Prosody 0.8.1 released

This is a security and bugfix release for the 0.8 branch. This release contains fixes for a couple of major issues, and it is strongly recommended that you upgrade.

Some of you may already be aware of the "billion laughs" denial-of-service attack which was discovered to work against a number of XMPP servers recently. Due to accidental oversight the Prosody team was not notified ahead of the issue being made public, so we have worked hard the past few days to prepare this release as soon as we could.

In addition to upgrading Prosody, you MUST also upgrade the LuaExpat library to 1.2.0 to prevent the attack - this should hopefully be arriving in your distribution shortly, alternatively it can be installed using luarocks. See our dependencies page for details.

If you are a packager and are looking for backported patches to older Prosody versions, please see the 0.8.1 release notes.


A summary of changes in this release:

As usual if you need help or have any questions about installing/upgrading, feel free to ask.

Download

Windows: Installer | Zip

Debian/Ubuntu: 32-bit | 64-bit

Source tarball: prosody-0.8.1.tar.gz