Prosodical Thoughts on Prosodical Thoughts2023-09-06T12:42:15+0200https://blog.prosody.im/Prosody 0.12.4 releasedThe Prosody Teamhttps://blog.prosody.im/prosody-0.12.4-released/2023-09-06T12:42:15+02002023-09-06T12:42:15+0200We are pleased to announce a new minor release from our stable branch.
We’re relieved to announce this overdue maintenance release containing a number of bug fixes and also some improvements from the last few months.
Especially the prosodyctl check tool which gained some new diagnostic checks as well as handling of configuration option types the same way Prosody itself does.
A summary of changes in this release:
Minor changes core.
<p>We are pleased to announce a new minor release from our stable branch.</p>
<p>We’re relieved to announce this overdue maintenance release containing a
number of bug fixes and also some improvements from the last few months.</p>
<p>Especially the <code>prosodyctl check</code> tool which gained some new diagnostic
checks as well as handling of configuration option types the same way
Prosody itself does.</p>
<p>A summary of changes in this release:</p>
<h2 id="minor-changes">Minor changes</h2>
<ul>
<li>core.certmanager: Update Mozilla TLS config to version 5.7</li>
<li>util.error: Fix error on conversion of invalid error stanza <a href="https://issues.prosody.im/1805">#1805</a></li>
<li>util.array: Fix new() library function</li>
<li>util.array: Expose new() on module table</li>
<li>prosodyctl: Fix output of error messages containing ‘%’</li>
<li>util.prosodyctl.check: Correct suggested replacement for ‘disallow_s2s’</li>
<li>util.prosodyctl.check: Allow same config syntax variants as in Prosody for some options <a href="https://issues.prosody.im/896">#896</a></li>
<li>util.prosodyctl.check: Fix error where hostname can’t be turned into A label</li>
<li>util.prosodyctl.check: Hint about the ‘external_addresses’ config option</li>
<li>util.prosodyctl.check: Suggest ‘http_cors_override’ instead of older CORS settings</li>
<li>util.prosodyctl.check: Validate format of module list options</li>
<li>mod_websocket: Add a ‘pre-session-close’ event <a href="https://issues.prosody.im/1800">#1800</a></li>
<li>mod_smacks: Fix stray watchdog closing sessions</li>
<li>mod_csi_simple: Disable revert-to-inactive timer when going to active mode</li>
<li>mod_csi_simple: Clear delayed active mode timer on disable</li>
<li>mod_admin_shell: Fix display of remote cert status when expired etc</li>
<li>mod_smacks: Replace existing watchdog when starting hibernation</li>
<li>mod_http: Fix error if ‘access_control_allow_origins’ is set</li>
<li>mod_pubsub: Send correct ‘jid’ attribute in disco#items</li>
<li>mod_http: Unhook CORS handlers only if active to fix an error <a href="https://issues.prosody.im/1801">#1801</a></li>
<li>mod_s2s: Add event where resolver for s2sout can be tweaked</li>
</ul>
<h1 id="download">Download</h1>
<p>As usual, download instructions for many platforms can be found on our <a href="https://prosody.im/download">download page</a></p>
<p>If you have any questions, comments or other issues with this release, <a href="https://prosody.im/discuss">let us know!</a></p>
Prosody 0.12.3 releasedThe Prosody Teamhttps://blog.prosody.im/prosody-0.12.3-released/2023-02-21T10:46:35+00002023-02-21T10:46:35+0000We are pleased to announce a new minor release from our stable branch.
This is a bugfix release for our stable 0.12 series. Most notably, it fixes a regression for SQL users introduced in 0.12.2, and a separate long-standing compatibility issue with archive stores on certain MySQL/MariaDB versions.
It also fixes an issue with websockets discovered by the Jitsi team, some issues with our internal HTTP client API, and we’ve improved the accuracy of ‘prosodyctl check dns’ in certain configurations.
<p>We are pleased to announce a new minor release from our stable branch.</p>
<p>This is a bugfix release for our stable 0.12 series. Most notably, it fixes a
regression for SQL users introduced in 0.12.2, and a separate long-standing
compatibility issue with archive stores on certain MySQL/MariaDB versions.</p>
<p>It also fixes an issue with websockets discovered by the Jitsi team, some
issues with our internal HTTP client API, and we’ve improved the accuracy of
‘prosodyctl check dns’ in certain configurations.</p>
<p>A summary of changes in this release:</p>
<h2 id="fixes-and-improvements">Fixes and improvements</h2>
<ul>
<li>mod_storage_sql: Don’t avoid initialization under prosodyctl (fix <a href="https://issues.prosody.im/1787">#1787</a>: mod_storage_sql changes (d580e6a57cbb) breaks prosodyctl)</li>
<li>mod_storage_sql: Fix for breaking change in certain MySQL versions (<a href="https://issues.prosody.im/1639">#1639</a>)</li>
<li>prosodyctl check dns: Check for Direct TLS SRV records even if not configured (<a href="https://issues.prosody.im/1793">#1793</a>)</li>
</ul>
<h2 id="minor-changes">Minor changes</h2>
<ul>
<li>mod_websocket: Fire pre-session-close event (fixes <a href="https://issues.prosody.im/1800">#1800</a>: mod_websocket: cleanly-closed sessions are hibernated by mod_smacks)</li>
<li>sessionmanager: Mark session as destroyed to prevent reentry (fixes <a href="https://issues.prosody.im/1781">#1781</a>)</li>
<li>mod_admin_socket: Return error on unhandled input to prevent apparent freeze</li>
<li>configure: Fix quoting of $LUA_SUFFIX (thanks shellcheck/Zash)</li>
<li>net.http.parser: Improve handling of responses without content-length</li>
<li>net.http.parser: Fix off-by-one error in chunk parser</li>
<li>net.http.server: Add new API to get HTTP request from a connection</li>
<li>net.http.server: Fix double close of file handle in chunked mode with opportunistic writes (<a href="https://issues.prosody.im/1789">#1789</a>)</li>
<li>util.prosodyctl.shell: Close state on exit to fix saving shell history</li>
<li>mod_invites: Prefer landing page over xmpp URI in shell command</li>
<li>mod_muc_mam: Add mam#extended form fields <a href="https://issues.prosody.im/1796">#1796</a> (Thanks Rain)</li>
<li>mod_muc_mam: Copy “include total” behavior from mod_mam</li>
<li>util.startup: Close state on exit to ensure GC finalizers are called</li>
</ul>
<h1 id="download">Download</h1>
<p>As usual, download instructions for many platforms can be found on our <a href="https://prosody.im/download">download page</a></p>
<p>If you have any questions, comments or other issues with this release, <a href="https://prosody.im/discuss">let us know!</a></p>
Prosody 0.12.2 releasedThe Prosody Teamhttps://blog.prosody.im/prosody-0.12.2-released/2022-12-13T21:23:13+01002022-12-13T21:23:13+0100We are pleased to announce a new minor release from our stable branch.
This is a regularly delayed release containing a number of fixes for issues that we have come across since the last release of the 0.12 series.
A summary of changes in this release:
Fixes and improvements util.stanza: Allow U+7F when constructing stazas net.unbound: Preserve built-in defaults and Prosodys settings for luaunbound (fixes #1763: luaunbound not reading resolv.
<p>We are pleased to announce a new minor release from our stable branch.</p>
<p>This is a regularly delayed release containing a number of fixes for
issues that we have come across since the last release of the 0.12
series.</p>
<p>A summary of changes in this release:</p>
<h2 id="fixes-and-improvements">Fixes and improvements</h2>
<ul>
<li>util.stanza: Allow U+7F when constructing stazas</li>
<li>net.unbound: Preserve built-in defaults and Prosodys settings for luaunbound (fixes <a href="https://issues.prosody.im/1763">#1763</a>: luaunbound not reading resolv.conf) (thanks rgd)</li>
<li>mod_smacks: Disable not implemented resumption behavior on s2s</li>
<li>mod_http: Allow disabling CORS in the http_cors_override option and by default</li>
</ul>
<h2 id="minor-changes">Minor changes</h2>
<ul>
<li>util.json: Accept empty arrays with whitespace (fixes <a href="https://issues.prosody.im/1782">#1782</a>: util.json fails to parse empty array with whitespace)</li>
<li>util.stanza: Adjust number of return values to handle change in dependency of test suite (fix test with luassert >=1.9)</li>
<li>util.startup: Ensure import() is available in prosodyctl (thanks keyzer)</li>
<li>mod_storage_sql: Fix initialization when called from prosodyctl</li>
<li>mod_storage_sql: Fix the summary API with Postgres (<a href="https://issues.prosody.im/1766">#1766</a>)</li>
<li>mod_admin_shell: Fixes for showing data related to disconnected sessions (fixes <a href="https://issues.prosody.im/1777">#1777</a>)</li>
<li>core.s2smanager: Don’t remove unrelated session on close of bidi session</li>
<li>mod_smacks: Don’t send redundant requests for acknowledgement (<a href="https://issues.prosody.im/1761">#1761</a>)</li>
<li>mod_admin_shell: Rename commands <code>user:roles()</code> to <code>user:setroles()</code> and <code>user:showroles()</code> to <code>user:roles()</code></li>
<li>mod_smacks: Bounce unhandled stanzas from local origin (fix <a href="https://issues.prosody.im/1759">#1759</a>)</li>
<li>mod_bookmarks: Reduce log level of message about not having any bookmarks</li>
<li>mod_s2s: Fix firing buffer drain events</li>
<li>mod_http_files: Log warning about legacy modules using mod_http_files</li>
<li>util.startup: Wait for last shutdown steps</li>
<li>util.datamapper: Improve handling of schemas with non-obvious “type”</li>
<li>util.jsonschema: Fix validation to not assume presence of “type” field</li>
<li>util.jsonschema: Use same integer/float logic on Lua 5.2 and 5.3</li>
</ul>
<h1 id="download">Download</h1>
<p>As usual, download instructions for many platforms can be found on our <a href="https://prosody.im/download">download page</a></p>
<p>If you have any questions, comments or other issues with this release, <a href="https://prosody.im/discuss">let us know!</a></p>
Prosody 0.11.14 releasedThe Prosody Teamhttps://blog.prosody.im/prosody-0.11.14-released/2022-12-12T22:00:07+01002022-12-12T22:00:07+0100We are pleased to announce a new minor release from our stable branch.
This release fixes an issue in the library Prosody uses to build XML stanzas, wherein it was too strict and disallowed the character “DEL”, which is actually allowed by XML. This has no effect on normal stanza routing and delivery, but may cause reading stanzas from message archives or offline message stores to fail.
A summary of changes in this release:
<p>We are pleased to announce a new minor release from our stable branch.</p>
<p>This release fixes an issue in the library Prosody uses to build XML
stanzas, wherein it was too strict and disallowed the character “DEL”,
which is actually allowed by XML. This has no effect on normal stanza
routing and delivery, but may cause reading stanzas from message
archives or offline message stores to fail.</p>
<p>A summary of changes in this release:</p>
<h2 id="fixes-and-improvements">Fixes and improvements</h2>
<ul>
<li>util.stanza: Allow U+7F when constructing stazas</li>
</ul>
<h1 id="download">Download</h1>
<p>As usual, download instructions for many platforms can be found on our <a href="https://prosody.im/download">download page</a></p>
<p>If you have any questions, comments or other issues with this release, <a href="https://prosody.im/discuss">let us know!</a></p>
Bringing FASTer authentication to Prosody and XMPPThe Prosody Teamhttps://blog.prosody.im/fast-auth/2022-11-28T17:30:00+00002022-11-28T17:30:00+0000As our work continues on modernizing XMPP authentication, we have some more new milestones to share with you. Until now our work has mostly been focused on internal Prosody improvements, such as the new roles and permissions framework. Now we are starting to extend our work to the actual client-to-server protocol in XMPP.
Prosody and Snikket are both regularly used from mobile devices, which have intermittent connectivity. Even if it’s only a change between networks, or when driving through a tunnel for a few minutes, these things can temporarily break your connection - requiring a new one to be established.
<p>As our work continues on <a href="https://docs.modernxmpp.org/projects/auth/">modernizing XMPP authentication</a>,
we have some more new milestones to share with you. Until now our work has
mostly been focused on internal Prosody improvements, such as the new <a href="/role-auth/">roles
and permissions framework</a>. Now we are starting to extend our
work to the actual client-to-server protocol in XMPP.</p>
<p><a href="https://prosody.im/">Prosody</a> and <a href="https://snikket.org/">Snikket</a> are both
regularly used from mobile devices, which have intermittent connectivity. Even
if it’s only a change between networks, or when driving through a tunnel for
a few minutes, these things can temporarily break your connection - requiring
a new one to be established.</p>
<p>We’ve had solutions and optimizations in the XMPP protocol for this situation
for years (really… the first version of XEP-0198 was published in 2004!).
XEP-0198 allows a client to reconnect to the server as soon as the network
comes back, easily discover if anything failed to be sent/received due to the
network interruption, and then resync any lost packets in either direction.</p>
<p>This effectively allows resuming and repairing the session as if no disconnect
occurred, while skipping a bunch of traffic that would usually be exchanged
when establishing a new session (instead, everything is simply cached from the
old session).</p>
<p>However, there is one important thing we don’t allow the client to skip. To
keep this resumption step secure, we require authentication. It’s a new
connection, and we need to prove it’s from who it claims to be from.</p>
<h2 id="authentication-in-xmpp-today">Authentication in XMPP today</h2>
<p>The most common authentication method for XMPP connections today is SCRAM.
This is a neat password-based authentication mechanism that has many nice
properties, such as allowing both the client and the server to store only a
hash of the password. It also allows the client to determine that the server
really knows the user’s password, and supports channel binding. These
features allow the client to detect various kinds of attack.</p>
<p>Even though we have been using SCRAM in XMPP for many years now, <strong>it still
offers more protective features today than the vast majority of online
services you use</strong> - which generally all send your password to the server in
plain text, albeit within TLS or HTTPS.</p>
<p>A new SCRAM alternative is currently being developed, known as OPAQUE, which
adds even more nice properties. But that’s for future blog post… :)</p>
<p>However, there are some drawbacks of SCRAM (and similar mechanisms, including
OPAQUE) that can’t realistically be solved. To adequately protect your
password, it requires some back-and-forth negotiation with the server. In
protocol speak, we refer to such situations as “round trips” - every time the
client sends something to the server and has to wait for a response before it
can proceed. On a very slow network, <strong>round trips can add a bunch of latency</strong>,
and as anyone who has used audio/video calls or gaming online knows, latency
can be frustrating and hard to eliminate from a connection.</p>
<p>Simpler authentication methods just have the client say “here are my
credentials”, and the server say “your credentials look great, you’re
authenticated!“. That’s how HTTP and most websites work today. Such approaches
are quick and easy, but they don’t protect your credentials as well as SCRAM
does.</p>
<h2 id="passwords-are-the-problem">Passwords are the problem</h2>
<p>SCRAM’s protections are important for passwords. Passwords are (unfortunately)
often chosen by users to be the same or similar across multiple services, and
even if they are strong and unique they can be vulnerable to phishing. If
leaked, many memorable passwords contain private information about the user.</p>
<p>We don’t want to drop any of our important password security features just to
improve connection speed. So instead we found a better solution: drop
passwords!</p>
<p>Our new solution allows the client to log in initially using a
password (or any other method the XMPP server supports). After that, it can
upgrade to a strong unique authentication token provided by the server, which it
can use to quickly re-authenticate on future connections.</p>
<h2 id="tokens-are-the-answer">Tokens are the answer</h2>
<p>Tokens have many advantages compared to passwords:</p>
<ul>
<li>They are <strong>unique to the service that generated them</strong>, so cross-service attacks
like <a href="https://www.cloudflare.com/learning/bots/what-is-credential-stuffing/">credential stuffing</a>
are useless against tokens.</li>
<li>Tokens <strong>don’t need to be memorable</strong>, so they can be very long and random (both
desirable properties for increasing account security!).</li>
<li>As they are not memorized by the user, they <strong>can be rotated frequently</strong>
without any inconvenience.</li>
<li>Different tokens <strong>can be generated for each of a user’s devices</strong>, instead of
sharing the user’s password across all of them. This also allows selectively
removing a device’s access from the user’s account, e.g. if it gets lost or
stolen.</li>
</ul>
<p>With these security advantages, we suddenly unlock the ability to use simpler
authentication mechanisms without risking the security of the user’s account
or password.</p>
<p>Still, we can do a bit better than just sending the token to the server as
plain text. Fortunately, just the kind of modern token authentication
method we need has already been in development by Florian Schmaus: the
<a href="https://datatracker.ietf.org/doc/draft-schmaus-kitten-sasl-ht/">SASL HT mechanism family</a>.</p>
<p>HT mechanisms have the following properties:</p>
<ul>
<li>The actual token itself <strong>is not exchanged</strong> over the connection during authentication.</li>
<li>And yet, the server receives <strong>proof that the client has the full correct token</strong>.</li>
<li>The client also receives <strong>proof that the server has the full correct token</strong> (and isn’t just impersonating the real server).</li>
<li>Finally, if channel binding is used, both sides receive <strong>proof that no MITM or relay attack being performed</strong>.</li>
</ul>
<p>And… all this can be completed within a single round trip!</p>
<p>The protocol to achieve this has been submitted to the XSF as <a href="https://github.com/xsf/xeps/pull/1232">“Fast
Authentication Streamlining Tokens”</a>.
It is in the acceptance queue, so doesn’t have a XEP number assigned yet.</p>
<h2 id="updating-and-integrating-with-sasl2">Updating and integrating with SASL2</h2>
<p>If FAST authentication was the only thing we had been working on recently, we
would be happy enough. But there’s more…</p>
<p>In collaboration with Thilo Molitor from the <a href="https://monal-im.org/">Monal project</a>,
a new version of XEP-0388 (SASL 2) <a href="https://github.com/xsf/xeps/pull/1214">has been submitted</a>.
SASL 2 was originally proposed back in 2017, and it defines a new
authentication protocol for XMPP (still based on SASL, so we can reuse all the
existing mechanisms we already have in place).</p>
<p>Several features of SASL 2 are very relevant to our work. For example, it
allows negotiation of session features in parallel with the authentication
process. The old way required the client to authenticate, and then proceed to
negotiate whatever features and parameters it wanted for the new session. With
SASL2 the client can provide this information at the same time it provides its
credentials. This saves yet more round trips.</p>
<p>As well as SASL 2, we’ve also updated a related proposal from around the same
time, XEP-0386 (Bind 2). This is also a critical piece of session
establishment that integrates with SASL 2.</p>
<p>With the work we’ve done across these three specifications - XEP-0388,
XEP-0386 and FAST - <strong>we’ve essentially overhauled the entire authentication and
session establishment protocol of XMPP</strong>. Even with all our additional authentication
security features, it’s now possible for a client to connect, authenticate, and resume
or create a session in a single request and response.</p>
<p>This post shouldn’t be taken as being entirely about performance improvements.
