Congrats on the release Jack!<div>Have you had a little time to look at our branch where we propose a split between the XMPP parts and the Bosh parts, so that, maybe we could use other underlying protocols, like websockets and/or <a href="http://socket.io">socket.io</a> or even a regular TCP socket (which would allow for use in node.js!).</div>
<div><br></div><div>Let me know,</div><div>Julien<br>
<br><br><div class="gmail_quote">On Sun, Jun 19, 2011 at 4:55 PM, Jack Moffitt <span dir="ltr"><<a href="mailto:jack@metajack.im">jack@metajack.im</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi all,<br>
<br>
Strophe 1.0.2 has been released. Please consider upgrading immediately<br>
as it contains a security fix affecting DIGEST-MD5 SASL<br>
authentication.<br>
<br>
All the downloads and documentation can be found at:<br>
<a href="http://strophe.im/strophejs" target="_blank">http://strophe.im/strophejs</a><br>
<br>
Note that this website is brand new and should remain the permanent<br>
home of the project. The old site at <a href="http://code.stanziq.com" target="_blank">code.stanziq.com</a> died with<br>
Collecta, although it still redirects to the new home.<br>
<br>
The full change log can be found here:<br>
<a href="https://raw.github.com/metajack/strophejs/release-1.0.2/CHANGELOG.txt" target="_blank">https://raw.github.com/metajack/strophejs/release-1.0.2/CHANGELOG.txt</a><br>
<br>
I don't know of any exploits for the DIGEST-MD5 problem, but the fact<br>
that the client nonce never changed on a particular browser is<br>
probably not good. Thanks go to Julian Scheid for finding and<br>
reporting this to me.<br>
<br>
I went through most of the pull requests and applied them. There were<br>
a handful that didn't make it due to the need for more review. I'll<br>
get to these as soon as I can, but I think I got all the ones that fix<br>
major bugs.<br>
<br>
Please give it a whirl and let me know if you find anything I missed.<br>
<br>
jack.<br>
_______________________________________________<br>
JDev mailing list<br>
Info: <a href="http://mail.jabber.org/mailman/listinfo/jdev" target="_blank">http://mail.jabber.org/mailman/listinfo/jdev</a><br>
Unsubscribe: <a href="mailto:JDev-unsubscribe@jabber.org">JDev-unsubscribe@jabber.org</a><br>
_______________________________________________<br>
</blockquote></div><br></div>