XMPP Newsletter, 01 Oct 2019, FOSDEM 2020, modernization of XMPP, peer networks
Welcome to the XMPP newsletter covering the month of September.
New this month: we've made explicit that this newsletter can be shared and adapted as defined by the CC by-sa 4.0 license, and we've added the credits as this is a community effort.
Be kind, inform your friends and colleagues: forward this newsletter!
Please submit your XMPP/Jabber articles, tutorials or blog posts on our wiki.
Ralph Meijer, chairman of the Board of Directors of the XSF, has written an introductory piece about "XMPP Message Attaching, Fastening, References", specifications currently in progress.
In case of internet shut down, whether by disaster or voluntarily, peer networks are useful. Monal uses Airdrop (wifi and bluetooth) along with XMPP and OMEMO end-to-end encryption.
JabberFr, the French XMPP/Jabber community, has again translated the XMPP newsletter in French, merci beaucoup.
We have started a very minimalistic communication guide to help promoting a project through social networks and other means such as blog posts. Could be valuable for those involved in XMPP projects and would like to get ideas on how to reach out to different communities.
As usual every year, that time has come: we proudly announce the XMPP Summit 24 and the XSF participation to FOSDEM. The 24th XMPP Summit will happen on Thursday 30th and Friday 31st of January, and FOSDEM will be held on Saturday 1st and Sunday 2nd of February. Prepare for the community gathering; now is a good time to start booking your flights!
Réda Housni Alaoui is reviving the formerly dormant Vysper XMPP server (pronounced as "whisper").
Xabber Server v.0.9 alpha is released, with quick installation and management panel and interesting innovations.
MongooseIM 3.4.1 is out now with an important security upgrade, fixing a vulnerability that allowed any logged in user to crash the node with malicious stanza on certain (but popular) configurations. Read the whole thread on Twitter for more information.
The igniterealtime community has a lot of news:
- Openfire 4.4.2: "This release should better support server to server (s2s) connections, fix a few admin console XSS-style issues, and improve client session stability."
- The Fastpath Service plugin has been released in versions 4.4.4 and 4.4.5, bringing support for managed queued chat requests, such as a support team might use.
- Search plugin 1.7.3: "This update adds protection against CSRF and XSS attacks."
- Monitoring Service plugin 1.8.1: "This hotfix update adds protection against XSS attacks on Archiving Settings page."
Jérôme Sautret, from ProcessOne, has announced ejabberd 19.09, that brings improved automatic certificate management stack.
The Prosody team have just released a new update to their stable branch, Prosody 0.11.3 which includes performance and compatibility improvements among other fixes.
Clients and applications
Multiple vulnerabilities have been found in Dino, please update as soon as possible if you are a Dino user.
Converse has been released in versions 5.0.2 and 5.0.3 fixing security issues among others. Converse users may find useful the new plugin to verify HTTP Requests via XMPP from Agayon. For developers, there is a Converse Docker image by odajay.
Monal 4 with iOS 13 support and dark mode is out. Mac update is expected to be released for October.
Christopher Muclumbus, a listing and search engine of public XMPP chats, has been updated with a visual redesign, group chat avatars, link to anonymous web chat and logs if available, and software version pie chart.
Extensions and specifications
This month, there were three proposed XEPs, and two updated. No XEPs in Last Call, New, or Obsoleted.
Abstract: This specification defines a way for payloads on a message to be marked as being logically fastened to a previous message.
XMPP Compliance Suites 2020
Abstract: This document defines XMPP protocol compliance levels.
Abstract: This document defines an XMPP protocol extension for issuing authentication tokens to client applications and provides methods for managing сlient connections.
- Version 0.13.1 of XEP-0280 (Message Carbons) has been released. Changelog: Add clear example on problematic (spoofed) carbon messages and that they need to be handled. (gl). URL: https://xmpp.org/extensions/xep-0280.html
- Version 1.16.0 of XEP-0060 (Publish-Subscribe) has been released. Changelog:Add a pubsub#rsm disco#info feature to clear confusion (edhelas). URL: https://xmpp.org/extensions/xep-0060.html
See you in November!
This XMPP Newsletter is a community collaborative effort. Thanks to Nÿco, Daniel, Jwi, and MDosch for aggregating the news. Thanks Nÿco, Seve, Jwi, and Matt for the copywriting. Thanks Guus, Seve, Jonas for the reviews.
Please follow and relay the XMPP news on our Twitter account @xmpp.
This newsletter is published under the CC by-sa license: https://creativecommons.org/licenses/by-sa/4.0/