Released: 2020-09-09


This release brings a collection of fixes and improvements added since the 0.11.5 release improving security, performance, usability and interoperability.

This version continues the deprecation of using prosodyctl to start/stop Prosody if it is installed system-wide. You should use your init system’s appropriate commands to manage the Prosody process instead. You can silence the warnings with the ‘prosodyctl_service_warnings’ option. Init scripts should invoke prosody directly as the correct user, and pass -F or -D depending on whether Prosody should stay in the foreground or detach (daemonize).


Summary of all changes in this release:

Fixes and improvements

  • mod_storage_internal: Fix error in time limited queries on items without ‘when’ field, fixes #1557
  • mod_carbons: Fix handling of incoming MUC PMs #1540
  • mod_csi_simple: Consider XEP-0353: Jingle Message Initiation important
  • mod_http_files: Avoid using inode in etag, fixes #1498: Fail to download file on FreeBSD
  • mod_admin_telnet: Create a DNS resolver per console session (fixes #1492: Telnet console DNS commands reduced usefulness)
  • core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513)
  • mod_s2s: Escape invalid XML in logging (same way as mod_c2s) (fixes #1574: Invalid XML input on s2s connection is logged unescaped)
  • mod_muc: Allow control over the server-admins-are-room-owners feature (see #1174)
  • mod_muc_mam: Remove spoofed archive IDs before archiving (fixes #1552: MUC MAM may strip its own archive id)
  • mod_muc_mam: Fix stanza id filter event name, fixes #1546: mod_muc_mam does not strip spoofed stanza ids
  • mod_muc_mam: Fix missing advertising of XEP-0359, fixes #1547: mod_muc_mam does not advertise stanza-id

Minor changes

  • net.http API: Add request:cancel() method
  • net.http API: Fix traceback on invalid URL passed to request()
  • MUC: Persist affiliation_data in new MUC format
  • mod_websocket: Fire event on session creation (thanks Aaron van Meerten)
  • MUC: Always include ‘affiliation’/‘role’ attributes, defaulting to ‘none’ if nil
  • mod_tls: Log when certificates are (re)loaded
  • mod_vcard4: Report correct error condition (fixes #1521: mod_vcard4 reports wrong error)
  • net.http: Re-expose destroy_request() function (fixes unintentional API breakage)
  • net.http.server: Strip port from Host header in IPv6 friendly way (fix #1302)
  • util.prosodyctl: Tell prosody do daemonize via command line flag (fixes #1514)
  • SASL: Apply saslprep where necessary, fixes #1560: Login fails if password contains special chars
  • net.http.server: Fix reporting of missing Host header
  • util.datamanager API: Fix iterating over “users” (thanks marc0s)
  • net.resolvers.basic: Default conn_type to ‘tcp’ consistently if unspecified (thanks marc0s)
  • mod_storage_sql: Fix check for deletion limits (fixes #1494)
  • mod_admin_telnet: Handle unavailable cipher info (fixes #1510: mod_admin_telnet backtrace)
  • Log warning when using prosodyctl start/stop/restart
  • core.certmanager: Look for privkey.pem to go with fullchain.pem (fixes #1526)
  • mod_storage_sql: Add index covering sort_id to improve performance (fixes #1505)
  • mod_mam,mod_muc_mam: Allow other work to be performed during archive cleanup (fixes #1504)
  • mod_muc_mam: Don’t strip MUC tags, fix #1567: MUC tags stripped by mod_muc_mam
  • mod_pubsub, mod_pep: Ensure correct number of children of (fixes #1496)
  • mod_register_ibr: Add FORM_TYPE as required by XEP-0077 (fixes #1511)
  • mod_muc_mam: Fix traceback saving message from non-occupant (fixes #1497)
  • util.startup: Remove duplicated initialization of logging (fix #1527: startup: Logging initialized twice)


As usual, download instructions for many platforms can be found on our download page

If you have any questions, comments or other issues with this release, let us know!