropdown' action for comboboxes (GntComboBox?) to show the dropdown list of options.
IRC
Fix non-ASCII arguments to /mode et al. (thanks to Max Ulidtko)
MSN:
Support for web-based buddy icons, used when a buddy logs in to the messenger on the Live website.
Fix file transfers with some clients that don't support direct connections (e.g., papyon, telepathy-butterfly, etc.) (#12150)
MXit:
Fix filename for the Shocked emoticon. (#12364)
Implement the new naming conventions where possible. (MXitId, etc)
Display a message in the Groupchat window when you invite somebody.
Birthday field in profile cannot be edited when server says it is locked.
If a buddy is offline, show in their profile when last they were online.
Handle pushed profile update packets (ie, when changing your avatar via the Gallery bot).
If a buddy is offline and we see from their profile that they have updated their avatar, request the new avatar image from the server.
Fix a possible crash if a link is clicked while disconnected.
Unescape any escaped characters in a chatroom nickname.
Add the new MXit moods and emoticons.
MXit emoticons added to the small emoticon theme.
XMPP:
Allow connecting to servers that only advertise GSSAPI and expect a fallback to legacy IQ authentication (broken in 2.7.0).
Fix a crash when receiving custom emoticons that don't adhere to the specification.
When initiating a file transfer, don't show resources that are certain to not support file transfers in the resource selection dialog.
Fix connecting to servers using BOSH and authenticating with DIGEST-MD5 when libpurple was built with Cyrus SASL support.
Yahoo/Yahoo JAPAN:
Renamed "Use account proxy for SSL connections" to "Use account proxy for HTTP and HTTPS requests" and tied the option to HTTP requests too.
Properly detect HTTP proxy server use when the HTTP proxy is the global proxy server, an account-level non-HTTP proxy server is configured, and the "Use account proxy for HTTP and HTTPS requests" account option is turned off. This fixes connecting for some HTTP proxy servers.
Fall back to connecting to scsa.msg.yahoo.com (not configurable) if the HTTP-based connect server lookup fails. This does not work for Yahoo JAPAN accounts.
Fix file transfers that get stuck with "Waiting for transfer to begin".

New in Pidgin 2.7.2 (Jul 22, 2010)

New in Pidgin 2.7.0 (May 13, 2010)

