Modules:
* A number of popular modules have transitioned from community modules into Prosody with this release:
+ mod_cloud_notify
+ mod_http_altconnect
* And the following modules are completely new:
+ mod_account_activity
+ mod_flags
+ mod_s2s_auth_dane_in
+ mod_server_info
Administration:
* New ‘prosodyctl check features’ recommends configuration improvements
* mod_announce: Add shell commands to send messages to all users, online users, or limited by roles
* New mod_account_activity plugin records last login/logout time of a user account
* New ‘watch log’ command to follow live debug logs at runtime
* Similarly, ‘watch stanzas’ can be used to capture XML logs in real-time
Networking:
* Honour ‘weight’ parameter during SRV record selection
* Support for RFC 8305 “Happy Eyeballs” to improve IPv4/IPv6 connectivity
* Support for TCP Fast Open in server_epoll (pending LuaSocket support)
* Support for deferred accept in server_epoll (pending LuaSocket support)
MUC:
* Component admins are no longer room owners by default. This can be reverted to the
old behaviour with component_admins_as_room_owners = true, but this has known
incompatibilities with some clients. Instead, use the shell or ad-hoc commands to
gain ownership of rooms when necessary.
* Permissions updates:
+ Room creation restricted to local users (of the parent host) by default
restrict_room_creation = true restricts to admins, false disables all restrictions
+ Persistent rooms can only be created by local users (parent host) by default
muc_room_allow_persistent = false restricts to admins
+ Public rooms can only be created by local users (parent host) by default
muc_room_allow_public = false restricts to admins
* Commands to show occupants and affiliations in the Shell
* Save ‘reason’ text supplied with affiliation change
* Owners can set MUC avatars (functionality previously in community module mod_vcard_muc)
Security and authentication:
* New role and permissions framework and API
* Ability to disable and enable user accounts
* A “grace period” is now supported for deletion requests via in-band registration
* Advertise supported SASL Channel-Binding types (XEP-0440)
* Implement RFC 9266 ‘tls-exporter’ channel binding with TLS 1.3
* Implement ‘tls-server-end-point’ channel binding
* Full DANE support for s2s
* No longer check certificate Common Names per RFC 9525
Storage:
* Performance improvements in internal archive stores
* Ability to use SQLite3 storage with LuaSQLite3 instead of LuaDBI
* SQLCipher support
Module API for developers:
* New ‘keyval+’ combined keyval/map store type
* Config interface API can require that string values be picked from a provided set
* Acceptable interval can be specified for number options
* Method for parsing time periods / intervals from config
* Method for retrieving integer settings from config
* It is now easy for modules to expose a Prosody shell command, by adding a shell-command item
* Modules can now implement a module.ready method which will be called after server initialization
* module:depends() now accepts a second parameter ‘soft’ to enable soft dependencies
Configuration file:
* The configuration file now supports referring and appending to options previously set
* Direct usage of the Lua API in the config file is deprecated, but can now be accessed via Lua.* instead
* Convenience functions for reading values from files, with variant meant for credentials
or secrets (e.g. from systemd-creds)
Changed in this release:
* Support sub-second precision timestamps
* mod_blocklist: New option ‘migrate_legacy_blocking’ to disable migration from mod_privacy
* Moved all modules into the Lua namespace prosody.
* Forwarded header from RFC 7239 supported, disabled by default
* mod_http_file_share now uses roles framework, affecting access from e.g. components
* Intervals of mod_cron managed periodic jobs made configurable
* When mod_smacks is enabled, s2s connections not responding to ack requests are closed.
* Arguments to prosodyctl shell that start with ‘:’ are now turned into method calls
* Support for Type=notify and notify-reload systemd service type added
* Support for the roster group access_model in mod_pep
* Support for systemd socket activation in server_epoll
* mod_invites_adhoc gained a command for creating password resets
* [mod_cloud_notify] imported from community modules for push notification support
* [mod_http_altconnect] imported from community modules, simplifying web clients
Removed in this release:
* Lua 5.1 support
* XEP-0090 support removed from mod_time
* util.rfc6724
See also:
* https://blog.prosody.im/prosody-13.0.0-released/
* https://prosody.im/doc/release/13.0.0
- Update to 0.12.5:
Fixes and improvements:
* mod_blocklist: Drop blocked messages without error, option to restore compliant behavior
Minor changes:
* core.certmanager: Validate that ‘tls_profile’ is one of the valid values
* net.http: Throw error if missing TLS context for HTTPS request
* net.http.parser: Reject overlarge header section earlier
* net.http.files: Validate argument to setup function
* MUC: optimizations for broadcast of visitor presence (thanks Jitsi team)
* net.server_event: Add ‘wrapserver’ API
* scansion: Enable blocklist compat during tests to fix CI
* prosodyctl check: Warn about invalid domain names in the config file
* util.prosodyctl.check: Correct modern replacement for ‘disallow_s2s’
* util.prosodyctl.cert: Ensure old cert is moved out of the way
* util.prosodyctl.check: Improve error handling of UDP socket setup (for #1803)
* mod_smacks: Destroy timed out session in async context (fixes#1884:
ASYNC-01 in mod_smacks hibernation timeout)
* mod_invites: Fix traceback when token_info isn’t set
* mod_admin_shell: Allow matching on host or bare JID in c2s:show
* mod_admin_adhoc: Fix log messages for reloading modules.