It’s nice to be able to (re)connect to the server in the blink of an eye. But
there are other reasons to be working on this.</p>
<p>As anyone who used XMPP in 2012 and 2022 knows, <strong>XMPP has been continuously
evolving</strong> as both the internet and the way people use it has changed. Over time
we have “bolted on” various features to the connection process to achieve this
evolution.</p>
<p>Now, with these new changes, we are bringing all these enhancements together
into a single framework that was designed for them to fit neatly into. Not
only are we reducing round trips, we are also simplifying connection
establishment for the next generation of XMPP developers.</p>
<h2 id="when-can-i-use-all-this">When can I use all this?</h2>
<p>Even though this is all cutting edge stuff, you’ll be able to use it much
sooner than you might think!</p>
<p>Prosody has support for the new SASL 2, Bind 2 and FAST protocols. They are
all available as community modules right now, though we intend for them to
become part of the main Prosody distribution eventually.</p>
<p>To get started, you’ll need a <a href="https://prosody.im/download/start#nightly_builds">Prosody trunk nightly build</a>,
and simply enable the following community modules:</p>
<ul>
<li><a href="https://modules.prosody.im/mod_sasl2">mod_sasl2</a></li>
<li><a href="https://modules.prosody.im/mod_sasl2_bind2">mod_sasl2_bind2</a></li>
<li><a href="https://modules.prosody.im/mod_sasl2_sm">mod_sasl2_sm</a></li>
<li><a href="https://modules.prosody.im/mod_sasl2_fast">mod_sasl2_fast</a></li>
</ul>
<p>To take advantage of the new features, you’ll need a compatible client. FAST
is already implemented in multiple clients, and will be available from
<a href="https://gultsch.social/@daniel/109272943069579121">Conversations 2.11</a>
for Android, as well as the next major versions of <a href="https://www.monal-im.org/">Monal</a>,
<a href="https://c.im/@hantu/109273760042794865">Siskin and Beagle</a> for iOS and MacOS.</p>
<p><a href="https://gajim.org/">Gajim</a> already has SASL 2 implemented, and other client
developers have also already expressed an interest in support.</p>
<p>If you’re a client or library developer interested in supporting any of this,
we have a test server available that you are welcome to use. Just let us know!</p>
<p>Do remember that all <strong>this is still very new and experimental</strong>. The relevant
protocol specifications are still working their way through the XSF standards
process and there may be changes to come in the future. There may also be
undiscovered bugs. We encourage brave souls to help test it all in real world
deployments, but if your priority is keeping a stable setup, you should probably
wait a little longer before deploying any of this.</p>
<h2 id="tcp-fast-open">TCP Fast Open</h2>
<p>While this post is not <em>just</em> about performance improvements, we’ve talked a
lot about performance improvements. Therefore it’s worth noting an extra
little side feature at this point.</p>
<p>Prosody trunk builds, when used with the new LuaSocket 3.1.0, support
something known as
<a href="https://en.wikipedia.org/wiki/TCP_Fast_Open">TCP Fast Open</a>. This is a
low-level TCP extension that allows new connections to skip a round trip, by
exchanging initial data packets while the connection is being established.</p>
<p>It’s disabled for servers by default on Linux, but you can enable it on most
modern systems by creating the file <code>/etc/sysctl.d/tcp-fastopen.conf</code> with
the contents:</p>
<pre><code>net.ipv4.tcp_fastopen=3
</code></pre>
<p>Run <code>systemctl restart systemd-sysctl.service</code> to apply the changes. More
information on the sysctl configuration can be found in the <a href="https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html">Linux kernel
documentation</a>.</p>
<p>In Prosody’s config, add the following in the global section:</p>
<pre><code>network_settings = {
tcp_fastopen = 256;
}
</code></pre>
<p>Restart Prosody to apply these changes. Be aware that some networks and routers
have been reported to be incompatible with TCP Fast Open (support was removed
from Firefox for this reason). Although Linux has built-in recovery mechanisms
that should work around such issues, if you experience trouble connecting to
your server from certain networks, you may want to try turning this off again.</p>
<p>We’re also looking at support for TLS 1.3’s 0-RTT mode, which can be combined
with FAST authentication and TCP Fast Open to achieve full connection
establishment within a single round-trip. Pretty impressive!</p>
<h2 id="next-steps">Next steps</h2>
<p>These protocol changes are yet another step on our XMPP authentication
modernization journey. With the new protocols now written and implemented, we
can start looking forward to the next milestones for the project.</p>
<p>In the coming months, we’ll be working on the ability to sign in to your
XMPP account from third-party clients and services without sharing your
password with them. Subscribe to our blog or <a href="https://fosstodon.org/@prosodyim">Mastodon account</a>
and keep an eye out for that future post!</p>
Mutation Testing in ProsodyMatthew Wildhttps://blog.prosody.im/mutation-testing-in-prosody/2022-10-13T11:30:00+01002022-10-13T11:30:00+0100This is a post about a new automated testing technique we have recently adopted to help us during our daily development work on Prosody. It’s probably most interesting to developers, but anyone technically-inclined should be able to follow along!
If you’re unfamiliar with our project, it’s an open-source real-time messaging server, built around the XMPP protocol. It’s used by many organizations and self-hosting hobbyists, and also powers applications such as Snikket, JMP.
<p>This is a post about a new automated testing technique we have recently
adopted to help us during our daily development work on Prosody. It’s probably
most interesting to developers, but anyone technically-inclined should be able
to follow along!</p>
<p>If you’re unfamiliar with our project, it’s an open-source real-time messaging
server, built around the XMPP protocol. It’s used by many organizations and
self-hosting hobbyists, and also powers applications such as <a href="https://snikket.org/">Snikket</a>,
<a href="https://jmp.chat/">JMP.chat</a> and <a href="https://meet.jit.si/">Jitsi Meet</a>.</p>
<p>Like most software projects, we routinely use automated testing tools to
ensure Prosody is behaving correctly, even as we continue to work daily on
fixes and improvements throughout the project.</p>
<p>We use unit tests, which test the individual modules that Prosody is built
from, via the <a href="https://lunarmodules.github.io/busted/">busted</a> testing tool
for Lua. We also developed <a href="https://matthewwild.co.uk/projects/scansion/">scansion</a>,
an automated XMPP client, for our integration tests that ensure Prosody as a
whole is functioning as expected at the XMPP level.</p>
<p>Recently we’ve been experimenting with a new testing technique.</p>
<h2 id="introducing-mutation-testing">Introducing ‘mutation testing’</h2>
<p>Mutation testing is a way to test the tests. It is an automated process that
introduces intentional errors (known as “mutations”) into the source code, and
then runs the tests after each possible mutation, to make sure they identify
the error and fail.</p>
<p>Example mutations are things like changing <code>true</code> to <code>false</code>, or <code>+</code> to <code>-</code>.
If the program was originally correct, then these changes should make it
incorrect and the tests should fail. However, if the tests were not extensive
enough, they might not notice the change and continue to report that the code
is working correctly. That’s when there is work to do!</p>
<p>Mutation testing is similar and related to other testing methods such as
<em>fault injection</em>, which intentionally introduce errors into an application at
runtime to ensure it handles them correctly. Mutation testing is specifically
about errors introduced by modifying the application source code in certain
ways. For this reason it is applicable to any code written in a given
language, and does not need to be aware of any application-specific APIs or
the runtime environment.</p>
<p>One end result of a full mutation testing analysis is a “mutation score”,
which is simply the percentage of mutated versions of the program (“mutants”)
that the test suite failed to identify. Along with coverage (which counts
the percentage of lines successfully executed during a test run), the mutation
score provides a way to measure the quality of a test suite.</p>
<h2 id="code-coverage-is-not-enough">Code coverage is not enough</h2>
<p>Measuring coverage alone does not suffice to assess the quality of a test
suite. Take this example function:</p>
<pre><code class="language-lua">function max(a, b, c)
if a > b or a > c then
return a
elseif b > a or b > c then
return b
elseif c > a or c > b then
return c
end
end
</code></pre>
<p>This (not necessarily correct) function returns the largest of three input
values. The lazy (fictional!) developer who wrote it was asked to ensure 100%
test coverage for this function, here is the set of tests they produced:</p>
<pre><code class="language-lua">assert(max(10, 0, 0) == 10) -- test case 1, a is greater
assert(max(0, 10, 0) == 10) -- test case 2, b is greater
assert(max(0, 0, 10) == 10) -- test case 3, c is greater
</code></pre>
<p>Like most tests, it executes the function with various input values and
ensures it returns the expected result. In this case, the developer moves
the maximum value ‘10’ between the three input parameters and successfully
exercises every line of the function, achieving 100% code coverage. Mission
accomplished!</p>
<p>But wait… is this really a comprehensive test suite? How can we judge
how extensively the behaviour of this function is actually being tested?</p>
<h2 id="mutation-testing">Mutation testing</h2>
<p>Running this function through a mutation testing tool will highlight behaviour
that the developer forgot to test. So that’s exactly what I did.</p>
<p>The tool generated 5 mutants, and the tests failed to catch 4 of them. This
means the test suite only has a mutation score of 20%. This is a very low
score, and despite the 100% line and branch coverage of the tests, we now have
a strong indication that they are inadequate.</p>
<p>To fix this, we next have to analyze the mutants that our tests considered
acceptable. Here is mutant number one:</p>
<pre><code class="language-lua">function max(a, b, c)
if false and a > b or a > c then
return a
elseif b > a or b > c then
return b
elseif c > a or c > b then
return c
end
end
</code></pre>
<p>See what it did? It changed the first <code>if a > b</code> to <code>if false and a > b</code>,
effectively ensuring the condition <code>a > b</code> will never be checked. A condition
was entirely disabled, yet the tests continued to pass?! There are two
possible reasons for this: either this condition is not really needed for the
program to work correctly, <em>or</em> we just don’t have any tests verifying that
this condition is doing its job.</p>
<p>Which test case should have tested this path? Obviously ‘test case 1’:</p>
<pre><code>assert(max(10, 0, 0) == 10)
</code></pre>
<p><code>a</code> is the greatest input here, and indeed the test confirms that the function
returns it correctly. But according to our mutation testing, this is happening
even without the <code>a > b</code> check, and that seems wrong - we would only want to
return <code>a</code> if it is also greater than <code>b</code>. So let’s add a test for the case
where <code>a</code> is greater than <code>c</code> but <em>not</em> greater than <code>b</code>:</p>
<pre><code>assert(max(10, 15, 0) == 15)
</code></pre>
<p>What a surprise, our new test fails:</p>
<pre><code>Failure → spec/max_spec.lua @ 4
max produces the expected results
spec/max_spec.lua:1: Expected objects to be equal.
Passed in:
(number) 10
Expected:
(number) 15
</code></pre>
<p>With this new test case added, the mutant we looked at will no longer be
passed, and we’ve successfully improved our mutation score.</p>
<p>Mutation testing helped us discover that our tests were not complete, despite
having 100% coverage, and helped us identify which test cases we had forgotten
to write. We can now go and fix our code to make the new test case pass,
resulting in better tests and more confidence in the correctness of our code.</p>
<h2 id="mutation-testing-limitations">Mutation testing limitations</h2>
<p>As a new tool in our toolbox, mutation testing has already helped us improve
lots of our unit tests in ways we didn’t previously know they were lacking,
and we’re focusing especially on improving our tests that currently have a low
mutation score. But before you get too excited, you should be aware that
although it is an amazing tool to have, it is not entirely perfect.</p>
<p>Probably the biggest problem with mutation testing, as anyone who tries it
will soon discover, is what are called ‘equivalent mutants’. These are mutated
versions of the source code that still behave correctly. Unfortunately,
identifying whether mutants are equivalent to the original code often requires
manual inspection by a developer.</p>
<p>Equivalent mutants are common where there are performance optimizations in the
code but the code still works correctly without them. There are other cases
too, such as when code only deals with whether a number is positive or
negative (the mutation tool might change <code>-1</code> to <code>-2</code> and expect the tests to
fail). There are also APIs where modifying parameters will not change the
result. A common example of this in Prosody’s code is Lua’s <code>string.sub()</code>,
where indices outside the boundaries of the input string do not affect the
result (<code>string.sub("test", 1, 4)</code> and <code>string.sub("test", 1, 5)</code> are
equivalent because the string is only 4 characters long).</p>
<h2 id="the-implementation">The implementation</h2>
<p>Although mutation testing is something I first read about many years ago and
it immediately interested me, there were no mutation testing tools available
for Lua source code at the time. As this is the language I spend most of my
time in while working on Prosody, I’ve never been able to properly use the
technique.</p>
<p>However, for our new <a href="/role-auth/">authorization API</a> in Prosody, I’m
currently adding more new code and tests than usual and the new code is
security-related. I want to be sure that everything I add is covered well by
the accompanying tests, and that sparked again my interest in mutation
testing to support this effort.</p>
<p>Still no tool was available for Lua, so I set aside a couple of hours to
determine whether producing such a thing would be feasible. Luckily I didn’t
need to start from scratch - there is already a mature project for parsing and
modifying Lua source code called <a href="https://web.tecgraf.puc-rio.br/~lhf/ftp/lua/#ltokenp">ltokenp</a>
written by Luiz Henrique de Figueiredo. On top of this I needed to write a
small filter script to actually define the mutations, and a helper script for
the testing tool we use (<a href="https://lunarmodules.github.io/busted/">busted</a>) to
actually inject the mutated source code during test runs.</p>
<p>Combining this all together, I wrote a simple shell script to wrap the process
of generating the mutants, running the tests, and keeping score. The result
is a <a href="https://hg.prosody.im/trunk/file/tip/tools/test_mutants.sh.lua">single-file script</a>
that I’ve committed to the Prosody repository, and we will probably link it up
to our CI in the future.</p>
<p>It’s still very young, and there are many improvements that could be made, but
it is already proving very useful to us. If there is sufficient interest,
maybe it will graduate into its own project some day!</p>
<p>If you’re interested in learning more about mutation testing, check out these
resources:</p>
<ul>
<li><a href="https://en.wikipedia.org/wiki/Mutation_testing">Mutation testing</a> article on Wikipedia</li>
<li><a href="https://github.com/theofidry/awesome-mutation-testing">“Awesome Mutation Testing”</a> list on Github</li>
</ul>
Starring roles: Introducing dynamic permissions in ProsodyThe Prosody Teamhttps://blog.prosody.im/role-auth/2022-08-22T10:15:00+01002022-08-22T10:15:00+0100We just pushed the first stage of our modern auth project to Prosody’s development branch!