General:
Changed GTK+ minimum version requirement to 2.10.0.
Changed GLib minimum version requirement to 2.12.0.
Using the --disable-nls argument to configure now works properly. You will no longer be forced to have intltool to configure and build.
Fix two related crashes in the GnuTLS and NSS plugins when they suffer internal errors immediately upon attempting to establish an SSL connection.
Fix NSS to work when reinitialized after being used. (Thanks to Ludovico Cavedon for the testcase)
Added support for PURPLE_GNUTLS_PRIORITIES environment variable. This can be used to specify GnuTLS priorities on a per-host basis. The format is "host=priority;host2=priority;...". The default priority can be overridden by using "*" as the host. See the GnuTLS manual for documentation on the format of the priority strings.
Fix autoconf detection of Python. (Brad Smith)
Fix a crash when a Windows proxy (from IE) does not have a port. (Marten Klencke)
Pidgin:
Moved the "Debugging Information" section of the About box to a "Build Information" dialog accessible on the Help menu.
Moved the Developer and Crazy Patch Writer information from the About box to a "Developer Information" dialog accessible on the Help menu.
Moved the Translator information from the About box to a "Translator Information" dialog accessible on the Help menu.
Use G!tkStatusIcon for the docklet, providing better integration in notification area.
Added UI for sending attentions (buzz, nudge) on supporting protocols.
Make the search dialog unobtrusive in the conversation window (by making it look and behave like the search dialog in Firefox)
The Recent Log Activity sort method for the Buddy List now distinguishes between no activity and a small amount of activity in the distant past. (Greg McNew)
Added a menu set mood globally for all mood-supporting accounts (currently XMPP and ICQ).
Default binding of Ctrl+Shift+v to 'Paste as Plain Text' in conversation windows. This can be changed in .gtkrc-2.0. For example, Ctrl+v can be bound to 'Paste as Plain Text' by default.
Plugins can now handle markup in buddy names by attaching to the "drawing-buddy" signal. (Daniele Ricci, Andrea Piccinelli)
Be more accommodating when scaling down large images for use as buddy icons.
The 'Message Timestamp Formats' plugin allows changing the timestamp format from the timestamps' context menu in conversation log.
The 'Message Timestamp Formats' plugin allows forcing 12-hour timestamps. (Jonathan Maltz)
Fix pastes from Chrome (rich-text pastes and probably URLs having garbage appended to them).
Show file transfer thumbnails for images on supporting protocols (currently only supported on MSN).
Bonjour:
Added support for IPv6. (Thanks to T_X for testing)
Gadu-Gadu:
Updated our bundled libgadu to 1.9.0-rc2 (many thanks to Krzysztof Klinikowski for the work and testing put in here!)
Minimum requirement for external libgadu is now also 1.9.0-rc2.
AIM and ICQ
X-Status (Custom ICQ status icon) support. Since most of the icons available reflect moods, this is labeled "Set Mood" on the Accounts->ICQ Account menu. (Andrew Ivanov, Tomáš Kebert, Yuriy Yevgrafov, and trac users bob007, salieff, and nops)
Allow setting and displaying icons between 1x1 and 100x100 pixels for ICQ. Previously only icons between 48x48 and 52x64 were allowed.
When using the clientLogin authentication method, prompt for a password on reconnect when "Remember Password" is not checked and authentication fails due to an incorrect password. (This is the same behavior as the legacy authentication method)
Support sending and receiving HTML-formatted messages for ICQ.
Use the proper URL for "View web profile" link for ICQ buddies. (Alexander Nartov)
MSN:
Support for version 9 of the MSN protocol has been removed. This version is no longer supported on the servers.
Support file transfer thumbnails (previews) for images.
Fix CVE-2010-1624 (custom emoticon remote crash).
XMPP:
Direct messages to a specific resource only upon receipt of a message with content (as opposed to a typing notification, etc). (Thanks to rjoly for testing)
Present a better error message when authentication fails while trying to connect to Facebook. (David Reiss, Facebook)
When sending data using in-band-bytestreams, interpret the block-size attribute as the size of the BASE64-encoded representation of the data.
Validate the hash on incoming BoB data objects (for custom smileys etc.), cache based per JID when the CID is not a valid hash (as specified by the BoB XEP).
Send whitespace keepalives if we haven't sent data in a while (2 minutes). This fixes an issue with Openfire disconnecting a libpurple-baesd client that has just been quiet for about 6 minutes.
Only support Google Talk's JID Domain Discovery extension (allowing a user to log in with "@gmail.com" or "@googlemail.com" interchangeably) for those two domains. This change was made due to interoperability issues with some BOSH Connection Managers and namespaced attributes.
Yahoo/Yahoo JAPAN:
Attempt to better handle transparent proxies interfering with HTTP-based login.
Fix handling of P2P packets, thus fixing the loss of some messages.
Retrieve the pager server address from Yahoo!'s servers directly.
Removed the "Pager server" account option, as it is no longer needed.
The authentication code is now less order-sensitive with the components of the server's response.
The authentication process now acts more like the official client.
Finch:
New action 'history-search', with default binding ctrl+r, to search the entered string in the input history.

New in Pidgin 2.6.6 (Feb 19, 2010)

