Prosody 0.10.3 released
Three releases in less than a week! I think it’s a record. This one is a minor security and bugfix release from our 0.10.x branch, for users and packagers who are not quite ready to make the jump to 0.11 just yet. We will continue to maintain the 0.10 branch in this way with security and major bugfixes until further notice.
Read more →Prosody 0.10.2 and 0.9.14 Security Release
Today brings an important security release for both our stable branches. This fixes a cross-host authentication vulnerability, CVE-2018-10847. The issue affects Prosody instances that have multiple virtual hosts (including anonymous authenticated hosts). All versions of Prosody before 0.9.14 and 0.10.2 are affected. A full security advisory is available at https://prosody.im/security/advisory_20180531 Changes Summary of all changes in this release: Security mod_c2s: Do not allow the stream ‘to’ to change across stream restarts (fixes #1147) Minor changes mod_websocket: Store the request object on the session for use by other modules (fixes #1153) mod_c2s: Avoid concatenating potential nil value (fixes #753) core.
Read more →Prosody 0.10.1 released
We are pleased to announce a new minor release from our stable branch.
This is the latest release to our stable branch. It is recommented that all 0.10.0 users upgrade, and users of our nightly packages upgrade to build 477 or later.
A summary of changes in this release:
Read more →Prosody 0.9.13 released
This is a new maintenance release to our old stable 0.9 branch, with many bug fixes, including some important security improvements.
Read more →Prosody 0.9.10 released
We are pleased to announce a new minor release from our stable branch.
This release fixes another dialback security issue. We strongly encourage all Prosody servers to upgrade as soon as possible.
Read more →Prosody 0.9.9 security release
Hi folks,
This release contains important fixes for two security issues recently discovered in Prosody. It also contains various other fixes and improvements we have made since 0.9.8. We strongly recommend that you upgrade your server as soon as possible.
Another important note is that for a number of reasons we have dropped Windows support with this release. If you are affected by this, please contact us directly via email at developers@prosody.im.
A summary of changes:
Read more →Prosody 0.9.8 released
We are pleased to announce a new minor release from our stable branch. This release contains mainly bug fixes, including an important security fix. A summary of changes in this release, by importance: High: Ensure only valid UTF-8 is passed to libidn. It was found (CVE-2015-2059) that libidn can read beyond the boundaries of the provided buffer when an input string contains invalid UTF-8 sequences. Systems where Prosody is compiled with libICU are not affected by this issue.
Read more →Prosody 0.9.4 released
We’re pleased to present Prosody 0.9.4, the latest release from our stable 0.9 branch. This release fixes a security (denial of service) issue. If you are using mod_compression then we strongly recommended that you upgrade as soon as possible or disable compression (it is disabled by default) to prevent potential resource consumption by untrusted users. A summary of changes in this release: Compression: Disallow compression on unauthenticated streams Core: Limit default read size and maximum stanza size Core: Enable SASL EXTERNAL by default for component s2s S2S: Warn if s2s_secure_auth and s2s_require_encryption have been set in conflicting ways S2S: Warn if no local network addresses were found, preventing successful s2s MUC: Fix traceback when a non-occupant tried to change an occupant’s role MUC: API: Fire an event when temporary rooms are destroyed after the last person leaves Telnet: Fixed traceback when listing users Telnet: Apply normalization to JIDs in user management commands HTTP: Fix directory detection in file server on Windows Plugins: Fix paths on Windows MOTD: Don’t strip blank lines from the message provided in the config prosodyctl: Better error reporting when generating certificates Makefile: Improve FreeBSD compatibility Multiple fixes to our migration tools, and support for importing MUCs from ejabberd Download Download instructions for all platforms can be found on our download page
Read more →Prosody 0.9.2 released
We are pleased to announce Prosody 0.9.2, the latest release of our stable 0.9 branch. The main focus of this release is on a couple of security improvements. A summary of changes in this release: Debian/Ubuntu packages fixed to always generate per-system certs (see below) TLS: Improved cipher string, and use Prosody’s preferred ciphers (see below) MUC: Fix for Spark clients not displaying room lists Packaged certificates It has always been our policy that Prosody should be secure out of the box, which is why we generate self-signed certificates for “localhost” at installation time, making it easy to get a simple XMPP server up and running in a couple of minutes.
Read more →Prosody 0.8.1 released
This is a security and bugfix release for the 0.8 branch. This release contains fixes for a couple of major issues, and it is strongly recommended that you upgrade. Some of you may already be aware of the “billion laughs” denial-of-service attack which was discovered to work against a number of XMPP servers recently. Due to accidental oversight the Prosody team was not notified ahead of the issue being made public, so we have worked hard the past few days to prepare this release as soon as we could.
Read more →About
Prosody is a lightweight and flexible XMPP server designed with ease-of-use and extensibility in mind.