We're happy to announce a new minor release from our stable branch,
0.9.8. This release contains mainly bug fixes, including an important
A summary of changes in this release:
* Ensure only valid UTF-8 is passed to libidn. It was found
(CVE-2015-2059: http://seclists.org/oss-sec/2015/q1/672) that libidn
can read beyond the boundaries of the provided buffer when an input
string contains invalid UTF-8 sequences.
Systems where Prosody is compiled to use libICU are not affected by this issue.
* DNS: Fix traceback caused when DNS server IP is unroutable (issue
* HTTP client: More robust handling of chunked encoding across
* Stanza router: Fix handling of 'error' <iq>'s with multiple children
* c2s: Fix error reply when clients try to bind multiple resources
on the same stream (issue 484: https://prosody.im/bugs/484)
* s2s: Ensure to/from attributes are always present on stream
headers, even if empty (issue 468: https://prosody.im/bugs/468)
* Build scripts: Add --libdir option to ./configure to simplify
building on some platforms
* Fix traceback in datamanager when used outside of Prosody (e.g. in
some migration tools)
* mod_admin_telnet: Fix potential traceback in server:memory()
command (issue 471: https://prosody.im/bugs/471)
* HTTP server: Improved debug logging
As usual, download instructions for many platforms can be found on our
download page: https://prosody.im/download
If you have any questions, comments or other issues with this release,
let us know! https://prosody.im/discuss
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
Visit this group at http://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.