libpurple:
Fix 'make check' on OS X. (David Fang)
Fix a quirk in purple_markup_html_to_xhtml that caused some messages to be improperly converted to XHTML.
Set "controlling-mode" correctly when initializing a media session. Fixes receiving voice calls from Psi.
When looking up DNS records, use the type of record returned by the server (instead of the type we asked for) to determine how to process the record.
Fix an issue with parsing XML attributes that contain "". See ChangeLog.API for more details.
General:
Correctly disable all missing dependencies when using the --disable-missing-dependencies option. (Gabriel Schulhof)
Gadu-Gadu:
Fix display of avatars after a server-side change. (Krzysztof Klinikowski)
AIM:
Allow setting and displaying icons between 1x1 and 100x100 pixels. Previously only icons between 48x48 and 50x50 were allowed.
MSN:
Fix CVE-2010-0277, a possible remote crash when parsing an incoming SLP message. (Discovered by Fabian Yamaguchi)
File transfer requests will no longer cause a crash if you delete the file before the other side accepts.
Received files will no longer hold an extra lock after completion, meaning they can be moved or deleted without complaints from your OS.
Buddies who sign in from a second location will no longer cause an unnecessary chat window to open.
Support setting an animated GIF as a buddy icon.
Numerous code cleanups and memory savings.
MySpace:
Fix a leak and crash when retrieving buddy icons.
XMPP:
Less likely to send messages to a contact's idle/inactive resource. Previously, if a message was received from a specific resource, responses would be sent to that resource until either it went offline or a message is received from another resource. Now, messages are sent to the bare JID upon receipt of any presence change from the contact.
Added support for the SCRAM-SHA-1 SASL mechanism. This is only available when built without Cyrus SASL support.
When getting info on a domain-only (server) JID, show uptime (when given by the result of the "last query") and don't show status as offline.
Fix getting info on your own JID.
Wrap XHTML messages in < p >, as described in XEP-0071, for compatibility with some clients.
Don't do an SRV lookup for a STUN server associated with the account if one is already set globally in prefs.
Don't send custom smileys larger than the recommended maximum object size specified in the BoB XEP. This prevents a client from being disconnected by servers that dislike overly-large stanzas.
Fix receiving messages without markup over an Openfire BOSH connection (forcibly put the stanzas in the jabber:client namespace).
The default value for the file transfer proxies is automatically updated when an account connects, if it is still the old (broken) default (from 'proxy.jabber.org' to 'proxy.eu.jabber.org').
Fix an issue where libpurple created duplicate buddies if the roster contains a buddy in two groups that differ only by case (e.g. "XMPP" and "xmpp") (or not at all).
Yahoo:
Don't send < span > and < /span > tags. (Fartash Faghri)
Support PingBox. PingBoxes will appear as pbx/PingBoxName. (Kartik Mohta)
Pidgin:
Fix CVE-2010-0423, a denial of service attack due to the parsing of large numbers of smileys. (Discovered by Antti Hayrynen)
Correctly size conversation and status box entries when the interior-focus style property is diabled. (Gabriel Schulhof)
Correctly handle a multiline text field being required in a request form. (Thanks to Florian Zeitz for finding this problem)
Search friends by email-addresses in the buddy list. (Luoh Ren-Shan)
Allow dropping an image on Custom Smiley window to add a new one.
Prompt for confirmation when clearing a whiteboard (doodle) session. (Kartik Mohta)
Use the "hand" cursor when hovering over usernames in chat history to indicate that the username is an actionable item.
Double-clicking usernames in chat history will open an IM with that user.
Put an icon on the "Filter" button in the debug window.
Don't treat "/messages/like/this " as commands.
Explicitly mark user interaction when inserting smilies from the toolbar so "Undo" correctly removes these smilies.
Clicking "New" or "Saved" in the status selector menu while typing a status message no longer keeps the status entry area stuck in "typing" mode forever.
Show tooltips for ellipsized conversation tabs. On older systems, tooltips will show for all tabs.
The File Transfers and Debug Window windows are no longer created as dialogs. These windows should now have minimize buttons in many environments in which they were previously missing (including Windows).
Smiley themes with Windows line endings no longer cause theme descriptions not to be displayed in the theme selector.
Finch:
Fix CVE-2010-0420, a possible remote crash when handling chat room buddy names.
Rebindable 'move-first' and 'move-last' actions for tree widgets. So it is possible to jump to the first or last entry in the buddy list (and other such lists) by pressing home or end key (defaults) respectively.

New in Pidgin 2.6.4 (Nov 30, 2009)

