Openfire Changelog

What's new in Openfire 4.2.2

Feb 14, 2018
  • Bug:
  • [OF-1440] - The Group Chat Administrators web page has blank JIDs
  • [OF-1460] - ClassCast Exception on admin console sessions listing when running hazelcast
  • [OF-1468] - Group Chat History returns one message too many
  • [OF-1470] - WebSocket endpoint should allow null path
  • [OF-1478] - Hazelcast Plugin Memory Leaks
  • [OF-1480] - LDAP auth fails with clustering plugin
  • New Feature:
  • [OF-1469] - Implement XEP-0215 External Service Discovery
  • Task:
  • [OF-1466] - Update bundled JRE with the latest version
  • Improvement:
  • [OF-1454] - Add generic mapping function to AuthorizationBasedUserProviderMapper
  • [OF-1455] - Allow for bulk XML property migration
  • [OF-1461] - Making fastpath plugin compatible with openfire meetings
  • [OF-1471] - Terminate streams upon invalid XEP-0198 acknowledges.

New in Openfire 4.2.1 (Dec 20, 2017)

  • Bug:
  • [OF-1254] - Database update scripts for 25 set version 24
  • [OF-1450] - Some admin console text is hardcoded
  • [OF-1451] - Support for SNAPSHOT plugin versions
  • Improvement:
  • [OF-1447] - Improve deployability of Maven artifacts to public repository.
  • [OF-1448] - Don't require i18n source files to be encoded.
  • [OF-1452] - Updated Russian Translation

New in Openfire 4.2.0 (Dec 4, 2017)

  • Sub-task:
  • [OF-210] - Add support for Roster Versioning (aka XEP-0237)
  • [OF-548] - Find maven-managed artifacts to replace third-party libraries.
  • [OF-549] - Create "XMMP Server" module
  • [OF-552] - Create "Webadmin" module
  • [OF-553] - Create distribution module(s).
  • [OF-554] - Create parent plugin module
  • [OF-555] - Create plugin modules
  • Bug:
  • [OF-394] - Shouldn't show an exception when creating room with illegal characters in JID
  • [OF-1134] - JustMarried: Allow roster alias to be changed
  • [OF-1145] - Avatar Resizer plugin issues when using LdapVCardProvider
  • [OF-1159] - System Property Encryption is not cluster aware
  • [OF-1193] - Avatar resizer plugin: ClassNotFoundException
  • [OF-1208] - Option to block anonymous logins from sending s2s packets
  • [OF-1250] - Old DWR causes CSRF, XSS in Admin Console
  • [OF-1262] - Error message for failed login on admin console contains moderator verbage
  • [OF-1308] - Openfire not closing stream gracefully with
  • [OF-1309] - S2S communication on wrong stream
  • [OF-1329] - Session fixation in admin web console
  • [OF-1335] - Forwarded messages rewritten to default namespace over S2S
  • [OF-1356] - Add a section about upgrading from x86 to x64 to Upgrade guide (Windows)
  • [OF-1366] - NullPointerException in Group lookup
  • [OF-1384] - Disco-item handler should process any domain
  • [OF-1393] - OpenFire randomString has too many digits
  • [OF-1400] - XSS in server name field
  • [OF-1401] - SMS error message handling doesn't escape content correctly
  • [OF-1403] - Muc admin doesn't escape group names correctly
  • [OF-1417] - CVE-2017-15911 XSS with domain in setup-host-settings.jsp
  • [OF-1422] - MUC Nick Sharing can cause rejoin to fail
  • [OF-1423] - Websocket message size is restricted to 65536
  • [OF-1424] - CME while calculating Group Cache stats
  • [OF-1427] - PEP should respond to service discovery
  • [OF-1429] - Closed BOSH sessions are still on admin console as client sessions
  • [OF-1430] - SCRAM-SHA-1 not offered when it should be, and maybe vice-versa
  • [OF-1431] - XMPP Ping without type= set causes a NPE
  • [OF-1436] - Sharing BOSH context should not prevent context restart.
  • [OF-1441] - test Maven dependencies being included in distribution
  • [OF-1442] - dom4j included twice in (maven) target directory
  • [OF-1443] - rpm install needlessly requires java-headless
  • [OF-1444] - mvn package is expanded environment variables
  • New Feature:
  • [OF-35] - Create an admin console for pubsub
  • [OF-159] - Add an s2s testing feature
  • [OF-1336] - User Property Provider
  • [OF-1353] - Introduce 'priorToServerVersion' for plugins
  • [OF-1402] - XEP-0198 Resumption for Client Sessions
  • Task:
  • [OF-1286] - Update shipped CA truststore
  • [OF-1316] - Update Tinder to 1.3.0
  • [OF-1320] - Update bundled JRE with the latest version
  • [OF-1339] - Merge websocket plugin with core
  • [OF-1380] - all.log should be exposed via Openfire Admin Console
  • [OF-1411] - Update bundled JRE with the latest version
  • [OF-1428] - Remove deprecated Clustering plugin
  • Improvement:
  • [OF-200] - In user summary, display "currently logged in" instead of blank in last logout column
  • [OF-1030] - Monitoring Service plugin Search Archive Date Range field validation
  • [OF-1256] - Display the current clustering status on the admin screens
  • [OF-1306] - Cache LDAP UserDN searches
  • [OF-1313] - Add protection for Cross-Site Request Forgery in MoTD plugin
  • [OF-1314] - Add the ability to disabled delayed delivery (XEP-203)
  • [OF-1317] - Update dom4j from 1.6.1 to 2.0.0
  • [OF-1328] - Update JSTUN library in stunserver plugin
  • [OF-1368] - Add an informational message during failed login
  • [OF-1370] - inVerse plugin: hide registration tab when appropriate.
  • [OF-1373] - Check for changes in keystores
  • [OF-1379] - Packet interceptors should trigger on error response when s2s fails
  • [OF-1391] - Update bundled postgresql JDBC Driver to 42.1.4
  • [OF-1408] - Display cache expiry times, entry, hit and miss counts on the Cache Summary page
  • [OF-1409] - Audit clearing of caches
  • [OF-1410] - Allow openfire.bat to start in other folders
  • [OF-1413] - Clarify Candy and InVerse readme
  • [OF-1415] - Simplify certificate management
  • [OF-1418] - LDAPManager reports UserNotFoundException unnecessarily
  • [OF-1425] - Allow plugins to define a minimum Java version
  • [OF-1434] - Optimize sender check in PubSubEngine#createNodeHelper
  • [OF-1438] - Add option to replace private key
  • [OF-1445] - Cache reconfig without restart

