What's new in Openfire 4.2.2
Feb 14, 2018
- Bug:
- [OF-1440] - The Group Chat Administrators web page has blank JIDs
- [OF-1460] - ClassCast Exception on admin console sessions listing when running hazelcast
- [OF-1468] - Group Chat History returns one message too many
- [OF-1470] - WebSocket endpoint should allow null path
- [OF-1478] - Hazelcast Plugin Memory Leaks
- [OF-1480] - LDAP auth fails with clustering plugin
- New Feature:
- [OF-1469] - Implement XEP-0215 External Service Discovery
- Task:
- [OF-1466] - Update bundled JRE with the latest version
- Improvement:
- [OF-1454] - Add generic mapping function to AuthorizationBasedUserProviderMapper
- [OF-1455] - Allow for bulk XML property migration
- [OF-1461] - Making fastpath plugin compatible with openfire meetings
- [OF-1471] - Terminate streams upon invalid XEP-0198 acknowledges.
New in Openfire 4.2.1 (Dec 20, 2017)
- Bug:
- [OF-1254] - Database update scripts for 25 set version 24
- [OF-1450] - Some admin console text is hardcoded
- [OF-1451] - Support for SNAPSHOT plugin versions
- Improvement:
- [OF-1447] - Improve deployability of Maven artifacts to public repository.
- [OF-1448] - Don't require i18n source files to be encoded.
- [OF-1452] - Updated Russian Translation
New in Openfire 4.2.0 (Dec 4, 2017)
- Sub-task:
- [OF-210] - Add support for Roster Versioning (aka XEP-0237)
- [OF-548] - Find maven-managed artifacts to replace third-party libraries.
- [OF-549] - Create "XMMP Server" module
- [OF-552] - Create "Webadmin" module
- [OF-553] - Create distribution module(s).
- [OF-554] - Create parent plugin module
- [OF-555] - Create plugin modules
- Bug:
- [OF-394] - Shouldn't show an exception when creating room with illegal characters in JID
- [OF-1134] - JustMarried: Allow roster alias to be changed
- [OF-1145] - Avatar Resizer plugin issues when using LdapVCardProvider
- [OF-1159] - System Property Encryption is not cluster aware
- [OF-1193] - Avatar resizer plugin: ClassNotFoundException
- [OF-1208] - Option to block anonymous logins from sending s2s packets
- [OF-1250] - Old DWR causes CSRF, XSS in Admin Console
- [OF-1262] - Error message for failed login on admin console contains moderator verbage
- [OF-1308] - Openfire not closing stream gracefully with
- [OF-1309] - S2S communication on wrong stream
- [OF-1329] - Session fixation in admin web console
- [OF-1335] - Forwarded messages rewritten to default namespace over S2S
- [OF-1356] - Add a section about upgrading from x86 to x64 to Upgrade guide (Windows)
- [OF-1366] - NullPointerException in Group lookup
- [OF-1384] - Disco-item handler should process any domain
- [OF-1393] - OpenFire randomString has too many digits
- [OF-1400] - XSS in server name field
- [OF-1401] - SMS error message handling doesn't escape content correctly
- [OF-1403] - Muc admin doesn't escape group names correctly
- [OF-1417] - CVE-2017-15911 XSS with domain in setup-host-settings.jsp
- [OF-1422] - MUC Nick Sharing can cause rejoin to fail
- [OF-1423] - Websocket message size is restricted to 65536
- [OF-1424] - CME while calculating Group Cache stats
- [OF-1427] - PEP should respond to service discovery
- [OF-1429] - Closed BOSH sessions are still on admin console as client sessions
- [OF-1430] - SCRAM-SHA-1 not offered when it should be, and maybe vice-versa
- [OF-1431] - XMPP Ping without type= set causes a NPE
- [OF-1436] - Sharing BOSH context should not prevent context restart.
