Releases: igniterealtime/Openfire
Releases · igniterealtime/Openfire
Openfire 4.9.2 Release
Bug
- [OF-2900] - LocalIncomingServerSessionTest.incomingTest failures on Rocky Linux 9 / openjdk 11
- [OF-2901] - Reduce noisy logging of insecure LDAP
- [OF-2906] - Cannot proceed with setup error
sha256sum
values
56b172229ff355c54caaba01f2d93ede05c636ccf113502ae512a6a9be9f4ebc openfire-4.9.2-1.noarch.rpm
2d81b8ed858146c135b862c200c81c48d67101b0d7108c0aa96346dbec45e559 openfire_4.9.2_all.deb
fd3b4d9a6bae21033396aef014a2d7e98979312289e6c193baa7517906af0cb9 openfire_4_9_2.dmg
4576e361daa48e7f25356a2a2ddf1a75fec8fac09290a96b83f106219288567b openfire_4_9_2.exe
029858da4cd82165b059f21787ae41d2ca327aca22fdadbc087b8eb12c48284c openfire_4_9_2.tar.gz
8c993828e58c7f0277e817783411121b653b2e73df42bfa6b9ebb03466a5b1db openfire_4_9_2_x64.exe
4eb6bcc89aca3dd1cd81363e453de22c354f2df22442ff639685d55aa2fe0742 openfire_4_9_2.zip
Please note that the openfire RPM artefact was refreshed after inital upload to correct compatibility level.
Openfire 4.9.1 Release
Improvement
- [OF-2880] - Disable directory listing of admin console
- [OF-2893] - Make it clearer when a plugin exposes HTTP wildcard routes
Bug
- [OF-2868] - NullPointerException while configuration encryption algorithms
- [OF-2873] - Improvements to debian build
- [OF-2874] - RPM build script fails when date locale non-english
- [OF-2884] - Making a group member a group admin removes the user from the group
- [OF-2890] - CSRF bug prevents AD admin test
- [OF-2891] - Misaligned button in directory service admin setup
- [OF-2896] - Memory Leak PreAuthSessions
- [OF-2897] - No-such-user detection misses anonymous users
- [OF-2898] - Session Destroyed event no longer published
- [OF-2899] - Handle null SASL mechanisms
sha256sum
values
8c489503f24e35003e2930873037950a4a08bc276be1338b6a0928db0f0eb37d openfire-4.9.1-1.noarch.rpm
1e80a119c4e1d0b57d79aa83cbdbccf138a1dc8a4086ac10ae851dec4f78742d openfire_4.9.1_all.deb
69a946dacd5e4f515aa4d935c05978b5a60279119379bcfe0df477023e7a6f05 openfire_4_9_1.dmg
c4d7b15ab6814086ce5e8a1d6b243a442b8743a21282a1a4c5b7d615f9e52638 openfire_4_9_1.exe
d9f0dd50600ee726802bba8bc8415bf9f0f427be54933e6c987cef7cca012bb4 openfire_4_9_1.tar.gz
de45aaf1ad01235f2b812db5127af7d3dc4bc63984a9e4852f1f3d5332df7659 openfire_4_9_1_x64.exe
89b61cbdab265981fad4ab4562066222a2c3a9a68f83b6597ab2cb5609b2b1d7 openfire_4_9_1.zip
Openfire 4.9.0 Release
Improvement
- [OF-2854] - Do not build a distribution.jar
- [OF-2855] - Avoid non-cross platform filesystem references in Maven assembly
- [OF-2856] - Do not attempt to attach basic-distribution directory as a Maven artifact
- [OF-2857] - Replace bundled install4j runtime with a Maven dependency
- [OF-2864] - Deprecate custom Base64 class
- [OF-2869] - Add support for Persian/Farsi
Task
- [OF-2867] - Remove code marked for deprecation in 4.9.0 or later
Sub-task
- [OF-2860] - Rename MUCRole, non-breaking changes
Bug
- [OF-2830] - Plugin servlet mapping not precise
- [OF-2848] - Presence sent after room destruction sometimes doesn't include required element
- [OF-2853] - Admin console cluster overview bars are wrong
- [OF-2872] - Unexpected disconnects (possibly involving cyrillic character usage)
sha256sum
values
