Openfire Changelog

4.2.0 Beta -- Nov 17, 2017

Sub-task

[OF-210] - Add support for Roster Versioning (aka XEP-0237)
[OF-548] - Find maven-managed artifacts to replace third-party libraries.
[OF-549] - Create "XMMP Server" module
[OF-552] - Create "Webadmin" module
[OF-553] - Create distribution module(s).
[OF-554] - Create parent plugin module
[OF-555] - Create plugin modules

Bug

[OF-394] - Shouldn't show an exception when creating room with illegal characters in JID
[OF-1134] - JustMarried: Allow roster alias to be changed
[OF-1145] - Avatar Resizer plugin issues when using LdapVCardProvider
[OF-1159] - System Property Encryption is not cluster aware
[OF-1193] - Avatar resizer plugin: ClassNotFoundException
[OF-1208] - Option to block anonymous logins from sending s2s packets
[OF-1250] - Old DWR causes CSRF, XSS in Admin Console
[OF-1262] - Error message for failed login on admin console contains moderator verbage
[OF-1308] - Openfire not closing stream gracefully with </stream:stream>
[OF-1309] - S2S communication on wrong stream
[OF-1329] - Session fixation in admin web console
[OF-1335] - Forwarded messages rewritten to default namespace over S2S
[OF-1366] - NullPointerException in Group lookup
[OF-1384] - Disco-item handler should process any domain
[OF-1393] - OpenFire randomString has too many digits
[OF-1400] - XSS in server name field
[OF-1401] - SMS error message handling doesn't escape content correctly
[OF-1403] - Muc admin doesn't escape group names correctly
[OF-1417] - CVE-2017-15911 XSS with domain in setup-host-settings.jsp
[OF-1422] - MUC Nick Sharing can cause rejoin to fail
[OF-1423] - Websocket message size is restricted to 65536
[OF-1424] - CME while calculating Group Cache stats
[OF-1429] - Closed BOSH sessions are still on admin console as client sessions

New Feature

[OF-35] - Create an admin console for pubsub
[OF-159] - Add an s2s testing feature
[OF-1336] - User Property Provider
[OF-1353] - Introduce 'priorToServerVersion' for plugins
[OF-1402] - XEP-0198 Resumption for Client Sessions

Task

[OF-1316] - Update Tinder to 1.3.0
[OF-1320] - Update bundled JRE with the latest version
[OF-1339] - Merge websocket plugin with core
[OF-1380] - all.log should be exposed via Openfire Admin Console
[OF-1411] - Update bundled JRE with the latest version
[OF-1428] - Remove deprecated Clustering plugin

Improvement

[OF-200] - In user summary, display "currently logged in" instead of blank in last logout column
[OF-1030] - Monitoring Service plugin Search Archive Date Range field validation
[OF-1256] - Display the current clustering status on the admin screens
[OF-1306] - Cache LDAP UserDN searches
[OF-1313] - Add protection for Cross-Site Request Forgery in MoTD plugin
[OF-1314] - Add the ability to disabled delayed delivery (XEP-203)
[OF-1317] - Update dom4j from 1.6.1 to 2.0.0
[OF-1328] - Update JSTUN library in stunserver plugin
[OF-1368] - Add an informational message during failed login
[OF-1370] - inVerse plugin: hide registration tab when appropriate.
[OF-1373] - Check for changes in keystores
[OF-1379] - Packet interceptors should trigger on error response when s2s fails
[OF-1391] - Update bundled postgresql JDBC Driver to 42.1.4
[OF-1408] - Display cache expiry times, entry, hit and miss counts on the Cache Summary page
[OF-1409] - Audit clearing of caches
[OF-1410] - Allow openfire.bat to start in other folders
[OF-1415] - Simplify certificate management
[OF-1418] - LDAPManager reports UserNotFoundException unnecessarily
[OF-1425] - Allow plugins to define a minimum Java version

4.1.6 -- Oct 5, 2017

Sub-task

[OF-1020] - Admin Console Remote File Inclusion (RFI) Vulnerability

Bug

[OF-1304] - SQL syntax error with monitoring plugin IQ Query Handler
[OF-1362] - Websocket plugin fails when trying to use connection configuration
[OF-1363] - NPE when displaying properties for non-existing user
[OF-1366] - NullPointerException in Group lookup
[OF-1374] - Pubsub publish NullPointerException
[OF-1381] - User enumeration possible by SCRAM

New Feature

[OF-1354] - Add option to Client Control plugin to disable Start a chat in Spark

Task

[OF-1320] - Update bundled JRE with the latest version

Improvement

[OF-1340] - Create x64 Windows Installer
[OF-1349] - Create separate Windows installer with and without JRE
[OF-1359] - Elevate webclients to top level menu in openfire admin UI
[OF-1360] - Update inVerse plugin to match upstream Converse 3.1.0 release.
[OF-1365] - Some caches should not be purgeable.
[OF-1367] - BOSH URL should be based on FQDN, not XMPP domain.
[OF-1369] - Don't advertise in-band registration for read-only user providers

4.1.5 -- Jun 30, 2017

Bug

[OF-1310] - Can`t delete last item of the pubsub node
[OF-1327] - Should not compare incomparable types
[OF-1330] - Can't enable database query statistics on the admin console
[OF-1332] - Update bundled MySQL driver to fix utf8mb4 databases
[OF-1334] - Monitoring Plugin displays "Archive index rebuild failed"
[OF-1348] - AuthBased*Provider try to use SortedSet without Comparable items
[OF-1355] - UserImportExport plugin: import should not fail when optional config is missing

Task

[OF-1343] - Update install guide about the automatic service installation

Improvement

[OF-1277] - Change setting name to Invisible Login and Status
[OF-1325] - Implement separate History settings in Client Control
[OF-1326] - Allow BOSH context to be re-used.
[OF-1338] - Minimum server version restrictions should ignore release status identifier
[OF-1341] - Windows Launcher requires to run "as administrator"
[OF-1342] - Remove "Run Openfire" from the final step of the installer
[OF-1347] - Group settings update
[OF-1350] - Be less strict when setting a password on a MUC room
[OF-1351] - Parse 'release' number
[OF-1352] - Plugin version number should not wrap

4.1.4 -- May 4, 2017

Bug

[OF-119] - Ldap issue (search filter and '@' encoding) [patch]
[OF-1272] - DBAccess plugin XSS
[OF-1273] - Javadoc will not build in Docker
[OF-1305] - Openfire doesn't load user names with multi-byte characters from LDAP/AD
[OF-1322] - EXTERNAL is always offered for C2S sessions

Task

[OF-1319] - Update bundled JRE with the latest version

Improvement

[OF-1292] - NPE in Admin Console when cancelling creating a new room
[OF-1295] - Add information about windows service into Upgrade Guide
[OF-1297] - Add another note about UAC to the documentation
[OF-1301] - Don't fail when default value for FQDN cannot be resolved.
[OF-1311] - Store a list as a property value.
[OF-1312] - Allow SASL mechanisms to be configured through the admin console.
[OF-1321] - Prevent stacktrace when using admin console with stale session.
[OF-1324] - OutgoingSessionPromise outgoing queue should be limited

4.1.3 -- Feb 24, 2017

Bug

[OF-1263] - Contact List sharing shows stale data
[OF-1269] - Admin Console shows wrong group affiliation information for some users

4.1.2 -- Feb 18, 2017

Bug

[OF-1195] - JDBCAuthProvider does not play nice with SCRAM
[OF-1271] - MUC History doesn't replay copy complex elements correctly after restart
[OF-1278] - Recursive Loop in SCRAM salt generation
[OF-1280] - Wrong ADD COLUMN syntax for Oracle Upgrade Scripts
[OF-1282] - Setting TLS_CERTIFICATE_VERIFY false does not properly work
[OF-1291] - MAM not advertised on chatrooms

Task

[OF-1270] - Remove obsolete information and update links in the Readme
[OF-1281] - Update installation package with the latest Java JRE

Improvement

[OF-1275] - Openfire is unable to connect to LDAPS when using TLSv1.1 or TSLv1.2
[OF-1288] - Monitoring plugin does not add queryid and id to MAM responses
[OF-1289] - Openfire should load jars in a predictable order
[OF-1290] - Stack Overflow in SASL EXTERNAL auth

4.1.1 -- Dec 31, 2016

Bug

[OF-1253] - Due to initial mysql schema failure, a new install will ask for current admin password and fail due to non-existent schema
[OF-1254] - Database update scripts for 25 set version 24
[OF-1255] - Invalid SQL syntax in Mysql installation script.
[OF-1257] - SQLServer syntax error java.sql.SQLException: Incorrect syntax near the keyword 'COLUMN'.
[OF-1260] - ClientControl plugin: Improve CSRF error message

New Feature

[OF-1258] - Add an option to Client Control plugin to disable Anonymous login in Spark

Improvement

[OF-1259] - Migrate XML property 'xmpp.fqdn'

4.1.0 -- Dec 21, 2016

Sub-task

[OF-777] - Admin Console Cross Site Request Forgery (CSRF) Vulnerability
[OF-836] - Multiple Reflected XSS Vulnerabilities in Admin Console
[OF-845] - XSS vulnerability in Monitoring Service pages in Admin Console
[OF-941] - CVE-2015-7707 Admin Console Privilege Escalation Vulnerability
[OF-997] - Admin Console: Frameable Response (potential Clickjacking)
[OF-1018] - The “alias” field on the Trust Store Import Form permits entry of JavaScript
[OF-1019] - Admin Cross Site Scripting (XSS) Vulnerabilities
[OF-1252] - Log null cache stores

Bug

[OF-355] - ldap.authorizeField property is ignored in LdapAuthorizationPolicy
[OF-477] - SASL server in OF creates digest-uri based on xmpp.fqdn but it sends xmpp.domain to the client
[OF-817] - ofMucConversationLog only persists body of groupchat stanzas
[OF-867] - Inconsistent use of keys in groupMetaCache
[OF-927] - Pressing enter should trigger Continue button on admin password setup page
[OF-942] - CVE-2015-6972 CVE-2015-6973 Admin Console Security Improvements
[OF-1013] - Setting StartTLS policy for S2S has no effect
[OF-1040] - Banning users from room does not result in proper exit
[OF-1041] - Using AD specific attribute breaks OpenLDAP support
[OF-1042] - NPE in stanza handler (after failed TLS?)
[OF-1045] - NPE with cluster management if cluster has not been started
[OF-1046] - Error 503 emitted sending update notifications to offline admins that are over offline storage quota
[OF-1051] - ConcurrentModificationException in PluginManager
[OF-1053] - i18n params fail when text has apostrophe
[OF-1054] - IllegalStateException when destroying MUC room prevents unavailable broadcast to be sent
[OF-1061] - MUC history and room subject are sent in wrong order
[OF-1063] - Avoid thread pool startvation under load
[OF-1079] - Database migration script for oracle has wrong syntax in v22
[OF-1081] - StartTLS policy 'required' ignored for S2S
[OF-1082] - Fix unicode read on BOSH
[OF-1083] - Cannot join room in a cluster after an availability update
[OF-1087] - Monitoring plugin gives invalid responses
[OF-1090] - Outcasts should not be allowed to register with room
[OF-1091] - Set affiliation to 'none' after removing registration from room
[OF-1093] - Prevent NPE on Admin Console user listing when user has no creationDate
[OF-1100] - SSL Certificate import should be more forgiving
[OF-1103] - Stun server plugin is not showing saved configuration
[OF-1104] - Scram support bypasses AuthProvider
[OF-1105] - Plugin-registered servlets won't work with uppercase characters in path
[OF-1116] - Java 7 incompatibility
[OF-1122] - GSSAPI fails
[OF-1126] - AbstractGroupProvider hides exception from interface definition
[OF-1129] - Setup truncates LDAP password to 30 characters
[OF-1132] - Monitoring plugin does not add namespace
[OF-1146] - LocalMUCRoom.addParticipant no longer works
[OF-1156] - Cache implementations should have consistent behavior regarding null keys
[OF-1167] - Fresh installation asks for a current password
[OF-1171] - Update message routing to RFC 6120
[OF-1173] - Add EXTERNAL to the list of default SASL mechanisms
[OF-1175] - noarch RPM should explicitly require jre-headless >= 7
[OF-1188] - Blacklisted s2s domain still consumes outbound available threads
[OF-1203] - Concurrency issues during plugin load/unload
[OF-1204] - When unloading a parent plugin, all children should be unloaded.
[OF-1206] - PrivacyManager does not share data between instances.
[OF-1207] - NullPointException in LocalMUCRoom canSendPrivateMessage
[OF-1212] - Monitoring plugin usage of LONG column type for Oracle
[OF-1213] - Add extension points to MUC
[OF-1220] - Allow logins with non-latin usernames
[OF-1228] - First startup emits NPE for AdminConsolePlugin HTTPS
[OF-1229] - [HSQL] PubSubPersistenceManager - statement is not in batch mode
[OF-1230] - Fastpath Service plugin not working
[OF-1233] - Incoming stream open response always contains IM domain
[OF-1236] - SASL code does not generate/handle equals sign properly in all cases
[OF-1239] - NPE in MultiUserChatServiceImpl#process(IQ) with null iqHandlers
[OF-1240] - Empty nicknames allowed even when MUC requires registration
[OF-1245] - Openfire fails to parse the subject alternate name of certs it generated itself.
[OF-1247] - Monitoring plugin database script fails

New Feature

[OF-190] - RFE: show openfire process owner on admin console
[OF-862] - Add support for XEP-313: Message Archive Management
[OF-1139] - User-to-Provider mapped User and AuthProvider
[OF-1197] - Support XEP-0227 Portable Import/Export Format for XMPP-IM Servers
[OF-1199] - Allow list of admins to be defined through JDBC.
[OF-1214] - Update MAM (XEP-0313) to support :0 and :1 versions
[OF-1225] - Add Russian translation for Search plugin
[OF-1232] - Fastpath now has JiveSharedSecretSaslServer requirement found in 4.1 Openfire
[OF-1246] - Support MAM (XEP-0313) for MUC (XEP-0045)

