Hello everyone,

We're happy to announce a new minor release from our stable branch,
0.9.8. This release contains mainly bug fixes, including an important
security fix.

A summary of changes in this release:


  * Ensure only valid UTF-8 is passed to libidn. It was found
(CVE-2015-2059: http://seclists.org/oss-sec/2015/q1/672) that libidn
can read beyond the boundaries of the provided buffer when an input
string contains invalid UTF-8 sequences.

Systems where Prosody is compiled to use libICU are not affected by this issue.


  * DNS: Fix traceback caused when DNS server IP is unroutable (issue
473: https://prosody.im/bugs/473)
  * HTTP client: More robust handling of chunked encoding across
packet boundaries
  * Stanza router: Fix handling of 'error' <iq>'s with multiple children


  * c2s: Fix error reply when clients try to bind multiple resources
on the same stream (issue 484: https://prosody.im/bugs/484)
  * s2s: Ensure to/from attributes are always present on stream
headers, even if empty (issue 468: https://prosody.im/bugs/468)
  * Build scripts: Add --libdir option to ./configure to simplify
building on some platforms
  * Fix traceback in datamanager when used outside of Prosody (e.g. in
some migration tools)
  * mod_admin_telnet: Fix potential traceback in server:memory()
command (issue 471: https://prosody.im/bugs/471)
  * HTTP server: Improved debug logging

# Download

As usual, download instructions for many platforms can be found on our
download page: https://prosody.im/download

If you have any questions, comments or other issues with this release,
let us know! https://prosody.im/discuss

You received this message because you are subscribed to the Google Groups 
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at http://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.

Reply via email to