In previous versions of Prosody (0.12 and earlier), Prosody’s internal API only really supported one type of permission check: “is this user an admin?”. Our new work replaces this with a fully flexible roles/permissions system.
Upgrading to the new system Despite all our excitement about this new feature, the new changes are designed to be largely invisible to server admins by default.
<p>We just pushed the first stage of our <a href="/modern-xmpp-auth/">modern auth project</a> to Prosody’s
development branch!</p>
<p>In previous versions of Prosody (0.12 and earlier), Prosody’s internal API
only really supported one type of permission check: “is this user an admin?”.
Our new work replaces this with a fully flexible roles/permissions system.</p>
<h2 id="upgrading-to-the-new-system">Upgrading to the new system</h2>
<p>Despite all our excitement about this new feature, the new changes are
designed to be largely <em>invisible</em> to server admins by default. We always aim
to make Prosody upgrades as smooth as possible, and we have ensured that <strong>no
configuration changes are necessary</strong>.</p>
<p>If you previously used Prosody’s earlier experimental support for roles in
0.12.x (very unlikely) and assigned roles to users, there is a data migration
command to run: <code>prosodyctl mod_authz_internal migrate</code>. This feature in 0.12
was undocumented and therefore unused by most deployments.</p>
<p>There are, however, some changes for <em>module developers</em> to be aware of. This
may affect some community modules, though we’ve already updated the major ones
ourselves. If you have developed your own custom modules, you may also need
to update those. Details about the API changes are discussed later in this
post. If you encounter any issues, please do report them to the relevant
places.</p>
<h2 id="keeping-it-simple">Keeping it simple</h2>
<p>One of our project’s primary goals has always been to keep things as light and
simple as possible. Access control is an amazingly complex topic once you scratch
the surface, and it’s easy to drown in a sea of roles, permissions and policies.</p>
<p>To keep complexity down, we made some decisions early on about what <em>not</em> to
support, so we could instead focus on a minimalist core API and interface that
can still support a range of use-cases.</p>
<p>For example, while some systems allow a user to have multiple roles assigned,
we decided that any given session should only have <em>one</em> active role at a time.
As well as simplifying code, this decision also makes things easier for a human
to reason about (e.g. you don’t have to wonder what happens if role A forbids
an action and role B permits it, and both are assigned to the same user!).</p>
<p>To keep some flexibility, we do allow multiple “secondary” roles to be
assigned to a user. This list simply provides a list of alternative roles the
user is permitted to use when requested.</p>
<h2 id="viewing-and-managing-roles">Viewing and managing roles</h2>
<p>Currently the best way to view and manage roles is via the admin console. We
have added roles to the default output of <code>c2s:show()</code>, and new commands to
show and modify the primary role of users.</p>
<pre><code>prosody@prosody: ~/ $ prosodyctl shell c2s show
Session ID | JID | Role |
c2s5618e2f92150 | admin@localhost/gajim.M1S9AUK2 | prosody:admin |
c2s5618e38167e0 | test1@localhost/gajim.FQJLBQIN | prosody:user |
OK: 2 c2s sessions shown
</code></pre>
<h2 id="custom-roles-and-permissions">Custom roles and permissions</h2>
<p>A big reason for the new permissions framework is so that server admins can
have more control over permissions. To achieve this, we’ve made it possible to
define custom roles and permission policies directly in the config file.</p>
<p>For example, previously mod_announce would let you send an announcement to all
users on the server only if you were a server admin. But what if you want to
grant this permission to a bot or a script, without giving that bot full admin
access to everything else on the server?</p>
<p>Simple! Create a new role for your announcement bot, let’s call it for example
“announcer”. Then we just need to give it the
“mod_announce:send-announcement” permission. The config looks like this:</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-lua" data-lang="lua">VirtualHost <span style="color:#e6db74">"example.com"</span>
custom_roles <span style="color:#f92672">=</span> {
{
name <span style="color:#f92672">=</span> <span style="color:#e6db74">"announcer"</span>;
inherits <span style="color:#f92672">=</span> { <span style="color:#e6db74">"prosody:user"</span> };
allow <span style="color:#f92672">=</span> {
<span style="color:#e6db74">"mod_announce:send-announcement"</span>
}
}
}</code></pre></div>
<p>This creates a new role that has all the same permissions as a normal user,
but with the extra permission to send announcements. After assigning this role
to your bot’s user account, it will have permission to send announcements but
won’t be able to access any of the other features usually reserved for admins.</p>
<h2 id="changes-for-module-developers">Changes for module developers</h2>
<h3 id="deprecation-of-is-admin-api">Deprecation of is_admin API</h3>
<p>The old permissions API (<code>usermanager.is_admin()</code>) has been deprecated.
Usually we take a more gradual approach to deprecating APIs that are used by
modules, however we have special reasons for removing this one.</p>
<p>The deprecated API accepts only a JID (which can be a local or remote user),
and returns <code>true</code> or <code>false</code> depending on whether they have admin privileges
on the specified host.</p>
<p>The problem is that our new system allows per-session roles. It’s possible for
an admin to connect with a client that they don’t want to have full admin
access to the server. In this case the session would have a more restrictive
role assigned.</p>
<p>However, any modules that continue to use the <code>is_admin()</code> API can only
perform permission checks on the JID, and they cannot make any decisions about
a specific session. This could lead to a bypass of access control.</p>
<p>To ease the transition, we have initially kept <code>is_admin()</code> working. It will
continue to return <code>true</code> if the JID’s default role is <code>prosody:admin</code> or
<code>prosody:operator</code>, though it will emit a warning and traceback in the logs
for easy identification.</p>
<p>In the near future, it will be disabled - that is, it will log an error and
always return <code>false</code> (even if the JID has an admin/operator role).</p>
<p>For admins who want to enforce the new behaviour early, or keep the
current (warning only) behaviour for a bit longer, you can set the global
option <code>strict_deprecate_is_admin</code> to <code>true</code> or <code>false</code> (it currently defaults
to <code>false</code>, and will default to <code>true</code> in a future nightly build at least a
week from the date of this post). This is a temporary solution though:
eventually this option and the compatibility mechanism will be removed.</p>
<h3 id="switching-to-the-new-api">Switching to the new API</h3>
<p>To ensure your module continues to work with Prosody’s development branch and
future Prosody versions, you need to replace all usage of the is_admin() API.
If you don’t use this API, great, there is nothing you need to do!</p>
<p>If you do use is_admin(), you should switch to the new role API. This is not
provided by Prosody 0.12 and earlier, but to keep compatibility with those
versions you can use our new module, <a href="https://modules.prosody.im/mod_compat_roles">mod_compat_roles</a>.
Simply add to the top of your module this line:</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-lua" data-lang="lua">module:depends(<span style="color:#e6db74">"compat_roles"</span>);</code></pre></div>
<p>This will make available the new module API methods (<code>module:may()</code>,
<code>module:default_permission()</code>). Note that it won’t provide many other features
such as the new role management API in usermanager, or the ability for admins
to define custom roles and permissions.</p>
<p>If you have code that looks like:</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-lua" data-lang="lua"><span style="color:#66d9ef">if</span> usermanager.is_admin(sender_jid, module.host) <span style="color:#66d9ef">then</span>
<span style="color:#75715e">-- Perform some action</span>
<span style="color:#66d9ef">end</span></code></pre></div>
<p>Decide on a name for the action that is being performed, and then change it
to something like:</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-lua" data-lang="lua"><span style="color:#66d9ef">if</span> module:may(<span style="color:#e6db74">":my-action"</span>, event) <span style="color:#66d9ef">then</span>
<span style="color:#75715e">-- Perform some action</span>
<span style="color:#66d9ef">end</span></code></pre></div>
<p>By default nobody will have permission to perform your new action, so you
will also want to add near the top of your module a default policy for this
action:</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-lua" data-lang="lua"><span style="color:#75715e">-- Allow admins to perform this action by default</span>
module:default_permission(<span style="color:#e6db74">"prosody:admin"</span>, <span style="color:#e6db74">":my-action"</span>);</code></pre></div>
<p>You can find the full API documentation <a href="https://prosody.im/doc/developers/permissions">here</a>.</p>
<h2 id="coming-next">Coming next</h2>
<p>While this new feature is just a part of the current modern auth project,
we’re very excited about the new possibilities it already brings to Prosody -
improvements that can be used right now.</p>
<p>However, we’re also looking forward to the next stages. With the authorization
layer now in place, acting as the foundations, we’ll be moving on to the
second stage: authentication. This will allow clients to authenticate with the
server using XEP-0388 (Extensible SASL Profile) with support for advanced
features such as multi-factor authentication.</p>
<p>Stay tuned for further updates about this project in the near future!</p>
Modernizing XMPP authentication and authorizationThe Prosody Teamhttps://blog.prosody.im/modern-xmpp-auth/2022-06-20T10:15:00+01002022-06-20T10:15:00+0100We’re excited to announce that we have received funding, from the EU’s NGI Assure via the NLnet Foundation, to work on some important enhancements to Prosody and XMPP. Our work will be focusing on XMPP authentication and authorization, and bringing it up to date with current and emerging best practices.
What kind of changes are we talking about? Well, there are a few aspects we are planning to work on.
