Prosodical Thoughts

News, announcements and thoughts from the Prosody IM team

Prosody 0.11.9 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch. This release addresses a number of important security issues that affect most deployments of Prosody. Full details are available in a separate security advisory. We recommend that all deployments upgrade or apply the mitigations described in the advisory. Note: We have updated the default config file. Your package manager may warn you about this, and ask if you want to use the new file or keep your existing one.

Read more →

Prosody 0.11.8 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch. A new release appears! This time it includes bug fixes and performance improvements! Thanks to the Jitsi folks for helping us improve websocket performance in this and the previous release. This release also fixes a security issue, where channel binding, which connects the authentication layer (i.e. SASL) with the security layer (i.e. TLS) to detect man-in-the-middle attacks, could be used on connections encrypted with TLS 1.

Read more →

How Prosody developers spent 2020

by The Prosody Team.

Nobody here knew quite what a year 2020 was going to be! However despite pandemics and lockdowns, we have continued to work on Prosody. This post is a summary of how the project is doing, and what we’ve been up to in the past year. One quick note before we begin… Prosody is an independent open-source project and exists only because the developers have been fortunate enough to be in a position to work on it.

Read more →

XMPP at the IETF

by The Prosody Team.

We recently helped deploy a new XMPP service for the IETF. But before we go any further, some of you are probably asking - “what is the IETF?!” If you’ve been around the XMPP community for a while, or if you’ve been at all involved in internet development discussions, you’ll already have an idea of what the IETF is. But that leaves many people don’t know, so here goes…

Read more →

Prosody 0.11.7 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch. This is a security release for the 0.11.x stable branch. It is strongly recommended that all users upgrade to this release, especially those whose deployments have enabled mod_websocket. As well as upgrading, we recommend all public deployments to review and configure the c2s_stanza_size_limit and s2s_stanza_size_limit options to values they are comfortable with. The value is specified in bytes, and the XMPP specification requires values to be at least 10000 bytes, however it also recommends against just setting the limit to 10000 bytes.

Read more →

Simple Anti-Spam Tips

by The Prosody Team.

You can take it as a sign of success of a network when it becomes worthwhile for spammers to set up camp. If you’re an active user of XMPP, there is a chance you’ve been unfortunate enough to receive spam in recent weeks. Spam has always been an occasional issue on the network, as with any network, website or internet service. However a few years ago spammers really started to take things more seriously on XMPP.

Read more →

Great Invitations

by The Prosody Team.

There are two kinds of servers on the XMPP network today: those with public registration, and those without. The servers that support registration generally allow you to create accounts via the web, or using your XMPP client (XEP-0077). The problem is that this opens your server up to the world. Even when you add CAPTCHAs and other defences, even the most careful XMPP public server admin will at some point see spammers registering accounts on their server.

Read more →

Prosody 0.11.6 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch. This release brings a collection of fixes and improvements added since the 0.11.5 release improving security, performance, usability and interoperability. This version continues the deprecation of using prosodyctl to start/stop Prosody if it is installed system-wide. You should use your init system’s appropriate commands to manage the Prosody process instead. You can silence the warnings with the ‘prosodyctl_service_warnings’ option.

Read more →

Prosody 0.11.5 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch. This release mostly adds command line flags to force foreground or background operation, which replaces and deprecates the ‘daemonize’ option in the config file. A summary of changes in this release: Fixes and improvements prosody / mod_posix: Support for command-line flags to override ‘daemonize’ config option Minor changes mod_websocket: Clear mask bit when reflecting ping frames (fixes #1484: Websocket masks pong answer) Download As usual, download instructions for many platforms can be found on our download page

Read more →

Introducing Snikket

by The Prosody Team. Tags: snikket .

Reviewing the past decade A little over 11 years ago, a group of us started the project that would snowball to become Prosody. There were a number of reasons for embarking on this new project, but one of our primary objectives was to make running your own server much easier than it was back then in 2008. Looking back, I think we’ve made significant progress. Not only in Prosody, but across the XMPP ecosystem there has been a renewed focus on improving the user experience of projects.

Read more →
Previous page Next page

About

Prosody is a lightweight and flexible XMPP server designed with ease-of-use and extensibility in mind.

⚛️ Atom feed

Recent Posts