stable

prosody-0.12.1-1.el7

FEDORA-EPEL-2022-d3d9c987da created by robert 12 months ago for Fedora EPEL 7

Prosody 0.12.1

Summary

While the 0.12.0 release has been a huge success, inevitably people found some aspects that didn’t work quite as intended, or weren’t as polished as they ought to be. With the appreciation for the help from everyone reporting issues to upstream, upstream is happy to now release their best version yet - 0.12.1 is here!

Notably, upstream made a couple of changes that improve compatibility with Jitsi Meet, upstream fixed some bugs in their newly-extended XEP-0227 support, invites, and DNS handling. Upstream also improved compatibility with some less common platforms.

Changes

Summary of all changes in this release:

Fixes and improvements

  • mod_http (and dependent modules): Make CORS opt-in by default
  • mod_http: Reintroduce support for disabling or limiting CORS
  • net.unbound: Disable use of hosts file by default
  • MUC: Allow kicking users with the same affiliation as the kicker (improves Jitsi Meet compatibility)
  • mod_tombstones: Add caching to improve performance on busy servers (inefficient I/O with internal storage)

Minor changes

  • prosodyctl check config: Report paths of loaded configuration files
  • prosodyctl about: Report version of lua-readline
  • prosodyctl: check config: Skip bare JID components in orphan check
  • prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
  • prosodyctl: check turn: warn about external port mismatches behind NAT
  • mod_turn_external: Update status and friendlier handling of missing secret option
  • prosodyctl: Pass server when listing (outdated) plugins (prosodyctl list --outdated does not handle multiple versions of a module)
  • util.prosodyctl: check turn: ensure a result is always returned from a check
  • util.prosodyctl: check turn: Report lack of TURN services as a problem
  • util.random: Ensure that native random number generator works before using it, falling back to /dev/urandom
  • mod_storage_xep0227: Fix mapping of nodes without explicit configuration
  • mod_admin_shell: Fix error in ‘module:info()’ when statistics is not enabled
  • mod_admin_socket: Compat for luasocket prior to unix datagram support
  • mod_admin_socket: Improve error reporting when socket can’t be created
  • mod_cron: Record last time a task runs to ensure correct intervals
  • core.moduleapi, core.modulemanager: Fix internal flag affecting logging in in some global modules, like mod_http
  • core.certmanager: Expand debug messages about cert lookups in index
  • configmanager: Clearer errors when providing unexpected values after VirtualHost
  • mod_storage_xep0227: Support basic listing of PEP nodes in absence of pubsub#admin data
  • mod_storage_xep0227: Handle missing {pubsub#owner}pubsub element (mod_storage_xep0227 tracebacks reading non-existent PEP store)
  • mod_storage_xep0227: Fix conversion of SCRAM into internal format
  • mod_external_services: Move error message to correct place (misplaced textual error message)
  • mod_smacks: Fix handling of unhandled stanzas on disconnect
  • mod_smacks: Fix counting of handled stanzas
  • mod_smacks: Fix bounce of stanzas directed to full JID on unclean disconnect
  • mod_pubsub: Don’t attempt to use server actor as publisher
  • mod_s2s: Improve robustness of outgoing s2s certificate verification
  • mod_invites_adhoc: Fall back to generic allow_user_invites for role-less users
  • mod_invites_register: Push invitee contact entry to inviter
  • util.startup: Show error for unrecognized command-line arguments passed to ‘prosody’
  • util.jsonpointer: Add tests, compat improvements and minor fixes
  • util.jsonschema: Lua version compat improvements

Prosody 0.12.0

See upstream's blog post at https://blog.prosody.im/prosody-0.12.0-released/ for a full overview of the release features.

Upgrading

If you are upgrading from a previous release, upstream generally expect things to go smoothly for you.

There have been a lot of changes and improvements in the default config file that is shipped with Prosody. After the upgrade, you can review the new configuration file and incorporate any changes into your existing config.

To be clear, it is expected that Prosody 0.12 will function correctly on any config file that is compatible with 0.11. No changes are required, however there may be some recommendations - such as options that have been deprecated or replaced.