7973cc2faef01cb2f03d3f2ec59aff9b2001d16b2755b4cc0da48cc92b74d18a openfire-4.9.0-1.noarch.rpm
a0cd627c629b00bb65b6080e06b8d13376ec0a4170fd27e863af0573e3b4f791 openfire_4.9.0_all.deb
bf62c02b0efe1d37fc505f6942a9cf058975746453d6d0218007b75b908a5c3c openfire_4_9_0.dmg
1082d9864df897befa47230c251d91ec0780930900b2ab2768aaabd96d7b5dd9 openfire_4_9_0.exe
12a4a5e5794ecb64a7da718646208390d0eb593c02a33a630f968eec6e5a93a0 openfire_4_9_0.tar.gz
c86bdb1c6afd4e2e013c4909a980cbac088fc51401db6e9792d43e532963df72 openfire_4_9_0_x64.exe
97efe5bfe8a7ab3ea73a01391af436096a040d202f3d06f599bc4af1cd7bccf0 openfire_4_9_0.zip
Openfire 4.8.3 Release
Improvement
- [OF-2846] - Update zh_CN translation
Bug
- [OF-2843] - When admin attempts to ban owner, incorrect error condition is returned
- [OF-2844] - Admins and owners must not be able to ban themselves
- [OF-2845] - Failing close listener can severely delay closure of connection
sha256sum
values
b86bf8c01ede9cb2ae4f43dfd2f49239d9af2d73f650c7c2d52e5a936035e520 openfire-4.8.3-1.noarch.rpm
3f6da6c89ce701d974f6a1afe5ac0245f7112c5d165934eb1a85a749a1f040e2 openfire_4.8.3_all.deb
4fce60210033216556881fd9c988bea3ce30c0ed845f4dec3d4284ee835e8208 openfire_4_8_3.dmg
28b64c144001b0f6fb6eb4705d0bb1a92581774369378196182b8d35237b83be openfire_4_8_3.exe
43d3b042357a5c975785f3f223490e3dd18b1f499c206be6cd0857172cc005fc openfire_4_8_3.tar.gz
a09752fbe1226724d466028036fc65d31fe88e60a0efb27a87f1e10ab100fbb1 openfire_4_8_3_x64.exe
5c0638f150ccb61471b4b5152743b6d18cbe008473f454ed0091a13d7b80cb85 openfire_4_8_3.zip
Openfire 4.8.2 Release
Improvement
- [OF-2818] - Websocket buffers should not be 5MB
- [OF-2825] - Implement XEP-0030's security considerations
- [OF-2827] - Make handling of 'username' consistent between JdbcAuth- and JdbcUserProvider
- [OF-2834] - Update Bouncy Castle to 1.78.1
- [OF-2835] - Advertise XEP-0115 support
- [OF-2840] - XMPPDateTimeFormat parsing improvements
Task
- [OF-2819] - Update Netty to 4.1.108
Bug
- [OF-2824] - RoutingTable cache inconsistency
- [OF-2832] - Cannot set MUC avatar with LdapVCardProvider
- [OF-2833] - Cannot serialize User instances
- [OF-2836] - CapsManager ignores provided hash identifier
- [OF-2838] - MUST return error when user updates someone else's vcard
- [OF-2839] - MUST return error when requesting VCard from someone that doesn't have one
- [OF-2841] - Capabilities offered by stream feature doesn't include features for registered users
sha256sum
values
4c2674fbf00768cf7ca9ccc9a6ef7e4aa693c19d9885ca469771677934634a40 openfire-4.8.2-1.noarch.rpm
76665dc80607516d12f1c8b7b323417e7993d2f87de2e82deeef43dd6a7d9761 openfire_4.8.2_all.deb
75c513db3c7e50fc5c28a7131aecc0c60ad2f858d7f04a9fe5d58a5de118afec openfire_4_8_2.dmg
d5af1c2012d092c7c1cd9247db4e4d8039f2617adc9f212d75e549eeca0a389a openfire_4_8_2.exe
4634e5be6314a5348e5e01413864a8ec6a7b3bbe6e2db1c051512c9bd72a199a openfire_4_8_2.tar.gz
82c5abdf917b8958311f5813960f3b545266d99d0f646eac9dddbaf0ef52c905 openfire_4_8_2_x64.exe
3327bc610af606a2df28a7077f225a68cf2d04d30a4c37592a5d17f5c22e8c07 openfire_4_8_2.zip
Openfire 4.8.1 Release
Improvement
- [OF-2651] - Give explict names to Netty's threads
- [OF-2788] - Have distinct thread pools for each type of connection
- [OF-2791] - Announce support for PubSub delete-item
