We’re pleased to present Prosody 0.9.4, the latest release from our stable 0.9 branch.
This release fixes a security (denial of service) issue. If you are using mod_compression then we strongly recommended that you upgrade as soon as possible or disable compression (it is disabled by default) to prevent potential resource consumption by untrusted users.
A summary of changes in this release:
- Compression: Disallow compression on unauthenticated streams
- Core: Limit default read size and maximum stanza size
- Core: Enable SASL EXTERNAL by default for component s2s
- S2S: Warn if
s2s_require_encryptionhave been set in conflicting ways
- S2S: Warn if no local network addresses were found, preventing successful s2s
- MUC: Fix traceback when a non-occupant tried to change an occupant’s role
- MUC: API: Fire an event when temporary rooms are destroyed after the last person leaves
- Telnet: Fixed traceback when listing users
- Telnet: Apply normalization to JIDs in user management commands
- HTTP: Fix directory detection in file server on Windows
- Plugins: Fix paths on Windows
- MOTD: Don’t strip blank lines from the message provided in the config
- prosodyctl: Better error reporting when generating certificates
- Makefile: Improve FreeBSD compatibility
- Multiple fixes to our migration tools, and support for importing MUCs from ejabberd
Download instructions for all platforms can be found on our download page
If you have any questions, comments or other issues with this release, let us know!