Snikket Blog

News, announcements and thoughts from the Snikket team

Snikket Server - January 2024 release

by The Snikket Team.

We just released a new update of Snikket Server. Read on to find out what’s new…

Read more...

On the jabber.ru MITM attack

by The Snikket Team.

Reports of a possible recent interception of the public XMPP service jabber.ru have raised a lot of questions for people about how the attack happened, and whether it could affect them too. We have some answers.

Read more...

State of Snikket 2023: Funding

by The Snikket Team.

A look at the various ways work on Snikket is funded - past, present and future.

Read more...

State of Snikket 2023: The Apps

by The Snikket Team.

An overview of what’s going on in Snikket app development.

Read more...

State of Snikket 2023

by The Snikket Team.

An overdue catch-up!

Read more...

F-Droid security update

by Matthew Wild.

Last week, Snikket Android users who installed the Snikket app via F-Droid started receiving a warning that it contained a security vulnerability. This wasn’t entirely accurate, as the problem wasn’t with the Snikket app itself but specifically F-Droid’s own build of the app that was using an outdated version of the WebRTC library.

As of today, F-Droid have published a new build (2.10.3) of the Snikket app that now uses an up-to-date version of the WebRTC component. The new WebRTC was built by us and published to Maven Central, one of the sources that F-Droid trusts for certain pre-built dependencies.

Like many communication apps, Snikket uses WebRTC for audio and video calls. We’ve been working on finding a way for F-Droid to build Snikket with a more up-to-date version of the WebRTC library that meets the constraints of their build processes and policies. We’re happy that this work has paid off!

Read more...

Notes on the F-Droid security warning

by Matthew Wild.

Update 2022-12-11: A new update (2.10.3) is has been published, and the security warning should clear after installing this update.

Snikket Android users who installed the app via F-Droid may receive a warning from F-Droid telling them that the app has a vulnerability and that they “recommend uninstalling immediately”. First of all - don’t panic! This is a over-simplified generic warning that is scary, but the actual situation is not quite so scary and has an explanation. Here goes…

Read more...

Server updates for ARM systems

by Snikket Team.

We have a couple of important announcements relevant to people running the Snikket server software on ARM devices, including Raspberry Pi.

Read more...

January 2022 server release

by Snikket Team.

Welcome to 2022! We have published a new release of the Snikket server with support for account import/export, improved resource monitoring, and more.

Read more...

Snikket Server - 2022-01-13 security release

by Matthew Wild.

Snikket Server - 2022-01-13 security release A security flaw has been found and fixed in a core component of the Snikket server software, Prosody. A fix has been released today, and it is recommended that everyone upgrades as soon as possible to receive the fix. The flaw would allow an attacker to trigger the Snikket server to consume extreme amounts of resources (CPU and RAM), resulting in a denial of service.

Read more...

Snikket Blog

Feed

Subscribe to our RSS feed for the latest updates from the Snikket project!

Recent Posts

Donate

This open-source project runs on external funding. If you like what we’re doing, consider donating!