- [OF-1441] - test Maven dependencies being included in distribution
- [OF-1442] - dom4j included twice in (maven) target directory
- [OF-1443] - rpm install needlessly requires java-headless
- [OF-1444] - mvn package is expanded environment variables
- New Feature:
- [OF-35] - Create an admin console for pubsub
- [OF-159] - Add an s2s testing feature
- [OF-1336] - User Property Provider
- [OF-1353] - Introduce 'priorToServerVersion' for plugins
- [OF-1402] - XEP-0198 Resumption for Client Sessions
- Task:
- [OF-1286] - Update shipped CA truststore
- [OF-1316] - Update Tinder to 1.3.0
- [OF-1320] - Update bundled JRE with the latest version
- [OF-1339] - Merge websocket plugin with core
- [OF-1380] - all.log should be exposed via Openfire Admin Console
- [OF-1411] - Update bundled JRE with the latest version
- [OF-1428] - Remove deprecated Clustering plugin
- Improvement:
- [OF-200] - In user summary, display "currently logged in" instead of blank in last logout column
- [OF-1030] - Monitoring Service plugin Search Archive Date Range field validation
- [OF-1256] - Display the current clustering status on the admin screens
- [OF-1306] - Cache LDAP UserDN searches
- [OF-1313] - Add protection for Cross-Site Request Forgery in MoTD plugin
- [OF-1314] - Add the ability to disabled delayed delivery (XEP-203)
- [OF-1317] - Update dom4j from 1.6.1 to 2.0.0
- [OF-1328] - Update JSTUN library in stunserver plugin
- [OF-1368] - Add an informational message during failed login
- [OF-1370] - inVerse plugin: hide registration tab when appropriate.
- [OF-1373] - Check for changes in keystores
- [OF-1379] - Packet interceptors should trigger on error response when s2s fails
- [OF-1391] - Update bundled postgresql JDBC Driver to 42.1.4
- [OF-1408] - Display cache expiry times, entry, hit and miss counts on the Cache Summary page
- [OF-1409] - Audit clearing of caches
- [OF-1410] - Allow openfire.bat to start in other folders
- [OF-1413] - Clarify Candy and InVerse readme
- [OF-1415] - Simplify certificate management
- [OF-1418] - LDAPManager reports UserNotFoundException unnecessarily
- [OF-1425] - Allow plugins to define a minimum Java version
- [OF-1434] - Optimize sender check in PubSubEngine#createNodeHelper
- [OF-1438] - Add option to replace private key
- [OF-1445] - Cache reconfig without restart
New in Openfire 4.0.2 (Jul 2, 2016)
- Bug:
- [OF-829] - Ghost sessions left on a server when using Pidgin client
- [OF-954] - Openfire clustering fails to correctly sync MUC room occupants
- [OF-1082] - Fix unicode read on BOSH
- [OF-1083] - Cannot join room in a cluster after an availability update
- [OF-1087] - Monitoring plugin gives invalid responses
- [OF-1090] - Outcasts should not be allowed to register with room
- Improvement:
- [OF-1086] - Update bundled JRE to 1.8u74
- [OF-1089] - XEP-0313: send IQ result only after messages
- [OF-1107] - Add option to not show email in Email on Away plugin
New in Openfire 3.10.2 (Jun 23, 2015)
- Bug:
- [OF-992] - Downgrade Apache MINA to version 2.0.7 to fix performance and 100% CPU issue
- [OF-924] - Enable LDAP SSL Connection Pooling
New in Openfire 3.10.1 (Jun 17, 2015)
- Bug:
- [OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
- [OF-883] - High CPU usage and hangup after a few days of running
- [OF-889] - NPE on Admin Console (client sessions listing)
- [OF-907] - SSLv2 Hello is rejected; prevents some clients connecting
- [OF-909] - BOSH response should return ack attribute
- [OF-910] - MUC de-synchronization issues
- [OF-916] - Deadlock with MINA sslFilter
New in Openfire 3.10.0 (Apr 22, 2015)
- Bug:
- [OF-116] - Add a text explaining the path used for http-binding
- [OF-397] - Do not deliver offline messages to clients with negative priority
- [OF-405] - Openfire fails to verify chained certificates
- [OF-444] - Jingle Nodes plugin should use lowercase in i18n file's name
- [OF-460] - Debug log is not saving its state between restarts
- [OF-474] - OpenFire still provides entry forms for already-registered room users
- [OF-560] - Restore or drop support for Pack200 compression
- [OF-565] - ConnectionHandler has parsing problems due to use of hashcode under heavy load.
- [OF-629] - Remove XMPP Sessions
- [OF-670] - MUC user count not kept in sync across cluster nodes
- [OF-736] - Openfire should return SASL failure, when not using base64 encoding
- [OF-754] - Lock out user option works incorrectly in some cases
- [OF-778] - Setup LDAP broken during initial openfire configuration
- [OF-786] - Muc - grant membership: nickname is not stored
- [OF-794] - Client sessions for failed cluster nodes are not being cleaned up properly
- [OF-795] - Unable to disable Message Carbons after they have been enabled by the client
- [OF-796] - Plugin version check should be numeric rather than textual
- [OF-799] - Changing server 2 server idle settings has broken UI
- [OF-800] - Encryption setting wrong when adding a property via System Properties page
- [OF-802] - MUC Invites result in 404
- [OF-803] - Message Carbons may throw org.dom4j.IllegalAddException, resulting in disconnection
- [OF-804] - Joining a locked MUC room should return instead of
- [OF-805] - [MUC] OF does not return all affiliated users when requesting multiple affiliations
- [OF-806] - Flash client connection closing with invalid_namespace error
- [OF-807] - S2S whitelist form saving domains with "-" without it
- [OF-811] - Remove deprecated "xml-not-well-formed" error in favor of "not-well-formed"
- [OF-812] - Monitor plugin fails to handle start date properly
- [OF-813] - Memory leak
- [OF-818] - Message routing to bare JID can route to negative priority resources
- [OF-819] - IQs (e.g. XMPP Pings) of type error get falsely routed to IQ.createResult() which results in an Exception and connection termination
- [OF-822] - If a non-occupant sends a request to an occupant, a MUC service MUST return a error.
- [OF-823] - Numeric overflow in MUCPersistenceManager when loading history older than 24 days.
- [OF-830] - LDAP shared groups disappear after some time
- [OF-832] - Monitoring plugin fixes
- [OF-837] - PubSub should return non-persistent items (last published item)
- [OF-839] - Forwarded extension should not overwrite extension namespaces of the forwarded message.
- [OF-840] - BOSH does not include
- [OF-845] - XSS vulnerability in Monitoring Service pages in Admin Console
- [OF-849] - Error decoding subjectAltName DERTaggedObject cannot be cast to ASN1Sequence
- [OF-853] - XEP-0077 Registration must return if username or password are unspecified.
- [OF-855] - Openfire looses messages when multiple senders send messages to the same receiver that looses connection
- [OF-857] - c2s stop responding, new connections hang
- [OF-859] - Remove static service id reference in Node.class
- [OF-860] - No MUC status code 110 (self-presence) after joining a room with more than one user
- [OF-861] - Disable SSLv3 by default as per POODLE vulnerability
- [OF-863] - Multiple NPEs encountered when running under high load/latency in cluster mode (via hazelcast plugin)
- [OF-864] - Cleanup routes from defunct cluster member servers
- [OF-866] - Unexpected "session not found" errors under load
- [OF-870] - stanza with multiple "to" attributes generated after restart
- [OF-874] - disco#items request SHOULD return connected or available resources
- [OF-875] - Roster requests to bare JID of the user are not responded
- [OF-876] - IQRosterHandler does not respect error cases in RFC 6121 ยง 2.3.3.
- [OF-877] - BOSH connector does not properly restart after a configuration change
- [OF-878] - NPE in MINAStatCollector
- [OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
- [OF-884] - Auditor uses wrong hour for file rotation
- [OF-885] - Use non-blocking, async API for BOSH servlet
- [OF-886] - Openfire fails to parse CDATA when it ends with sequence ]]]>
- [OF-888] - s2s locks up with gmail
- [OF-890] - BOSH client connections sometimes failing
- [OF-894] - Openfire tries to close a closing session over and over.
- [OF-895] - Update postgresql driver to support PostgreSQL 9.4
- [OF-896] - Default client compression inconsistency
- [OF-897] - GZipFilter fails on Async BOSH servlet
- Improvement:
- [OF-189] - do not use com.sun.* classes
- [OF-593] - LocaleUtils.java_dots_ to_underscores_i18n _bundles
- [OF-797] - Move ant-tasks in subdirectory (and delete ant.jar)
- [OF-801] - Extend ant build script to support multi-platform binaries that do not have a file extension
- [OF-828] - Add the MUC service plugin to Openfire plugins
- [OF-835] - Prevent fast clients flooding Openfire causing OutOfMemoryError
- [OF-838] - Allow for custom lib and conf file placement
- [OF-841] - Add a note about UAC to the Installation Guide
- [OF-842] - Additional properties in User Properties view
- [OF-847] - Upgrade bouncycastle from 1.50 to 1.51
- [OF-850] - Improve initialization state for JiveGlobals
- [OF-869] - Update Jetty to 9.2.x version
- [OF-893] - Mutual Authentication Broken for BOSH
- New Feature:
- [OF-69] - Add "Groups user belongs to" column to the User Summary page
- [OF-179] - Allow MUC permissions to be set using groups
- [OF-250] - Allow to configure the groups of a user from the user profile
- [OF-324] - Offline Email Notification
- [OF-843] - Upgrade clustering components for new Session API method
- Task:
- [OF-421] - Update MINA library to latest version
- [OF-466] - Drop Java 5 support
- [OF-709] - Update Jetty from 7.4 to 9.1
- [OF-831] - A typo on Database Settings page during setup
- [OF-901] - Update bundled JRE to 1.7.0_76
New in Openfire 3.9.3 (May 16, 2014)
- Bug:
- [OF-2] - LocalOutgoingServerSession logs connection failures over verbosely
- [OF-746] - Use update-alternatives to set JAVA_HOME on debian
- [OF-779] - fetching from LDAP should escape results
- [OF-780] - Update reCaptcha for HTTPS
- [OF-781] - ConcurrentModificationException in kickPresence
- [OF-782] - Wrong URL generated for editing groups with space in the names
- [OF-783] - Apply encryption to secure properties during setup
- [OF-784] - Possible NullPointerException in MessageRouter logic
- [OF-787] - TLS server to server connections are not working with 3.9.2
- [OF-788] - UserService plugin should not reset group properties when adding user to group
- [OF-789] - Invalid token in Pubsub item purge SQL
- [OF-791] - Joining new MUC room results in a 404 error
- Improvement:
- [OF-744] - Replace package.html with package-info.java
New in Openfire 3.7.0 (Mar 31, 2011)
- Openfire is now released under the Apache v2.0 licence.
- Improves how Openfire handles "idle" connections. Some of you may have the system property xmpp.client.idle set to -1 to work around previously broken behaviour. You may now let it default to 6 minutes or set it to your preference.
- Improved Openfire's caching to be less prone to memory exhaustion by correctly calculating cache size usage.
- Fixed a bug where admin console login into a newly installed Openfire server would fail until restarted.
- Fixed a bug with shared rosters within a LDAP environment.
- A memory leak with the Personal Eventing Protocol (PEP) was fixed.
- Openfire's custom log interface has been replaced with SLF4J and a Log4J backend.
- Fix issues with self signed SSL certificates.
- A number of improvements and fixes were made to the Multi-User Chat (MUC) configuration pages on the admin console
- There were also some improvements made to the plugins, including the addition of brand new Jingle Nodes plugin.
- There are also French, Russian, and Lithuanian langauge translation fixes for Openfire and some of the plugins.
New in Openfire 3.6.4 (May 6, 2009)
- Openfire New Features:
- [JM-1521] - Use stronger RSA encryption algorithm for certificates creation.
- Openfire Bug Fixes:
- [JM-1531] - ! Prevent users from changing other users passwords. (3 votes). Thanks to Erik HH.
- [JM-1516] - LdapGroups assumed all members never in AltBaseDN. (1 vote)
- [JM-1520] - Stacktrace of exception while initializing SSLConfig are now logged.
- [JM-1534] - DefaultAdminProvider was not including default admin account when there were no admins specified.
- Openfire Connection Manager Module:
- No changes
New in Openfire 3.6.3 (Jan 10, 2009)
- [JM-1506] - ! Fixed cross-site scripting attacks in several pages.
- [JM-1504] - Fixed error in DefaultGroupProvider.
- [JM-1503] - Fixed ClassCastException that prevented certificates from being imported.
- [JM-1500] - Flash cross domain handler (port 5229) no longer spit crossdomain.xml immediately.