[ANN] Prosody 0.11.7 released

27 views
Skip to first unread message

Matthew Wild

unread,
Oct 1, 2020, 11:25:22 AM10/1/20
to Prosody IM Users Group, Prosody IM Developers Group, prosody-...@googlegroups.com
Hi folks,

We are pleased to announce the release of Prosody 0.11.7.

This is a security release for the 0.11.x stable branch. It is strongly
recommended that all users upgrade to this release, especially those
whose deployments have enabled mod_websocket.

As well as upgrading, we recommend all public deployments to review and
configure the c2s_stanza_size_limit and s2s_stanza_size_limit options to
values they are comfortable with. The value is specified in bytes, and
the XMPP specification requires values to be at least 10000 bytes,
however it also recommends against just setting the limit to 10000
bytes. We are working to obtain data on real-world stanza sizes in order
to determine sensible defaults suitable for a future release.

A summary of changes since the previous release:

Security

- mod_websocket: Enforce size limits on received frames (fixes #1593)

Fixes and improvements

- mod_c2s, mod_s2s: Make stanza size limits configurable
- Add configuration options to control Lua garbage collection
parameters
- net.http: Backport SNI support for outgoing HTTP requests (#409)
- mod_websocket: Process all data in the buffer on close frame and
connection errors (fixes #1474, #1234)
- util.indexedbheap: Fix heap data structure corruption, causing some
timers to fail after a reschedule (fixes #1572)

# Download

As usual, download instructions for many platforms can be found on our
download page: https://prosody.im/download

If you have any questions, comments or other issues with this release,
let us know! https://prosody.im/discuss

deoren

unread,
Oct 6, 2020, 6:14:31 PM10/6/20
to prosod...@googlegroups.com


On 10/1/2020 10:25 AM, Matthew Wild wrote:
> Hi folks,
>
> We are pleased to announce the release of Prosody 0.11.7.
>
> This is a security release for the 0.11.x stable branch. It is strongly
> recommended that all users upgrade to this release, especially those
> whose deployments have enabled mod_websocket.
>
> ...
>
> # Download
>
> As usual, download instructions for many platforms can be found on our
> download page: https://prosody.im/download
>
> If you have any questions, comments or other issues with this release,
> let us know! https://prosody.im/discuss
>

Is Ubuntu 16.04 going to get this update? I checked
https://prosody.im/download/package_repository and I see that it is
still listed as supported, but when I tested a fresh installation in a
container I saw that 18.04 has the update, but 16.04 (in a different
container) was not offered it, just the 0.11.6-1~xenial1 version.

Thanks.

deoren

unread,
Oct 8, 2020, 9:47:19 AM10/8/20
to prosod...@googlegroups.com
Any feedback about support for Ubuntu 16.04? I saw the discussion
regarding an eol Debian release, but the docs noted that Ubuntu 16.04 is
still supported, so just making sure that the lack of a release wasn't
intentional.

Thanks for your time.

Kim Alvefur

unread,
Oct 8, 2020, 10:34:40 AM10/8/20
to prosod...@googlegroups.com
On Thu, Oct 08, 2020 at 08:47:13AM -0500, deoren wrote:
>Any feedback about support for Ubuntu 16.04? I saw the discussion
>regarding an eol Debian release, but the docs noted that Ubuntu 16.04
>is still supported, so just making sure that the lack of a release
>wasn't intentional.

There's no trace of neither the source nor binary packages of 0.11.7 for
Ubuntu 16.04, not even any logs. My guess is that the source package was
never uploaded and got lost somewhere.

The 0.11.6 package build successfully and there should have been no
packaging changes between that and 0.11.7, so I suppose all it should
take is to create and upload a new source package.

--
Zash

PS:
There are no recent prosody-trunk nightly builds because of a build-time
dependency conflict, which I have given up trying to resolve. Bleeding
edge Prosody on ancient Ubuntu is hopefully the most uncommon
combination anyways.
DS;
Reply all
Reply to author
Forward
0 new messages