Hi all, Strophe 1.0.2 has been released. Please consider upgrading immediately as it contains a security fix affecting DIGEST-MD5 SASL authentication.
All the downloads and documentation can be found at: http://strophe.im/strophejs Note that this website is brand new and should remain the permanent home of the project. The old site at code.stanziq.com died with Collecta, although it still redirects to the new home. The full change log can be found here: https://raw.github.com/metajack/strophejs/release-1.0.2/CHANGELOG.txt I don't know of any exploits for the DIGEST-MD5 problem, but the fact that the client nonce never changed on a particular browser is probably not good. Thanks go to Julian Scheid for finding and reporting this to me. I went through most of the pull requests and applied them. There were a handful that didn't make it due to the need for more review. I'll get to these as soon as I can, but I think I got all the ones that fix major bugs. Please give it a whirl and let me know if you find anything I missed. jack. _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