- [OF-2798] - Admin Console should warn end-user if plugin installation failed
- [OF-2800] - Guard against a surplus of database connection errors being logged
- [OF-2802] - Upgrade postgresql database driver for CVE-2024-1597
New Feature
- [OF-284] - Add service administration support
Bug
- [OF-2166] - When deleting a user, remove it from transient MUC rooms
- [OF-2310] - Cache data inconsistency: MUC
- [OF-2758] - Deleting an admin user does not remove the name from \`admin.authorizedJIDs\`
- [OF-2768] - Do not use default value for user's creation / last modified date
- [OF-2774] - 4.8.0 not counting "whitespace ping" as session activity
- [OF-2775] - RSS News Feed appears empty
- [OF-2777] - Misbehaving Shared-With-Group option for Contact List sharing
- [OF-2778] - Duplicate \(group\)chat messages are received
- [OF-2781] - SerializableCache appears to be unusable \(ClassCastException on creation\)
- [OF-2782] - SerializableCache instances do not get recreated on cluster switch
- [OF-2792] - Cache-summary page shows wrong stats when using Clustering
- [OF-2795] - Delete MUC-based authorization when deleting user
- [OF-2799] - OccupantManager doesn't remove all items when clustering
- [OF-2805] - Session details shows 'resource' column, but does not show resources
- [OF-2806] - Routing Servers cache inconsistency doesn't list the missing items
- [OF-2807] - Contact List \(Roster\) Sharing changes are not immediately applied
- [OF-2808] - Stream Management Resume fails
- [OF-2809] - Disabling client idle time breaks websockets
- [OF-2810] - Resumed stream is no longer resumable
sha256sum
values
2ff28c5d7ff97305b2d6572e60b02f3708e86750d959459d7c5d6e17d4f9f932 openfire-4.8.1-1.noarch.rpm
f622719e4dbd43aadc9434ba4ebc0d8c65ec30dd25a7d2e99c7de33006a24f56 openfire_4.8.1_all.deb
3507b5d64c961daf526a52a73baaac7c84af12eb0115b961c2f95039255aec57 openfire_4_8_1.dmg
141f6eaf374dfb7c4cca345e1b598fed5ce3af9c70062a8cc0d9571e15c29c7d openfire_4_8_1.exe
c6f0cf25a2d10acd6c02239ad59ab5954da5a4b541bc19949bd381fefb856da1 openfire_4_8_1.tar.gz
bec5b03ed56146fec2f84593c7e7b269ee5c32b3a0d5f9e175bd41f28a853abe openfire_4_8_1_x64.exe
7403113b701aaf8a37dcd2d7e22fbb133161d322ad74505c95e54eaf6533f183 openfire_4_8_1.zip
Openfire 4.8.0 Release
Improvement
- [OF-1378] - Rename "Legacy SSL" into "Direct TLS"
- [OF-1861] - Support for TLS 1.2 / 1.3
- [OF-2116] - Using range retrieval for LDAP groups
- [OF-2372] - Add support for proxied connections to Admin Console
- [OF-2377] - Reduce potential thread contention in XMLProperties
- [OF-2380] - Reduce thread contention in In-Memory pubsub persistence provider
- [OF-2385] - Shouldn't attempt to load shared groups when feature is unsupported.
- [OF-2403] - Improve Admin Console's memory usage reporting
- [OF-2408] - Address static analysis warnings in Crowd package
- [OF-2409] - Remove obsolete 'type' and 'language' attributes on HTML elements. Use HTML5.
- [OF-2413] - Include a stream error when closing a stream due to a problem.
- [OF-2440] - Increase default cache sizes
- [OF-2449] - Return error when a BOSH pause is requested that is higher than the maximum allowable pause.
- [OF-2455] - Explicitly promote websockets in admin console
- [OF-2494] - Upgrade HSQLDB to a more recent version.
