0.9.4 Release Notes

Released: 2014-04-02

We are pleased to announce Prosody 0.9.4, the latest release of our stable 0.9 branch.

This release fixes a security (denial of service) issue. If you are using mod_compression then we strongly recommended that you upgrade as soon as possible or disable compression (it is disabled by default) to prevent potential resource consumption by untrusted users.

Note: If you are upgrading from 0.8.x or earlier, please read the 0.9.0 upgrade notes!

A summary of changes in this release:

• Compression: Disallow compression on unauthenticated streams
• Core: Limit default read size and maximum stanza size
• Core: Enable SASL EXTERNAL by default for component s2s
• S2S: Warn if `s2s_secure_auth` and `s2s_require_encryption` have been set in conflicting ways
• S2S: Warn if no local network addresses were found, preventing successful s2s
• MUC: Fix traceback when a non-occupant tried to change an occupant's role
• MUC: API: Fire an event when temporary rooms are destroyed after the last person leaves
• Telnet: Fixed traceback when listing users
• Telnet: Apply normalization to JIDs in user management commands
• HTTP: Fix directory detection in file server on Windows
• Plugins: Fix paths on Windows
• MOTD: Don't strip blank lines from the message provided in the config
• prosodyctl: Better error reporting when generating certificates
• Makefile: Improve FreeBSD compatibility
• Multiple fixes to our migration tools, and support for importing MUCs from ejabberd

hg clone https://hg.prosody.im/0.9 prosody-0.9