Update Info


Security update for prosody

Type: security
Severity: moderate
Issued: 2021-07-08
This update for prosody fixes the following issues:

- Update to 0.11.9:
  * mod_limits, prosody.cfg.lua: Enable rate limits by default
  * certmanager: Disable renegotiation by default
  * mod_proxy65: Restrict access to local c2s connections by default
  * util.startup: Set more aggressive defaults for GC
  * mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits
  * mod_authinternal{plain,hashed}: Use constant-time string comparison for secrets
  * mod_dialback: Remove dialback-without-dialback feature
  * mod_dialback: Use constant-time comparison with hmac
- Prosody XMPP server advisory 2021-05-12 (boo#1186027)
  * Including CVE-2021-32919, CVE-2021-32917, CVE-2021-32917, CVE-2021-32920, CVE-2021-32918



  • prosody-0.11.9-bp153.2.3.1