ejabberd 17.07 includes an important security fix. Except this fix, the release is completely equivalent to 17.06. If you run any version from 17.03 to 17.06, it’s possible to consume all available ports regardless of ERL_MAX_PORTS. You should upgrade to 17.07 as soon as possible if you are running a public server.
Please, note that the security of users, data, conversation, etc. is not at stake. Data / privacy is safe.
Users of ejabberd Business Edition and ejabberd SaaS are safe and have nothing to do as the issue was not in those code base.
- Close accepted socket if sockname/peername has failed
As usual, the release is tagged in the Git source code repository on Github.
The source package and binary installers are available at ejabberd XMPP & MQTT server download page.
If you suspect that you’ve found a bug, please search or fill a bug report on Github.