By Simon Woodhead
Our old friend Sandro Gauci (Sipvicious author and all round SIP security guru) has written up an issue with the XMPP component of Jitsi Meet. Responsibly, it was reported to the awesome Jitsi team who patched the community Docker image, and Sandro got in touch with us last week to give us a heads up before posting his blog. He’s nice like that and our security and bug bounty had nothing to do with it 😉
The official Jitsi Meet demo is patched, the docker image is patched, and Simwood Meet is of course patched, and were before Sandro broke this issue publicly. Therein lies the beauty of open source and the community around it people.
Now, we know that Simwood Meet has inspired a number of people (we’re counting 12 in our direct network subsequent) to go out and spin up their own. Some have credited its open source origins which is right and proper, others shamelessly claimed to have “created it”. I include here a name who really should know better as the patron of open source projects! Well, they’ll all now need to invent Linux and Docker, then single-handedly with no help whatsoever from anyone, fix it. Or they can update the community image so selflessly offered, and one might think learn a lesson or two in give and take!
Anyway, rant aside, whilst the Docker image is great for running a local meeting or two, we don’t use it. Instead we have broken out the various components in order to understand and scale it properly as well as, you know, add some value. We talked more about this in “Building scalable video conferencing“.
Thanks Jitsi team, thanks Sandro, and thanks to all those who make our community awesome.