Hello everyone, We're happy to announce a new minor release from our stable branch, 0.9.8. This release contains mainly bug fixes, including an important security fix.
A summary of changes in this release: High: * Ensure only valid UTF-8 is passed to libidn. It was found (CVE-2015-2059: http://seclists.org/oss-sec/2015/q1/672) that libidn can read beyond the boundaries of the provided buffer when an input string contains invalid UTF-8 sequences. Systems where Prosody is compiled to use libICU are not affected by this issue. Medium: * DNS: Fix traceback caused when DNS server IP is unroutable (issue 473: https://prosody.im/bugs/473) * HTTP client: More robust handling of chunked encoding across packet boundaries * Stanza router: Fix handling of 'error' <iq>'s with multiple children Minor: * c2s: Fix error reply when clients try to bind multiple resources on the same stream (issue 484: https://prosody.im/bugs/484) * s2s: Ensure to/from attributes are always present on stream headers, even if empty (issue 468: https://prosody.im/bugs/468) * Build scripts: Add --libdir option to ./configure to simplify building on some platforms * Fix traceback in datamanager when used outside of Prosody (e.g. in some migration tools) * mod_admin_telnet: Fix potential traceback in server:memory() command (issue 471: https://prosody.im/bugs/471) * HTTP server: Improved debug logging # Download As usual, download instructions for many platforms can be found on our download page: https://prosody.im/download If you have any questions, comments or other issues with this release, let us know! https://prosody.im/discuss -- You received this message because you are subscribed to the Google Groups "prosody-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to prosody-dev+unsubscr...@googlegroups.com. To post to this group, send email to prosody-dev@googlegroups.com. Visit this group at http://groups.google.com/group/prosody-dev. For more options, visit https://groups.google.com/d/optout.