This is a security and bugfix release for the 0.8 branch. This release contains fixes for a couple of major issues, and it is strongly recommended that you upgrade.
Some of you may already be aware of the "billion laughs" denial-of-service attack which was discovered to work against a number of XMPP servers recently. Due to accidental oversight the Prosody team was not notified ahead of the issue being made public, so we have worked hard the past couple of days to prepare this release as soon as we could.
In addition to upgrading Prosody, you MUST also upgrade the LuaExpat library to 1.2.0 to prevent the attack - this should hopefully be arriving in your distribution shortly, alternatively it can be installed using luarocks. See here for details.
A summary of changes in this release:
We have selected all of the changes in 0.8.1 to be only those important enough to be distributed to all users of 0.8.0. However if you are a packager looking to backport only the urgent security fixes, these are the patches you need:
The last 2 issues above are specific to 0.8 and potentially allow remote DoS when combined.