Prosodical Thoughts

News, announcements and thoughts from the Prosody IM team

PEP improvements in trunk

by The Prosody Team.

Our next trunk nightly release uses a new implementation of PEP (XEP-0163) by default. PEP is used for a number of things, primarily sharing with your contacts: Extended statuses (e.g. sharing the user’s current playing music, their mood, activity, etc.) Avatars OMEMO keys Chatroom bookmarks While PEP started out as a simplified form of ‘pubsub’ and a way to share information with your contacts, it quickly became clear that it was also a neat mechanism for sharing public info with non-contacts (such as OMEMO keys) or sharing private data (such as saved chatrooms) with other clients on your account.

Read more →

Prosody 0.10.2 and 0.9.14 Security Release

by The Prosody Team.

Today brings an important security release for both our stable branches. This fixes a cross-host authentication vulnerability, CVE-2018-10847. The issue affects Prosody instances that have multiple virtual hosts (including anonymous authenticated hosts). All versions of Prosody before 0.9.14 and 0.10.2 are affected. A full security advisory is available at https://prosody.im/security/advisory_20180531 Changes Summary of all changes in this release: Security mod_c2s: Do not allow the stream ‘to’ to change across stream restarts (fixes #1147) Minor changes mod_websocket: Store the request object on the session for use by other modules (fixes #1153) mod_c2s: Avoid concatenating potential nil value (fixes #753) core.

Read more →

Prosody 0.10.1 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch.

This is the latest release to our stable branch. It is recommented that all 0.10.0 users upgrade, and users of our nightly packages upgrade to build 477 or later.

A summary of changes in this release:

Read more →

Prosody 0.9.13 released

by The Prosody Team.

This is a new maintenance release to our old stable 0.9 branch, with many bug fixes, including some important security improvements.

Read more →

Prosody 0.10.0 released

by The Prosody Team. Tags: release .

It’s not 1st April, it’s 2nd October. Which means the rumours you heard were true. Prosody 0.10.0 is released!

This is the first release of our 0.10 branch. All of our recent releases have been from our stable 0.9 branch, which has served us well since the initial release of 0.9.0 back in 2013.

However time marches on, and we have a long list of new features and modules that we want to share with you.

Read more →

Prosody 0.9.12 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch.

This release fixes a few minor issues, and fixes valid certificates failing to verify correctly when Prosody 0.9.x is used with LuaSec 0.6.

A summary of changes in this release:

Read more →

Prosody 0.9.11 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch.

This release contains a whole bunch of bug fixes, a brief summary of them follows:

Read more →

Prosody 0.9.10 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch.

This release fixes another dialback security issue. We strongly encourage all Prosody servers to upgrade as soon as possible.

Read more →

Prosody 0.9.9 security release

by The Prosody Team.

Hi folks,

This release contains important fixes for two security issues recently discovered in Prosody. It also contains various other fixes and improvements we have made since 0.9.8. We strongly recommend that you upgrade your server as soon as possible.

Another important note is that for a number of reasons we have dropped Windows support with this release. If you are affected by this, please contact us directly via email at developers@prosody.im.

A summary of changes:

Read more →

Prosody 0.9.8 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch. This release contains mainly bug fixes, including an important security fix. A summary of changes in this release, by importance: High: Ensure only valid UTF-8 is passed to libidn. It was found (CVE-2015-2059) that libidn can read beyond the boundaries of the provided buffer when an input string contains invalid UTF-8 sequences. Systems where Prosody is compiled with libICU are not affected by this issue.

Read more →
Previous page Next page

About

Prosody is a lightweight and flexible XMPP server designed with ease-of-use and extensibility in mind.

Recent Posts