- [OF-2513] - Do not require authzid on SASL EXTERNAL for S2S
- [OF-2514] - Differentiate between missing and empty initial SASL response
- [OF-2521] - S2S: Allow 'client auth' (required for SASL EXTERNAL) by default
- [OF-2523] - Use less predictable resource value
- [OF-2540] - Update SLF4j to 2.x
- [OF-2542] - Drop Java 8 support
- [OF-2547] - Update Mockito to 3.4.0 or later
- [OF-2556] - Support additional namespaces when parsing streams
- [OF-2557] - Show TLS config on each session/connection
- [OF-2560] - Improve Admin Console load time when RSS can't be reached
- [OF-2563] - Replace Session status constants with enums
- [OF-2564] - ServerSession's state should be set to 'authenticated' after authentication
- [OF-2565] - Openfire should close stream if client is sending a stanza in violation of RFC 6120, section 7.1
- [OF-2566] - Enable Websocket Stream Management resumption
- [OF-2581] - Invite people to improve translations in admin console
- [OF-2594] - When locating Openfire Home, consider 'tmp' file
- [OF-2608] - Do not wait for timeout when Dialback connection is closed
- [OF-2611] - Improve automated tests for S2S functionality
- [OF-2612] - Upgrade JUnit from 4 to 5
- [OF-2613] - Upgrade unit test database to version 34
- [OF-2615] - Use ConnectionManager interface where possible
- [OF-2616] - Bump Guava to latest release
- [OF-2623] - Migrate LoginLimitManager's properties to SystemProperties
- [OF-2624] - When providing Forms, use client's language
- [OF-2633] - When S2S TLS is required, announce that
- [OF-2638] - Update Installation guide to suggest it is not okay to open-admin-console-to-internet
- [OF-2639] - Server-to-Server SASL EXTERNAL should not require authz
- [OF-2642] - Remove (unused?) PEP restriction for XEP-0084
- [OF-2644] - Do not use getters in Session#toString
- [OF-2650] - Failed S2S due to peer's certificate being invalid should be less verbose
- [OF-2653] - hostname validation should not try to resolve host
- [OF-2654] - Implement toString() in various Netty classes
- [OF-2663] - Don't overly verbose log receiving IQ responses addressed to the server
- [OF-2669] - Update postgresql driver to 42.6.0
- [OF-2670] - Netty debug should log remote address when available
- [OF-2671] - S2S tester can stop waiting after a bounce
- [OF-2673] - Prevent double-closure of outbound s2s session
- [OF-2678] - Prefer XML data type usage over String manipulation
- [OF-2693] - Make XML declaration (and newline) configurable
- [OF-2697] - Set up multiple S2S connections concurrently
- [OF-2699] - PacketRejection should allow for PacketError to be defined
- [OF-2703] - Websocket 'open' should be a collapsed element
- [OF-2706] - Restructure session details page
- [OF-2707] - When closing session on admin console, kill its stream management
- [OF-2708] - Ensure that Groups operate on bare JIDs
- [OF-2713] - Update Bouncy Castle to 1.76
- [OF-2714] - Switch to Java 1.8+ variant of Bouncy Castle
- [OF-2724] - Resolve (non-breaking) errors while compiling plugin JSP pages against Openfire 4.8
- [OF-2731] - Update support for XEP-0280: Message Carbons
- [OF-2732] - Update bundled search plugin to 1.7.4
- [OF-2746] - Add Content Security Policy (CSP) headers to web endpoints
Story
- [OF-2527] - Include milliseconds in default log4j configuration
- [OF-2573] - Add Name to Client Version column in Session Summary
New Feature
Openfire 4.8.0 Beta Release
Improvement
- [OF-1378] - Rename "Legacy SSL" into "Direct TLS"
- [OF-1861] - Support for TLS 1.2 / 1.3
- [OF-2116] - Using range retrieval for LDAP groups
- [OF-2372] - Add support for proxied connections to Admin Console
- [OF-2377] - Reduce potential thread contention in XMLProperties
- [OF-2380] - Reduce thread contention in In-Memory pubsub persistence provider
- [OF-2385] - Shouldn't attempt to load shared groups when feature is unsupported.
- [OF-2403] - Improve Admin Console's memory usage reporting
- [OF-2408] - Address static analysis warnings in Crowd package
- [OF-2409] - Remove obsolete 'type' and 'language' attributes on HTML elements. Use HTML5.
