mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-01 20:27:39 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
Prosody is a modern XMPP communication server http://prosody.im
9917 commits 12 branches 100 tags 40 MiB
Find a file
Jonas Schäfer 23a43df6fb util.xml: Do not allow doctypes, comments or processing instructions 
Yes. This is as bad as it sounds. CVE pending.

In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.

This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.

This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
2022-01-10 18:23:54 +01:00
certs Add makefiles compatible with BSD make 2018-03-11 06:01:19 +01:00
core certmanager: Disable renegotiation by default 2021-05-11 14:14:15 +01:00
doc doc/net.server.lua: Not an actual source file, instruct luacheck to ignore it 2018-09-12 14:27:01 +01:00
fallbacks fallbacks.bit: remove unused one-letter loop variables [luacheck] 2016-07-14 18:40:43 +08:00
man man prosodyctl: Highlight subcommands 2017-10-23 12:46:11 +02:00
net net.server_epoll: Process all queued events from epoll before timers 2021-10-21 15:59:16 +02:00
plugins mod_pep: Wipe pubsub service on user deletion 2021-11-04 01:00:06 +01:00
spec util.xml: Do not allow doctypes, comments or processing instructions 2022-01-10 18:23:54 +01:00
tools tools: Add a tool to generate net.http.codes from IANA registry 2018-02-08 17:35:42 +01:00
util util.xml: Do not allow doctypes, comments or processing instructions 2022-01-10 18:23:54 +01:00
util-src util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp) 2021-05-10 16:24:54 +01:00
.busted Fix storage tests so they run, but not by default 2018-10-01 20:21:26 +01:00
.hgignore hgignore: Stop ignoring *.report, these are no longer created since switching to busted 2017-10-22 14:39:59 +02:00
.luacheckrc mod_net_multiplex: Remove exception from luacheck 2018-10-10 21:55:58 +02:00
.luacov .luacov: Add config for luacov, exclude spec/ 2018-10-11 10:39:11 +01:00
AUTHORS AUTHORS: A small update... 2013-03-31 13:43:12 +01:00
CHANGES CHANGES: Update with release date 2018-11-18 14:52:53 +00:00
configure configure: Handle lua being found in /bin (workaround for #1353) 2019-05-04 22:48:59 +02:00
COPYING COPYING: Reflow the all-caps text. It was wrapping really badly in the Windows installer. 2011-06-05 01:52:48 +05:00
DEPENDS DEPENDS: Change link to https 2017-12-05 11:59:43 +01:00
GNUmakefile make coverage: Allow overriding path to busted 2018-10-03 16:41:37 +02:00
HACKERS Update every link to the documentation to use HTTPS 2016-04-16 21:08:05 +01:00
INSTALL Update every link to the documentation to use HTTPS 2016-04-16 21:08:05 +01:00
makefile makefile: fix prosody.version target 2021-08-15 04:10:36 +00:00
prosody prosody/util.startup: Switch to parse_args() for --root and --config 2020-01-19 15:27:16 +00:00
prosody.cfg.lua.dist prosody.cfg.lua.dist: Enable rate limits by default 2021-05-11 14:17:12 +01:00
prosodyctl prosodyctl: Fix later import of LuaFileSystem 2021-09-11 22:26:50 +02:00
README Update every link to the documentation to use HTTPS 2016-04-16 21:08:05 +01:00
TODO TODO: Remove 0.9 2013-03-31 13:45:57 +01:00

README 

# Prosody IM Server

## Description

Prosody is a server for Jabber/XMPP written in Lua. It aims to be easy 
to use and light on resources. For developers, it aims to give a 
flexible system on which to rapidly develop added functionality or 
rapidly prototype new protocols.

## Useful links

Homepage:        https://prosody.im/
Download:        https://prosody.im/download
Documentation:   https://prosody.im/doc/

Jabber/XMPP Chat:
               Address:
                 prosody@conference.prosody.im
               Web interface:
                 https://prosody.im/webchat
               
Mailing lists:
               User support and discussion:
                 https://groups.google.com/group/prosody-users
               
               Development discussion:
                 https://groups.google.com/group/prosody-dev
               
               Issue tracker changes:
                 https://groups.google.com/group/prosody-issues

## Installation

See the accompanying INSTALL file for help on building Prosody from source. Alternatively 
see our guide at https://prosody.im/doc/install