Task

[OF-1217] - Update install4j config file to match current release schema

Improvement

[OF-512] - Configurable host/IP for file transfers (streamhost / port 7777)
[OF-955] - Update HSQLDB to the latest version
[OF-1037] - Split bookmark from clientcontrol
[OF-1048] - Should not store chat state messages
[OF-1049] - Improve Certificate Store Management
[OF-1055] - Remove exclamation mark from the Search button
[OF-1056] - Have proper drop-in replacement for commons-logging
[OF-1057] - Upgrade Jetty to latest patch release of its 9.2 branch.
[OF-1085] - Allows dynamic setting of disco info handler and disco items handler
[OF-1088] - Update Chinese Simplified translation
[OF-1089] - XEP-0313: send IQ result only after messages
[OF-1092] - Allow SASL mechanisms to be plugged in
[OF-1094] - Allow UserProvider to be reset to default
[OF-1095] - Have uniform logging of plugin lifecycle
[OF-1096] - Update log4j to its latest release.
[OF-1097] - Make jabber:iq:auth (XEP-0078) optional
[OF-1098] - Anonymous authentication should not be enabled by default.
[OF-1111] - Bundle 64bit JVM with RPM artifact
[OF-1117] - Improve performance of monitoring plugin by adding database indexes.
[OF-1123] - Should not offer SASL mechanisms when there's no implementation.
[OF-1124] - Changing SASL config should not require restart
[OF-1125] - Use StreamID class instead of plain string
[OF-1133] - Allow JSP compilation with developmentMode=true
[OF-1147] - Improve Plugin Management
[OF-1149] - Improve (plugin) build speed
[OF-1150] - Add support for muc#roomconfig_allowpm
[OF-1162] - Update bundled postgresql driver to 9.4-1209
[OF-1170] - File Transfer Proxy should list on all addresses
[OF-1172] - Add support for a wildcard DNS override
[OF-1182] - Remove obsolete Releases news from RSS and expand Blog section
[OF-1184] - Improve Domain field's tooltip in the setup process
[OF-1189] - Get enum value from JiveGlobals
[OF-1194] - SMS notification
[OF-1196] - System properties should not be shortened when unnecessary.
[OF-1198] - Improve MUC error handling (don't try to respond to responses)
[OF-1205] - Show message when plugin manager is working
[OF-1227] - Improve Plugin servlet filter functionality
[OF-1238] - Introduce LocalMUCRoomManager to encapsule the simple management for LocalMucRooms
[OF-1241] - Add NT Hashing for JDBC connections
[OF-1244] - Help evaluate DNS SRV config

4.0.4 -- Dec 1, 2016

Bug

[OF-266] - Fastpath Form UI page in Admin Console doesnt show images
[OF-1141] - PEP nodes return no items when asked for all of them
[OF-1152] - XmlDebugger not printing non-interpreted xml traffic
[OF-1174] - MUC should respond to IQ queries
[OF-1177] - .deb requirement of default-jre is too strict and does not allow for side loaded Oracle
[OF-1180] - BOSH endpoints redirect all the requests with the trailing slash
[OF-1201] - BOSH servlet should close async context on exception
[OF-1202] - Proxool disconnects active threads after 5 minutes
[OF-1209] - s2s connection settings whitelisting does not work / console UI broken
[OF-1210] - correct time-to-live-seconds and MaxLifetime settings for hazelcast
[OF-1223] - Messages loaded from ofOffline are not sorted by time stamp leading to out-of-order receipt
[OF-1226] - Enable use of wildcard when searching users in LDAP

Task

[OF-1158] - Update installation package with the latest Java JRE

Improvement

[OF-1142] - Improve documentation part about UAC on Windows
[OF-1211] - Fix description of Broadcast disabling option in Client Control plugin
[OF-1221] - Add options from default.properties to Client Control plugin

4.0.3 -- Aug 17, 2016

Bug

[OF-1116] - Java 7 incompatibility
[OF-1118] - Check encryption protocol & cipher suite configuration against currently available ones.
[OF-1119] - TLS failure when certificate chain is a tree
[OF-1126] - AbstractGroupProvider hides exception from interface definition
[OF-1157] - max_items ignored for some admin commands
[OF-1165] - Stored Cross-Site Scripting
[OF-1168] - Invalid Oracle DDL statements for Oracle 11g
[OF-1169] - Debian dpkg java requirements should allow for java 7 or java 8

New Feature

[OF-1128] - Avatar Resizer plugin

Task

[OF-1062] - Update installation package with the latest Java JRE

Improvement

[OF-1099] - Update StartCom Class 1 DV Server CA
[OF-1120] - Change default behavior of Email on Away plugin
[OF-1161] - Sync Openfire's truststore with Mozilla's shipped CAs

4.0.2 -- Mar 21, 2016

Bug

[OF-829] - Ghost sessions left on a server when using Pidgin client
[OF-954] - Openfire clustering fails to correctly sync MUC room occupants
[OF-1082] - Fix unicode read on BOSH
[OF-1083] - Cannot join room in a cluster after an availability update
[OF-1087] - Monitoring plugin gives invalid responses
[OF-1090] - Outcasts should not be allowed to register with room

Improvement

[OF-1086] - Update bundled JRE to 1.8u74
[OF-1089] - XEP-0313: send IQ result only after messages
[OF-1107] - Add option to not show email in Email on Away plugin

4.0.1 -- Jan 26, 2016

Bug

[OF-1040] - Banning users from room does not result in proper exit
[OF-1041] - Using AD specific attribute breaks OpenLDAP support
[OF-1042] - NPE in stanza handler (after failed TLS?)
[OF-1045] - NPE with cluster management if cluster has not been started
[OF-1046] - Error 503 emitted sending update notifications to offline admins that are over offline storage quota
[OF-1051] - ConcurrentModificationException in PluginManager
[OF-1053] - i18n params fail when text has apostrophe
[OF-1054] - IllegalStateException when destroying MUC room prevents unavailable broadcast to be sent

Improvement

[OF-1048] - Should not store chat state messages
[OF-1049] - Improve Certificate Store Management
[OF-1055] - Remove exclamation mark from the Search button
[OF-1057] - Upgrade Jetty to latest patch release of its 9.2 branch.

4.0.0 -- Jan 11, 2016

Sub-task

[OF-454] - Openfire does not send user presence information to all resources of the user
[OF-547] - Create branch of code to test-drive new setup.
[OF-631] - Implement SCRAM support
[OF-834] - Admin console login.jsp allows redirects to non-local URIs
[OF-997] - Admin Console: Frameable Response (potential Clickjacking)
[OF-1022] - Reflected XSS vulnerability in muc-room-edit-form.jsp params in Admin Console

Bug

[OF-122] - Shouldn't allow subject change, when it is forbidden in room settings
[OF-317] - Subscribe with Response Unsubscribed Causes Roster Push to Responding Client
[OF-373] - Ant buildscript should not check for explicit Ant version numbers
[OF-484] - Windows installer getting stuck on Uninstalling the previous version
[OF-509] - Unable to disable weak ciphers
[OF-793] - javax.net.ssl.SSLException: Unsupported record version Unknown-47.115
[OF-798] - Embedded RSS/community links need to be updated for new (SSL) locations
[OF-821] - MUC service returns wrong number of occupants and duplicate occupants in service discovery
[OF-856] - Monitoring plugin uses secs attribute relative from beginning message instead of last message
[OF-868] - User name update does not propagate to the affected roster(s)
[OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
[OF-898] - Timestamp parsing fails when fractions of seconds are supplied.
[OF-905] - Admin console taglib URI does not correspond with usage.
[OF-906] - SSO does not work with Openfire + Java 8
[OF-913] - lib/log4j.xml should be denoted as a config file in the installers
[OF-915] - Private Storage should return an error if feature is disabled
[OF-918] - Character encoding issue in BOSH
[OF-919] - Update jDTS driver to 1.3.1 Release
[OF-921] - MUC Group ACLs are not updated when users join a group
[OF-922] - Major performance hit with MINA 2.0.9 vs 2.0.7
[OF-928] - Error with adding presence to MUC presence stanza
[OF-930] - Overlay enhancements
[OF-932] - XEP-0202 Entity Time should respect Daylight Saving Time
[OF-934] - Buildscript: preset javac configuration should have all shared properties
[OF-936] - Plugins build should fail fast by default
[OF-939] - NPE in ScramSha1SaslServer#getStoredKey
[OF-958] - Setup fails with StackOverflowException
[OF-959] - Database installation script does not set correct version
[OF-964] - message body tag getting empty xmlns set sometimes when BOSH client is in MUC room
[OF-974] - Copy cache content when updating cache factory strategy
[OF-976] - Language is not properly set in HttpSession
[OF-982] - jabber:iq:last queries without 'to' attribute should not return server uptime
[OF-983] - Deadlock (federation)
[OF-984] - Deadlock (MUC / federation?)
[OF-985] - Missing to attribute in stream open
[OF-986] - Dialback verify-only connections do not negotiate TLS
[OF-987] - MUC Freezes when someone joins from federated domain
[OF-988] - Sometimes, messages are duplicated in MUC
[OF-989] - BOSH packet delivery fails for larger packets with WritePendingException
[OF-992] - BOSH fails when disabling/re-enabling the port
[OF-995] - Parent Plugin case sensitivity
[OF-996] - NullPointerException on Admin Console /audit-policy.jsp
[OF-998] - Openfire build should not need internet connectivity
[OF-999] - BOSH worker threads should be configurable
[OF-1000] - Audit file log rotation causes NullPointerException
[OF-1002] - NPE during connection close with XEP-0198
[OF-1003] - Exception during <a/> propcessing in XEP-0198
[OF-1008] - Iteratively failure to deliver message
[OF-1009] - [s2s] Federation issue with talkonaut.com
[OF-1010] - LDAPS fails
[OF-1023] - Roster cache not being updated for shared group changes
[OF-1025] - web-custom.xml fails to load
[OF-1028] - NoSuchElement Exception in XEP-0198 support

Improvement

[OF-675] - Add a comment about restarting in Managing Plugins section of documentation
[OF-844] - CertificateManager logs useless warning messages
[OF-892] - Mutual authentication support
[OF-925] - AdHoc SessionData should be extensible
[OF-931] - Improve installation guide
[OF-935] - During build, parentPlugin should be on classpath
[OF-940] - Update bundled postgresql driver to 9.4-1202
[OF-951] - Drop support for the Solaris platform
[OF-953] - Replace antiquated JSP libraries
[OF-956] - Admins should be able to configure cryptographical protocols & cypher suites
[OF-957] - AuditManager Module does not load properly
[OF-969] - Delete URLUTF8Encoder.java in favor of java.net.URLEncoder.
[OF-970] - Modernize XMLProperties with Java NIO.2 File API
[OF-971] - Add PropertyListener support to AuditManagerImpl
[OF-972] - Remove unused classes
[OF-973] - Tests should retrieve resources from the classpath rather than files.
[OF-975] - JDBCAuthProvider: add support for bcrypt and more
[OF-981] - Remove 'ant-jive-edition' and 'qdox' libraries from build
[OF-991] - In Ant buildfile, use properties instead of hardcoded value.
[OF-993] - Remove thread factory code duplication
[OF-1004] - Improve connection configuration in admin console
[OF-1005] - Undo module loading driven by a file
[OF-1007] - Improve support for whitelisting/blacklisting client IP addresses
[OF-1011] - When importing PEM certificates, ignore leading/trailing whitespace
[OF-1029] - Overlay should be able to override web.xml
[OF-1033] - Orderly shutdown of MUC Service

New Feature

[OF-446] - Implement XEP-0198: Stream Management
[OF-682] - Add Portuguese translation
[OF-923] - FileTransferManager should generate 'complete' event.
[OF-946] - Allow for multiple sets of keystores
[OF-947] - Overlay should support i18n
[OF-948] - Overlay should allow modification of src/resources
[OF-950] - Buildscript should be able to clean one plugin
[OF-967] - Add option to use Name as a nickname when adding muc bookmark

Story

[OF-990] - Remove support for Legacy Date Time (XEP-0090 / 91)

Task

[OF-767] - Bundle Openfire with Java 8 SE JRE
[OF-1001] - Drop Clearspace support
[OF-1016] - Add explanation to setup about default admin password

3.10.3 -- Nov 17, 2015

Bug

[OF-332] - ldap.connect.timeout not working with SSL connection
[OF-477] - SASL server in OF creates digest-uri based on xmpp.fqdn but it sends xmpp.domain to the client
[OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
[OF-887] - ldap.readTimeout not used when LDAP getContext() is called for queries
[OF-903] - ISE attempting to write data to a closed/closing session
[OF-918] - Character encoding issue in BOSH
[OF-926] - Clients can't authenticate using LDAP SSL
[OF-938] - BOSH packet namespace issue
[OF-949] - Offline message delivery failures
[OF-954] - Openfire clustering fails to correctly sync MUC room occupants
[OF-966] - failure tag not closed for TLS Negotiation Failure

New Feature

[OF-933] - Update websocket support per RFC 7395

3.10.2 -- Jun 22, 2015

Bug

[OF-992] - Downgrade Apache MINA to version 2.0.7 to fix performance and 100% CPU issue
[OF-924] - Enable LDAP SSL Connection Pooling

3.10.1 -- Jun 16, 2015

Bug

[OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
[OF-883] - High CPU usage and hangup after a few days of running
[OF-889] - NPE on Admin Console (client sessions listing)
[OF-907] - SSLv2 Hello is rejected; prevents some clients connecting
[OF-909] - BOSH response should return ack attribute
[OF-910] - MUC de-synchronization issues
[OF-916] - Deadlock with MINA sslFilter

