[jdev] Strophe 1.0.2 released
Jack Moffitt
jack at metajack.im
Sun Jun 19 14:55:42 UTC 2011
Hi all,
Strophe 1.0.2 has been released. Please consider upgrading immediately
as it contains a security fix affecting DIGEST-MD5 SASL
authentication.
All the downloads and documentation can be found at:
http://strophe.im/strophejs
Note that this website is brand new and should remain the permanent
home of the project. The old site at code.stanziq.com died with
Collecta, although it still redirects to the new home.
The full change log can be found here:
https://raw.github.com/metajack/strophejs/release-1.0.2/CHANGELOG.txt
I don't know of any exploits for the DIGEST-MD5 problem, but the fact
that the client nonce never changed on a particular browser is
probably not good. Thanks go to Julian Scheid for finding and
reporting this to me.
I went through most of the pull requests and applied them. There were
a handful that didn't make it due to the need for more review. I'll
get to these as soon as I can, but I think I got all the ones that fix
major bugs.
Please give it a whirl and let me know if you find anything I missed.
jack.
More information about the JDev
mailing list