New in Openfire 4.0.2 (Jul 2, 2016)

  • Bug:
  • [OF-829] - Ghost sessions left on a server when using Pidgin client
  • [OF-954] - Openfire clustering fails to correctly sync MUC room occupants
  • [OF-1082] - Fix unicode read on BOSH
  • [OF-1083] - Cannot join room in a cluster after an availability update
  • [OF-1087] - Monitoring plugin gives invalid responses
  • [OF-1090] - Outcasts should not be allowed to register with room
  • Improvement:
  • [OF-1086] - Update bundled JRE to 1.8u74
  • [OF-1089] - XEP-0313: send IQ result only after messages
  • [OF-1107] - Add option to not show email in Email on Away plugin

New in Openfire 3.10.2 (Jun 23, 2015)

  • Bug:
  • [OF-992] - Downgrade Apache MINA to version 2.0.7 to fix performance and 100% CPU issue
  • [OF-924] - Enable LDAP SSL Connection Pooling

New in Openfire 3.10.1 (Jun 17, 2015)

  • Bug:
  • [OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
  • [OF-883] - High CPU usage and hangup after a few days of running
  • [OF-889] - NPE on Admin Console (client sessions listing)
  • [OF-907] - SSLv2 Hello is rejected; prevents some clients connecting
  • [OF-909] - BOSH response should return ack attribute
  • [OF-910] - MUC de-synchronization issues
  • [OF-916] - Deadlock with MINA sslFilter

New in Openfire 3.10.0 (Apr 22, 2015)

