• Pr chevron_right

      Prosody 0.11.10 released

      pubsub.slavino.sk / prosodyblog · Tuesday, 3 August, 2021 - 10:13

    We are pleased to announce a new minor release from our stable branch. This release primarily fixes CVE-2021-37601, a remote information disclosure vulnerability. See the previously released advisory for details. We recommend that all deployments upgrade if they have not yet applied the mitigation described in the advisory. A handful fixes for issues discovered since 0.11.9 are also included. A summary of changes in this release: Security MUC: Fix logic for access to affiliation lists CVE-2021-37601 https://prosody.

    Značky: #XMPP

    • Pr chevron_right

      Prosody 0.11.9 released

      pubsub.slavino.sk / prosodyblog · Wednesday, 12 May, 2021 - 18:32

    We are pleased to announce a new minor release from our stable branch. This release addresses a number of important security issues that affect most deployments of Prosody. Full details are available in a separate security advisory. We recommend that all deployments upgrade or apply the mitigations described in the advisory. A summary of changes in this release: Security mod_limits, prosody.cfg.lua: Enable rate limits by default certmanager: Disable renegotiation by default mod_proxy65: Restrict access to local c2s connections by default util.

    Značky: #XMPP

    • Pr chevron_right

      Prosody 0.11.8 released

      pubsub.slavino.sk / prosodyblog · Monday, 15 February, 2021 - 19:39

    We are pleased to announce a new minor release from our stable branch. A new release appears! This time it includes bug fixes and performance improvements! Thanks to the Jitsi folks for helping us improve websocket performance in this and the previous release. This release also fixes a security issue, where channel binding, which connects the authentication layer (i.e. SASL) with the security layer (i.e. TLS) to detect man-in-the-middle attacks, could be used on connections encrypted with TLS 1.

    Značky: #XMPP

    • Pr chevron_right

      How Prosody developers spent 2020

      pubsub.slavino.sk / prosodyblog · Friday, 8 January, 2021 - 00:00

    Nobody here knew quite what a year 2020 was going to be! However despite pandemics and lockdowns, we have continued to work on Prosody. This post is a summary of how the project is doing, and what we’ve been up to in the past year. One quick note before we begin… Prosody is an independent open-source project and exists only because the developers have been fortunate enough to be in a position to work on it.

    Značky: #XMPP

    • Pr chevron_right

      XMPP at the IETF

      pubsub.slavino.sk / prosodyblog · Wednesday, 4 November, 2020 - 06:05

    We recently helped deploy a new XMPP service for the IETF. But before we go any further, some of you are probably asking - “what is the IETF?!” If you’ve been around the XMPP community for a while, or if you’ve been at all involved in internet development discussions, you’ll already have an idea of what the IETF is. But that leaves many people don’t know, so here goes…

    Značky: #XMPP

    • Pr chevron_right

      Prosody 0.11.7 released

      pubsub.slavino.sk / prosodyblog · Thursday, 1 October, 2020 - 15:09

    We are pleased to announce a new minor release from our stable branch. This is a security release for the 0.11.x stable branch. It is strongly recommended that all users upgrade to this release, especially those whose deployments have enabled mod_websocket. As well as upgrading, we recommend all public deployments to review and configure the c2s_stanza_size_limit and s2s_stanza_size_limit options to values they are comfortable with. The value is specified in bytes, and the XMPP specification requires values to be at least 10000 bytes, however it also recommends against just setting the limit to 10000 bytes.

    Značky: #XMPP

    • Pr chevron_right

      Simple Anti-Spam Tips

      pubsub.slavino.sk / prosodyblog · Tuesday, 22 September, 2020 - 09:30

    You can take it as a sign of success of a network when it becomes worthwhile for spammers to set up camp. If you’re an active user of XMPP, there is a chance you’ve been unfortunate enough to receive spam in recent weeks. Spam has always been an occasional issue on the network, as with any network, website or internet service. However a few years ago spammers really started to take things more seriously on XMPP.

    Značky: #XMPP

    • Pr chevron_right

      Great Invitations

      pubsub.slavino.sk / prosodyblog · Sunday, 13 September, 2020 - 17:08

    There are two kinds of servers on the XMPP network today: those with public registration, and those without. The servers that support registration generally allow you to create accounts via the web, or using your XMPP client (XEP-0077). The problem is that this opens your server up to the world. Even when you add CAPTCHAs and other defences, even the most careful XMPP public server admin will at some point see spammers registering accounts on their server.

    Značky: #XMPP

    • Pr chevron_right

      Prosody 0.11.6 released

      pubsub.slavino.sk / prosodyblog · Wednesday, 9 September, 2020 - 13:46

    We are pleased to announce a new minor release from our stable branch. This release brings a collection of fixes and improvements added since the 0.11.5 release improving security, performance, usability and interoperability. This version continues the deprecation of using prosodyctl to start/stop Prosody if it is installed system-wide. You should use your init system’s appropriate commands to manage the Prosody process instead. You can silence the warnings with the ‘prosodyctl_service_warnings’ option.

    Značky: #XMPP