3.10.0 -- April 20, 2015

Bug

[OF-116] - Add a text explaining the path used for http-binding
[OF-397] - Do not deliver offline messages to clients with negative priority
[OF-405] - Openfire fails to verify chained certificates
[OF-444] - Jingle Nodes plugin should use lowercase in i18n file's name
[OF-460] - Debug log is not saving its state between restarts
[OF-474] - OpenFire still provides entry forms for already-registered room users
[OF-560] - Restore or drop support for Pack200 compression
[OF-565] - ConnectionHandler has parsing problems due to use of hashcode under heavy load.
[OF-629] - Remove XMPP Sessions
[OF-670] - MUC user count not kept in sync across cluster nodes
[OF-736] - Openfire should return <incorrect-encoding/> SASL failure, when not using base64 encoding
[OF-754] - Lock out user option works incorrectly in some cases
[OF-778] - Setup LDAP broken during initial openfire configuration
[OF-786] - Muc - grant membership: nickname is not stored
[OF-794] - Client sessions for failed cluster nodes are not being cleaned up properly
[OF-795] - Unable to disable Message Carbons after they have been enabled by the client
[OF-796] - Plugin version check should be numeric rather than textual
[OF-799] - Changing server 2 server idle settings has broken UI
[OF-800] - Encryption setting wrong when adding a property via System Properties page
[OF-802] - MUC Invites result in 404
[OF-803] - Message Carbons may throw org.dom4j.IllegalAddException, resulting in disconnection
[OF-804] - Joining a locked MUC room should return <item-not-found/> instead of <recipient-unavailable/>
[OF-805] - [MUC] OF does not return all affiliated users when requesting multiple affiliations
[OF-806] - Flash client connection closing with invalid_namespace error
[OF-807] - S2S whitelist form saving domains with "-" without it
[OF-811] - Remove deprecated "xml-not-well-formed" error in favor of "not-well-formed"
[OF-812] - Monitor plugin fails to handle start date properly
[OF-813] - Memory leak
[OF-818] - Message routing to bare JID can route to negative priority resources
[OF-819] - IQs (e.g. XMPP Pings) of type error get falsely routed to IQ.createResult() which results in an Exception and connection termination
[OF-822] - If a non-occupant sends a request to an occupant, a MUC service MUST return a <bad-request/> error.
[OF-823] - Numeric overflow in MUCPersistenceManager when loading history older than 24 days.
[OF-830] - LDAP shared groups disappear after some time
[OF-832] - Monitoring plugin fixes
[OF-837] - PubSub should return non-persistent items (last published item)
[OF-839] - Forwarded extension should not overwrite extension namespaces of the forwarded message.
[OF-840] - BOSH <stream:features> does not include <register/>
[OF-845] - XSS vulnerability in Monitoring Service pages in Admin Console
[OF-849] - Error decoding subjectAltName DERTaggedObject cannot be cast to ASN1Sequence
[OF-853] - XEP-0077 Registration must return <not-acceptable/> if username or password are unspecified.
[OF-855] - Openfire looses messages when multiple senders send messages to the same receiver that looses connection
[OF-857] - c2s stop responding, new connections hang
[OF-859] - Remove static service id reference in Node.class
[OF-860] - No MUC status code 110 (self-presence) after joining a room with more than one user
[OF-861] - Disable SSLv3 by default as per POODLE vulnerability
[OF-863] - Multiple NPEs encountered when running under high load/latency in cluster mode (via hazelcast plugin)
[OF-864] - Cleanup routes from defunct cluster member servers
[OF-866] - Unexpected "session not found" errors under load
[OF-870] - stanza with multiple "to" attributes generated after restart
[OF-874] - disco#items request SHOULD return connected or available resources
[OF-875] - Roster requests to bare JID of the user are not responded
[OF-876] - IQRosterHandler does not respect error cases in RFC 6121 § 2.3.3.
[OF-877] - BOSH connector does not properly restart after a configuration change
[OF-878] - NPE in MINAStatCollector
[OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
[OF-884] - Auditor uses wrong hour for file rotation
[OF-885] - Use non-blocking, async API for BOSH servlet
[OF-886] - Openfire fails to parse CDATA when it ends with sequence ]]]>
[OF-888] - s2s locks up with gmail
[OF-890] - BOSH client connections sometimes failing
[OF-894] - Openfire tries to close a closing session over and over.
[OF-895] - Update postgresql driver to support PostgreSQL 9.4
[OF-896] - Default client compression inconsistency
[OF-897] - GZipFilter fails on Async BOSH servlet

Improvement

[OF-189] - do not use com.sun.* classes
[OF-593] - LocaleUtils.java_dots_ to_underscores_i18n _bundles
[OF-797] - Move ant-tasks in subdirectory (and delete ant.jar)
[OF-801] - Extend ant build script to support multi-platform binaries that do not have a file extension
[OF-828] - Add the MUC service plugin to Openfire plugins
[OF-835] - Prevent fast clients flooding Openfire causing OutOfMemoryError
[OF-838] - Allow for custom lib and conf file placement
[OF-841] - Add a note about UAC to the Installation Guide
[OF-842] - Additional properties in User Properties view
[OF-847] - Upgrade bouncycastle from 1.50 to 1.51
[OF-850] - Improve initialization state for JiveGlobals
[OF-869] - Update Jetty to 9.2.x version
[OF-893] - Mutual Authentication Broken for BOSH

New Feature

[OF-69] - Add "Groups user belongs to" column to the User Summary page
[OF-179] - Allow MUC permissions to be set using groups
[OF-250] - Allow to configure the groups of a user from the user profile
[OF-324] - Offline Email Notification
[OF-843] - Upgrade clustering components for new Session API method

Task

[OF-421] - Update MINA library to latest version
[OF-466] - Drop Java 5 support
[OF-709] - Update Jetty from 7.4 to 9.1
[OF-831] - A typo on Database Settings page during setup
[OF-901] - Update bundled JRE to 1.7.0_76

3.9.3 -- May 6, 2014

Bug

[OF-2] - LocalOutgoingServerSession logs connection failures over verbosely
[OF-746] - Use update-alternatives to set JAVA_HOME on debian
[OF-779] - fetching from LDAP should escape results
[OF-780] - Update reCaptcha for HTTPS
[OF-781] - ConcurrentModificationException in kickPresence
[OF-782] - Wrong URL generated for editing groups with space in the names
[OF-783] - Apply encryption to secure properties during setup
[OF-784] - Possible NullPointerException in MessageRouter logic
[OF-787] - TLS server to server connections are not working with 3.9.2
[OF-788] - UserService plugin should not reset group properties when adding user to group
[OF-789] - Invalid token in Pubsub item purge SQL
[OF-791] - Joining new MUC room results in a 404 error

Improvement

[OF-744] - Replace package.html with package-info.java

3.9.2 -- May 1, 2014

Bug

[OF-24] - "Issue with IQ subscription="remove"
[OF-114] - Clearing cache can lock up MUC
[OF-183] - Bad-namespace prefix is actually invalid-namespace?
[OF-193] - Last logouts are not recorded when server is shut down
[OF-297] - fix: mutual roster deletion problem
[OF-303] - fix Flexible Offline Message Retrieval (XEP-0013) support
[OF-455] - Some unicode pattern in status message can break the session connection
[OF-471] - Error integrity of the compressed stream
[OF-544] - MUC change affiliation/role - admin IQ item processing bug
[OF-562] - Broadcasting roles for MUC are not loaded correctly from DB
[OF-633] - Current OfflineMessageStore logic discards valid MUC invites
[OF-640] - log4j doesn't pick up ${openfireHome}
[OF-669] - Visually failed first login to Admin Console
[OF-686] - Anonymous registration permits name with javascript payload
[OF-687] - MUC topic permits javascript payloads
[OF-692] - Node column in ofSecurityAuditLog table should accept NULL entries
[OF-693] - openfire init script target reload should not call restart
[OF-699] - Race condition during cluster initialization (Hazelcast plugin)
[OF-705] - Admin console (XSS) vulnerability lets attacker change admin password or create new admin
[OF-706] - Openfire does not close the stream with a stream error if the namespace is not 'http://etherx.jabber.org/streams'
[OF-717] - The BOSH implementation should include a 'from' attribute in its session creation response.
[OF-720] - Roster deletion of userB by userA should not remove userA from userB's roster
[OF-722] - Openfire should save XEP-0184 delivery receipts as offline message
[OF-725] - Openfire must return a service-unavailable error when blocking an IQ of type get or set because of a privacy list. OF should return error if a message stanza is blocked
[OF-731] - HybridUserProvider does not initialize correctly
[OF-733] - OF should not silently close a connection, when receiving a message without 'to' attribute
[OF-734] - Openfire cannot deal with SASL <abort/>
[OF-735] - Openfire should return <invalid-mechanism/> SASL failure, when requesting an unknown mechanism
[OF-741] - Debian Installer should allow Java7 as a prereq
[OF-742] - MUC Service sends "disturbing" service messages.
[OF-743] - MUC room does not return its identity or features, when querying for room info
[OF-745] - Use TLS-dialback even if that mechanism is not advertised
[OF-746] - Use update-alternatives to set JAVA_HOME on debian
[OF-751] - NPE on PubSubEngine#shutdown on server shutdown
[OF-753] - Improve init script to work with opensuse and fix logic with PID file
[OF-755] - Monitoring plugin database fixes
[OF-756] - Fix Postgres purge process error
[OF-757] - Allow s2s message of subdomain of XMPP domain when no components are found
[OF-759] - Update bundled postgresql driver to PostgreSQL 9.3 JDBC4 (build 1101)
[OF-760] - MUC service does not include "self-presence" status code 110
[OF-761] - OF must return <jid-malformed/> instead of <bad-request/> when joining a MUC room without nickname
[OF-769] - Fix typo in monitoring plugin
[OF-770] - CVE-2014-2741 Uncontrolled Resource Consumption with XMPP-Layer Compression
[OF-772] - IQ type="result" getting java.lang.IllegalArgumentException
[OF-774] - Needless code in AuthorizationManager

Improvement

[OF-163] - fix RosterItemProvider.getItems() for Oracle
[OF-298] - EntityCapabilityManager should not use a clustered cache
[OF-309] - Privacy Lists drop messages silently
[OF-411] - Admin or owner should be able to join a room when it has reached maximum occupants number
[OF-464] - Verify if there were packets pending to be sent and decide what to do with them
[OF-569] - Add deluser adhoc command
[OF-592] - build.xml_chmod_executables.patch
[OF-594] - PluginServlet.java_support_registering_servlets_programmatically.patch
[OF-729] - Upgrade Hazelcast plugin to latest release version (3.1.x)
[OF-730] - Migrate operational configuration properties from openfire.xml to DB
[OF-749] - Upgrade bouncycastle library from 1.49 to 1.50 to keep up with JitsiVideobridge
[OF-764] - Group chat history (MUC) should match configuration after server restart
[OF-771] - MUC service should flush recent history before shutting down

New Feature

[OF-125] - Restrict discovery of rooms based on users membership
[OF-206] - Add HybridUserProvider
[OF-347] - The domain should add support for Last Activity requests
[OF-638] - Add support for XEP-0202: Entity Time
[OF-682] - Add Portuguese translation
[OF-714] - Add ability to encrypt properties so they are encrypted in the db and do not appear in the admin console.
[OF-758] - Add support for XEP-0280 "Message Carbons"
[OF-775] - Improve logging of invalid presence show

Task

[OF-728] - Update installation package with the latest Java JRE

Sub-task

[OF-10] - Pubsub event message with SHIM information holding multiple subscriptions should have the name='SubID'.
[OF-103] - [MUC] Allow nicknames to be used more than once in the same room

3.9.1 -- Feb 6, 2014

Openfire Improvements

[OF-697] - Update bundled MySQL JDBC driver to the newest 5.1.x version
[OF-715] - Update Openfire bouncycastle library from 1.46 to 1.49

Openfire Features

[OF-727] - Configuration option to disable presence broadcast for other resources on single user

Openfire Tasks

[OF-513] - Update installation package with the latest Java JRE (1.7.0_2 or higher)

3.9.0 -- Feb 5, 2014

Openfire Bug Fixes

[OF-454] - Openfire does not send user presence information to all resources of the user
[OF-496] - javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
[OF-676] - Pressing on workgroup in Fastpath causes an exception
[OF-677] - Monitoring Plugin - "Null" reappearing in Archive for Message Body
[OF-678] - Monitoring Plugin - Ever expanding Index
[OF-680] - Packet Filter Plugin does not allow creation of wildcard rules
[OF-718] - Fix Debian initscript to support more JAVA_HOME paths
[OF-719] - Userservice plugin leaves user roster items in DB when user is deleted

Openfire Improvements

[OF-654] - Openfire failes to create tables on MySQL 5.6
[OF-679] - Packet Filter - Add option for "All Groups" and auto creation of rules based on Openfire Group Settings
[OF-700] - Add a method to refresh a MUC room
[OF-701] - Better group properties handling
[OF-703] - UserService Plugin - Auto-create shared groups if not existing
[OF-704] - Make LDAP connection timeout configurable

Openfire New Features

[OF-681] - Add ability to search plugin to be able to restrict searching for users to only the group a user is in
[OF-716] - Add Jitsi Videobridge plugin to Openfire plugins

Openfire Task Fixes

[OF-698] - Bump version on all bundled openfire plugins, bump min version due to distributing java6 binaries now

3.8.2 -- May 28, 2013

Openfire Improvements

[OF-342] - Add CORS headers to HTTP-Binding/BOSH
[OF-393] - Group names with <> should be properly HTML escaped
[OF-650] - Add support for X-Forwarded-For (XFF) headers from proxied BOSH clients
[OF-655] - Add configurable JMX support
[OF-657] - Merge Atlassian Crowd provider into Openfire core
[OF-660] - Enhance the sessions pages (summary/detail) in the admin console
[OF-674] - Add roster management capabilities to userservice plugin

Openfire Bug Fixes

[OF-14] - Subscriptions to pubsub node should be based on the JID as supplied, not the bare JID
[OF-108] - Admin Console is adding BR tags when editing system property containing string with newlines
[OF-453] - Ensure HttpSession is terminated properly by session reaper
[OF-465] - Kicking MUC occupant on server is not propagated to clients
[OF-476] - FlashCrossDomainHandler causes infinite loop under some circumstances
[OF-477] - SASL server in OF creates digest-uri based on xmpp.fqdn but it sends xmpp.domain to the client
[OF-595] - Security audit logviewer is not escaping tags
[OF-646] - XmppDateTimeFormat is unable to parse date Strings
[OF-653] - BOSH deadlock
[OF-656] - Fix crossdomain.xml for BOSH
[OF-659] - JDBCUserProvider returns all users for a paginated search
[OF-661] - MUC Topic/Subject change not propagated to other cluster nodes
[OF-664] - Monitoring archive shows null in room chat logs
[OF-665] - MUC changes/activities do not propagate across cluster nodes
[OF-666] - Pubsub items should be created using cluster time rather than local time
[OF-667] - Monitoring plugin bad SQL for upgrade
[OF-668] - Pubsub items (persistent) may be dropped in certain cases
[OF-671] - XSS in server2server.jsp
[OF-673] - Should include a 'to' attribute in initiating s2s streams

Openfire New Features

[OF-651] - Monitoring plugin should have an option to purge and restrict

3.8.1 -- March 3, 2013

Openfire Improvements

[OF-597] - Increase performance of fetch last pubsub item for a node
[OF-614] - Add /usr/lib/jvm/default-java to the collection of default locations to look for a JRE