  • Bug:
  • [OF-116] - Add a text explaining the path used for http-binding
  • [OF-397] - Do not deliver offline messages to clients with negative priority
  • [OF-405] - Openfire fails to verify chained certificates
  • [OF-444] - Jingle Nodes plugin should use lowercase in i18n file's name
  • [OF-460] - Debug log is not saving its state between restarts
  • [OF-474] - OpenFire still provides entry forms for already-registered room users
  • [OF-560] - Restore or drop support for Pack200 compression
  • [OF-565] - ConnectionHandler has parsing problems due to use of hashcode under heavy load.
  • [OF-629] - Remove XMPP Sessions
  • [OF-670] - MUC user count not kept in sync across cluster nodes
  • [OF-736] - Openfire should return SASL failure, when not using base64 encoding
  • [OF-754] - Lock out user option works incorrectly in some cases
  • [OF-778] - Setup LDAP broken during initial openfire configuration
  • [OF-786] - Muc - grant membership: nickname is not stored
  • [OF-794] - Client sessions for failed cluster nodes are not being cleaned up properly
  • [OF-795] - Unable to disable Message Carbons after they have been enabled by the client
  • [OF-796] - Plugin version check should be numeric rather than textual
  • [OF-799] - Changing server 2 server idle settings has broken UI
  • [OF-800] - Encryption setting wrong when adding a property via System Properties page
  • [OF-802] - MUC Invites result in 404
  • [OF-803] - Message Carbons may throw org.dom4j.IllegalAddException, resulting in disconnection
  • [OF-804] - Joining a locked MUC room should return instead of
  • [OF-805] - [MUC] OF does not return all affiliated users when requesting multiple affiliations
  • [OF-806] - Flash client connection closing with invalid_namespace error
  • [OF-807] - S2S whitelist form saving domains with "-" without it
  • [OF-811] - Remove deprecated "xml-not-well-formed" error in favor of "not-well-formed"
  • [OF-812] - Monitor plugin fails to handle start date properly
  • [OF-813] - Memory leak
  • [OF-818] - Message routing to bare JID can route to negative priority resources
  • [OF-819] - IQs (e.g. XMPP Pings) of type error get falsely routed to IQ.createResult() which results in an Exception and connection termination
  • [OF-822] - If a non-occupant sends a request to an occupant, a MUC service MUST return a error.
  • [OF-823] - Numeric overflow in MUCPersistenceManager when loading history older than 24 days.
  • [OF-830] - LDAP shared groups disappear after some time
  • [OF-832] - Monitoring plugin fixes
  • [OF-837] - PubSub should return non-persistent items (last published item)
  • [OF-839] - Forwarded extension should not overwrite extension namespaces of the forwarded message.
  • [OF-840] - BOSH does not include
  • [OF-845] - XSS vulnerability in Monitoring Service pages in Admin Console
  • [OF-849] - Error decoding subjectAltName DERTaggedObject cannot be cast to ASN1Sequence
  • [OF-853] - XEP-0077 Registration must return if username or password are unspecified.
  • [OF-855] - Openfire looses messages when multiple senders send messages to the same receiver that looses connection
  • [OF-857] - c2s stop responding, new connections hang
  • [OF-859] - Remove static service id reference in Node.class
  • [OF-860] - No MUC status code 110 (self-presence) after joining a room with more than one user
  • [OF-861] - Disable SSLv3 by default as per POODLE vulnerability
  • [OF-863] - Multiple NPEs encountered when running under high load/latency in cluster mode (via hazelcast plugin)
  • [OF-864] - Cleanup routes from defunct cluster member servers
  • [OF-866] - Unexpected "session not found" errors under load
  • [OF-870] - stanza with multiple "to" attributes generated after restart
  • [OF-874] - disco#items request SHOULD return connected or available resources
  • [OF-875] - Roster requests to bare JID of the user are not responded
  • [OF-876] - IQRosterHandler does not respect error cases in RFC 6121 ยง 2.3.3.
  • [OF-877] - BOSH connector does not properly restart after a configuration change
  • [OF-878] - NPE in MINAStatCollector
  • [OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
  • [OF-884] - Auditor uses wrong hour for file rotation
  • [OF-885] - Use non-blocking, async API for BOSH servlet
  • [OF-886] - Openfire fails to parse CDATA when it ends with sequence ]]]>
  • [OF-888] - s2s locks up with gmail
  • [OF-890] - BOSH client connections sometimes failing
  • [OF-894] - Openfire tries to close a closing session over and over.
  • [OF-895] - Update postgresql driver to support PostgreSQL 9.4
  • [OF-896] - Default client compression inconsistency
  • [OF-897] - GZipFilter fails on Async BOSH servlet
  • Improvement:
  • [OF-189] - do not use com.sun.* classes
  • [OF-593] - LocaleUtils.java_dots_ to_underscores_i18n _bundles
  • [OF-797] - Move ant-tasks in subdirectory (and delete ant.jar)
  • [OF-801] - Extend ant build script to support multi-platform binaries that do not have a file extension
  • [OF-828] - Add the MUC service plugin to Openfire plugins
  • [OF-835] - Prevent fast clients flooding Openfire causing OutOfMemoryError
  • [OF-838] - Allow for custom lib and conf file placement
  • [OF-841] - Add a note about UAC to the Installation Guide
  • [OF-842] - Additional properties in User Properties view
  • [OF-847] - Upgrade bouncycastle from 1.50 to 1.51
  • [OF-850] - Improve initialization state for JiveGlobals
  • [OF-869] - Update Jetty to 9.2.x version
  • [OF-893] - Mutual Authentication Broken for BOSH
  • New Feature:
  • [OF-69] - Add "Groups user belongs to" column to the User Summary page
  • [OF-179] - Allow MUC permissions to be set using groups
  • [OF-250] - Allow to configure the groups of a user from the user profile
  • [OF-324] - Offline Email Notification
  • [OF-843] - Upgrade clustering components for new Session API method
  • Task:
  • [OF-421] - Update MINA library to latest version
  • [OF-466] - Drop Java 5 support
  • [OF-709] - Update Jetty from 7.4 to 9.1
  • [OF-831] - A typo on Database Settings page during setup
  • [OF-901] - Update bundled JRE to 1.7.0_76