* core.moduleapi: Default labels to empty list to fix error if omitted
* mod_muc_mam: Improve wording of enable setting
* mod_bookmarks: Suppress error publishing empty legacy bookmarks w/ no PEP node
* mod_bookmarks: Clarify log messages on failure to sync to modern PEP bookmarks
* mod_invites_adhoc: Fix result form type (thanks betarays)
* mod_disco: Advertise disco#info and #items on bare JIDs to fix
#1664: mod_disco on account doesn’t return disco#info feature
* util.xtemplate: Fix error on applying each() to zero stanzas
OBS-URL: https://build.opensuse.org/request/show/1234586
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=39
- Update to 0.12.4:
* core.certmanager: Update Mozilla TLS config to version 5.7
* util.error: Fix error on conversion of invalid error stanza #1805
* util.array: Fix new() library function
* util.array: Expose new() on module table
* prosodyctl: Fix output of error messages containing ‘%’
* util.prosodyctl.check: Correct suggested replacement for ‘disallow_s2s’
* util.prosodyctl.check: Allow same config syntax variants as in Prosody for some options #896
* util.prosodyctl.check: Fix error where hostname can’t be turned into A label
* util.prosodyctl.check: Hint about the ‘external_addresses’ config option
* util.prosodyctl.check: Suggest ‘http_cors_override’ instead of older CORS settings
* util.prosodyctl.check: Validate format of module list options
* mod_websocket: Add a ‘pre-session-close’ event #1800
* mod_smacks: Fix stray watchdog closing sessions
* mod_csi_simple: Disable revert-to-inactive timer when going to active mode
* mod_csi_simple: Clear delayed active mode timer on disable
* mod_admin_shell: Fix display of remote cert status when expired etc
* mod_smacks: Replace existing watchdog when starting hibernation
* mod_http: Fix error if ‘access_control_allow_origins’ is set
* mod_pubsub: Send correct ‘jid’ attribute in disco#items
* mod_http: Unhook CORS handlers only if active to fix an error #1801
* mod_s2s: Add event where resolver for s2sout can be tweaked
OBS-URL: https://build.opensuse.org/request/show/1109423
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=36
* core.certmanager: Update Mozilla TLS config to version 5.7
* util.error: Fix error on conversion of invalid error stanza #1805
* util.array: Fix new() library function
* util.array: Expose new() on module table
* prosodyctl: Fix output of error messages containing ‘%’
* util.prosodyctl.check: Correct suggested replacement for ‘disallow_s2s’
* util.prosodyctl.check: Allow same config syntax variants as in Prosody for some options #896
* util.prosodyctl.check: Fix error where hostname can’t be turned into A label
* util.prosodyctl.check: Hint about the ‘external_addresses’ config option
* util.prosodyctl.check: Suggest ‘http_cors_override’ instead of older CORS settings
* util.prosodyctl.check: Validate format of module list options
* mod_websocket: Add a ‘pre-session-close’ event #1800
* mod_smacks: Fix stray watchdog closing sessions
* mod_csi_simple: Disable revert-to-inactive timer when going to active mode
* mod_csi_simple: Clear delayed active mode timer on disable
* mod_admin_shell: Fix display of remote cert status when expired etc
* mod_smacks: Replace existing watchdog when starting hibernation
* mod_http: Fix error if ‘access_control_allow_origins’ is set
* mod_pubsub: Send correct ‘jid’ attribute in disco#items
* mod_http: Unhook CORS handlers only if active to fix an error #1801
* mod_s2s: Add event where resolver for s2sout can be tweaked
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=90
- Update to 0.12.3:
Fixes and improvements:
* mod_storage_sql: Don’t avoid initialization under prosodyctl
(fix#1787: mod_storage_sql changes (d580e6a57cbb) breaks prosodyctl)
* mod_storage_sql: Fix for breaking change in certain MySQL versions (#1639)
* prosodyctl check dns: Check for Direct TLS SRV records even if not configured (#1793)
Minor changes:
* mod_websocket: Fire pre-session-close event (fixes#1800: mod_websocket:
cleanly-closed sessions are hibernated by mod_smacks)
* sessionmanager: Mark session as destroyed to prevent reentry (fixes#1781)
* mod_admin_socket: Return error on unhandled input to prevent apparent freeze
* configure: Fix quoting of $LUA_SUFFIX (thanks shellcheck/Zash)
* net.http.parser: Improve handling of responses without content-length
* net.http.parser: Fix off-by-one error in chunk parser
* net.http.server: Add new API to get HTTP request from a connection
* net.http.server: Fix double close of file handle in chunked mode with opportunistic writes (#1789)
* util.prosodyctl.shell: Close state on exit to fix saving shell history
* mod_invites: Prefer landing page over xmpp URI in shell command
* mod_muc_mam: Add mam#extended form fields #1796
* mod_muc_mam: Copy “include total” behavior from mod_mam
* util.startup: Close state on exit to ensure GC finalizers are called
OBS-URL: https://build.opensuse.org/request/show/1067095
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=35
Fixes and improvements:
* mod_storage_sql: Don’t avoid initialization under prosodyctl
(fix#1787: mod_storage_sql changes (d580e6a57cbb) breaks prosodyctl)
* mod_storage_sql: Fix for breaking change in certain MySQL versions (#1639)
* prosodyctl check dns: Check for Direct TLS SRV records even if not configured (#1793)
Minor changes:
* mod_websocket: Fire pre-session-close event (fixes#1800: mod_websocket:
cleanly-closed sessions are hibernated by mod_smacks)
* sessionmanager: Mark session as destroyed to prevent reentry (fixes#1781)
* mod_admin_socket: Return error on unhandled input to prevent apparent freeze
* configure: Fix quoting of $LUA_SUFFIX (thanks shellcheck/Zash)
* net.http.parser: Improve handling of responses without content-length
* net.http.parser: Fix off-by-one error in chunk parser
* net.http.server: Add new API to get HTTP request from a connection
* net.http.server: Fix double close of file handle in chunked mode with opportunistic writes (#1789)
* util.prosodyctl.shell: Close state on exit to fix saving shell history
* mod_invites: Prefer landing page over xmpp URI in shell command
* mod_muc_mam: Add mam#extended form fields #1796
* mod_muc_mam: Copy “include total” behavior from mod_mam
* util.startup: Close state on exit to ensure GC finalizers are called
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=88
- Update to 0.12.2:
Fixes and improvements:
* util.stanza: Allow U+7F when constructing stazas
* net.unbound: Preserve built-in defaults and Prosodys settings for
luaunbound (fixes#1763: luaunbound not reading resolv.conf)
* mod_smacks: Disable not implemented resumption behavior on s2s
* mod_http: Allow disabling CORS in the http_cors_override option and by default
Minor changes:
* util.json: Accept empty arrays with whitespace (fixes#1782: util.json
fails to parse empty array with whitespace)
* util.stanza: Adjust number of return values to handle change in
dependency of test suite (fix test with luassert >=1.9)
* util.startup: Ensure import() is available in prosodyctl
* mod_storage_sql: Fix initialization when called from prosodyctl
* mod_storage_sql: Fix the summary API with Postgres (#1766)
* mod_admin_shell: Fixes for showing data related to disconnected sessions (fixes#1777)
* core.s2smanager: Don’t remove unrelated session on close of bidi session