The best way to find these is to run ‘prosodyctl check config’, before and after you upgrade, which will find most issues and suggest a solution.

Common issues

HTTP ports bind to localhost by default

The HTTP port (which is on 5280 by default) now listens on localhost by default, because it is unencrypted. The HTTPS port (5281 by default) continues to listen on all interfaces by default.

If you want to allow unencrypted HTTP connections from remote locations, you can provide a list of local IP addresses to listen on using the http_interfaces global configuration option. The behaviour of 0.11 and older versions of Prosody can be achieved by adding to the global section of your config file:

-- Allow unencrypted HTTP connections
http_interfaces = { "0.0.0.0", "::" }

mod_auth_cyrus moved to community module repository

If you used mod_auth_cyrus (e.g. authentication = "cyrus") but do not have the community modules repository (aka ‘prosody-modules’) installed, you will not be able to log in after updating to 0.12.

You have three options:

  • Install mod_auth_cyrus from prosody-modules, or
  • If you are using LDAP, consider migrating to mod_auth_ldap which is now bundled with Prosody

Lua version support

Prosody 0.12 supports the following Lua versions:

  • Lua 5.1 (deprecated, but still functional - Prosody 0.12.x will be the last Prosody series to support Lua 5.1)
  • Lua 5.2 (supported)
  • Lua 5.3 (supported)
  • Lua 5.4 (recommended, only if 5.4-compatible dependencies are available)

You can check the version of Lua that Prosody runs with using the command prosodyctl about.

Changes

New in this release

Modules

Security and authentication

  • Unencrypted HTTP port (5280) restricted to loopback by default
  • require_encryption options default to ‘true’ if unspecified
  • Authentication module defaults to ‘internal_hashed’ if unspecified
  • SNI support (including automatic certificate selection)
  • ALPN support in mod_net_multiplex
  • DANE support in low-level network layer
  • Direct TLS support (c2s and s2s)
  • SCRAM-SHA-256
  • Direct TLS (including https) certificates are now updated on reload
  • Pluggable authorization providers (mod_authz_*)
  • Easy use of Mozilla TLS recommendations presets

HTTP

  • CORS handling now provided by mod_http
  • Built-in HTTP server now handles HEAD requests
  • Uploads can be handled incrementally

API

  • Module statuses (API change)
  • util.error for encapsulating errors
  • Promise based API for sending queries
  • API for adding periodic tasks
  • More APIs supporting ES6 Promises
  • Async can be used during shutdown

Other

  • Plugin installer
  • MUC presence broadcast controls
  • MUC: support for XEP-0421 occupant identifiers
  • prosodyctl check connectivity via observe.jabber.network
  • STUN/TURN server tests in prosodyctl check
  • libunbound for DNS queries
  • The POSIX poll() API used by server_epoll on *nix other than Linux

Changed in this release

  • Improved rules for mobile optimizations in mod_csi_simple
  • Improved rules for what messages should be archived in mod_mam
  • mod_limits: Support for exempt JIDs
  • mod_server_contact_info now loaded on components if enabled
  • Statistics now based on OpenMetrics
  • Statistics scheduling can be done by plugin
  • Offline messages aren’t sent to MAM clients
  • Archive quotas (maximum limit on items in an archive store)
  • Rewritten migrator with archive support
  • Improved automatic certificate locating and selecting
  • Logging to syslog no longer missing startup messages
  • Graceful shutdown sequence that closes ports first and waits for connections to close

Removed in this release

  • daemonize option deprecated
  • SASL DIGEST-MD5 removed
  • mod_auth_cyrus (older LDAP support)
  • Network backend server_select deprecated (not actually removed yet)

This update has been submitted for testing by robert.

12 months ago

This update's test gating status has been changed to 'ignored'.

12 months ago

This update has been pushed to testing.

12 months ago

This update has been submitted for stable by bodhi.

12 months ago

This update has been pushed to stable.

12 months ago

Please login to add feedback.

Metadata
Type
enhancement
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
12 months ago
in testing
12 months ago
in stable
12 months ago
BZ#2063943 prosody-0.12.1 is available
0
0

Automated Test Results