libpurple:
Actually emit the hold signal for media calls.
Fix building the GnuTLS plugin with older versions of GnuTLS.
Fix DNS TXT query resolution.
Don't send Proxy-Authorization headers to HTTP proxy servers until we've received a "407 Proxy Authentication Required" response from the server. (thecrux)
Added "MXit" protocol plugin, supported and maintained by the MXit folks themselves (MXit Lifestyle (Pty) Ltd.)
General:
New 'plugins' sub-command to 'debug' command (i.e. '/debug plugins') to announce the list of loaded plugins (in both Finch and Pidgin).
Always rejoin open chats after an account reconnects.
AIM and ICQ:
Better rate limit calculations and other improvements. (Aman Gupta)
More detailed error messages when messages fail to send. (Aman Gupta)
The simultaneous login account option is respected when using the clientLogin authentication method.
Fix offline message retrieval (broken in 2.6.3)
Fix handling of markup on some messages (broken in 2.6.2)
Fix SSL when clientLogin is enabled.
Fix sending and receiving Unicode characters in a Direct IM
MSN:
Don't forget display names for buddies.
Fix a random crash that might occur when idle.
Fix more FQY 240 connection errors.
Fix a crash that could occur when adding a buddy.
Fix an occasional crash when sending message to an offline user.
Fix a random crash that might occur when idle.
Fix a crash when logging in with some long non-ASCII passwords. (Shaun Lindsay)
Cache our own friendly name as the server no longer does that for us. Users of older versions may need to re-set their friendly name as it has probably been reset.
XMPP:
Users connecting to Google Talk now have an "Initiate Chat" context menu option for their buddies. (Eion Robb)
Fix a crash when attempting to validate an invalid JID.
Resolve an issue when connecting to iChat Server when no resource is specified.
Try to automatically find a STUN server by using an SRV lookup on the account's domain, and use that for voice and video if found and the user didn't set one manually in prefs.
Fix a crash when adding a buddy without an '@'.
Don't show the option to send a file to a buddy if we know for certain they don't support any file transfer method supported by libpurple.
Keep the avatar on the server if one is not set locally.
Yahoo:
Fix sending /buzz.
Fix blocking behavior for federated (MSN/OCS/Sametime) service users. (Jason Cohen)
Add support for adding OCS and Sametime buddies. OCS users are added as "ocs/user@…" and Sametime users are added as "ibm/sametime_id". (Jason Cohen)
Finch:
The TinyURL plugin now creates shorter URLs for long non-conversation URLs, e.g. URLs to open Inbox in Yahoo/MSN protocols, or the Yahoo Captcha when joining chat rooms.
Fix displaying umlauts etc. in non-utf8 locale (fix in libgnt).
Pidgin:
The userlist in a multiuser chat can be styled via gtkrc by using the widget name "pidgin_conv_userlist". (Heiko Schmitt)
Add a hold button to the media window.
Fix a bug where the conversation backlog stops scrolling in a very busy chat room.
In the Conversation "Send To" menu, offline buddies appear grayed out (but are still selectable). Previously, only offline buddies on accounts that do not support offline messaging appeared grayed out.
Pidgin Preference and Preference Window Changes:
Removed the "Use font from theme" and "Conversation Font" preferences for everyone except Windows users. The font can be controlled from the Pidgin GTK+ Theme Control plugin.
Tabs in the Preferences window are now on the left side.
The Browser tab is now visible for GNOME users.
Added a Proxy tab shown no matter what environment Pidgin runs in.
The Browser and Proxy tabs show appropriate GNOME-specific messages and allow launching the correct applications to change the relevant GNOME preferences if found. These were previously together on the Network tab.
Moved the port range spin buttons on the Network tab to be beside the checkbox that enables/disables them.
Reorganized preferences on the Status/Idle tab to have one less "section."
Reorganized preferences on the Sounds tab to have one less "section."
Renamed Smiley Themes tab to Themes.
Moved Buddy List Theme and Status Icon Theme selectors from Interface tab to Themes tab.
Moved Sound Theme selector from Sounds tab to Themes tab.
Changed the Smiley Theme selector to be consistent with the other theme selectors.
Rearranged tabs such that Interface is first and all remaining tabs are alphabetized in English.

New in Pidgin 2.6.3 (Oct 16, 2009)

New in Pidgin 2.6.2 (Sep 7, 2009)

libpurple:
Fix --disable-avahi to actually disable it in configure, as opposed to just making the warning non-fatal.
Fix using GNOME proxy settings properly. (Erik van Pienbroek)
IRC
Fix parsing of invalid TOPIC messages. (CVE-2009-2703)
MSN:
Sending custom smileys in chats is now supported.
Ink messages are now saved when using the HTML logger.
Fix a crash when receiving some handwritten messages.
Fix a crash when receiving certain SLP invite messages.
Chats with multiple people should no longer spontaneously disconnect.
XMPP:
Prompt the user before cancelling a presence subscription.
Escape status messages that have HTML entities in the Get Info dialog.
Fix connecting to XMPP domains with no SRV records from Pidgin on Windows.
Fix typing notifications with Pidgin 2.5.9 or earlier.
Fix connecting using BOSH and legacy authentication (XEP-0078).
Adding buddies of the form "romeo@…/Resource" are handled properly. In addition, it is no longer possible to add buddies of the form "room@…/User", where room@… is a MUC.
Don't crash when receiving "smileyfied" XHTML-IM from clients that don't support bits of binary (ie. when getting an empty in return)
Fix bug where SSL/TLS was not required even though the "require SSL/TLS" preference checked when connecting to servers that use the older iq-based authentication. (CVE-2009-3026)
Yahoo!/Yahoo! JAPAN:
Accounts now have "Use account proxy for SSL connections" option. This option force-overrides the account specific proxy settings for SSL connections only and instead uses the global proxy configuration.
Finch:
Properly detect libpanel on OpenBSD. (Brad Smith)
Remove IO watches in gnt_quit. (Tomasz Mon)
Pidgin:
Fix the auto-personize functionality in the Buddy List.
Set the window icon for the media window to an icon corresponding to the type of call (headphone or webcam).
Customized sound files are no longer reset whenever opening the Preferences dialog.
The buddy list should now immediately refresh upon changing the icon theme.

