Prosodical Thoughts

News, announcements and thoughts from the Prosody IM team

Bringing FASTer authentication to Prosody and XMPP

by The Prosody Team.

As our work continues on modernizing XMPP authentication, we have some more new milestones to share with you. Until now our work has mostly been focused on internal Prosody improvements, such as the new roles and permissions framework. Now we are starting to extend our work to the actual client-to-server protocol in XMPP. Prosody and Snikket are both regularly used from mobile devices, which have intermittent connectivity. Even if it’s only a change between networks, or when driving through a tunnel for a few minutes, these things can temporarily break your connection - requiring a new one to be established.

Read more →

Mutation Testing in Prosody

by Matthew Wild. Categories: development .

This is a post about a new automated testing technique we have recently adopted to help us during our daily development work on Prosody. It’s probably most interesting to developers, but anyone technically-inclined should be able to follow along! If you’re unfamiliar with our project, it’s an open-source real-time messaging server, built around the XMPP protocol. It’s used by many organizations and self-hosting hobbyists, and also powers applications such as Snikket, JMP.

Read more →

Starring roles: Introducing dynamic permissions in Prosody

by The Prosody Team.

We just pushed the first stage of our modern auth project to Prosody’s development branch! In previous versions of Prosody (0.12 and earlier), Prosody’s internal API only really supported one type of permission check: “is this user an admin?”. Our new work replaces this with a fully flexible roles/permissions system. Upgrading to the new system Despite all our excitement about this new feature, the new changes are designed to be largely invisible to server admins by default.

Read more →

Modernizing XMPP authentication and authorization

by The Prosody Team.

We’re excited to announce that we have received funding, from the EU’s NGI Assure via the NLnet Foundation, to work on some important enhancements to Prosody and XMPP. Our work will be focusing on XMPP authentication and authorization, and bringing it up to date with current and emerging best practices. What kind of changes are we talking about? Well, there are a few aspects we are planning to work on.

Read more →

Prosody 0.12.1 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch. While the 0.12.0 release has been a huge success, inevitably people found some aspects that didn’t work quite as intended, or weren’t as polished as they ought to be. With the appreciation for the help from everyone reporting issues to us, we’re happy to now release our best version yet - 0.12.1 is here! Notably, we made a couple of changes that improve compatibility with Jitsi Meet, we fixed some bugs in our newly-extended XEP-0227 support, invites, and DNS handling.

Read more →

Prosody 0.12.0 released

by The Prosody Team. Tags: release .

ÄNTLIGEN! It’s finally here! After 3 years of development and through some chaotic times, Prosody 0.12.0 is released!

What’s the significance of this release? Like many software projects, Prosody follows a “branch” development/release model. We frequently make minor releases with bug fixes and improvements from our stable branch, while we implement more adventurous changes in our development branch, ready for the next major release.

Well, this is one of those adventurous major releases! Specifically, the first release in the 0.12 series, which will now be our new stable branch.

We can’t wait to share the many exciting features and changes with everyone. With over 2400 commits, this release couldn’t have been achieved without all the help from our many contributors, testers and other community members - you know who you are!

Read more →

Prosody 0.11.13 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch. This is a(nother!) release for our stable branch to fix a memory leak caused by the security fix. Deployments using websockets, SQL storage and possibly other configurations may have noticed increasing memory usage after upgrading to 0.11.12. This is resolved by this new release. A summary of changes in this release: Minor changes util.xml: Break reference to help the GC (fixes #1711) util.

Read more →

Prosody 0.11.12 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch. This is a security release that addresses a denial-of-service vulnerability in Prosody’s mod_websocket. For more information, refer to the 20220113 advisory. A summary of changes in this release: Security util.xml: Do not allow doctypes, comments or processing instructions Download As usual, download instructions for many platforms can be found on our download page If you have any questions, comments or other issues with this release, let us know!

Read more →

Prosody 0.11.11 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch. This release contains some fixes to PEP to control memory usage, along with a small batch of fixes for issues discovered since the last release. This will likely be the last release of the 0.11 branch. A summary of changes in this release: Fixes and improvements net.server_epoll: Prioritize network events over timers to improve performance under heavy load mod_pep: Add some memory usage limits mod_pep: Prevent creation of services for non-existent users mod_pep: Free resources on user deletion (needed a restart previously) Minor changes mod_pep: Free resources on reload mod_c2s: Indicate stream secure state in error text when no stream features to offer MUC: Fix logic for access to affiliation lists net.

Read more →

Prosody 0.11.10 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch. This release primarily fixes CVE-2021-37601, a remote information disclosure vulnerability. See the previously released advisory for details. We recommend that all deployments upgrade if they have not yet applied the mitigation described in the advisory. A handful fixes for issues discovered since 0.11.9 are also included. A summary of changes in this release: Security MUC: Fix logic for access to affiliation lists CVE-2021-37601 https://prosody.

Read more →
Previous page Next page