Just a small release for you this time, with a handful of bugfixes.
Thanks to '@eoranged' and the other PostgreSQL users who helped with
feedback and testing of the SQL fixes (the PostgreSQL server we use
for testing is now behaving properly!).
A summary of changes in this release:
* mod_storage_sql: Fix compatibility with PostgreSQL databases (0.8.1 issue)
* mod_bosh: Fix for sessions not timing out after inactivity in some cases
* mod_dialback: Fix multiple concurrent dialback requests for the same
domain (was sometimes causing s2s failure with certain ejabberds)
A security and bug fix release. The security aspect is to mitigate the
"billion laughs" denial-of-service attack against XML parsers and XMPP
servers.
Other changes:
- Reject XML DTDs, comments and processing instructions, preventing
the "billion laughs" attack
- Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating
large data (such as large avatars)
Prosody automatically upgrades the table in-place if possible, see:
http://prosody.im/doc/mysql
- Fix for endless loop when parsing certain invalid JSON
- Fix PostgreSQL compatibility in prosody-migrator
- Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
- mod_legacyauth now correctly disabled for unencrypted connections by default
- Components properly inherit SSL settings and certificates from their
'parent' hosts
- Prevent startup with no VirtualHost entries in the config file
Prosody is a flexible communications server for Jabber/XMPP written in Lua.
It aims to be easy to use, and light on resources. For developers it aims
to be easy to extend and give a flexible system on which to rapidly develop
added functionality, or prototype new protocols.
(Based on wip/prosody.)
