Fix for a DoS vulnerability, see
https://www.debian.org/security/2014/dsa-2895
Changes in 0.9.4:
- Compression: Disallow compression on unauthenticated streams
- Core: Limit default read size and maximum stanza size
- Core: Enable SASL EXTERNAL by default for component s2s
- S2S: Warn if s2s_secure_auth and s2s_require_encryption have been
set in conflicting ways
- S2S: Warn if no local network addresses were found, preventing
successful s2s
- MUC: Fix traceback when a non-occupant tried to change an
occupant's role
- MUC: API: Fire an event when temporary rooms are destroyed after
the last person leaves
- Telnet: Fixed traceback when listing users
- Telnet: Apply normalization to JIDs in user management commands
- HTTP: Fix directory detection in file server on Windows
- Plugins: Fix paths on Windows
- MOTD: Don't strip blank lines from the message provided in the config
- prosodyctl: Better error reporting when generating certificates
- Makefile: Improve FreeBSD compatibility
- Multiple fixes to our migration tools, and support for importing MUCs
from ejabberd
Changes in 0.9.3:
- A config file passed as command line argument is no longer forgotten
when config is reloaded
- MUC: Allow admins to always bypass restrict_room_creation
- Strip trailing '.' when normalizing hostnames
- HTTP: Prevent silent connection failures
- Components: Allow easier overriding of component authentication by plugins
- Components: Enable TCP keepalives
- Migrator: Better error reporting and improved robustness
- S2S: Include IP in log messages, if hostname is unavailable
- TLS: Log error when initialization fails
Changes in 0.9.2:
- Debian/Ubuntu packages fixed to always generate per-system certs
- TLS: Improved cipher string, and use Prosody's preferred ciphers
- MUC: Fix for Spark clients not displaying room lists
Changes in 0.9.1:
* Config: Fix the workaround for LuaSec 0.4.x to apply the ssl 'ciphers'
option correctly
* Config: Ability to specify the ssl 'dhparam' option simply as a path to
a file, instead of a callback function
* Windows: Fix s2s issues
* Windows: Fix the ability to specify absolute paths to SSL certificates
in the config
* Build: Fix compilation issue on non-Linux systems that have glibc (such as
Debian GNU/kFreeBSD)
* API: Fix to our set library, that caused the :include() and :exclude()
methods to behave incorrectly
Changes in 0.9.0:
* IPv6 support for c2s, s2s and all other services (e.g. HTTP)
* Server-to-server authentication using certificates (SASL EXTERNAL)
* A new HTTP subsystem, supporting virtual hosts, and fully reloadable modules
* Client and server connections are now handled by modules: mod_c2s, mod_s2s
* mod_pubsub: Basic pubsub service (some features not yet implemented)
* prosodyctl about - show information about a Prosody installation
* prosodyctl cert - command to generate XMPP certificates and CSRs
* Many very nice enhancements to our module API
* MUC: Configurable per-room history length
* MUC: Plugins can now extend the room configuration form
See notes on upgrading from 0.8.x:
https://prosody.im/doc/release/0.9.0#upgrading
Just a small release for you this time, with a handful of bugfixes.
Thanks to '@eoranged' and the other PostgreSQL users who helped with
feedback and testing of the SQL fixes (the PostgreSQL server we use
for testing is now behaving properly!).
A summary of changes in this release:
* mod_storage_sql: Fix compatibility with PostgreSQL databases (0.8.1 issue)
* mod_bosh: Fix for sessions not timing out after inactivity in some cases
* mod_dialback: Fix multiple concurrent dialback requests for the same
domain (was sometimes causing s2s failure with certain ejabberds)
A security and bug fix release. The security aspect is to mitigate the
"billion laughs" denial-of-service attack against XML parsers and XMPP
servers.
Other changes:
- Reject XML DTDs, comments and processing instructions, preventing
the "billion laughs" attack
- Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating
large data (such as large avatars)
Prosody automatically upgrades the table in-place if possible, see:
http://prosody.im/doc/mysql
- Fix for endless loop when parsing certain invalid JSON
- Fix PostgreSQL compatibility in prosody-migrator
- Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
- mod_legacyauth now correctly disabled for unencrypted connections by default
- Components properly inherit SSL settings and certificates from their
'parent' hosts
- Prevent startup with no VirtualHost entries in the config file
Prosody is a flexible communications server for Jabber/XMPP written in Lua.
It aims to be easy to use, and light on resources. For developers it aims
to be easy to extend and give a flexible system on which to rapidly develop
added functionality, or prototype new protocols.
(Based on wip/prosody.)
