Prosodical Thoughts

News, announcements and thoughts from the Prosody IM team

Prosody 0.9.0rc5 available for testing

by The Prosody Team.

Hi folks,

It’s that time of the week! We have a new release for you, with some important and some minor fixes.

It is strongly recommended that all 0.9 users upgrade - these issues affect all versions of 0.9 since we released beta1 (~nightly build 119). Prosody 0.8 is not affected.

Summary of changes:

  • [major] Fixed a segfault in our SCRAM authentication code that can allow unauthenticated users to crash a Prosody instance.
  • [major] Fixed an issue that allows an attacker to bypass the new ‘s2s_secure_auth’ and ‘s2s_secure_domains’ options, and downgrade the connection to DNS authentication (dialback) if mod_dialback is loaded.
  • [minor] Sometimes s2s certificate errors were not accurately reported (in debug logging and telnet console).
  • [minor] HTTP/1.0 connections with Keep-Alive did not work correctly

Nightly users should upgrade to build 154. Users of the trunk nightly build should also upgrade, to build 408.

All download information can be found with our 0.9 release notes.

Happy Jabbering! The Prosody Team


About

Prosody is a lightweight and flexible XMPP server designed with ease-of-use and extensibility in mind.

Recent Posts