mod_http_file_share: Switch to the new authz API (BC) Behavior change: It becomes up to the authorization module whether to allow requests. The default, mod_authz_internal, will allow users on the *parent* host only, breaking use by some components. Remaining question is whether to deprecate the `http_file_share_access` setting or leave as a way to complement/bypass access control?

author: Kim Alvefur <zash@zash.se>
date: Sat, 16 Sep 2023 14:23:08 +0200
parent: 13211:4d4f9e42bcf8
--- a/CHANGES	Mon Sep 04 00:38:45 2023 +0200
+++ b/CHANGES	Sat Sep 16 14:23:08 2023 +0200
@@ -51,6 +51,7 @@
 - mod_blocklist: New option 'migrate_legacy_blocking' to disable migration from mod_privacy
 - Moved all modules into the Lua namespace `prosody.`
 - Forwarded header from RFC 7239 supported, disabled by default
+- mod_http_file_share now uses roles framework, affecting access from e.g. components
 
 ## Removed