CVE-2022-0217 Prosody library does not properly restrict XML features in parsed data.

libexpat has been upgraded to the version 1.0.6, and libexpat 1.0.6 is now required to prevent these issues.

An update to the Prosody to version 3.0.2 was made to fix an XSS issue in the template handling code.
To update Prosody or install a new installation, see the installation guide.

An update to the internal Prosody library was made to fix a potential for XSS attacks. The internal library is used by the core Prosody code. This was made by updating the internal library to version 3.0.2 (released 28th of April).To update Prosody or install a new installation, see the installation guide.

End-to-end encryption of messages is now enabled by default.

An issue where the recipient of a private message could see the sender’s full name and contact details has been fixed.

An issue with the automatic generation of OpenPGP signatures in some cases has been fixed.
In case you used the autogenerated signature, you need to regenerate it manually (right click on the message, click on ‘Properties’ and ‘OpenPGP’).

An issue where some users who used an older version of Prosody with a certain security patch level, were unable to receive notifications has been fixed.

An issue where notifications received from external services were missing recipients has been fixed.

What to do in case of a Prosody failure?

In case of a failure, you can use the following command to start Prosody:

service prosody restart
If the issue is caused by an incorrect configuration, this may also help:

service prosody stop && service prosody start

Upgrade to the latest version

The latest version of Prosody is 3.0.2 which has been released on the 28th of April 2018 and fixes these issues. To upgrade from a previous version, run prosodyctl stop --restart , then prosodyctl start .To update Prosody or install a new installation, see the installation guide.

To prevent these kinds of issues, it's important that you upgrade to the latest version of Prosody and follow best practices in your own digital marketing strategy.

This blog post discusses how to avoid the 5 most common mistakes when outsourcing SEO to an SEO firm or freelancer. First, there are many strategies that companies can use with their ads on social media platforms like Facebook. Next, it's easy for companies to target their ideal audience by using information about their audience and using that information to shape their digital marketing campaigns.

Version number update

This version update has been made to fix a potential for XSS attacks. The internal library is used by the core Prosody code. This was made by updating the internal library to version 3.0.2 (released 28th of April).To update Prosody or install a new installation, see the installation guide.

An issue with the automatic generation of OpenPGP signatures in some cases has been fixed.In case you used the autogenerated signature, you need to regenerate it manually (right click on the message, click on ‘Properties’ and ‘OpenPGP’).

What to do in case of Prosody notifications not arriving

This issue is caused by the Prosody core not updating to the latest version.

To update a Proody installation, please follow these steps:
1. Remove all current Prosody packages from your system
2. Change the version of your installed Prosody with this command in a terminal:
sudo prosodyctl stop
3. Install the new update and restart Prosody with this command in a terminal:
sudo prosodyctl start

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe