It has always been vulnerable to MITM attacks when it is not used with DNSSEC,
and has been removed from XEP-0156 because of that. We have been issued
CVE-2022-26491 for this issue.
More discussion can be found at
https://mail.jabber.org/pipermail/standards/2022-February/038759.html.
ItispossibletogetGtk2-Perltoworkwithlibpurple's Perl API, however you must not load the module with @c use, but rather with @c require. Keep this in mind if you would like to use other perl modules that are dynamically loaded. You can avoid the problem by always using @c require instead of @c use.
Inordertousethissimpleplugin,savethescripttextinafilewitha@c.plextensioninyour~/.purple/pluginsdirectory.AfterrestartingPidgin,youshouldseetheplugin("Perl Test Plugin")listedinthepluginlistunder"Tools -> Plugins".Toviewthedebugoutput,makesureyourunPidginfromtheconsolewiththe'-d'flagoropentheDebugWindowwhichisavailableinthe"Help"menu.Whenyoucheckthecheckboxnexttheplugin,youshouldseeamessageappearintheDebugWindow(orconsole);similarly,whenyouuncheckthecheckboxyoushouldseeanothermessageappear.Youhavenowcreatedaframeworkthatwillallowyoutocreatealmostanykindoflibpurplepluginyoucanimagine.