- [OF-2413] - Include a stream error when closing a stream due to a problem.
- [OF-2440] - Increase default cache sizes
- [OF-2449] - Return error when a BOSH pause is requested that is higher than the maximum allowable pause.
- [OF-2455] - Explicitly promote websockets in admin console
- [OF-2494] - Upgrade HSQLDB to a more recent version.
- [OF-2513] - Do not require authzid on SASL EXTERNAL for S2S
- [OF-2514] - Differentiate between missing and empty initial SASL response
- [OF-2521] - S2S: Allow 'client auth' \(required for SASL EXTERNAL\) by default
- [OF-2523] - Use less predictable resource value
- [OF-2540] - Update SLF4j to 2.x
- [OF-2542] - Drop Java 8 support
- [OF-2547] - Update Mockito to 3.4.0 or later
- [OF-2556] - Support additional namespaces when parsing streams
- [OF-2557] - Show TLS config on each session/connection
- [OF-2560] - Improve Admin Console load time when RSS can't be reached
- [OF-2563] - Replace Session status constants with enums
- [OF-2564] - ServerSession's state should be set to 'authenticated' after authentication
- [OF-2565] - Openfire should close stream if client is sending a stanza in violation of RFC 6120, section 7.1
- [OF-2566] - Enable Websocket Stream Management resumption
- [OF-2581] - Invite people to improve translations in admin console
- [OF-2594] - When locating Openfire Home, consider 'tmp' file
- [OF-2608] - Do not wait for timeout when Dialback connection is closed
- [OF-2611] - Improve automated tests for S2S functionality
- [OF-2612] - Upgrade JUnit from 4 to 5
- [OF-2613] - Upgrade unit test database to version 34
- [OF-2615] - Use ConnectionManager interface where possible
- [OF-2616] - Bump Guava to latest release
- [OF-2623] - Migrate LoginLimitManager's properties to SystemProperties
- [OF-2624] - When providing Forms, use client's language
- [OF-2633] - When S2S TLS is required, announce that
- [OF-2638] - Update Installation guide to suggest it is not okay to open-admin-console-to-internet
- [OF-2639] - Server-to-Server SASL EXTERNAL should not require authz
- [OF-2642] - Remove \(unused?\) PEP restriction for XEP-0084
- [OF-2644] - Do not use getters in Session#toString
- [OF-2650] - Failed S2S due to peer's certificate being invalid should be less verbose
- [OF-2653] - hostname validation should not try to resolve host
- [OF-2654] - Implement toString\(\) in various Netty classes
- [OF-2663] - Don't overly verbose log receiving IQ responses addressed to the server
- [OF-2669] - Update postgresql driver to 42.6.0
- [OF-2670] - Netty debug should log remote address when available
- [OF-2671] - S2S tester can stop waiting after a bounce
- [OF-2673] - Prevent double-closure of outbound s2s session
- [OF-2678] - Prefer XML data type usage over String manipulation
- [OF-2693] - Make XML declaration \(and newline\) configurable
- [OF-2697] - Set up multiple S2S connections concurrently
- [OF-2699] - PacketRejection should allow for PacketError to be defined
- [OF-2703] - Websocket 'open' should be a collapsed element
- [OF-2706] - Restructure session details page
- [OF-2707] - When closing session on admin console, kill its stream management
- [OF-2708] - Ensure that Groups operate on bare JIDs
- [OF-2713] - Update Bouncy Castle to 1.76
- [OF-2714] - Switch to Java 1.8\+ variant of Bouncy Castle
- [OF-2724] - Resolve \(non-breaking\) errors while compiling plugin JSP pages against Openfire 4.8
- [OF-2731] - Update support for XEP-0280: Message Carbons
- [OF-2732] - Update bundled search plugin to 1.7.4
Story
- [OF-2527] - Include milliseconds in default log4j configuration
- [OF-2573] - Add Name to Client Version column in Session Summary
New Feature
Openfire 4.7.5 Release
4.7.5 -- May 23, 2023
Improvement
- [OF-2459] - Admin console CSS tweaks
- [OF-2461] - Validate JIDs that are sent by remote servers
- [OF-2462] - Apply nodeprep on S2S stanza addresses
- [OF-2464] - Do not default to Chinese locale
- [OF-2539] - Name threads
- [OF-2541] - Plugins should have updated SCM references
Task
- [OF-2508] - Ensure that MUC Room names are nodeprepped
- [OF-2584] - Update dependency-check to 8.1.2
- [OF-2585] - Update commons-fileupload to 1.5
- [OF-2586] - Update mysql-connector from 8.0.28 to 8.0.32
- [OF-2587] - Update twelvemonkeys imageio-core from 3.5 to 3.7.1 or higher
- [OF-2588] - Update SQL Server JDBC driver from 7.4.1 to 9.4.1
- [OF-2589] - Remove protobuf-java from mysql-connector-j
Story
- [OF-2493] - Update postgresql to 42.4.1
Sub-task
- [OF-2596] - Improve detection of path traversal
- [OF-2597] - Add config option for using wildcards in AuthCheckFilter
- [OF-2598] - Remove wildcard usage in AuthCheckFilter
- [OF-2599] - Avoid having setup-specific auth-excludes after install
Bug
- [OF-2538] - Overzealous deletion of child properties
- [OF-2543] - pubsub should always deliver payloads when items are retrieved.
