From the release notes:
https://blog.prosody.im/prosody-0.11.8-released/
This release also fixes a security issue, where channel binding, which
connects the authentication layer (i.e. SASL) with the security layer (i.e.
TLS) to detect man-in-the-middle attacks, could be used on connections
encrypted with TLS 1.3, despite the holy texts declaring this undefined.
https://issues.prosody.im/1542
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: mark as security bump, expand commit text]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
9aba85e3f5