New in Openfire 3.9.3 (May 16, 2014)

  • Bug:
  • [OF-2] - LocalOutgoingServerSession logs connection failures over verbosely
  • [OF-746] - Use update-alternatives to set JAVA_HOME on debian
  • [OF-779] - fetching from LDAP should escape results
  • [OF-780] - Update reCaptcha for HTTPS
  • [OF-781] - ConcurrentModificationException in kickPresence
  • [OF-782] - Wrong URL generated for editing groups with space in the names
  • [OF-783] - Apply encryption to secure properties during setup
  • [OF-784] - Possible NullPointerException in MessageRouter logic
  • [OF-787] - TLS server to server connections are not working with 3.9.2
  • [OF-788] - UserService plugin should not reset group properties when adding user to group
  • [OF-789] - Invalid token in Pubsub item purge SQL
  • [OF-791] - Joining new MUC room results in a 404 error
  • Improvement:
  • [OF-744] - Replace package.html with package-info.java

New in Openfire 3.7.0 (Mar 31, 2011)

  • Openfire is now released under the Apache v2.0 licence.
  • Improves how Openfire handles "idle" connections. Some of you may have the system property xmpp.client.idle set to -1 to work around previously broken behaviour. You may now let it default to 6 minutes or set it to your preference.
  • Improved Openfire's caching to be less prone to memory exhaustion by correctly calculating cache size usage.
  • Fixed a bug where admin console login into a newly installed Openfire server would fail until restarted.
  • Fixed a bug with shared rosters within a LDAP environment.
  • A memory leak with the Personal Eventing Protocol (PEP) was fixed.
  • Openfire's custom log interface has been replaced with SLF4J and a Log4J backend.
  • Fix issues with self signed SSL certificates.
  • A number of improvements and fixes were made to the Multi-User Chat (MUC) configuration pages on the admin console
  • There were also some improvements made to the plugins, including the addition of brand new Jingle Nodes plugin.
  • There are also French, Russian, and Lithuanian langauge translation fixes for Openfire and some of the plugins.

New in Openfire 3.6.4 (May 6, 2009)

  • Openfire New Features:
  • [JM-1521] - Use stronger RSA encryption algorithm for certificates creation.
  • Openfire Bug Fixes:
  • [JM-1531] - ! Prevent users from changing other users passwords. (3 votes). Thanks to Erik HH.
  • [JM-1516] - LdapGroups assumed all members never in AltBaseDN. (1 vote)
  • [JM-1520] - Stacktrace of exception while initializing SSLConfig are now logged.
  • [JM-1534] - DefaultAdminProvider was not including default admin account when there were no admins specified.
  • Openfire Connection Manager Module:
  • No changes

New in Openfire 3.6.3 (Jan 10, 2009)

  • [JM-1506] - ! Fixed cross-site scripting attacks in several pages.
  • [JM-1504] - Fixed error in DefaultGroupProvider.
  • [JM-1503] - Fixed ClassCastException that prevented certificates from being imported.
  • [JM-1500] - Flash cross domain handler (port 5229) no longer spit crossdomain.xml immediately.