We just pushed the first stage of our modern auth project to Prosody’s development branch! In previous versions of Prosody (0.12 and earlier), Prosody’s internal API only really supported one type of permission check: “is this user an admin?”. Our new work replaces this with a fully flexible roles/permissions system. Upgrading to the new system Despite all our excitement about this new feature, the new changes are designed to be largely invisible to server admins by default.Read more →
We’re excited to announce that we have received funding, from the EU’s NGI Assure via the NLnet Foundation, to work on some important enhancements to Prosody and XMPP. Our work will be focusing on XMPP authentication and authorization, and bringing it up to date with current and emerging best practices. What kind of changes are we talking about? Well, there are a few aspects we are planning to work on.Read more →
We are pleased to announce a new minor release from our stable branch. While the 0.12.0 release has been a huge success, inevitably people found some aspects that didn’t work quite as intended, or weren’t as polished as they ought to be. With the appreciation for the help from everyone reporting issues to us, we’re happy to now release our best version yet - 0.12.1 is here! Notably, we made a couple of changes that improve compatibility with Jitsi Meet, we fixed some bugs in our newly-extended XEP-0227 support, invites, and DNS handling.Read more →
ÄNTLIGEN! It’s finally here! After 3 years of development and through some chaotic times, Prosody 0.12.0 is released!
What’s the significance of this release? Like many software projects, Prosody follows a “branch” development/release model. We frequently make minor releases with bug fixes and improvements from our stable branch, while we implement more adventurous changes in our development branch, ready for the next major release.
Well, this is one of those adventurous major releases! Specifically, the first release in the 0.12 series, which will now be our new stable branch.
We can’t wait to share the many exciting features and changes with everyone. With over 2400 commits, this release couldn’t have been achieved without all the help from our many contributors, testers and other community members - you know who you are!Read more →
We are pleased to announce a new minor release from our stable branch. This is a(nother!) release for our stable branch to fix a memory leak caused by the security fix. Deployments using websockets, SQL storage and possibly other configurations may have noticed increasing memory usage after upgrading to 0.11.12. This is resolved by this new release. A summary of changes in this release: Minor changes util.xml: Break reference to help the GC (fixes #1711) util.Read more →
We are pleased to announce a new minor release from our stable branch. This is a security release that addresses a denial-of-service vulnerability in Prosody’s mod_websocket. For more information, refer to the 20220113 advisory. A summary of changes in this release: Security util.xml: Do not allow doctypes, comments or processing instructions Download As usual, download instructions for many platforms can be found on our download page If you have any questions, comments or other issues with this release, let us know!Read more →
We are pleased to announce a new minor release from our stable branch. This release contains some fixes to PEP to control memory usage, along with a small batch of fixes for issues discovered since the last release. This will likely be the last release of the 0.11 branch. A summary of changes in this release: Fixes and improvements net.server_epoll: Prioritize network events over timers to improve performance under heavy load mod_pep: Add some memory usage limits mod_pep: Prevent creation of services for non-existent users mod_pep: Free resources on user deletion (needed a restart previously) Minor changes mod_pep: Free resources on reload mod_c2s: Indicate stream secure state in error text when no stream features to offer MUC: Fix logic for access to affiliation lists net.Read more →
We are pleased to announce a new minor release from our stable branch. This release primarily fixes CVE-2021-37601, a remote information disclosure vulnerability. See the previously released advisory for details. We recommend that all deployments upgrade if they have not yet applied the mitigation described in the advisory. A handful fixes for issues discovered since 0.11.9 are also included. A summary of changes in this release: Security MUC: Fix logic for access to affiliation lists CVE-2021-37601 https://prosody.Read more →
We are pleased to announce a new minor release from our stable branch. This release addresses a number of important security issues that affect most deployments of Prosody. Full details are available in a separate security advisory. We recommend that all deployments upgrade or apply the mitigations described in the advisory. Note: We have updated the default config file. Your package manager may warn you about this, and ask if you want to use the new file or keep your existing one.Read more →
We are pleased to announce a new minor release from our stable branch. A new release appears! This time it includes bug fixes and performance improvements! Thanks to the Jitsi folks for helping us improve websocket performance in this and the previous release. This release also fixes a security issue, where channel binding, which connects the authentication layer (i.e. SASL) with the security layer (i.e. TLS) to detect man-in-the-middle attacks, could be used on connections encrypted with TLS 1.Read more →
Prosody is a lightweight and flexible XMPP server designed with ease-of-use and extensibility in mind.