Openfire Bug Fixes

[OF-102] - Deleting user does not clear out ofUserFlag
[OF-415] - Group disappears from the Group Summary view after editing its details
[OF-596] - Last published item is not loaded when leaf node is loaded into memory.
[OF-610] - Restore shared group support for read-only GroupProviders (LDAP)
[OF-612] - Upgrade bundled JRE to last version...
[OF-613] - RPM build failure with
[OF-615] - Improve Robustness of loading MUC service at startup
[OF-616] - Can't see newly created groups in Admin Console after the upgrade to 3.8.0
[OF-617] - Fastpath plugin fails to build
[OF-618] - Error in Admin console, MUC
[OF-619] - GoJara plugin library has Java-6 code
[OF-620] - JustMarried plugin library has Java-6 code
[OF-621] - JustMarried plugin throws NullPointerException
[OF-623] - PubsubPersistenceManager does not load nodes properly if the hierarchy has more than two levels.
[OF-624] - Illegal JID when configuring a created MUC room
[OF-627] - Update rpm bundled JRE 1.6u41

3.8.0 -- February 6, 2013

Openfire New Features

[OF-204] - Add clustering support to Personal Eventing via Pubsub
[OF-205] - Add clustering support to pub-sub
[OF-240] - Show last history messages in room with a specified age
[OF-483] - JDBCUserProvider hardcodes searchSQL
[OF-543] - Support OpenJDK for Debian build

Openfire Improvements

[OF-197] - Make openfire's plugin unloading -> loading more robust
[OF-278] - Do not load all the system user to memory for shared groups
[OF-342] - Add CORS headers to HTTP-Binding/BOSH
[OF-448] - Add support for Ant 1.8
[OF-481] - Upgrade Jetty from 7.0.1 to 7.5.4
[OF-497] - Properly determine size of Collections to be cached
[OF-506] - Phase out JettyLog
[OF-507] - Improve logging of failed roster updates
[OF-517] - Openfire should ignore Othername formats it doesn't understand
[OF-524] - When closing a session as a result of a problem, send a <stream:error> stanza.
[OF-529] - Allow users to get their own presence via presence plugin
[OF-535] - Fixed Lithuanian translation for the Search plugin
[OF-537] - Update Russian translation
[OF-561] - Update Webchat for Jetty 7
[OF-566] - Add RPM noarch build capability
[OF-575] - Fix the installation guide (Custom Parameters)
[OF-579] - Allow configuration of hazelcast plugin from outside the plugin jar
[OF-581] - Improve startup script for RedHat
[OF-582] - Improve locking on user's properties
[OF-602] - Hazelcast clustering plugin improvements
[OF-607] - When serializing JID instances in a cluster, do not use the (expensive) JID constructor

Openfire Bug Fixes

[OF-39] - The storage of items in memory in a persistent LeafNode is a memory leak
[OF-191] - store offline messages with empty body for pubsub
[OF-270] - Duplicate entry 'user xxx' for key 1 -- Exposed during load testing.
[OF-271] - fix "duplicate key violates unique constraint "ofpresence_pk""
[OF-419] - FastPath Web Authentication Bug
[OF-439] - Memory leak in PEP service
[OF-443] - S2S doesn't work (dialback broken)
[OF-480] - Logs directory is not created in the correct location on some systems
[OF-498] - "Supplied key (null) is not a RSAPrivateKey instance" error in the Server Settings / Server Certificates screen
[OF-510] - Buildfile fails if ran using Java 1.7
[OF-514] - BOSH terminate stanza needs terminate attribute
[OF-516] - user-roster-add.jsp has wrong name for groups textfield
[OF-518] - Admin Console saving 'CHOOSE' for a STUN address, which causes annoying traceback
[OF-522] - Upgrade bundled JRE to 1.6u30
[OF-525] - Creating chatroom on console yields "room_already_exists" error when it does not
[OF-526] - Deleting room and specifying invalid alternate room JID causes trouble
[OF-527] - muc-create-permission.jsp displays an immediate error without adding users
[OF-533] - TLS filter applied to non-SSL connections does not use configurable algorithm
[OF-539] - HybridUserProvider does not load tertiaryClass due to typo
[OF-540] - Prevent NPE in LdapVcardProvider.java
[OF-542] - Fix Deprecated use in Log.java
[OF-558] - Improve BOSH robustness when connections drop for unknown reasons
[OF-564] - User import/export plugin concatenates group names in export
[OF-567] - zlib inflate synchronization issue
[OF-572] - The node configuration form does not contain the parent, children or type on a configured node.
[OF-573] - Thread synchronization issues with HttpSession/BOSH
[OF-584] - Fix DNS SRV support
[OF-586] - Deliver event notifications to all subscribed JIDs
[OF-588] - PEPService fails to be added to a clustered Cache
[OF-589] - improve JAVA_HOME detection in openfire.sh
[OF-590] - Console error in session view when a cluster member goes offline
[OF-591] - NullPointer exception thrown when deleting rooms via the Webinterface
[OF-598] - database.defaultProvider.testAfterUse/testBeforeUse should default to false
[OF-600] - Let a client to ask for the history messages of a specific date (XEP-0045)
[OF-601] - NPE with Privacy Lists while in cluster mode
[OF-605] - PEPHandler tries to cache presence for the entire world
[OF-606] - MUC room destroy can fail when no alternate JID is supplied
[OF-608] - ClassCastException: org.jivesoftware.openfire.component.InternalComponentManager$RoutableComponents cannot be cast to org.jivesoftware.openfire.session.OutgoingServerSession

Openfire Completed Tasks

[OF-352] - Change license to Apache
[OF-467] - Update build.xml to check for Java 7
[OF-511] - Upgrade BouncyCastle from 1.45 to 1.46
[OF-534] - Make the STUN implementation a plugin
[OF-98] - Bug in xmlns for grantowner and grantadmin / not in sync with JEP-0045
[OF-495] - A RosterItem could only be in one group
[OF-499] - Update org/jivesoftware/util/log/util/JettyLog to the Jetty 7.6.0/8.0 API
[OF-603] - Transport sends subscribe-Presence that can be denied

3.7.1 -- October 1, 2011

Openfire Improvements

[OF-370] - Allow any member to retrieve the room's member list even if not yet an occupant (2 votes)
[OF-436] - Add default-jre-headless to the list of dependency-alternatives for Debian
[OF-450] - Add StartCom CAs to truststore
[OF-451] - Add log category to logging output
[OF-452] - Improve SASL over Dialback for server-to-server connections
[OF-468] - Ensure presence subscription works with bare JIDs
[OF-479] - Response to jabber:iq:version should include proper OS information

Openfire Bug Fixes

[OF-99] - [patch] small session establishment issue
[OF-112] - LDAP group provider filter enhancement
[OF-363] - Openfire is using muc#owner instead of muc#admin to change group chat affilations
[OF-405] - Openfire fails to verify chained certificates (3 votes)
[OF-431] - Openfire 3.7.0 Mac installer won't install
[OF-433] - Fix LSB init for Debian
[OF-440] - Typo in MultiUserChatServiceImpl with forms
[OF-443] - S2S doesn't work (dialback broken) (20 votes)
[OF-445] - HTTP session packet count from server always 0
[OF-457] - Typo in search_i18n.properties
[OF-458] - XMPPDecoder has a decode problem for UTF-8 (1 vote)
[OF-459] - Search on MUC service always empty
[OF-472] - Fix the link to java regex tutorial in readme

3.7.0 -- March 2, 2011

Openfire New Features

[OF-21] - Add JiveGlobal options for FlashCrossDomain
[OF-22] - Be able to set default room properties from the admin console
[OF-43] - Add reCAPTCHA check for registration via web
[OF-45] - Search plugin lithuanian translation
[OF-61] - allow admin console to only listen on specific device
[OF-66] - StartTLS for LDAP queries
[OF-71] - flash cross domain handler property
[OF-80] - Allow components tocreate nodes for pubsub
[OF-127] - [patch] Prepend string to broadcast messages
[OF-222] - Add disable/enable (unlock/lock) type to UserService plugin
[OF-223] - Add "Last Logout" to search plugin results on admin console
[OF-359] - broadcast-plugin: allow broadcasting to all (online and offline) users
[OF-60] - Add Russian Translation to Admin Console
[OF-379] - Add Jingle Relay Nodes plugin
[OF-401] - Add sha256 and sha512 support to JDBCAuthProvider

Openfire Improvements

[OF-1] - Replace code with Tinder
[OF-4] - Search result columns that contain JIDs should be marked as type JID-SINGLE, instead of TEXT-SINGLE
[OF-18] - MUC Private Conversation Logging
[OF-28] - Change the order of showing Signing requests on the Server Certificates page
[OF-46] - Upgrading Openfire to use Jetty 7 Continuations
[OF-47] - Add a comment about remote setup and administration
[OF-49] - UserService plugin should check over username before handing over to UserManager
[OF-53] - Replace custom logging implementation with a third party library
[OF-54] - Allow for Serializable collections to be processed by ExternalizableUtilStrategy
[OF-58] - Log the username of failed SASL logins
[OF-63] - MUC affiliation improvements
[OF-65] - Migrate license from GPL to Apache 2.0
[OF-67] - init script improvement
[OF-76] - Limit the size of queues
[OF-78] - Update Tinder to 1.2.1
[OF-88] - Update installation package with the latest Java JRE
[OF-109] - Webchat adds double quotes to the value of auto-populated elements in Workgroup Web Form
[OF-131] - Oracle JDBC documentation needs to be updated
[OF-133] - add source of stringprep to ./build/lib/versions.txt
[OF-140] - Allow to enable/disable if invitations should be sent to new room members
[OF-268] - improve reliability of embedded database
[OF-285] - add XEP-0126 to "Protocol Support"
[OF-327] - Slovak translation update
[OF-328] - Add Slovak translation for the connection manager
[OF-343] - Add @Override annotations
[OF-344] - Add @Deprecated annotations
[OF-349] - User import/export plugin should ignore empty groups
[OF-372] - XEP-0203 support
[OF-377] - RSA key size of CSR should be configurable
[OF-381] - Server Dialback stream should have addressing
[OF-389] - Update bouncycastle library to latest version
[OF-390] - Upgrade Tinder to 1.2.2
[OF-399] - Upgrade Tinder to anything higher than version 1.2.2
[OF-412] - FastPath WebChat adds quotation marks around auto-populated values
[OF-413] - Repeatedly transferring a chat between workgroups in Fastpath
[OF-420] - Disco services become null after the upgrade to 3.7.0 Beta
[OF-424] - Fix a typo in "Transcript Send Error" of Fastpath plugin
[OF-426] - Renaming a group removes it from a groups list and in the clients
[OF-428] - getExtendedInfo creates malformed XML

Openfire Bug Fixes

[OF-5] - Request to get items on persistent pubsub node should not require a subscription id if user has 1 subscription
[OF-6] - Getting specific items from a pubsub node copies the request items into the result packet, which produces an invalid result
[OF-7] - Requst for subscription on a pubsub node returns all subscriptions for all nodes
[OF-12] - Error when publishing multiple items at once to pubsub node
[OF-13] - Pubsub configuration event is incorrect
[OF-16] - Persistent pubsub nodes will not store items unless max_items is set.
[OF-17] - Posting mulitple items to a pubsub node with the same ID will cause a new ID to be generated for the item instead of overwriting the item.
[OF-20] - In pubsub, subscription items include and 'affiliation' attribute which is not in the schema
[OF-23] - OutgoingSessionPromise is not sending error back to the client in s2s scenario
[OF-24] - "Issue with IQ subscription="remove"
[OF-26] - fix password update for JDBC Auth Provider
[OF-27] - Create conferences services with invalid service name
[OF-29] - route.all-resources does not work
[OF-30] - Fix generating of the self-signed certificates after truststore deletion
[OF-32] - Loading and creating rooms with multiple conferences services fails
[OF-33] - Some issues with the first conference service which is manually created.
[OF-38] - Issue with JabberNet and massive subscription requests from the server
[OF-41] - Fix exception on muc-room-affiliations
[OF-42] - Don't allow setup affiliations for invalid JIDs
[OF-44] - Support multiple SRV records, weights, and priorities
[OF-48] - Openfire is sending two unavailable packets after leaving the room
[OF-52] - Possible Memory leaks in PubSubPersistenceManager
[OF-56] - Ignore presence stanza of type "subscribed" without previous subscription request
[OF-57] - typo in pubsub Node.java
[OF-59] - Should handle trailing spaces more gracefully (Room User Permissions)
[OF-62] - Exception shown if one refeshes particular user's session info
[OF-64] - Fix for the "Broadcast presence for" option in the room settings
[OF-70] - Unresponsive clients cause Openfire to run out of memory
[OF-72] - Openfire can't detect broken clients' connections
[OF-73] - Upgrade from OF3.5 fails due to incorrect sqlserver database script
[OF-75] - Packets sent to non-connected components are processed by OutgoingSessionPromise
[OF-77] - IQPepHandler stores JIDs that become available, but never removes them from the cache
[OF-79] - NullPointerException if no DNS SRV records can be found for a particular domain
[OF-82] - Empathy client can cause OOM
[OF-86] - Admin console does not automatically log an admin out after the idle time limit
[OF-87] - DWR in Monitorplugin fails, causes statistics to be inaccessible
[OF-89] - ldap.adminPassword is plain text
[OF-90] - Cross-site scripting attack in the login form
[OF-91] - Client session will be terminate when receiving invalid surrogate characters
[OF-106] - French translation update
[OF-156] - fix LDAP email in vCard documentation (also javadoc)
[OF-180] - Build fails in CI due to new Open Source Clustering Plugin
[OF-211] - userservice plugin should check for null when updating user properties
[OF-212] - Radio button changes wrong option on Registration & Login page
[OF-213] - Revert Postgresql for java 5 support
[OF-214] - Dup Security Audit entry for enabling/disabling db profiling [patch]
[OF-215] - Wrong Clearspace webservice URL used to create avatars
[OF-216] - Presence issues with LDAP and shared groups
[OF-217] - Admin is unable to login after the last step of the setup
[OF-218] - Licence bug, migrate to GPLv3 ?
[OF-219] - fix documentation of auth. provider
[OF-220] - group-edit.jsp text is misleading for contact sharing
[OF-221] - Openfire does not honor option to stop password changes
[OF-301] - audit log files deleted
[OF-330] - Allow MUC room subject to set blank on admin console
[OF-333] - getCachedSize() of Cachable returns incorrect value (causing OOMs!)
[OF-334] - fastpath secure image does not update
[OF-339] - Openfire queries users for disco#info after each presence change (CAPS is being polled)
[OF-346] - BOSH uses incorrect Namespace
[OF-350] - System property for MUC disabling doesnt work
[OF-357] - reading characters of openfire.xml file fails if it is UTF-8 and not "locale" encoded
[OF-358] - fix 2 GB problem within Auditor
[OF-368] - fix and improve ldap paged results
[OF-374] - Ant buildscript should not check for explicit Ant version numbers
[OF-384] - OS X Preference Pane fails to build on newer OS
[OF-391] - Security-related issue reported by Mark Dolinger at August 17, 2010.

