Hi folks,
This release contains important fixes for two security issues recently
discovered in Prosody. It also contains various other fixes and
improvements we have made since 0.9.8. We strongly recommend that you
upgrade your server as soon as possible.
Another important note is that for a number of reasons we have dropped
Windows support with this release. If you are affected by this, please
contact us directly via email at develop...@prosody.im.
A summary of changes:
Security fixes:
- Fix path traversal vulnerability in mod_http_files (CVE-2016-1231)
for more details see https://prosody.im/security/advisory_20160108-1/
- Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232)
for more details see https://prosody.im/security/advisory_20160108-2/
Bugs:
- Improve handling of CNAME records in DNS
- Fix traceback when deleting a user in some configurations (issue #496)
- MUC: restrict_room_creation could prevent users from joining
rooms (issue #458)
- MUC: fix occasional dropping of iq stanzas sent privately between occupants
- Fix a potential memory leak in mod_pep
Additions:
- Add http:list() command to telnet to view active HTTP services
- Simplify IPv4/v6 address selection code for outgoing s2s
- Add support for importing SCRAM hashes from ejabberd
# Download
As usual, download instructions for many platforms can be found on our
download page: https://prosody.im/download
If you have any questions, comments or other issues with this release,
let us know! https://prosody.im/discuss
--
You received this message because you are subscribed to the Google Groups
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at https://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.
