--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-a48bf86c27
2020-10-09 16:13:29.640182
--------------------------------------------------------------------------------
Name : prosody
Product : Fedora 32
Version : 0.11.7
Release : 1.fc32
URL :
https://prosody.im/
Summary : Flexible communications server for Jabber/XMPP
Description :
Prosody is a flexible communications server for Jabber/XMPP written in Lua.
It aims to be easy to use, and light on resources. For developers it aims
to be easy to extend and give a flexible system on which to rapidly develop
added functionality, or prototype new protocols.
--------------------------------------------------------------------------------
Update Information:
Prosody 0.11.7 ============== This is a security release for the 0.11.x stable
branch. It is strongly recommended that all users upgrade to this release,
especially those whose deployments have enabled `mod_websocket`. As well as
upgrading, we recommend all public deployments to review and configure the
`c2s_stanza_size_limit` and `s2s_stanza_size_limit` options to values they are
comfortable with. The value is specified in bytes, and the XMPP specification
requires values to be at least 10000 bytes, however it also recommends against
just setting the limit to 10000 bytes. We are working to obtain data on real-
world stanza sizes in order to determine sensible defaults suitable for a future
release. Security ======== * mod_websocket: Enforce size limits on received
frames (fixes #1593) Fixes and improvements ====================== *
mod_c2s, mod_s2s: Make stanza size limits configurable * Add configuration
options to control Lua garbage collection parameters * net.http: Backport SNI
support for outgoing HTTP requests (#409) * mod_websocket: Process all data in
the buffer on close frame and connection errors (fixes #1474, #1234) *
util.indexedbheap: Fix heap data structure corruption, causing some timers to
fail after a reschedule (fixes #1572) Prosody 0.11.6 ============== This
release brings a collection of fixes and improvements added since the 0.11.5
release improving security, performance, usability and interoperability. This
version continues the deprecation of using `prosodyctl` to start/stop Prosody.
Fixes and improvements ====================== * mod_storage_internal: Fix
error in time limited queries on items without ���when��� field, fixes #1557 *
mod_carbons: Fix handling of incoming MUC PMs #1540 * mod_csi_simple: Consider
XEP-0353: Jingle Message Initiation important * mod_http_files: Avoid using
inode in etag, fixes #1498: Fail to download file on FreeBSD *
mod_admin_telnet: Create a DNS resolver per console session (fixes #1492: Telnet
console DNS commands reduced usefulness) * core.certmanager: Move EECDH
ciphers before EDH in default cipherstring (fixes #1513) * mod_s2s: Escape
invalid XML in loggin (same way as mod_c2s) (fixes #1574: Invalid XML input on
s2s connection is logged unescaped) * mod_muc: Allow control over the server-
admins-are-room-owners feature (see #1174) * mod_muc_mam: Remove spoofed
archive IDs before archiving (fixes #1552: MUC MAM may strip its own archive id)
* mod_muc_mam: Fix stanza id filter event name, fixes #1546: mod_muc_mam does
not strip spoofed stanza ids * mod_muc_mam: Fix missing advertising of
XEP-0359, fixes #1547: mod_muc_mam does not advertise stanza-id Minor changes
============= * net.http API: Add `request:cancel()` method * net.http API:
Fix traceback on invalid URL passed to request() * MUC: Persist
affiliation_data in new MUC format * mod_websocket: Fire event on session
creation (thanks Aaron van Meerten) * MUC: Always include ���affiliation���/���role���
attributes, defaulting to ���none��� if nil * mod_tls: Log when certificates are
(re)loaded * mod_vcard4: Report correct error condition (fixes #1521:
mod_vcard4 reports wrong error) * net.http: Re-expose `destroy_request()`
function (fixes unintentional API breakage) * net.http.server: Strip port from
Host header in IPv6 friendly way (fix #1302) * util.prosodyctl: Tell prosody
do daemonize via command line flag (fixes #1514) * SASL: Apply saslprep where
necessary, fixes #1560: Login fails if password contains special chars *
net.http.server: Fix reporting of missing Host header * util.datamanager API:
Fix iterating over ���users��� (thanks marc0s) * net.resolvers.basic: Default
conn_type to ���tcp��� consistently if unspecified (thanks marc0s) *
mod_storage_sql: Fix check for deletion limits (fixes #1494) *
mod_admin_telnet: Handle unavailable cipher info (fixes #1510: mod_admin_telnet
backtrace) * Log warning when using `prosodyctl start/stop/restart` *
core.certmanager: Look for `privkey.pem` to go with `fullchain.pem` (fixes
#1526) * mod_storage_sql: Add index covering sort_id to improve performance
(fixes #1505) * mod_mam,mod_muc_mam: Allow other work to be performed during
archive cleanup (fixes #1504) * mod_muc_mam: Don���t strip MUC tags, fix #1567:
MUC tags stripped by mod_muc_mam * mod_pubsub, mod_pep: Ensure correct number
of children of (fixes #1496) * mod_register_ibr: Add FORM_TYPE as required by
XEP-0077 (fixes #1511) * mod_muc_mam: Fix traceback saving message from non-
occupant (fixes #1497) * util.startup: Remove duplicated initialization of
logging (fix #1527: startup: Logging initialized twice)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 1 2020 Robert Scheck <robert(a)fedoraproject.org> 0.11.7-1
- Upgrade to 0.11.7 (#1877424)
* Wed Sep 9 2020 Robert Scheck <robert(a)fedoraproject.org> 0.11.6-1
- Upgrade to 0.11.6 (#1877424)
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.5-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 30 2020 Tom Callaway <spot(a)fedoraproject.org> - 0.11.5-3
- fix build with lua 5.4
* Tue Jun 30 2020 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.11.5-2
- Rebuilt for Lua 5.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1877424 - prosody-0.11.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1877424
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-a48bf86c27' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------