3.6.4 -- May 1, 2009

Openfire New Features

[JM-1521] - Use stronger RSA encryption algorithm for certificates creation.

Openfire Bug Fixes

[JM-1531] - ! Prevent users from changing other users passwords. (3 votes). Thanks to Erik HH.
[JM-1516] - LdapGroups assumed all members never in AltBaseDN. (1 vote)
[JM-1520] - Stacktrace of exception while initializing SSLConfig are now logged.
[JM-1534] - DefaultAdminProvider was not including default admin account when there were no admins specified.

Openfire Connection Manager Module

No changes

3.6.3 -- January 8, 2009

Openfire New Features

No changes

Openfire Bug Fixes

[JM-1506] - ! Fixed cross-site scripting attacks in several pages.
[JM-1504] - Fixed error in DefaultGroupProvider.
[JM-1503] - Fixed ClassCastException that prevented certificates from being imported.
[JM-1500] - Flash cross domain handler (port 5229) no longer spit crossdomain.xml immediately.

Openfire Connection Manager Module

No changes

3.6.2 -- November 21, 2008

Openfire New Features

[JM-1039] - Improved unloading of child plugins in plugin manager.
[JM-1314] - Pack200 compression is now optional for plugins.
[JM-1391] - Added direct link to muc-room-occupants on admin console.
[JM-1499] - Updated MINA to latest version.

Openfire Bug Fixes

[JM-1465] - ! IQ packet without 'id' attribute could disconnect other users. (7 votes)
[JM-1495] - Flash clients can now connect to Openfire. NULL chars are now accepted by the server.
[JM-1115] - Stream compression is back again working. (15 votes)
[JM-1496] - HTTPS port is now again working with HTTP Binding. (1 vote)
[JM-1351] - Fixed UTF-8 problem in HttpBindServlet
[JM-1348] - Sessions page autorefresh was showing a blank page in some situations.

Openfire Connection Manager Module

[JM-1495] - Flash clients can now connect to Openfire. NULL chars are now accepted by the server.
[JM-1499] - Updated MINA to latest version.

3.6.1 -- November 14, 2008

! Upgrade Information

Existing installations MUST update to this version to solve security vulnerabilities.

Openfire New Features

[JM-1453] - Optimized level of concurrency on JID class.
[JM-1485] - JDBC providers can now use connections from the DB pool instead of opening new ones.
[JM-73] - Improved radio buttons on offline messages page. (1 vote)

Openfire Bug Fixes

[JM-1489] - ! Authentication could be bypass allowing arbitrary code execution. (2 votes)
[JM-1493] - Fixed leaking of threads in PEP code.
[JM-1492] - AdminManager doesn't handle JIDs properly.
[JM-1487] - LoginLimitManager was checking user connection limit against wrong setting.
[JM-1460] - Fixed typo in tablename when deleting room affiliations.
[JM-1490] - AdHoc command AuthenticateUser now works even if UserProvider is readonly.
[JM-1462] - Fixed NPE on admin console login when username was not completed.
[JM-1473] - Fixed incorrect count of users in chat rooms between cluster nodes.
[JM-1481] - Non-Sasl authentication no longer allows for spaces post- or prepending the provided form data.
[JM-1491] - AdHoc command AuthenticateUser required 'username' field, but was using 'accountjid'.

Openfire Connection Manager Module

No changes

3.6.0a -- August 28, 2008

Openfire Bug Fixes

Fixed database upgrade scripts across the board.
Fixed LDAP quoting issue that was preventing some LDAP setups from working.
Fixed @ translation in login page on failed login.

3.6.0 -- August 26, 2008

Openfire New Features

[JM-405] - Hybrid user provider added.
[JM-752] - Plugin download list now uses a proxy server.
[JM-757] - altBaseDN is now used for group LDAP queries as well.
[JM-1253] - Can now receive users, groups and vcard changes from Clearspace.
[JM-1279] - Username changes in Clearspace now reflected in Openfire.
[JM-1283] - Provided an option for disabling LDAP alias referral following.
[JM-1284] - Added support for multiple conference services.
[JM-1329] - Added Clearspace tab page in Openfire admin console.
[JM-1389] - Added support to restrict login access for anonymous users by IP address.
[JM-1434] - Now using server dialback over TLS when using self-signed certificates.
[JM-834] - Now logging failed login attempts.
[JM-1014] - Admin Console login page now tries to prevent brute force login.
[JM-1033] - Upgraded HTTP-Binding to BOSH version 1.6.
[JM-1117] - Now using paged results in LDAP queries if the LDAP server supports it.
[JM-1136] - Various MUC affiliation improvements completed.
[JM-1277] - Now storing list of providers to use in database for easier clustering support.
[JM-1278] - Now read list of admin users from backend, database driver by default. (can update admin list on the fly)
[JM-1291] - Updated Openfire DB schema to allow Clearspace and it to coexist in the same database.
[JM-1334] - Applied consistent representation of having 'no value' for a particular database entry.
[JM-1335] - Simplified list of events listened by PresenceEventListener.
[JM-1337] - Failure to retrieve a connection from the database pool now triggers an Exception.
[JM-1359] - Now allowing takeover of a MUC nickname if it's by the same account that owns the nickname.
[JM-1361] - Now serving Flash policy file from client port (as well as the previous port).
[JM-1365] - Stacktrace is no longer logged on a failed authentication attempt. (cleans up logs)
[JM-1367] - Wildcards may now be used for external component configurations access rules.
[JM-1368] - Default number of db connections is now higher than worker threads.
[JM-1402] - Now returning IQ reply to the exact component's connection that made the request.
[JM-1414] - Added support for XMPP Ping (XEP-0199).
[JM-1416] - Group properties can now be retrieved from GroupProvider (i.e. a backend).
[JM-1417] - S2S is no longer attempted for subdomains that are known to belong to external components.
[JM-1422] - Now fast-failing packets for remote servers that were received in a few seconds.
[JM-1423] - Increased server dialback timeout limit to 2 minutes.
[JM-1435] - Now preventing empty-bodied messages from being stored in the offline message store.
[JM-1383] - Updated Apache HTTP Client library to latest version.
[JM-1437] - Updated URL that checks the feed for new releases.

Openfire Bug Fixes

[JM-629] - Fixed cross-site scripting bugs in login due to url redirect.
[JM-1100] - authorizedUsernames are no longer case sensitive when using LDAP.
[JM-1178] - Fixed loading child or parent plugin.
[JM-1237] - Nullpointerexception no longer occurs in LocalOutgoingServerSession.
[JM-1268] - LdapGroupProvider no longer throws NPE if LDAP group has unlocatable user in it.
[JM-1310] - ComponentEventListener is now working correctly when running in a cluster.
[JM-1316] - Last screen of setup is no longer throwing NPE when session times out.
[JM-1322] - Clearspace groups provider now works when group name contains spaces.
[JM-1326] - Admin console now adds Clearspace tab after setup.
[JM-1327] - Subscriptions now working when baseDN has a comma that is not a delimiter (unenclosed string).
[JM-1333] - HttpSession#getVersion() should no longer throw NaN exceptions.
[JM-1336] - DBConnectionManager now recovers (retries) from hitting Proxool 'simultaneous-build-throttle' limit.
[JM-1341] - NoClassDefFoundError no longer occurs when logging in.
[JM-1381] - LDAP vcards can now contain $ without throwing errors.
[JM-1393] - LDAP group handler now escapes dollar signs in values when used with regexps.
[JM-1394] - Wildcard server trust can no longer be spoofed.
[JM-1395] - An error is no longer being returned when asking for pubsub subscriptions and none was found.
[JM-1398] - Clustering is no longer using lite events for routing table caches.
[JM-1399] - ClearspaceGroupProvider no longer sends a change event when loading groups.
[JM-1400] - Now less strict with emails when loading a user.
[JM-1401] - External components with several connections now have their disco#info correct.
[JM-1403] - Usernames are now escaped when integrated with Clearspace.
[JM-1405] - Password changes when integrated with Clearspace now work correctly.
[JM-1406] - Handling of Clearspace being down when integrated with CS is handled better on users/groups page.
[JM-1407] - Trying to login to OF admin console when Clearspace while is down no longer throws an exception.
[JM-1408] - Descriptive error message added when logging in to OF admin console while Clearspace is down.
[JM-1409] - White space in OF Admin Console > Group Chat > Room Summary page, below Description column removed.
[JM-1411] - Fixed NPE in HttpSession when closing a connection that was preventing listeners from being triggered.
[JM-1418] - Session details no longer shows user as online when connected but not available.
[JM-1419] - Now checking for potential usage of non-ASCII characters in webservice URL requests.
[JM-1421] - Server now disconnects clients sending invalid XML.
[JM-1424] - When admin is logged in OF and CS is down, the "Config Clearspace" button in OF no longer hangs.
[JM-1425] - NPE fixed when creating a group chat room for the default conference service with CS integration enabled.
[JM-1426] - ClearspaceMUCTranscriptManager is no longer recording events from any conference service other than the designated Clearspace conference service.
[JM-1427] - Cache-control headers on BOSH no longer cause issues with Flash+HTTPS+Internet Explorer.
[JM-1428] - Non-descriptive error message when OF is in an update state fixed.
[JM-1429] - Secured the shared secret of OF's CS integration admin page.
[JM-1439] - Stream Initiation can now be used with things other than but file transfer.
[JM-1440] - Packets sent from entities hosted by components to connected but not-available users are now being routed.
[JM-1442] - Offline presence information when removing user account is now deleted.

Openfire Connection Manager Module

[JM-1444] - Improved cmanagerd to support status and stop parameters.
[JM-1445] - Added support for validating certificates of BOSH clients.
[JM-1441] - BOSH terminate, pause and xmpp:restart requests are no longer considered polling.
[JM-1412] - BOSH session no longer dropped when requests are received out of order.
[JM-1377] - Can now specify hostname or IP address of server to connect.
[JM-1376] - Can now enable/disable client listeners in Connection Managers.

3.5.2 -- June 12, 2008

Openfire New Features

[JM-1373] - IP address of client is now passed when using connection managers.
[JM-1350] - Max buffer size used by parser can now be configured.
[JM-1382] - @DATE@ token is now replaced with build date when building plugins.
[JM-1353] - Added Slovenčina translation.
[JM-1369] - Updated MINA library to latest version.
[JM-1379] - Updated Jetty server to latest version.

Openfire Bug Fixes

[JM-1388] - ! Clients are no longer able to disconnect other clients.
[JM-1372] - ! MUC lock could freeze the entire server.
[JM-1344] - Closing remote connections is now a synchronous operation.
[JM-1355] - Resource conflict when running in a cluster was having synchronization problems.
[JM-1374] - Fixed NPE in audit logging when changing an user's roster.
[JM-1378] - Allowed to send non-latin symbols in emails.
[JM-1384] - Not all CN values in subjectDN were being considered in certificates.
[JM-1387] - Cluster node failed to correctly start up when groupchat events were received.
[JM-1392] - Closing idle http sessions was not removing the user from groupchat rooms.

Openfire Connection Manager Module

[JM-1373] - IP address of client is now passed when using connection managers.
[JM-1350] - Max buffer size used by parser can now be configured.

3.5.1 -- April 24, 2008

Openfire New Features

[JM-1325] - Reduced number of remote calls while logging in and running inside of a cluster.
[JM-1331] - PEP service can now be disabled to reduce DB queries.
[JM-1339] - Updated Jetty library to latest version.
[JM-1340] - Updated bouncycastle library to latest version.

Openfire Bug Fixes

[JM-1323] - Fixed s2s issues affecting communication with a number of other services, including gmail.com. (4 votes)
[JM-1203] - Openfire now performs DNS lookups on sub domains of it's primary domain that it does not have an internal route for. (1 vote)
[JM-1315] - MySQL upgrade script number 14 repaired.
[JM-1316] - Last screen of setup is no longer throwing NPE in some cases.
[JM-1317] - DB2 connection test should no longer fail.
[JM-1319] - Lock out manager default provider is no longer saving start time as end time.
[JM-1321] - Security audit logger now truncates summary length, locale changes no longer throw error.
[JM-1322] - Clearspace groups provider now works when group name contains spaces.
[JM-1324] - Event resource_bound is now triggered when using iq:auth.
[JM-1330] - Kicking or banning room occupants is now working in cluster mode.

Openfire Enterprise

Retired, replaced by new open source plugins.

Openfire Connection Manager Module

[JM-1338] - Updated http-binding implementation in Connection Managers.
[JM-1338] - Modified builds to include Jetty libraries.
[JM-1339] - Updated Jetty library to latest version.
[JM-1340] - Updated bouncycastle library to latest version.

3.5.0 -- March 27, 2008

Openfire New Features

[JM-1224] - Added Clearspace as a backend for users, groups and authentication. (1 vote)
[JM-1272] - Added auditing support to the admin console.
[JM-1235] - Added ability to kick MUC members from a chatroom from the web interface. (1 vote)
[JM-1236] - Added database index for significant improvement in user management. (1 vote)
[JM-1269] - Improved throughput of external components connections.
[JM-1221] - Created new event listener to catch successful resource binding.
[JM-1267] - Created ExternalComponent listener that will listen and may deny new settings.
[JM-160] - Added ability to disable user accounts. (13 votes)
[JM-1273] - Allowed to join a groupchat while being unavailable.
[JM-1218] - Updated admin console UI look.
[JM-840] - Improved i18n in plugin admin console pages.
[JM-1260] - Allowed to set default max number of users when creating new rooms.
[JM-1149] - Improved pagination for list of group chats in the admin console. (2 votes)
[JM-1262] - Added support for enabling/disabling the pubsub service.
[JM-1241] - XMPPServerInfo now makes a distinction between 'hostname' and 'xmpp domain name'.
[JM-1270] - Changed default HTTP binding ports to 7070 and 7443.
[JM-1271] - Updated MINA library to latest version.
[JM-1276] - Added functionality to UserProvider to allow requirement of email and name fields.

