Prosody 0.11.13 released
We are pleased to announce a new minor release from our stable branch. This is a(nother!) release for our stable branch to fix a memory leak caused by the security fix. Deployments using websockets, SQL storage and possibly other configurations may have noticed increasing memory usage after upgrading to 0.11.12. This is resolved by this new release. A summary of changes in this release: Minor changes util.xml: Break reference to help the GC (fixes #1711) util.
Read more →Prosody 0.11.12 released
We are pleased to announce a new minor release from our stable branch. This is a security release that addresses a denial-of-service vulnerability in Prosody’s mod_websocket. For more information, refer to the 20220113 advisory. A summary of changes in this release: Security util.xml: Do not allow doctypes, comments or processing instructions Download As usual, download instructions for many platforms can be found on our download page If you have any questions, comments or other issues with this release, let us know!
Read more →Prosody 0.11.11 released
We are pleased to announce a new minor release from our stable branch. This release contains some fixes to PEP to control memory usage, along with a small batch of fixes for issues discovered since the last release. This will likely be the last release of the 0.11 branch. A summary of changes in this release: Fixes and improvements net.server_epoll: Prioritize network events over timers to improve performance under heavy load mod_pep: Add some memory usage limits mod_pep: Prevent creation of services for non-existent users mod_pep: Free resources on user deletion (needed a restart previously) Minor changes mod_pep: Free resources on reload mod_c2s: Indicate stream secure state in error text when no stream features to offer MUC: Fix logic for access to affiliation lists net.
Read more →Prosody 0.11.10 released
We are pleased to announce a new minor release from our stable branch. This release primarily fixes CVE-2021-37601, a remote information disclosure vulnerability. See the previously released advisory for details. We recommend that all deployments upgrade if they have not yet applied the mitigation described in the advisory. A handful fixes for issues discovered since 0.11.9 are also included. A summary of changes in this release: Security MUC: Fix logic for access to affiliation lists CVE-2021-37601 https://prosody.
Read more →Prosody 0.11.9 released
We are pleased to announce a new minor release from our stable branch. This release addresses a number of important security issues that affect most deployments of Prosody. Full details are available in a separate security advisory. We recommend that all deployments upgrade or apply the mitigations described in the advisory. Note: We have updated the default config file. Your package manager may warn you about this, and ask if you want to use the new file or keep your existing one.
Read more →Prosody 0.11.8 released
We are pleased to announce a new minor release from our stable branch. A new release appears! This time it includes bug fixes and performance improvements! Thanks to the Jitsi folks for helping us improve websocket performance in this and the previous release. This release also fixes a security issue, where channel binding, which connects the authentication layer (i.e. SASL) with the security layer (i.e. TLS) to detect man-in-the-middle attacks, could be used on connections encrypted with TLS 1.
Read more →How Prosody developers spent 2020
Nobody here knew quite what a year 2020 was going to be! However despite pandemics and lockdowns, we have continued to work on Prosody. This post is a summary of how the project is doing, and what we’ve been up to in the past year. One quick note before we begin… Prosody is an independent open-source project and exists only because the developers have been fortunate enough to be in a position to work on it.
Read more →XMPP at the IETF
We recently helped deploy a new XMPP service for the IETF. But before we go any further, some of you are probably asking - “what is the IETF?!” If you’ve been around the XMPP community for a while, or if you’ve been at all involved in internet development discussions, you’ll already have an idea of what the IETF is. But that leaves many people don’t know, so here goes…
Read more →Prosody 0.11.7 released
We are pleased to announce a new minor release from our stable branch. This is a security release for the 0.11.x stable branch. It is strongly recommended that all users upgrade to this release, especially those whose deployments have enabled mod_websocket. As well as upgrading, we recommend all public deployments to review and configure the c2s_stanza_size_limit and s2s_stanza_size_limit options to values they are comfortable with. The value is specified in bytes, and the XMPP specification requires values to be at least 10000 bytes, however it also recommends against just setting the limit to 10000 bytes.
Read more →Simple Anti-Spam Tips
You can take it as a sign of success of a network when it becomes worthwhile for spammers to set up camp. If you’re an active user of XMPP, there is a chance you’ve been unfortunate enough to receive spam in recent weeks. Spam has always been an occasional issue on the network, as with any network, website or internet service. However a few years ago spammers really started to take things more seriously on XMPP.
Read more →About
Prosody is a lightweight and flexible XMPP server designed with ease-of-use and extensibility in mind.