2014-04-02 by The Prosody Team Compression: Disallow compression on unauthenticated streams Core: Limit default read size and maximum stanza size Core: Enable SASL EXTERNAL by default for component s2s S2S: Warn if s2s_secure_auth and s2s_require_encryption have been set in conflicting ways S2S: Warn if no local network addresses were found, preventing successful s2s MUC: Fix traceback when a non-occupant tried to change an occupant's role MUC: API: Fire an event when temporary rooms are destroyed after the last person leaves Telnet: Fixed traceback when listing users Telnet: Apply normalization to JIDs in user management commands HTTP: Fix directory detection in file server on Windows Plugins: Fix paths on Windows MOTD: Don't strip blank lines from the message provided in the config prosodyctl: Better error reporting when generating certificates Makefile: Improve FreeBSD compatibility Multiple fixes to our migration tools, and support for importing MUCs from ejabberd
This is the same as Bug ID: 507134 Also, there should be an upgrade of LuaExpat to 1.3.0 or higher. The following message from prosody 0.9.4 complains about it: The version of LuaExpat on your system does not support stanza size limits, which may leave servers on untrusted networks (e.g. the internet) vulnerable to denial-of-service attacks. You should upgrade to LuaExpat 1.3.0 or higher as soon as possible. See http://prosody.im/doc/depends#luaexpat for more information.
+*prosody-0.9.4 (16 Apr 2014) + + 16 Apr 2014; Jason A. Donenfeld <zx2c4@gentoo.org> +prosody-0.9.4.ebuild: + Version bump. +
(In reply to Ronny Boesger from comment #1) > This is the same as Bug ID: 507134 > > Also, there should be an upgrade of LuaExpat to 1.3.0 or higher. > > The following message from prosody 0.9.4 complains about it: > > > The version of LuaExpat on your system does not support stanza size limits, > which may leave servers on untrusted networks (e.g. the internet) vulnerable > to denial-of-service attacks. You should upgrade to LuaExpat 1.3.0 or higher > as soon as possible. See http://prosody.im/doc/depends#luaexpat for more > information. +*luaexpat-1.3.0 (17 Apr 2014) + + 17 Apr 2014; Jason A. Donenfeld <zx2c4@gentoo.org> +luaexpat-1.3.0.ebuild: + Version bump for prosody. +