0.11.10

Released: 2021-08-03

Summary

This release primarily fixes CVE-2021-37601, a remote information disclosure vulnerability. See the previously released advisory for details. We recommend that all deployments upgrade if they have not yet applied the mitigation described in the advisory.

A handful fixes for issues discovered since 0.11.9 are also included.

Changes

Summary of all changes in this release:

Security

Minor changes

  • prosodyctl: Add ‘limits’ to known globals to warn about misplacing it
  • util.ip: Fix netmask for link-local address range
  • mod_pep: Remove obsolete node restoration code
  • util.pubsub: Fix traceback if node data not initialized

Download

As usual, download instructions for many platforms can be found on our download page

If you have any questions, comments or other issues with this release, let us know!