* mod_smacks: Don’t send redundant requests for acknowledgement (#1761)
* mod_admin_shell: Rename commands user:roles() to user:setroles()
and user:showroles() to user:roles()
* mod_smacks: Bounce unhandled stanzas from local origin (fix#1759)
* mod_bookmarks: Reduce log level of message about not having any bookmarks
* mod_s2s: Fix firing buffer drain events
* mod_http_files: Log warning about legacy modules using mod_http_files
* util.startup: Wait for last shutdown steps
* util.datamapper: Improve handling of schemas with non-obvious “type”
* util.jsonschema: Fix validation to not assume presence of “type” field
* util.jsonschema: Use same integer/float logic on Lua 5.2 and 5.3
OBS-URL: https://build.opensuse.org/request/show/1042817
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=32
Fixes and improvements:
* util.stanza: Allow U+7F when constructing stazas
* net.unbound: Preserve built-in defaults and Prosodys settings for
luaunbound (fixes#1763: luaunbound not reading resolv.conf)
* mod_smacks: Disable not implemented resumption behavior on s2s
* mod_http: Allow disabling CORS in the http_cors_override option and by default
Minor changes:
* util.json: Accept empty arrays with whitespace (fixes#1782: util.json
fails to parse empty array with whitespace)
* util.stanza: Adjust number of return values to handle change in
dependency of test suite (fix test with luassert >=1.9)
* util.startup: Ensure import() is available in prosodyctl
* mod_storage_sql: Fix initialization when called from prosodyctl
* mod_storage_sql: Fix the summary API with Postgres (#1766)
* mod_admin_shell: Fixes for showing data related to disconnected sessions (fixes#1777)
* core.s2smanager: Don’t remove unrelated session on close of bidi session
* mod_smacks: Don’t send redundant requests for acknowledgement (#1761)
* mod_admin_shell: Rename commands user:roles() to user:setroles()
and user:showroles() to user:roles()
* mod_smacks: Bounce unhandled stanzas from local origin (fix#1759)
* mod_bookmarks: Reduce log level of message about not having any bookmarks
* mod_s2s: Fix firing buffer drain events
* mod_http_files: Log warning about legacy modules using mod_http_files
* util.startup: Wait for last shutdown steps
* util.datamapper: Improve handling of schemas with non-obvious “type”
* util.jsonschema: Fix validation to not assume presence of “type” field
* util.jsonschema: Use same integer/float logic on Lua 5.2 and 5.3
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=82
- Update to 0.12.1:
Fixes and improvements:
* mod_http (and dependent modules): Make CORS opt-in by default (#1731)
* mod_http: Reintroduce support for disabling or limiting CORS (#1730)
* net.unbound: Disable use of hosts file by default (fixes#1737)
* MUC: Allow kicking users with the same affiliation as the kicker (fixes#1724 and improves Jitsi Meet compatibility)
* mod_tombstones: Add caching to improve performance on busy servers (fixes#1728: mod_tombstone: inefficient I/O with internal storage)
Minor changes:
* prosodyctl check config: Report paths of loaded configuration files (#1729)
* prosodyctl about: Report version of lua-readline
* prosodyctl: check config: Skip bare JID components in orphan check
* prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
* prosodyctl: check turn: warn about external port mismatches behind NAT
* mod_turn_external: Update status and friendlier handling of missing secret option (#1727)
* prosodyctl: Pass server when listing (outdated) plugins (fix#1738: prosodyctl list --outdated does not handle multiple versions of a module)
* util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus)
* util.prosodyctl: check turn: Report lack of TURN services as a problem #1749
* util.random: Ensure that native random number generator works before using it, falling back to /dev/urandom (#1734)
* mod_storage_xep0227: Fix mapping of nodes without explicit configuration
* mod_admin_shell: Fix error in ‘module:info()’ when statistics is not enabled (#1754)
* mod_admin_socket: Compat for luasocket prior to unix datagram support
* mod_admin_socket: Improve error reporting when socket can’t be created (#1719)
* mod_cron: Record last time a task runs to ensure correct intervals (#1751)
* core.moduleapi, core.modulemanager: Fix internal flag affecting logging in in some global modules, like mod_http (#1736, #1748)
* core.certmanager: Expand debug messages about cert lookups in index
* configmanager: Clearer errors when providing unexpected values after VirtualHost (#1735)
* mod_storage_xep0227: Support basic listing of PEP nodes in absence of pubsub#admin data
* mod_storage_xep0227: Handle missing {pubsub#owner}pubsub element (fixes#1740: mod_storage_xep0227 tracebacks reading non-existent PEP store)
* mod_storage_xep0227: Fix conversion of SCRAM into internal format (#1741)
* mod_external_services: Move error message to correct place (fix#1725: mod_external_services: Misplaced textual error message)
OBS-URL: https://build.opensuse.org/request/show/981547
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=31
Fixes and improvements:
* mod_http (and dependent modules): Make CORS opt-in by default (#1731)
* mod_http: Reintroduce support for disabling or limiting CORS (#1730)
* net.unbound: Disable use of hosts file by default (fixes#1737)
* MUC: Allow kicking users with the same affiliation as the kicker (fixes#1724 and improves Jitsi Meet compatibility)
* mod_tombstones: Add caching to improve performance on busy servers (fixes#1728: mod_tombstone: inefficient I/O with internal storage)
Minor changes:
* prosodyctl check config: Report paths of loaded configuration files (#1729)
* prosodyctl about: Report version of lua-readline
* prosodyctl: check config: Skip bare JID components in orphan check
* prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
* prosodyctl: check turn: warn about external port mismatches behind NAT
* mod_turn_external: Update status and friendlier handling of missing secret option (#1727)
* prosodyctl: Pass server when listing (outdated) plugins (fix#1738: prosodyctl list --outdated does not handle multiple versions of a module)
* util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus)
* util.prosodyctl: check turn: Report lack of TURN services as a problem #1749
* util.random: Ensure that native random number generator works before using it, falling back to /dev/urandom (#1734)
* mod_storage_xep0227: Fix mapping of nodes without explicit configuration
* mod_admin_shell: Fix error in ‘module:info()’ when statistics is not enabled (#1754)
* mod_admin_socket: Compat for luasocket prior to unix datagram support
* mod_admin_socket: Improve error reporting when socket can’t be created (#1719)
* mod_cron: Record last time a task runs to ensure correct intervals (#1751)
* core.moduleapi, core.modulemanager: Fix internal flag affecting logging in in some global modules, like mod_http (#1736, #1748)
* core.certmanager: Expand debug messages about cert lookups in index
* configmanager: Clearer errors when providing unexpected values after VirtualHost (#1735)
* mod_storage_xep0227: Support basic listing of PEP nodes in absence of pubsub#admin data
* mod_storage_xep0227: Handle missing {pubsub#owner}pubsub element (fixes#1740: mod_storage_xep0227 tracebacks reading non-existent PEP store)