<p>We’re excited to announce that we have received funding, from the EU’s
<a href="https://nlnet.nl/assure/">NGI Assure via the NLnet Foundation</a>, to work on
some important enhancements to Prosody and XMPP. Our work will be focusing on
XMPP authentication and authorization, and bringing it up to date with current
and emerging best practices.</p>
<p>What kind of changes are we talking about? Well, there are a few aspects we
are planning to work on. Let’s start with “authentication” - that is, how you
prove to the server that you are who you claim to be. We’ll skim the surface
of some of the technologies used, but this post won’t descend too deep for
most people to follow along.</p>
<h2 id="authentication">Authentication</h2>
<p>Traditionally, authentication is accomplished by providing a password to your
client app. XMPP uses a standard authentication protocol known as the <a href="https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer">“Simple
Authentication and Security Layer”</a>
(SASL), which in turn is a framework of different authentication methods it
calls “mechanisms”. Most XMPP services use the <a href="https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism">SCRAM family of mechanisms</a>.
In fact, it’s mandatory for modern XMPP software to support SCRAM.</p>
<p>These SCRAM mechanisms are quite clever: they allow both the server and the
client to store a hash instead of the password, allow the server to verify the
client knows the password, <em>and</em> allow the client to verify that the server
knows the password (and isn’t just faking success - such as an attacker might
try to do if they managed to compromise the server’s TLS certificate and
wanted to intercept your traffic).</p>
<p>Yet, as far as we have come with password authentication, there are some
real-world problems with passwords that we need to recognize. Passwords have
proven, time and time again, to be a weak point in account security. From
users choosing weak passwords, reusing them across multiple services, or
accidentally exposing them to fake services (phishing attacks), there are
multiple ways that unauthorized parties can gain access to password-based
services.</p>
<h2 id="multi-factor-authentication">Multi-factor authentication</h2>
<p>To try and plug the holes in this leaky boat, many online services have
adopted <em>multi-factor authentication</em> (“MFA”). This extra layer of security
generally requires you to provide proof that you also possess an additional
secret securely generated by the service. This is achieved using hardware
tokens, mobile apps and often simply sending a numeric code via SMS. Using
this extra step ensures accounts can still be protected even if passwords are
guessed or obtained by attackers.</p>
<p>Most XMPP services and software do not currently support multi-factor
authentication. If you’re a security-aware individual, that’s not a major
problem in itself: you can achieve practically equivalent security by using a
strong unique password and only using it to access your XMPP account. But as a
service provider, you <em>know</em> that’s not going to be the case across all your
users. As XMPP continues to gain adoption with non-technical users through new
projects such as <a href="https://snikket.org/">Snikket</a>, we need to provide the
safest environment we can for everyone.</p>
<p>Although we have had some <a href="https://modules.prosody.im/mod_auth_internal_yubikey.html">hacky solutions available</a>
for multi-factor authentication with Prosody for a long time, there has been
no standard approach implemented in clients and servers. The most recent and
promising standard is <a href="https://xmpp.org/extensions/xep-0388.html">XEP-0388: Extensible SASL Profile</a>,
which defines a way for the server to ask the client to perform more steps
(such as prompting the user to provide a second factor) after authentication.</p>
<p>There are no known open-source implementations of XEP-0388 currently, but we
plan to add support for it in Prosody as part of this project. Once this is in
place, clients will be able to start introducing support for it too.</p>
<p>One of the challenges for multi-factor authentication in XMPP is that you
don’t necessarily want to enter an authentication code <em>every</em> time your app
connects to your account. With most people using XMPP on mobile networks these
days, it’s common for your XMPP app to re-authenticate to the server multiple
times per day due to network changes. You don’t really want to miss messages
because the app was waiting for you to enter an auth code!</p>
<p>On websites, you generally provide a password once, when you initially log in.
If successfully verified, the website then stores a cookie in your browser.
This cookie is very similar to a temporary, unique and session-specific
password, which is used to identify you from then on (which is why your
account password isn’t required on every page request).</p>
<p>XMPP doesn’t have anything like cookies, so when a verified device reconnects,
it will just use the password again. The server (if multi-factor is enforced)
will inconveniently require the user to provide a second factor again too.
There are some proposed to solutions, such as the <a href="https://tools.ietf.org/id/draft-cridland-kitten-clientkey-00.html">CLIENT-KEY</a>
SASL mechanism by Dave Cridland. TLS client certificates are also supported in
XMPP, and would provide a solution to this issue too. Usage of CLIENT-KEY in
XMPP is described in <a href="https://xmpp.org/extensions/xep-0399.html">XEP-0399</a>,
and time-based MFA authentication codes (TOTP) in <a href="https://xmpp.org/extensions/xep-0400.html">XEP-0400</a>,
however neither are available in current XMPP clients and servers.</p>
<p>During this project, we plan to expand and implement these XEPs in Prosody, to
make multi-factor authentication practical and user-friendly.</p>
<h2 id="authorization">Authorization</h2>
<p>Once Prosody has securely proven that you are the account owner, that’s often
the end of the story - today. However, with the mechanisms that we just
discussed that allow us to securely identify individual clients, we can start
to do more interesting things. For example, Prosody will be able to show you
exactly what clients are currently authorized on your account. If a device
gets lost or stolen, it becomes possible to selectively revoke that device’s
authorization.</p>
<p>As well as revoking access, we’ll be able to assign different permission
levels for each of your sessions even if the device isn’t compromised. For
example, maybe you want to connect from a client on an untrusted machine - but
you don’t want it to have access to read past messages from your archive.
That’s something we will be able to arrange.</p>
<p>Combining the ability to revoke sessions and the ability to specify
per-session permissions leads us to another new possibility: granting others
limited access to your account.</p>
<p>For example, <a href="https://movim.eu/">Movim</a> is a popular social web XMPP client.
Anyone with an XMPP account can log in to a Movim instance, and use it to
chat, follow news, and discover communities. One problem is that Movim needs
to log in to your account, so it needs your credentials. That’s no so bad if
you are self-hosting Movim, or you are using an instance managed by your XMPP
provider. However, many people don’t have that option, and rely on third-party
hosted Movim instances to sign in.</p>
<p>You might also want to connect other special-purpose clients to your account,
for account backup and migration, bots, or apps that integrate with XMPP for
synchronization and collaboration.</p>
<p>Using our new authorization capabilities, one of our big goals is to allow you
to log in to such third-party apps and utilities without ever sharing your
password with them. And when you are finished, you can easily revoke their
access to your account without needing to reset and change your password
across all your other clients.</p>
<h2 id="flexible-permissions-framework">Flexible permissions framework</h2>
<p>Internally, we’ll support these new authorization possibilities through an
overhaul of Prosody’s permission handling. In 0.12 and earlier, the only
permission check supported in most of Prosody is: “is this user an admin?”. We
are adding support for arbitrary roles, and allowing you to fully customize
the permissions associated with each role. Users and even individual sessions
can be assigned roles.</p>
<p>That means someone who generally has admin access to Prosody may choose not to
grant that level of access to all their clients. Or they might choose to
enable their admin powers only when they need them, spending most of their
time as a normal user.</p>
<p>These changes alone will unlock many new possibilities for operators and
developers. Expect the first pieces of this work to land in Prosody <a href="https://prosody.im/download/start#nightly_builds">trunk
nightly builds</a> very soon,
as it forms the basis of all the rest of the features discussed in this post!</p>
<p>Further updates about this project will be posted on this blog. The project
homepage is over at <a href="https://docs.modernxmpp.org/projects/auth/">modernxmpp.org</a>.</p>
Prosody 0.12.1 releasedThe Prosody Teamhttps://blog.prosody.im/prosody-0.12.1-released/2022-06-09T13:27:11+01002022-06-09T13:27:11+0100We are pleased to announce a new minor release from our stable branch.
While the 0.12.0 release has been a huge success, inevitably people found some aspects that didn’t work quite as intended, or weren’t as polished as they ought to be. With the appreciation for the help from everyone reporting issues to us, we’re happy to now release our best version yet - 0.12.1 is here!
Notably, we made a couple of changes that improve compatibility with Jitsi Meet, we fixed some bugs in our newly-extended XEP-0227 support, invites, and DNS handling.
