0.9.6 Release Notes

Released: 2014-10-15

We are pleased to announce Prosody 0.9.6, the latest release of our stable 0.9 branch. This is mainly a bug fix release, with security and interoperability implications.

Note: If you are upgrading from 0.8.x or earlier, please read the 0.9.0 upgrade notes!

Note: This release disables SSLv3 by default, which has been shown to be insecure when used by clients. Clients that only support SSLv3 will no longer be able to connect. There are not many of these nowadays, but they exist.

A summary of changes in this release:

  • certmanager, net.http: Disable SSLv3 by default
  • net.http.parser: Support status code 101 and allow handling of the received data by plugins
  • util.filters: Ignore filters being added twice (fixes issues on removal, i.e. when some plugins are reloaded/unloaded)
  • mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error
  • Networking API: Add 'ondetach' callback for listener objects, to prevent leaks when connections have their listener changed
  • core.stanza_router: Stricter validation of stanzas
  • mod_admin_adhoc: Mark 'accountjids' field as required in 'end user sessions' command (thanks Lloyd)
  • mod_admin_adhoc: Add required to field in user deletion form too
  • net.dns: Avoid duplicate cache entries
  • util.stanza: Escape newlines and tabs (\r\n\t) when serializing stanzas.
  • util/dataforms: Make sure we iterate over field tags only
  • mod_s2s: Capitalize log message
  • mod_pubsub: Fix error type of 'forbidden' (change from 'cancel' to 'auth')

Download

For packages, please see our download page.

Source

You can grab a tarball of prosody-0.9.6.tar.gz (OpenPGP signed), or grab the latest 0.9 source from Mercurial with:

hg clone https://hg.prosody.im/0.9 prosody-0.9

More information on dealing with Prosody's source can be found at these links: