4.8.3 -- July 11, 2024
Improvement
- [OF-2846] - Update zh\_CN translation
Bug
- [OF-2843] - When admin attempts to ban owner, incorrect error condition is returned
- [OF-2844] - Admins and owners must not be able to ban themselves
- [OF-2845] - Failing close listener can severely delay closure of connection
4.8.2 -- July 3, 2024
Improvement
- [OF-2818] - Websocket buffers should not be 5MB
- [OF-2825] - Implement XEP-0030's security considerations
- [OF-2827] - Make handling of 'username' consistent between JdbcAuth- and JdbcUserProvider
- [OF-2834] - Update Bouncy Castle to 1.78.1
- [OF-2835] - Advertise XEP-0115 support
- [OF-2840] - XMPPDateTimeFormat parsing improvements
Task
- [OF-2819] - Update Netty to 4.1.108
Bug
- [OF-2824] - RoutingTable cache inconsistency
- [OF-2832] - Cannot set MUC avatar with LdapVCardProvider
- [OF-2833] - Cannot serialize User instances
- [OF-2836] - CapsManager ignores provided hash identifier
- [OF-2838] - MUST return error when user updates someone else's vcard
- [OF-2839] - MUST return error when requesting VCard from someone that doesn't have one
- [OF-2841] - Capabilities offered by stream feature doesn't include features for registered users
4.8.1 -- March 2, 2024
Improvement
- [OF-2651] - Give explict names to Netty's threads
- [OF-2788] - Have distinct thread pools for each type of connection
- [OF-2791] - Announce support for PubSub delete-item
- [OF-2798] - Admin Console should warn end-user if plugin installation failed
- [OF-2800] - Guard against a surplus of database connection errors being logged
- [OF-2802] - Upgrade postgresql database driver for CVE-2024-1597
New Feature
- [OF-284] - Add service administration support
Bug
- [OF-2166] - When deleting a user, remove it from transient MUC rooms
- [OF-2310] - Cache data inconsistency: MUC
- [OF-2758] - Deleting an admin user does not remove the name from \`admin.authorizedJIDs\`
- [OF-2768] - Do not use default value for user's creation / last modified date
- [OF-2774] - 4.8.0 not counting "whitespace ping" as session activity
- [OF-2775] - RSS News Feed appears empty
- [OF-2777] - Misbehaving Shared-With-Group option for Contact List sharing
- [OF-2778] - Duplicate \(group\)chat messages are received
- [OF-2781] - SerializableCache appears to be unusable \(ClassCastException on creation\)
- [OF-2782] - SerializableCache instances do not get recreated on cluster switch
- [OF-2792] - Cache-summary page shows wrong stats when using Clustering
- [OF-2795] - Delete MUC-based authorization when deleting user
- [OF-2799] - OccupantManager doesn't remove all items when clustering
- [OF-2805] - Session details shows 'resource' column, but does not show resources
- [OF-2806] - Routing Servers cache inconsistency doesn't list the missing items
- [OF-2807] - Contact List \(Roster\) Sharing changes are not immediately applied
- [OF-2808] - Stream Management Resume fails
- [OF-2809] - Disabling client idle time breaks websockets
- [OF-2810] - Resumed stream is no longer resumable
4.8.0 -- Jan 12, 2024
Improvement
- [OF-1378] - Rename "Legacy SSL" into "Direct TLS"
- [OF-1861] - Support for TLS 1.2 / 1.3
- [OF-2116] - Using range retrieval for LDAP groups
- [OF-2372] - Add support for proxied connections to Admin Console
- [OF-2377] - Reduce potential thread contention in XMLProperties
- [OF-2380] - Reduce thread contention in In-Memory pubsub persistence provider
- [OF-2385] - Shouldn't attempt to load shared groups when feature is unsupported.
- [OF-2403] - Improve Admin Console's memory usage reporting
- [OF-2408] - Address static analysis warnings in Crowd package
- [OF-2409] - Remove obsolete 'type' and 'language' attributes on HTML elements. Use HTML5.
- [OF-2413] - Include a stream error when closing a stream due to a problem.
- [OF-2440] - Increase default cache sizes
- [OF-2449] - Return error when a BOSH pause is requested that is higher than the maximum allowable pause.
- [OF-2455] - Explicitly promote websockets in admin console
- [OF-2494] - Upgrade HSQLDB to a more recent version.
- [OF-2513] - Do not require authzid on SASL EXTERNAL for S2S
- [OF-2514] - Differentiate between missing and empty initial SASL response
- [OF-2521] - S2S: Allow 'client auth' (required for SASL EXTERNAL) by default
- [OF-2523] - Use less predictable resource value
- [OF-2540] - Update SLF4j to 2.x
- [OF-2542] - Drop Java 8 support
- [OF-2547] - Update Mockito to 3.4.0 or later
- [OF-2556] - Support additional namespaces when parsing streams
- [OF-2557] - Show TLS config on each session/connection
- [OF-2560] - Improve Admin Console load time when RSS can't be reached
- [OF-2563] - Replace Session status constants with enums
- [OF-2564] - ServerSession's state should be set to 'authenticated' after authentication
- [OF-2565] - Openfire should close stream if client is sending a stanza in violation of RFC 6120, section 7.1
- [OF-2566] - Enable Websocket Stream Management resumption
- [OF-2581] - Invite people to improve translations in admin console
- [OF-2594] - When locating Openfire Home, consider 'tmp' file
- [OF-2608] - Do not wait for timeout when Dialback connection is closed
- [OF-2611] - Improve automated tests for S2S functionality
- [OF-2612] - Upgrade JUnit from 4 to 5
- [OF-2613] - Upgrade unit test database to version 34
- [OF-2615] - Use ConnectionManager interface where possible
- [OF-2616] - Bump Guava to latest release
- [OF-2623] - Migrate LoginLimitManager's properties to SystemProperties
- [OF-2624] - When providing Forms, use client's language
- [OF-2633] - When S2S TLS is required, announce that
- [OF-2638] - Update Installation guide to suggest it is not okay to open-admin-console-to-internet
- [OF-2639] - Server-to-Server SASL EXTERNAL should not require authz
- [OF-2642] - Remove (unused?) PEP restriction for XEP-0084
- [OF-2644] - Do not use getters in Session#toString
- [OF-2650] - Failed S2S due to peer's certificate being invalid should be less verbose
- [OF-2653] - hostname validation should not try to resolve host
- [OF-2654] - Implement toString() in various Netty classes
- [OF-2663] - Don't overly verbose log receiving IQ responses addressed to the server
- [OF-2669] - Update postgresql driver to 42.6.0
- [OF-2670] - Netty debug should log remote address when available
- [OF-2671] - S2S tester can stop waiting after a bounce
- [OF-2673] - Prevent double-closure of outbound s2s session
- [OF-2678] - Prefer XML data type usage over String manipulation
- [OF-2693] - Make XML declaration (and newline) configurable
- [OF-2697] - Set up multiple S2S connections concurrently
- [OF-2699] - PacketRejection should allow for PacketError to be defined
- [OF-2703] - Websocket 'open' should be a collapsed element
- [OF-2706] - Restructure session details page
- [OF-2707] - When closing session on admin console, kill its stream management
- [OF-2708] - Ensure that Groups operate on bare JIDs
- [OF-2713] - Update Bouncy Castle to 1.76
- [OF-2714] - Switch to Java 1.8+ variant of Bouncy Castle
- [OF-2724] - Resolve (non-breaking) errors while compiling plugin JSP pages against Openfire 4.8
- [OF-2731] - Update support for XEP-0280: Message Carbons
- [OF-2732] - Update bundled search plugin to 1.7.4
- [OF-2746] - Add Content Security Policy (CSP) headers to web endpoints
Story
- [OF-2527] - Include milliseconds in default log4j configuration
- [OF-2573] - Add Name to Client Version column in Session Summary
New Feature
- [OF-1574] - Add support for XEP-0352: Client State Indication
- [OF-2474] - Allow IP-based access control to the admin console
- [OF-2475] - Allow data to be persisted for future users.
- [OF-2476] - Add trunking/gateway support to Openfire
- [OF-2572] - Detect thread obtaining more than one database connection
- [OF-2579] - Add Ukrainian translation
- [OF-2646] - Allow property persistence to be skipped (for tests)
- [OF-2658] - Dynamically modify Netty pipeline
- [OF-2676] - Add support for XEP-0478: Stream Limits Advertisement
- [OF-2753] - Kill detached session when resumption is attempted at different cluster node
- [OF-2766] - Apply s2s permissions recursively
- [OF-2770] - Add pub/sub debug logging
Task
- [OF-1382] - Admin Console reuses `username` and `password` form fields, which fools browser auto-fill
- [OF-2395] - Remove code that was deprecated prior to 4.7.0
- [OF-2406] - Phase out calendarjs
- [OF-2407] - Phase out /js/tooltip/*
- [OF-2418] - Phase out Scriptaculous
- [OF-2419] - Remove unused pngfix.js library
- [OF-2420] - Phase out lightbox.js
- [OF-2510] - Create documentation for using Openfire with clustered databases
- [OF-2559] - Replace Apache MINA with Netty
- [OF-2610] - Update shipped CA truststore
- [OF-2647] - Remove 4.8 deprecation
- [OF-2687] - Update Jetty to 10.0.18
- [OF-2688] - Update Netty to 4.1.100
- [OF-2691] - Update org.json:json to 20231013
- [OF-2725] - Update dependency-check to 8.4.2
- [OF-2726] - Update dom4j to 2.1.4
- [OF-2727] - Update mysql-connector from 8.0.32 to 8.2.0
- [OF-2728] - Remove Rome
- [OF-2733] - Sync Openfire's truststore with Mozilla's shipped CAs
- [OF-2767] - Don't have separate database CI workflow
Sub-task
- [OF-2596] - Improve detection of path traversal
- [OF-2597] - Add config option for using wildcards in AuthCheckFilter
- [OF-2598] - Remove wildcard usage in AuthCheckFilter
- [OF-2599] - Avoid having setup-specific auth-excludes after install
- [OF-2600] - Upgrade Jetty
- [OF-2604] - Bind admin console to loopback interface by default
- [OF-2609] - Broken Tests - Expect NO_CONN, Get PLAIN_DIALB
Bug
- [OF-880] - Server MUST return for IQ requests to unknown user. (RFC 6120 10.5.3.1.)
- [OF-945] - Openfire returns Stanza error instead of Stream error when client tries to send stanzas over unauthenticated connections
- [OF-1183] - Roster request denial is not pushed back to requester
- [OF-1224] - No roster push after unsubscribe (probably only if presence subscription is not 'both")
- [OF-1389] - PubSub Admin Console - Unable to click Node ID
- [OF-1394] - PubSub Admin Console - Re-enabling service doesn't reload nodes
- [OF-1399] - PubSub Admin Console - 'Max number of items to persist' appears configurable when it's not
- [OF-1405] - S2S Connection Test - No validation on 'XMPP domain' field
- [OF-1406] - S2S Connection Test - Able to edit results fields
- [OF-1407] - S2S Connection Test - No indication on the page that anything is happening during search
- [OF-1785] - In-band registration fails with websockets
- [OF-1831] - TLS fails with "input record too big" exceptions
- [OF-1913] - Various S2S interop issues
- [OF-2242] - No possible to filter by Client Version on Sessions page
- [OF-2378] - (deprecated) XMLProperties.getName() throws ClassCastException
- [OF-2382] - When searching for shared groups by user, all groups are returned
- [OF-2383] - Group methods are only validated on the frontend, or not at all
- [OF-2391] - NPE during/directly after setup
- [OF-2399] - Migrated System Properties report that restart is needed
- [OF-2404] - Inbound presence 'subscribe' for preexisting contact MUST be auto-responded
- [OF-2411] - Openfire fails to start because of a deadlock in XmlProperties' readWriteLock
- [OF-2426] - Group cache can contain ghost entries
- [OF-2429] - Fix count in database reconnect attempts
- [OF-2435] - TLSv1.3 suffers from timing issue
- [OF-2443] - SASL PLAIN should use authorization mapping
- [OF-2492] - mvnw isn't executable
- [OF-2551] - Server-to-Server TLS policy changes cause breakage
- [OF-2552] - javax.el.MethodNotFoundException in offline-messages.jsp
- [OF-2555] - Openfire allows S2S TLS to continue when certificate fails to validate
- [OF-2567] - S2S with Direct TLS seems to be unstable
- [OF-2568] - Stream Management roll-over detection
- [OF-2580] - Make Portuguese locale selectable after setup
- [OF-2590] - S2S Outbound must validate remote identity against certificate
- [OF-2592] - Autosetup should not force the default database connection provider when using default auth provider
- [OF-2595] - CVE-2023-32315 Admin Console Auth Bypass
- [OF-2606] - Database errors keep getting logged when providing faulty db connection URL in setup
- [OF-2614] - openfire-plugin-assembly is inflexible on project structure
- [OF-2620] - Plugin-provided pages for the Admin Console should use Openfire assets for standard components
- [OF-2621] - Incorrect link on MUC Service admin console page
- [OF-2622] - Do not accept Dialback when disabled
- [OF-2626] - Dialback status race condition
- [OF-2627] - Deleting a group with a '+' character in its name fails
- [OF-2630] - SystemProperties are not encrypted on Admin Console
- [OF-2641] - Cannot establish S2S with conference subdomain
- [OF-2648] - S2S stanza parsing of errors fails
- [OF-2649] - CSI parsing error
- [OF-2652] - To many exceptions when remote server sends to much data
- [OF-2655] - Closing S2S session fails to close outbound
- [OF-2656] - TLS information missing for outbound S2S connections
- [OF-2657] - Stream parsing failure
- [OF-2659] - Remote (ejabberd) servers close stream with 'duplicate attribute' stream error
- [OF-2660] - Outbound DirectTLS S2S connections seem to stall
- [OF-2661] - Peer closing stream leads to timeout
- [OF-2662] - S2S prefix issue
- [OF-2664] - S2S failure with isode.com
- [OF-2665] - Cache state inconsistencies after Netty upgrade
- [OF-2668] - Cannot compile plugin with web assets against Openfire 4.8 following Jetty upgrade
- [OF-2672] - Netty Debug log incorrectly suggests class cast issue
- [OF-2674] - Closing a Netty channel must close the underlying connection
- [OF-2675] - HTTP ERROR 400 Invalid SNI on admin console after jetty upgrade for Openfire 4.8
- [OF-2677] - Failure to process all UTF-8 characters
- [OF-2680] - NullPointer in idle handler
- [OF-2681] - Failure to define Dialback XML prefix
- [OF-2682] - ConcurrentModificationException in Netty S2S
- [OF-2689] - DirectTLS client-to-server (5223) broken
- [OF-2690] - Incorrect namespace definitions on server dialback elements
- [OF-2692] - NullPointerException in S2S when ID attribute is missing
- [OF-2696] - Cannot resolve CAPS for MUC occupants
- [OF-2698] - Netty idle state detects mixes 'read' and 'write' idle events
- [OF-2700] - X-Forwarded-For header content not in audit log
- [OF-2704] - Closing websockets should send `close` element
- [OF-2705] - Route stanzas addressed to full JIDs of connected resource
- [OF-2711] - CSI delays don't then deliver stanzas
- [OF-2712] - Session accounting differs on alternate sides of the S2S conversation
- [OF-2715] - Websocket 'close' frame whould be sent when closing a connection
- [OF-2716] - Missing Copyright Notices
- [OF-2730] - Stop S2S under strict verification mode, when TLS fails.
- [OF-2734] - JspPropertyNotFoundException on Pubsub node detail page
- [OF-2735] - Certificate Details doesn't show store name
- [OF-2738] - Server-to-Server SNI issue / connecting to a host that serves multiple domains
- [OF-2740] - Incorrect determination of macOS JAVA_HOME when none is set
- [OF-2745] - MUC Occupants get kicked for being idle, after responding to idle check
- [OF-2750] - CSI-enabled client does not receive Jingle invitations
- [OF-2751] - Disable Stream Management when server closes stream with error
- [OF-2752] - Disable Stream Management when server closes stream
- [OF-2755] - NullPointerException in S2S when cluster node is switched off
- [OF-2756] - setup fails to properly detect JRE 21
- [OF-2757] - pub/sub notifications not sent to full JIDs on remote domains
- [OF-2761] - NullPointerException when MUC Service processes an IQ result
- [OF-2763] - HTTP requests for 'other' plugin files (eg: images) return 403
- [OF-2764] - Typo in i18n key 'cliked'
- [OF-2765] - Some mvn references aren't using mvnw
4.7.5 -- May 23, 2023
Improvement
- [OF-2459] - Admin console CSS tweaks
- [OF-2461] - Validate JIDs that are sent by remote servers
- [OF-2462] - Apply nodeprep on S2S stanza addresses
- [OF-2464] - Do not default to Chinese locale
- [OF-2539] - Name threads
- [OF-2541] - Plugins should have updated SCM references
Task
- [OF-2508] - Ensure that MUC Room names are nodeprepped
- [OF-2584] - Update dependency-check to 8.1.2
- [OF-2585] - Update commons-fileupload to 1.5
- [OF-2586] - Update mysql-connector from 8.0.28 to 8.0.32
- [OF-2587] - Update twelvemonkeys imageio-core from 3.5 to 3.7.1 or higher
- [OF-2588] - Update SQL Server JDBC driver from 7.4.1 to 9.4.1
- [OF-2589] - Remove protobuf-java from mysql-connector-j
Story
- [OF-2493] - Update postgresql to 42.4.1
Sub-task
- [OF-2596] - Improve detection of path traversal
- [OF-2597] - Add config option for using wildcards in AuthCheckFilter
- [OF-2598] - Remove wildcard usage in AuthCheckFilter
- [OF-2599] - Avoid having setup-specific auth-excludes after install
Bug
- [OF-2538] - Overzealous deletion of child properties
- [OF-2543] - pubsub should always deliver payloads when items are retrieved.
- [OF-2561] - Fallback of verifyCertificateValidity for connection listener uses incorrect setting
- [OF-2575] - Text formatting error in registration settings
- [OF-2578] - Fix failing aioxmpp tests
- [OF-2595] - CVE-2023-32315 Admin Console Auth Bypass
4.7.4 -- November 9, 2022
Improvement
- [OF-2498] - Improve performance of MUC, based on stress test profiling
- [OF-2499] - MUC Room history shouldn't be serialized as part of a MUC Room
- [OF-2502] - Reduce resource usage of MUC stats collection
- [OF-2504] - Re-instate MINA JMX monitoring
- [OF-2511] -Prevent retrieving more MUC messages from DB than needed
- [OF-2516] - Add TX/RX, Remove Priority from session summary page
- [OF-2518] - Try loading favicons over HTTPS and HTTP
- [OF-2524] - Improve MUC history load time for single rooms
- [OF-2525] - Deprecate XMLProperties constructors that can't write back
- [OF-2531] - Remove unneeded JID-based lock in MUC
- [OF-2537] - Advertise support for pubsub's "multi-item" feature.
Story
- [OF-2528] - Migrate usages of set-output in Github Actions
- [OF-2529] - Upgrade Apache Commons Text from 1.6 to 1.10
Bug
- [OF-2415] - Openfire Docker image fails to start if an empty plugins directory exists
- [OF-2495] - Websocket onError handler prevents earlier data to be processed
- [OF-2509] - openfirectl does not store PID
- [OF-2512] - User lock-out with custom value does not take effect
- [OF-2517] - "Packet sent" session stat remains 0 for BOSH sessions
- [OF-2519] - Group JIDs in MUC rooms without preloading causes issues
4.7.3 -- August 2, 2022
Bug
- [OF-2486] - MUC mediated invite MUST have a invite-from
- [OF-2484] - UpdateManager - Error: update service check did not save correctly. Stopping update service.
- [OF-2482] - Error when opening keystore admin console page
- [OF-2480] - Admin console is unavailable ~30 seconds after setup finishes
- [OF-2473] - Deadlock Websocket
- [OF-2470] - NPE in MultiUserChatServiceImpl
- [OF-2469] - NPE in Pubsub admin console page
- [OF-2423] - Too many sessions removed when one session logs out
- [OF-2181] - "click here" HTTP server restart link on certificate store admin console page is same color as info message
- [OF-1396] - PubSub Admin Console - 'Cancel' takes user to 'Node Summary'
Improvement
- [OF-2490] - Reduce log level when anonymous user tries to use PEP
- [OF-2489] - Reduce log level severity of SOCKS5 error
- [OF-2488] - Reduce log level severity of failure to do a DNS lookup
- [OF-2487] - Make replacement of XML file more atomic
- [OF-2483] - Delay restart of admin console when truststore content is changed
- [OF-2481] - Software version not visible in admin console in S2S Overview
- [OF-2472] - Pubsub node summary search/order functionality
- [OF-2471] - Audit log should show friendly name for groupJID and not base32hex encoded one
- [OF-2467] - Groups are deselected when changing role within Room Permissions
- [OF-2466] - Groups should be sorted within Room Permissions area
New Feature
- [OF-2479] - Allow Tsung to test with websockets
4.7.2 -- July 13, 2022
Bug
- [OF-2465] - Prevent using a collection function with itself as an argument
- [OF-2458] - ConcurrentModificationException in MUC cache size calculation
- [OF-2456] - MUC nickname changes are not properly propagated in cluster
- [OF-2450] - When pausing a BOSH connection, wrong connection could get answered to
- [OF-2448] - Do not close replacement BOSH connection
- [OF-2444] - Deadlock in BOSH
- [OF-2431] - Incorrect restriction on retrieving member-list of MUC room
- [OF-2421] - OccupantManager should be thread-safe
- [OF-2401] - Pubsub node should not change parent without changing parentIdentifier
Improvement
- [OF-2460] - Bumps mysql-connector-java from 8.0.27 to 8.0.28.
- [OF-2446] - Use more appropriate data type for org.jivesoftware.openfire.http.HttpSession#sentElements
- [OF-2445] - BOSH: prevent pendingElements to be added to if HttpSession is closed
- [OF-2432] - Expose member-only MUCs member list to all occupants
- [OF-2428] - Allow MUC occupants to ask each-other's VCards
- [OF-2424] - LocalSession.toString should not log an error
- [OF-2416] - Allow PEP to be enabled/disabled without restarting Openfire
- [OF-2405] - Enhance log info of loaded plugin by version
- [OF-2398] - Show 'locked' room status in admin console
4.7.1 -- February 16, 2022
Bug
- [OF-2392] - Logging fails when Openfire started with Install4j 'openfire' launcher
- [OF-2381] - MUC idle user handling
- [OF-2379] - In-memory pubsub representation should guarantee order of items
- [OF-2375] - Fix references to openfire.log
Improvement
- [OF-2394] - Bump postgresql from 42.2.25 to 42.3.3
- [OF-2393] - Update SLF4J to 1.7.36
- [OF-2390] - Increase MUC idle kick default value to allow for SM
- [OF-2387] - Update Postgres driver
Sub Task
- [OF-113] - Openfires admin gui allows to enter long group names while the database supports only 50 characters.
Tasks
- [OF-2384] - Enable Openfire debugging for Docker
- [OF-2376] - Update mysql-connector from 8.0.27 to 8.0.28
4.7.0 -- January 19, 2022
Bug
- [OF-2368] - Ghost detection shouldn't kick non-ghost occupants
- [OF-2367] - TCP clients are suddenly unable to log into the server
- [OF-2365] - Parent node subscribers shouldn't always get pubsub node notifications
- [OF-2358] - When a room is destroyed, the room instance might be non-existent
- [OF-2350] - DefaultExternalizableUtil ignores provided ClassLoader instances
- [OF-2348] - Plugin JAR can't unload on Windows with newer versions of Java
- [OF-2346] - XMPPServer#matchesComponent shouldn't require full-JID match
- [OF-2345] - component-based address incorrectly identified as remote
- [OF-2343] - Inconsistent leave presence sending to leaving occupant
- [OF-2341] - Apparent thread lock (deadlock?) in MUC after clustering reimplementation
- [OF-2339] - Incomplete room list following a cluster split
- [OF-2338] - NullPointerException on MUC search if name is empty
- [OF-2337] - PEP publishing fails after reboot
- [OF-2336] - DefaultCache put returns wrong value when to big value is added
- [OF-2329] - XML parsing bug when tag-name is not followed by space or '>'
- [OF-2328] - Error when standalone Openfire checks for timed out users
- [OF-2325] - 100% CPU from never-ending Dialback
- [OF-2324] - NullPointerException in client sessions page on admin console
- [OF-2322] - Outbound S2S stanzas can be delivered out-of-order
- [OF-2321] - Concurrency issue with sending/establishing outbound S2S connection.
- [OF-2315] - NPE when setting up S2S
- [OF-2314] - Cache data inconsistency: outgoing server sessions
- [OF-2313] - Cache data inconsistency: incoming server sessions
- [OF-2312] - Not all admins are warned when cache inconsistencies occur
- [OF-2311] - Cache data inconsistency: Sessions
- [OF-2308] - MUC should disallow nickname change to reserved nickname
- [OF-2305] - MUC nickname change processed as new join
- [OF-2304] - MUC nickname changes should not be possible for non-occupants
- [OF-2300] - Clustered caches can loose 'local' data upon cluster breakage.
- [OF-2299] - NullPointerException when cleaning up directed presences in 3-node cluster
- [OF-2297] - Cluster leave can result in lost data MUC
- [OF-2296] - Cluster join/leave events are processed twice in MUC
- [OF-2294] - MUC consistency check failure
- [OF-2293] - Duplicate occupant in MUC
- [OF-2292] - ConcurrentModificationException in new MUC cluster code
- [OF-2291] - ConcurrentModificationException in new MUC cluster code
- [OF-2290] - Cache locking with Strings has problems equal to using a String as a mutex
- [OF-2289] - String-based Interners still can cause deadlocks
- [OF-2282] - Log4j config is ignored at boot time.
- [OF-2281] - Admin console error when using In-Memory datastore for pubsub
- [OF-2278] - Cache locking does not always work with primitive types
- [OF-2250] - Multiplexer backup deliverer should be used
- [OF-2249] - Backup delivery for BOSH should be 'offline'
- [OF-2245] - Prevent needlessly scheduled tasks after Http Session closure
- [OF-2244] - Offline presence subscription loses details
- [OF-2213] - Update dependencies identified by Snyk
- [OF-2206] - BOSH session disconnect through server should inform client
- [OF-2167] - Federated users should be able to query a MUC room in a cluster
- [OF-2165] - Prevent potential nickname clashes when occupants of clustered MUC room are merged.
- [OF-2164] - Updating A MUC service should propagate in the cluster
- [OF-2156] - BOSH Concurrency issue
Improvement
- [OF-2371] - Outbound S2S stanza queue should be larger
- [OF-2370] - RemoteServerManager's canAccess should evaluate both Direct and nonDirect TLS
- [OF-2369] - Do not establish S2S when not accepting S2S of the same type
- [OF-2363] - Improve LGTM score for xmppserver/webapp/javascript
- [OF-2362] - JDBCAdminProvider LGTM synchronising on a string
- [OF-2361] - GroupManager LGTM String Synchronisation Changes
- [OF-2360] - Create API to check for availability of plugins/versions on each cluster node
- [OF-2357] - Update SLF4J to 1.7.32
- [OF-2356] - Update Bouncy Castle to 1.70
- [OF-2355] - Update Log4j to 2.17.1
- [OF-2354] - String-based SystemProperty lists should allow for whitespace comma separation
- [OF-2353] - Update Log4j dependency to 2.16.0 to address Log4Shell/LogJam
- [OF-2352] - Use plugin-provided servlet context
- [OF-2351] - Update Log4j dependency to 2.15.0 to address Log4Shell/LogJam
- [OF-2349] - Admin console should show (full) default value for system property
- [OF-2340] - send stanzas that are 'responses' through PacketRouter, not RoutingTable
- [OF-2320] - MUC room avatars fail
- [OF-2319] - muc#roomconfig_allowpm should only affect Message stanzas
- [OF-2317] - Prevent NPE when admin page obtained without session
- [OF-2316] - Make S2S fast-discard timeout configurable
- [OF-2307] - Changing MUC nickname to one that's already used by your other resource
- [OF-2303] - Remove unused UserManager field from SessionManager
- [OF-2298] - Use status code 333 when MUC occupants leave due to clustering error
- [OF-2287] - Add MUCEventDelegate to interface
- [OF-2283] - Show distinct servers when looking at remote S2S details
- [OF-2276] - Broadcast status codes when privacy settings of a MUC room change
- [OF-2275] - When joining a MUC room that has logging enabled, status 170 should be returned.
- [OF-2256] - Add CORS headers to websockets
- [OF-2254] - Distinguish between property values that are set to the default value, or are just defaults.
- [OF-2252] - Reduce log level for BOSH request that time out
- [OF-2251] - Threadpool for BOSH network-IO should be configurable
- [OF-2248] - BOSH configuration should go into SystemProperty instances
- [OF-2247] - BOSH session configuration should not be mutable
- [OF-2246] - Allow backup delivery to be disabled
- [OF-2239] - Make it easier to cache plugin class instances
- [OF-2212] - Allow admin console's cert to be auto-updated
- [OF-2200] - Apply alternating row background color scheme to group members list.
- [OF-2175] - Reduce verbosity of anonymous users trying to authenticate errors
- [OF-2129] - Remove Flash support
- [OF-2115] - Remove unused webdav servlet
- [OF-1840] - Improve admin console log viewer
- [OF-264] - Add group selection field in Create New User page
New Feature
- [OF-2286] - Allow log file to be downloaded from Admin Console
- [OF-2158] - Update notifications should include cluster node reference
Sub-task
- [OF-2272] - Remove notion of 'remote' and 'local' MUC entities
- [OF-2236] - Test appropriate join/leave presences are sent to occupants when joining & leaving cluster
- [OF-2233] - On joining a cluster, generate appropriate join presences to reconcile the MUC participant visibility
- [OF-2232] - On reconciling the membership of a particular MUC, reconcile any nickname conflicts
- [OF-2230] - On witnessing another node leaving a cluster, generate leave presence about all MUC participants from that node to all node-local MUC participants
- [OF-2228] - On Cluster Join, repopulate the newly acquired clustered cache with the local copy of items
- [OF-2227] - On Cluster Leave, repopulate the new blank local cache with the local copy of items contributed to the clustered cache
- [OF-2223] - Test the local list of cache items to ensure it contains the expected state of items given various conditions and operations in/on the MUC
- [OF-2220] - Ensure that caches are updated every time a item from the cache is modified locally
Task
- [OF-2366] - Drop barely-used commons-io library
- [OF-2333] - Update dependency-check from 6.0.4 to 6.2.2
- [OF-2332] - Update commons-dbcp2 from 2.6.0 to 2.9.0
- [OF-2331] - Update mysql-connector from 8.0.21 to 8.0.27
- [OF-2330] - Update Jetty from 9.4.39 to 9.4.43
- [OF-2327] - Drop runtime compilation of JSPs
- [OF-2199] - Stop bundling JRE with Openfire Release Artifacts
- [OF-2066] - Evaluate if additional event listeners are required
- [OF-1780] - Add OWASP dependency check to build
4.6.7 -- January 3, 2022
Bug
4.6.6 -- December 16, 2021
Bug
- [OF-2353] - Update Log4j dependency to 2.16.0 to address Log4Shell/LogJam.
4.6.5 -- December 10, 2021
Bug
- [OF-2277] - Numbering in room enumeration is off by one.
- [OF-2273] - Disabling presence broadcast will cause MUC join failure
- [OF-2268] - Concurrency issue when starting JMX manager
- [OF-2267] - Cannot browse MUC rooms of services other than the first one.
Improvement
- [OF-2351] - Update Log4j dependency to address LogJam
- [OF-2271] - Add field type returned data form fields
4.6.4 -- June 18, 2021
Bug
- [OF-2266] - Occasional test failure for LoginLimitManager
- [OF-2265] - Websocket fails to deliver certain errors
- [OF-2262] - Admin console does not show MUC rooms that are not in memory
- [OF-2241] - IQVersionHandler fails to handle bosh/websocket clients
- [OF-2240] - Self-presence status not added to kick presence
- [OF-2190] - Inconsistent normalization of MUC room name
Improvement
- [OF-2264] - Bump commons-io from 2.6 to 2.7
- [OF-2263] - Do not list every page of MUC rooms
- [OF-2261] - Re-word MUCs cleaned from memory option in admin console
- [OF-2260] - Show (full) name of group members on admin console
- [OF-2259] - Increase startup speed with large amounts of MUC rooms
- [OF-2258] - Make thread pools configurable
- [OF-2257] - Expose state of thread pools via JMX
- [OF-2253] - Return IQ auth error when sending data before being authenticated
- [OF-2243] - Version Check threads should not sleep in the TaskEngine
- [OF-2083] - Do not store offline messages that are already stored
- [OF-2082] - Consider using OfflineMessage instead of Message in OfflineMessageListener
4.6.3 -- April 22, 2021
Bug
- [OF-2214] - DbConnectionManager should not default to DB2 for unknown database types.
- [OF-2210] - Session Destroyed event is not triggered
- [OF-2207] - Creating new room on cluster generates exception on one node
- [OF-2205] - Race-condition in EntityCapabilitiesManager when deleting user
Improvement
- [OF-2217] - Enable Result Set scroll support for Oracle
- [OF-2216] - Enable SQL transaction support for MySQL
- [OF-2215] - Use MySQL database scripts for MariaDB
- [OF-2201] - Better error when LDAP fails due to missing HTTP session
- [OF-2192] - Add Client Version column to Sessions page
New Feature
- [OF-2209] - MUC 'ghost' users should be detected/removed
4.6.2 -- February 5, 2021
Bug
- [OF-2196] - Fix dependencies for PluginServlet on Java 11
- [OF-2197] - Slash-star block comment fails for SQLServer
Improvement
- [OF-2155] - X-Frame-Options header in Admin returns an invalid value
- [OF-2195] - Add Git SHA to Admin
4.6.1 -- January 6, 2021
Bug
- [OF-763] - Create property to control console session expiration
- [OF-2077] - NullPointerException with Pubsub(PEP?) and clustering
- [OF-2112] - IQRouter throws NPEs when routing stanzas without 'from' attribute
- [OF-2113] - Docker builds should not include locally built resources
- [OF-2131] - NPE in MUC in clustering
- [OF-2146] - MUC affiliation and role changes aren't always sent to the affected occupant
- [OF-2148] - Implicit narrowing conversion in compound assignment
- [OF-2152] - Stanzas dispatched from MUC room can have invalid 'from' address
- [OF-2157] - SequenceManager generated IDs are unreliable whilst clustering
- [OF-2159] - Openfire re-uses the origin-id for stanza-id
- [OF-2161] - Stable/Unique stanza ID for PMs should have a 'by' that reflects the room
- [OF-2163] - MUC Stanza post-processing might unintentionally expose real addresses
- [OF-2168] - Unable to broadcast (some) presence stanzas in MUC.
- [OF-2169] - LDAP VCard failure when user doesn't have attribute
- [OF-2173] - NullPointerException when joining a room that has no subject
- [OF-2179] - MUC, S2S and Clustering: IllegalStateException in MUC presence broadcast
- [OF-2180] - User has nickname in room, but not a role
- [OF-2191] - set server broadcast message to type headline
Improvement
- [OF-2114] - Upgrade Bouncy Castle libs to 1.66
- [OF-2130] - Improve usefulness of error messages when configuring LDAP/AD integration
- [OF-2151] - Improve exposure of cluster location in admin console
- [OF-2153] - Gracefully handle SM resumption requests on other cluster nodes.
- [OF-2162] - Add 'ofrom' to MUC private messages
- [OF-2170] - LDAP UserDN cache should contain negative results
- [OF-2172] - Include query details in DNS exceptions
- [OF-2174] - Cache DNS SRV lookups
- [OF-2177] - CacheableOptional should have a toString
- [OF-2182] - Update Jetty to 9.4.35
- [OF-2183] - Update ant to 1.10.9
- [OF-2184] - Update bouncycastle to 1.68
- [OF-2185] - Update guava to 30.1
- [OF-2186] - Update apache httpclient to 4.5.13
Task
- [OF-2111] - MUC Maximum batch size setting resets on reboot
4.6.0 -- October 16, 2020
Bug
- [OF-872] - Openfire violates RFC 6120 § 10.3.
- [OF-1696] - Personal Eventing menu shows exception on a first try
- [OF-1789] - HTTP-Bind failure
- [OF-1836] - Properly handle s2s timeouts
- [OF-1888] - Faulty assumption in RoutingTableImpl leads to NPE
- [OF-1975] - Do not trigger offlinemessagelisteners when no message is stored
- [OF-1992] - IQPEPHandler does not consistently identify "addressed to server" stanzas
- [OF-1993] - Prepared Statement should always close on method exit
- [OF-1995] - It should be possible to query anonymous users for service discovery
- [OF-1998] - HTTP Bind session listeners are never invoked
- [OF-2012] - Should not add client route when client becomes unavailable.
- [OF-2016] - Do not depend on existing PEP service when creating PEP service
- [OF-2038] - Shared groups should not be looked up in LDAP
- [OF-2042] - MUC does not adhere to XEP-0045 Order of Events
- [OF-2046] - Comments in sidebar-admin.xml
- [OF-2049] - Ensure room isn't deleted before leave presences are sent
- [OF-2050] - Stream management concurrency
- [OF-2054] - Dataforms of type result should include form field types
- [OF-2057] - All resources PEP service owner should receive notification
- [OF-2058] - LDAP group with non-existing user not loaded
- [OF-2060] - Cluster nodes leaving break component routing
- [OF-2080] - NPE when retrieving empty pubsub node
- [OF-2084] - PubSubModule incorrectly disregards empty strings as parent IDs
- [OF-2085] - Pubsub: Do not require items to persist cache content
- [OF-2086] - Persist cached pubsub data prior to shutdown
- [OF-2092] - PEP service memory leak
- [OF-2093] - JDK11: java.lang.NoSuchMethodError: java.nio.CharBuffer.flip()
- [OF-2100] - Admin Console error when editing group with non-local members
- [OF-2102] - Incorrect Pubsub Service shutdown logic
- [OF-2105] - PEPService removal should occur when not loaded in memory.
- [OF-2106] - Incorrect usage of UserManager.isRegisteredUser()
- [OF-2107] - Server message broadcast doesn't do as advertised
New Feature
- [OF-1968] - Avatar support for MUC rooms.
- [OF-1978] - MUC: add configuration that allows join presence to be suppressed
- [OF-1989] - Introduce in-memory only pubsub persistence provider
- [OF-2030] - Add support for XEP-0289: Federated MUC for Constrained Environments
- [OF-2033] - Add automatic cleaning of outdated offline messages
- [OF-2108] - Expose use privacy lists on admin console
Task
- [OF-1880] - Provide DOAP for Openfire
- [OF-2031] - CVE-2020-10683 Update dom4j to 2.1.3 or later
- [OF-2088] - Update MySQL Connector/J to version 8.0.21
Improvement
- [OF-1837] - JDBC providers should have an option to escape data
- [OF-1869] - Announce PEP feature support for 'auto-subscribe' and 'filtered notifications'
- [OF-1981] - Allow roster item 'ask' to be modified.
- [OF-1982] - Add -Djdk.tls.ephemeralDHKeySize=matched and/or Djsse.SSLEngine.acceptLargeFragments=true to startup parameters
- [OF-1983] - Provide start argument to run dev mode
- [OF-1984] - Replace DummyExternalizableUtil
- [OF-1985] - Decouple Pubsub implementation
- [OF-1986] - Don't unconditionally auto-create PEPService.
- [OF-1987] - Improve PubSub Caching
- [OF-1988] - Introduce pluggable provider mechanism for PubSub persistency
- [OF-1990] - pubsub: split cache from persistence
- [OF-1994] - Properly deny anonymous users access to Private Storage
- [OF-1996] - Improve shutdown sequence
- [OF-2000] - Don't use intern'ed strings to synchronize on
- [OF-2001] - IQ Bind results should not have a 'from' value.
- [OF-2002] - Do not offer private blocking to anonymous users.
- [OF-2003] - Bump slf4j to version 1.7.30
- [OF-2004] - Have an ad-hoc command accessible to everyone
- [OF-2008] - Autosetup should allow for users to be provisioned
- [OF-2024] - Fix favicons
- [OF-2025] - PEP publishing should evaluate all recipient JIDs
- [OF-2032] - Make connection type fallback for WEBADMIN c2s
- [OF-2039] - Support on_sub_and_presence
- [OF-2047] - When setting HTTP response headers, set instead of add them.
- [OF-2048] - Update log4j dependency
- [OF-2053] - XEP-0013 Return an <item-not-found/> error while retrieving specific offline message
- [OF-2056] - DefaultPubSubPersistenceProvider#savePublishedItems is leaking database connections
- [OF-2061] - Default value for pubsub#persist_items (in PEP) should be 'true'
- [OF-2062] - Pubsub item payload should allow for (much) larger size
- [OF-2064] - Invoke IQResultListeners on other cluster nodes for domain-addressed stanzas
- [OF-2071] - 'Lock' should be locked in front of a 'try' block (instead of in to block).
- [OF-2072] - Allow empty 'mechanisms' SASL tag to be excluded
- [OF-2087] - Update Jetty to 9.4.31.v20200723
- [OF-2089] - XEP-0045 7.2.13 - ofrom adresses in message stanza
- [OF-2091] - Decorate 'warning' text
- [OF-2094] - Mitigate XXE attacks
- [OF-2095] - Account for a PEP notification recipient to be the service owner
- [OF-2096] - Prevent bypassing PEP notification logic
- [OF-2097] - Allow CAPS to be reviewed in admin console
- [OF-2098] - Show pubsub node configuration on Admin Console
- [OF-2110] - Refactoring of fallback check inConnectionType
4.5.6 -- January 5, 2022
Improvement
Bug
- [OF-2092] - JDK11: java.lang.NoSuchMethodError: java.nio.CharBuffer.flip()
4.5.5 -- December 16, 2021
Improvement
- [OF-2353] - Update Log4j dependency to 2.16.0 to address Log4Shell/LogJam
4.5.4 -- September 30, 2020
Bug
- [OF-1972] - ConcurrentModificationException while loading plugins
- [OF-2059] - PubSub unsubscription could fail with “xmpp.pubsub.multiple-subscriptions=true
- [OF-2065] - Component cache should not expire
- [OF-2073] - PubSubPersistenceManager.purgeItems incompatibility with Oracle
Improvement
- [OF-1973] - Handle future-timestamped plugin files
- [OF-2051] - Do not query for version information when connection is closed
- [OF-2052] - Make query for version configurable
- [OF-2055] - Update PostgreSQL JDBC Driver
- [OF-2068] - Display the versions of various nodes in the cluster
- [OF-2069] - NullPointerException in Stream Management
4.5.3 -- August 17, 2020
Bug
- [OF-2038] - Shared groups should not be looked up in LDAP
Task
- [OF-2031] - CVE-2020-10683 Update dom4j to 2.1.3 or later
Improvement
- [OF-2027] - Enable PEP service for JIDs that are not backed by a User
- [OF-2032] - Make connection type fallback for WEBADMIN c2s
4.5.2 -- May 18, 2020
Bug
- [OF-963] - WebSocket keep-alive is not working as expected
- [OF-1963] - Cross Site Scripting (XSS) issues - CSW Document No: C1055
- [OF-1964] - SystemProperty should load classes with Thread.getContextClassloader as fallback
- [OF-1970] - Undeliverable messages routed to unavailable full jid should be routed to other resources with prio 0 (not 1) or higher.
- [OF-1977] - Pubsub notifications should be sent to subscribers of parent nodes
- [OF-1999] - Prevent potential arithmetic overflow
- [OF-2013] - Fix detection of 'detached' state of a connection
- [OF-2014] - Reset ConnectionListener callback object on re-init
- [OF-2015] - Remove the session that was used for resumption immediately
- [OF-2017] - Update Jetty to 9.4.28.v20200408
- [OF-2026] - Stable and Unique Stanza Identifier need not be UUID
New Feature
- [OF-158] - Set through the admin console the MUC room configuration form's default values
- [OF-1966] - Add Japanese translation
Improvement
- [OF-1969] - Log username when auth fails
- [OF-1974] - Openfire should not disclose Jetty version within HTTP header for websocket connections
- [OF-1976] - Allow any number of maximum MUC occupants to be configured.
- [OF-1979] - Guard against invalid SASL responses
- [OF-1997] - Bump Bouncy Castle version to v1.65
- [OF-2019] - Allow Archiver to start polling only after work is produced.
4.5.1 -- January 31, 2020
Bug
- [OF-1946] - Cache "Percent Used" values are incorrect
- [OF-1959] - Can not connect to LDAP/AD on new installations
- [OF-1961] - Potential ClassCastException with LDAP setup
- [OF-1962] - MySQL serverTimezone not set
4.5.0 -- January 10, 2020
Bug
- [OF-353] - LDAP InvalidNameException related to quotes
- [OF-1779] - Incorrect SQL DELETE statement in PubSub causes exception
- [OF-1826] - NullPointerException in new Dataforms implementation
- [OF-1830] - Failing to establish TLS when using Java 11
- [OF-1858] - MUC services are not added/removed from other cluster nodes
- [OF-1892] - Group sorting shouldn't be case sensitive
- [OF-1895] - SystemProperty should work with plugins
- [OF-1898] - max cache size should be consistent to long
- [OF-1902] - Further limit HTTP fetching security from Openfire
- [OF-1923] - Steam Management should not close reconnected session
- [OF-1928] - Reflected XSS in MUC Room affiliation page
- [OF-1932] - "Test Settings" of LDAP User Mapping always fails
- [OF-1936] - OOM when browsing audit log
- [OF-1937] - Performance problems when first LDAP server cannot be reached
- [OF-1938] - Bump Bouncy Castle version to v1.64
- [OF-1947] - LDAP VCard template should not replace non-placeholders
- [OF-1949] - LDAP name parts should combine in user's Name attribute.
- [OF-1951] - SystemProperty Description fails to work with plugins
- [OF-1953] - NPE in admin console session page
- [OF-1954] - Creating new MUC conference leads to NPE in admin console
- [OF-1955] - XSS flaws identified by Cyber Security Works Document No: C1059
- [OF-1956] - Restarting s2s may fail with Error starting: 5269 Address already in use (Bind failed)
- [OF-1958] - PSI XMPP Client fails to connect
New Feature
- [OF-1806] - Add support for XEP-0232: Software Information
- [OF-1935] - Allow cleanup of MUC rooms to be skipped
- [OF-1943] - Allow LDAP group to provide Openfire admins
Task
- [OF-1219] - ClassCastException on setup-ldap-user.jsp DefaultUserProvider cannot be cast to LdapUserProvider
Improvement
- [OF-1106] - Ability to set ldap.nameField to a multiple of AD values
- [OF-1809] - DiscoInfoProvider should allow for more than one "Extended Info" form.
- [OF-1815] - Add MUC search 'muclumbus' support.
- [OF-1821] - Set ldap.pagedResultsSize to 1000 by default when AD integration is used
- [OF-1832] - Show more client session data
- [OF-1839] - XEP-0411: Add or improve support for Bookmarks Conversion
- [OF-1841] - Add better toString implementations to Session classes
- [OF-1855] - S2S: Allow Mutual Authentication by default when using signed certificate
- [OF-1865] - Add an AdminProvider that identifies administrators by the group they are in
- [OF-1866] - Filtering users by group in LDAP
- [OF-1868] - Session message carbons, requested blocklist not clustered
- [OF-1882] - Don't retrieve all offline messages only to count them.
- [OF-1883] - Client session list should include detached sessions
- [OF-1884] - StreamManagement failing when debug logging enabled
- [OF-1887] - Update bundled postgresql driver to 42.2.8
- [OF-1889] - Standardised CSRF protection for plugins
- [OF-1890] - Support for flattening LDAP nested groups
- [OF-1903] - Support for @WebServlet annotation
- [OF-1924] - Make SM DetachedCleanupTask scheduling related to max detach time
- [OF-1925] - Hint on what server a stream should be resumed.
- [OF-1926] - Steam Management should tell clients how long they can be detached.
- [OF-1929] - LDAPS should not be an advanced setting
- [OF-1930] - Make LocalMUCRoom more thread safe
- [OF-1944] - Clear caches after changing LDAP profile settings
4.4.4 -- November 12, 2019
Bug
- [OF-1916] - HTTP 404 “security-audit-viewer.jsp”
- [OF-1917] - Cyclic shared group names cause overflow.
Improvement
- [OF-1912] - Stop using proprietary sun.security.x509.GeneralNameInterface
4.4.3 -- November 1, 2019
Bug
- [OF-1885] - SSRF vulnerability in favicon servlet
- [OF-1886] - Plugin servlet should not provide access to all files on the host
- [OF-1897] - maxLifetime settings of a cache take effect on runtime
- [OF-1899] - Pubsub subscribing while subscription pending should cause error.
- [OF-1900] - Should not advertise pubsub#multi-subscribe when disabled
- [OF-1901] - Pubsub node unsubscription permission model failing
- [OF-1904] - Roster Group Sharing Degraded
- [OF-1910] - Potential NPE in AuditorImpl
New Feature
- [OF-1909] - Make Certificate Store Watching optional
Improvement
- [OF-1894] - Allow caches to have keys/values not display on admin UI
- [OF-1905] - Apply pagination to Security Audit Log Viewer
- [OF-1906] - Shutdown ConnectionManagerImpl module first
- [OF-1907] - Limit max duration of Module shutdown
- [OF-1908] - Add JiveGlobals getDoubleProperty
4.4.2 -- September 25, 2019
Bug
- [OF-793] - javax.net.ssl.SSLException: Unsupported record version Unknown-47.115
- [OF-1433] - OpenFire doesn't ACK the sent presence stanza to the user
- [OF-1829] - NPE while destroying MUCService
- [OF-1835] - SM resumption of a session that had an SM error causes NPE
- [OF-1845] - NPE in S2S tester
- [OF-1848] - S2S should not be established twice.
- [OF-1853] - Upon joining a chatroom, a subject MUST be sent, even when empty
- [OF-1856] - Anonymous users should not be able to send S2S subscription requests
- [OF-1858] - MUC services are not added/removed from other cluster nodes
- [OF-1860] - Admin Console - Plugin Upload vulnerable to ZipSlip
- [OF-1873] - LDAP password disclosed on admin page
- [OF-1874] - XSS on LDAP Server Settings page
Task
- [OF-1876] - Update MySQL Connector/J to version 8.0.17
- [OF-1877] - Upgrade BouncyCastle from 1.61 to 1.63
Improvement
- [OF-1833] - Add more data to dns-check.jsp
- [OF-1842] - Add information about other options to SSL Guide
- [OF-1849] - S2S: Allow for StartTLS on DirectTLS port
- [OF-1851] - Use more applicable error when anonymous user tries to obtain a roster
- [OF-1852] - Bounce undeliverable message and presence stanzas
- [OF-1854] - Allow trust and identitystores to be of different type
- [OF-1857] - Improve logging around shutdown
- [OF-1859] - LocalSession#sessionData should return previous values on update/remove
4.4.1 -- August 12, 2019
Sub-task
- [OF-1021] - Admin Console Arbitrary File Upload Vulnerability
Bug
- [OF-1192] - Reflective Cross-Site Scripting vulnerability on setup test page
- [OF-1804] - ConversationLogEntry stored stanza has mangled formatting
- [OF-1808] - ClassCastException - user-summary.jsp
- [OF-1811] - NPE in RosterManager.getSharedGroups
- [OF-1814] - Unable to remove a conference service
- [OF-1816] - Log files aren't loaded properly
- [OF-1817] - Potential ClassCastException in MUC with Clustering
- [OF-1818] - In Sybase every column should be defined NONNULL/NULL constraint
- [OF-1820] - Groups not sorted alphabetically in Sharing dialog
- [OF-1825] - documentation folder redundantly included in RPM distribution
- [OF-1828] - Oracle database does not permit empty string insertion into ofGroupProp
Improvement
- [OF-1819] - Update German translation
- [OF-1827] - Stop using a specific, hardcoded SSL Context.
4.4.0 -- Jun 28, 2019
Bug
- [OF-188] - ofMucRoom table subject length does not match console
- [OF-1640] - NPE in EntityCapabilitiesManager
- [OF-1647] - Upgrading from 4.2.3 to 4.3.0-beta leaves WEB-INF/lib in place
- [OF-1649] - Race condition with adding/cleaning rooms
- [OF-1657] - PubSubPersistenceManager.purgeItems incompatibility with Oracle DB
- [OF-1665] - Exception when opening a group with unusual members
- [OF-1679] - DefaultCache does not honour Map contract
- [OF-1680] - Should use default translations when missing strings in i18n files
- [OF-1681] - Enabling "Debug" logging actually enables Trace
- [OF-1682] - The & character is escaped twice in database config entry in openfire.xml
- [OF-1685] - Group sorting is incorrect
- [OF-1686] - Problems with groups creation
- [OF-1689] - Some messages are not delivered (to all resources)
- [OF-1691] - XEP-0133's "Delete User" should use jid-multi
- [OF-1692] - Broadcast original 'unavailable' presence when leaving the room.
- [OF-1694] - Setup fails with MariaDB because of a different UTF setting
- [OF-1698] - MS SQL Server upgrade script fails
- [OF-1700] - Cluster teardown not reflected in state of Components
- [OF-1701] - SessionManager keeps state of last component only
- [OF-1707] - Component event listeners should fire upon cluster events
- [OF-1714] - Configuration always uses jks keystore type
- [OF-1718] - Unable to connect with Mina 2.0.20 and compression enabled
- [OF-1721] - LocalMUCRoom savedToDb state change not propagated to other nodes
- [OF-1723] - Allows to login with any password in some scenarios with LDAP
- [OF-1725] - Unable to confirm existing admin password during setup
- [OF-1726] - Running setup a second time fails to correctly change encryption key
- [OF-1729] - User-specific cache entries should be cleaned upon user deletion.
- [OF-1732] - Cluster teardown not reflected in client state
- [OF-1737] - Java specification version comparison fails for single-number versions
- [OF-1738] - Java 11 causes Instant-based unit test to fail
- [OF-1774] - CleanupTask did not remove empty rooms in clustered environment.
- [OF-1781] - Can't download plugins on the admin console
- [OF-1793] - Contact List Sharing for LDAP/AD groups has wrong default setting
- [OF-1796] - Error when remote user subscribes to local user
- [OF-1797] - Initial load of MUCRoom service properties is inefficient
- [OF-1802] - Using an invalid resource during bind returns wrong error
New Feature
- [OF-1728] - Inspection of cache content
- [OF-1771] - Show software version of connection
- [OF-1776] - Make SSL TrustManager pluggable
- [OF-1803] - SASL EXTERNAL (client): allow realm that matches XMPP domain to be suppressed
Task
- [OF-1323] - Minor performance improvement
- [OF-1697] - Update Apache MINA to 2.0.20
Improvement
- [OF-258] - Allow reserving a nickname when adding new room member in Admin Console
- [OF-1268] - If integrated database authentication is used and no database credentials are used, Openfire fails to start
- [OF-1383] - Add support for Java 11
- [OF-1539] - Add negative caching
- [OF-1674] - Enable MUC logging by default
- [OF-1687] - Better documentation for system properties
- [OF-1693] - Update to SLF4J 1.7.26
- [OF-1695] - Plugin's version should update after plugin is updated
- [OF-1699] - Warn when running a one-node cluster
- [OF-1705] - Have more predictable Server ID switch-over
- [OF-1706] - Default node ID should be unique
- [OF-1709] - Easy access to change saving the users Avatar to database setting - ldap.override.avatar
- [OF-1710] - Add release date to page of available plugins
- [OF-1712] - Improved API for locking Cache entries
- [OF-1713] - Unit tests shouldn't break because of non English system locale
- [OF-1715] - Prevent loading the same plugin twice
- [OF-1719] - PluginManager.getPlugin() is too fragile
- [OF-1727] - Update Jetty to 9.4.18.v20190429
- [OF-1730] - Update to Search plugin 1.7.2
- [OF-1731] - HTTP-BIND / Bosh improvements
- [OF-1733] - DB Connection Pool Tweaks
- [OF-1734] - Ensure admin users with logged in sessions lose their rights on demotion
- [OF-1739] - Support for generating JavaDoc with JDK11
- [OF-1740] - Update Apache MINA to 2.1.2
- [OF-1743] - Add working with Openfire source in VS Code guide
- [OF-1744] - Failing listener should not prevent others from executing.
- [OF-1746] - Allow duplicate peer certification validation to be skipped
- [OF-1747] - Update to Rome 1.12.0
- [OF-1748] - Update to log4j2 2.11.2
- [OF-1749] - Update to Guava 27.1
- [OF-1750] - Update to MS SQL Server JDBC Driver 7.2.2.jre8
- [OF-1751] - Update to commons-codec 1.12
- [OF-1752] - Update to commons-file-upload 1.4
- [OF-1753] - Update to JAXB API 2.3.1
- [OF-1754] - Update Jaxen to version 1.2.0
- [OF-1757] - Update documentation regarding the Oracle database connector
- [OF-1758] - Update commons-dbcp2 to 2.6.0
- [OF-1759] - Update to commons-lang 3.9
- [OF-1760] - Update to commons-fileupload 1.4
- [OF-1761] - Update to JavaMail 1.6.2
- [OF-1762] - Update to commons-pool 2.6.2
- [OF-1763] - Update to httpclient 4.5.8
- [OF-1764] - Update to awaitility 3.1.6
- [OF-1765] - Update to Bouncy Castle 1.61
- [OF-1766] - Update to jSMPP 2.3.7
- [OF-1767] - Update to Mockito 2.27.0
- [OF-1768] - Fix Javadoc generation
- [OF-1769] - Tests reporting: Critical Error! The home directory has not been configured, which will prevent the application from working correctly.
- [OF-1770] - Include nickname in MUCEventListener.occupantLeft
- [OF-1772] - Enable configurable kick reasons for admin console + timeouts
- [OF-1782] - Update installation guide
- [OF-1784] - Don't write to connection if connection cannot be written to.
- [OF-1786] - Update MINA to 2.1.3 to avoid high CPU usage on Linux
- [OF-1788] - MUC messages should be written to database immediately
- [OF-1790] - Improve concurrency and performance of conversation log history.
- [OF-1794] - Cache LDAP 'all usernames' call
- [OF-1798] - Parse data form booleans properly
- [OF-1799] - Allow JID caches to be configured.
- [OF-1800] - Cache low effectivity calculation improvement
- [OF-1801] - Cache low effectivity should be shown more prominent
- [OF-1805] - Allow SiteMinderServletRequestAuthenticator to use configurable header
- [OF-1807] - Update Spanish translation
4.3.2 -- Jan 31, 2019
Bug
- [OF-1683] - Should not have more than one child element in an IQ stanza
Improvement
- [OF-1669] - Do not specify exact versions of MySQL in the database installation guide
4.3.1 -- Jan 24, 2019
Bug
- [OF-1672] - BOSH debug logging should consistently log to one location
- [OF-1676] - Openfire not logging in the logs on Linux systems
New Feature
- [OF-1667] - Allow for Servlet Context interaction pre-session/auth
- [OF-1670] - Allow (system) administrators to join a password-protected room
- [OF-1677] - Add support for XEP-0410: MUC Self-Ping (Schrödinger's Chat)
Improvement
- [OF-1285] - Create a simple option of resetting admin password
- [OF-1671] - Openfire should be able to recognize plugins with longer version numbers
- [OF-1673] - Add support for XEP-0359: Unique and Stable Stanza IDs.
- [OF-1675] - Add a step about removing old files to tar.gz/zip upgrade guide
4.3.0 -- Jan 11, 2019
With this release, the Openfire property xmpp.pubsub.create.anyone
was updated to properly reflect its name. Setting it
to true
now means that anyone can create PubSub nodes.
Sub-task
- [OF-557] - Fix temporary workaround: remove 'excludes' from xmppserver build
- [OF-559] - Restore or drop support for "srcinc" flag of buildscripts
- [OF-1248] - Null Cache Store in PEPServiceManager
- [OF-1249] - Null Key Access in EntityCapabilitiesManager
- [OF-1650] - Maven problems
- [OF-1660] - Need maven based javadoc build artifact
Bug
- [OF-1052] - PluginManager shouldn't attempt to load a plugin forever
- [OF-1160] - Update Apache commons-httpclient.jar
- [OF-1200] - Monitoring / archiving plugin does not retrieve messages that are still in cache / yet to be written to database
- [OF-1296] - GroupManager.getSharedGroups returning old values
- [OF-1435] - UserManager::isRegisteredUser(JID) can block for a minute
- [OF-1453] - An unexpected exception occurred with loading clustering plugin
- [OF-1474] - Openfire Hazelcast Clustering & REST API Room Creation NPE when no modificationDate sent
- [OF-1477] - NPE when ordering Pubsub affiliations (admin console)
- [OF-1486] - MAM request in MUC with RSM backwards-paging does not backward page
- [OF-1488] - Can't remove groupchat administrators
- [OF-1497] - Server appears to drop client session (sends 'unavailable')
- [OF-1504] - Carbons is ignored in MUC PMs
- [OF-1506] - DB details not encrypted in database
- [OF-1508] - NPE when getting unknown Entity Caps
- [OF-1510] - Enabling clustering never completes
- [OF-1513] - Pubsub data forms should support all lexical representations for the xs:boolean datatype
- [OF-1514] - Typo in pubsub#children_max configuration variable name
- [OF-1516] - Convert Russian translation for Registration plugin to unicode
- [OF-1522] - Not able to cleanly remove JmxWeb plugin
- [OF-1524] - Some plugins produce red INFO messages in the launcher console
- [OF-1530] - ConnectionManager#getListeners() sometimes returns incorrect listeners
- [OF-1534] - Web content disappears after 10 days (of inactivity?)
- [OF-1535] - Rest API and Multi-node Hazelcast cluster - Created Room not propagated to other nodes
- [OF-1540] - Rest API and Multi-node Hazelcast cluster - Delete Room not propagated to other nodes
- [OF-1547] - ConcurrentModificationException when viewing the plugins screen
- [OF-1548] - The Openfire FQDN is not unique to each host
- [OF-1550] - XML Debugger plugin fails to display admin console page
- [OF-1567] - ConcurrentModificationException in HttpSession
- [OF-1568] - Statistics and Archiving pages are not accessible
- [OF-1569] - Setup marked as successful even when openfire.xml cannot be written
- [OF-1571] - XML Debugger: Does not log received C2S messages
- [OF-1578] - Monitoring plugin: graphs are no longer displayed
- [OF-1579] - Add support for XEP-0368: SRV records for XMPP over TLS
- [OF-1580] - Translation failure in S2S Testing Tool admin page
- [OF-1582] - PluginManager re-notifies a PluginManagerListener when a newly added plugin adds a notifier
- [OF-1586] - CPU peaks when using BOSH
- [OF-1587] - Updates needed for Mac OSX DMG Openfire Artifact
- [OF-1588] - Typo in Spanish translation on group sharing page
- [OF-1590] - Resumption count is always rejected
- [OF-1595] - External Service Discovery plugin: can't set 'udp' type in admin console
- [OF-1596] - Websocket sessions are not cleaned up properly
- [OF-1600] - XSS in LDAP setup pages
- [OF-1601] - Invalid values shown in /setup/setup-ldap-server.jsp
- [OF-1603] - Generation of self-signed certs doesn't include SANs
- [OF-1604] - Domain name / certificate SAN matching fails
- [OF-1606] - Restarting the webserver fails
- [OF-1613] - Page links on PEP admin console refer to Pubsub
- [OF-1617] - Clustering should handle (remote) external component removal correctly.
- [OF-1620] - inVerse plugin: translations are not working
- [OF-1629] - inVerse plugin: resources are missing
- [OF-1630] - 'rank' is now a reserved word in MySQL 8
- [OF-1631] - Deleting a Roster Item causes a NPE
- [OF-1632] - Unable to switch language from anything but English
- [OF-1637] - Duplicate messages
- [OF-1639] - Admin console erroneously reports errors over min plugin versions
- [OF-1641] - Admin console fails to complete setup in non-English locales
- [OF-1642] - PrivateStorage can fail to persist items
- [OF-1645] - Windows service is not using the right path to log4j2.xml
- [OF-1648] - Upgrading from 4.2.3 to 4.3.0-beta may not migrate properties to ofPubSub
- [OF-1661] - Stream Management Error for failed resume not consistent
New Feature
- [OF-827] - Add support for XEP-0191: Blocking Command
- [OF-1412] - Automated Setup via XML
- [OF-1472] - XEP-0157: Expose admin contacts
- [OF-1511] - Add Pubsub Publishing Options
- [OF-1553] - Allow MUC room creation to be limited to registered local users.
- [OF-1585] - REST API - Add endpoint to retrieve MUC Chat Message History
- [OF-1605] - Allow wildcards in self-signed cert generation
Task
- [OF-1421] - Drop Java 7 Support
- [OF-1523] - Remove 'Jive Software' from splash image
- [OF-1538] - Update bundled JRE with the latest version
- [OF-1549] - Replace the deprecated ROME fetcher
- [OF-1554] - Update MySQL Connector/J to version 8.0.11
- [OF-1555] - Update Standard Tag Library implementation to 1.2.5
- [OF-1556] - Remove dependency on commonshttpclient version 3.1
- [OF-1557] - Update to Java Mail 1.4.7
- [OF-1558] - Remove unused dependency on com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru
- [OF-1559] - Update junit + mockito test dependencies
- [OF-1560] - Update Apache Commons
- [OF-1561] - Update Apache ANT to 1.10.3
- [OF-1597] - inVerse plugin: update to 4.0.0
- [OF-1623] - Update dependencies
- [OF-1634] - Remove "built by Jive Software" reference from admin console.
Improvement
- [OF-852] - Include EntityCapabilities in Stream Feature
- [OF-1064] - Update Bouncy Castle to 1.60
- [OF-1299] - Debugger plugin should not print encrypted or compressed data.
- [OF-1300] - Debugger plugin should display remote address.
- [OF-1337] - Privacy list concurrency
- [OF-1404] - Migrate to use Microsoft JDBC Driver
- [OF-1419] - Replace Proxool with Apache Commons DBCP
- [OF-1432] - property xmpp.pubsub.create.anyone is inverted
- [OF-1458] - Allow remotely connected components to subscribe
- [OF-1463] - Add information about HTTP Bind requirement for HTTP File Upload
- [OF-1479] - add a counter value for cullCache() calls to /system-cache.jsp
- [OF-1484] - Configurable order of tabs
- [OF-1487] - Monitoring / Archive plugin should flush cache regularly
- [OF-1491] - Update log4j to log4j2
- [OF-1492] - Admin Console setup default database connection string is confusing ie [host-name]
- [OF-1499] - Do not show 'max users' count for a MUC when it is 0 (unlimited)
- [OF-1515] - Migrate Private XML storage data to PEP
- [OF-1517] - Don't require i18n source files for all plugins to be encoded
- [OF-1520] - PubSub Nodes page improvements
- [OF-1527] - Update Jetty to version 9.4.11.v20180605
- [OF-1528] - Java 8 + JSP compilation
- [OF-1531] - Certificate Management should show all stores
- [OF-1532] - Install4j-based distributions
- [OF-1533] - Initialization vectors should be randomly generated
- [OF-1541] - Improve display of current sessions
- [OF-1544] - Allow plugin monitor to be configured.
- [OF-1545] - AuthToken created after login should be marked as 'non-anonymous'
- [OF-1551] - Allow the admin-ui to enabled the Interpreted XML option of the Debugger plugin
- [OF-1552] - Allow the Debugger plugin to log to a file
- [OF-1565] - Audit console login events
- [OF-1581] - Use latest presence info when syncing MUC join status
- [OF-1584] - Don't fail all plugin servlets when one fails
- [OF-1589] - Ensure the Cache is Serializable, non-null
- [OF-1592] - Reduce verbosity of failure to update a vcard when read-only
- [OF-1593] - Add info about MAM support to Monitoring plugin's readme
- [OF-1599] - Stop insisting on having certificates with two different algorithms
- [OF-1612] - inVerse plugin: update to 4.0.1
- [OF-1616] - Group editing page should work better for groups with large amount of members
- [OF-1619] - inVerse plugin: update to 4.0.2
- [OF-1627] - Stop copying XML properties to the DB
- [OF-1628] - inVerse plugin: update to 4.0.3
- [OF-1635] - inVerse plugin: update to 4.0.4
- [OF-1636] - inVerse plugin: add fullpage css
4.2.3 -- Mar 23, 2018
Bug
- [OF-1191] - Client certificate authentication with BOSH not working in Openfire 4.0.x
- [OF-1283] - SANCertificateIdentityMapping - Unable to parse a byte array (of length 42) as a subjectAltName 'otherName'. It is ignored.
- [OF-1464] - Can't update plugins via Admin Console
- [OF-1481] - NPE during bind (connection already null)
- [OF-1482] - Monitoring plugin: MAM query response for MUC should have a 'from'
- [OF-1483] - Monitoring plugin: ClassNotFound at startup
- [OF-1494] - SAN 'xmppAddr' OIDs are not properly encoded in generated certificates.
- [OF-1502] - CallbackOnOffline plugin is using wrong version number scheme
- [OF-1505] - TLS cert admin console page throws Exception
- [OF-1509] - Stream Management increments should be atomic
- [OF-1518] - Stored XSS in Property Name in Security Audit Viewer
Improvement
- [OF-1490] - Update HTTP File Upload Plugin's component implementation.
- [OF-1493] - Allow admins to retrieve a PEM representation of installed certificates
- [OF-1495] - Self-signed certificates should include alternative names
- [OF-1501] - Use 'most appropriate' certificate when multiple are available.
- [OF-1507] - Handling of S2S stream errors.
- [OF-1519] - Add a section about firewall into Installation guide
4.2.2 -- Feb 13, 2018
Bug
- [OF-1440] - The Group Chat Administrators web page has blank JIDs
- [OF-1460] - ClassCast Exception on admin console sessions listing when running hazelcast
- [OF-1468] - Group Chat History returns one message too many
- [OF-1470] - WebSocket endpoint should allow null path
- [OF-1478] - Hazelcast Plugin Memory Leaks
- [OF-1480] - LDAP auth fails with clustering plugin
New Feature
- [OF-1469] - Implement XEP-0215 External Service Discovery
Task
- [OF-1466] - Update bundled JRE with the latest version
Improvement
- [OF-1454] - Add generic mapping function to AuthorizationBasedUserProviderMapper
- [OF-1455] - Allow for bulk XML property migration
- [OF-1461] - Making fastpath plugin compatible with openfire meetings
- [OF-1471] - Terminate streams upon invalid XEP-0198 acknowledges.
4.2.1 -- Dec 8, 2017
Bug
- [OF-1254] - Database update scripts for 25 set version 24
- [OF-1450] - Some admin console text is hardcoded
- [OF-1451] - Support for SNAPSHOT plugin versions
Improvement
- [OF-1447] - Improve deployability of Maven artifacts to public repository.
- [OF-1448] - Don't require i18n source files to be encoded.
- [OF-1452] - Updated Russian Translation
4.2.0 -- Dec 4, 2017
Sub-task
- [OF-210] - Add support for Roster Versioning (aka XEP-0237)
- [OF-548] - Find maven-managed artifacts to replace third-party libraries.
- [OF-549] - Create "XMMP Server" module
- [OF-552] - Create "Webadmin" module
- [OF-553] - Create distribution module(s).
- [OF-554] - Create parent plugin module
- [OF-555] - Create plugin modules
Bug
- [OF-394] - Shouldn't show an exception when creating room with illegal characters in JID
- [OF-1134] - JustMarried: Allow roster alias to be changed
- [OF-1145] - Avatar Resizer plugin issues when using LdapVCardProvider
- [OF-1159] - System Property Encryption is not cluster aware
- [OF-1193] - Avatar resizer plugin: ClassNotFoundException
- [OF-1208] - Option to block anonymous logins from sending s2s packets
- [OF-1250] - Old DWR causes CSRF, XSS in Admin Console
- [OF-1262] - Error message for failed login on admin console contains moderator verbage
- [OF-1308] - Openfire not closing stream gracefully with </stream:stream>
- [OF-1309] - S2S communication on wrong stream
- [OF-1329] - Session fixation in admin web console
- [OF-1331] - HTTP console access does not work after HTTPS console access
- [OF-1335] - Forwarded messages rewritten to default namespace over S2S
- [OF-1356] - Add a section about upgrading from x86 to x64 to Upgrade guide (Windows)
- [OF-1366] - NullPointerException in Group lookup
- [OF-1384] - Disco-item handler should process any domain
- [OF-1393] - OpenFire randomString has too many digits
- [OF-1400] - XSS in server name field
- [OF-1401] - SMS error message handling doesn't escape content correctly
- [OF-1403] - Muc admin doesn't escape group names correctly
- [OF-1417] - CVE-2017-15911 XSS with domain in setup-host-settings.jsp
- [OF-1422] - MUC Nick Sharing can cause rejoin to fail
- [OF-1423] - Websocket message size is restricted to 65536
- [OF-1424] - CME while calculating Group Cache stats
- [OF-1427] - PEP should respond to service discovery
- [OF-1429] - Closed BOSH sessions are still on admin console as client sessions
- [OF-1430] - SCRAM-SHA-1 not offered when it should be, and maybe vice-versa
- [OF-1431] - XMPP Ping without type= set causes a NPE
- [OF-1436] - Sharing BOSH context should not prevent context restart.
- [OF-1437] - Detached sessions sometimes vanish
- [OF-1441] - <scope>test</scope> Maven dependencies being included in distribution
- [OF-1442] - dom4j included twice in (maven) target directory
- [OF-1443] - rpm install needlessly requires java-headless
- [OF-1444] - mvn package is expanded environment variables
New Feature
- [OF-35] - Create an admin console for pubsub
- [OF-159] - Add an s2s testing feature
- [OF-1336] - User Property Provider
- [OF-1353] - Introduce 'priorToServerVersion' for plugins
- [OF-1402] - XEP-0198 Resumption for Client Sessions
Task
- [OF-1286] - Update shipped CA truststore
- [OF-1316] - Update Tinder to 1.3.0
- [OF-1320] - Update bundled JRE with the latest version
- [OF-1339] - Merge websocket plugin with core
- [OF-1380] - all.log should be exposed via Openfire Admin Console
- [OF-1411] - Update bundled JRE with the latest version
- [OF-1428] - Remove deprecated Clustering plugin
Improvement
- [OF-200] - In user summary, display "currently logged in" instead of blank in last logout column
- [OF-1030] - Monitoring Service plugin Search Archive Date Range field validation
- [OF-1256] - Display the current clustering status on the admin screens
- [OF-1306] - Cache LDAP UserDN searches
- [OF-1313] - Add protection for Cross-Site Request Forgery in MoTD plugin
- [OF-1314] - Add the ability to disabled delayed delivery (XEP-203)
- [OF-1317] - Update dom4j from 1.6.1 to 2.0.0
- [OF-1328] - Update JSTUN library in stunserver plugin
- [OF-1368] - Add an informational message during failed login
- [OF-1370] - inVerse plugin: hide registration tab when appropriate.
- [OF-1373] - Check for changes in keystores
- [OF-1379] - Packet interceptors should trigger on error response when s2s fails
- [OF-1391] - Update bundled postgresql JDBC Driver to 42.1.4
- [OF-1408] - Display cache expiry times, entry, hit and miss counts on the Cache Summary page
- [OF-1409] - Audit clearing of caches
- [OF-1410] - Allow openfire.bat to start in other folders
- [OF-1413] - Clarify Candy and InVerse readme
- [OF-1415] - Simplify certificate management
- [OF-1418] - LDAPManager reports UserNotFoundException unnecessarily
- [OF-1425] - Allow plugins to define a minimum Java version
- [OF-1434] - Optimize sender check in PubSubEngine#createNodeHelper
- [OF-1438] - Add option to replace private key
- [OF-1445] - Cache reconfig without restart
4.1.6 -- Oct 5, 2017
Sub-task
- [OF-1020] - Admin Console Remote File Inclusion (RFI) Vulnerability
Bug
- [OF-1304] - SQL syntax error with monitoring plugin IQ Query Handler
- [OF-1362] - Websocket plugin fails when trying to use connection configuration
- [OF-1363] - NPE when displaying properties for non-existing user
- [OF-1366] - NullPointerException in Group lookup
- [OF-1374] - Pubsub publish NullPointerException
- [OF-1381] - User enumeration possible by SCRAM
New Feature
- [OF-1354] - Add option to Client Control plugin to disable Start a chat in Spark
Task
- [OF-1320] - Update bundled JRE with the latest version
Improvement
- [OF-1340] - Create x64 Windows Installer
- [OF-1349] - Create separate Windows installer with and without JRE
- [OF-1359] - Elevate webclients to top level menu in openfire admin UI
- [OF-1360] - Update inVerse plugin to match upstream Converse 3.1.0 release.
- [OF-1365] - Some caches should not be purgeable.
- [OF-1367] - BOSH URL should be based on FQDN, not XMPP domain.
- [OF-1369] - Don't advertise in-band registration for read-only user providers
4.1.5 -- Jun 30, 2017
Bug
- [OF-1310] - Can`t delete last item of the pubsub node
- [OF-1327] - Should not compare incomparable types
- [OF-1330] - Can't enable database query statistics on the admin console
- [OF-1332] - Update bundled MySQL driver to fix utf8mb4 databases
- [OF-1334] - Monitoring Plugin displays "Archive index rebuild failed"
- [OF-1348] - AuthBased*Provider try to use SortedSet without Comparable items
- [OF-1355] - UserImportExport plugin: import should not fail when optional config is missing
Task
- [OF-1343] - Update install guide about the automatic service installation
Improvement
- [OF-1277] - Change setting name to Invisible Login and Status
- [OF-1325] - Implement separate History settings in Client Control
- [OF-1326] - Allow BOSH context to be re-used.
- [OF-1338] - Minimum server version restrictions should ignore release status identifier
- [OF-1341] - Windows Launcher requires to run "as administrator"
- [OF-1342] - Remove "Run Openfire" from the final step of the installer
- [OF-1347] - Group settings update
- [OF-1350] - Be less strict when setting a password on a MUC room
- [OF-1351] - Parse 'release' number
- [OF-1352] - Plugin version number should not wrap
4.1.4 -- May 4, 2017
Bug
- [OF-119] - Ldap issue (search filter and '@' encoding) [patch]
- [OF-1272] - DBAccess plugin XSS
- [OF-1273] - Javadoc will not build in Docker
- [OF-1305] - Openfire doesn't load user names with multi-byte characters from LDAP/AD
- [OF-1322] - EXTERNAL is always offered for C2S sessions
Task
- [OF-1319] - Update bundled JRE with the latest version
Improvement
- [OF-1292] - NPE in Admin Console when cancelling creating a new room
- [OF-1295] - Add information about windows service into Upgrade Guide
- [OF-1297] - Add another note about UAC to the documentation
- [OF-1301] - Don't fail when default value for FQDN cannot be resolved.
- [OF-1311] - Store a list as a property value.
- [OF-1312] - Allow SASL mechanisms to be configured through the admin console.
- [OF-1321] - Prevent stacktrace when using admin console with stale session.
- [OF-1324] - OutgoingSessionPromise outgoing queue should be limited
4.1.3 -- Feb 24, 2017
Bug
- [OF-1263] - Contact List sharing shows stale data
- [OF-1269] - Admin Console shows wrong group affiliation information for some users
4.1.2 -- Feb 18, 2017
Bug
- [OF-1195] - JDBCAuthProvider does not play nice with SCRAM
- [OF-1271] - MUC History doesn't replay copy complex elements correctly after restart
- [OF-1278] - Recursive Loop in SCRAM salt generation
- [OF-1280] - Wrong ADD COLUMN syntax for Oracle Upgrade Scripts
- [OF-1282] - Setting TLS_CERTIFICATE_VERIFY false does not properly work
- [OF-1291] - MAM not advertised on chatrooms
Task
- [OF-1270] - Remove obsolete information and update links in the Readme
- [OF-1281] - Update installation package with the latest Java JRE
Improvement
- [OF-1275] - Openfire is unable to connect to LDAPS when using TLSv1.1 or TSLv1.2
- [OF-1288] - Monitoring plugin does not add queryid and id to MAM responses
- [OF-1289] - Openfire should load jars in a predictable order
- [OF-1290] - Stack Overflow in SASL EXTERNAL auth
4.1.1 -- Dec 31, 2016
Bug
- [OF-1253] - Due to initial mysql schema failure, a new install will ask for current admin password and fail due to non-existent schema
- [OF-1254] - Database update scripts for 25 set version 24
- [OF-1255] - Invalid SQL syntax in Mysql installation script.
- [OF-1257] - SQLServer syntax error java.sql.SQLException: Incorrect syntax near the keyword 'COLUMN'.
- [OF-1260] - ClientControl plugin: Improve CSRF error message
New Feature
- [OF-1258] - Add an option to Client Control plugin to disable Anonymous login in Spark
Improvement
- [OF-1259] - Migrate XML property 'xmpp.fqdn'
4.1.0 -- Dec 21, 2016
Sub-task
- [OF-777] - Admin Console Cross Site Request Forgery (CSRF) Vulnerability
- [OF-836] - Multiple Reflected XSS Vulnerabilities in Admin Console
- [OF-845] - XSS vulnerability in Monitoring Service pages in Admin Console
- [OF-941] - CVE-2015-7707 Admin Console Privilege Escalation Vulnerability
- [OF-997] - Admin Console: Frameable Response (potential Clickjacking)
- [OF-1018] - The “alias” field on the Trust Store Import Form permits entry of JavaScript
- [OF-1019] - Admin Cross Site Scripting (XSS) Vulnerabilities
- [OF-1252] - Log null cache stores
Bug
- [OF-355] - ldap.authorizeField property is ignored in LdapAuthorizationPolicy
- [OF-462] - PEP should process IQ-gets that have no 'to' attribute.
- [OF-477] - SASL server in OF creates digest-uri based on xmpp.fqdn but it sends xmpp.domain to the client
- [OF-817] - ofMucConversationLog only persists body of groupchat stanzas
- [OF-927] - Pressing enter should trigger Continue button on admin password setup page
- [OF-942] - CVE-2015-6972 CVE-2015-6973 Admin Console Security Improvements
- [OF-1013] - Setting StartTLS policy for S2S has no effect
- [OF-1040] - Banning users from room does not result in proper exit
- [OF-1041] - Using AD specific attribute breaks OpenLDAP support
- [OF-1042] - NPE in stanza handler (after failed TLS?)
- [OF-1045] - NPE with cluster management if cluster has not been started
- [OF-1046] - Error 503 emitted sending update notifications to offline admins that are over offline storage quota
- [OF-1051] - ConcurrentModificationException in PluginManager
- [OF-1053] - i18n params fail when text has apostrophe
- [OF-1054] - IllegalStateException when destroying MUC room prevents unavailable broadcast to be sent
- [OF-1061] - MUC history and room subject are sent in wrong order
- [OF-1063] - Avoid thread pool startvation under load
- [OF-1079] - Database migration script for oracle has wrong syntax in v22
- [OF-1081] - StartTLS policy 'required' ignored for S2S
- [OF-1082] - Fix unicode read on BOSH
- [OF-1083] - Cannot join room in a cluster after an availability update
- [OF-1087] - Monitoring plugin gives invalid responses
- [OF-1090] - Outcasts should not be allowed to register with room
- [OF-1091] - Set affiliation to 'none' after removing registration from room
- [OF-1093] - Prevent NPE on Admin Console user listing when user has no creationDate
- [OF-1100] - SSL Certificate import should be more forgiving
- [OF-1103] - Stun server plugin is not showing saved configuration
- [OF-1104] - Scram support bypasses AuthProvider
- [OF-1105] - Plugin-registered servlets won't work with uppercase characters in path
- [OF-1116] - Java 7 incompatibility
- [OF-1122] - GSSAPI fails
- [OF-1126] - AbstractGroupProvider hides exception from interface definition
- [OF-1129] - Setup truncates LDAP password to 30 characters
- [OF-1132] - Monitoring plugin does not add namespace
- [OF-1137] - NPE in MUC removeChatRoom
- [OF-1146] - LocalMUCRoom.addParticipant no longer works
- [OF-1156] - Cache implementations should have consistent behavior regarding null keys
- [OF-1167] - Fresh installation asks for a current password
- [OF-1171] - Update message routing to RFC 6120
- [OF-1173] - Add EXTERNAL to the list of default SASL mechanisms
- [OF-1175] - noarch RPM should explicitly require jre-headless >= 7
- [OF-1188] - Blacklisted s2s domain still consumes outbound available threads
- [OF-1203] - Concurrency issues during plugin load/unload
- [OF-1204] - When unloading a parent plugin, all children should be unloaded.
- [OF-1206] - PrivacyManager does not share data between instances.
- [OF-1207] - NullPointException in LocalMUCRoom canSendPrivateMessage
- [OF-1212] - Monitoring plugin usage of LONG column type for Oracle
- [OF-1213] - Add extension points to MUC
- [OF-1220] - Allow logins with non-latin usernames
- [OF-1228] - First startup emits NPE for AdminConsolePlugin HTTPS
- [OF-1229] - [HSQL] PubSubPersistenceManager - statement is not in batch mode
- [OF-1230] - Fastpath Service plugin not working
- [OF-1233] - Incoming stream open response always contains IM domain
- [OF-1235] - user_created event not being fired on user creation due to auth
- [OF-1236] - SASL code does not generate/handle equals sign properly in all cases
- [OF-1239] - NPE in MultiUserChatServiceImpl#process(IQ) with null iqHandlers
- [OF-1240] - Empty nicknames allowed even when MUC requires registration
- [OF-1245] - Openfire fails to parse the subject alternate name of certs it generated itself.
- [OF-1247] - Monitoring plugin database script fails
New Feature
- [OF-190] - RFE: show openfire process owner on admin console
- [OF-862] - Add support for XEP-313: Message Archive Management
- [OF-1139] - User-to-Provider mapped User and AuthProvider
- [OF-1153] - Allow admin console to bind to a different interface
- [OF-1197] - Support XEP-0227 Portable Import/Export Format for XMPP-IM Servers
- [OF-1199] - Allow list of admins to be defined through JDBC.
- [OF-1214] - Update MAM (XEP-0313) to support :0 and :1 versions
- [OF-1225] - Add Russian translation for Search plugin
- [OF-1232] - Fastpath now has JiveSharedSecretSaslServer requirement found in 4.1 Openfire
- [OF-1246] - Support MAM (XEP-0313) for MUC (XEP-0045)
Task
- [OF-1217] - Update install4j config file to match current release schema
Improvement
- [OF-512] - Configurable host/IP for file transfers (streamhost / port 7777)
- [OF-952] - Make plugin manager work better on case sensitive file systems
- [OF-955] - Update HSQLDB to the latest version
- [OF-1037] - Split bookmark from clientcontrol
- [OF-1048] - Should not store chat state messages
- [OF-1049] - Improve Certificate Store Management
- [OF-1055] - Remove exclamation mark from the Search button
- [OF-1056] - Have proper drop-in replacement for commons-logging
- [OF-1057] - Upgrade Jetty to latest patch release of its 9.2 branch.
- [OF-1085] - Allows dynamic setting of disco info handler and disco items handler
- [OF-1088] - Update Chinese Simplified translation
- [OF-1089] - XEP-0313: send IQ result only after messages
- [OF-1092] - Allow SASL mechanisms to be plugged in
- [OF-1094] - Allow UserProvider to be reset to default
- [OF-1095] - Have uniform logging of plugin lifecycle
- [OF-1096] - Update log4j to its latest release.
- [OF-1097] - Make jabber:iq:auth (XEP-0078) optional
- [OF-1098] - Anonymous authentication should not be enabled by default.
- [OF-1111] - Bundle 64bit JVM with RPM artifact
- [OF-1117] - Improve performance of monitoring plugin by adding database indexes.
- [OF-1123] - Should not offer SASL mechanisms when there's no implementation.
- [OF-1124] - Changing SASL config should not require restart
- [OF-1125] - Use StreamID class instead of plain string
- [OF-1133] - Allow JSP compilation with developmentMode=true
- [OF-1147] - Improve Plugin Management
- [OF-1149] - Improve (plugin) build speed
- [OF-1150] - Add support for muc#roomconfig_allowpm
- [OF-1162] - Update bundled postgresql driver to 9.4-1209
- [OF-1170] - File Transfer Proxy should list on all addresses
- [OF-1172] - Add support for a wildcard DNS override
- [OF-1182] - Remove obsolete Releases news from RSS and expand Blog section
- [OF-1184] - Improve Domain field's tooltip in the setup process
- [OF-1189] - Get enum value from JiveGlobals
- [OF-1194] - SMS notification
- [OF-1196] - System properties should not be shortened when unnecessary.
- [OF-1198] - Improve MUC error handling (don't try to respond to responses)
- [OF-1205] - Show message when plugin manager is working
- [OF-1227] - Improve Plugin servlet filter functionality
- [OF-1238] - Introduce LocalMUCRoomManager to encapsule the simple management for LocalMucRooms
- [OF-1241] - Add NT Hashing for JDBC connections
- [OF-1244] - Help evaluate DNS SRV config
4.0.4 -- Dec 1, 2016
Bug
- [OF-266] - Fastpath Form UI page in Admin Console doesnt show images
- [OF-1141] - PEP nodes return no items when asked for all of them
- [OF-1152] - XmlDebugger not printing non-interpreted xml traffic
- [OF-1174] - MUC should respond to IQ queries
- [OF-1177] - .deb requirement of default-jre is too strict and does not allow for side loaded Oracle
- [OF-1180] - BOSH endpoints redirect all the requests with the trailing slash
- [OF-1201] - BOSH servlet should close async context on exception
- [OF-1202] - Proxool disconnects active threads after 5 minutes
- [OF-1209] - s2s connection settings whitelisting does not work / console UI broken
- [OF-1210] - correct time-to-live-seconds and MaxLifetime settings for hazelcast
- [OF-1223] - Messages loaded from ofOffline are not sorted by time stamp leading to out-of-order receipt
- [OF-1226] - Enable use of wildcard when searching users in LDAP
Task
- [OF-1158] - Update installation package with the latest Java JRE
Improvement
- [OF-1142] - Improve documentation part about UAC on Windows
- [OF-1211] - Fix description of Broadcast disabling option in Client Control plugin
- [OF-1221] - Add options from default.properties to Client Control plugin
4.0.3 -- Aug 17, 2016
Bug
- [OF-1116] - Java 7 incompatibility
- [OF-1118] - Check encryption protocol & cipher suite configuration against currently available ones.
- [OF-1119] - TLS failure when certificate chain is a tree
- [OF-1126] - AbstractGroupProvider hides exception from interface definition
- [OF-1157] - max_items ignored for some admin commands
- [OF-1165] - Stored Cross-Site Scripting
- [OF-1168] - Invalid Oracle DDL statements for Oracle 11g
- [OF-1169] - Debian dpkg java requirements should allow for java 7 or java 8
New Feature
Task
- [OF-1062] - Update installation package with the latest Java JRE
Improvement
- [OF-1099] - Update StartCom Class 1 DV Server CA
- [OF-1120] - Change default behavior of Email on Away plugin
- [OF-1161] - Sync Openfire's truststore with Mozilla's shipped CAs
4.0.2 -- Mar 21, 2016
Bug
- [OF-829] - Ghost sessions left on a server when using Pidgin client
- [OF-954] - Openfire clustering fails to correctly sync MUC room occupants
- [OF-1082] - Fix unicode read on BOSH
- [OF-1083] - Cannot join room in a cluster after an availability update
- [OF-1084] - NullPointerException in RoutingTableImpl.
- [OF-1087] - Monitoring plugin gives invalid responses
- [OF-1090] - Outcasts should not be allowed to register with room
Improvement
- [OF-1086] - Update bundled JRE to 1.8u74
- [OF-1089] - XEP-0313: send IQ result only after messages
- [OF-1107] - Add option to not show email in Email on Away plugin
4.0.1 -- Jan 26, 2016
Bug
- [OF-977] - WebSocket plugin: "lang" attribute should be "xml:lang"
- [OF-1040] - Banning users from room does not result in proper exit
- [OF-1041] - Using AD specific attribute breaks OpenLDAP support
- [OF-1042] - NPE in stanza handler (after failed TLS?)
- [OF-1045] - NPE with cluster management if cluster has not been started
- [OF-1046] - Error 503 emitted sending update notifications to offline admins that are over offline storage quota
- [OF-1051] - ConcurrentModificationException in PluginManager
- [OF-1053] - i18n params fail when text has apostrophe
- [OF-1054] - IllegalStateException when destroying MUC room prevents unavailable broadcast to be sent
Improvement
- [OF-1048] - Should not store chat state messages
- [OF-1049] - Improve Certificate Store Management
- [OF-1055] - Remove exclamation mark from the Search button
- [OF-1057] - Upgrade Jetty to latest patch release of its 9.2 branch.
4.0.0 -- Jan 11, 2016
Sub-task
- [OF-454] - Openfire does not send user presence information to all resources of the user
- [OF-631] - Implement SCRAM support
- [OF-834] - Admin console login.jsp allows redirects to non-local URIs
- [OF-1022] - Reflected XSS vulnerability in muc-room-edit-form.jsp params in Admin Console
- [OF-1034] - RFC 6121 (8.5.3.2.1) non-compliance: Chat message sent to unavailable resource ID not sent to other available resource IDs
Bug
- [OF-122] - Shouldn't allow subject change, when it is forbidden in room settings
- [OF-317] - Subscribe with Response Unsubscribed Causes Roster Push to Responding Client
- [OF-373] - Ant buildscript should not check for explicit Ant version numbers
- [OF-484] - Windows installer getting stuck on Uninstalling the previous version
- [OF-509] - Unable to disable weak ciphers
- [OF-798] - Embedded RSS/community links need to be updated for new (SSL) locations
- [OF-821] - MUC service returns wrong number of occupants and duplicate occupants in service discovery
- [OF-856] - Monitoring plugin uses secs attribute relative from beginning message instead of last message
- [OF-868] - User name update does not propagate to the affected roster(s)
- [OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
- [OF-882] - Admin Console shows 0:0:0:0:0:0:0:0 instead of All addresses since the Mina update
- [OF-898] - Timestamp parsing fails when fractions of seconds are supplied.
- [OF-900] - PubSubManager: DELETE FROM ofPubsubItem LEFT JOIN breaks MySQL
- [OF-905] - Admin console taglib URI does not correspond with usage.
- [OF-906] - SSO does not work with Openfire + Java 8
- [OF-913] - lib/log4j.xml should be denoted as a config file in the installers
- [OF-915] - Private Storage should return an error if feature is disabled
- [OF-918] - Character encoding issue in BOSH
- [OF-919] - Update jDTS driver to 1.3.1 Release
- [OF-921] - MUC Group ACLs are not updated when users join a group
- [OF-922] - Major performance hit with MINA 2.0.9 vs 2.0.7
- [OF-928] - Error with adding presence to MUC presence stanza
- [OF-930] - Overlay enhancements
- [OF-932] - XEP-0202 Entity Time should respect Daylight Saving Time
- [OF-934] - Buildscript: preset javac configuration should have all shared properties
- [OF-936] - Plugins build should fail fast by default
- [OF-939] - NPE in ScramSha1SaslServer#getStoredKey
- [OF-958] - Setup fails with StackOverflowException
- [OF-959] - Database installation script does not set correct version
- [OF-964] - message body tag getting empty xmlns set sometimes when BOSH client is in MUC room
- [OF-974] - Copy cache content when updating cache factory strategy
- [OF-976] - Language is not properly set in HttpSession
- [OF-982] - jabber:iq:last queries without 'to' attribute should not return server uptime
- [OF-983] - Deadlock (federation)
- [OF-984] - Deadlock (MUC / federation?)
- [OF-985] - Missing to attribute in stream open
- [OF-986] - Dialback verify-only connections do not negotiate TLS
- [OF-987] - MUC Freezes when someone joins from federated domain
- [OF-988] - Sometimes, messages are duplicated in MUC
- [OF-989] - BOSH packet delivery fails for larger packets with WritePendingException
- [OF-992] - BOSH fails when disabling/re-enabling the port
- [OF-995] - Parent Plugin case sensitivity
- [OF-996] - NullPointerException on Admin Console /audit-policy.jsp
- [OF-998] - Openfire build should not need internet connectivity
- [OF-999] - BOSH worker threads should be configurable
- [OF-1000] - Audit file log rotation causes NullPointerException
- [OF-1002] - NPE during connection close with XEP-0198
- [OF-1003] - Exception during <a/> propcessing in XEP-0198
- [OF-1008] - Iteratively failure to deliver message
- [OF-1009] - [s2s] Federation issue with talkonaut.com
- [OF-1010] - LDAPS fails
- [OF-1023] - Roster cache not being updated for shared group changes
- [OF-1025] - web-custom.xml fails to load
- [OF-1028] - NoSuchElement Exception in XEP-0198 support
New Feature
- [OF-446] - Implement XEP-0198: Stream Management
- [OF-682] - Add Portuguese translation
- [OF-923] - FileTransferManager should generate 'complete' event.
- [OF-946] - Allow for multiple sets of keystores
- [OF-947] - Overlay should support i18n
- [OF-948] - Overlay should allow modification of src/resources
- [OF-950] - Buildscript should be able to clean one plugin
- [OF-967] - Add option to use Name as a nickname when adding muc bookmark
Story
- [OF-990] - Remove support for Legacy Date Time (XEP-0090 / 91)
Task
- [OF-767] - Bundle Openfire with Java 8 SE JRE
- [OF-1001] - Drop Clearspace support
- [OF-1016] - Add explanation to setup about default admin password
Improvement
- [OF-675] - Add a comment about restarting in Managing Plugins section of documentation
- [OF-844] - CertificateManager logs useless warning messages
- [OF-892] - Mutual authentication support
- [OF-925] - AdHoc SessionData should be extensible
- [OF-931] - Improve installation guide
- [OF-935] - During build, parentPlugin should be on classpath
- [OF-940] - Update bundled postgresql driver to 9.4-1202
- [OF-951] - Drop support for the Solaris platform
- [OF-953] - Replace antiquated JSP libraries
- [OF-956] - Admins should be able to configure cryptographical protocols & cypher suites
- [OF-957] - AuditManager Module does not load properly
- [OF-969] - Delete URLUTF8Encoder.java in favor of java.net.URLEncoder.
- [OF-970] - Modernize XMLProperties with Java NIO.2 File API
- [OF-971] - Add PropertyListener support to AuditManagerImpl
- [OF-972] - Remove unused classes
- [OF-973] - Tests should retrieve resources from the classpath rather than files.
- [OF-975] - JDBCAuthProvider: add support for bcrypt and more
- [OF-981] - Remove 'ant-jive-edition' and 'qdox' libraries from build
- [OF-991] - In Ant buildfile, use properties instead of hardcoded value.
- [OF-993] - Remove thread factory code duplication
- [OF-1004] - Improve connection configuration in admin console
- [OF-1005] - Undo module loading driven by a file
- [OF-1007] - Improve support for whitelisting/blacklisting client IP addresses
- [OF-1011] - When importing PEM certificates, ignore leading/trailing whitespace
- [OF-1029] - Overlay should be able to override web.xml
- [OF-1033] - Orderly shutdown of MUC Service
3.10.3 -- Nov 17, 2015
Bug
- [OF-332] - ldap.connect.timeout not working with SSL connection
- [OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
- [OF-887] - ldap.readTimeout not used when LDAP getContext() is called for queries
- [OF-902] - Admin Console is not using HttpOnly attribute in cookies
- [OF-903] - ISE attempting to write data to a closed/closing session
- [OF-918] - Character encoding issue in BOSH
- [OF-926] - Clients can't authenticate using LDAP SSL
- [OF-938] - BOSH packet namespace issue
- [OF-949] - Offline message delivery failures
- [OF-954] - Openfire clustering fails to correctly sync MUC room occupants
- [OF-966] - failure tag not closed for TLS Negotiation Failure
New Feature
- [OF-933] - Update websocket support per RFC 7395
3.10.2 -- Jun 22, 2015
Bug
- [OF-181] - NPE when admin deletes logged in owner from members-only room
- [OF-917] - Openfire is not closing "Half-closed" sessions
- [OF-920] - 100% CPU Usage with thread attempting to read from a should be closed session
- [OF-922] - Major performance hit with MINA 2.0.9 vs 2.0.7
- [OF-924] - Enable LDAP SSL Connection Pooling
- [OF-943] - Hazelcast cluster task(s) timeout prematurely
3.10.1 -- Jun 16, 2015
Bug
- [OF-820] - Presence probe for local user allowed when probee not subscribed
- [OF-883] - High CPU usage and hangup after a few days of running
- [OF-889] - NPE on Admin Console (client sessions listing)
- [OF-904] - LDAP authentication broken in 3.9.2 onwards
- [OF-907] - SSLv2 Hello is rejected; prevents some clients connecting
- [OF-909] - BOSH response should return ack attribute
- [OF-910] - MUC de-synchronization issues
- [OF-916] - Deadlock with MINA sslFilter
3.10.0 -- April 20, 2015
Sub-task
- [OF-397] - Do not deliver offline messages to clients with negative priority
- [OF-560] - Restore or drop support for Pack200 compression
- [OF-629] - Remove XMPP Sessions
Bug
- [OF-116] - Add a text explaining the path used for http-binding
- [OF-232] - On startup, conference room list on admin console sometimes blank
- [OF-405] - Openfire fails to verify chained certificates
- [OF-429] - Openfire is turning off debugging mode on startup
- [OF-444] - Jingle Nodes plugin should use lowercase in i18n file's name
- [OF-460] - Debug log is not saving its state between restarts
- [OF-474] - OpenFire still provides entry forms for already-registered room users
- [OF-565] - ConnectionHandler has parsing problems due to use of hashcode under heavy load.
- [OF-670] - MUC user count not kept in sync across cluster nodes
- [OF-736] - Openfire should return <incorrect-encoding/> SASL failure, when not using base64 encoding
- [OF-754] - Lock out user option works incorrectly in some cases
- [OF-778] - Setup LDAP broken during initial openfire configuration
- [OF-786] - Muc - grant membership: nickname is not stored
- [OF-794] - Client sessions for failed cluster nodes are not being cleaned up properly
- [OF-795] - Unable to disable Message Carbons after they have been enabled by the client
- [OF-796] - Plugin version check should be numeric rather than textual
- [OF-799] - Changing server 2 server idle settings has broken UI
- [OF-800] - Encryption setting wrong when adding a property via System Properties page
- [OF-802] - MUC Invites result in 404
- [OF-803] - Message Carbons may throw org.dom4j.IllegalAddException, resulting in disconnection
- [OF-804] - Joining a locked MUC room should return <item-not-found/> instead of <recipient-unavailable/>
- [OF-805] - [MUC] OF does not return all affiliated users when requesting multiple affiliations
- [OF-806] - Flash client connection closing with invalid_namespace error
- [OF-807] - S2S whitelist form saving domains with "-" without it
- [OF-811] - Remove deprecated "xml-not-well-formed" error in favor of "not-well-formed"
- [OF-812] - Monitor plugin fails to handle start date properly
- [OF-813] - Memory leak
- [OF-818] - Message routing to bare JID can route to negative priority resources
- [OF-819] - IQs (e.g. XMPP Pings) of type error get falsely routed to IQ.createResult() which results in an Exception and connection termination
- [OF-822] - If a non-occupant sends a request to an occupant, a MUC service MUST return a <bad-request/> error.
- [OF-823] - Numeric overflow in MUCPersistenceManager when loading history older than 24 days.
- [OF-825] - Failing to connect to database after reboot if & is used in a password
- [OF-830] - LDAP shared groups disappear after some time
- [OF-832] - Monitoring plugin fixes
- [OF-837] - PubSub should return non-persistent items (last published item)
- [OF-839] - Forwarded extension should not overwrite extension namespaces of the forwarded message.
- [OF-840] - BOSH <stream:features> does not include <register/>
- [OF-849] - Error decoding subjectAltName DERTaggedObject cannot be cast to ASN1Sequence
- [OF-853] - XEP-0077 Registration must return <not-acceptable/> if username or password are unspecified.
- [OF-855] - Openfire looses messages when multiple senders send messages to the same receiver that looses connection
- [OF-857] - c2s stop responding, new connections hang
- [OF-858] - PEP Service does not support auto-create feature
- [OF-859] - Remove static service id reference in Node.class
- [OF-860] - No MUC status code 110 (self-presence) after joining a room with more than one user
- [OF-861] - Disable SSLv3 by default as per POODLE vulnerability
- [OF-863] - Multiple NPEs encountered when running under high load/latency in cluster mode (via hazelcast plugin)
- [OF-864] - Cleanup routes from defunct cluster member servers
- [OF-866] - Unexpected "session not found" errors under load
- [OF-875] - Roster requests to bare JID of the user are not responded
- [OF-876] - IQRosterHandler does not respect error cases in RFC 6121 § 2.3.3.
- [OF-877] - BOSH connector does not properly restart after a configuration change
- [OF-878] - NPE in MINAStatCollector
- [OF-884] - Auditor uses wrong hour for file rotation
- [OF-885] - Use non-blocking, async API for BOSH servlet
- [OF-886] - Openfire fails to parse CDATA when it ends with sequence ]]]>
- [OF-888] - s2s locks up with gmail
- [OF-894] - Openfire tries to close a closing session over and over.
- [OF-895] - Update postgresql driver to support PostgreSQL 9.4
- [OF-896] - Default client compression inconsistency
- [OF-897] - GZipFilter fails on Async BOSH servlet
New Feature
- [OF-69] - Add "Groups user belongs to" column to the User Summary page
- [OF-179] - Allow MUC permissions to be set using groups
- [OF-250] - Allow to configure the groups of a user from the user profile
- [OF-324] - Offline Email Notification
- [OF-843] - Upgrade clustering components for new Session API method
Task
- [OF-421] - Update MINA library to latest version
- [OF-466] - Drop Java 5 support
- [OF-709] - Update Jetty from 7.4 to 9.1
- [OF-831] - A typo on Database Settings page during setup
- [OF-901] - Update bundled JRE to 1.7.0_76
Improvement
- [OF-189] - do not use com.sun.* classes
- [OF-261] - add gzip filter servlet to admin console
- [OF-593] - LocaleUtils.java_dots_ to_underscores_i18n _bundles
- [OF-797] - Move ant-tasks in subdirectory (and delete ant.jar)
- [OF-801] - Extend ant build script to support multi-platform binaries that do not have a file extension
- [OF-828] - Add the MUC service plugin to Openfire plugins
- [OF-835] - Prevent fast clients flooding Openfire causing OutOfMemoryError
- [OF-838] - Allow for custom lib and conf file placement
- [OF-841] - Add a note about UAC to the Installation Guide
- [OF-842] - Additional properties in User Properties view
- [OF-847] - Upgrade bouncycastle from 1.50 to 1.51
- [OF-850] - Improve initialization state for JiveGlobals
- [OF-869] - Update Jetty to 9.2.x version
- [OF-893] - Mutual Authentication Broken for BOSH
3.9.3 -- May 6, 2014
Bug
- [OF-2] - LocalOutgoingServerSession logs connection failures over verbosely
- [OF-746] - Use update-alternatives to set JAVA_HOME on debian
- [OF-779] - fetching from LDAP should escape results
- [OF-780] - Update reCaptcha for HTTPS
- [OF-781] - ConcurrentModificationException in kickPresence
- [OF-782] - Wrong URL generated for editing groups with space in the names
- [OF-783] - Apply encryption to secure properties during setup
- [OF-784] - Possible NullPointerException in MessageRouter logic
- [OF-787] - TLS server to server connections are not working with 3.9.2
- [OF-788] - UserService plugin should not reset group properties when adding user to group
- [OF-789] - Invalid token in Pubsub item purge SQL
- [OF-791] - Joining new MUC room results in a 404 error
Improvement
- [OF-744] - Replace package.html with package-info.java
3.9.2 -- May 1, 2014
Bug
- [OF-24] - "Issue with IQ subscription="remove"
- [OF-114] - Clearing cache can lock up MUC
- [OF-183] - Bad-namespace prefix is actually invalid-namespace?
- [OF-193] - Last logouts are not recorded when server is shut down
- [OF-297] - fix: mutual roster deletion problem
- [OF-303] - fix Flexible Offline Message Retrieval (XEP-0013) support
- [OF-455] - Some unicode pattern in status message can break the session connection
- [OF-471] - Error integrity of the compressed stream
- [OF-544] - MUC change affiliation/role - admin IQ item processing bug
- [OF-562] - Broadcasting roles for MUC are not loaded correctly from DB
- [OF-633] - Current OfflineMessageStore logic discards valid MUC invites
- [OF-640] - log4j doesn't pick up ${openfireHome}
- [OF-669] - Visually failed first login to Admin Console
- [OF-686] - Anonymous registration permits name with javascript payload
- [OF-687] - MUC topic permits javascript payloads
- [OF-692] - Node column in ofSecurityAuditLog table should accept NULL entries
- [OF-693] - openfire init script target reload should not call restart
- [OF-699] - Race condition during cluster initialization (Hazelcast plugin)
- [OF-705] - Admin console (XSS) vulnerability lets attacker change admin password or create new admin
- [OF-706] - Openfire does not close the stream with a stream error if the namespace is not 'http://etherx.jabber.org/streams'
- [OF-717] - The BOSH implementation should include a 'from' attribute in its session creation response.
- [OF-720] - Roster deletion of userB by userA should not remove userA from userB's roster
- [OF-722] - Openfire should save XEP-0184 delivery receipts as offline message
- [OF-725] - Openfire must return a service-unavailable error when blocking an IQ of type get or set because of a privacy list. OF should return error if a message stanza is blocked
- [OF-731] - HybridUserProvider does not initialize correctly
- [OF-733] - OF should not silently close a connection, when receiving a message without 'to' attribute
- [OF-734] - Openfire cannot deal with SASL <abort/>
- [OF-735] - Openfire should return <invalid-mechanism/> SASL failure, when requesting an unknown mechanism
- [OF-741] - Debian Installer should allow Java7 as a prereq
- [OF-742] - MUC Service sends "disturbing" service messages.
- [OF-743] - MUC room does not return its identity or features, when querying for room info
- [OF-745] - Use TLS-dialback even if that mechanism is not advertised
- [OF-746] - Use update-alternatives to set JAVA_HOME on debian
- [OF-751] - NPE on PubSubEngine#shutdown on server shutdown
- [OF-753] - Improve init script to work with opensuse and fix logic with PID file
- [OF-755] - Monitoring plugin database fixes
- [OF-756] - Fix Postgres purge process error
- [OF-757] - Allow s2s message of subdomain of XMPP domain when no components are found
- [OF-759] - Update bundled postgresql driver to PostgreSQL 9.3 JDBC4 (build 1101)
- [OF-760] - MUC service does not include "self-presence" status code 110
- [OF-761] - OF must return <jid-malformed/> instead of <bad-request/> when joining a MUC room without nickname
- [OF-769] - Fix typo in monitoring plugin
- [OF-770] - CVE-2014-2741 Uncontrolled Resource Consumption with XMPP-Layer Compression
- [OF-772] - IQ type="result" getting java.lang.IllegalArgumentException
- [OF-774] - Needless code in AuthorizationManager
Improvement
- [OF-163] - fix RosterItemProvider.getItems() for Oracle
- [OF-298] - EntityCapabilityManager should not use a clustered cache
- [OF-309] - Privacy Lists drop messages silently
- [OF-411] - Admin or owner should be able to join a room when it has reached maximum occupants number
- [OF-464] - Verify if there were packets pending to be sent and decide what to do with them
- [OF-569] - Add deluser adhoc command
- [OF-592] - build.xml_chmod_executables.patch
- [OF-594] - PluginServlet.java_support_registering_servlets_programmatically.patch
- [OF-729] - Upgrade Hazelcast plugin to latest release version (3.1.x)
- [OF-730] - Migrate operational configuration properties from openfire.xml to DB
- [OF-749] - Upgrade bouncycastle library from 1.49 to 1.50 to keep up with JitsiVideobridge
- [OF-764] - Group chat history (MUC) should match configuration after server restart
- [OF-771] - MUC service should flush recent history before shutting down
New Feature
- [OF-125] - Restrict discovery of rooms based on users membership
- [OF-206] - Add HybridUserProvider
- [OF-347] - The domain should add support for Last Activity requests
- [OF-638] - Add support for XEP-0202: Entity Time
- [OF-682] - Add Portuguese translation
- [OF-714] - Add ability to encrypt properties so they are encrypted in the db and do not appear in the admin console.
- [OF-758] - Add support for XEP-0280 "Message Carbons"
- [OF-775] - Improve logging of invalid presence show
Task
- [OF-728] - Update installation package with the latest Java JRE
Sub-task
- [OF-10] - Pubsub event message with SHIM information holding multiple subscriptions should have the name='SubID'.
- [OF-103] - [MUC] Allow nicknames to be used more than once in the same room
3.9.1 -- Feb 6, 2014
Openfire Improvements
- [OF-697] - Update bundled MySQL JDBC driver to the newest 5.1.x version
- [OF-715] - Update Openfire bouncycastle library from 1.46 to 1.49
Openfire Features
- [OF-727] - Configuration option to disable presence broadcast for other resources on single user
Openfire Tasks
- [OF-513] - Update installation package with the latest Java JRE (1.7.0_2 or higher)
3.9.0 -- Feb 5, 2014
Openfire Bug Fixes
- [OF-454] - Openfire does not send user presence information to all resources of the user
- [OF-496] - javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
- [OF-676] - Pressing on workgroup in Fastpath causes an exception
- [OF-677] - Monitoring Plugin - "Null" reappearing in Archive for Message Body
- [OF-678] - Monitoring Plugin - Ever expanding Index
- [OF-680] - Packet Filter Plugin does not allow creation of wildcard rules
- [OF-718] - Fix Debian initscript to support more JAVA_HOME paths
- [OF-719] - Userservice plugin leaves user roster items in DB when user is deleted
Openfire Improvements
- [OF-654] - Openfire failes to create tables on MySQL 5.6
- [OF-679] - Packet Filter - Add option for "All Groups" and auto creation of rules based on Openfire Group Settings
- [OF-700] - Add a method to refresh a MUC room
- [OF-701] - Better group properties handling
- [OF-703] - UserService Plugin - Auto-create shared groups if not existing
- [OF-704] - Make LDAP connection timeout configurable
Openfire New Features
- [OF-681] - Add ability to search plugin to be able to restrict searching for users to only the group a user is in
- [OF-716] - Add Jitsi Videobridge plugin to Openfire plugins
Openfire Task Fixes
- [OF-698] - Bump version on all bundled openfire plugins, bump min version due to distributing java6 binaries now
3.8.2 -- May 28, 2013
Openfire Improvements
- [OF-342] - Add CORS headers to HTTP-Binding/BOSH
- [OF-393] - Group names with <> should be properly HTML escaped
- [OF-650] - Add support for X-Forwarded-For (XFF) headers from proxied BOSH clients
- [OF-655] - Add configurable JMX support
- [OF-657] - Merge Atlassian Crowd provider into Openfire core
- [OF-660] - Enhance the sessions pages (summary/detail) in the admin console
- [OF-674] - Add roster management capabilities to userservice plugin
Openfire Bug Fixes
- [OF-14] - Subscriptions to pubsub node should be based on the JID as supplied, not the bare JID
- [OF-108] - Admin Console is adding BR tags when editing system property containing string with newlines
- [OF-453] - Ensure HttpSession is terminated properly by session reaper
- [OF-465] - Kicking MUC occupant on server is not propagated to clients
- [OF-476] - FlashCrossDomainHandler causes infinite loop under some circumstances
- [OF-477] - SASL server in OF creates digest-uri based on xmpp.fqdn but it sends xmpp.domain to the client
- [OF-595] - Security audit logviewer is not escaping tags
- [OF-646] - XmppDateTimeFormat is unable to parse date Strings
- [OF-653] - BOSH deadlock
- [OF-656] - Fix crossdomain.xml for BOSH
- [OF-659] - JDBCUserProvider returns all users for a paginated search
- [OF-661] - MUC Topic/Subject change not propagated to other cluster nodes
- [OF-664] - Monitoring archive shows null in room chat logs
- [OF-665] - MUC changes/activities do not propagate across cluster nodes
- [OF-666] - Pubsub items should be created using cluster time rather than local time
- [OF-667] - Monitoring plugin bad SQL for upgrade
- [OF-668] - Pubsub items (persistent) may be dropped in certain cases
- [OF-671] - XSS in server2server.jsp
- [OF-673] - Should include a 'to' attribute in initiating s2s streams
Openfire New Features
- [OF-651] - Monitoring plugin should have an option to purge and restrict
3.8.1 -- March 3, 2013
Openfire Improvements
- [OF-597] - Increase performance of fetch last pubsub item for a node
- [OF-614] - Add /usr/lib/jvm/default-java to the collection of default locations to look for a JRE
Openfire Bug Fixes
- [OF-102] - Deleting user does not clear out ofUserFlag
- [OF-415] - Group disappears from the Group Summary view after editing its details
- [OF-596] - Last published item is not loaded when leaf node is loaded into memory.
- [OF-610] - Restore shared group support for read-only GroupProviders (LDAP)
- [OF-612] - Upgrade bundled JRE to last version...
- [OF-613] - RPM build failure with
- [OF-615] - Improve Robustness of loading MUC service at startup
- [OF-616] - Can't see newly created groups in Admin Console after the upgrade to 3.8.0
- [OF-617] - Fastpath plugin fails to build
- [OF-618] - Error in Admin console, MUC
- [OF-619] - GoJara plugin library has Java-6 code
- [OF-620] - JustMarried plugin library has Java-6 code
- [OF-621] - JustMarried plugin throws NullPointerException
- [OF-623] - PubsubPersistenceManager does not load nodes properly if the hierarchy has more than two levels.
- [OF-624] - Illegal JID when configuring a created MUC room
- [OF-627] - Update rpm bundled JRE 1.6u41
3.8.0 -- February 6, 2013
Openfire New Features
- [OF-204] - Add clustering support to Personal Eventing via Pubsub
- [OF-205] - Add clustering support to pub-sub
- [OF-240] - Show last history messages in room with a specified age
- [OF-483] - JDBCUserProvider hardcodes searchSQL
- [OF-543] - Support OpenJDK for Debian build
Openfire Improvements
- [OF-197] - Make openfire's plugin unloading -> loading more robust
- [OF-278] - Do not load all the system user to memory for shared groups
- [OF-342] - Add CORS headers to HTTP-Binding/BOSH
- [OF-448] - Add support for Ant 1.8
- [OF-481] - Upgrade Jetty from 7.0.1 to 7.5.4
- [OF-497] - Properly determine size of Collections to be cached
- [OF-506] - Phase out JettyLog
- [OF-507] - Improve logging of failed roster updates
- [OF-517] - Openfire should ignore Othername formats it doesn't understand
- [OF-524] - When closing a session as a result of a problem, send a <stream:error> stanza.
- [OF-529] - Allow users to get their own presence via presence plugin
- [OF-535] - Fixed Lithuanian translation for the Search plugin
- [OF-537] - Update Russian translation
- [OF-561] - Update Webchat for Jetty 7
- [OF-566] - Add RPM noarch build capability
- [OF-575] - Fix the installation guide (Custom Parameters)
- [OF-579] - Allow configuration of hazelcast plugin from outside the plugin jar
- [OF-581] - Improve startup script for RedHat
- [OF-582] - Improve locking on user's properties
- [OF-602] - Hazelcast clustering plugin improvements
- [OF-607] - When serializing JID instances in a cluster, do not use the (expensive) JID constructor
Openfire Bug Fixes
- [OF-39] - The storage of items in memory in a persistent LeafNode is a memory leak
- [OF-191] - store offline messages with empty body for pubsub
- [OF-270] - Duplicate entry 'user xxx' for key 1 -- Exposed during load testing.
- [OF-271] - fix "duplicate key violates unique constraint "ofpresence_pk""
- [OF-419] - FastPath Web Authentication Bug
- [OF-439] - Memory leak in PEP service
- [OF-443] - S2S doesn't work (dialback broken)
- [OF-480] - Logs directory is not created in the correct location on some systems
- [OF-498] - "Supplied key (null) is not a RSAPrivateKey instance" error in the Server Settings / Server Certificates screen
- [OF-510] - Buildfile fails if ran using Java 1.7
- [OF-514] - BOSH terminate stanza needs terminate attribute
- [OF-516] - user-roster-add.jsp has wrong name for groups textfield
- [OF-518] - Admin Console saving 'CHOOSE' for a STUN address, which causes annoying traceback
- [OF-522] - Upgrade bundled JRE to 1.6u30
- [OF-525] - Creating chatroom on console yields "room_already_exists" error when it does not
- [OF-526] - Deleting room and specifying invalid alternate room JID causes trouble
- [OF-527] - muc-create-permission.jsp displays an immediate error without adding users
- [OF-533] - TLS filter applied to non-SSL connections does not use configurable algorithm
- [OF-539] - HybridUserProvider does not load tertiaryClass due to typo
- [OF-540] - Prevent NPE in LdapVcardProvider.java
- [OF-542] - Fix Deprecated use in Log.java
- [OF-558] - Improve BOSH robustness when connections drop for unknown reasons
- [OF-564] - User import/export plugin concatenates group names in export
- [OF-567] - zlib inflate synchronization issue
- [OF-572] - The node configuration form does not contain the parent, children or type on a configured node.
- [OF-573] - Thread synchronization issues with HttpSession/BOSH
- [OF-584] - Fix DNS SRV support
- [OF-586] - Deliver event notifications to all subscribed JIDs
- [OF-588] - PEPService fails to be added to a clustered Cache
- [OF-589] - improve JAVA_HOME detection in openfire.sh
- [OF-590] - Console error in session view when a cluster member goes offline
- [OF-591] - NullPointer exception thrown when deleting rooms via the Webinterface
- [OF-598] - database.defaultProvider.testAfterUse/testBeforeUse should default to false
- [OF-600] - Let a client to ask for the history messages of a specific date (XEP-0045)
- [OF-601] - NPE with Privacy Lists while in cluster mode
- [OF-605] - PEPHandler tries to cache presence for the entire world
- [OF-606] - MUC room destroy can fail when no alternate JID is supplied
- [OF-608] - ClassCastException: org.jivesoftware.openfire.component.InternalComponentManager$RoutableComponents cannot be cast to org.jivesoftware.openfire.session.OutgoingServerSession
Openfire Completed Tasks
- [OF-352] - Change license to Apache
- [OF-467] - Update build.xml to check for Java 7
- [OF-511] - Upgrade BouncyCastle from 1.45 to 1.46
- [OF-534] - Make the STUN implementation a plugin
- [OF-98] - Bug in xmlns for grantowner and grantadmin / not in sync with JEP-0045
- [OF-495] - A RosterItem could only be in one group
- [OF-499] - Update org/jivesoftware/util/log/util/JettyLog to the Jetty 7.6.0/8.0 API
- [OF-603] - Transport sends subscribe-Presence that can be denied
3.7.1 -- October 1, 2011
Openfire Improvements
- [OF-370] - Allow any member to retrieve the room's member list even if not yet an occupant (2 votes)
- [OF-436] - Add default-jre-headless to the list of dependency-alternatives for Debian
- [OF-450] - Add StartCom CAs to truststore
- [OF-451] - Add log category to logging output
- [OF-452] - Improve SASL over Dialback for server-to-server connections
- [OF-468] - Ensure presence subscription works with bare JIDs
- [OF-479] - Response to jabber:iq:version should include proper OS information
Openfire Bug Fixes
- [OF-99] - [patch] small session establishment issue
- [OF-112] - LDAP group provider filter enhancement
- [OF-363] - Openfire is using muc#owner instead of muc#admin to change group chat affilations
- [OF-405] - Openfire fails to verify chained certificates (3 votes)
- [OF-431] - Openfire 3.7.0 Mac installer won't install
- [OF-433] - Fix LSB init for Debian
- [OF-440] - Typo in MultiUserChatServiceImpl with forms
- [OF-443] - S2S doesn't work (dialback broken) (20 votes)
- [OF-445] - HTTP session packet count from server always 0
- [OF-457] - Typo in search_i18n.properties
- [OF-458] - XMPPDecoder has a decode problem for UTF-8 (1 vote)
- [OF-459] - Search on MUC service always empty
- [OF-472] - Fix the link to java regex tutorial in readme
3.7.0 -- March 2, 2011
Openfire New Features
- [OF-21] - Add JiveGlobal options for FlashCrossDomain
- [OF-22] - Be able to set default room properties from the admin console
- [OF-43] - Add reCAPTCHA check for registration via web
- [OF-45] - Search plugin lithuanian translation
- [OF-61] - allow admin console to only listen on specific device
- [OF-66] - StartTLS for LDAP queries
- [OF-71] - flash cross domain handler property
- [OF-80] - Allow components tocreate nodes for pubsub
- [OF-127] - [patch] Prepend string to broadcast messages
- [OF-222] - Add disable/enable (unlock/lock) type to UserService plugin
- [OF-223] - Add "Last Logout" to search plugin results on admin console
- [OF-359] - broadcast-plugin: allow broadcasting to all (online and offline) users
- [OF-60] - Add Russian Translation to Admin Console
- [OF-379] - Add Jingle Relay Nodes plugin
- [OF-401] - Add sha256 and sha512 support to JDBCAuthProvider
Openfire Improvements
- [OF-1] - Replace code with Tinder
- [OF-4] - Search result columns that contain JIDs should be marked as type JID-SINGLE, instead of TEXT-SINGLE
- [OF-18] - MUC Private Conversation Logging
- [OF-28] - Change the order of showing Signing requests on the Server Certificates page
- [OF-46] - Upgrading Openfire to use Jetty 7 Continuations
- [OF-47] - Add a comment about remote setup and administration
- [OF-49] - UserService plugin should check over username before handing over to UserManager
- [OF-53] - Replace custom logging implementation with a third party library
- [OF-54] - Allow for Serializable collections to be processed by ExternalizableUtilStrategy
- [OF-58] - Log the username of failed SASL logins
- [OF-63] - MUC affiliation improvements
- [OF-65] - Migrate license from GPL to Apache 2.0
- [OF-67] - init script improvement
- [OF-76] - Limit the size of queues
- [OF-78] - Update Tinder to 1.2.1
- [OF-88] - Update installation package with the latest Java JRE
- [OF-109] - Webchat adds double quotes to the value of auto-populated elements in Workgroup Web Form
- [OF-131] - Oracle JDBC documentation needs to be updated
- [OF-133] - add source of stringprep to ./build/lib/versions.txt
- [OF-140] - Allow to enable/disable if invitations should be sent to new room members
- [OF-268] - improve reliability of embedded database
- [OF-285] - add XEP-0126 to "Protocol Support"
- [OF-327] - Slovak translation update
- [OF-328] - Add Slovak translation for the connection manager
- [OF-343] - Add @Override annotations
- [OF-344] - Add @Deprecated annotations
- [OF-349] - User import/export plugin should ignore empty groups
- [OF-372] - XEP-0203 support
- [OF-377] - RSA key size of CSR should be configurable
- [OF-381] - Server Dialback stream should have addressing
- [OF-389] - Update bouncycastle library to latest version
- [OF-390] - Upgrade Tinder to 1.2.2
- [OF-399] - Upgrade Tinder to anything higher than version 1.2.2
- [OF-412] - FastPath WebChat adds quotation marks around auto-populated values
- [OF-413] - Repeatedly transferring a chat between workgroups in Fastpath
- [OF-420] - Disco services become null after the upgrade to 3.7.0 Beta
- [OF-424] - Fix a typo in "Transcript Send Error" of Fastpath plugin
- [OF-426] - Renaming a group removes it from a groups list and in the clients
- [OF-428] - getExtendedInfo creates malformed XML
Openfire Bug Fixes
- [OF-5] - Request to get items on persistent pubsub node should not require a subscription id if user has 1 subscription
- [OF-6] - Getting specific items from a pubsub node copies the request items into the result packet, which produces an invalid result
- [OF-7] - Requst for subscription on a pubsub node returns all subscriptions for all nodes
- [OF-12] - Error when publishing multiple items at once to pubsub node
- [OF-13] - Pubsub configuration event is incorrect
- [OF-16] - Persistent pubsub nodes will not store items unless max_items is set.
- [OF-17] - Posting mulitple items to a pubsub node with the same ID will cause a new ID to be generated for the item instead of overwriting the item.
- [OF-20] - In pubsub, subscription items include and 'affiliation' attribute which is not in the schema
- [OF-23] - OutgoingSessionPromise is not sending error back to the client in s2s scenario
- [OF-24] - "Issue with IQ subscription="remove"
- [OF-26] - fix password update for JDBC Auth Provider
- [OF-27] - Create conferences services with invalid service name
- [OF-29] - route.all-resources does not work
- [OF-30] - Fix generating of the self-signed certificates after truststore deletion
- [OF-32] - Loading and creating rooms with multiple conferences services fails
- [OF-33] - Some issues with the first conference service which is manually created.
- [OF-38] - Issue with JabberNet and massive subscription requests from the server
- [OF-41] - Fix exception on muc-room-affiliations
- [OF-42] - Don't allow setup affiliations for invalid JIDs
- [OF-44] - Support multiple SRV records, weights, and priorities
- [OF-48] - Openfire is sending two unavailable packets after leaving the room
- [OF-52] - Possible Memory leaks in PubSubPersistenceManager
- [OF-56] - Ignore presence stanza of type "subscribed" without previous subscription request
- [OF-57] - typo in pubsub Node.java
- [OF-59] - Should handle trailing spaces more gracefully (Room User Permissions)
- [OF-62] - Exception shown if one refeshes particular user's session info
- [OF-64] - Fix for the "Broadcast presence for" option in the room settings
- [OF-70] - Unresponsive clients cause Openfire to run out of memory
- [OF-72] - Openfire can't detect broken clients' connections
- [OF-73] - Upgrade from OF3.5 fails due to incorrect sqlserver database script
- [OF-75] - Packets sent to non-connected components are processed by OutgoingSessionPromise
- [OF-77] - IQPepHandler stores JIDs that become available, but never removes them from the cache
- [OF-79] - NullPointerException if no DNS SRV records can be found for a particular domain
- [OF-82] - Empathy client can cause OOM
- [OF-86] - Admin console does not automatically log an admin out after the idle time limit
- [OF-87] - DWR in Monitorplugin fails, causes statistics to be inaccessible
- [OF-89] - ldap.adminPassword is plain text
- [OF-90] - Cross-site scripting attack in the login form
- [OF-91] - Client session will be terminate when receiving invalid surrogate characters
- [OF-106] - French translation update
- [OF-156] - fix LDAP email in vCard documentation (also javadoc)
- [OF-180] - Build fails in CI due to new Open Source Clustering Plugin
- [OF-211] - userservice plugin should check for null when updating user properties
- [OF-212] - Radio button changes wrong option on Registration & Login page
- [OF-213] - Revert Postgresql for java 5 support
- [OF-214] - Dup Security Audit entry for enabling/disabling db profiling [patch]
- [OF-215] - Wrong Clearspace webservice URL used to create avatars
- [OF-216] - Presence issues with LDAP and shared groups
- [OF-217] - Admin is unable to login after the last step of the setup
- [OF-218] - Licence bug, migrate to GPLv3 ?
- [OF-219] - fix documentation of auth. provider
- [OF-220] - group-edit.jsp text is misleading for contact sharing
- [OF-221] - Openfire does not honor option to stop password changes
- [OF-301] - audit log files deleted
- [OF-330] - Allow MUC room subject to set blank on admin console
- [OF-333] - getCachedSize() of Cachable returns incorrect value (causing OOMs!)
- [OF-334] - fastpath secure image does not update
- [OF-339] - Openfire queries users for disco#info after each presence change (CAPS is being polled)
- [OF-346] - BOSH uses incorrect Namespace
- [OF-350] - System property for MUC disabling doesnt work
- [OF-357] - reading characters of openfire.xml file fails if it is UTF-8 and not "locale" encoded
- [OF-358] - fix 2 GB problem within Auditor
- [OF-368] - fix and improve ldap paged results
- [OF-374] - Ant buildscript should not check for explicit Ant version numbers
- [OF-384] - OS X Preference Pane fails to build on newer OS
- [OF-391] - Security-related issue reported by Mark Dolinger at August 17, 2010.
3.6.4 -- May 1, 2009
Openfire New Features
- [JM-1521] - Use stronger RSA encryption algorithm for certificates creation.
Openfire Bug Fixes
- [JM-1531] - ! Prevent users from changing other users passwords. (3 votes). Thanks to Erik HH.
- [JM-1516] - LdapGroups assumed all members never in AltBaseDN. (1 vote)
- [JM-1520] - Stacktrace of exception while initializing SSLConfig are now logged.
- [JM-1534] - DefaultAdminProvider was not including default admin account when there were no admins specified.
Openfire Connection Manager Module
3.6.3 -- January 8, 2009
Openfire New Features
Openfire Bug Fixes
- [JM-1506] - ! Fixed cross-site scripting attacks in several pages.
- [JM-1504] - Fixed error in DefaultGroupProvider.
- [JM-1503] - Fixed ClassCastException that prevented certificates from being imported.
- [JM-1500] - Flash cross domain handler (port 5229) no longer spit crossdomain.xml immediately.
Openfire Connection Manager Module
3.6.2 -- November 21, 2008
Openfire New Features
- [JM-1039] - Improved unloading of child plugins in plugin manager.
- [JM-1314] - Pack200 compression is now optional for plugins.
- [JM-1391] - Added direct link to muc-room-occupants on admin console.
- [JM-1499] - Updated MINA to latest version.
Openfire Bug Fixes
- [JM-1465] - ! IQ packet without 'id' attribute could disconnect other users. (7 votes)
- [JM-1495] - Flash clients can now connect to Openfire. NULL chars are now accepted by the server.
- [JM-1115] - Stream compression is back again working. (15 votes)
- [JM-1496] - HTTPS port is now again working with HTTP Binding. (1 vote)
- [JM-1351] - Fixed UTF-8 problem in HttpBindServlet
- [JM-1348] - Sessions page autorefresh was showing a blank page in some situations.
Openfire Connection Manager Module
- [JM-1495] - Flash clients can now connect to Openfire. NULL chars are now accepted by the server.
- [JM-1499] - Updated MINA to latest version.
3.6.1 -- November 14, 2008
! Upgrade Information
Existing installations MUST update to this version to solve security vulnerabilities.
Openfire New Features
- [JM-1453] - Optimized level of concurrency on JID class.
- [JM-1485] - JDBC providers can now use connections from the DB pool instead of opening new ones.
- [JM-73] - Improved radio buttons on offline messages page. (1 vote)
Openfire Bug Fixes
- [JM-1489] - ! Authentication could be bypass allowing arbitrary code execution. (2 votes)
- [JM-1493] - Fixed leaking of threads in PEP code.
- [JM-1492] - AdminManager doesn't handle JIDs properly.
- [JM-1487] - LoginLimitManager was checking user connection limit against wrong setting.
- [JM-1460] - Fixed typo in tablename when deleting room affiliations.
- [JM-1490] - AdHoc command AuthenticateUser now works even if UserProvider is readonly.
- [JM-1462] - Fixed NPE on admin console login when username was not completed.
- [JM-1473] - Fixed incorrect count of users in chat rooms between cluster nodes.
- [JM-1481] - Non-Sasl authentication no longer allows for spaces post- or prepending the provided form data.
- [JM-1491] - AdHoc command AuthenticateUser required 'username' field, but was using 'accountjid'.
Openfire Connection Manager Module
3.6.0a -- August 28, 2008
Openfire Bug Fixes
- Fixed database upgrade scripts across the board.
- Fixed LDAP quoting issue that was preventing some LDAP setups from working.
- Fixed @ translation in login page on failed login.
3.6.0 -- August 26, 2008
Openfire New Features
- [JM-405] - Hybrid user provider added.
- [JM-752] - Plugin download list now uses a proxy server.
- [JM-757] - altBaseDN is now used for group LDAP queries as well.
- [JM-1253] - Can now receive users, groups and vcard changes from Clearspace.
- [JM-1279] - Username changes in Clearspace now reflected in Openfire.
- [JM-1283] - Provided an option for disabling LDAP alias referral following.
- [JM-1284] - Added support for multiple conference services.
- [JM-1329] - Added Clearspace tab page in Openfire admin console.
- [JM-1389] - Added support to restrict login access for anonymous users by IP address.
- [JM-1434] - Now using server dialback over TLS when using self-signed certificates.
- [JM-834] - Now logging failed login attempts.
- [JM-1014] - Admin Console login page now tries to prevent brute force login.
- [JM-1033] - Upgraded HTTP-Binding to BOSH version 1.6.
- [JM-1117] - Now using paged results in LDAP queries if the LDAP server supports it.
- [JM-1136] - Various MUC affiliation improvements completed.
- [JM-1277] - Now storing list of providers to use in database for easier clustering support.
- [JM-1278] - Now read list of admin users from backend, database driver by default. (can update admin list on the fly)
- [JM-1291] - Updated Openfire DB schema to allow Clearspace and it to coexist in the same database.
- [JM-1334] - Applied consistent representation of having 'no value' for a particular database entry.
- [JM-1335] - Simplified list of events listened by PresenceEventListener.
- [JM-1337] - Failure to retrieve a connection from the database pool now triggers an Exception.
- [JM-1359] - Now allowing takeover of a MUC nickname if it's by the same account that owns the nickname.
- [JM-1361] - Now serving Flash policy file from client port (as well as the previous port).
- [JM-1365] - Stacktrace is no longer logged on a failed authentication attempt. (cleans up logs)
- [JM-1367] - Wildcards may now be used for external component configurations access rules.
- [JM-1368] - Default number of db connections is now higher than worker threads.
- [JM-1402] - Now returning IQ reply to the exact component's connection that made the request.
- [JM-1414] - Added support for XMPP Ping (XEP-0199).
- [JM-1416] - Group properties can now be retrieved from GroupProvider (i.e. a backend).
- [JM-1417] - S2S is no longer attempted for subdomains that are known to belong to external components.
- [JM-1422] - Now fast-failing packets for remote servers that were received in a few seconds.
- [JM-1423] - Increased server dialback timeout limit to 2 minutes.
- [JM-1435] - Now preventing empty-bodied messages from being stored in the offline message store.
- [JM-1383] - Updated Apache HTTP Client library to latest version.
- [JM-1437] - Updated URL that checks the feed for new releases.
Openfire Bug Fixes
- [JM-629] - Fixed cross-site scripting bugs in login due to url redirect.
- [JM-1100] - authorizedUsernames are no longer case sensitive when using LDAP.
- [JM-1178] - Fixed loading child or parent plugin.
- [JM-1237] - Nullpointerexception no longer occurs in LocalOutgoingServerSession.
- [JM-1268] - LdapGroupProvider no longer throws NPE if LDAP group has unlocatable user in it.
- [JM-1310] - ComponentEventListener is now working correctly when running in a cluster.
- [JM-1316] - Last screen of setup is no longer throwing NPE when session times out.
- [JM-1322] - Clearspace groups provider now works when group name contains spaces.
- [JM-1326] - Admin console now adds Clearspace tab after setup.
- [JM-1327] - Subscriptions now working when baseDN has a comma that is not a delimiter (unenclosed string).
- [JM-1333] - HttpSession#getVersion() should no longer throw NaN exceptions.
- [JM-1336] - DBConnectionManager now recovers (retries) from hitting Proxool 'simultaneous-build-throttle' limit.
- [JM-1341] - NoClassDefFoundError no longer occurs when logging in.
- [JM-1381] - LDAP vcards can now contain $ without throwing errors.
- [JM-1393] - LDAP group handler now escapes dollar signs in values when used with regexps.
- [JM-1394] - Wildcard server trust can no longer be spoofed.
- [JM-1395] - An error is no longer being returned when asking for pubsub subscriptions and none was found.
- [JM-1398] - Clustering is no longer using lite events for routing table caches.
- [JM-1399] - ClearspaceGroupProvider no longer sends a change event when loading groups.
- [JM-1400] - Now less strict with emails when loading a user.
- [JM-1401] - External components with several connections now have their disco#info correct.
- [JM-1403] - Usernames are now escaped when integrated with Clearspace.
- [JM-1405] - Password changes when integrated with Clearspace now work correctly.
- [JM-1406] - Handling of Clearspace being down when integrated with CS is handled better on users/groups page.
- [JM-1407] - Trying to login to OF admin console when Clearspace while is down no longer throws an exception.
- [JM-1408] - Descriptive error message added when logging in to OF admin console while Clearspace is down.
- [JM-1409] - White space in OF Admin Console > Group Chat > Room Summary page, below Description column removed.
- [JM-1411] - Fixed NPE in HttpSession when closing a connection that was preventing listeners from being triggered.
- [JM-1418] - Session details no longer shows user as online when connected but not available.
- [JM-1419] - Now checking for potential usage of non-ASCII characters in webservice URL requests.
- [JM-1421] - Server now disconnects clients sending invalid XML.
- [JM-1424] - When admin is logged in OF and CS is down, the "Config Clearspace" button in OF no longer hangs.
- [JM-1425] - NPE fixed when creating a group chat room for the default conference service with CS integration enabled.
- [JM-1426] - ClearspaceMUCTranscriptManager is no longer recording events from any conference service other than the designated Clearspace conference service.
- [JM-1427] - Cache-control headers on BOSH no longer cause issues with Flash+HTTPS+Internet Explorer.
- [JM-1428] - Non-descriptive error message when OF is in an update state fixed.
- [JM-1429] - Secured the shared secret of OF's CS integration admin page.
- [JM-1439] - Stream Initiation can now be used with things other than but file transfer.
- [JM-1440] - Packets sent from entities hosted by components to connected but not-available users are now being routed.
- [JM-1442] - Offline presence information when removing user account is now deleted.
Openfire Connection Manager Module
- [JM-1444] - Improved cmanagerd to support status and stop parameters.
- [JM-1445] - Added support for validating certificates of BOSH clients.
- [JM-1441] - BOSH terminate, pause and xmpp:restart requests are no longer considered polling.
- [JM-1412] - BOSH session no longer dropped when requests are received out of order.
- [JM-1377] - Can now specify hostname or IP address of server to connect.
- [JM-1376] - Can now enable/disable client listeners in Connection Managers.
3.5.2 -- June 12, 2008
Openfire New Features
- [JM-1373] - IP address of client is now passed when using connection managers.
- [JM-1350] - Max buffer size used by parser can now be configured.
- [JM-1382] - @DATE@ token is now replaced with build date when building plugins.
- [JM-1353] - Added Slovenčina translation.
- [JM-1369] - Updated MINA library to latest version.
- [JM-1379] - Updated Jetty server to latest version.
Openfire Bug Fixes
- [JM-1388] - ! Clients are no longer able to disconnect other clients.
- [JM-1372] - ! MUC lock could freeze the entire server.
- [JM-1344] - Closing remote connections is now a synchronous operation.
- [JM-1355] - Resource conflict when running in a cluster was having synchronization problems.
- [JM-1374] - Fixed NPE in audit logging when changing an user's roster.
- [JM-1378] - Allowed to send non-latin symbols in emails.
- [JM-1384] - Not all CN values in subjectDN were being considered in certificates.
- [JM-1387] - Cluster node failed to correctly start up when groupchat events were received.
- [JM-1392] - Closing idle http sessions was not removing the user from groupchat rooms.
Openfire Connection Manager Module
- [JM-1373] - IP address of client is now passed when using connection managers.
- [JM-1350] - Max buffer size used by parser can now be configured.
3.5.1 -- April 24, 2008
Openfire New Features
- [JM-1325] - Reduced number of remote calls while logging in and running inside of a cluster.
- [JM-1331] - PEP service can now be disabled to reduce DB queries.
- [JM-1339] - Updated Jetty library to latest version.
- [JM-1340] - Updated bouncycastle library to latest version.
Openfire Bug Fixes
- [JM-1323] - Fixed s2s issues affecting communication with a number of other services, including gmail.com. (4 votes)
- [JM-1203] - Openfire now performs DNS lookups on sub domains of it's primary domain that it does not have an internal route for. (1 vote)
- [JM-1315] - MySQL upgrade script number 14 repaired.
- [JM-1316] - Last screen of setup is no longer throwing NPE in some cases.
- [JM-1317] - DB2 connection test should no longer fail.
- [JM-1319] - Lock out manager default provider is no longer saving start time as end time.
- [JM-1321] - Security audit logger now truncates summary length, locale changes no longer throw error.
- [JM-1322] - Clearspace groups provider now works when group name contains spaces.
- [JM-1324] - Event resource_bound is now triggered when using iq:auth.
- [JM-1330] - Kicking or banning room occupants is now working in cluster mode.
Openfire Enterprise
- Retired, replaced by new open source plugins.
Openfire Connection Manager Module
- [JM-1338] - Updated http-binding implementation in Connection Managers.
- [JM-1338] - Modified builds to include Jetty libraries.
- [JM-1339] - Updated Jetty library to latest version.
- [JM-1340] - Updated bouncycastle library to latest version.
3.5.0 -- March 27, 2008
Openfire New Features
- [JM-1224] - Added Clearspace as a backend for users, groups and authentication. (1 vote)
- [JM-1272] - Added auditing support to the admin console.
- [JM-1235] - Added ability to kick MUC members from a chatroom from the web interface. (1 vote)
- [JM-1236] - Added database index for significant improvement in user management. (1 vote)
- [JM-1269] - Improved throughput of external components connections.
- [JM-1221] - Created new event listener to catch successful resource binding.
- [JM-1267] - Created ExternalComponent listener that will listen and may deny new settings.
- [JM-160] - Added ability to disable user accounts. (13 votes)
- [JM-1273] - Allowed to join a groupchat while being unavailable.
- [JM-1218] - Updated admin console UI look.
- [JM-840] - Improved i18n in plugin admin console pages.
- [JM-1260] - Allowed to set default max number of users when creating new rooms.
- [JM-1149] - Improved pagination for list of group chats in the admin console. (2 votes)
- [JM-1262] - Added support for enabling/disabling the pubsub service.
- [JM-1241] - XMPPServerInfo now makes a distinction between 'hostname' and 'xmpp domain name'.
- [JM-1270] - Changed default HTTP binding ports to 7070 and 7443.
- [JM-1271] - Updated MINA library to latest version.
- [JM-1276] - Added functionality to UserProvider to allow requirement of email and name fields.
Openfire Bug Fixes
- [JM-1289] - ! Fixed DoS attack that could bring the server down.
- [JM-1175] - Fixed double-byte characters problem. (4 votes)
- [JM-1175] - Fixed memory leak in the MultiUserChat module.
- [JM-1300] - Room events are now only triggered in the node that generated the event.
- [JM-1274] - Fixed sending of presence packets when using direct presences.
- [JM-1275] - Messages sent to bare JIDs were not considering directed presences.
- [JM-1311] - Fixed NPE in HttpSession when closing the session.
- [JM-1186] - Fixed JDBC authentication when using DIGEST-MD5. (1 vote)
- [JM-1263] - Fixed highlighting of active tab in client sessions tab. (1 vote)
- [JM-1265] - Adding a new member to a room is now propagated to other cluster nodes.
- [JM-1266] - Fixed test of connections when using Oracle.
Openfire Enterprise
- [ENT-425] - ! Fixed distributed locking problem when running in a cluster.
- [ENT-417] - It is now possible to override the default type of a cache when using clustering.
- [ENT-427] - Fixed registration of new remote servers when running in a cluster.
- [ENT-403] - Fixed exception when storing big workgroup forms.
- [ENT-401] - Webchat link was moved to under Client Management.
- [ENT-256] - SparkWeb - Added moderator controls for "User Kick/Ban" to group chats.
- [ENT-364] - SparkWeb - Allowed users to view and edit their own VCard profile information.
- [ENT-362] - SparkWeb - Contact context menu now includes menu items for "Start a chat" and other common items.
- [ENT-400] - SparkWeb - Contact list us now sorted alfabetically.
- [ENT-398] - SparkWeb - Contact list sorting was case-sensitive.
- [ENT-399] - SparkWeb - Improved typing notification alerts.
- [ENT-371] - SparkWeb - Localized the labels in the View Profile window.
- [ENT-415] - SparkWeb - Made SparkWeb client link pop up new window.
- [ENT-408] - SparkWeb - JIDs are now used in more places instead of Strings.
- [ENT-231] - SparkWeb - Improved font choices to be consistent and cross-platform.
- [ENT-404] - SparkWeb - Fixed overlap of timestamps in the message view.
- [ENT-409] - SparkWeb - Newly bookmarked rooms appeared on all servers.
- [ENT-410] - SparkWeb - Fixed exception when loading bookmarks.
- [ENT-411] - SparkWeb - Fixed error while loading certain vCards.
Openfire Connection Manager Module
- [JM-1175] - Fixed double-byte characters problem.
- [JM-1271] - Updated MINA library to latest version.
3.4.5 -- February 07, 2008
Openfire New Features
- [JM-343] - Improved connection pool recovery logic by switching to proxool.
- [JM-1217] - Now possible to allow the same component to connect many times to the same JVM.
Openfire Bug Fixes
- [JM-1250] - Setting VM options from config file in Debian now works.
- [JM-1251] - Fixed small memory leak in Multi User Chat.
- [JM-632] - SSL settings pages now handle broken keystores without crashing.
- [JM-703] - LDAP settings (particularly search filters) will no longer get corrupted upon saving.
- [JM-1248] - RPM is no longer throwing warnings about ci and jivedev users.
- [JM-1249] - Debian postinstall is now checking to make sure openfire group exists.
Openfire Enterprise
Openfire Connection Manager Module
3.4.4 -- January 17, 2008
Openfire New Features
Openfire Bug Fixes
- [JM-1242] - Jetty upgraded to fix announced security issue (http://www.kb.cert.org/vuls/id/553235)
- [JM-1232] - LDAP vCard database storage fixed to work properly with Active Directory and others. !!NOTE!! API Changes for providers were required. See important notes below. (1 vote)
- [JM-1240] - Can now delete an avatar when using LDAP.
- [JM-1230] - Current LDAP settings now being kept when editing config from admin interface.
- [JM-1231] - Openfire install directories, log directories, etc are no longer world readable. (1 vote)
- [JM-1233] - RPM uninstall no longer fails if Openfire not currently running.
! Important Notes
The VCardProvider interface/API was updated to make vCard handling more
robust. The change involved changing #createVCard and #updateVCard to return
the vCard (after the provider has possibly altered it) instead of having
no return at all (void). If you are not making any modifications to the
vCard, you will want to adjust your provider to simply return what was passed
into it. Otherwise, return your modified vCard. This will allow the properly
adjusted vCard to be cached.
Openfire Enterprise
- [JM-1243] - Fixed serialization/deserialization of RemoteServerConfiguration between cluster nodes.
- [ENT-222] - SparkWeb - Improved tooltip information.
- [ENT-326] - SparkWeb - Added support for viewing vCard information.
- [ENT-344] - SparkWeb - Background colors of windows can now be programmatically modified.
- [ENT-345] - SparkWeb - User search window can now render fields found in the data form.
- [ENT-354] - SparkWeb - Added support for slash commands. (1 vote)
- [ENT-223] - SparkWeb - Groups are now expanded while searching, remember which to collapse when done searching.
- [ENT-253] - SparkWeb - Set priority based on presence as Spark does.
- [ENT-283] - SparkWeb - Improved 'add conference server' UI.
- [ENT-293] - SparkWeb - Improved selection of server during login.
- [ENT-334] - SparkWeb - Nickname is now autocompleted with vcard information when adding new contact.
- [ENT-342] - SparkWeb - Spacing is no longer displayed for groups that were not displayed.
- [ENT-346] - SparkWeb - Added search button to user search window.
- [ENT-358] - SparkWeb - Display names are now used instead of JIDs for chats.
- [ENT-319] - SparkWeb - Added timestamp to chat window.
- [ENT-321] - SparkWeb - Conference room window no longer shows all services.
- [ENT-335] - SparkWeb - Backslashes were duplicated in one-to-one chat and group-chat windows.
- [ENT-339] - SparkWeb - Bookmarks were not being displayed in conference tab.
- [ENT-348] - SparkWeb - Fixed offline status in user profile while the user was online.
- [ENT-373] - SparkWeb - Distance between groups were not uniform.
- [ENT-375] - SparkWeb - Fixed incorrect error message for conference invitations.
- [ENT-376] - SparkWeb - Only allow inviting online contacts to conference rooms.
- [ENT-377] - SparkWeb - Chat presence icons weren't updating properly.
- [ENT-378] - SparkWeb - Friendlier naming is now used for conference rooms in the message window.
Openfire Connection Manager Module
3.4.3 -- December 27, 2007
Openfire New Features
- [JM-460] - Avatars may now be updated when using LDAP. (60 votes)
- [JM-1216] - Improved login performance by reducing PEP work.
- [JM-1210] - Optimized general performance when doing JID operations.
- [JM-1215] - Improved http binding throughput by setting a maximum number of http worker threads.
- [JM-1205] - Optimized memory consumption when using http-binding.
- [JM-1208] - New database connections are opened when no database connections were found.
- [JM-765] - Created Ubuntu/Debian installer package. (19 votes)
- [JM-1161] - Created Solaris installer package.
- [JM-1222] - Updated JavaMail library to latests version.
Openfire Bug Fixes
- [JM-1204] - Certificate Signing Requests were not generated when issuer name matched xmpp domain.
- [JM-1206] - Fixed encrypted connections for server-2-server (broken in 3.4.2).
- [JM-1207] - SASL EXTERNAL for server-2-server was not accepting wildcard certificates.
- [JM-1211] - Fixed Openfire RPM to properly handle service removal and also shutdowns/startups. (1 vote)
- [JM-1201] - Fixed DMG installer to not overwrite config files.
Openfire Enterprise
- [ENT-107] - Fixed table reference when deleting chat from fastpath.
- [ENT-138] - SparkWeb - Added HTTPS and HTTP support to SparkWeb. (2 votes)
- [ENT-288] - SparkWeb - SparkWeb can now get the crossdomain.xml file from the http binding port.
- [ENT-325] - SparkWeb - Added support for room invitations.
- [ENT-336] - SparkWeb - Login window can now be skipped when using programmatic launch.
- [ENT-333] - SparkWeb - Autocomplete domain when only only username was entered when adding a contact.
- [ENT-261] - SparkWeb - Tab width was too small.
- [ENT-296] - SparkWeb - Loading large contact lists was too slow.
- [ENT-301] - SparkWeb - User search window is no longer transparent.
- [ENT-318] - SparkWeb - Fixed message counter that was incremented with local messages.
- [ENT-322] - SparkWeb - Some users were displayed in the online and offline group.
- [ENT-323] - SparkWeb - Avatars were not in a proper order in the roster.
- [ENT-324] - SparkWeb - Avatars did not always appear.
- [ENT-328] - SparkWeb - Fixed adding a contact from the user seach window.
- [ENT-329] - SparkWeb - Contacts with pending subscription were not listed in the roster correctly.
- [ENT-341] - SparkWeb - Pending contacts that were already in your list when you log in were not placed correctly.
- [ENT-343] - SparkWeb - Fixed error when adding bookmarks from the Conferences tab.
Openfire Connection Manager Module
3.4.2 -- December 6, 2007
Openfire New Features
- [JM-988] - Certificates created and signed by CA can be imported from the admin console. (5 votes)
- [JM-1132] - Added support for XEP-0115: Entity Capabilities.
- [JM-1197] - Added "Notification Filtering" support to PEP based on entity capabilities.
- [JM-1181] - Allowed to retrieve the list of roles a given user session has in all rooms.
- [JM-1196] - File crossdomain.xml is also served from http binding port.
- [JM-1189] - Updated bouncycastle library to latest version.
- [JM-1200] - Updated MINA library to latest version. Improved outgoing traffic throughput!
Openfire Bug Fixes
- [JM-1140] - Certificate Signing Requests did not include issuer metatata. (2 votes)
- [JM-1180] - Username with spaces could not be added to groups.
- [JM-1184] - Some unavailable presence were not processed and users remain in the rooms.
- [JM-1185] - Fixed error in bin/extra/openfired script.
- [JM-1177] - Fixed exception in PEP when using instantFeeds plugin.
- [JM-1179] - Non-relevant errors were printed when going to the clustering page and clustering was not available.
- [JM-1202] - MySQL driver was downgraded to version 5.0.8.
Openfire Enterprise
- [ENT-262] - Clustering was not allowing other plugins to run commands on other nodes.
- [ENT-274] - Plugins were not able to create caches and use them in the cluster.
- [ENT-289] - Updated Coherence to latest version.
- [ENT-271] - Fixed search of archived chats when no end date was specified.
- [ENT-260] - Changed data type used in bytes column for SQL Server.
- [ENT-244] - Added MultiUserChat support to Sparkweb.
- [ENT-273] - Added User Search (XEP-0055) functionality to SparkWeb.
- [ENT-212] - Errors messages no longer appear as modal dialogs in SparkWeb.
- Fixed several roster management issues of SparkWeb.
- Fixed several issues in the chat window of SparkWeb.
Openfire Connection Manager Module
- [JM-1189] - Updated bouncycastle library to latest version.
- [JM-1200] - Updated MINA library to latest version. Improved outgoing traffic throughput!
3.4.1 -- November 1, 2007
Openfire New Features
- [JM-1172] - RSS feed can now be disabled from the admin console.
Openfire Bug Fixes
- [JM-1171] - New installations were not able to log into the admin console.
Openfire Enterprise
Openfire Connection Manager Module
3.4.0 -- October 31, 2007
Openfire New Features
- [JM-1122] - Added support for XEP-0163: Personal Eventing via Pubsub. Thanks to Armando Jagucki.
- [JM-65] - Added roster management from the admin console. (53 votes)
- [JM-773] - Photos can now be retrieved from LDAP for vcards. (42 votes)
- [JM-635] - Plugins can now be uploaded from the admin console. (3 votes)
- [JM-537] - Added crossdomain.xml support for Flash. (7 votes)
- [JM-1147] - Added support for XEP-0059: Result Set Management.
- [JM-1124] - Improved performance of SSL HTTP binding.
- [JM-1128] - Added RSS feed to the admin console to read igniterealtime news.
- [JM-1046] - Added support for privacy list event listener.
- [JM-1121] - Events are now triggered when an available or unavailable presence is received for remote users.
- [JM-1061] - Events are now triggered after trying to load/unload plugins.
- [JM-1118] - Allowed to add new identities to be included in disco#info replies.
- [JM-1119] - Allowed to add new items to disco#item replies sent to bare JIDs.
- [JM-1120] - Modified PresenceEventListener to include presence subscription events.
- [JM-1151] - IQResultListeners are now alerted when no answer was received after a while.
- [JM-1159] - Updated MySQL driver to latest version.
- [JM-1089] - Updated bouncycastle library to latest version.
- [JM-1142] - Updated Base64 implementation.
- [JM-1158] - Updated jTDS to latest version.
Openfire Bug Fixes
- [JM-1150] - Messages sent to bare JID were being sent to session with oldest activity rather than latest activity.
- [JM-1075] - Message sent to unavailable full JID of existing user was not routed to the bare JID.
- [JM-1145] - SASL authentication was sometimes ignoring initial tokens.
- [JM-1084] - Users in another domain could set the vCard of an Openfire user.
- [JM-1066] - Client idle timeout was considering incoming and outgoing traffic. (3 votes)
- [JM-1144] - Messages with body and subject were processed as attempts to change the room subject.
- [JM-1153] - Column in mucConversationLog was using a reserved work in Blackfish SQL.
- [JM-1082] - Fixed NPE in MUCRoomImpl.
- [JM-1058] - Renamed many column names to be comparible with Firebird SQL and Blackfish SQL. (1 vote)
- [JM-1169] - Big vcards were being truncated in mysql.
- [JM-1154] - End of stream was not being sent to client when closing connections from the server.
- [JM-1080] - Fixed custom database groups integration bug.
- [JM-1131] - Multiple consecutive spaces in a contact's group name were replaced with a single space.
- [JM-1050] - Proxy transfer streams are now closed more reliably.
- [JM-1052] - Media proxy could fail when using SRV record.
- [JM-1059] - Clients could hang when trying to use stream compression.
- [JM-1085] - Active sessions are now closed and a <not-authorized/> stream error is returned when cancelling a user account.
- [JM-1091] - Connected but not available sessions appeared as online in the session summary page.
- [JM-1051] - PluginManager can now return the JAR/WAR file that created a plugin.
- [JM-1055] - Plugins are now initialized using plugin class loader.
- [JM-1056] - Port listeners are started once plugins have been loaded.
- [JM-1152] - Plugins failed to load if there was a newline in the class name.
- [JM-1092] - Plugins that failed to be unloaded were reloaded.
- [JM-1095] - Fixed session counter when closing session that never authenticated.
- [JM-1070] - Counter of sent packets from the server to the client was always zero.
- [JM-1096] - HTTP binding could allow packets to be sent on behalf of other users.
- [JM-1097] - A not-authorized error is now returned when user tries to bind a resource before authenticating.
- [JM-1137] - JIDs were incorrectly compared.
- [JM-845] - Password no longer changes randomly in "Email Settings".
- [JM-1113] - XML properties could be set which contain XML entities.
- [JM-1123] - Presences sent between components are now routed.
- [JM-1129] - Retrieving room history was not working in Oracle.
- [JM-1069] - Modules were cleaned up before stopping plugins.
- [JM-1143] - Fixed typo in Kuala Lumpur time zone.
- [JM-1168] - Deleting a user in the admin console now boots them offline.
Openfire Enterprise
- [ENT-43] - Added clustering support. (38 votes)
- Added web client named SparkWeb.
- [ENT-205] - Table entConParticipant failed to be created in MySQL when using charset UTF-8.
- [ENT-234] - Conversation transcript failed to export to PDF.
- [ENT-199] - Fixed typo in statistic sever_sessions.
Openfire Connection Manager Module
- [JM-1066] - Client idle timeout was considering incoming and outgoing traffic. (3 votes)
3.3.3 -- September 20, 2007
Openfire New Features
- [JM-1054] - Updated MINA library to latest version. Nice optimizations and fixes.
- [JM-1126] - Added debug information when quering LDAP for groups of a given user.
Openfire Bug Fixes
- [JM-1127] - Parsing XML containing multibyte characters could add null characters to the resulting stanza. Thanks to Tim.
- [JM-1125] - An IQ of type error is now returned instead of closing the connection when an internal error occurs while processing an IQ packet.
Openfire Enterprise
- [ENT-135] - Added SparkWeb Flash Beta.
- [ENT-129] - Round robin algorithm is no longer used when transfering/invitating a single user.
- [ENT-131] - Fixed "Agent never joined" issue with Webchat.
- [ENT-133] - Removing Demo workgroup and user was causing other workgroups to fail.
- [ENT-136] - Workgroup queues page was showing wrong number of agents logged in.
- [ENT-65] - An empty list was being shown when no workgroups were configured in Spark Fastpath Webchat Plugin.
- [ENT-112] - Conversation archiving was sometimes logging a conversation as two conversations.
- [ENT-36] - There was no way to disable chat transcript settings once set.
- [ENT-86] - Logging into fastpath was using the users current presence, and no longer defaulting to "Available".
- [ENT-166] - Emails were not being encoded in email transcripts.
- [ENT-78] - User is now alerted in offline settings if their email settings were not set.
- [ENT-81] - Fixed Javascript error in webchat userinfo page. (province not found)
- [ENT-137] - Crossdomain servlet was not sending out correct response occasionally.
Openfire Connection Manager Module
- [JM-1127] - Parsing XML containing multibyte characters could add null characters to the resulting stanza.
- [JM-1054] - Updated MINA library to latest version.
3.3.2 -- June 22, 2007
Openfire New Features
Openfire Bug Fixes
- [JM-1087] - ! Fixed out of memory problem produced by XMPPDecoder.
- [JM-1088] - ! Fixed out of memory problem produced by XMLLightweightParser.
- [JM-1074] - HTTP Binding no longer depends upon /resources/spank directory.
- [JM-1090] - Modified SSO authorization to use uppercase when comparing principals.
Openfire Enterprise
Openfire Connection Manager Module
- [JM-1087] - ! Fixed out of memory problem produced by XMPPDecoder.
- [JM-1088] - ! Fixed out of memory problem produced by XMLLightweightParser.
3.3.0 -- April 12, 2007
! Upgrade Information
Due to the name change from Wildfire to Openfire you must follow the steps descibed in the upgrade guide.
Openfire New Features
- Renamed Wildfire to Openfire.
- [JM-14] - Improved delivery strategy when connected from multiple resources.
- [JM-1006] - Added support for room event listeners.
- [JM-1007] - Occupants in rooms can now be seen from the admin console.
- [JM-420] - Created ad-hoc command that forwards packets to components.
- [JM-868] - Added favicon to admin console.
- [JM-1021] - Added web folder to the plugin classloader.
- [JM-1024] - Updated JVM to 1.6.0_u1.
Openfire Bug Fixes
- [JM-1022] - Fixed memory leaking problem in HttpBinding.
- [JM-1009] - Messages sent to bare-JID addresses were sent to resources with negative priority.
- [JM-897] - Client sessions were not always being counted correctly. (3 votes)
- [JM-1031] - Links were incorrect when using child plugins. Thanks to Guus der Kinderen.
- [JM-1004] - ComponentManager could be null after modules have been started.
- [JM-1028] - Fixed NPE when no room name was specified when trying to register with room.
- [JM-1023] - Unicode (UTF-8) charset is now used instead of ISO-8859-1 in admin console pages.
Openfire Enterprise
- [ENT-93] - Added support for group chats archiving.
- [ENT-94] - Updated iText library to latest version.
- [ENT-95] - Updated jRobin library to latest version.
Openfire Connection Manager Module
3.2.4 -- March 29, 2007
Wildfire New Features
- [JM-1018] - Updated MINA library to latest version.
Wildfire Bug Fixes
- [JM-991] - Fixed XML parsing problem with />. (1 vote)
- [JM-1003] - Fixed XML parsing problem with open quotes. (1 vote)
- [JM-1019] - Changed idle timeout to 6 minutes.
Wildfire Enterprise
- [ENT-101] - Transfers and invites across workgroups were failing.
Wildfire Connection Manager Module
- [JM-991] - Fixed XML parsing problem with />. (1 vote)
- [JM-1003] - Fixed XML parsing problem with open quotes. (1 vote)
3.2.3 -- March 15, 2007
Openfire New Features
- [JM-998] - Added milliseconds to timestamp in the audit log.
- Stream compression is back again available.
Openfire Bug Fixes
- [JM-993] - Removing idle connections could fail and freeze the server. (1 vote)
- [JM-997] - Fixed TLS problem when using Pandion.
- [JM-1001] - Fixed http-binding deadlock.
- [JM-992] - Direct buffers were used by default instead of heap buffers.
- [JM-994] - IQ packet sent to a full JID that was not available was being routed to other resource of the same user.
- [JM-987] - Server can now recover from UnknownHostException during setup.
- [JM-990] - IQ type is now verified when handling iq:version requests.
- [JM-996] - Invalid SASL mechanisms were being offered to CMs.
- [JM-1002] - Changed default idle timeout value to 2 minutes.
Openfire Enterprise
- [ENT-90] - Metadata of user request is now included when initiating or transferring to another agent.
Openfire Connection Manager Module
- [JM-995] - Connection Manager connection was being closed when client used invalid SASL mechanism.
- [JM-992] - Direct buffers were used by default instead of heap buffers.
- [JM-997] - Fixed TLS problem when using Pandion.
- [JM-1000] - Connection Managers were not using SRV records for the DNS lookup.
3.2.2 -- February 19, 2007
Openfire New Features
Openfire Bug Fixes
- [JM-983] - Client became unresponsibe after sending message that ended with "/".
- [JM-984] - Client became unresponsibe after sending a stanza with a comment.
- [JM-985] - Fixed presence problem when shared groups can be seen by other groups.
- [JM-986] - Fixed out of order RID errors in HTTP-Binding.
- [JM-966] - Disabled multi-cast DNS by default.
Openfire Enterprise
Openfire Connection Manager Module
- [JM-983] - Client became unresponsibe after sending message that ended with "/".
- [JM-984] - Client became unresponsibe after sending a stanza with a comment.
3.2.1 -- February 15, 2007
Openfire New Features
- [JM-974] - Updated MUC implementation to send role="none" when leaving a room.
- [JM-978] - Updated MINA library to latest version.
- [JM-977] - Updated bouncycastle library to latest version.
- New draft page for importing signed certificates.
Openfire Bug Fixes
- [JM-970] - Fixed deadlock when using old SSL method.
- [JM-980] - Fixed DOS attack by closing connection from client that tries to send a "never ending" packet.
- [JM-981] - Fixed parsing of packets with nested elements with the same name.
- [JM-981] - Fixed parsing of <stream:stream>.
- [JM-968] - The https port was not working in the admin console.
- [JM-963] - A throwable exception was preventing users from logging in.
- [JM-959] - HTTP-Binding was failing over HTTPS.
- [JM-969] - HTTP-Binding sessions were not being closed properly.
- [JM-971] - Messages could be lost when using HTTP Binding.
- [JM-973] - HTTP-binding would be held open and not closed when new packets arrived.
- [JM-972] - Fixed presence problem when shared groups can be seen by a common non-shared group and both users belong to such group.
- [JM-979] - Fixed NPE when auditing message received from legacy network.
- [JM-962] - PLAIN SASL authentication failed to authenticate clients that were sending bare JIDs.
- [JM-975] - Client connections were closed before flushing end of stream stanza.
- [JM-967] - Plugins that require a newer server version were shown as available to be installed.
- [JM-965] - Available Plugins was listing reports that list "has not been downloaded" when all available plugins were installed.
Openfire Enterprise
- [ENT-53] - Webchat is now more resistant to network failures.
- [ENT-68] - Webchat setup is now always required.
- [ENT-69] - Webchat was not connecting to agent when using IE6.
- [ENT-70] - Webchat could kill the JVM when not able to connect to Openfire.
- [ENT-71] - Webchat now properly disconnects dangling connections.
- [ENT-79] - SIP Phone now sends on-phone presence.
Openfire Connection Manager Module
- [JM-970] - Fixed deadlock when using old SSL method.
- [JM-980] - Fixed DOS attack by closing connection from client that tries to send a "never ending" packet.
- [JM-981] - Fixed parsing of packets with nested elements with the same name.
- [JM-978] - Updated MINA library to latest version.
- [JM-977] - Updated bouncycastle library to latest version.
3.2.0 -- February 6, 2007
Openfire New Features
- [JM-925] - Improved scalability of Openfire.
- [JM-356] - Added support for XEP-0124: HTTP Binding. (34 votes)
- [JM-936] - Added STUN server support.
- [JM-937] - Added Media Proxy for Jingle.
- [JM-941] - Allowed to set read timeout when connected to LDAP (requires Java 1.6).
- [JM-912] - Added listener for offline messages. (1 vote)
- [JM-944] - Bundled root certificate of XMPP Intermediate Certificate Authority.
- [JM-948] - Updated truststore with Java 6 built-in certificates.
- [JM-946] - Removed Jetty information from HTTP headers.
- [JM-892] - Simplified certificates creation and process of signing certificates. (10 votes)
- [JM-767] - Added Mac OS X DMG installer.
- [JM-893] - Added support for certificate event listeners.
- [JM-934] - Added new plugin that provides load statistics.
- [JM-914] - Added new ad-hoc command to get server info and basic statistics.
- [JM-657] - Optimized algorithm used for sending packets to remote servers when new connections are required.
- [JM-924] - PacketInterceptors are now triggered in the routing layer and not the networking layer.
- [JM-915] - Added support in ComponentManager for sending packets in blocking mode.
- [JM-901] - Updated support for 'creation of collection nodes' based on latest XEP-60.
- [JM-913] - Support for multiple subscriptions is now optional in PubSubModule.
- [JM-931] - Allowed components to create nodes and publish items.
- [JM-949] - Default configuration of new group chat rooms can now be configured.
- [JM-950] - Group chat rooms are now not anonymous by default.
- [JM-952] - Allowed to explicitly specify the FQDN of the server.
- [JM-935] - Added to the admin console information about ports being used by the server.
- [JM-900] - Upgraded to latest installer version.
- [JM-888] - Updated bouncycastle library to latest version.
- [JM-939] - Updated bundled JVM to 1.6.0 (Note: Java 5 or later is required).
Openfire Bug Fixes
- [JM-957] - Execution of DB2 scripts is now working.
- [JM-947] - A nice error message is now displayed when trying to view user properties of a non-existent user.
- [JM-943] - Messages with no body and no subject were being store in rooms' history.
- [JM-940] - Fixed NPE in server certificates page.
- [JM-885] - Fixed parsing of mappings when using more than one LDAP field.
- [JM-886] - Loaded vCards were not being updated after reconfiguring LDAP settings.
- [JM-906] - Email test page was not working when integrated with LDAP.
- [JM-954] - No IQ error was being returned when an error occurs while processing an IQ roster packet.
- [JM-887] - PluginManager was being used by modules before it was created.
- [JM-889] - Fixed NPE in LdapVCardProvider when username was not found.
- [JM-890] - Fixed error when IQ error packet failed to be handled.
- [JM-895] - TLS was being offered even when keystore was empty.
- [JM-896] - Fixed error that was closing a database statement twice.
- [JM-902] - Component domain was not being released if an error occured while registing a new component.
- [JM-916] - External components were able to connect to the server before the server has finished to start up.
- [JM-903] - Sending "subscribed" presence to a new user was updating roster of both users.
- [JM-918] - Fixed error when shared group had no display name.
- [JM-928] - Clicking on login link from setup could fail with 404.
- [JM-933] - Enabling/disabling anonymous connections no longer requires a server restart.
- [JM-938] - "Per-user offline message storage limit" can now be updated.
- [JM-755] - Fixed compilation problem under JDK 1.6.
Openfire Enterprise
- [ENT-50] - Added support for SIP integration.
- [ENT-35] - Archiving was only done one-way with gateways.
- [ENT-44] - Added support for transfering support session to another workgroup, queue, agent or user.
- [ENT-63] - Fixed security breach when viewing messages of ongoing support sessions.
- [ENT-56] - Warning message is now displayed when license is about to expire (30 days).
- [ENT-54] - Added support for iq:version to components to discover Openfire version.
- [ENT-55] - Changed license validation to validate maintenance date.
- [ENT-62] - Fixed display error in dashboard when accessing the page immediately after start up.
- [ENT-37] - Fixed error in MSSQL due to conflict with keyword.
- [ENT-59] - Added Portuguese translation.
Openfire Connection Manager Module
- [JM-907] - Improved scalability of ConnectionManagers.
- [JM-926] - Added stringprep operations in Connection Manager to offload Openfire.
3.1.1 -- October 27, 2006
Openfire New Features
- [JM-870] - Added support for testing administrator accounts during LDAP setup.
- [JM-875] - Added support for testing user mapping settings during LDAP setup.
- [JM-876] - Added support for testing group mapping settings during LDAP setup.
- [JM-877] - Added support for changing existing LDAP settings from admin console.
- [JM-722] - Added alternate base DN support for user data. (3 votes)
- [JM-595] - Admin console now shows last time a user logged out from the server. (5 votes)
- [JM-866] - Increased max size of LDAP filters to 250 characters.
- [JM-864] - Updated LDAP guide with new setup procedure.
- [JM-871] - Updated Java mail library to latest version.
- [JM-879] - Streamlined build process.
Openfire Bug Fixes
- [JM-859] - Conflict policy is now applied after successful login when using iq:auth.
- [JM-878] - Some settings were not being saved when configuring LDAP from the admin console.
- [JM-880] - Logging into the admin console could not work after initial setup when using LDAP.
- [JM-883] - UTF-8 was not always being used when reading/writing XML content.
Openfire Enterprise
- [ENT-30] - Enabling/disabling meta-data archiving was not working.
- [ENT-31] - MS-SQL 2005 script failed to execute.
- [ENT-32] - Conversations with users through gateway were not being marked as external.
- [ENT-33] - Fixed editing of routing rules when using quotes.
- [ENT-34] - Removed scheduling feature from Fastpath.
Openfire Connection Manager Module
- [JM-867] - Socket connections were closed under high load.
- [JM-881] - Fixed NPE when closing connection manager session.
3.1.0 -- October 9, 2006
Openfire New Features
- [JM-761] - Added new gateway plugin with AIM and ICQ support. (36 votes)
- [JM-769] - Added Yahoo protocol support to the gateway plugin. (18 votes)
- [JM-770] - Added MSN protocol support to the gateway plugin. (27 votes)
- [JM-193] - Improved LDAP support. (26 votes)
- [JM-820] - Added support for presence event listeners.
- [JM-797] - Added database statistics monitoring.
- [JM-807] - Added support for roster event listeners.
- [JM-804] - Added support for component event listeners.
- [JM-860] - Added Pack200 support for plugins.
- [JM-843] - Optimized session retrieval from SessionManager.
- [JM-816] - Created ad-hoc commands for managing groups.
- [JM-808] - Enhanced roster to be able to hold non-persistent roster items.
- [JM-194] - Editing of users is now not allowed when they are read-only. (1 vote)
- [JM-833] - Improved openfired script.
- [JM-771] - Added search method to GroupProvider. (1 vote)
- [JM-824] - Added #getComponents() to InternalComponentManager.
- [JM-827] - Upgraded to hsqldb 1.8.0.5.
- [JM-805] - Updated JVM to 1.5.0_08.
Openfire Bug Fixes
- [JM-851] - Fixed presence issues with LDAP and shared groups. (3 votes)
- [JM-844] - Enabled LDAP connection pooling by default.
- [JM-832] - Connection pooling is no longer used for LDAP authentication.
- [JM-846] - Improved error handling if connection to JS plugin update service is not possible.
- [JM-854] - Improved handling of SQL command parts.
- [JM-839] - Internal server errors while processing MUC packet was not returning any response to client.
- [JM-842] - Message flooding was checking ALL sessions instead of only user sessions.
- [JM-818] - Change in DB upgrade code broke plugin upgrades.
- [JM-819] - Upgrades for non-Openfire schemas was checking against wrong version.
- [JM-822] - Users from LDAP now have correct creation date.
- [JM-691] - Documentation for "Create a shared roster group" was incorrect. (3 votes)
- [JM-826] - MUC disco name was being hardcoded.
- [JM-828] - Rooms were allowing owners, admins and outcasts to be duplicated.
- [JM-862] - Messages with no body and no subject were being logged in group chat rooms.
- [JM-817] - Fixed small security hole in email settings page.
- [JM-781] - Stream compression is now optional by default for client-2-server connections.
- [JM-792] - Improved syntax of LDAP searchFilter and groupSearchFilter.
- [JM-809] - In band registration was accepting new users with no password.
- [JM-810] - Presence subscription packets sent to the server were broadcasted to all connected users.
- [JM-701] - Fixed bug with roster modification when deleting shared group. (7 votes)
- [JM-801] - Removing users from shared group could generate roster items in the database.
- [JM-811] - Fixed case-sensitive error while authenticating users.
- [JM-784] - Success data included after a SASL successful operation was not being encoded.
- [JM-794] - SASL mechanisms were being offered to remote servers even before securing the socket.
- [JM-796] - Fixed "null cert chain" error when trying to secure s2s connection.
- [JM-789] - CN field in certificates was not being correctly parsed.
- [JM-785] - Retrieving a privacy list was including two list elements in the answer.
- [JM-780] - Plugin check is now based on original JAR date, not on unzip date.
- [JM-786] - JDBCAuthProvider and JDBCUserProvider were using wrong property names.
- [JM-812] - It was not possible to retrieve offline messages with invalid XML characters.
- [JM-793] - Counter of client sessions was wrong.
- [JM-783] - Admin console now displays actual bound IP address. (1 vote)
- [JM-790] - Removed database scripts from the openfire JAR.
- [JM-815] - Changed <entity/> element to <subscription/> element in response to subscription request.
- [JM-861] - Moved abrupt connection closure messages to debug.
- [JM-863] - XMLProperties was not able to store CDATA.
Openfire Enterprise
Openfire Connection Manager Module
- [JM-795] - DNS SRV lookup was overriding port to use to connect Connection Manager to server.
- [JM-788] - manager.xml was not using the correct property for setting the client port. (1 vote)
- [JM-814] - Connections between Connection Managers and Openfire are not encrypted by default.
3.0.1 -- July 13, 2006
Openfire New Features
- [JM-752] - A proxy server can now be used to download updates. (1 vote)
- [JM-754] - Added JDBC user provider and documentation.
- [JM-759] - Added support for vCards events. Thanks to Remko Tronçon.
- [JM-762] - Performance optimized by reducing privacy list SQL calls when no privacy lists used.
Openfire Bug Fixes
- [JM-744] - Presence updates were not being sent to shared contacts whose subscriptions is FROM.
- [JM-745] - Users of the same group (not shared) that can see a shared group were receiving presences of each other.
- [JM-750] - Presence subscription was incorrect when adding group member to non-shared group that could see shared group.
- [JM-758] - Available presence was not being sent to all connected resources after subscription was approved.
- [JM-775] - Member of public group was not able to add to his roster contact that did not belong to public group.
- [JM-776] - Members of public shared groups were not getting their rosters updated when a new user was created in the system.
- [JM-777] - Presence was not working when creating new shared groups and at the same time defining list of members.
- [JM-695] - Fixed presence problem when using shared group loaded from LDAP. (5 votes)
- [JM-772] - An error is now logged when Openfire cannot connect to the LDAP server.
- [JM-741] - Fixed javascript error while updating plugin. (1 vote)
- [JM-742] - Fixed NPE in privacy lists when presence packet has no TO address.
- [JM-748] - Fixed NPE when trying to unload a bad plugin in plugin-admin page.
- [JM-749] - TLS feature was being offered to clients using old SSL method.
- [JM-760] - Fixed login problem when using uppercase letters in username and there is a resource conflict.
- [JM-763] - Removed warning from logs on installation.
- [JM-768] - A semicolon was missing in mysql and sqlserver upgrade scripts #9.
- [JM-778] - Fixed error when trying to unregister an account from a client.
- [JM-751] - Moved getPassword/setPassword methods from UserProvider to AuthProvider.
Openfire Enterprise
- [ENT-19] - Message archiving was failing on Postgres.
Openfire Connection Manager Module
3.0.0 -- June 29, 2006
Openfire New Features
- [JM-666] - Added support for connection managers.
- [JM-281] - Added support for Kerberos/NTLM (status: experimental). (56 votes)
- [JM-673] - Added database support for plugins.
- [JM-677] - Added i18n support for plugins.
- [JM-718] - Added servlet filter framework for plugins.
- [JM-683] - Added support for virtual connections.
- [JM-684] - Added support for JEP-0164: vCard Filtering
- [JM-704] - Added support of other password types to JDBCAuthProvider.
- [JM-715] - Added support for notifications of new server or plugins updates.
- [JM-740] - Added support for adding/removing SASL mechanisms at runtime.
- [JM-719] - Allowed flat searches of LDAP instead of sub-tree.
- [JM-680] - Improved performance of server-to-server connections by using many threads to process incoming packets.
- [JM-720] - Improved performance of SessionManager#getSessionCount().
- [JM-687] - Added support for non-blocking connections (status: experimental). (1 vote)
- [JM-717] - Updated the look and feel in the admin console.
- [JM-305] - Server features list is now dynamic. (1 vote)
- [JM-652] - Caching of favicons has been improved.
- [JM-675] - File transfer service can now be enabled/disabled. (2 votes)
- [JM-676] - MUC service can now be enabled/disabled. (1 vote)
- [JM-679] - SASL success stanza now includes challenge data that needs to be processed by clients.
- [JM-678] - SASLAuthentication was refactored to accommodate HTTP Binding and Connection Managers. (1 vote)
- [JM-688] - Updated third-party libraries.
- [JM-713] - Updated bundled MySQL driver.
- [JM-688] - Upgraded to JDK 1.5.0_07.
Openfire Bug Fixes
- [JM-702] - Presence updates were not being broadcasted to other connected resources. (4 votes)
- [JM-735] - Presence packets sent to bare JIDs were not being sent to all connected resources.
- [JM-731] - DNS lookups was failing with some DNS servers.
- [JM-707] - A <system-shutdown/> stream error condition is now sent when shutting down the server.
- [JM-653] - FileTransfer was not implementing Cacheable.
- [JM-654] - Fixed conflict in Proxy Transfer cache name.
- [JM-655] - File Transfer Proxy no longer returns null disco#items.
- [JM-710] - File Transfer Proxy socket was not being cleaned up properly.
- [JM-721] - File Transfer Proxy did not acknowledge configured interface.
- [JM-661] - Field digest_frequency of pubsubSubscription table in MySQL was too small.
- [JM-665] - Accessing published items of a pubsub node was expecting that requester was subscribed to the node.
- [JM-672] - Updated the way pubsub node owners manage node affiliations and subscriptions.
- [JM-708] - Answer format was incorrect when returning pubsub node affiliations or node subscriptions of a node owner.
- [JM-667] - Roster items with subscription NONE and ask PENDING were being sent to clients.
- [JM-668] - Fixed error when deleting a user with shared contacts that belong to public shared groups.
- [JM-669] - Added fix for "javax.net.ssl.SSLException: Unsupported record version Unknown" error.
- [JM-729] - Server was not processing IQ errors triggered by IQ requests made by the server.
- [JM-732] - mucConversationLog was storing room's JID instead of the sender's JID.
- [JM-681] - No more than 5 concurrent threads were used for creating new server-to-server connections.
- [JM-670] - Flash clients were waiting forever for a response if old SASL method failed or there was a conflict while binding a resource.
- [JM-671] - Fixed NPE when external component did not include a TO attribute in stream header.
- [JM-674] - Fixed NPE in IQDiscoItemsHandler when an ServerItemsProvider was disabled.
- [JM-698] - Fixed bug in XMLProperties.getChildren.
- [JM-728] - Fixed PK length error when upgrading jivePrivate in MySQL using URF-8.
- [JM-736] - Added commit statement to Oracle db scripts.
- [JM-737] - Fixed invalid character error when upgrading Oracle database.
- [JM-700] - Increased the column size of "username" from 32 to 64.
- [JM-706] - Non-SASL Authentication stream feature was not being offered when anonymous login was disabled.
- [JM-712] - VCard manager was not returning vcard-temp as a stream feature.
- [JM-726] - Privacy list now implements Cacheable interface.
- [JM-656] - Streamlined disco registration process.
- [JM-709] - An exception is now thrown when plugin servlet class was not found.
- [JM-663] - UserProvider no longer depends on VCardManager.
Openfire Enterprise
Openfire Connection Manager Module
2.6.2 -- April 20, 2006
Bug Fixes
- [JM-648] - Server-to-server thread pool was getting exhausted when remote servers were unresponsive.
- [JM-650] - Fixed concurrency problem that was closing active connections by mistake.
- [JM-642] - Deleting a user was not removing all references from memory.
- [JM-646] - Fixed error when searching for groups of a non-local user when using LDAP.
- [JM-571] - File transfer proxy was not being removed from service discovery when disabled. (1 vote)
- [JM-638] - Unhandled exceptions while processing IQ packets were not always returning IQ errors.
- [JM-639] - Fixed ConcurrentModificationException while purging a pubsub node.
- [JM-640] - A "service-not-implemented" error was being returned after an ad-hoc command was handled by pubsub.
- [JM-641] - Modified pubsub tables so that all supported databases may correctly run the database scripts.
- [JM-644] - Allowed Base64 decoding that doesn't encode bytes as String.
- [JM-645] - Fixed recursivity error in SessionManager when searching for best route.
- [JM-647] - Sometimes users were remaining as room occupants when using shared groups.
- [JM-649] - Increased proxy file transfer buffer size.
2.6.1 -- April 11, 2006
New Features
- [JM-222] - Entire user base is no longer loaded when using public shared groups. (1 vote)
- [JM-634] - Shared contacts whose subscription type is FROM are no longer kept in memory.
- [JM-633] - Added sorting to session list.
- [JM-637] - Added support for basic commands defined in JEP-133: Service Administration.
Bug Fixes
- [JM-636] - After initial install new user accounts were corrupted until restart.
- [JM-630] - Fixed upgrade scripts of PostreSQL, SQLServer and Sybase.
- [JM-631] - New user passwords were not being saved to the database.
2.6.0 -- April 6, 2006
New Features
- [JM-291] - Encrypted passwords are now stored in the db. (21 votes)
- [JM-613] - Added support for JEP-0060: Publish-Subscribe. (1 vote)
- [JM-298] - Auditing now supports rolling over by date. (12 votes)
- [JM-599] - Improved performance by avoiding queries to load users.
- [JM-607] - Improved performance by avoiding unnecessary LDAP queries.
- [JM-608] - Improved performance when detecting which groups are shared groups.
- [JM-621] - Improved performance by avoiding using locks in RoutingTable (server core).
- [JM-605] - Improved performance by caching groups.
- [JM-606] - Added JDBC Authentication provider.
- [JM-600] - Added support for managing system caches from the admin console.
- [JM-624] - Allowed external components to bind more than one domain.
- [JM-603] - Improved db upgrade process.
- [JM-609] - Refactored Ad-hoc commands so that services can also offer ad-hoc commands.
- [JM-597] - Improved LDAPGroupProvider Exception Handling.
- [JM-625] - Added support for XMPPServer listeners.
- [JM-620] - Added development mode for web.
- [JM-623] - Exposed port in connection object.
- [JM-614] - Updated third-party libraries.
Bug Fixes
- [JM-615] - Fixed deadlock when loading users and rosters.
- [JM-621] - Fixed deadlock in RoutingTable.
- [JM-495] - Server session tab was loading very slow.
- [JM-596] - LDAP connections were not being closed correctly.
- [JM-601] - LDAP referrals were not being respected while verifying authentication.
- [JM-604] - SASL EXTERNAL for s2s was not checking if certificate validation was disabled.
- [JM-611] - PLAIN SASL authentication was not accepting empty auth packets.
- [JM-627] - Null SASL responses were not being padded.
- [JM-610] - Fixed NPE in privacy list when user session no longer exists.
- [JM-612] - Registering new internal components was not checking that component domain is not taken.
- [JM-618] - Remote server count was wrong.
- [JM-619] - Names of users were not being sorted when loading from database.
- [JM-622] - Admin console was failing to startup on unexpected log impl.
- [JM-626] - Several instances of the same disco#item could appear in the server's disco#items.
- [JM-628] - Pretty printing of openfire.xml file was not always working.