0.11.10

Released: 2021-08-03

Summary

This release primarily fixes CVE-2021-37601, a remote information disclosure vulnerability. See the previously released advisory for details. We recommend that all deployments upgrade if they have not yet applied the mitigation described in the advisory.

A handful fixes for issues discovered since 0.11.9 are also included.

Changes

Summary of all changes in this release:

Security

MUC: Fix logic for access to affiliation lists CVE-2021-37601 https://prosody.im/security/advisory_20210722/

Minor changes

prosodyctl: Add ‘limits’ to known globals to warn about misplacing it
util.ip: Fix netmask for link-local address range
mod_pep: Remove obsolete node restoration code
util.pubsub: Fix traceback if node data not initialized

Download

As usual, download instructions for many platforms can be found on our download page

If you have any questions, comments or other issues with this release, let us know!