0.12.0

Released: 2022-03-14

Summary

See our blog post for an overview of the main features and improvements this release brings.

Here you will find a summary of all major changes.

Upgrading

If you are upgrading from a previous release, we generally expect things to go smoothly for you.

There have been a lot of changes and improvements in the default config file that is shipped with Prosody. When upgrading, your package manager may prompt you - asking if you want to use the new config, or keep your own. You almost always want to keep your existing configuration file. After the upgrade, you can review the new configuration file and incorporate any changes into your existing config.

To be clear, it is expected that Prosody 0.12 will function correctly on any config file that is compatible with 0.11. No changes are required, however there may be some recommendations - such as options that have been deprecated or replaced.

The best way to find these is to run ‘prosodyctl check config’, before and after you upgrade, which will find most issues and suggest a solution.

Common issues

HTTP ports bind to localhost by default

The HTTP port (which is on 5280 by default) now listens on localhost by default, because it is unencrypted. The HTTPS port (5281 by default) continues to listen on all interfaces by default.

If you want to allow unencrypted HTTP connections from remote locations, you can provide a list of local IP addresses to listen on using the http_interfaces global configuration option. The behaviour of 0.11 and older versions of Prosody can be achieved by adding to the global section of your config file:

-- Allow unencrypted HTTP connections
http_interfaces = { "0.0.0.0", "::" }

mod_auth_cyrus moved to community module repository

If you used mod_auth_cyrus (e.g. authentication = "cyrus") but do not have the community modules repository (aka ‘prosody-modules’) installed, you will not be able to log in after updating to 0.12.

You have three options:

  • Install mod_auth_cyrus from prosody-modules, or
  • If you are using LDAP, consider migrating to mod_auth_ldap which is now bundled with Prosody

Lua version support

Prosody 0.12 supports the following Lua versions:

  • Lua 5.1 (deprecated, but still functional - Prosody 0.12.x will be the last Prosody series to support Lua 5.1)
  • Lua 5.2 (supported)
  • Lua 5.3 (supported)
  • Lua 5.4 (recommended, only if 5.4-compatible dependencies are available)

You can check the version of Lua that Prosody runs with using the command prosodyctl about.

Lua 5.4 support in distributions

At the time of writing, Lua 5.4 is the newest version of Lua, but not all operating system distributions completely support it yet.

In particular, Debian 11 (“bullseye”) supplies the main Lua 5.4 interpreter, but its packages for Prosody’s dependencies such as lua-socket, lua-sec, lua-expat and others, are not compatible with Lua 5.4. This is fixed in Debian testing (i.e. for Debian 12).

If Prosody complains about missing dependencies on your system when running with Lua 5.4, even though the dependencies appear to be installed, you may be encountering this problem. We recommend switching to an older Lua version such as 5.2 or 5.3 in this case.

Debian/Ubuntu Lua version agility

Starting with 0.12, the packages supplied by the Prosody team for Debian/Ubuntu systems support running with any compatible Lua version. To update the default Lua version for your system, run:

update-alternatives --config lua-interpreter

Changes

New in this release

Modules

Security and authentication

  • Unencrypted HTTP port (5280) restricted to loopback by default
  • require_encryption options default to ‘true’ if unspecified
  • Authentication module defaults to ‘internal_hashed’ if unspecified
  • SNI support (including automatic certificate selection)
  • ALPN support in mod_net_multiplex
  • DANE support in low-level network layer
  • Direct TLS support (c2s and s2s)
  • SCRAM-SHA-256
  • Direct TLS (including https) certificates are now updated on reload
  • Pluggable authorization providers (mod_authz_*)
  • Easy use of Mozilla TLS recommendations presets

HTTP

  • CORS handling now provided by mod_http
  • Built-in HTTP server now handles HEAD requests
  • Uploads can be handled incrementally

API

  • Module statuses (API change)
  • util.error for encapsulating errors
  • Promise based API for sending queries
  • API for adding periodic tasks
  • More APIs supporting ES6 Promises
  • Async can be used during shutdown

Other

  • Plugin installer
  • MUC presence broadcast controls
  • MUC: support for XEP-0421 occupant identifiers
  • prosodyctl check connectivity via observe.jabber.network
  • STUN/TURN server tests in prosodyctl check
  • libunbound for DNS queries
  • The POSIX poll() API used by server_epoll on *nix other than Linux

Changed in this release

  • Improved rules for mobile optimizations in mod_csi_simple
  • Improved rules for what messages should be archived in mod_mam
  • mod_limits: Support for exempt JIDs
  • mod_server_contact_info now loaded on components if enabled
  • Statistics now based on OpenMetrics
  • Statistics scheduling can be done by plugin
  • Offline messages aren’t sent to MAM clients
  • Archive quotas (maximum limit on items in an archive store)
  • Rewritten migrator with archive support
  • Improved automatic certificate locating and selecting
  • Logging to syslog no longer missing startup messages
  • Graceful shutdown sequence that closes ports first and waits for connections to close

Removed in this release

  • daemonize option deprecated
  • SASL DIGEST-MD5 removed
  • mod_auth_cyrus (older LDAP support)
  • Network backend server_select deprecated (not actually removed yet)