Recent Releases

0.11.1004 Aug 2021 21:19 security: MUC: Fix logic for access to affiliation lists CVE-2021-37601: prosodyctl: Add limits to known globals to warn about misplacing it. util.ip: Fix netmask for link-local address range. mod_pep: Remove obsolete node restoration code. util.pubsub: Fix traceback if node data not initialized.
0.11.903 Aug 2021 21:45 security: mod_limits, prosody.cfg.lua: Enable rate limits by default. certmanager: Disable renegotiation by default. mod_proxy65: Restrict access to local c2s connections by default. util.startup: Set more aggressive defaults for GC. mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits. mod_authinternal plain,hashed : Use constant-time string comparison for secrets. mod_dialback: Remove dialback-without-dialback feature. mod_dialback: Use constant-time comparison with hmac. util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp). mod_c2s: Don t throw errors in async code when connections are gone. mod_c2s: Fix traceback in session close when conn is nil. core.certmanager: Improve detection of LuaSec/OpenSSL capabilities. mod_saslauth: Use a defined SASL error. MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#info. mod_saslauth: Don t throw errors in async code when connections are gone. mod_pep: Advertise base pubsub feature (fixes #1632: mod_pep missing pubsub feature in disco). prosodyctl check config: Add gc to list of global options. prosodyctl about: Report libexpat version if known. util.xmppstream: Add API to dynamically configure the stanza size limit for a stream. util.set: Add is_set() to test if an object is a set. mod_http: Skip IP resolution in non-proxied case. mod_c2s: Log about missing conn on async state changes. util.xmppstream: Reduce internal default xmppstream limit to 1MB.
0.11.021 Nov 2018 23:16 major feature: Chatroom improvements, improved configuration, message archiving, nickname reservation, new Pubsub/PEP implementation, new vCard format, mobile battery life optimizations, asynchronous APIs, automated tests, native epoll support, Lua 5.2 support