New in Pidgin 2.6.1 (Aug 19, 2009)

New in Pidgin 2.6.0 (Aug 19, 2009)

libpurple:
Theme support in libpurple thanks to Justin Rodriguez's summer of code project, with some minor additions and cleanups from Paul Aurich.
Voice & Video framework in libpurple, thanks to Mike Ruprecht's summer of code project in 2008.
It should no longer be possible to end up with duplicates of buddies in a group on the buddy list.
Removed the unmaintained and unneeded toc protocol plugin.
Fixed NTLM authentication on big-endian systems.
Various memory cleanups when unloading libpurple. (Nick Hebner and Stefan Becker)
Report idle time 'From last message sent' should work properly.
Better handling of corrupt certificates in the TLS Peers cache.
More efficient buddy list and conversation search functions. (Jan Kaluza and Aman Gupta)
Install scalable versions of the main Pidgin icon, the protocol icons, the dialog icons, and the Buddy List emblems.
Build properly on Hurd. (Marc Dequènes)
Various memory leaks fixed as reported by Josh Mueller.
Properly handle an IRC buddy appearing in multiple groups.
Escape HTML entities in usernames when written with the HTML logger.
Do not display MySpace? status changes as incoming IMs. (Mark Doliner and Justin Williams)
DNS:
DNS servers are re-read when DNS queries fail in case the system has moved to a new network and the old servers are not accessible.
DNS SRV records with equal priority are sorted with respect to their weight as specified in RFC 2782. (Vijay Raghunathan)
Don't do IPv6 address lookups if the computer does not have an IPv6 address configured.
Fix a leak when the UI provides its own DNS resolving UI op. (Aman Gupta)
Don't fork a DNS resolver process to resolve IP addresses. (Aman Gupta)
Internationalized Domain Names are supported when libpurple is compiled against the GNU IDN library.
Environment Variables:
GnuTLS logging (disabled by default) can be controlled through the PURPLE_GNUTLS_DEBUG environment variable, which is an integer between 0 and 9 (higher is more verbose). Higher values may reveal sensitive information.
PURPLE_VERBOSE_DEBUG environment variable. Currently, this is an "on" or "off" variable. Set it to any value to turn it on and unset it to turn it off. This will optionally be used to only show less useful debug information on an as-needed basis.
PURPLE_LEAKCHECK_HELP environment variable. Currently, this is an "on" or "off" variable. Set it to any value to turn it on and unset it to turn it off. This will be used to perform various actions that are useful when running libpurple inside of Valgrind or similar programs. Currently, it keeps plugins in memory, allowing Valgrind to perform symbol resolution of leak traces at shutdown.
AIM and ICQ:
Preliminary support for a new authentication scheme called "clientLogin."
Fixed a bug where your away message sometimes would not get set when you first sign on.
Make sure links in your away messages show up as links to other people.
For ICQ, Never change the privacy setting specified by the user.
Gadu-Gadu:
Accounts can specify a server to which to connect. (Krzysztof "kreez" Tobola)
Correctly show tooltip status for contacts with status messages. (Krzysztof "kkszysiu" Klinikowski)
Support for fetching buddy icons. (Krzysztof "kkszysiu" Klinikowski)
Support connection progress steps in Gadu-Gadu. (Krzysztof "kkszysiu" Klinikowski)
MSN:
Add support for receiving handwritten (ink) messages on MSN. (Chris Stafford, Gal Topper, and Elliott Sales de Andrade)
Add support for receiving audio clips on MSN. (Chris Stafford, Gal Topper, and Elliott Sales de Andrade)
Show the invite message for buddies that requested authorization from you on MSN.
Support sending an invite message to buddies when requesting authorization from them on MSN.
Timeout switchboard connections aggressively (60 seconds).
XMPP:
Voice & Video support with Jingle (XEP-0166, 0167, 0176, & 0177), voice support with GTalk and voice and video support with the GMail web client. (Mike "Maiku" Ruprecht)
Added a Service Discovery Browser plugin for Pidgin. (Andrei Mozzhuhin)
Support for in-band bytestreams for file transfers (XEP-0047). (Marcus Lundblad)
Support for sending and receiving attentions (equivalent to "buzz" and "nudge") using the command /buzz. (XEP-0224)
Support for connecting using BOSH. (Tobias Markmann)
A buddy's local time is displayed in the Get Info dialog if the remote client supports it.
The set_chat_topic function can unset the chat topic.
The Ad-Hoc commands associated with our server are now always shown at login.
Support showing and reporting idle times in the buddy list. (XEP-0256)
Support most recent version of User Avatar. (XEP-0084 v1.1)
Updated Entity Capabilities support. (Tobias Markmann)
Better support for receiving remote users' nicknames.
/affiliate and /role will now list the room members with the specified affiliation/role if possible. (Andrei Mozzhuhin)
Put section breaks between resources in "Get Info" to improve readability.
Silently remove invalid XML 1.0 entities (e.g. ASCII control characters) from sent messages.
XHTML markup is only included in outgoing messages when the message contains formatting.
Show when the user was last logged in when doing "Get Info" on an offline buddy, provided the server supports it.
Support custom smileys in MUCs (only when all participants support the "Bits of Binary" extension, and a maximum of 10 participants are in the chat to avoid getting too many fetch requests).
Fix an issue with Jabber (pre-XMPP) servers and the user's preference to require SSL not being respected.
Fix an issue where Cyrus SASL DIGEST MD5 authentication might fail if the username, password, or realm (the JID domain) contain non-ASCII characters.
Show emblem for mobile, handheld, and web clients and bots (if the other client supports it).
Google Talk mail notifications should now work for people for whom they inexplicably did not. (Thanks to yukam for determining the reason)
New XMPP and Google Talk accounts require SSL by default.
Display kicks (and the reasons given) in chat rooms when an occupant is kicked.
Fix issues with case-sensitivity of XMPP roster and case-insensitive Purple groups.
For contacts who advertise Entity Capabilities, only send rich text markup if they support it.
Removed support for obsoleted XEP-0022 (Message Events) and XEP-0091 (Legacy Entity Time).
When the GNU IDN library (libidn) is available, it is used for normalization of Jabber IDs. When unavailable, internal routines are used (as in previous versions).
Topics that contain '

