FEDORA-EPEL-2020-9eaf8d2e11 created by robert 2 months ago for Fedora EPEL 7
stable

Prosody 0.11.7

This is a security release for the 0.11.x stable branch. It is strongly recommended that all users upgrade to this release, especially those whose deployments have enabled mod_websocket.

As well as upgrading, we recommend all public deployments to review and configure the c2s_stanza_size_limit and s2s_stanza_size_limit options to values they are comfortable with. The value is specified in bytes, and the XMPP specification requires values to be at least 10000 bytes, however it also recommends against just setting the limit to 10000 bytes. We are working to obtain data on real-world stanza sizes in order to determine sensible defaults suitable for a future release.

Security

  • mod_websocket: Enforce size limits on received frames (fixes #1593)

Fixes and improvements

  • mod_c2s, mod_s2s: Make stanza size limits configurable
  • Add configuration options to control Lua garbage collection parameters
  • net.http: Backport SNI support for outgoing HTTP requests (#409)
  • mod_websocket: Process all data in the buffer on close frame and connection errors (fixes #1474, #1234)
  • util.indexedbheap: Fix heap data structure corruption, causing some timers to fail after a reschedule (fixes #1572)

Prosody 0.11.6

This release brings a collection of fixes and improvements added since the 0.11.5 release improving security, performance, usability and interoperability.

This version continues the deprecation of using prosodyctl to start/stop Prosody.

Fixes and improvements

  • mod_storage_internal: Fix error in time limited queries on items without ‘when’ field, fixes #1557
  • mod_carbons: Fix handling of incoming MUC PMs #1540
  • mod_csi_simple: Consider XEP-0353: Jingle Message Initiation important
  • mod_http_files: Avoid using inode in etag, fixes #1498: Fail to download file on FreeBSD
  • mod_admin_telnet: Create a DNS resolver per console session (fixes #1492: Telnet console DNS commands reduced usefulness)
  • core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513)
  • mod_s2s: Escape invalid XML in loggin (same way as mod_c2s) (fixes #1574: Invalid XML input on s2s connection is logged unescaped)
  • mod_muc: Allow control over the server-admins-are-room-owners feature (see #1174)
  • mod_muc_mam: Remove spoofed archive IDs before archiving (fixes #1552: MUC MAM may strip its own archive id)
  • mod_muc_mam: Fix stanza id filter event name, fixes #1546: mod_muc_mam does not strip spoofed stanza ids
  • mod_muc_mam: Fix missing advertising of XEP-0359, fixes #1547: mod_muc_mam does not advertise stanza-id

Minor changes

  • net.http API: Add request:cancel() method
  • net.http API: Fix traceback on invalid URL passed to request()
  • MUC: Persist affiliation_data in new MUC format
  • mod_websocket: Fire event on session creation (thanks Aaron van Meerten)
  • MUC: Always include ‘affiliation’/‘role’ attributes, defaulting to ‘none’ if nil
  • mod_tls: Log when certificates are (re)loaded
  • mod_vcard4: Report correct error condition (fixes #1521: mod_vcard4 reports wrong error)
  • net.http: Re-expose destroy_request() function (fixes unintentional API breakage)
  • net.http.server: Strip port from Host header in IPv6 friendly way (fix #1302)
  • util.prosodyctl: Tell prosody do daemonize via command line flag (fixes #1514)
  • SASL: Apply saslprep where necessary, fixes #1560: Login fails if password contains special chars
  • net.http.server: Fix reporting of missing Host header
  • util.datamanager API: Fix iterating over “users” (thanks marc0s)
  • net.resolvers.basic: Default conn_type to ‘tcp’ consistently if unspecified (thanks marc0s)
  • mod_storage_sql: Fix check for deletion limits (fixes #1494)
  • mod_admin_telnet: Handle unavailable cipher info (fixes #1510: mod_admin_telnet backtrace)
  • Log warning when using prosodyctl start/stop/restart
  • core.certmanager: Look for privkey.pem to go with fullchain.pem (fixes #1526)
  • mod_storage_sql: Add index covering sort_id to improve performance (fixes #1505)
  • mod_mam,mod_muc_mam: Allow other work to be performed during archive cleanup (fixes #1504)
  • mod_muc_mam: Don’t strip MUC tags, fix #1567: MUC tags stripped by mod_muc_mam
  • mod_pubsub, mod_pep: Ensure correct number of children of (fixes #1496)
  • mod_register_ibr: Add FORM_TYPE as required by XEP-0077 (fixes #1511)
  • mod_muc_mam: Fix traceback saving message from non-occupant (fixes #1497)
  • util.startup: Remove duplicated initialization of logging (fix #1527: startup: Logging initialized twice)

This update has been submitted for testing by robert.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update has been pushed to testing.

2 months ago

This update can be pushed to stable now if the maintainer wishes

a month ago

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
a month ago
BZ#1877424 prosody-0.11.7 is available
0
0

Automated Test Results