Released: 2021-08-03


This release primarily fixes CVE-2021-37601, a remote information disclosure vulnerability. See the previously released advisory for details. We recommend that all deployments upgrade if they have not yet applied the mitigation described in the advisory.

A handful fixes for issues discovered since 0.11.9 are also included.


Summary of all changes in this release:


Minor changes

  • prosodyctl: Add ‘limits’ to known globals to warn about misplacing it
  • util.ip: Fix netmask for link-local address range
  • mod_pep: Remove obsolete node restoration code
  • util.pubsub: Fix traceback if node data not initialized


As usual, download instructions for many platforms can be found on our download page

If you have any questions, comments or other issues with this release, let us know!