New in Pidgin 2.5.8 (Jun 29, 2009)

New in Pidgin 2.5.7 (Jun 21, 2009)

New in Pidgin 2.5.6 (May 20, 2009)

New in Pidgin 2.5.5 (Mar 3, 2009)

libpurple:
Fix a crash when removing an account with an unknown protocol id.
Beta support for SSL connections for AIM and ICQ accounts. To enable, check the "Use SSL" option from the Advanced tab when editing your AIM or ICQ account.
Fix a memory leak in SILC.
Fix some string handling in the SIMPLE prpl, which fixes some buddy name handling and other issues.
Implement support for resolving DNS via the SOCKS4 proxy (SOCKS4a).
ICQ:
Fix retrieval of status messages from users of ICQ 6.x, Miranda, and other libpurple clients.
Change client ID to match ICQ Basic 14.34.3096. This fixes publishing of buddy icons and available messages.
Properly publish status messages for statuses other than Available. ICQ 6.x users can now see these status messages.
Fix receipt of messages from the mobile client Slick.
MSN:
Fix transfer of buddy icons, custom smileys, and files from the latest Windows Live Messenger 9 official client.
Large (multi-part) messages are now correctly re-combined.
Federated/Yahoo! buddies should now stop creating sync issues at every signin. You may need to remove duplicates in the Address Book. See the FAQ for more information. Thanks to Jason Lingohr for lots of debugging and testing.
Messages from Yahoo! buddies are no longer silently dropped.
We now save and use the CacheKey for ABCH SOAP requests.
Don't try to parse Personal Status Messages or Current Media if they don't exist.
Convert from ISO-8859-1 encoding to UTF-8 when no charset is specified on incoming messages. This should fix some issues with messages from older clients.
Force sending the font "Segoe UI" if outgoing formatting doesn't specify a font already.
Queue callbacks when token updates are in progress to prevent two token update attempts from trampling each other.
Fixed a crash on Windows when removing a buddy's alias.
Update the Address Book when buddies' friendly names change. This prevents seeing an outdated alias or not seeing an alias at all for buddies who are offline when you sign in.
Update tokens for FindMembership and ABFindAll SOAP requests.
We no longer try to send empty messages. This could happen when a message contained only formatting and that formatting was not supported on MSN.
Buddies on both the Allow and Block list are now automatically removed from the Allow list. Users with this problem will now no longer receive an ADL 241 error. The problematic buddy should now appear on the buddy list and can be removed or unblocked as desired.
XMPP:
Resources using __HOSTNAME__ substitution will now grab only the short hostname instead of the FQDN on systems which put the FQDN in the hostname.
No longer send a 'to' attribute on an outgoing stanza when we haven't received one. This fixes a registration bug as described in ticket #6635.
Pidgin:
Tooltip windows now appear below the mouse cursor.
Tooltip windows now disappear on keypress events.
Tooltip windows no longer linger when scrolling the buddy list.
Finch:
Allow rebinding keys to change the focused widget (details in the man-page, look for GntBox::binding)