* mod_storage_xep0227: Fix conversion of SCRAM into internal format (#1741)
* mod_external_services: Move error message to correct place (fix#1725: mod_external_services: Misplaced textual error message)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=80
- Update to 0.12.0:
Modules:
* mod_mimicking: Prevent address spoofing
* mod_s2s_bidi: Bi-directional server-to-server connections (XEP-0288)
* mod_external_services: Generic XEP-0215 support
* mod_turn_external: Easy setup of XEP-0215 for STUN/TURN for audio/video calls
* mod_http_file_share: File sharing via HTTP (XEP-0363)
* mod_http_openmetrics: Expose metrics to Prometheus and compatible monitoring systems
* mod_smacks: Stream management and resumption (XEP-0198)
* mod_auth_ldap: LDAP authentication
* mod_cron: One module to rule all the periodic tasks
* mod_admin_shell: New home of the Console admin interface
* mod_admin_socket: Enable secure connections to the Console
* mod_tombstones: Prevent re-registration of deleted accounts
* mod_invites: Create and manage invites
* mod_invites_register: Allow registering accounts using invites
* mod_invites_adhoc: Create invites via ad-hoc command
* mod_bookmarks: Synchronise open rooms between clients
Security and authentication:
* Unencrypted HTTP port (5280) restricted to loopback by default
* require_encryption options default to ‘true’ if unspecified
* Authentication module defaults to ‘internal_hashed’ if unspecified
* SNI support (including automatic certificate selection)
* ALPN support in mod_net_multiplex
* DANE support in low-level network layer
* Direct TLS support (c2s and s2s)
* SCRAM-SHA-256
* Direct TLS (including https) certificates are now updated on reload
* Pluggable authorization providers (mod_authz_*)
* Easy use of Mozilla TLS recommendations presets
OBS-URL: https://build.opensuse.org/request/show/962612
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=30
Modules:
* mod_mimicking: Prevent address spoofing
* mod_s2s_bidi: Bi-directional server-to-server connections (XEP-0288)
* mod_external_services: Generic XEP-0215 support
* mod_turn_external: Easy setup of XEP-0215 for STUN/TURN for audio/video calls
* mod_http_file_share: File sharing via HTTP (XEP-0363)
* mod_http_openmetrics: Expose metrics to Prometheus and compatible monitoring systems
* mod_smacks: Stream management and resumption (XEP-0198)
* mod_auth_ldap: LDAP authentication
* mod_cron: One module to rule all the periodic tasks
* mod_admin_shell: New home of the Console admin interface
* mod_admin_socket: Enable secure connections to the Console
* mod_tombstones: Prevent re-registration of deleted accounts
* mod_invites: Create and manage invites
* mod_invites_register: Allow registering accounts using invites
* mod_invites_adhoc: Create invites via ad-hoc command
* mod_bookmarks: Synchronise open rooms between clients
Security and authentication:
* Unencrypted HTTP port (5280) restricted to loopback by default
* require_encryption options default to ‘true’ if unspecified
* Authentication module defaults to ‘internal_hashed’ if unspecified
* SNI support (including automatic certificate selection)
* ALPN support in mod_net_multiplex
* DANE support in low-level network layer
* Direct TLS support (c2s and s2s)
* SCRAM-SHA-256
* Direct TLS (including https) certificates are now updated on reload
* Pluggable authorization providers (mod_authz_*)
* Easy use of Mozilla TLS recommendations presets
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=78
- Update to 0.11.11:
Fixes and improvements:
* net.server_epoll: Prioritize network events over timers to improve
performance under heavy load
* mod_pep: Add some memory usage limits
* mod_pep: Prevent creation of services for non-existent users
* mod_pep: Free resources on user deletion (needed a restart previously)
Minor changes:
* mod_pep: Free resources on reload
* mod_c2s: Indicate stream secure state in error text when no stream features to offer
* MUC: Fix logic for access to affiliation lists
* net.server_epoll: Improvements to shutdown procedure #1670
* net.server_epoll: Fix potential issue with rescheduling of timers
* prosodyctl: Fix to ensure LuaFileSystem is loaded when needed
* util.startup: Fix handling of unknown command line flags (e.g. -h)
* Fix version number reported as ‘unknown’ on *BSD
OBS-URL: https://build.opensuse.org/request/show/943791
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=26
Fixes and improvements:
* net.server_epoll: Prioritize network events over timers to improve
performance under heavy load
* mod_pep: Add some memory usage limits
* mod_pep: Prevent creation of services for non-existent users
* mod_pep: Free resources on user deletion (needed a restart previously)
Minor changes:
* mod_pep: Free resources on reload
* mod_c2s: Indicate stream secure state in error text when no stream features to offer
* MUC: Fix logic for access to affiliation lists
* net.server_epoll: Improvements to shutdown procedure #1670
* net.server_epoll: Fix potential issue with rescheduling of timers
* prosodyctl: Fix to ensure LuaFileSystem is loaded when needed
* util.startup: Fix handling of unknown command line flags (e.g. -h)
* Fix version number reported as ‘unknown’ on *BSD
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=74
- Update to 0.11.9:
Security:
* mod_limits, prosody.cfg.lua: Enable rate limits by default
* certmanager: Disable renegotiation by default
* mod_proxy65: Restrict access to local c2s connections by default
* util.startup: Set more aggressive defaults for GC
* mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits
* mod_authinternal{plain,hashed}: Use constant-time string comparison for secrets
* mod_dialback: Remove dialback-without-dialback feature
* mod_dialback: Use constant-time comparison with hmac
Minor changes
* util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
* mod_c2s: Don’t throw errors in async code when connections are gone
* mod_c2s: Fix traceback in session close when conn is nil
* core.certmanager: Improve detection of LuaSec/OpenSSL capabilities
* mod_saslauth: Use a defined SASL error
* MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#info
* mod_saslauth: Don’t throw errors in async code when connections are gone
* mod_pep: Advertise base pubsub feature (fixes#1632: mod_pep missing pubsub feature in disco)
* prosodyctl check config: Add ‘gc’ to list of global options
* prosodyctl about: Report libexpat version if known
* util.xmppstream: Add API to dynamically configure the stanza size limit for a stream
* util.set: Add is_set() to test if an object is a set
* mod_http: Skip IP resolution in non-proxied case
* mod_c2s: Log about missing conn on async state changes
* util.xmppstream: Reduce internal default xmppstream limit to 1MB
- Relevant: https://prosody.im/security/advisory_20210512
* boo#1186027: Prosody XMPP server advisory 2021-05-12
* CVE-2021-32919
* CVE-2021-32917
OBS-URL: https://build.opensuse.org/request/show/893045
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=23
- Update to 0.11.9:
Security:
* mod_limits, prosody.cfg.lua: Enable rate limits by default
* certmanager: Disable renegotiation by default
* mod_proxy65: Restrict access to local c2s connections by default
* util.startup: Set more aggressive defaults for GC
* mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits
* mod_authinternal{plain,hashed}: Use constant-time string comparison for secrets
* mod_dialback: Remove dialback-without-dialback feature
* mod_dialback: Use constant-time comparison with hmac
Minor changes
* util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
* mod_c2s: Don’t throw errors in async code when connections are gone
* mod_c2s: Fix traceback in session close when conn is nil
* core.certmanager: Improve detection of LuaSec/OpenSSL capabilities
* mod_saslauth: Use a defined SASL error
* MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#info
* mod_saslauth: Don’t throw errors in async code when connections are gone
* mod_pep: Advertise base pubsub feature (fixes#1632: mod_pep missing pubsub feature in disco)
* prosodyctl check config: Add ‘gc’ to list of global options
* prosodyctl about: Report libexpat version if known
* util.xmppstream: Add API to dynamically configure the stanza size limit for a stream
* util.set: Add is_set() to test if an object is a set
* mod_http: Skip IP resolution in non-proxied case
* mod_c2s: Log about missing conn on async state changes
* util.xmppstream: Reduce internal default xmppstream limit to 1MB
OBS-URL: https://build.opensuse.org/request/show/892942
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=68
- Update to 0.11.8:
Security:
* mod_saslauth: Disable ‘tls-unique’ channel binding with TLS 1.3 (#1542)
Fixes and improvements:
* net.websocket.frames: Improve websocket masking performance by using the new util.strbitop
* util.strbitop: Library for efficient bitwise operations on strings
Minor changes:
* MUC: Correctly advertise whether the subject can be changed (#1155)
* MUC: Preserve disco ‘node’ attribute (or lack thereof) in responses (#1595)
* MUC: Fix logic bug causing unnecessary presence to be sent (#1615)
* mod_bosh: Fix error if client tries to connect to component (#425)
* mod_bosh: Pick out the ‘wait’ before checking it instead of earlier
* mod_pep: Advertise base PubSub feature (#1632)
* mod_pubsub: Fix notification stanza type setting (#1605)
* mod_s2s: Prevent keepalives before client has established a stream
* net.adns: Fix bug that sent empty DNS packets (#1619)
* net.http.server: Don’t send Content-Length on 1xx/204 responses (#1596)
* net.websocket.frames: Fix length calculation bug (#1598)
* util.dbuffer: Make length API in line with Lua strings
* util.dbuffer: Optimize substring operations
* util.debug: Fix locals being reported under wrong stack frame in some cases
* util.dependencies: Fix check for Lua bitwise operations library (#1594)
* util.interpolation: Fix combination of filters and fallback values #1623
* util.promise: Preserve tracebacks
* util.stanza: Reject ASCII control characters (#1606)
* timers: Ensure timers can’t block other processing (#1620)
OBS-URL: https://build.opensuse.org/request/show/872807
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=22
Security:
* mod_saslauth: Disable ‘tls-unique’ channel binding with TLS 1.3 (#1542)
Fixes and improvements:
* net.websocket.frames: Improve websocket masking performance by using the new util.strbitop
* util.strbitop: Library for efficient bitwise operations on strings
Minor changes:
* MUC: Correctly advertise whether the subject can be changed (#1155)
* MUC: Preserve disco ‘node’ attribute (or lack thereof) in responses (#1595)
* MUC: Fix logic bug causing unnecessary presence to be sent (#1615)
* mod_bosh: Fix error if client tries to connect to component (#425)
* mod_bosh: Pick out the ‘wait’ before checking it instead of earlier
* mod_pep: Advertise base PubSub feature (#1632)
* mod_pubsub: Fix notification stanza type setting (#1605)
* mod_s2s: Prevent keepalives before client has established a stream
* net.adns: Fix bug that sent empty DNS packets (#1619)
* net.http.server: Don’t send Content-Length on 1xx/204 responses (#1596)
* net.websocket.frames: Fix length calculation bug (#1598)
* util.dbuffer: Make length API in line with Lua strings
* util.dbuffer: Optimize substring operations
* util.debug: Fix locals being reported under wrong stack frame in some cases
* util.dependencies: Fix check for Lua bitwise operations library (#1594)
* util.interpolation: Fix combination of filters and fallback values #1623
* util.promise: Preserve tracebacks
* util.stanza: Reject ASCII control characters (#1606)
* timers: Ensure timers can’t block other processing (#1620)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=66
- Update to 0.11.7:
Security:
* mod_websocket: Enforce size limits on received frames (fixes#1593)
Fixes and improvements:
* mod_c2s, mod_s2s: Make stanza size limits configurable
* Add configuration options to control Lua garbage collection parameters
* net.http: Backport SNI support for outgoing HTTP requests (#409)
* mod_websocket: Process all data in the buffer on close frame and connection errors (fixes#1474, #1234)
* util.indexedbheap: Fix heap data structure corruption, causing some timers to fail after a reschedule (fixes#1572)
OBS-URL: https://build.opensuse.org/request/show/839107
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=21
Security:
* mod_websocket: Enforce size limits on received frames (fixes#1593)
Fixes and improvements:
* mod_c2s, mod_s2s: Make stanza size limits configurable
* Add configuration options to control Lua garbage collection parameters
* net.http: Backport SNI support for outgoing HTTP requests (#409)
* mod_websocket: Process all data in the buffer on close frame and connection errors (fixes#1474, #1234)
* util.indexedbheap: Fix heap data structure corruption, causing some timers to fail after a reschedule (fixes#1572)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=64
- Update to 0.11.6:
Fixes and improvements:
* mod_storage_internal: Fix error in time limited queries on items without ‘when’ field, fixes#1557
* mod_carbons: Fix handling of incoming MUC PMs #1540
* mod_csi_simple: Consider XEP-0353: Jingle Message Initiation important
* mod_http_files: Avoid using inode in etag, fixes#1498: Fail to download file on FreeBSD
* mod_admin_telnet: Create a DNS resolver per console session (fixes#1492: Telnet console DNS commands reduced usefulness)
* core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes#1513)
* mod_s2s: Escape invalid XML in loggin (same way as mod_c2s) (fixes#1574: Invalid XML input on s2s connection is logged unescaped)
* mod_muc: Allow control over the server-admins-are-room-owners feature (see #1174)
* mod_muc_mam: Remove spoofed archive IDs before archiving (fixes#1552: MUC MAM may strip its own archive id)
* mod_muc_mam: Fix stanza id filter event name, fixes#1546: mod_muc_mam does not strip spoofed stanza ids
* mod_muc_mam: Fix missing advertising of XEP-0359, fixes#1547: mod_muc_mam does not advertise stanza-id
Minor changes:
* net.http API: Add request:cancel() method
* net.http API: Fix traceback on invalid URL passed to request()
* MUC: Persist affiliation_data in new MUC format
* mod_websocket: Fire event on session creation (thanks Aaron van Meerten)
* MUC: Always include ‘affiliation’/‘role’ attributes, defaulting to ‘none’ if nil
* mod_tls: Log when certificates are (re)loaded
* mod_vcard4: Report correct error condition (fixes#1521: mod_vcard4 reports wrong error)