Openfire Bug Fixes

[JM-1289] - ! Fixed DoS attack that could bring the server down.
[JM-1175] - Fixed double-byte characters problem. (4 votes)
[JM-1175] - Fixed memory leak in the MultiUserChat module.
[JM-1300] - Room events are now only triggered in the node that generated the event.
[JM-1274] - Fixed sending of presence packets when using direct presences.
[JM-1275] - Messages sent to bare JIDs were not considering directed presences.
[JM-1311] - Fixed NPE in HttpSession when closing the session.
[JM-1186] - Fixed JDBC authentication when using DIGEST-MD5. (1 vote)
[JM-1263] - Fixed highlighting of active tab in client sessions tab. (1 vote)
[JM-1265] - Adding a new member to a room is now propagated to other cluster nodes.
[JM-1266] - Fixed test of connections when using Oracle.

Openfire Enterprise

[ENT-425] - ! Fixed distributed locking problem when running in a cluster.
[ENT-417] - It is now possible to override the default type of a cache when using clustering.
[ENT-427] - Fixed registration of new remote servers when running in a cluster.
[ENT-403] - Fixed exception when storing big workgroup forms.
[ENT-401] - Webchat link was moved to under Client Management.
[ENT-256] - SparkWeb - Added moderator controls for "User Kick/Ban" to group chats.
[ENT-364] - SparkWeb - Allowed users to view and edit their own VCard profile information.
[ENT-362] - SparkWeb - Contact context menu now includes menu items for "Start a chat" and other common items.
[ENT-400] - SparkWeb - Contact list us now sorted alfabetically.
[ENT-398] - SparkWeb - Contact list sorting was case-sensitive.
[ENT-399] - SparkWeb - Improved typing notification alerts.
[ENT-371] - SparkWeb - Localized the labels in the View Profile window.
[ENT-415] - SparkWeb - Made SparkWeb client link pop up new window.
[ENT-408] - SparkWeb - JIDs are now used in more places instead of Strings.
[ENT-231] - SparkWeb - Improved font choices to be consistent and cross-platform.
[ENT-404] - SparkWeb - Fixed overlap of timestamps in the message view.
[ENT-409] - SparkWeb - Newly bookmarked rooms appeared on all servers.
[ENT-410] - SparkWeb - Fixed exception when loading bookmarks.
[ENT-411] - SparkWeb - Fixed error while loading certain vCards.

Openfire Connection Manager Module

[JM-1175] - Fixed double-byte characters problem.
[JM-1271] - Updated MINA library to latest version.

3.4.5 -- February 07, 2008

Openfire New Features

[JM-343] - Improved connection pool recovery logic by switching to proxool.
[JM-1217] - Now possible to allow the same component to connect many times to the same JVM.

Openfire Bug Fixes

[JM-1250] - Setting VM options from config file in Debian now works.
[JM-1251] - Fixed small memory leak in Multi User Chat.
[JM-632] - SSL settings pages now handle broken keystores without crashing.
[JM-703] - LDAP settings (particularly search filters) will no longer get corrupted upon saving.
[JM-1248] - RPM is no longer throwing warnings about ci and jivedev users.
[JM-1249] - Debian postinstall is now checking to make sure openfire group exists.

Openfire Enterprise

No changes

Openfire Connection Manager Module

No changes

3.4.4 -- January 17, 2008

Openfire New Features

No changes

Openfire Bug Fixes

[JM-1242] - Jetty upgraded to fix announced security issue (http://www.kb.cert.org/vuls/id/553235)
[JM-1232] - LDAP vCard database storage fixed to work properly with Active Directory and others. !!NOTE!! API Changes for providers were required. See important notes below. (1 vote)
[JM-1240] - Can now delete an avatar when using LDAP.
[JM-1230] - Current LDAP settings now being kept when editing config from admin interface.
[JM-1231] - Openfire install directories, log directories, etc are no longer world readable. (1 vote)
[JM-1233] - RPM uninstall no longer fails if Openfire not currently running.

! Important Notes

The VCardProvider interface/API was updated to make vCard handling more robust. The change involved changing #createVCard and #updateVCard to return the vCard (after the provider has possibly altered it) instead of having no return at all (void). If you are not making any modifications to the vCard, you will want to adjust your provider to simply return what was passed into it. Otherwise, return your modified vCard. This will allow the properly adjusted vCard to be cached.

Openfire Enterprise

[JM-1243] - Fixed serialization/deserialization of RemoteServerConfiguration between cluster nodes.
[ENT-222] - SparkWeb - Improved tooltip information.
[ENT-326] - SparkWeb - Added support for viewing vCard information.
[ENT-344] - SparkWeb - Background colors of windows can now be programmatically modified.
[ENT-345] - SparkWeb - User search window can now render fields found in the data form.
[ENT-354] - SparkWeb - Added support for slash commands. (1 vote)
[ENT-223] - SparkWeb - Groups are now expanded while searching, remember which to collapse when done searching.
[ENT-253] - SparkWeb - Set priority based on presence as Spark does.
[ENT-283] - SparkWeb - Improved 'add conference server' UI.
[ENT-293] - SparkWeb - Improved selection of server during login.
[ENT-334] - SparkWeb - Nickname is now autocompleted with vcard information when adding new contact.
[ENT-342] - SparkWeb - Spacing is no longer displayed for groups that were not displayed.
[ENT-346] - SparkWeb - Added search button to user search window.
[ENT-358] - SparkWeb - Display names are now used instead of JIDs for chats.
[ENT-319] - SparkWeb - Added timestamp to chat window.
[ENT-321] - SparkWeb - Conference room window no longer shows all services.
[ENT-335] - SparkWeb - Backslashes were duplicated in one-to-one chat and group-chat windows.
[ENT-339] - SparkWeb - Bookmarks were not being displayed in conference tab.
[ENT-348] - SparkWeb - Fixed offline status in user profile while the user was online.
[ENT-373] - SparkWeb - Distance between groups were not uniform.
[ENT-375] - SparkWeb - Fixed incorrect error message for conference invitations.
[ENT-376] - SparkWeb - Only allow inviting online contacts to conference rooms.
[ENT-377] - SparkWeb - Chat presence icons weren't updating properly.
[ENT-378] - SparkWeb - Friendlier naming is now used for conference rooms in the message window.

Openfire Connection Manager Module

No changes

3.4.3 -- December 27, 2007

Openfire New Features

[JM-460] - Avatars may now be updated when using LDAP. (60 votes)
[JM-1216] - Improved login performance by reducing PEP work.
[JM-1210] - Optimized general performance when doing JID operations.
[JM-1215] - Improved http binding throughput by setting a maximum number of http worker threads.
[JM-1205] - Optimized memory consumption when using http-binding.
[JM-1208] - New database connections are opened when no database connections were found.
[JM-765] - Created Ubuntu/Debian installer package. (19 votes)
[JM-1161] - Created Solaris installer package.
[JM-1222] - Updated JavaMail library to latests version.

Openfire Bug Fixes

[JM-1204] - Certificate Signing Requests were not generated when issuer name matched xmpp domain.
[JM-1206] - Fixed encrypted connections for server-2-server (broken in 3.4.2).
[JM-1207] - SASL EXTERNAL for server-2-server was not accepting wildcard certificates.
[JM-1211] - Fixed Openfire RPM to properly handle service removal and also shutdowns/startups. (1 vote)
[JM-1201] - Fixed DMG installer to not overwrite config files.

Openfire Enterprise

[ENT-107] - Fixed table reference when deleting chat from fastpath.
[ENT-138] - SparkWeb - Added HTTPS and HTTP support to SparkWeb. (2 votes)
[ENT-288] - SparkWeb - SparkWeb can now get the crossdomain.xml file from the http binding port.
[ENT-325] - SparkWeb - Added support for room invitations.
[ENT-336] - SparkWeb - Login window can now be skipped when using programmatic launch.
[ENT-333] - SparkWeb - Autocomplete domain when only only username was entered when adding a contact.
[ENT-261] - SparkWeb - Tab width was too small.
[ENT-296] - SparkWeb - Loading large contact lists was too slow.
[ENT-301] - SparkWeb - User search window is no longer transparent.
[ENT-318] - SparkWeb - Fixed message counter that was incremented with local messages.
[ENT-322] - SparkWeb - Some users were displayed in the online and offline group.
[ENT-323] - SparkWeb - Avatars were not in a proper order in the roster.
[ENT-324] - SparkWeb - Avatars did not always appear.
[ENT-328] - SparkWeb - Fixed adding a contact from the user seach window.
[ENT-329] - SparkWeb - Contacts with pending subscription were not listed in the roster correctly.
[ENT-341] - SparkWeb - Pending contacts that were already in your list when you log in were not placed correctly.
[ENT-343] - SparkWeb - Fixed error when adding bookmarks from the Conferences tab.

Openfire Connection Manager Module

No changes

3.4.2 -- December 6, 2007

Openfire New Features

[JM-988] - Certificates created and signed by CA can be imported from the admin console. (5 votes)
[JM-1132] - Added support for XEP-0115: Entity Capabilities.
[JM-1197] - Added "Notification Filtering" support to PEP based on entity capabilities.
[JM-1181] - Allowed to retrieve the list of roles a given user session has in all rooms.
[JM-1196] - File crossdomain.xml is also served from http binding port.
[JM-1189] - Updated bouncycastle library to latest version.
[JM-1200] - Updated MINA library to latest version. Improved outgoing traffic throughput!

Openfire Bug Fixes

[JM-1140] - Certificate Signing Requests did not include issuer metatata. (2 votes)
[JM-1180] - Username with spaces could not be added to groups.
[JM-1184] - Some unavailable presence were not processed and users remain in the rooms.
[JM-1185] - Fixed error in bin/extra/openfired script.
[JM-1177] - Fixed exception in PEP when using instantFeeds plugin.
[JM-1179] - Non-relevant errors were printed when going to the clustering page and clustering was not available.
[JM-1202] - MySQL driver was downgraded to version 5.0.8.

Openfire Enterprise

[ENT-262] - Clustering was not allowing other plugins to run commands on other nodes.
[ENT-274] - Plugins were not able to create caches and use them in the cluster.
[ENT-289] - Updated Coherence to latest version.
[ENT-271] - Fixed search of archived chats when no end date was specified.
[ENT-260] - Changed data type used in bytes column for SQL Server.
[ENT-244] - Added MultiUserChat support to Sparkweb.
[ENT-273] - Added User Search (XEP-0055) functionality to SparkWeb.
[ENT-212] - Errors messages no longer appear as modal dialogs in SparkWeb.
Fixed several roster management issues of SparkWeb.
Fixed several issues in the chat window of SparkWeb.

Openfire Connection Manager Module

[JM-1189] - Updated bouncycastle library to latest version.
[JM-1200] - Updated MINA library to latest version. Improved outgoing traffic throughput!

3.4.1 -- November 1, 2007

Openfire New Features

[JM-1172] - RSS feed can now be disabled from the admin console.

Openfire Bug Fixes

[JM-1171] - New installations were not able to log into the admin console.

Openfire Enterprise

No changes

Openfire Connection Manager Module

No changes

3.4.0 -- October 31, 2007

Openfire New Features

[JM-1122] - Added support for XEP-0163: Personal Eventing via Pubsub. Thanks to Armando Jagucki.
[JM-65] - Added roster management from the admin console. (53 votes)
[JM-773] - Photos can now be retrieved from LDAP for vcards. (42 votes)
[JM-635] - Plugins can now be uploaded from the admin console. (3 votes)
[JM-537] - Added crossdomain.xml support for Flash. (7 votes)
[JM-1147] - Added support for XEP-0059: Result Set Management.
[JM-1124] - Improved performance of SSL HTTP binding.
[JM-1128] - Added RSS feed to the admin console to read igniterealtime news.
[JM-1046] - Added support for privacy list event listener.
[JM-1121] - Events are now triggered when an available or unavailable presence is received for remote users.
[JM-1061] - Events are now triggered after trying to load/unload plugins.
[JM-1118] - Allowed to add new identities to be included in disco#info replies.
[JM-1119] - Allowed to add new items to disco#item replies sent to bare JIDs.
[JM-1120] - Modified PresenceEventListener to include presence subscription events.
[JM-1151] - IQResultListeners are now alerted when no answer was received after a while.
[JM-1159] - Updated MySQL driver to latest version.
[JM-1089] - Updated bouncycastle library to latest version.
[JM-1142] - Updated Base64 implementation.
[JM-1158] - Updated jTDS to latest version.

Openfire Bug Fixes

[JM-1150] - Messages sent to bare JID were being sent to session with oldest activity rather than latest activity.
[JM-1075] - Message sent to unavailable full JID of existing user was not routed to the bare JID.
[JM-1145] - SASL authentication was sometimes ignoring initial tokens.
[JM-1084] - Users in another domain could set the vCard of an Openfire user.
[JM-1066] - Client idle timeout was considering incoming and outgoing traffic. (3 votes)
[JM-1144] - Messages with body and subject were processed as attempts to change the room subject.
[JM-1153] - Column in mucConversationLog was using a reserved work in Blackfish SQL.
[JM-1082] - Fixed NPE in MUCRoomImpl.
[JM-1058] - Renamed many column names to be comparible with Firebird SQL and Blackfish SQL. (1 vote)
[JM-1169] - Big vcards were being truncated in mysql.
[JM-1154] - End of stream was not being sent to client when closing connections from the server.
[JM-1080] - Fixed custom database groups integration bug.
[JM-1131] - Multiple consecutive spaces in a contact's group name were replaced with a single space.
[JM-1050] - Proxy transfer streams are now closed more reliably.
[JM-1052] - Media proxy could fail when using SRV record.
[JM-1059] - Clients could hang when trying to use stream compression.
[JM-1085] - Active sessions are now closed and a <not-authorized/> stream error is returned when cancelling a user account.
[JM-1091] - Connected but not available sessions appeared as online in the session summary page.
[JM-1051] - PluginManager can now return the JAR/WAR file that created a plugin.
[JM-1055] - Plugins are now initialized using plugin class loader.
[JM-1056] - Port listeners are started once plugins have been loaded.
[JM-1152] - Plugins failed to load if there was a newline in the class name.
[JM-1092] - Plugins that failed to be unloaded were reloaded.
[JM-1095] - Fixed session counter when closing session that never authenticated.
[JM-1070] - Counter of sent packets from the server to the client was always zero.
[JM-1096] - HTTP binding could allow packets to be sent on behalf of other users.
[JM-1097] - A not-authorized error is now returned when user tries to bind a resource before authenticating.
[JM-1137] - JIDs were incorrectly compared.
[JM-845] - Password no longer changes randomly in "Email Settings".
[JM-1113] - XML properties could be set which contain XML entities.
[JM-1123] - Presences sent between components are now routed.
[JM-1129] - Retrieving room history was not working in Oracle.
[JM-1069] - Modules were cleaned up before stopping plugins.
[JM-1143] - Fixed typo in Kuala Lumpur time zone.
[JM-1168] - Deleting a user in the admin console now boots them offline.