New in Pidgin 2.5.4 (Jan 12, 2009)

New in Pidgin 2.5.3 (Dec 21, 2008)

libpurple:
The Buddy State Notification plugin no longer prints duplicate notifications when the same buddy is in multiple groups. (Florian Quèze)
The Buddy State Notification plugin no longer turns JID's, MSN Passport ID's, etc. into links. (Florian Quèze)
purple-remote now has a "getstatusmessage" command to retrieve the text of the current status message.
Various fixes to the nullprpl. (Paul Aurich)
Fix a crash when accessing the roomlist for an account that's not connected. (Paul Aurich)
Fix a crash in purple_accounts_delete that happens when this function is called before the buddy list is initialized. (Florian Quèze)
Fix use of av_len in perl bindings to fix some off-by-one bugs (Paul Aurich)
On ICQ, advertise the ICQ 6 typing capability. This should fix the reports of typing notifications not working with third-party clients. (Jaromír Karmazín)
Many QQ fixes and improvements, including the ability to connect using QQ2008 protocol and sending/receiving of long messages. The recommended version to use is still QQ2005.
Fix a crash with DNS SRV lookups. (Florian Quèze)
Fix a crash caused by authorization requests. (Florian Quèze)
Gadu-Gadu:
Add support for IM images. (Adam Strzelecki)
Gadu-Gadu now checks that UID's are valid. (Adam Strzelecki)
Gadu-Gadu now does proper charset translations where needed. (Adam Strzelecki)
MSN:
Fix an error with offline messages by shipping the *new* "Microsoft Secure Server Authority" and the "Microsoft Internet Authority" certificates. These are now always installed even when using --with-system-ssl-certs because most systems don't ship those intermediate certificates.
The Games and Office media can now be set and displayed (in addition to the previous Music media). The Media status text now shows the album, if possible.
Messages sent from a mobile device while you were offline are now correctly received.
Server transfers after you've been connected for a long time should now be handled correctly.
Many improvements to handling of "federated" buddies, such as those on the Yahoo network.
Several known crashes have been resolved.
Many other fixes and code cleanup.
MySpace:
Respect your privacy settings set using the official MySpace client.
Add support for blocking buddies.
Fix a bug where buddies didn't appear in their correct groups the first time you sign into your account.
Properly disconnect and sign out of the service when logging off.
Support for foreground and background font colors in outgoing IMs.
Support for background font colors in incoming IMs.
Many other fixes and code cleanup.
Sametime:
Fix insanely long idle times for Sametime 7.5 buddies by assuming 0 idle time if the idle timestamp is in the future. (Laurent Montaron)
Fix a crash that can occur on login. (Raiko Nitzsche)
SIMPLE:
Fix a crash when a malformed message is received.
Don't allow connecting accounts if no server name has been specified. (Florian Quèze)
XMPP:
Fix the namespace URL we look for in PEP reply stanzas to match the URL used in the 'get' requests (Paul Aurich)
Resources can be set to the local machine's hostname by using HOSTNAME__ as the resource string. (Jonathan Sailor)
Resources can now be left blank, causing the server to generate a resource for us where supported. (Jonathan Sailor)
Resources now default to no value, but "Home" is used if the server refuses to provide a resource.
Quit trying to get user info for MUC's. (Paul Aurich)
Send "client-accepts-full-bind-result" attribute during SASL login. This will fix Google Talk login failures if the user configures the wrong domain for his/her account.
Support new < metadata/ > element to indicate no XEP-0084 User Avatar. (Paul Aurich)
Fix SHA1 avatar checksum errors that occur when one of the bytes in a checksum begins with 0. (Paul Aurich)
Fix a problem with duplicate buddies. (Paul Aurich)
Yahoo:
Corrected maximum message lengths for Yahoo!
Fix file transfers with older Yahoo protocol versions.
Zephyr:
Enable auto-reply, to emulate 'zaway.' (Toby Schaffer)
Fix a crash when an account is configured to use tzc but tzc is not installed or the configured tzc command is invalid. (Michael Terry)
Fix a 10 second delay waiting on tzc if it is not installed or the configured command is invalid. (Michael Terry)
Pidgin:
On GTK+ 2.14 and higher, we're using the gtk-tooltip-delay setting instead of our own (hidden) tooltip_delay pref. If you had previously changed that pref, add a line like this to ~/.purple/gtkrc-2.0 (where 500 is the timeout (in ms) you want): gtk-tooltip-timeout = 500 To completely disable tooltips (e.g. if you had an old tooltip_delay of zero), add this to ~/.purple/gtkrc-2.0: gtk-enable-tooltips = 0
Moved the release notification dialog to a mini-dialog in the buddylist. (Casey Ho)
Fix a crash when closing an authorization minidialog with the X then immediately going offline. (Paul Aurich)
Fix a crash cleaning up custom smileys when Pidgin is closed.
Fix adding a custom smiley using the context menu in a conversation if no custom smilies have previously been added using the smiley manager.
Improved support for some message formatting in conversations.
Allow focusing the coversation history or userlist with F6.
Fixed the Send Button plugin to avoid duplicate buttons in a single conversation.
Double-clicking a saved status will now activate it and close the saved status manager, rather than edit the status.
Finch:
Allow binding meta+arrow keys for actions.
Added default meta+erase binding for delete previous word.
Added "Show When Offline" to buddy menus, so a plugin is no longer needed.

