Hi folks, We are pleased to announce the release of Prosody 0.11.9.
This release addresses a number of important security issues that affect most deployments of Prosody. Full details are available in a separate security advisory](https://prosody.im/security/advisory_20210512/). We recommend that all deployments upgrade or apply the mitigations described in the advisory. A summary of changes since the previous release: Security - mod_limits, prosody.cfg.lua: Enable rate limits by default - certmanager: Disable renegotiation by default - mod_proxy65: Restrict access to local c2s connections by default - util.startup: Set more aggressive defaults for GC - mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits - mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets - mod_dialback: Remove dialback-without-dialback feature - mod_dialback: Use constant-time comparison with hmac Minor changes - util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp) - mod_c2s: Don’t throw errors in async code when connections are gone - mod_c2s: Fix traceback in session close when conn is nil - core.certmanager: Improve detection of LuaSec/OpenSSL capabilities - mod_saslauth: Use a defined SASL error - MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#info - mod_saslauth: Don’t throw errors in async code when connections are gone - mod_pep: Advertise base pubsub feature (fixes #1632: mod_pep missing pubsub feature in disco) - prosodyctl check config: Add ‘gc’ to list of global options - prosodyctl about: Report libexpat version if known - util.xmppstream: Add API to dynamically configure the stanza size limit for a stream - util.set: Add is_set() to test if an object is a set - mod_http: Skip IP resolution in non-proxied case - mod_c2s: Log about missing conn on async state changes - util.xmppstream: Reduce internal default xmppstream limit to 1MB # Download As usual, download instructions for many platforms can be found on our download page: https://prosody.im/download If you have any questions, comments or other issues with this release, let us know! https://prosody.im/discuss -- You received this message because you are subscribed to the Google Groups "prosody-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prosody-dev/CAJt9-x4c0ktZc%2BSbK3Gxs61_Gs_hn36PQQeO86hz%3DMeupN9kkQ%40mail.gmail.com.
