Prosodical Thoughts

News, announcements and thoughts from the Prosody IM team

Prosody 0.9.10 released

by The Prosody Team. Tags: release , security .

We are pleased to announce a new minor release from our stable branch.

This release fixes another dialback security issue. We strongly encourage all Prosody servers to upgrade as soon as possible.

Read more →

Prosody 0.9.9 security release

by The Prosody Team. Tags: release , security .

Hi folks,

This release contains important fixes for two security issues recently discovered in Prosody. It also contains various other fixes and improvements we have made since 0.9.8. We strongly recommend that you upgrade your server as soon as possible.

Another important note is that for a number of reasons we have dropped Windows support with this release. If you are affected by this, please contact us directly via email at developers@prosody.im.

A summary of changes:

Read more →

Prosody 0.9.8 released

by The Prosody Team. Tags: release , security .

We are pleased to announce a new minor release from our stable branch. This release contains mainly bug fixes, including an important security fix. A summary of changes in this release, by importance: High: Ensure only valid UTF-8 is passed to libidn. It was found (CVE-2015-2059) that libidn can read beyond the boundaries of the provided buffer when an input string contains invalid UTF-8 sequences. Systems where Prosody is compiled with libICU are not affected by this issue.

Read more →

Prosody 0.9.7 released

by The Prosody Team. Tags: release .

We are pleased to announce a new minor release from our stable branch. This release has just a couple of changes for you: Fix server-to-server interoperability issue with Isode M-Link (since 0.9.6) Fix traceback in ‘prosodyctl about’ command with LuaRocks 2.2.0+ installed Also, this is our first release with an official Docker image. More on that soon! Download As usual, download instructions for many platforms can be found on our download page

Read more →

Prosody 0.9.6 released

by The Prosody Team. Tags: release .

Another minor release for you all. The most important change here is to disable SSLv3 by default, now it has been shown to be insecure when used by clients. This means that clients that support only SSLv3 will no longer be able to connect by default (which is why we had not been planning to make this change in a minor release). A summary of changes in this release:

Read more →

Prosody 0.9.5 released

by The Prosody Team.

Quite a number of bug fixes and minor improvements have cropped up, so it’s about time for another release, don’t you think? A summary of changes in this release: C2S: Fix traceback if a client opens a stream to component, which could cause a crash in combination with some versions of LuaEvent C2S, S2S: Log received invalid stream headers S2S: Fix case where stream headers were sometimes sent twice DNS: Ensure all pending requests get notified of a timeout when looking up a record DNS: Fix duplicated cache insertions by limiting outstanding queries per name to one xmppstream: Disable LuaExpat’s buffering xmppstream: Disable CharacterData merging after stream restarts xmppstream: Pass invalid stream headers to error handling Privacy lists: Correctly sort privacy list rules by order prosody: Check dependencies later in the startup sequence Config: Delay importing LuaFileSystem until needed by an Include line Config: Normalize VirtualHost and Component names prosodyctl: Normalize JIDs for adduser/passwd/deluser POSIX: Fix error reporting from disk space allocation POSIX: Verify that ‘pidfile’ is a string, show friendly error otherwise Dependency checking: Check that prosody is running under Lua 5.

Read more →

Mandatory encryption on XMPP starts today

by The Prosody Team.

Last year Peter Saint-Andre laid out a plan for strengthening the security of the XMPP network. The manifesto, to date signed by over 70 XMPP service operators and software developers, offered a rallying point for those interested in ensuring the security of XMPP for its users. Today is the date that the manifesto gave for the final ‘flip of the switch’: as of today many XMPP services will begin refusing unencrypted connections.

Read more →

Prosody 0.9.4 released

by The Prosody Team. Tags: release , security .

We’re pleased to present Prosody 0.9.4, the latest release from our stable 0.9 branch. This release fixes a security (denial of service) issue. If you are using mod_compression then we strongly recommended that you upgrade as soon as possible or disable compression (it is disabled by default) to prevent potential resource consumption by untrusted users. A summary of changes in this release: Compression: Disallow compression on unauthenticated streams Core: Limit default read size and maximum stanza size Core: Enable SASL EXTERNAL by default for component s2s S2S: Warn if s2s_secure_auth and s2s_require_encryption have been set in conflicting ways S2S: Warn if no local network addresses were found, preventing successful s2s MUC: Fix traceback when a non-occupant tried to change an occupant’s role MUC: API: Fire an event when temporary rooms are destroyed after the last person leaves Telnet: Fixed traceback when listing users Telnet: Apply normalization to JIDs in user management commands HTTP: Fix directory detection in file server on Windows Plugins: Fix paths on Windows MOTD: Don’t strip blank lines from the message provided in the config prosodyctl: Better error reporting when generating certificates Makefile: Improve FreeBSD compatibility Multiple fixes to our migration tools, and support for importing MUCs from ejabberd Download Download instructions for all platforms can be found on our download page

Read more →

Ars Technica’s XMPP server setup video

by The Prosody Team.

Visit the article to watch the video The folks over at Ars Technica have published a video tutorial on setting up your own XMPP server (using Prosody of course!). If you have been putting off setting up your own server then it’s worth watching, the whole process from installation to configuring your client is explained in under 10 minutes. After watching the tutorial, you might want to read more about some of the topics it touched upon:

Read more →

Prosody 0.9.3 released

by The Prosody Team.

We have fixed a few bugs and a some minor issues, so it’s time for another release! A summary of changes in this release: A config file passed as command line argument is no longer forgotten when config is reloaded MUC: Allow admins to always bypass restrict_room_creation Strip trailing ‘.’ when normalizing hostnames HTTP: Prevent silent connection failures Components: Allow easier overriding of component authentication by plugins Components: Enable TCP keepalives Migrator: Better error reporting and improved robustness S2S: Include IP in log messages, if hostname is unavailable TLS: Log error when initialization fails Download Download instructions for many platforms can be found on our download page

Read more →
Previous page Next page

About

Prosody is a lightweight and flexible XMPP server designed with ease-of-use and extensibility in mind.

⚛️ Atom feed

Recent Posts