<p>We are pleased to announce a new minor release from our stable branch.</p>
<p>While the 0.12.0 release has been a huge success, inevitably people found some
aspects that didn’t work quite as intended, or weren’t as polished as they
ought to be. With the appreciation for the help from everyone reporting issues
to us, we’re happy to now release our best version yet - 0.12.1 is here!</p>
<p>Notably, we made a couple of changes that improve compatibility with Jitsi
Meet, we fixed some bugs in our newly-extended XEP-0227 support, invites, and
DNS handling. We also improved compatibility with some less common platforms.</p>
<p>A summary of changes in this release:</p>
<h2 id="fixes-and-improvements">Fixes and improvements</h2>
<ul>
<li>mod_http (and dependent modules): Make CORS opt-in by default (<a href="https://issues.prosody.im/1731">#1731</a>)</li>
<li>mod_http: Reintroduce support for disabling or limiting CORS (<a href="https://issues.prosody.im/1730">#1730</a>)</li>
<li>net.unbound: Disable use of hosts file by default (fixes <a href="https://issues.prosody.im/1737">#1737</a>)</li>
<li>MUC: Allow kicking users with the same affiliation as the kicker (fixes <a href="https://issues.prosody.im/1724">#1724</a> and improves Jitsi Meet compatibility)</li>
<li>mod_tombstones: Add caching to improve performance on busy servers (fixes <a href="https://issues.prosody.im/1728">#1728</a>: mod_tombstone: inefficient I/O with internal storage)</li>
</ul>
<h2 id="minor-changes">Minor changes</h2>
<ul>
<li>prosodyctl check config: Report paths of loaded configuration files (<a href="https://issues.prosody.im/1729">#1729</a>)</li>
<li>prosodyctl about: Report version of lua-readline</li>
<li>prosodyctl: check config: Skip bare JID components in orphan check</li>
<li>prosodyctl: check turn: Fail with error if our own address is supplied for the ping test</li>
<li>prosodyctl: check turn: warn about external port mismatches behind NAT</li>
<li>mod_turn_external: Update status and friendlier handling of missing secret option (<a href="https://issues.prosody.im/1727">#1727</a>)</li>
<li>prosodyctl: Pass server when listing (outdated) plugins (fix <a href="https://issues.prosody.im/1738">#1738</a>: <code>prosodyctl list --outdated</code> does not handle multiple versions of a module)</li>
<li>util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus)</li>
<li>util.prosodyctl: check turn: Report lack of TURN services as a problem <a href="https://issues.prosody.im/1749">#1749</a></li>
<li>util.random: Ensure that native random number generator works before using it, falling back to /dev/urandom (<a href="https://issues.prosody.im/1734">#1734</a>)</li>
<li>mod_storage_xep0227: Fix mapping of nodes without explicit configuration</li>
<li>mod_admin_shell: Fix error in ‘module:info()’ when statistics is not enabled (<a href="https://issues.prosody.im/1754">#1754</a>)</li>
<li>mod_admin_socket: Compat for luasocket prior to unix datagram support</li>
<li>mod_admin_socket: Improve error reporting when socket can’t be created (<a href="https://issues.prosody.im/1719">#1719</a>)</li>
<li>mod_cron: Record last time a task runs to ensure correct intervals (<a href="https://issues.prosody.im/1751">#1751</a>)</li>
<li>core.moduleapi, core.modulemanager: Fix internal flag affecting logging in in some global modules, like mod_http (<a href="https://issues.prosody.im/1736">#1736</a>, <a href="https://issues.prosody.im/1748">#1748</a>)</li>
<li>core.certmanager: Expand debug messages about cert lookups in index</li>
<li>configmanager: Clearer errors when providing unexpected values after VirtualHost (<a href="https://issues.prosody.im/1735">#1735</a>)</li>
<li>mod_storage_xep0227: Support basic listing of PEP nodes in absence of pubsub#admin data</li>
<li>mod_storage_xep0227: Handle missing {pubsub#owner}pubsub element (fixes <a href="https://issues.prosody.im/1740">#1740</a>: mod_storage_xep0227 tracebacks reading non-existent PEP store)</li>
<li>mod_storage_xep0227: Fix conversion of SCRAM into internal format (<a href="https://issues.prosody.im/1741">#1741</a>)</li>
<li>mod_external_services: Move error message to correct place (fix <a href="https://issues.prosody.im/1725">#1725</a>: mod_external_services: Misplaced textual error message)</li>
<li>mod_smacks: Fix handling of unhandled stanzas on disconnect (<a href="https://issues.prosody.im/1759">#1759</a>)</li>
<li>mod_smacks: Fix counting of handled stanzas</li>
<li>mod_smacks: Fix bounce of stanzas directed to full JID on unclean disconnect</li>
<li>mod_pubsub: Don’t attempt to use server actor as publisher (<a href="https://issues.prosody.im/1723">#1723</a>)</li>
<li>mod_s2s: Improve robustness of outgoing s2s certificate verification</li>
<li>mod_invites_adhoc: Fall back to generic allow_user_invites for role-less users</li>
<li>mod_invites_register: Push invitee contact entry to inviter</li>
<li>util.startup: Show error for unrecognized command-line arguments passed to ‘prosody’ (<a href="https://issues.prosody.im/1722">#1722</a>)</li>
<li>util.jsonpointer: Add tests, compat improvements and minor fixes</li>
<li>util.jsonschema: Lua version compat improvements</li>
</ul>
<h1 id="download">Download</h1>
<p>As usual, download instructions for many platforms can be found on our <a href="https://prosody.im/download">download page</a></p>
<p>If you have any questions, comments or other issues with this release, <a href="https://prosody.im/discuss">let us know!</a></p>
Prosody 0.12.0 releasedThe Prosody Teamhttps://blog.prosody.im/prosody-0.12.0-released/2022-03-14T14:00:00+00002022-03-14T14:00:00+0000<p><em>ÄNTLIGEN!</em> It’s finally here! After 3 years of development and through some chaotic times, Prosody 0.12.0 is released!</p>
<p>What’s the significance of this release? Like many software projects, Prosody follows a “branch” development/release model. We frequently make minor releases with bug fixes and improvements from our stable branch, while we implement more adventurous changes in our development branch, ready for the next major release.</p>
<p>Well, this is one of those adventurous major releases! Specifically, the first release in the 0.12 series, which will now be our new stable branch.</p>
<p>We can’t wait to share the many exciting features and changes with everyone. With over 2400 commits, this release couldn’t have been achieved without all the help from our many contributors, testers and other community members - you know who you are!</p><p><em>ÄNTLIGEN!</em> It’s finally here! After 3 years of development and through some chaotic times, Prosody 0.12.0 is released!</p>
<p>What’s the significance of this release? Like many software projects, Prosody follows a “branch” development/release model. We frequently make minor releases with bug fixes and improvements from our stable branch, while we implement more adventurous changes in our development branch, ready for the next major release.</p>
<p>Well, this is one of those adventurous major releases! Specifically, the first release in the 0.12 series, which will now be our new stable branch.</p>
<p>We can’t wait to share the many exciting features and changes with everyone. With over 2400 commits, this release couldn’t have been achieved without all the help from our many contributors, testers and other community members - you know who you are!</p>
<hr />
<p>Before continuing with the release announcement, we want to acknowledge
that some people are facing bigger problems right now. We deeply believe that
communication is a superior path to resolving disputes than armed conflict,
we are saddened by <a href="https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine">recent developments in Europe</a>
and unreservedly condemn such violence.</p>
<p>We hope that, by building decentralized open communication tools without
barriers, we can use our particular skills to contribute positive change in the
world in what way we best can. We encourage all our community, including
you, to reflect on what you can do, or keep doing, to contribute positive
change - no matter how small it seems.</p>
<hr />
<h2 id="xmpp-compliance">XMPP Compliance</h2>
<p>It makes sense to start off by looking at how the new release progresses Prosody with regards to compliance and interoperability.</p>
<p>Every year, the XMPP Standards Foundation publishes updated <a href="https://xmpp.org/about/compliance-suites/">Compliance Suites</a>, which provide the evolving guidance about what features and XEPs modern XMPP software should be implementing.</p>
<p>We’re glad to report that Prosody 0.12 meets the criteria for “Advanced Server”, “Advanced IM”, “Advanced Web”, “Core Mobile” and”Advanced A/V” according to the latest (2022) XMPP Compliance Suites (<a href="https://xmpp.org/extensions/xep-0459.html">XEP-0459</a>).</p>
<p>What does this mean for you? It means that when you install Prosody, you can be sure of the latest XMPP features and great compatibility with the latest XMPP software.</p>
<p>If you are upgrading from a previous release, do see the <a href="https://prosody.im/doc/release/0.12.0">release notes</a> which contain some advice about ensuring your server and configuration is up-to-date with all the new changes.</p>
<h2 id="mobile-and-connectivity-optimizations">Mobile and connectivity optimizations</h2>
<p>In 0.11 we introduced support for mobile connection optimizations that help preserve bandwidth and battery power of mobile devices, using the CSI protocol framework.</p>
<p>In this new release, we are finally adding official support for another piece of this puzzle - fast reconnects using XEP-0198. This functionality has long been available in the community modules repository, in mod_smacks. Originally written by Matthew Wild, with substantial improvements in recent years from <a href="https://zash.se/">Kim Alvefur</a> and, more recently, <a href="https://en.liberapay.com/tmolitor/">Thilo Molitor</a>, the module has a long history.</p>
<p>With the module finally transitioning into Prosody, we have streamlined the module’s code (as we no longer need compatibility with multiple Prosody versions) and improved efficiency - especially regarding memory usage.</p>
<h2 id="http-file-sharing">HTTP file sharing</h2>
<p>If you remember a time on XMPP before the HTTP upload file transfer method came along - you know what an improvement it has been. The first file transfer methods in XMPP (and indeed most other IM protocols at the time) would always attempt to stream the file directly from sender to their contact. As well as being extremely prone to failure due to NATs/firewalls and other network issues, it also made it impossible to send files to people who were offline, or to groups.</p>
<p>A new mechanism was standardized in <a href="https://xmpp.org/extensions/xep-0363.html">XEP-0363</a> that solves all these issues by building upon an existing standard protocol that is already great at transferring files - HTTP! With this new method, the sender uploads the file to a server, and simply sends the URL to their contact(s).</p>
<p>To allow easy deployment, Prosody now includes <a href="https://prosody.im/doc/modules/mod_http_file_share">mod_http_file_share</a>. It allows authenticated users to upload files to the server, so they can share them with their contacts.</p>
<p>This new module is quite comprehensive. Some features include:</p>
<ul>
<li>Configurable file size limit</li>
<li>Optional per-user daily upload quota, to ensure fair use of resources</li>
<li>Global quota, to prevent excessive disk space consumption on the server by uploaded files.</li>
<li>Support for an external upload server</li>
<li>Configurable expiry to clean up old uploads</li>
<li>Monitoring of disk usage</li>
</ul>
<p>As well as the features listed above, mod_http_file_share also takes advantage of internal HTTP server improvements in Prosody 0.12 that allow it to efficiently handle large files. Say goodbye to that 10 MB limit!</p>
<h3 id="upgrading-from-other-http-upload-modules">Upgrading from other HTTP upload modules</h3>
<p>Many Prosody deployments already support HTTP file transfer using community modules such as <a href="https://modules.prosody.im/mod_http_upload.html">mod_http_upload</a> and <a href="https://modules.prosody.im/mod_http_upload_external.html">mod_http_upload_external</a>. These will continue to work but, especially if you are using mod_http_upload, we encourage you to upgrade to enjoy the new improvements.</p>
<p>To migrate existing files from an existing mod_http_upload setup, check out the handy <a href="https://modules.prosody.im/mod_migrate_http_upload.html">mod_migrate_http_upload</a>.</p>
<h2 id="audio-video-calling-support">Audio/video calling support</h2>
<p>Audio and video calls on XMPP have really taken off in the past few years! Although we’ve had support for calling in XMPP for a long time, modern clients are building atop the <a href="https://webrtc.org/">WebRTC stack</a> for more efficient, reliable and secure encrypted calls (contrary to what you may think, WebRTC can be used outside browsers too). A few of the clients supporting these include <a href="https://conversations.im/">Conversations</a>, <a href="https://dino.im/">Dino</a>, <a href="https://movim.eu/">Movim</a>, <a href="https://beagle.im/">Beagle IM</a> and <a href="https://siskin.im/">Siskin IM</a>.</p>