Openfire Enterprise

[ENT-43] - Added clustering support. (38 votes)
Added web client named SparkWeb.
[ENT-205] - Table entConParticipant failed to be created in MySQL when using charset UTF-8.
[ENT-234] - Conversation transcript failed to export to PDF.
[ENT-199] - Fixed typo in statistic sever_sessions.

Openfire Connection Manager Module

[JM-1066] - Client idle timeout was considering incoming and outgoing traffic. (3 votes)

3.3.3 -- September 20, 2007

Openfire New Features

[JM-1054] - Updated MINA library to latest version. Nice optimizations and fixes.
[JM-1126] - Added debug information when quering LDAP for groups of a given user.

Openfire Bug Fixes

[JM-1127] - Parsing XML containing multibyte characters could add null characters to the resulting stanza. Thanks to Tim.
[JM-1125] - An IQ of type error is now returned instead of closing the connection when an internal error occurs while processing an IQ packet.

Openfire Enterprise

[ENT-135] - Added SparkWeb Flash Beta.
[ENT-129] - Round robin algorithm is no longer used when transfering/invitating a single user.
[ENT-131] - Fixed "Agent never joined" issue with Webchat.
[ENT-133] - Removing Demo workgroup and user was causing other workgroups to fail.
[ENT-136] - Workgroup queues page was showing wrong number of agents logged in.
[ENT-65] - An empty list was being shown when no workgroups were configured in Spark Fastpath Webchat Plugin.
[ENT-112] - Conversation archiving was sometimes logging a conversation as two conversations.
[ENT-36] - There was no way to disable chat transcript settings once set.
[ENT-86] - Logging into fastpath was using the users current presence, and no longer defaulting to "Available".
[ENT-166] - Emails were not being encoded in email transcripts.
[ENT-78] - User is now alerted in offline settings if their email settings were not set.
[ENT-81] - Fixed Javascript error in webchat userinfo page. (province not found)
[ENT-137] - Crossdomain servlet was not sending out correct response occasionally.

Openfire Connection Manager Module

[JM-1127] - Parsing XML containing multibyte characters could add null characters to the resulting stanza.
[JM-1054] - Updated MINA library to latest version.

3.3.2 -- June 22, 2007

Openfire New Features

No changes

Openfire Bug Fixes

[JM-1087] - ! Fixed out of memory problem produced by XMPPDecoder.
[JM-1088] - ! Fixed out of memory problem produced by XMLLightweightParser.
[JM-1074] - HTTP Binding no longer depends upon /resources/spank directory.
[JM-1090] - Modified SSO authorization to use uppercase when comparing principals.

Openfire Enterprise

No changes

Openfire Connection Manager Module

[JM-1087] - ! Fixed out of memory problem produced by XMPPDecoder.
[JM-1088] - ! Fixed out of memory problem produced by XMLLightweightParser.

3.3.0 -- April 12, 2007

! Upgrade Information

upgrade guide

Openfire New Features

Renamed Wildfire to Openfire.
[JM-14] - Improved delivery strategy when connected from multiple resources.
[JM-1006] - Added support for room event listeners.
[JM-1007] - Occupants in rooms can now be seen from the admin console.
[JM-420] - Created ad-hoc command that forwards packets to components.
[JM-868] - Added favicon to admin console.
[JM-1021] - Added web folder to the plugin classloader.
[JM-1024] - Updated JVM to 1.6.0_u1.

Openfire Bug Fixes

[JM-1022] - Fixed memory leaking problem in HttpBinding.
[JM-1009] - Messages sent to bare-JID addresses were sent to resources with negative priority.
[JM-897] - Client sessions were not always being counted correctly. (3 votes)
[JM-1031] - Links were incorrect when using child plugins. Thanks to Guus der Kinderen.
[JM-1004] - ComponentManager could be null after modules have been started.
[JM-1028] - Fixed NPE when no room name was specified when trying to register with room.
[JM-1023] - Unicode (UTF-8) charset is now used instead of ISO-8859-1 in admin console pages.

Openfire Enterprise

[ENT-93] - Added support for group chats archiving.
[ENT-94] - Updated iText library to latest version.
[ENT-95] - Updated jRobin library to latest version.

Openfire Connection Manager Module

No changes

3.2.4 -- March 29, 2007

Wildfire New Features

[JM-1018] - Updated MINA library to latest version.

Wildfire Bug Fixes

[JM-991] - Fixed XML parsing problem with />. (1 vote)
[JM-1003] - Fixed XML parsing problem with open quotes. (1 vote)
[JM-1019] - Changed idle timeout to 6 minutes.

Wildfire Enterprise

[ENT-101] - Transfers and invites across workgroups were failing.

Wildfire Connection Manager Module

[JM-991] - Fixed XML parsing problem with />. (1 vote)
[JM-1003] - Fixed XML parsing problem with open quotes. (1 vote)

3.2.3 -- March 15, 2007

Openfire New Features

[JM-998] - Added milliseconds to timestamp in the audit log.
Stream compression is back again available.

Openfire Bug Fixes

[JM-993] - Removing idle connections could fail and freeze the server. (1 vote)
[JM-997] - Fixed TLS problem when using Pandion.
[JM-1001] - Fixed http-binding deadlock.
[JM-992] - Direct buffers were used by default instead of heap buffers.
[JM-994] - IQ packet sent to a full JID that was not available was being routed to other resource of the same user.
[JM-987] - Server can now recover from UnknownHostException during setup.
[JM-990] - IQ type is now verified when handling iq:version requests.
[JM-996] - Invalid SASL mechanisms were being offered to CMs.
[JM-1002] - Changed default idle timeout value to 2 minutes.

Openfire Enterprise

[ENT-90] - Metadata of user request is now included when initiating or transferring to another agent.

Openfire Connection Manager Module

[JM-995] - Connection Manager connection was being closed when client used invalid SASL mechanism.
[JM-992] - Direct buffers were used by default instead of heap buffers.
[JM-997] - Fixed TLS problem when using Pandion.
[JM-1000] - Connection Managers were not using SRV records for the DNS lookup.

3.2.2 -- February 19, 2007

Openfire New Features

No changes

Openfire Bug Fixes

[JM-983] - Client became unresponsibe after sending message that ended with "/".
[JM-984] - Client became unresponsibe after sending a stanza with a comment.
[JM-985] - Fixed presence problem when shared groups can be seen by other groups.
[JM-986] - Fixed out of order RID errors in HTTP-Binding.
[JM-966] - Disabled multi-cast DNS by default.

Openfire Enterprise

No changes

Openfire Connection Manager Module

[JM-983] - Client became unresponsibe after sending message that ended with "/".
[JM-984] - Client became unresponsibe after sending a stanza with a comment.

3.2.1 -- February 15, 2007

Openfire New Features

[JM-974] - Updated MUC implementation to send role="none" when leaving a room.
[JM-978] - Updated MINA library to latest version.
[JM-977] - Updated bouncycastle library to latest version.
New draft page for importing signed certificates.

Openfire Bug Fixes

[JM-970] - Fixed deadlock when using old SSL method.
[JM-980] - Fixed DOS attack by closing connection from client that tries to send a "never ending" packet.
[JM-981] - Fixed parsing of packets with nested elements with the same name.
[JM-981] - Fixed parsing of <\stream:stream>.
[JM-968] - The https port was not working in the admin console.
[JM-963] - A throwable exception was preventing users from logging in.
[JM-959] - HTTP-Binding was failing over HTTPS.
[JM-969] - HTTP-Binding sessions were not being closed properly.
[JM-971] - Messages could be lost when using HTTP Binding.
[JM-973] - HTTP-binding would be held open and not closed when new packets arrived.
[JM-972] - Fixed presence problem when shared groups can be seen by a common non-shared group and both users belong to such group.
[JM-979] - Fixed NPE when auditing message received from legacy network.
[JM-962] - PLAIN SASL authentication failed to authenticate clients that were sending bare JIDs.
[JM-975] - Client connections were closed before flushing end of stream stanza.
[JM-967] - Plugins that require a newer server version were shown as available to be installed.
[JM-965] - Available Plugins was listing reports that list "has not been downloaded" when all available plugins were installed.

Openfire Enterprise

[ENT-53] - Webchat is now more resistant to network failures.
[ENT-68] - Webchat setup is now always required.
[ENT-69] - Webchat was not connecting to agent when using IE6.
[ENT-70] - Webchat could kill the JVM when not able to connect to Openfire.
[ENT-71] - Webchat now properly disconnects dangling connections.
[ENT-79] - SIP Phone now sends on-phone presence.

Openfire Connection Manager Module

[JM-970] - Fixed deadlock when using old SSL method.
[JM-980] - Fixed DOS attack by closing connection from client that tries to send a "never ending" packet.
[JM-981] - Fixed parsing of packets with nested elements with the same name.
[JM-978] - Updated MINA library to latest version.
[JM-977] - Updated bouncycastle library to latest version.

3.2.0 -- February 6, 2007

Openfire New Features

[JM-925] - Improved scalability of Openfire.
[JM-356] - Added support for XEP-0124: HTTP Binding. (34 votes)
[JM-936] - Added STUN server support.
[JM-937] - Added Media Proxy for Jingle.
[JM-941] - Allowed to set read timeout when connected to LDAP (requires Java 1.6).
[JM-912] - Added listener for offline messages. (1 vote)
[JM-944] - Bundled root certificate of XMPP Intermediate Certificate Authority.
[JM-948] - Updated truststore with Java 6 built-in certificates.
[JM-946] - Removed Jetty information from HTTP headers.
[JM-892] - Simplified certificates creation and process of signing certificates. (10 votes)
[JM-767] - Added Mac OS X DMG installer.
[JM-893] - Added support for certificate event listeners.
[JM-934] - Added new plugin that provides load statistics.
[JM-914] - Added new ad-hoc command to get server info and basic statistics.
[JM-657] - Optimized algorithm used for sending packets to remote servers when new connections are required.
[JM-924] - PacketInterceptors are now triggered in the routing layer and not the networking layer.
[JM-915] - Added support in ComponentManager for sending packets in blocking mode.
[JM-901] - Updated support for 'creation of collection nodes' based on latest XEP-60.
[JM-913] - Support for multiple subscriptions is now optional in PubSubModule.
[JM-931] - Allowed components to create nodes and publish items.
[JM-949] - Default configuration of new group chat rooms can now be configured.
[JM-950] - Group chat rooms are now not anonymous by default.
[JM-952] - Allowed to explicitly specify the FQDN of the server.
[JM-935] - Added to the admin console information about ports being used by the server.
[JM-900] - Upgraded to latest installer version.
[JM-888] - Updated bouncycastle library to latest version.
[JM-939] - Updated bundled JVM to 1.6.0 (Note: Java 5 or later is required).

Openfire Bug Fixes

[JM-957] - Execution of DB2 scripts is now working.
[JM-947] - A nice error message is now displayed when trying to view user properties of a non-existent user.
[JM-943] - Messages with no body and no subject were being store in rooms' history.
[JM-940] - Fixed NPE in server certificates page.
[JM-885] - Fixed parsing of mappings when using more than one LDAP field.
[JM-886] - Loaded vCards were not being updated after reconfiguring LDAP settings.
[JM-906] - Email test page was not working when integrated with LDAP.
[JM-954] - No IQ error was being returned when an error occurs while processing an IQ roster packet.
[JM-887] - PluginManager was being used by modules before it was created.
[JM-889] - Fixed NPE in LdapVCardProvider when username was not found.
[JM-890] - Fixed error when IQ error packet failed to be handled.
[JM-895] - TLS was being offered even when keystore was empty.
[JM-896] - Fixed error that was closing a database statement twice.
[JM-902] - Component domain was not being released if an error occured while registing a new component.
[JM-916] - External components were able to connect to the server before the server has finished to start up.
[JM-903] - Sending "subscribed" presence to a new user was updating roster of both users.
[JM-918] - Fixed error when shared group had no display name.
[JM-928] - Clicking on login link from setup could fail with 404.
[JM-933] - Enabling/disabling anonymous connections no longer requires a server restart.
[JM-938] - "Per-user offline message storage limit" can now be updated.
[JM-755] - Fixed compilation problem under JDK 1.6.

Openfire Enterprise

[ENT-50] - Added support for SIP integration.
[ENT-35] - Archiving was only done one-way with gateways.
[ENT-44] - Added support for transfering support session to another workgroup, queue, agent or user.
[ENT-63] - Fixed security breach when viewing messages of ongoing support sessions.
[ENT-56] - Warning message is now displayed when license is about to expire (30 days).
[ENT-54] - Added support for iq:version to components to discover Openfire version.
[ENT-55] - Changed license validation to validate maintenance date.
[ENT-62] - Fixed display error in dashboard when accessing the page immediately after start up.
[ENT-37] - Fixed error in MSSQL due to conflict with keyword.
[ENT-59] - Added Portuguese translation.

Openfire Connection Manager Module

[JM-907] - Improved scalability of ConnectionManagers.
[JM-926] - Added stringprep operations in Connection Manager to offload Openfire.

3.1.1 -- October 27, 2006

Openfire New Features

[JM-870] - Added support for testing administrator accounts during LDAP setup.
[JM-875] - Added support for testing user mapping settings during LDAP setup.
[JM-876] - Added support for testing group mapping settings during LDAP setup.
[JM-877] - Added support for changing existing LDAP settings from admin console.
[JM-722] - Added alternate base DN support for user data. (3 votes)
[JM-595] - Admin console now shows last time a user logged out from the server. (5 votes)
[JM-866] - Increased max size of LDAP filters to 250 characters.
[JM-864] - Updated LDAP guide with new setup procedure.
[JM-871] - Updated Java mail library to latest version.
[JM-879] - Streamlined build process.

Openfire Bug Fixes

[JM-859] - Conflict policy is now applied after successful login when using iq:auth.
[JM-878] - Some settings were not being saved when configuring LDAP from the admin console.
[JM-880] - Logging into the admin console could not work after initial setup when using LDAP.
[JM-883] - UTF-8 was not always being used when reading/writing XML content.

Openfire Enterprise

[ENT-30] - Enabling/disabling meta-data archiving was not working.
[ENT-31] - MS-SQL 2005 script failed to execute.
[ENT-32] - Conversations with users through gateway were not being marked as external.
[ENT-33] - Fixed editing of routing rules when using quotes.
[ENT-34] - Removed scheduling feature from Fastpath.

Openfire Connection Manager Module

[JM-867] - Socket connections were closed under high load.
[JM-881] - Fixed NPE when closing connection manager session.

3.1.0 -- October 9, 2006

Openfire New Features

[JM-761] - Added new gateway plugin with AIM and ICQ support. (36 votes)
[JM-769] - Added Yahoo protocol support to the gateway plugin. (18 votes)
[JM-770] - Added MSN protocol support to the gateway plugin. (27 votes)
[JM-193] - Improved LDAP support. (26 votes)
[JM-820] - Added support for presence event listeners.
[JM-797] - Added database statistics monitoring.
[JM-807] - Added support for roster event listeners.
[JM-804] - Added support for component event listeners.
[JM-860] - Added Pack200 support for plugins.
[JM-843] - Optimized session retrieval from SessionManager.
[JM-816] - Created ad-hoc commands for managing groups.
[JM-808] - Enhanced roster to be able to hold non-persistent roster items.
[JM-194] - Editing of users is now not allowed when they are read-only. (1 vote)
[JM-833] - Improved openfired script.
[JM-771] - Added search method to GroupProvider. (1 vote)
[JM-824] - Added #getComponents() to InternalComponentManager.
[JM-827] - Upgraded to hsqldb 1.8.0.5.
[JM-805] - Updated JVM to 1.5.0_08.

Openfire Bug Fixes

[JM-851] - Fixed presence issues with LDAP and shared groups. (3 votes)
[JM-844] - Enabled LDAP connection pooling by default.
[JM-832] - Connection pooling is no longer used for LDAP authentication.
[JM-846] - Improved error handling if connection to JS plugin update service is not possible.
[JM-854] - Improved handling of SQL command parts.
[JM-839] - Internal server errors while processing MUC packet was not returning any response to client.
[JM-842] - Message flooding was checking ALL sessions instead of only user sessions.
[JM-818] - Change in DB upgrade code broke plugin upgrades.
[JM-819] - Upgrades for non-Openfire schemas was checking against wrong version.
[JM-822] - Users from LDAP now have correct creation date.
[JM-691] - Documentation for "Create a shared roster group" was incorrect. (3 votes)
[JM-826] - MUC disco name was being hardcoded.
[JM-828] - Rooms were allowing owners, admins and outcasts to be duplicated.
[JM-862] - Messages with no body and no subject were being logged in group chat rooms.
[JM-817] - Fixed small security hole in email settings page.
[JM-781] - Stream compression is now optional by default for client-2-server connections.
[JM-792] - Improved syntax of LDAP searchFilter and groupSearchFilter.
[JM-809] - In band registration was accepting new users with no password.
[JM-810] - Presence subscription packets sent to the server were broadcasted to all connected users.
[JM-701] - Fixed bug with roster modification when deleting shared group. (7 votes)
[JM-801] - Removing users from shared group could generate roster items in the database.
[JM-811] - Fixed case-sensitive error while authenticating users.
[JM-784] - Success data included after a SASL successful operation was not being encoded.
[JM-794] - SASL mechanisms were being offered to remote servers even before securing the socket.
[JM-796] - Fixed "null cert chain" error when trying to secure s2s connection.
[JM-789] - CN field in certificates was not being correctly parsed.
[JM-785] - Retrieving a privacy list was including two list elements in the answer.
[JM-780] - Plugin check is now based on original JAR date, not on unzip date.
[JM-786] - JDBCAuthProvider and JDBCUserProvider were using wrong property names.
[JM-812] - It was not possible to retrieve offline messages with invalid XML characters.
[JM-793] - Counter of client sessions was wrong.
[JM-783] - Admin console now displays actual bound IP address. (1 vote)
[JM-790] - Removed database scripts from the openfire JAR.
[JM-815] - Changed <entity/> element to <subscription/> element in response to subscription request.
[JM-861] - Moved abrupt connection closure messages to debug.
[JM-863] - XMLProperties was not able to store CDATA.

Openfire Enterprise

No changes

Openfire Connection Manager Module

[JM-795] - DNS SRV lookup was overriding port to use to connect Connection Manager to server.
[JM-788] - manager.xml was not using the correct property for setting the client port. (1 vote)
[JM-814] - Connections between Connection Managers and Openfire are not encrypted by default.

3.0.1 -- July 13, 2006

Openfire New Features

[JM-752] - A proxy server can now be used to download updates. (1 vote)
[JM-754] - Added JDBC user provider and documentation.
[JM-759] - Added support for vCards events. Thanks to Remko Tronçon.
[JM-762] - Performance optimized by reducing privacy list SQL calls when no privacy lists used.

Openfire Bug Fixes

[JM-744] - Presence updates were not being sent to shared contacts whose subscriptions is FROM.
[JM-745] - Users of the same group (not shared) that can see a shared group were receiving presences of each other.
[JM-750] - Presence subscription was incorrect when adding group member to non-shared group that could see shared group.
[JM-758] - Available presence was not being sent to all connected resources after subscription was approved.
[JM-775] - Member of public group was not able to add to his roster contact that did not belong to public group.
[JM-776] - Members of public shared groups were not getting their rosters updated when a new user was created in the system.
[JM-777] - Presence was not working when creating new shared groups and at the same time defining list of members.
[JM-695] - Fixed presence problem when using shared group loaded from LDAP. (5 votes)
[JM-772] - An error is now logged when Openfire cannot connect to the LDAP server.
[JM-741] - Fixed javascript error while updating plugin. (1 vote)
[JM-742] - Fixed NPE in privacy lists when presence packet has no TO address.
[JM-748] - Fixed NPE when trying to unload a bad plugin in plugin-admin page.
[JM-749] - TLS feature was being offered to clients using old SSL method.
[JM-760] - Fixed login problem when using uppercase letters in username and there is a resource conflict.
[JM-763] - Removed warning from logs on installation.
[JM-768] - A semicolon was missing in mysql and sqlserver upgrade scripts #9.
[JM-778] - Fixed error when trying to unregister an account from a client.
[JM-751] - Moved getPassword/setPassword methods from UserProvider to AuthProvider.

Openfire Enterprise

[ENT-19] - Message archiving was failing on Postgres.

Openfire Connection Manager Module

No changes

3.0.0 -- June 29, 2006

Openfire New Features

[JM-666] - Added support for connection managers.
[JM-281] - Added support for Kerberos/NTLM (status: experimental). (56 votes)
[JM-673] - Added database support for plugins.
[JM-677] - Added i18n support for plugins.
[JM-718] - Added servlet filter framework for plugins.
[JM-683] - Added support for virtual connections.
[JM-684] - Added support for JEP-0164: vCard Filtering
[JM-704] - Added support of other password types to JDBCAuthProvider.
[JM-715] - Added support for notifications of new server or plugins updates.
[JM-740] - Added support for adding/removing SASL mechanisms at runtime.
[JM-719] - Allowed flat searches of LDAP instead of sub-tree.
[JM-680] - Improved performance of server-to-server connections by using many threads to process incoming packets.
[JM-720] - Improved performance of SessionManager#getSessionCount().
[JM-687] - Added support for non-blocking connections (status: experimental). (1 vote)
[JM-717] - Updated the look and feel in the admin console.
[JM-305] - Server features list is now dynamic. (1 vote)
[JM-652] - Caching of favicons has been improved.
[JM-675] - File transfer service can now be enabled/disabled. (2 votes)
[JM-676] - MUC service can now be enabled/disabled. (1 vote)
[JM-679] - SASL success stanza now includes challenge data that needs to be processed by clients.
[JM-678] - SASLAuthentication was refactored to accommodate HTTP Binding and Connection Managers. (1 vote)
[JM-688] - Updated third-party libraries.
[JM-713] - Updated bundled MySQL driver.
[JM-688] - Upgraded to JDK 1.5.0_07.

Openfire Bug Fixes

[JM-702] - Presence updates were not being broadcasted to other connected resources. (4 votes)
[JM-735] - Presence packets sent to bare JIDs were not being sent to all connected resources.
[JM-731] - DNS lookups was failing with some DNS servers.
[JM-707] - A <system-shutdown/> stream error condition is now sent when shutting down the server.
[JM-653] - FileTransfer was not implementing Cacheable.
[JM-654] - Fixed conflict in Proxy Transfer cache name.
[JM-655] - File Transfer Proxy no longer returns null disco#items.
[JM-710] - File Transfer Proxy socket was not being cleaned up properly.
[JM-721] - File Transfer Proxy did not acknowledge configured interface.
[JM-661] - Field digest_frequency of pubsubSubscription table in MySQL was too small.
[JM-665] - Accessing published items of a pubsub node was expecting that requester was subscribed to the node.
[JM-672] - Updated the way pubsub node owners manage node affiliations and subscriptions.
[JM-708] - Answer format was incorrect when returning pubsub node affiliations or node subscriptions of a node owner.
[JM-667] - Roster items with subscription NONE and ask PENDING were being sent to clients.
[JM-668] - Fixed error when deleting a user with shared contacts that belong to public shared groups.
[JM-669] - Added fix for "javax.net.ssl.SSLException: Unsupported record version Unknown" error.
[JM-729] - Server was not processing IQ errors triggered by IQ requests made by the server.
[JM-732] - mucConversationLog was storing room's JID instead of the sender's JID.
[JM-681] - No more than 5 concurrent threads were used for creating new server-to-server connections.
[JM-670] - Flash clients were waiting forever for a response if old SASL method failed or there was a conflict while binding a resource.
[JM-671] - Fixed NPE when external component did not include a TO attribute in stream header.
[JM-674] - Fixed NPE in IQDiscoItemsHandler when an ServerItemsProvider was disabled.
[JM-698] - Fixed bug in XMLProperties.getChildren.
[JM-728] - Fixed PK length error when upgrading jivePrivate in MySQL using URF-8.
[JM-736] - Added commit statement to Oracle db scripts.
[JM-737] - Fixed invalid character error when upgrading Oracle database.
[JM-700] - Increased the column size of "username" from 32 to 64.
[JM-706] - Non-SASL Authentication stream feature was not being offered when anonymous login was disabled.
[JM-712] - VCard manager was not returning vcard-temp as a stream feature.
[JM-726] - Privacy list now implements Cacheable interface.
[JM-656] - Streamlined disco registration process.
[JM-709] - An exception is now thrown when plugin servlet class was not found.
[JM-663] - UserProvider no longer depends on VCardManager.

Openfire Enterprise

Initial release.

Openfire Connection Manager Module

Initial release.

2.6.2 -- April 20, 2006

Bug Fixes

[JM-648] - Server-to-server thread pool was getting exhausted when remote servers were unresponsive.
[JM-650] - Fixed concurrency problem that was closing active connections by mistake.
[JM-642] - Deleting a user was not removing all references from memory.
[JM-646] - Fixed error when searching for groups of a non-local user when using LDAP.
[JM-571] - File transfer proxy was not being removed from service discovery when disabled. (1 vote)
[JM-638] - Unhandled exceptions while processing IQ packets were not always returning IQ errors.
[JM-639] - Fixed ConcurrentModificationException while purging a pubsub node.
[JM-640] - A "service-not-implemented" error was being returned after an ad-hoc command was handled by pubsub.
[JM-641] - Modified pubsub tables so that all supported databases may correctly run the database scripts.
[JM-644] - Allowed Base64 decoding that doesn't encode bytes as String.
[JM-645] - Fixed recursivity error in SessionManager when searching for best route.
[JM-647] - Sometimes users were remaining as room occupants when using shared groups.
[JM-649] - Increased proxy file transfer buffer size.

2.6.1 -- April 11, 2006

New Features

[JM-222] - Entire user base is no longer loaded when using public shared groups. (1 vote)
[JM-634] - Shared contacts whose subscription type is FROM are no longer kept in memory.
[JM-633] - Added sorting to session list.
[JM-637] - Added support for basic commands defined in JEP-133: Service Administration.

Bug Fixes

[JM-636] - After initial install new user accounts were corrupted until restart.
[JM-630] - Fixed upgrade scripts of PostreSQL, SQLServer and Sybase.
[JM-631] - New user passwords were not being saved to the database.

2.6.0 -- April 6, 2006

New Features

[JM-291] - Encrypted passwords are now stored in the db. (21 votes)
[JM-613] - Added support for JEP-0060: Publish-Subscribe. (1 vote)
[JM-298] - Auditing now supports rolling over by date. (12 votes)
[JM-599] - Improved performance by avoiding queries to load users.
[JM-607] - Improved performance by avoiding unnecessary LDAP queries.
[JM-608] - Improved performance when detecting which groups are shared groups.
[JM-621] - Improved performance by avoiding using locks in RoutingTable (server core).
[JM-605] - Improved performance by caching groups.
[JM-606] - Added JDBC Authentication provider.
[JM-600] - Added support for managing system caches from the admin console.
[JM-624] - Allowed external components to bind more than one domain.
[JM-603] - Improved db upgrade process.
[JM-609] - Refactored Ad-hoc commands so that services can also offer ad-hoc commands.
[JM-597] - Improved LDAPGroupProvider Exception Handling.
[JM-625] - Added support for XMPPServer listeners.
[JM-620] - Added development mode for web.
[JM-623] - Exposed port in connection object.
[JM-614] - Updated third-party libraries.

Bug Fixes

[JM-615] - Fixed deadlock when loading users and rosters.
[JM-621] - Fixed deadlock in RoutingTable.
[JM-495] - Server session tab was loading very slow.
[JM-596] - LDAP connections were not being closed correctly.
[JM-601] - LDAP referrals were not being respected while verifying authentication.
[JM-604] - SASL EXTERNAL for s2s was not checking if certificate validation was disabled.
[JM-611] - PLAIN SASL authentication was not accepting empty auth packets.
[JM-627] - Null SASL responses were not being padded.
[JM-610] - Fixed NPE in privacy list when user session no longer exists.
[JM-612] - Registering new internal components was not checking that component domain is not taken.
[JM-618] - Remote server count was wrong.
[JM-619] - Names of users were not being sorted when loading from database.
[JM-622] - Admin console was failing to startup on unexpected log impl.
[JM-626] - Several instances of the same disco#item could appear in the server's disco#items.
[JM-628] - Pretty printing of openfire.xml file was not always working.