* net.http: Re-expose destroy_request() function (fixes unintentional API breakage)
* net.http.server: Strip port from Host header in IPv6 friendly way (fix#1302)
* util.prosodyctl: Tell prosody do daemonize via command line flag (fixes#1514)
* SASL: Apply saslprep where necessary, fixes#1560: Login fails if password contains special chars
* net.http.server: Fix reporting of missing Host header
* util.datamanager API: Fix iterating over “users” (thanks marc0s)
* net.resolvers.basic: Default conn_type to ‘tcp’ consistently if unspecified (thanks marc0s)
* mod_storage_sql: Fix check for deletion limits (fixes#1494)
* mod_admin_telnet: Handle unavailable cipher info (fixes#1510: mod_admin_telnet backtrace)
OBS-URL: https://build.opensuse.org/request/show/833724
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=20
Fixes and improvements:
* mod_storage_internal: Fix error in time limited queries on items without ‘when’ field, fixes#1557
* mod_carbons: Fix handling of incoming MUC PMs #1540
* mod_csi_simple: Consider XEP-0353: Jingle Message Initiation important
* mod_http_files: Avoid using inode in etag, fixes#1498: Fail to download file on FreeBSD
* mod_admin_telnet: Create a DNS resolver per console session (fixes#1492: Telnet console DNS commands reduced usefulness)
* core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes#1513)
* mod_s2s: Escape invalid XML in loggin (same way as mod_c2s) (fixes#1574: Invalid XML input on s2s connection is logged unescaped)
* mod_muc: Allow control over the server-admins-are-room-owners feature (see #1174)
* mod_muc_mam: Remove spoofed archive IDs before archiving (fixes#1552: MUC MAM may strip its own archive id)
* mod_muc_mam: Fix stanza id filter event name, fixes#1546: mod_muc_mam does not strip spoofed stanza ids
* mod_muc_mam: Fix missing advertising of XEP-0359, fixes#1547: mod_muc_mam does not advertise stanza-id
Minor changes:
* net.http API: Add request:cancel() method
* net.http API: Fix traceback on invalid URL passed to request()
* MUC: Persist affiliation_data in new MUC format
* mod_websocket: Fire event on session creation (thanks Aaron van Meerten)
* MUC: Always include ‘affiliation’/‘role’ attributes, defaulting to ‘none’ if nil
* mod_tls: Log when certificates are (re)loaded
* mod_vcard4: Report correct error condition (fixes#1521: mod_vcard4 reports wrong error)
* net.http: Re-expose destroy_request() function (fixes unintentional API breakage)
* net.http.server: Strip port from Host header in IPv6 friendly way (fix#1302)
* util.prosodyctl: Tell prosody do daemonize via command line flag (fixes#1514)
* SASL: Apply saslprep where necessary, fixes#1560: Login fails if password contains special chars
* net.http.server: Fix reporting of missing Host header
* util.datamanager API: Fix iterating over “users” (thanks marc0s)
* net.resolvers.basic: Default conn_type to ‘tcp’ consistently if unspecified (thanks marc0s)
* mod_storage_sql: Fix check for deletion limits (fixes#1494)
* mod_admin_telnet: Handle unavailable cipher info (fixes#1510: mod_admin_telnet backtrace)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=62
- Update to 0.11.4:
Fixes and improvements:
* core.rostermanager: Improve performance by caching rosters of offline #1233
* mod_pep: Handling subscriptions more efficiently #1372
Minor changes:
* util.interpolation: Support unescaped variables with more modifiers #1452
* MUC: Mark source of historic messages correctly #1416
* mod_auth_internal_hashed: Pass on errors #1477
* mod_mam, mod_muc_mam: Improve logging of failures #1478, #1480, #1481
* mod_muc, mod_muc_mam: Reschedule message expiry in case of failure
* mod_mam: Add flag to session when it performs a MAM query
* prosodyctl check: Warn about conflict between mod_pep and mod_pep_simple
* prosodyctl check: Warn about conflict between mod_vcard and mod_vcard_legacy #1469
* core.modulemanager: Disable mod_vcard if mod_vcard_legacy is enabled to prevent conflict #1469
* MUC: Strip tags with MUC-related namespaces from private messages #1427
* MUC: Don’t advertise registration feature on host #1451
* mod_vcard_legacy: Fix handling of empty photo elements #1432
* mod_vcard_legacy: Advertise lack of avatar correctly #1431
* prosodyctl: Handle if the setting proxy65_address has the wrong type
* prosodyctl: Print a blank line to improve spacing and readability
* MUC: Fix role loss in Nickname change #1466
* util.pposix: Fix reporting of memory usage in 2-4GB range #1445
* util.startup: Fix a regression concerning directory paths #1430
* mod_websocket: Don’t mask WebSocket pong answers #1484
* net.resolvers: Apply IDNA conversion to ascii for DNS lookups (affects only HTTP queries) #1426
* net.resolvers.basic: Fix resolution of IPv6 literals (in brackets) #1459
OBS-URL: https://build.opensuse.org/request/show/765696
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=18
Fixes and improvements:
* core.rostermanager: Improve performance by caching rosters of offline #1233
* mod_pep: Handling subscriptions more efficiently #1372
Minor changes:
* util.interpolation: Support unescaped variables with more modifiers #1452
* MUC: Mark source of historic messages correctly #1416
* mod_auth_internal_hashed: Pass on errors #1477
* mod_mam, mod_muc_mam: Improve logging of failures #1478, #1480, #1481
* mod_muc, mod_muc_mam: Reschedule message expiry in case of failure
* mod_mam: Add flag to session when it performs a MAM query
* prosodyctl check: Warn about conflict between mod_pep and mod_pep_simple
* prosodyctl check: Warn about conflict between mod_vcard and mod_vcard_legacy #1469
* core.modulemanager: Disable mod_vcard if mod_vcard_legacy is enabled to prevent conflict #1469
* MUC: Strip tags with MUC-related namespaces from private messages #1427
* MUC: Don’t advertise registration feature on host #1451
* mod_vcard_legacy: Fix handling of empty photo elements #1432
* mod_vcard_legacy: Advertise lack of avatar correctly #1431
* prosodyctl: Handle if the setting proxy65_address has the wrong type
* prosodyctl: Print a blank line to improve spacing and readability
* MUC: Fix role loss in Nickname change #1466
* util.pposix: Fix reporting of memory usage in 2-4GB range #1445
* util.startup: Fix a regression concerning directory paths #1430
* mod_websocket: Don’t mask WebSocket pong answers #1484
* net.resolvers: Apply IDNA conversion to ascii for DNS lookups (affects only HTTP queries) #1426
* net.resolvers.basic: Fix resolution of IPv6 literals (in brackets) #1459
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=58
- Update to 0.11.3:
* MUC: Advertise XEP-0410 support
* mod_muc_mam: Import cleanup mechanism from mod_mam (fixes#672: mod_muc_mam: Archive expiry)
* mod_bosh: Handle missing wait attribute (fixes#1288: BOSH: Traceback on missing ‘wait’ attribute)
* mod_storage_sql: Handle SQLite DELETE with LIMIT being optional (fixes#1359: Sqlite3 archive_store:delete error in prepared statement)
* mod_c2s: Fixed#1313: attempt to call a field ‘data’ (a nil value))
* net.server_epoll: Restore wantread flag after pause (fixes#1354: server_epoll: Race in chunked reads)
* util.encodings: Allow unassigned code points in ICU mode to match libidn behavior (fixes#1348: Different treatment of unassigned code points between libidn and ICU )
* util.ip: Add missing netmask for 192.168⁄16 range (fixes#1343)