Pidgin Changelog

What's new in Pidgin 2.12.0

New in Pidgin 2.11.0 (Jun 21, 2016)

New in Pidgin 2.10.12 (Jan 4, 2016)

New in Pidgin 2.10.11 (Nov 24, 2014)

New in Pidgin 2.10.10 (Oct 22, 2014)

New in Pidgin 2.10.9 (Feb 3, 2014)

New in Pidgin 2.10.8 (Jan 28, 2014)

New in Pidgin 2.10.7 (Feb 13, 2013)

New in Pidgin 2.10.6 (Sep 28, 2012)

New in Pidgin 2.10.5 (Jul 6, 2012)

New in Pidgin 2.10.4 (May 7, 2012)

New in Pidgin 2.10.3 (Mar 26, 2012)

New in Pidgin 2.10.2 (Mar 14, 2012)

New in Pidgin 2.10.1 (Dec 12, 2011)

New in Pidgin 2.10.0 (Aug 22, 2011)

New in Pidgin 2.9.0 (Jun 24, 2011)

New in Pidgin 2.8.0 (Jun 7, 2011)

New in Pidgin 2.7.11 (Mar 11, 2011)

New in Pidgin 2.7.9 (Dec 28, 2010)

New in Pidgin 2.7.8 (Dec 20, 2010)

New in Pidgin 2.7.6 (Nov 22, 2010)

New in Pidgin 2.7.5 (Nov 1, 2010)

New in Pidgin 2.7.4 (Oct 21, 2010)

New in Pidgin 2.7.3 (Aug 11, 2010)

New in Pidgin 2.7.2 (Jul 22, 2010)

New in Pidgin 2.7.0 (May 13, 2010)

New in Pidgin 2.6.6 (Feb 19, 2010)

New in Pidgin 2.6.4 (Nov 30, 2009)

New in Pidgin 2.6.3 (Oct 16, 2009)

New in Pidgin 2.6.2 (Sep 7, 2009)

New in Pidgin 2.6.1 (Aug 19, 2009)

New in Pidgin 2.6.0 (Aug 19, 2009)

New in Pidgin 2.5.8 (Jun 29, 2009)

New in Pidgin 2.5.7 (Jun 21, 2009)

New in Pidgin 2.5.6 (May 20, 2009)

New in Pidgin 2.5.5 (Mar 3, 2009)

New in Pidgin 2.5.4 (Jan 12, 2009)

New in Pidgin 2.5.3 (Dec 21, 2008)

New in Pidgin 2.5.2 (Oct 19, 2008)

New in Pidgin 2.5.1 (Aug 31, 2008)