0.9.4 Release Notes

Released: 2014-04-02

We are pleased to announce Prosody 0.9.4, the latest release of our stable 0.9 branch.

This release fixes a security (denial of service) issue. If you are using mod_compression then we strongly recommended that you upgrade as soon as possible or disable compression (it is disabled by default) to prevent potential resource consumption by untrusted users.

Note: If you are upgrading from 0.8.x or earlier, please read the 0.9.0 upgrade notes!

A summary of changes in this release:

  • Compression: Disallow compression on unauthenticated streams
  • Core: Limit default read size and maximum stanza size
  • Core: Enable SASL EXTERNAL by default for component s2s
  • S2S: Warn if `s2s_secure_auth` and `s2s_require_encryption` have been set in conflicting ways
  • S2S: Warn if no local network addresses were found, preventing successful s2s
  • MUC: Fix traceback when a non-occupant tried to change an occupant's role
  • MUC: API: Fire an event when temporary rooms are destroyed after the last person leaves
  • Telnet: Fixed traceback when listing users
  • Telnet: Apply normalization to JIDs in user management commands
  • HTTP: Fix directory detection in file server on Windows
  • Plugins: Fix paths on Windows
  • MOTD: Don't strip blank lines from the message provided in the config
  • prosodyctl: Better error reporting when generating certificates
  • Makefile: Improve FreeBSD compatibility
  • Multiple fixes to our migration tools, and support for importing MUCs from ejabberd


For packages, please see our download page.


You can grab a tarball of prosody-0.9.4.tar.gz (OpenPGP signed), or grab the latest 0.9 source from Mercurial with:

hg clone https://hg.prosody.im/0.9 prosody-0.9

More information on dealing with Prosody's source can be found at these links: