util.roles: Return nil if the role has no explicit policy (fixes inheritance) Previously, if the first inherited role had no opinion, it returned false and prevented further consultation of other inherited roles. This bug was found thanks to the implementation of missing test cases identified through mutation testing.

mod_smacks: Change boolean attribute from '1' to 'true' for compatibility Conversations 2.10.10 and earlier expect this to be literally 'true' and don't recognise '1'. This leads to it not attempting resumption with Prosody at all since this change was introduced in 36ba170c4fd0. Thanks to Zash for noticing, debugging and diagnosing this issue. This issue is fixed in Conversations commit 052c58f3 (unreleased at the time of writing).

util.iterators: join: Work even with only a single iterator in the chain

mod_tokenauth: Remove expired tokens from storage

mod_tokenauth: Invalidate tokens issued before most recent password change This is a security improvement, to ensure that sessions authenticated using a token (note: not currently possible in stock Prosody) are invalidated just like password-authenticated sessions are.

prosodyctl: check turn: More clearly indicate the error is from TURN server

mod_authz_internal: Fix warning due to global use Thanks Menel and Martin

Backed out changeset 1bc2220cd6ec The use of the error helpers creates an `<error/>` child element containing the error condition. This is however not allowed as per XEP-0198, which specifies that the error condition is to be a direct child of the `<failed/>` stream management element. This has triggered a fun reconnect loop in aioxmpp where it was reported by a user [1]. [1]: https://github.com/horazont/aioxmpp/issues/382

util.jwt: More robust ECDSA signature parsing, fail early on unexpected length

util.crypto: Fix tests Found this number in a hat. Sleepy time. Good night.