- [OF-2561] - Fallback of verifyCertificateValidity for connection listener uses incorrect setting
- [OF-2575] - Text formatting error in registration settings
- [OF-2578] - Fix failing aioxmpp tests
- [OF-2595] - CVE-2023-32315 Admin Console Auth Bypass
sha256sum
values
f70faf11b4798fefb26a20f7d60288d275a6d568db78faf79a4194cbae72eab4 openfire-4.7.5-1.noarch.rpm
d1283d417dacb74d67334c06420679aae62d088bd3439c8135ccfc272fd5b95b openfire_4.7.5_all.deb
60d8efb96a1891cda2deac2cda9808cf6adec259f090d3a7fb2b7ca21484d75b openfire_4_7_5.exe
98d36c2318706c545345274234e2f5ccbf0f72f7801133effea342e2776b8bb0 openfire_4_7_5.tar.gz
e95348be890aff64a7447295ab18eebb29db4bdc346b802df0c878ebbbf1d18e openfire_4_7_5_x64.exe
a5bb8c9b944b915bdf7ecf92cd2a689d0cf09e88bfc2df960f38000f6b788194 openfire_4_7_5.zip
Openfire 4.6.8 Release
Bug
- [OF-2595] - CVE-2023-32315 Admin Console Auth Bypass.
- [OF-2596] - OF-2596 Improve detection of path traversal.
- [OF-2597] - OF-2597 Add config option for using wildcards in AuthCheckFilter.
- [OF-2598] - OF-2598 Remove wildcard usage in AuthCheckFilter.
- [OF-2599] - OF-2599 Avoid having setup-specific auth-excludes after install.
sha256sum values
aa1947097895a6d41bc8d1ac29f6ea60507bce69caadc497b4794a2a4110dc20 openfire-4.6.8-1.i686.rpm
346871c71eff8e3b085fecd2f8dce5bfbf387885cfa7aff2076d42bd7273f70b openfire-4.6.8-1.noarch.rpm
37e4cc510cc2a59de50288c0e3baa53dcc702631433a01873a9270eeb7c789db openfire-4.6.8-1.x86_64.rpm
e92c5a0b76da5964b2e3fa43686ad63db29ef891ec7266ab16fe3a93b06c9e01 openfire_4.6.8_all.deb
c6e0e40c55a81276881e93469ce88a862226ce33e58c8811e760427b878ebed4 openfire_4_6_8_bundledJRE.exe
1b4c209453fffb6a6310354b425995bb92c1f09944eed35a1fd61a30201355bc openfire_4_6_8_bundledJRE_x64.exe
6b19394dc3f275ca039f85af59ca4f2fc5f628e2505cb39e59f5cfa55d605788 openfire_4_6_8.exe
b22fce993bce4930346183d5edc1e9e38827a47ed8f64c41486a105f574cc116 openfire_4_6_8.tar.gz
7c5769c7c8869ce2dfbb93fbbf1ec97a4e8509d61f8c14ba3f6be20abd05e90e openfire_4_6_8_x64.exe
72f27d063446479e1d4ceb2a46ac838f5462dfca53032cfa068eb96ef08d0697 openfire_4_6_8.zip