* util.hashes: Use HMAC function provided by OpenSSL (fixes#1345: util.hashes: HMAC-SHA-512 implementation broken)
* net.dns: Close resolv.conf handle when done (fixes#1342)
* mod_websocket: Clone stanza before mutating (fixes#1398: mod_websocket leaks explicit xmlns attr)
* mod_announce: Check for admin on current virtualhost instead of global (fixes#1365: “host admins” should be able to use mod_announce as well as “global admins”) (thanks yc)
* mod_blocklist: Trigger resend of presence when unblocking a contact (fixes#1380: Prosody does not send presence when unblocking (XEP-0191))
* mod_vcard_legacy: Multiple improvements (fixes#1289: mod_vcard_legacy upgrade experience):
- mod_vcard_legacy: Don’t overwrite existing PEP data
- mod_vcard_legacy: Handle partial migration
- mod_vcard_legacy: Allow disabling vcard conversion
- mod_vcard_legacy: Adapt node defaults to number of avatars
* mod_muc_mam: Strip the stanza ‘to’ attribute (fixes#1259: [muc_mam] forwarded stanza has a “to” attribute while spec says it MUST NOT)
* util.pubsub: Validate node configuration on node creation (fixes#1328: Pubsub: Node configuration not validated on node creation)
* mod_pep/mod_pubsub: Simplify configuration for storage of node data (fixes#1320)
* MUC: Fix delay@from to be room JID (fixes#1416: MUC: Wrong delay@from on historic messages)
* mod_mam/mod_muc_mam: Cache last date that archive owner has messages to reduce writes (fixes#1368: Archive cleanup doubles number of storage access)
* mod_mam: Perform message expiry based on building an index by date (backport of 39ee70fbb009 from trunk)
- For details see: https://blog.prosody.im/prosody-0.11.3-released/
- Remove prosody-0.11-upstream-fixes.patch
OBS-URL: https://build.opensuse.org/request/show/735557
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=17
* MUC: Advertise XEP-0410 support
* mod_muc_mam: Import cleanup mechanism from mod_mam (fixes#672: mod_muc_mam: Archive expiry)
* mod_bosh: Handle missing wait attribute (fixes#1288: BOSH: Traceback on missing ‘wait’ attribute)
* mod_storage_sql: Handle SQLite DELETE with LIMIT being optional (fixes#1359: Sqlite3 archive_store:delete error in prepared statement)
* mod_c2s: Fixed#1313: attempt to call a field ‘data’ (a nil value))
* net.server_epoll: Restore wantread flag after pause (fixes#1354: server_epoll: Race in chunked reads)
* util.encodings: Allow unassigned code points in ICU mode to match libidn behavior (fixes#1348: Different treatment of unassigned code points between libidn and ICU )
* util.ip: Add missing netmask for 192.168⁄16 range (fixes#1343)
* util.hashes: Use HMAC function provided by OpenSSL (fixes#1345: util.hashes: HMAC-SHA-512 implementation broken)
* net.dns: Close resolv.conf handle when done (fixes#1342)
* mod_websocket: Clone stanza before mutating (fixes#1398: mod_websocket leaks explicit xmlns attr)
* mod_announce: Check for admin on current virtualhost instead of global (fixes#1365: “host admins” should be able to use mod_announce as well as “global admins”) (thanks yc)
* mod_blocklist: Trigger resend of presence when unblocking a contact (fixes#1380: Prosody does not send presence when unblocking (XEP-0191))
* mod_vcard_legacy: Multiple improvements (fixes#1289: mod_vcard_legacy upgrade experience):
- mod_vcard_legacy: Don’t overwrite existing PEP data
- mod_vcard_legacy: Handle partial migration
- mod_vcard_legacy: Allow disabling vcard conversion
- mod_vcard_legacy: Adapt node defaults to number of avatars
* mod_muc_mam: Strip the stanza ‘to’ attribute (fixes#1259: [muc_mam] forwarded stanza has a “to” attribute while spec says it MUST NOT)
* util.pubsub: Validate node configuration on node creation (fixes#1328: Pubsub: Node configuration not validated on node creation)
* mod_pep/mod_pubsub: Simplify configuration for storage of node data (fixes#1320)
* MUC: Fix delay@from to be room JID (fixes#1416: MUC: Wrong delay@from on historic messages)
* mod_mam/mod_muc_mam: Cache last date that archive owner has messages to reduce writes (fixes#1368: Archive cleanup doubles number of storage access)
* mod_mam: Perform message expiry based on building an index by date (backport of 39ee70fbb009 from trunk)
- For details see: https://blog.prosody.im/prosody-0.11.3-released/
- Remove prosody-0.11-upstream-fixes.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=56
- Update to 0.11.2:
* mod_csi_simple: Multiple enhancements to built-in ‘importance’ rules (fixes#1250)
* mod_vcard_legacy: Limit injection of XEP-0153 to normal presence (fixes#1252)
* util.datetime: Make sure timezone difference is calculated correctly (fixes#1262)
* MUC: Fix traceback when requesting voice (fixes#1269) (thanks jonas’)
* MUC: Adjust priorities of muc-get-default-role handlers (fixes#1272)
* MUC: Allow changing data attached to an only owner (fixes#1273)
* Multiple fixes and improvements to our experimental epoll (non-libevent) backend
* util.stanza: Deserialize stanza without mutating input (fixes#711)
* mod_mam: Only accept valid JIDs in and prefs. (fixes#1275)
* util.pubsub: Restore subscription index from stored data (fixes#1281)
* prosodyctl check: Add statisticsmanager settings to known global options
* util.startup: Always reload logging after config (fixes#1284)
* mod_posix: Don’t reload log files twice
- Run spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/664301
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=50
- Update to 0.11.0:
* Rewritten more extensible MUC module
+ Store inactive rooms to disk
+ Store rooms to disk on shutdown
+ Voice requests
+ Tombstones in place of destroyed rooms
* PubSub features
+ Persistence
+ Affiliations
+ Access models
+ "publish-options"
* PEP now uses our pubsub code and now shares the above features
* Asynchronous operations
* Busted for tests
* mod\_muc\_mam (XEP-0313 in groupchats)
* mod\_vcard\_legacy (XEP-0398)
* mod\_vcard4 (XEP-0292)
* mod\_csi, mod\_csi\_simple (XEP-0352)
* New experimental network backend "epoll"
- For more details see:
* https://blog.prosody.im/prosody-0-11-0-released/
* https://prosody.im/doc/release/0.11.0#upgrade_notes
- Remove prosody-makefile.patch: configure supports --libdir now
- Update prosody-configure.patch: no libdir manipulation required
- Update prosody-cfg.patch: refresh and remove posix part.
It's enabled by default.
OBS-URL: https://build.opensuse.org/request/show/651085
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=12
* Rewritten more extensible MUC module
+ Store inactive rooms to disk
+ Store rooms to disk on shutdown
+ Voice requests
+ Tombstones in place of destroyed rooms
* PubSub features
+ Persistence
+ Affiliations
+ Access models
+ "publish-options"
* PEP now uses our pubsub code and now shares the above features
* Asynchronous operations
* Busted for tests
* mod\_muc\_mam (XEP-0313 in groupchats)
* mod\_vcard\_legacy (XEP-0398)
* mod\_vcard4 (XEP-0292)
* mod\_csi, mod\_csi\_simple (XEP-0352)
* New experimental network backend "epoll"
- For more details see:
* https://blog.prosody.im/prosody-0-11-0-released/
* https://prosody.im/doc/release/0.11.0#upgrade_notes
- Remove prosody-makefile.patch: configure supports --libdir now
- Update prosody-configure.patch: no libdir manipulation required
- Update prosody-cfg.patch: refresh and remove posix part.