<p>Prosody itself is not especially involved in the actual calls - it mainly relays the call negotiation between the clients, and assists in the discovery of STUN and TURN services that are used to improve call reliability through NATs and firewalls.</p>
<p>To facilitate this last part, a server operator needs to do two things:</p>
<ol>
<li>Set up a STUN and TURN server (usually provided by the same software - <a href="https://eturnal.net/">eturnal</a> and <a href="https://github.com/coturn/coturn">coturn</a> are popular choices)</li>
<li>Configure Prosody to advertise these services to your users’ clients.</li>
</ol>
<p>The second step has traditionally been achieved using a community module, <a href="https://modules.prosody.im/mod_turncredentials.html">mod_turncredentials</a>. From Prosody 0.12 we now bundle a simpler (but just as effective) module, <a href="https://prosody.im/doc/modules/mod_turn_external">mod_turn_external</a>.</p>
<p>We have even implemented a simple STUN/TURN client into prosodyctl so it can verify that your setup is working correctly.</p>
<p>To get started, see our full overview of <a href="https://prosody.im/doc/turn">setting up STUN/TURN with Prosody</a>.</p>
<h2 id="monitoring-with-openmetrics-prometheus">Monitoring with OpenMetrics/Prometheus</h2>
<p>We’ve supported various options for monitoring Prosody for quite a while in various forms, including internal statistics gathering and output to statsd-compatible collectors and agents.</p>
<p>Although statsd has served us well, and is still a good choice for certain environments, Prometheus has emerged as a very popular alternative. So much so, Prometheus’s protocol has been reworked as an open standard - <a href="https://openmetrics.io/">OpenMetrics</a>, with ongoing work to publish it as an IETF RFC.</p>
<p>Starting from Prosody 0.12, anything using our internal metrics API can now be exposed in a Prometheus-compatible OpenMetrics HTTP endpoint.</p>
<p>To see how, head over to the <a href="https://prosody.im/doc/modules/mod_http_openmetrics">mod_http_openmetrics documentation</a>.</p>
<p>Many thanks to <a href="https://sotecware.net/">Jonas</a> for leading and implementing this feature, and providing this screenshot of it in use at <a href="https://search.jabber.network/">search.jabber.network</a>.</p>
<figure class="figure">
<img src="/files/grafana-screenshot.png"
alt="Grafana dashboard showing graphs of metrics obtained via Prometheus"/>
</figure>
<h2 id="invitations">Invitations!</h2>
<p>It’s no secret that we’re big fans of invitation-based registration. As explained in our blog post, <a href="//blog.prosody.im/great-invitations/">Great Invitations</a>, we believe it is the safest and most user-friendly way to let people register on your XMPP server.</p>
<p>This release brings core support for invitations into Prosody.</p>
<p>Specifically, the following modules are now bundled with Prosody:</p>
<ul>
<li><a href="https://prosody.im/doc/modules/mod_invites">mod_invites</a> provides core invitation handling, including the ability to create new invitations via prosodyctl</li>
<li><a href="https://prosody.im/doc/modules/mod_invites_register">mod_invites_register</a> allows people to register on your server by invitation, from XMPP clients that support <a href="https://xmpp.org/extensions/xep-0445.html">XEP-0445</a> (which includes Conversations, yaxim, Siskin and Snikket).</li>
<li><a href="https://prosody.im/doc/modules/mod_invites_adhoc">mod_invites_adhoc</a> allows admins (and optionally users) to generate invitations from within their XMPP client. With native support in Conversations, yaxim and Snikket, you can also manually use ad-hoc command support in supporting clients such as Gajim.</li>
</ul>
<p>For the full experience, consider also setting up the following community modules:</p>
<ul>
<li><a href="https://modules.prosody.im/mod_invites_page.html">mod_invites_page</a> to turn your invitations into a welcoming, user-friendly web page</li>
<li><a href="https://modules.prosody.im/mod_invites_register_web.html">mod_invites_register_web</a> to allow someone to register without leaving their browser</li>
<li><a href="https://modules.prosody.im/mod_invites_api.html">mod_invites_api</a> provides a HTTP API that allows you to integrate the invitation mechanism with anything you want!</li>
</ul>
<p>The best place to get started with invitations is the <a href="https://prosody.im/doc/modules/mod_invites">mod_invites documentation</a>.</p>
<h2 id="direct-tls">Direct TLS</h2>
<p>Direct TLS (<a href="https://xmpp.org/extensions/xep-0368.html">XEP-0368</a>) is now officially supported, along with SNI to allow more than one certificate per port, as well as reloading those certificates without a restart. The <code>legacy_ssl_ports</code> configuration option has thus been renamed to
<code>c2s_direct_tls_ports</code>. The <code>prosodyctl check dns</code> command can also help you make sure the corresponding <a href="https://xmpp.org/extensions/xep-0368.html">SRV records</a> are <a href="//prosody.im/doc/dns">set up correctly</a>.</p>
<p>Server-to-server connections also support Direct TLS, enabled with
<code>s2s_direct_tls_ports</code> and is automatically used with remote servers
that have published the corresponding DNS record.</p>
<p>What are the benefits of direct TLS over the more traditional “STARTTLS” connections?</p>
<ul>
<li>Faster connection time (fewer network round-trips)</li>
<li>Compatibility with TLS middleware such as load balancers and proxies</li>
<li>Simpler implementation for clients.</li>
<li>Improved traversal of restrictive firewalls, e.g. by running XMPP over port 443, the port usually used for HTTPS (typically not blocked).</li>
</ul>
<p>If you’re curious how to support XMPP connections over port 443 alongside a web server, check out the <a href="https://wiki.xmpp.org/web/Tech_pages/XEP-0368">XEP-0368 tech page</a> on the XMPP wiki.</p>
<h2 id="other-new-modules">Other new modules</h2>
<p>A number of other new modules have been added in this release that are worth mentioning.</p>
<h3 id="mod-s2s-bidi"><a href="https://prosody.im/doc/modules/mod_s2s_bidi">mod_s2s_bidi</a></h3>
<p>Enables using a <a href="https://xmpp.org/extensions/xep-0288.html">single connection</a> instead of two between servers, reducing resource usage and latency.</p>
<h3 id="mod-auth-ldap"><a href="https://prosody.im/doc/modules/mod_auth_ldap">mod_auth_ldap</a></h3>
<p>Previously a community module, we have imported this into Prosody for out-of-the-box LDAP support. This replaces our Cyrus SASL support, which has been moved into the community modules repository.</p>
<h3 id="mod-cron"><a href="https://prosody.im/doc/modules/mod_cron">mod_cron</a></h3>
<p>More and more modules have periodic tasks, e.g. to expire old messages or files, this module aims to coordinate them.</p>
<h3 id="mod-mimicking"><a href="https://prosody.im/doc/modules/mod_mimicking">mod_mimicking</a></h3>
<p>This module prevents registration of addresses that look very <a href="http://www.unicode.org/reports/tr39/">similar</a> to previously registered addresses, e.g. “zash” vs “zаsh” (that’s Cyrillic a, <code>U+0430</code>).</p>
<p>This is useful for public servers, and helps protect against impersonation attempts that utilize <a href="https://en.wikipedia.org/wiki/Homoglyph#Unicode_homoglyphs">Unicode homoglyphs</a>.</p>
<h3 id="mod-tombstones"><a href="https://prosody.im/doc/modules/mod_tombstones">mod_tombstones</a></h3>
<p>Another recommending module for public servers, this one prevents re-registration of deleted accounts. It ensures that a deleted account cannot be re-registered by someone else in order to gain access to resources the account had access to - e.g. chat rooms where the account is still listed as a member.</p>
<h3 id="mod-bookmarks"><a href="https://prosody.im/doc/modules/mod_bookmarks">mod_bookmarks</a></h3>
<p>XMPP has evolved through a few ways to store “bookmarks” (essentially the list of group chats that a user is joined to).</p>
<p>With clients supporting different mechanisms, and attempting to keep them in sync, this module supports the latest recommendations and provides compatibility layers between three different ways to store group chat bookmarks, ensuring open group chats are always synchronized between users’ devices, whatever client they are using.</p>
<p>We encourage client developers to upgrade to <a href="https://xmpp.org/extensions/xep-0402.html">XEP-0402: PEP Native Bookmarks</a> for the best experience. Eventually the older mechanisms will be retired as they are no longer needed.</p>
<h2 id="plugin-installer">Plugin Installer</h2>
<p>Our extensive range of <a href="https://modules.prosody.im/">community modules</a>, ranging from the silly <a href="https://modules.prosody.im/mod_swedishchef.html">mod_swedishchef</a> to the amazingly powerful <a href="https://modules.prosody.im/mod_firewall.html">mod_firewall</a>, are almost a defining feature of Prosody.</p>
<p>Thankfully it’s now easier than ever to install community modules thanks to the work of João Duarte, a student who participated in Google Summer of Code and implemented a plugin installer for Prosody. It uses LuaRocks, which needs to be installed on your system.</p>
<p>For example, maybe you want to add a nice web client to your XMPP server? There’s a module for that. Simply install <a href="https://modules.prosody.im/mod_conversejs.html">mod_conversejs</a> by running <code>prosodyctl install mod_conversejs</code> and then enable it!</p>
<p>More documentation about this new feature can be found in the <a href="https://prosody.im/doc/plugin_installer">plugin installer documentation</a>.</p>
<h2 id="built-in-http-server-improvements">Built-in HTTP server improvements</h2>
<p>As we mentioned earlier, Prosody’s built-in HTTP server can now efficiently handle large uploads - writing files directly to disk instead of consuming more and more memory until completion.</p>
<p>Other things have also been improved. You should never have to worry about <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS">CORS</a> again! CORS is a security feature of the modern web. However, most HTTP services in Prosody already have some sort of authentication and generally don’t benefit from CORS, which mostly just causes problems for people setting up XMPP web clients. From 0.12 they will work by default (via BOSH and/or websockets).</p>
<p>The built-in HTTP server also has better support for reverse proxies, and will understand it when HTTPS is handled by the proxy.</p>
<h2 id="evolving-the-prosody-admin-shell">Evolving the Prosody admin shell</h2>
<p>Prosody has had <em>The Telnet Console</em> for a long time. This is an incredibly powerful administrative interface. However, it is also far from perfect. One of the biggest issues is the lack of authentication. Although Prosody ensures it is only accessible to localhost by default, that does not make it safe on any system with untrusted users.</p>
<p>To improve this, the console itself can now be accessed via a UNIX socket, which is secured using file system permissions. This admin socket functionality is internally quite powerful - it’s actually running a pseudo-XMPP stream, over which multiple kinds of data can flow. Expect to see some fun stuff building on top of this in the future!</p>
<p>Get started with <code>sudo prosodyctl shell</code>!</p>
<p><strong>Tip:</strong> You can also now run simple commands directly from the command-line, useful for scripting. E.g. rather than connecting to run <code>'module:list()</code>, you can now simply run: <code>prosodyctl shell module list</code>.</p>
<h2 id="future-support-for-0-11">Future support for 0.11</h2>
<p>If you are currently running 0.11.x and not in a hurry to upgrade, you may be wondering what to expect now that 0.12 is here.</p>
<p>Our traditional policy is to support release branches that are included in Debian, for as long as that version of Debian is supported by Debian’s security team (note: this does not include the extended “Debian LTS” period, which is a sponsored effort by a separate team). We will continue with this policy for 0.12.</p>
<p>The latest version of <a href="https://www.debian.org/News/2021/20210814">Debian, 11 (“bullseye”)</a>, supplies Prosody 0.11. Although the pace of 0.11 releases will undoubtedly slow down now, you can expect us to continue with security and important bug fixes for a couple of years. That should give everyone plenty of time to evaluate 0.12 and plan their upgrade (right?!).</p>
<h1 id="next-steps">Next steps</h1>
<p>Hopefully we’ve shown you enough of 0.12 to get you interested! Head to the <a href="https://prosody.im/download/">Prosody downloads page</a> to find out how to get the new release or upgrade an existing installation.</p>
<p>If you are upgrading an existing installation, you’ll find relevant advice (along with a more complete list of changes in this release) in our <a href="https://prosody.im/doc/release/0.12.0">release notes</a> as usual.</p>
<p>Happy chatting!</p>Prosody 0.11.13 releasedThe Prosody Teamhttps://blog.prosody.im/prosody-0.11.13-released/2022-01-24T15:55:48+00002022-01-24T15:55:48+0000We are pleased to announce a new minor release from our stable branch.
