Weiss

**Name of the Vulnerable Software and Affected Versions** ejabberd versions prior to 2.1.13 **Description** The issue causes clients to establish connections without encryption when compression is used, due to the failure to enforce the starttls required setting. **Recommendations** For versions prior to 2.1.13, update to version 2.1.13 or later to resolve the issue. As a temporary workaround, consider disabling compression until a patch is available. Restrict access to unencrypted connections to minimize the risk of exploitation.