Hi folks,
We are pleased to announce the release of Prosody 0.11.10.
This release primarily fixes CVE-2021-37601, a remote information
disclosure vulnerability. See the previously released advisory for
details: <
https://prosody.im/security/advisory_20210722/>.
We recommend that all deployments upgrade if they have not yet
applied the mitigation described in the advisory.
A handful fixes for issues discovered since 0.11.9 are also included.
A summary of changes since the previous release:
Security
- MUC: Fix logic for access to affiliation lists (CVE-2021-37601)
Minor changes
- prosodyctl: Add ‘limits’ to known globals to warn about misplacing
it
- util.ip: Fix netmask for link-local address range
- mod_pep: Remove obsolete node restoration code
- util.pubsub: Fix traceback if node data not initialized
# Download
As usual, download instructions for many platforms can be found on our
download page:
https://prosody.im/download
If you have any questions, comments or other issues with this release,
let us know!
https://prosody.im/discuss