[ANN] Prosody 0.11.10 released

11 views
Skip to first unread message

Kim Alvefur

unread,
Aug 3, 2021, 7:48:15 AM8/3/21
to prosod...@googlegroups.com, proso...@googlegroups.com, prosody-...@googlegroups.com
Hi folks,

We are pleased to announce the release of Prosody 0.11.10.

This release primarily fixes CVE-2021-37601, a remote information
disclosure vulnerability. See the previously released advisory for
details: <https://prosody.im/security/advisory_20210722/>.
We recommend that all deployments upgrade if they have not yet
applied the mitigation described in the advisory.

A handful fixes for issues discovered since 0.11.9 are also included.

A summary of changes since the previous release:

Security

- MUC: Fix logic for access to affiliation lists (CVE-2021-37601)

Minor changes

- prosodyctl: Add ‘limits’ to known globals to warn about misplacing
it
- util.ip: Fix netmask for link-local address range
- mod_pep: Remove obsolete node restoration code
- util.pubsub: Fix traceback if node data not initialized

# Download

As usual, download instructions for many platforms can be found on our
download page: https://prosody.im/download

If you have any questions, comments or other issues with this release,
let us know! https://prosody.im/discuss

signature.asc
Reply all
Reply to author
Forward
0 new messages