For reasons I won't get into, I'm pulling myself out of UnrealIRCd actively as the 3.3 developer and a developer of the software at all.

Until a time alternatively set by one of the others I'll still be managing the site, so any issues with bugs on the site at all everyone is still free to toss me an IM on here or post it in the website forums to let me know.

A security issue was found, which is exploitable (crash) when allow::options::noident is in use.
The security advisory is below. (this news item is a re-post, not an update)

SECURITY ADVISORY
==================

A serious buffer overflow issue has been discovered in UnrealIRCd. This issue can cause the IRC server to crash. It is not clear if this issue can lead to remote code execution.

==[ AFFECTED VERSIONS ]==
This bug can ONLY be triggered if allow::options::noident is in use. By default, this is not the case, and it's not a very common option to use.
To check for this, you can search for "noident" (without quotes) in your config files (such as unrealircd.conf). If you don't use this option, you are safe, and there's no need to upgrade. If you use the noident option, and you're using Unreal3.2.8 or earlier (this issue goes back to 3.2beta11), then you are affected.

==[ PROBLEM ]==
A buffer in the code which handles user authorization is copied without sufficient length checks, causing a buffer overflow.
This bug happens BEFORE the user is online. In other words: even if you have a password protected server, or only allow certain ip/h ... (Read More)

After 19 months, a new UnrealIRCd is finally out: Unreal 3.2.8.
We have added a couple of new features, and have fixed some major bugs / added some important workarounds such as slow spamfilter detection(&removal) and detection of time shifts. In total this release consists of over 70 changes. See the Release Notes below for more information.


Code:
----------
==[ NEW ]==
- set::level-on-join: this defines which privileges a user receives when creating a
channel, default is 'chanop', the only other available setting is 'none' (opless).
- Away notification through WATCH: This allows clients to receive a notification
when someone goes away or comes back, along with a reason, a bit like IM's.
There's probably no current client supporting this but it would be a nice feature
in notify lists. Client developers: see Changes file for full protocol details.
This feature can be disabled by setting set::watch-away-notification to 'no'.
- Spamfilter: Slow spamfilter detection: For each spamfilter, Unreal will check,
each time it executes, how long it takes to execute. When ... (Read More)

The second Release Candidate for 3.2.8 is out: 3.2.8-rc2.
There have only been a few fixes (operoverride, mac os x compile fix, dealing with clock adjustments) and documentation updates since -rc1.

Release candidates allows members from the public to test if there are any major release critical bugs (eg: crash bugs) present, so they can be corrected before the real 3.2.8 release. If you want to help out with testing, just download it and give it a try.

You can download 3.2.8-rc2 from http://www.unrealircd.com/ -> downloads.


Code:
----------
Unreal3.2.8-rc2 Release Notes
==============================

==[ GENERAL INFORMATION ]==
- If you are upgrading on *NIX, make sure you run 'make clean' and './Config'
first, before doing 'make'
- The official UnrealIRCd documentation is doc/unreal32docs.html
online version at: http://www.vulnscan.org/UnrealIRCd/unreal32docs.html
FAQ: http://www.vulnscan.org/UnrealIRCd/faq/
Read them before asking for help.
- Report bugs at http://bugs.unrealircd.org/
- When upgrading a network, we assume you are upgrading from the p ... (Read More)

I've released Unreal3.2.8-rc1 (Release Candidate 1) for testing.
This RC allows members from the public to test if there are any major release critical bugs (eg: crash bugs) present, so they can be corrected before the real 3.2.8 release. If you want to help out testing a bit, check out the downloads below. Note that 3.2.8-rc1 should NOT be used at production servers!

Downloads: Source | Windows | Windows SSL

If you're willing to help some more, maybe you could help out in the Unreal3.2 testing forum as well, to test specific test-items, be sure to read the first post ('READ THIS! (how to use)').


Code:
----------
Unreal3.2.8-RC1 Release Notes
==============================

==[ GENERAL INFORMATION ]==
* If you are upgrading on *NIX, make sure you run 'make clean' and './Config'
first, before doing 'make'
* The official UnrealIRCd documentation is doc/unreal32docs.html
online version at: http://www.vulnscan.org/UnrealIRCd/unreal32docs.html
FAQ: http://www.vulnscan.org/UnrealIRCd/faq/
Read them before asking for help.
* Report bugs at http://bugs.unrealircd ... (Read More)

Upon the announcement of Sts leaving the project, who of course without him there would never have been UnrealIRCd and will definitely be missed (though you can send lotsa cookies to him, maybe he'll come back : P), I figure an update on things will be wise now as speculation is gonna fly I'm sure.

While development on the 3.2 branch will fall to as Syzop has recently noted again, primarily bug fixes (with exception of .8 which has some new features), a 3.3 project is still in the works and has taken the role over of what u4 was originally meant to be. To note primarily that of what originally was meant to be was a completer re-write from the ground up basically, and in C++ rather than C. Its also intended to be heavily heavily modular, which will present many new possibilities of course.

Its still going to be a few months off before any code is here for base uses, I'm the only one working on 3.3 right now, though mainly for sanity reasons, I'm simply doing the core basis of the IRCd, the stuff that makes IRC work, then it'll go into subversion as an alpha codebase and at that point myself and other developers still with the project will talk about either ... (Read More)