This is a(nother!) release for our stable branch to fix a memory leak caused by the security fix. Deployments using websockets, SQL storage and possibly other configurations may have noticed increasing memory usage after upgrading to 0.11.12. This is resolved by this new release.
A summary of changes in this release:
Minor changes util.xml: Break reference to help the GC (fixes #1711) util.
<p>We are pleased to announce a new minor release from our stable branch.</p>
<p>This is a(nother!) release for our stable branch to fix a memory leak caused
by the security fix. Deployments using websockets, SQL storage and possibly
other configurations may have noticed increasing memory usage after upgrading
to 0.11.12. This is resolved by this new release.</p>
<p>A summary of changes in this release:</p>
<h2 id="minor-changes">Minor changes</h2>
<ul>
<li>util.xml: Break reference to help the GC (fixes <a href="https://issues.prosody.im/1711">#1711</a>)</li>
<li>util.xml: Deduplicate handlers for restricted XML</li>
</ul>
<h1 id="download">Download</h1>
<p>As usual, download instructions for many platforms can be found on our <a href="https://prosody.im/download">download page</a></p>
<p>If you have any questions, comments or other issues with this release, <a href="https://prosody.im/discuss">let us know!</a></p>
Prosody 0.11.12 releasedThe Prosody Teamhttps://blog.prosody.im/prosody-0.11.12-released/2022-01-13T14:07:31+00002022-01-13T14:07:31+0000We are pleased to announce a new minor release from our stable branch.
This is a security release that addresses a denial-of-service vulnerability in Prosody’s mod_websocket. For more information, refer to the 20220113 advisory.
A summary of changes in this release:
Security util.xml: Do not allow doctypes, comments or processing instructions Download As usual, download instructions for many platforms can be found on our download page
If you have any questions, comments or other issues with this release, let us know!
<p>We are pleased to announce a new minor release from our stable branch.</p>
<p>This is a security release that addresses a denial-of-service vulnerability in
Prosody’s mod_websocket. For more information, refer to the
<a href="https://prosody.im/security/advisory_20220113/">20220113 advisory</a>.</p>
<p>A summary of changes in this release:</p>
<h2 id="security">Security</h2>
<ul>
<li>util.xml: Do not allow doctypes, comments or processing instructions</li>
</ul>
<h1 id="download">Download</h1>
<p>As usual, download instructions for many platforms can be found on our <a href="https://prosody.im/download">download page</a></p>
<p>If you have any questions, comments or other issues with this release, <a href="https://prosody.im/discuss">let us know!</a></p>
Prosody 0.11.11 releasedThe Prosody Teamhttps://blog.prosody.im/prosody-0.11.11-released/2021-12-20T22:57:22+01002021-12-20T22:57:22+0100We are pleased to announce a new minor release from our stable branch.
This release contains some fixes to PEP to control memory usage, along with a small batch of fixes for issues discovered since the last release.
This will likely be the last release of the 0.11 branch.
A summary of changes in this release:
Fixes and improvements net.server_epoll: Prioritize network events over timers to improve performance under heavy load mod_pep: Add some memory usage limits mod_pep: Prevent creation of services for non-existent users mod_pep: Free resources on user deletion (needed a restart previously) Minor changes mod_pep: Free resources on reload mod_c2s: Indicate stream secure state in error text when no stream features to offer MUC: Fix logic for access to affiliation lists net.
<p>We are pleased to announce a new minor release from our stable branch.</p>
<p>This release contains some fixes to PEP to control memory usage, along
with a small batch of fixes for issues discovered since the last
release.</p>
<p>This will likely be the last release of the 0.11 branch.</p>
<p>A summary of changes in this release:</p>
<h2 id="fixes-and-improvements">Fixes and improvements</h2>
<ul>
<li>net.server_epoll: Prioritize network events over timers to improve performance under heavy load</li>
<li>mod_pep: Add some memory usage limits</li>
<li>mod_pep: Prevent creation of services for non-existent users</li>
<li>mod_pep: Free resources on user deletion (needed a restart previously)</li>
</ul>
<h2 id="minor-changes">Minor changes</h2>
<ul>
<li>mod_pep: Free resources on reload</li>
<li>mod_c2s: Indicate stream secure state in error text when no stream features to offer</li>
<li>MUC: Fix logic for access to affiliation lists</li>
<li>net.server_epoll: Improvements to shutdown procedure <a href="https://issues.prosody.im/1670">#1670</a></li>
<li>net.server_epoll: Fix potential issue with rescheduling of timers</li>
<li>prosodyctl: Fix to ensure LuaFileSystem is loaded when needed</li>
<li>util.startup: Fix handling of unknown command line flags (e.g. <code>-h</code>)</li>
<li>Fix version number reported as ‘unknown’ on *BSD</li>
</ul>
<h1 id="download">Download</h1>
<p>As usual, download instructions for many platforms can be found on our <a href="https://prosody.im/download">download page</a></p>
<p>If you have any questions, comments or other issues with this release, <a href="https://prosody.im/discuss">let us know!</a></p>
Prosody 0.11.10 releasedThe Prosody Teamhttps://blog.prosody.im/prosody-0.11.10-released/2021-08-03T12:13:24+02002021-08-03T12:13:24+0200We are pleased to announce a new minor release from our stable branch.
This release primarily fixes CVE-2021-37601, a remote information disclosure vulnerability. See the previously released advisory for details. We recommend that all deployments upgrade if they have not yet applied the mitigation described in the advisory.
A handful fixes for issues discovered since 0.11.9 are also included.
A summary of changes in this release:
Security MUC: Fix logic for access to affiliation lists CVE-2021-37601 https://prosody.
<p>We are pleased to announce a new minor release from our stable branch.</p>
<p>This release primarily fixes CVE-2021-37601, a remote information
disclosure vulnerability. See the previously released
<a href="https://prosody.im/security/advisory_20210722/">advisory</a> for details.
We recommend that all deployments upgrade if they have not yet applied
the mitigation described in the advisory.</p>
<p>A handful fixes for issues discovered since 0.11.9 are also included.</p>
<p>A summary of changes in this release:</p>
<h2 id="security">Security</h2>
<ul>
<li>MUC: Fix logic for access to affiliation lists CVE-2021-37601 <a href="https://prosody.im/security/advisory_20210722/">https://prosody.im/security/advisory_20210722/</a></li>
</ul>
<h2 id="minor-changes">Minor changes</h2>
<ul>
<li>prosodyctl: Add ‘limits’ to known globals to warn about misplacing it</li>
<li>util.ip: Fix netmask for link-local address range</li>
<li>mod_pep: Remove obsolete node restoration code</li>
<li>util.pubsub: Fix traceback if node data not initialized</li>
</ul>
<h1 id="download">Download</h1>
<p>As usual, download instructions for many platforms can be found on our <a href="https://prosody.im/download">download page</a></p>
<p>If you have any questions, comments or other issues with this release, <a href="https://prosody.im/discuss">let us know!</a></p>
Prosody 0.11.9 releasedThe Prosody Teamhttps://blog.prosody.im/prosody-0.11.9-released/2021-05-12T19:32:32+01002021-05-12T19:32:32+0100We are pleased to announce a new minor release from our stable branch.
This release addresses a number of important security issues that affect most deployments of Prosody. Full details are available in a separate security advisory. We recommend that all deployments upgrade or apply the mitigations described in the advisory.
Note: We have updated the default config file. Your package manager may warn you about this, and ask if you want to use the new file or keep your existing one.
<p>We are pleased to announce a new minor release from our stable branch.</p>
<p>This release addresses a number of important security issues that affect most
deployments of Prosody. Full details are available in a separate <a href="https://prosody.im/security/advisory_20210512/">security
advisory</a>. We recommend that
all deployments upgrade or apply the mitigations described in the advisory.</p>
<p><strong>Note:</strong> We have updated the default config file. Your package manager may
warn you about this, and ask if you want to use the new file or keep your
existing one. You should usually keep your existing one, but make sure you
update it to enable mod_limits after the upgrade.</p>
<p>A summary of changes in this release:</p>
<h2 id="security">Security</h2>
<ul>
<li>mod_limits, prosody.cfg.lua: Enable rate limits by default</li>
<li>certmanager: Disable renegotiation by default</li>
<li>mod_proxy65: Restrict access to local c2s connections by default</li>
<li>util.startup: Set more aggressive defaults for GC</li>
<li>mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits</li>
<li>mod_auth<em>internal</em>{plain,hashed}: Use constant-time string comparison for secrets</li>
<li>mod_dialback: Remove dialback-without-dialback feature</li>
<li>mod_dialback: Use constant-time comparison with hmac</li>
</ul>
<h2 id="minor-changes">Minor changes</h2>
<ul>
<li>util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)</li>
<li>mod_c2s: Don’t throw errors in async code when connections are gone</li>
<li>mod_c2s: Fix traceback in session close when conn is nil</li>
<li>core.certmanager: Improve detection of LuaSec/OpenSSL capabilities</li>
<li>mod_saslauth: Use a defined SASL error</li>
<li>MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#info</li>
<li>mod_saslauth: Don’t throw errors in async code when connections are gone</li>
<li>mod_pep: Advertise base pubsub feature (fixes <a href="https://issues.prosody.im/1632">#1632</a>: mod_pep missing pubsub feature in disco)</li>
<li>prosodyctl check config: Add ‘gc’ to list of global options</li>
<li>prosodyctl about: Report libexpat version if known</li>
<li>util.xmppstream: Add API to dynamically configure the stanza size limit for a stream</li>
<li>util.set: Add is_set() to test if an object is a set</li>
<li>mod_http: Skip IP resolution in non-proxied case</li>
<li>mod_c2s: Log about missing conn on async state changes</li>
<li>util.xmppstream: Reduce internal default xmppstream limit to 1MB</li>
</ul>
<h1 id="download">Download</h1>
<p>As usual, download instructions for many platforms can be found on our <a href="https://prosody.im/download">download page</a></p>
<p>If you have any questions, comments or other issues with this release, <a href="https://prosody.im/discuss">let us know!</a></p>