[ANN] Prosody 0.11.7 released

8 views
Skip to first unread message

Matthew Wild

unread,
Oct 1, 2020, 11:25:21 AM10/1/20
to Prosody IM Users Group, Prosody IM Developers Group, prosody-...@googlegroups.com
Hi folks,

We are pleased to announce the release of Prosody 0.11.7.

This is a security release for the 0.11.x stable branch. It is strongly
recommended that all users upgrade to this release, especially those
whose deployments have enabled mod_websocket.

As well as upgrading, we recommend all public deployments to review and
configure the c2s_stanza_size_limit and s2s_stanza_size_limit options to
values they are comfortable with. The value is specified in bytes, and
the XMPP specification requires values to be at least 10000 bytes,
however it also recommends against just setting the limit to 10000
bytes. We are working to obtain data on real-world stanza sizes in order
to determine sensible defaults suitable for a future release.

A summary of changes since the previous release:

Security

- mod_websocket: Enforce size limits on received frames (fixes #1593)

Fixes and improvements

- mod_c2s, mod_s2s: Make stanza size limits configurable
- Add configuration options to control Lua garbage collection
parameters
- net.http: Backport SNI support for outgoing HTTP requests (#409)
- mod_websocket: Process all data in the buffer on close frame and
connection errors (fixes #1474, #1234)
- util.indexedbheap: Fix heap data structure corruption, causing some
timers to fail after a reschedule (fixes #1572)

# Download

As usual, download instructions for many platforms can be found on our
download page: https://prosody.im/download

If you have any questions, comments or other issues with this release,
let us know! https://prosody.im/discuss
Reply all
Reply to author
Forward
0 new messages