It's enabled by default.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=46
- Update to 0.10.1:
Security:
* SQL: Ensure user archives are purged when a user account is deleted (fixes #1009[1])
Fixes and improvements:
* Core: More robust signal handling (fixes #1047[2], #1029[3])
* MUC: Ensure that elements which match our from are stripped (fixes #1055[4])
* MUC: More robust handling of storage failures (fixes #1091[5], #1091[5])
* mod_mam: Ensure a user's archiving preferences apply even when they are offline (fixes #1024[6])
* Compatibility improvements with LuaSec 0.7, improving curve support
* mod_stanza_debug: New module that logs full stanzas sent and received for debugging purposes
* mod_mam: Implement option to enable MAM implicitly when client support is detected (#867[7])
* mod_mam: Add an option for whether to include 'total' counts by default in queries (for performance)
* MUC: send muc#stanza_id feature as per XEP-0045 v1.31 (fixes #1097[8])
Minor changes:
* SQL: Suppress error log if a transaction failed but was retried ok
* core.stanza_router: Verify that xmlns exists for firing stanza/iq/xmlns/name events (fixes #1022[9]) (thanks SamWhited)
* mod_carbons: Synthesize a 'to' attribute for carbons of stanzas to "self" (fixes #956[10])
* Core: Re-enable timestamps by default when logging to files (fixes #1004[11])
* HTTP: Report HTML Content-Type on error pages (fixes #1030[12])
* mod_c2s: Set a default value for c2s_timeout (fixes #1036[13])
* prosodyctl: Fix traceback with lfs < 1.6.2 and show warning
* Fix incorrect '::' compression of a single 0-group which broke some IPv6 address matching
* mod_dialback: Copy function from mod_s2s instead of depending on it, which made it harder to disable s2s (fixes #1050[14])
* mod_storage_sql: Add an index to SQL archive stores to improve performance of some queries
* MUC: Don't attempt to reply to errors with more errors (fixes #1122[15])
* Module API: Fix parameter order to http client callbacks
* mod_blocklist: Allow mod_presence to handle subscription stanzas before bouncing outgoing presence (fixes #575[16])
* mod_http_files: Fix directory listing cache entries not expiring (fixes #1130[17])
OBS-URL: https://build.opensuse.org/request/show/609037
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/prosody?expand=0&rev=10
Security:
* SQL: Ensure user archives are purged when a user account is deleted (fixes #1009[1])
Fixes and improvements:
* Core: More robust signal handling (fixes #1047[2], #1029[3])
* MUC: Ensure that elements which match our from are stripped (fixes #1055[4])
* MUC: More robust handling of storage failures (fixes #1091[5], #1091[5])
* mod_mam: Ensure a user's archiving preferences apply even when they are offline (fixes #1024[6])
* Compatibility improvements with LuaSec 0.7, improving curve support
* mod_stanza_debug: New module that logs full stanzas sent and received for debugging purposes
* mod_mam: Implement option to enable MAM implicitly when client support is detected (#867[7])
* mod_mam: Add an option for whether to include 'total' counts by default in queries (for performance)
* MUC: send muc#stanza_id feature as per XEP-0045 v1.31 (fixes #1097[8])
Minor changes:
* SQL: Suppress error log if a transaction failed but was retried ok
* core.stanza_router: Verify that xmlns exists for firing stanza/iq/xmlns/name events (fixes #1022[9]) (thanks SamWhited)
* mod_carbons: Synthesize a 'to' attribute for carbons of stanzas to "self" (fixes #956[10])
* Core: Re-enable timestamps by default when logging to files (fixes #1004[11])
* HTTP: Report HTML Content-Type on error pages (fixes #1030[12])
* mod_c2s: Set a default value for c2s_timeout (fixes #1036[13])
* prosodyctl: Fix traceback with lfs < 1.6.2 and show warning
* Fix incorrect '::' compression of a single 0-group which broke some IPv6 address matching
* mod_dialback: Copy function from mod_s2s instead of depending on it, which made it harder to disable s2s (fixes #1050[14])
* mod_storage_sql: Add an index to SQL archive stores to improve performance of some queries
* MUC: Don't attempt to reply to errors with more errors (fixes #1122[15])
* Module API: Fix parameter order to http client callbacks
* mod_blocklist: Allow mod_presence to handle subscription stanzas before bouncing outgoing presence (fixes #575[16])
* mod_http_files: Fix directory listing cache entries not expiring (fixes #1130[17])
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=42
get the following bugfixes:
* core.rostermanager: Add method for checking if the user is subscribed to a contact
* mod_presence: Send probe once subscribed (fixes#794)
* mod_net_multiplex: Enable SSL on the SSL port (fixes#803)
* mod_register: Require encryption before registration if c2s_require_encryption is set (fixes#595)
* mod_saslauth: Log SASL failure reason
* mod_disco: Correctly set the 'node' attr (fixes#449)
* mod_bosh: Update session.conn to point to the current connection (fixes#890)
* net.dns: Simplify expiry calculation (fixes#919)
* mod_watchregistrations: Return the pointer to the root of the stanza, fixes#922.
* mod_disco: Add an account/registered identity on subscribed accounts, fixes#826.
* mod_welcome: Return the pointer to the root of the stanza, fixes a bug similar to #922.
* net.dns: Prevent answers from immediately expiring even if TTL=0 (see #919)
* mod_saslauth: Use correct varible name (thanks Roi)
* util.dependencies: Add compatibility code for LuaSocket no longer exporting as a global
* util.dependencies: Add comment about LuaSec compat
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=29
* Dependencies: Fix certificate verification failures when using LuaSec 0.6 (fixes#781)
* mod_s2s: Lower log message to 'warn' level, standard for remotely-triggered protocol issues
* certs/Makefile: Remove -c flag from chmod call (a GNU extension)
* Networking: Prevent writes after a handler is closed (fixes#783)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=19
* HTTP parser: Improve buffering of incoming HTTP data and add size
limits (#603)
* Sessionmanager: Fix for an issue which caused people to be kicked from conferences if mod_smacks was enabled (#648)
* Dependencies: Workaround for compatibility with LuaSec 0.6 (#749)
* MUC: Accept missing form as "instant room" request (#377)
* C2S: Fix issues with destroying disconnected connections (#590), (#641)
* mod_privacy: Fix selection of the top resource(s) #694
* mod_presence: Make sure both users get each others presence after adding each other (#673)
* mod_http_files: Fix traceback when serving a non-wildcard path (#611)
* mod_http_files: Preserve a trailing slash in paths (#639)
* util.datamanager: Fix error handling (#632)
* net.server_event: Fix internal socket API to allow writing from socket.ondrain callback (#661)
* net.server_event: Fix timeout (commit 1909bde0e79f)
* net.server_event: Fix traceback due to write during TLS handshake (commit c774622ad9db)
* net.server_event: Fix buffer length check (commit 206f9b0485ad)
- Remove prosody-upstream-0.9-branch-fixes.patch: included in update
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=16
- Move rcprosody into systemd section until we have proper sysvinit support
- Pass optflags to configure
- Install service file and create directories if needed in one run
- Dont strip debug symbols
- Dont need to verify permissions since we set them
- Create systemd tempfile properly
- Install config files with file glob
- Remove sysvinit stuff
- Cleanup systemd conditionals
- Use less rights
OBS-URL: https://build.opensuse.org/request/show/397406
OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/prosody?expand=0&rev=11
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
