July 12th, 2010· New optional libevent backend
· mod_proxy65: XEP-0065 SOCKS5 Bytestreams proxy
· SASL: Support for Cyrus SASL backend (allows LDAP, PAM, …)
· SASL: Support for SCRAM-SHA-1 mechanism
· SASL: Forbid insecure PLAIN authentication on unencrypted connections by default
· Port multiplexing: Allow multiple services on a single port (XMPP, HTTP)
· MUC: Room destruction, and other features/fixes
· mod_compression: Support stream compression between servers now, as well as clients
· SSL: Disable SSLv2 protocol by default as it is insecure
· PEP: Support for on-demand item retrieval
· Errors: Show the reason server-to-server connections fail
· MUC: Add support for non-anonymous rooms
· mod_bosh: Cross-domain ('proxy-less') request support using CORS.
· mod_privacy: XEP-0016: Privacy Lists
· MUC: Show precise error when users are kicked from rooms
May 13th, 2010· libevent: Better connection scaling
· mod_proxy65: XEP-0065: SOCKS5 Bytestreams proxy
· SASL: Support for Cyrus SASL backend
· SASL: Support for SCRAM-SHA-1 mechanism
· SASL: Allow insecure PLAIN authentication on encrypted connections only by default
· Compression: Support stream compression between servers now, as well as clients
· SSL: Disable SSLv2 protocol by default as it is insecure
· PEP: Support for on-demand item retrieval to allow User Avatar support
· Port multiplexing: Allow multiple services (c2s, s2s, HTTP/BOSH) on a single port
· Errors: Return the exact reason when server-to-server connections fail
· MUC: Add support for non-anonymous rooms (real JIDs visible to all)
· MUC: Allow destruction of rooms by owners
· BOSH: Cross-domain request support, avoiding the need for proxies
· mod_privacy: XEP-0016: Privacy Lists
· MUC: Show precise error when users are kicked from rooms
April 29th, 2010Severe:
· Disable SSLv2 by default
· Fix cases in XML handling which could emit invalid XML to clients
· Multiple signals in quick succession could send the server into a loop
Important:
· Fix case where data sent immediately before a socket close could be lost
· Make [c2s|s2s]_require_encryption enforce encryption in all cases
· More robust detection of already-running Prosody instances
· Fix small memory leak in HTTP and BOSH
· Ensure the correct namespace is always set on s2s stanzas (for M-Link compatibility)
· Fix the algorithm for selecting a SRV target from DNS
Compliance:
· Multiple compatibility fixes for presence subscription logic
· Remove subscriptions to/from contacts on account deletion
· Make sure to stamp a 'to' on outgoing stream headers in all cases
· Restrict topic-changing to moderators in MUC rooms
· Don't allow visitors (no voice) to send messages in MUC rooms
· Fixes for PEP to make it work with Pidgin's avatar storage
· Disallow registration of empty usernames
· Better handling of presence requests for server hosts
· Correctly send nicks instead of JIDs in MUC role configuration
· Put the correct namespace on in error stanzas
· Fix handling of CNAME DNS records written in uppercase
· Reflect the user's own presence back to them
· Allow non-stanzas between auth and resource binding (for Pandion's compression)
· Allow any admin or moderator to kick occupants from MUC rooms
Minor:
· Improve generation of MIME types from the HTTP server
· Add message to error stanzas describing why an s2s connection failed
· Allow prosodyctl to still work when stty is not available (OpenWRT)
· Ensure that math.randomseed() is always passed an integer (OpenWRT)
· Compatibility with LuaRocks 2.x
· Improve performance by not forcing garbage collection in many cases
· Allow s2s TLS to be disabled with s2s_allow_encryption = false
· Handle gracefully the inability to create new connections (open file limit)
November 27th, 2009· Fixed a critical bug in the roster storage.
November 19th, 2009· PEP: Fix sending of iq replies on publish
· MUC: Add MUC namespace to errors (fixes Gajim's behaviour)
· BOSH: Fix reply for host-unknown errors
· More reliably prevent adding yourself to your roster
· Fix leaked session object when XEP-0114 components disconnect
· Apply nodeprep (i.e. case normalization) to usernames at login
· Implement timeout for s2s dialback responses
· Correctly fall back on alternate DNS nameservers if one fails
· More robust parsing of resolv.conf
· mod_httpserver: Allow configuration of HTTP base path
· mod_console: Gracefully close streams when using s2s:close()
· Fix libidn crash on Vista and some other Windows systems
Find us on Google+
