We are pleased to announce a new minor release from our stable branch. This release contains mainly bug fixes, including an important security fix.
A summary of changes in this release, by importance:
- Ensure only valid UTF-8 is passed to libidn. It was found (CVE-2015-2059) that libidn can read beyond the boundaries of the provided buffer when an input string contains invalid UTF-8 sequences.
Systems where Prosody is compiled with libICU are not affected by this issue.
- DNS: Fix traceback caused when DNS server IP is unroutable (issue 473)
- HTTP client: More robust handling of chunked encoding across packet boundaries
- Stanza router: Fix handling of ‘error’ <iq>’s with multiple children
- c2s: Fix error reply when clients try to bind multiple resources on the same stream (issue 484)
- s2s: Ensure to/from attributes are always present on stream headers, even if empty (issue 468)
- Build scripts: Add –libdir option to ./configure to simplify building on some platforms
- Fix traceback in datamanager when used outside of Prosody (e.g. in some migration tools)
- mod_admin_telnet: Fix potential traceback in server:memory() command (issue 471)
- HTTP server: Improved debug logging
As usual, download instructions for many platforms can be found on our download page
If you have any questions, comments or other issues with this release, let us know!