Shura @shura@mastodon.social

♲ @: Prosody 0.9.13 released
This is a new maintenance release to our old stable 0.9 branch, with many bug fixes, including some important security improvements.

In particular there is an issue where using Prosody 0.9 with LuaSocket 3.0rc1 (which is commonly packaged in distributions) can allow an unauthenticated remote entity to trigger Prosody to exit.

If you are using our nightly packages ('prosody-0.9') from our repository, this issue was already fixed last year in nightly build 285. Simply upgrade the prosody-0.9 package to ensure you have all the latest fixes in this branch.

If you are using the 'prosody' package and it is at version 0.9, we recommend you upgrade it - our repository provides 0.10.0 since the release in October last year. Alternatively please switch to using the prosody-0.9 nightly packages to ensure you continue to get updates on the 0.9 branch.

NOTE for 0.10.x users: none of the security issues in this release affect 0.10. However 0.10.1 release will follow shortly with some bug fixes relevant to that branch.

Note that there is currently no deprecation plan for the 0.9 branch. We will continue to provide security and major bug fixes for the immediate future, although we do encourage you to upgrade to 0.10.

A summary of changes in this release:
Security Fix for compatibility with LuaSocket 3.0rc1 (fixes denial of service from remote) mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595 https://prosody.im/issues/issue/595) MUC: Ensure that elements which match our from are stripped (fixes #1055 https://prosody.im/issues/issue/1055) Fixes and improvements Compatibility fix with newer LuaSec 0.6 (fixes #781 https://prosody.im/issues/issue/781) mod_presence: Send probe once subscribed (fixes #794 https://prosody.im/issues/issue/794) mod_net_multiplex: Enable SSL on the SSL port (fixes #803 https://prosody.im/issues/issue/803) Minor changes core.rostermanager: Add method for checking if the user is subscribed to a contact mod_saslauth: Log SASL failure reason mod_disco: Correctly set the 'node' attr (fixes #449 https://prosody.im/issues/issue/449) mod_bosh: Update session.conn to point to the current connection (fixes #890 https://prosody.im/issues/issue/890) net.dns: Simplify expiry calculation (fixes #919 https://prosody.im/issues/issue/919) mod_watchregistrations: Return the pointer to the root of the stanza, fixes #922 https://prosody.im/issues/issue/922. mod_disco: Add an account/registered identity on subscribed accounts, fixes #826 https://prosody.im/issues/issue/826. mod_welcome: Return the pointer to the root of the stanza, fixes a bug similar to #922 https://prosody.im/issues/issue/922. net.dns: Prevent answers from immediately expiring even if TTL=0 (see #919 https://prosody.im/issues/issue/919) mod_saslauth: Use correct varible name (thanks Roi) mod_c2s: Iterate over child tags instead of child nodes in stream error (fixes traceback from #987 https://prosody.im/issues/issue/987) mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) MUC: Always send subject message, even if it is empty (fixes #1053 https://prosody.im/issues/issue/1053) MUC: fix the @from on in history replay (fixes #1054 https://prosody.im/issues/issue/1054) MUC: Rename variable to make it clearer that it is the room JID and not the MUC host Download
Source: https://prosody.im/downloads/source/prosody-0.9.13.tar.gz sig https://prosody.im/downloads/source/prosody-0.9.13.tar.gz.asc

Debian/Ubuntu and derivatives: Install 'prosody-0.9' from our package repository https://packages.prosody.im/debian/ to receive nightly build 289 or higher.

If your Prosody is installed from your distribution, look to them for updates.

If you have any questions, comments or other issues with this release, let us know! https://prosody.im/discuss blog.prosody.im/prosody-0-9-13…
#xmpp #jabber #prosody