We are pleased to announce a new minor release from our stable branch.
This release primarily fixes CVE-2021-37601, a remote information disclosure vulnerability. See the previously released advisory for details. We recommend that all deployments upgrade if they have not yet applied the mitigation described in the advisory.
A handful fixes for issues discovered since 0.11.9 are also included.
A summary of changes in this release:
- MUC: Fix logic for access to affiliation lists CVE-2021-37601 https://prosody.im/security/advisory_20210722/
- prosodyctl: Add ‘limits’ to known globals to warn about misplacing it
- util.ip: Fix netmask for link-local address range
- mod_pep: Remove obsolete node restoration code
- util.pubsub: Fix traceback if node data not initialized
As usual, download instructions for many platforms can be found on our download page
If you have any questions, comments or other issues with this release, let us know!