From 811a424c034d3a6c3a9467cd44ddf6b9393d69b9 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 28 May 2013 11:44:53 +0100 Subject: [PATCH 2/4] NEWS: update and describe configuration changes for fd.o #65036 --- NEWS | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/NEWS b/NEWS index 5cd2165..4d3ffde 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,24 @@ +telepathy-gabble 0.16.6 (UNRELEASED) +==================================== + +This release fixes a man-in-the-middle attack. You should upgrade. + +If you use an unencrypted connection to a "legacy Jabber" (pre-XMPP) +server, this version of Gabble will not connect until you make +one of these configuration changes: + +• upgrade the server software to something that supports XMPP 1.0; or +• use an encrypted "old SSL" connection, typically on port 5223 (old-ssl); or +• turn off "Encryption required (TLS/SSL)" (require-encryption) + +Fixes: + +• fd.o #65036: update Wocky to respect the tls-required flag on + legacy Jabber servers (Simon) + +• fd.o #63119: improve regression tests' isolation from the session bus + (Simon) + telepathy-gabble 0.16.5 (2013-03-01) ==================================== -- 1.7.10.4