The charybdis team is proud to announce the charybdis 3.5 release series.

Downloading charybdis

The charybdis 3.5.0 release can be downloaded via:

What’s new in Charybdis 3.5?

server protocol

  • Fix propagation of ip_cloaking hostname changes (only when setting or unsetting the umode after connection).
  • Fix a remote-triggerable crash triggered by the CAPAB parsing code.
  • As per the TS6 spec, require QS and ENCAP capabilities.
  • Require EX and IE capabilities (+e and +I cmodes).
  • Check that UIDs start with the server’s SID.


  • Allow mode queries on mlocked modes. In particular, allow /mode #channel f to query the forward channel even if +f is mlocked.
  • Strip colours from channel topics in /list.
  • If umode +D or +g are oper-only, don’t advertise them in 005.
  • If MONITOR is not enabled, don’t advertise it in 005.
  • Add starttls as per ircv3.
  • Abort a whowas listing when it would exceed SendQ, which would previously disconnect the user.
  • Reject nicks with ‘~’ in them, rather than truncating at the ‘~’.
  • Remove CHARSET=ascii from ISUPPORT
  • Use the normal rules for IP visibility in /whowas.
  • Cmode +c now strips ‘\x0F’ (^O, formatting off), fixing weird rendering in some clients that internally use mIRC formatting such as highlighted messages in HexChat.
  • Indicate join failure because of the chm_sslonly extension (cmode +S) using the same 480 numeric as ircd-ratbox.
  • Do not allow SASL authentication when the configured SASL agent is unavailable.
  • Automatically add unidentified users to the ACCEPT list when a user is set +R, as we do when the user is set +g.
  • Implement IRCv3.2 capabilities:
    • cap-notify
    • chghost
    • userhost-in-names
  • Implement the $&, $ and $m extban types:
    • $& combines 1 or more child extbans as an AND expression
    • $ combines 1 or more child extbans as an OR expression
    • $m provides normal hostmask matching as an extban for the above
  • Do not allow STARTTLS if a connection is already using TLS.
  • Display an operator’s privilege set in WHOIS.
  • The $o extban now matches against privilege set names as well as individual privileges. Privilege set names are preferred over individual privileges.


  • Fix a crash with /testline.
  • Complain to opers if a server that isn’t a service tries to SU/RSFNC/NICKDELAY/SVSLOGIN.
  • Turn off umode +p (override) when deopering.
  • Make listener error messages (e.g. port already in use) visible by default instead of only on snomask +d and in ioerrorlog.
  • Remove snotes on +r about GET/PUT/POST commands (“HTTP Proxy disconnected”).
  • Add DNSBL snotes on snomask +r.


  • Add hide_uncommon_channels extension to hide uncommon channel memberships in WHOIS, like in ircd-seven.
  • Add chm_nonotice extension, cmode +T to reject notices.
  • Add restrict-unauthenticated extension, prevents unauthenticated users from doing anything as channel operator.
  • Add no_kill_services extension, prevents local opers from killing services.
  • Allow matching specific replies of DNSBLs, using the new matches option.
  • Remove blowfish crypt since it has the BSD advertising clause.
  • Fix SHA256 ($5$) crypt.
  • Make the channel::channel_target_change option actually work (it used to be always on).
  • SSL/TLS listeners now have defer_accept unconditionally enabled on them.
  • The method used for certificate fingerprints (CertFP) is now configurable. SHA1, SHA256 and SHA512 are available options.
  • The minimum user threshold for channels in default /list output is now configurable.


  • Work around timerfd/signalfd brokenness on OpenVZ.
  • Fix a compilation issue in libratbox/src/sigio.c with recent glibc.
  • Extend documentation slightly.
  • Remove a BSD advertising clause that permission was granted to remove.
  • Add support for hooking PRIVMSG/NOTICE.
  • Reenable and fix the GnuTLS support.
  • Add mbedTLS backend for SSL/TLS.
  • Remove EGD support.
  • Try other DNS servers if errors or corrupt replies are encountered.
  • Rename script to genssl.
  • Choose more secure SSL/TLS algorithms.
  • Fix reconnecting with SSL/TLS with some clients such as ChatZilla (see for details.)
  • Improve error messages about the configuration file.
  • Fix a crash when compiled with recent clang on 32-bit systems.
  • Fix various memory leaks in rehash.
  • Fix various code quality issues.
  • Add –with-shared-sqlite to allow distribution packages to link to a shared sqlite library. Using this is not recommended for on-server compilation.
  • ISUPPORT tokens which are actually provided by modules have been moved to their respective modules.