Mandatory encryption on XMPP starts today
Last year Peter Saint-Andre laid out a plan for strengthening the security of the XMPP network. The manifesto, to date signed by over 70 XMPP service operators and software developers, offered a rallying point for those interested in ensuring the security of XMPP for its users. Today is the date that the manifesto gave for the final ‘flip of the switch’: as of today many XMPP services will begin refusing unencrypted connections.
Read more →Prosody 0.9.4 released
We’re pleased to present Prosody 0.9.4, the latest release from our stable 0.9 branch. This release fixes a security (denial of service) issue. If you are using mod_compression then we strongly recommended that you upgrade as soon as possible or disable compression (it is disabled by default) to prevent potential resource consumption by untrusted users. A summary of changes in this release: Compression: Disallow compression on unauthenticated streams Core: Limit default read size and maximum stanza size Core: Enable SASL EXTERNAL by default for component s2s S2S: Warn if s2s_secure_auth and s2s_require_encryption have been set in conflicting ways S2S: Warn if no local network addresses were found, preventing successful s2s MUC: Fix traceback when a non-occupant tried to change an occupant’s role MUC: API: Fire an event when temporary rooms are destroyed after the last person leaves Telnet: Fixed traceback when listing users Telnet: Apply normalization to JIDs in user management commands HTTP: Fix directory detection in file server on Windows Plugins: Fix paths on Windows MOTD: Don’t strip blank lines from the message provided in the config prosodyctl: Better error reporting when generating certificates Makefile: Improve FreeBSD compatibility Multiple fixes to our migration tools, and support for importing MUCs from ejabberd Download Download instructions for all platforms can be found on our download page
Read more →Ars Technica’s XMPP server setup video
Visit the article to watch the video The folks over at Ars Technica have published a video tutorial on setting up your own XMPP server (using Prosody of course!). If you have been putting off setting up your own server then it’s worth watching, the whole process from installation to configuring your client is explained in under 10 minutes. After watching the tutorial, you might want to read more about some of the topics it touched upon:
Read more →Prosody 0.9.3 released
We have fixed a few bugs and a some minor issues, so it’s time for another release! A summary of changes in this release: A config file passed as command line argument is no longer forgotten when config is reloaded MUC: Allow admins to always bypass restrict_room_creation Strip trailing ‘.’ when normalizing hostnames HTTP: Prevent silent connection failures Components: Allow easier overriding of component authentication by plugins Components: Enable TCP keepalives Migrator: Better error reporting and improved robustness S2S: Include IP in log messages, if hostname is unavailable TLS: Log error when initialization fails Download Download instructions for many platforms can be found on our download page
Read more →Prosody 0.9.2 released
We are pleased to announce Prosody 0.9.2, the latest release of our stable 0.9 branch. The main focus of this release is on a couple of security improvements. A summary of changes in this release: Debian/Ubuntu packages fixed to always generate per-system certs (see below) TLS: Improved cipher string, and use Prosody’s preferred ciphers (see below) MUC: Fix for Spark clients not displaying room lists Packaged certificates It has always been our policy that Prosody should be secure out of the box, which is why we generate self-signed certificates for “localhost” at installation time, making it easy to get a simple XMPP server up and running in a couple of minutes.
Read more →Prosody 0.9.1 released
It’s been a great couple of weeks since Prosody 0.9.0 was released, but we’ve fixed a small number of issues and are happy to present our 0.9.1 release. A summary of changes in this release: Config: Fix the workaround for LuaSec 0.4.x to apply the ssl ‘ciphers’ option correctly Config: Ability to specify the ssl ‘dhparam’ option simply as a path to a file, instead of a callback function Windows: Fix s2s issues Windows: Fix the ability to specify absolute paths to SSL certificates in the config Build: Fix compilation issue on non-Linux systems that have glibc (such as Debian GNU/kFreeBSD) API: Fix to our set library, that caused the :include() and :exclude() methods to behave incorrectly Download instructions for many platforms can be found on our download page
Read more →Prosody 0.9.0 released
Yes! Prosody 0.9.0 is here! Over 1500 commits have been made by twelve people since 0.8, and even more have gone into third-party libraries that we have been contributing to such as LuaSocket, LuaSec and LuaEvent. IPv6 Our first big feature to announce is IPv6 support throughout. After releasing 0.8, this was by far our most voted-for issue in our tracker. Many thanks especially go to Florian Zeitz who worked on the bulk of IPv6 support in both Prosody and LuaSocket.
Read more →Prosody 0.9.0rc5 available for testing
Hi folks, It’s that time of the week! We have a new release for you, with some important and some minor fixes. It is strongly recommended that all 0.9 users upgrade - these issues affect all versions of 0.9 since we released beta1 (~nightly build 119). Prosody 0.8 is not affected. Summary of changes: [major] Fixed a segfault in our SCRAM authentication code that can allow unauthenticated users to crash a Prosody instance.
Read more →Prosody 0.9.0rc4 available for testing
We decided there wasn’t enough suspense about the 0.9.0 release yet, so we’ve decided to issue another release candidate to keep you on your toes. In fact, some of the changes we made for rc3 to keep compatible with the new LuaSocket 3.0 didn’t compile on some platforms. This should now be fixed. We also realised that although we have set a number of new defaults for our TLS configuration (see previous release notes), we had not set a list of acceptable ciphers, which led some clients and servers to negotiate ciphers that might be considered weak.
Read more →We like Pie
We have just added another target to our package builder, namely armhf packages sutable for Raspian on the Raspberry Pi. The first package available is trunk nightly 391. To try it, simply add our package repository to /etc/apt/sources.list: deb http://packages.prosody.im/debian wheezy main and then run sudo apt-get install prosody-trunk
Read more →About
Prosody is a lightweight and flexible XMPP server designed with ease-of-use and extensibility in mind.