F-Droid security update

Last week, Snikket Android users who installed the Snikket app via F-Droid started receiving a warning that it contained a security vulnerability. This wasn’t entirely accurate, as the problem wasn’t with the Snikket app itself but specifically F-Droid’s own build of the app that was using an outdated version of the WebRTC library.

As of today, F-Droid have published a new build (2.10.3) of the Snikket app that now uses an up-to-date version of the WebRTC component. The new WebRTC was built by us and published to Maven Central, one of the sources that F-Droid trusts for certain pre-built dependencies.

Like many communication apps, Snikket uses WebRTC for audio and video calls. We’ve been working on finding a way for F-Droid to build Snikket with a more up-to-date version of the WebRTC library that meets the constraints of their build processes and policies. We’re happy that this work has paid off!

Notes on the F-Droid security warning

Update 2022-12-11: A new update (2.10.3) is has been published, and the security warning should clear after installing this update.

Snikket Android users who installed the app via F-Droid may receive a warning from F-Droid telling them that the app has a vulnerability and that they “recommend uninstalling immediately”. First of all - don’t panic! This is a over-simplified generic warning that is scary, but the actual situation is not quite so scary and has an explanation. Here goes…

Server updates for ARM systems

We have a couple of important announcements relevant to people running the Snikket server software on ARM devices, including Raspberry Pi.

January 2022 server release

Welcome to 2022! We have published a new release of the Snikket server with support for account import/export, improved resource monitoring, and more.

Snikket Server - 2022-01-13 security release

Snikket Server - 2022-01-13 security release

A security flaw has been found and fixed in a core component of the Snikket server software, Prosody. A fix has been released today, and it is recommended that everyone upgrades as soon as possible to receive the fix.

The flaw would allow an attacker to trigger the Snikket server to consume extreme amounts of resources (CPU and RAM), resulting in a denial of service.

November 2021 server release

We’re pleased to introduce a new release of the Snikket server, with file sharing improvements, iOS support, and more.

Snikket iOS app now publicly released

After some time in beta, we’re excited to finally announce the public release of Snikket for iOS!

Improving Snikket’s usability in collaboration with Simply Secure

Thanks to funding from the Open Technology Fund’s Usability Lab, we are starting a collaboration with Simply Secure, experts in UI/UX design for apps specializing in privacy, security and transparency.

May 2021 server release

We’re pleased to introduce a new release of the Snikket server, with security enhancements, user role management, and other changes.

XMPP Account Portability funded by NGI DAPSI

We have some exciting news to share! An important piece of the Snikket roadmap has been selected for funding by NGI DAPSI, an EU-funded project focused on data portability and services.