Prosodical Thoughts

News, announcements and thoughts from the Prosody IM team

Prosody 0.9.4 released

by The Prosody Team
Tags: release , security

We’re pleased to present Prosody 0.9.4, the latest release from our stable 0.9 branch.

This release fixes a security (denial of service) issue. If you are using mod_compression then we strongly recommended that you upgrade as soon as possible or disable compression (it is disabled by default) to prevent potential resource consumption by untrusted users.

A summary of changes in this release:

  • Compression: Disallow compression on unauthenticated streams
  • Core: Limit default read size and maximum stanza size
  • Core: Enable SASL EXTERNAL by default for component s2s
  • S2S: Warn if s2s_secure_auth and s2s_require_encryption have been set in conflicting ways
  • S2S: Warn if no local network addresses were found, preventing successful s2s
  • MUC: Fix traceback when a non-occupant tried to change an occupant’s role
  • MUC: API: Fire an event when temporary rooms are destroyed after the last person leaves
  • Telnet: Fixed traceback when listing users
  • Telnet: Apply normalization to JIDs in user management commands
  • HTTP: Fix directory detection in file server on Windows
  • Plugins: Fix paths on Windows
  • MOTD: Don’t strip blank lines from the message provided in the config
  • prosodyctl: Better error reporting when generating certificates
  • Makefile: Improve FreeBSD compatibility
  • Multiple fixes to our migration tools, and support for importing MUCs from ejabberd


Download instructions for all platforms can be found on our download page

If you have any questions, comments or other issues with this release, let us know!


Prosody is a lightweight and flexible XMPP server designed with ease-of-use and extensibility in mind.

⚛️ Atom feed

Recent Posts