github igniterealtime/Openfire v4.8.0
Openfire 4.8.0 Release

latest releases: v4.9.2, v4.9.1, v4.9.0...
10 months ago

Improvement

  • [OF-1378] - Rename "Legacy SSL" into "Direct TLS"
  • [OF-1861] - Support for TLS 1.2 / 1.3
  • [OF-2116] - Using range retrieval for LDAP groups
  • [OF-2372] - Add support for proxied connections to Admin Console
  • [OF-2377] - Reduce potential thread contention in XMLProperties
  • [OF-2380] - Reduce thread contention in In-Memory pubsub persistence provider
  • [OF-2385] - Shouldn't attempt to load shared groups when feature is unsupported.
  • [OF-2403] - Improve Admin Console's memory usage reporting
  • [OF-2408] - Address static analysis warnings in Crowd package
  • [OF-2409] - Remove obsolete 'type' and 'language' attributes on HTML elements. Use HTML5.
  • [OF-2413] - Include a stream error when closing a stream due to a problem.
  • [OF-2440] - Increase default cache sizes
  • [OF-2449] - Return error when a BOSH pause is requested that is higher than the maximum allowable pause.
  • [OF-2455] - Explicitly promote websockets in admin console
  • [OF-2494] - Upgrade HSQLDB to a more recent version.
  • [OF-2513] - Do not require authzid on SASL EXTERNAL for S2S
  • [OF-2514] - Differentiate between missing and empty initial SASL response
  • [OF-2521] - S2S: Allow 'client auth' (required for SASL EXTERNAL) by default
  • [OF-2523] - Use less predictable resource value
  • [OF-2540] - Update SLF4j to 2.x
  • [OF-2542] - Drop Java 8 support
  • [OF-2547] - Update Mockito to 3.4.0 or later
  • [OF-2556] - Support additional namespaces when parsing streams
  • [OF-2557] - Show TLS config on each session/connection
  • [OF-2560] - Improve Admin Console load time when RSS can't be reached
  • [OF-2563] - Replace Session status constants with enums
  • [OF-2564] - ServerSession's state should be set to 'authenticated' after authentication
  • [OF-2565] - Openfire should close stream if client is sending a stanza in violation of RFC 6120, section 7.1
  • [OF-2566] - Enable Websocket Stream Management resumption
  • [OF-2581] - Invite people to improve translations in admin console
  • [OF-2594] - When locating Openfire Home, consider 'tmp' file
  • [OF-2608] - Do not wait for timeout when Dialback connection is closed
  • [OF-2611] - Improve automated tests for S2S functionality
  • [OF-2612] - Upgrade JUnit from 4 to 5
  • [OF-2613] - Upgrade unit test database to version 34
  • [OF-2615] - Use ConnectionManager interface where possible
  • [OF-2616] - Bump Guava to latest release
  • [OF-2623] - Migrate LoginLimitManager's properties to SystemProperties
  • [OF-2624] - When providing Forms, use client's language
  • [OF-2633] - When S2S TLS is required, announce that
  • [OF-2638] - Update Installation guide to suggest it is not okay to open-admin-console-to-internet
  • [OF-2639] - Server-to-Server SASL EXTERNAL should not require authz
  • [OF-2642] - Remove (unused?) PEP restriction for XEP-0084
  • [OF-2644] - Do not use getters in Session#toString
  • [OF-2650] - Failed S2S due to peer's certificate being invalid should be less verbose
  • [OF-2653] - hostname validation should not try to resolve host
  • [OF-2654] - Implement toString() in various Netty classes
  • [OF-2663] - Don't overly verbose log receiving IQ responses addressed to the server
  • [OF-2669] - Update postgresql driver to 42.6.0
  • [OF-2670] - Netty debug should log remote address when available
  • [OF-2671] - S2S tester can stop waiting after a bounce
  • [OF-2673] - Prevent double-closure of outbound s2s session
  • [OF-2678] - Prefer XML data type usage over String manipulation
  • [OF-2693] - Make XML declaration (and newline) configurable
  • [OF-2697] - Set up multiple S2S connections concurrently
  • [OF-2699] - PacketRejection should allow for PacketError to be defined
  • [OF-2703] - Websocket 'open' should be a collapsed element
  • [OF-2706] - Restructure session details page
  • [OF-2707] - When closing session on admin console, kill its stream management
  • [OF-2708] - Ensure that Groups operate on bare JIDs
  • [OF-2713] - Update Bouncy Castle to 1.76
  • [OF-2714] - Switch to Java 1.8+ variant of Bouncy Castle
  • [OF-2724] - Resolve (non-breaking) errors while compiling plugin JSP pages against Openfire 4.8
  • [OF-2731] - Update support for XEP-0280: Message Carbons
  • [OF-2732] - Update bundled search plugin to 1.7.4
  • [OF-2746] - Add Content Security Policy (CSP) headers to web endpoints

Story

  • [OF-2527] - Include milliseconds in default log4j configuration
  • [OF-2573] - Add Name to Client Version column in Session Summary

New Feature

  • [OF-1574] - Add support for XEP-0352: Client State Indication
  • [OF-2474] - Allow IP-based access control to the admin console
  • [OF-2475] - Allow data to be persisted for future users.
  • [OF-2476] - Add trunking/gateway support to Openfire
  • [OF-2572] - Detect thread obtaining more than one database connection
  • [OF-2579] - Add Ukrainian translation
  • [OF-2646] - Allow property persistence to be skipped (for tests)
  • [OF-2658] - Dynamically modify Netty pipeline
  • [OF-2676] - Add support for XEP-0478: Stream Limits Advertisement
  • [OF-2753] - Kill detached session when resumption is attempted at different cluster node
  • [OF-2766] - Apply s2s permissions recursively
  • [OF-2770] - Add pub/sub debug logging

Task

  • [OF-1382] - Admin Console reuses `username` and `password` form fields, which fools browser auto-fill
  • [OF-2395] - Remove code that was deprecated prior to 4.7.0
  • [OF-2406] - Phase out calendarjs
  • [OF-2407] - Phase out /js/tooltip/*
  • [OF-2418] - Phase out Scriptaculous
  • [OF-2419] - Remove unused pngfix.js library
  • [OF-2420] - Phase out lightbox.js
  • [OF-2510] - Create documentation for using Openfire with clustered databases
  • [OF-2559] - Replace Apache MINA with Netty
  • [OF-2610] - Update shipped CA truststore
  • [OF-2647] - Remove 4.8 deprecation
  • [OF-2687] - Update Jetty to 10.0.18
  • [OF-2688] - Update Netty to 4.1.100
  • [OF-2691] - Update org.json:json to 20231013
  • [OF-2725] - Update dependency-check to 8.4.2
  • [OF-2726] - Update dom4j to 2.1.4
  • [OF-2727] - Update mysql-connector from 8.0.32 to 8.2.0
  • [OF-2728] - Remove Rome
  • [OF-2733] - Sync Openfire's truststore with Mozilla's shipped CAs
  • [OF-2767] - Don't have separate database CI workflow

Sub-task

  • [OF-2596] - Improve detection of path traversal
  • [OF-2597] - Add config option for using wildcards in AuthCheckFilter
  • [OF-2598] - Remove wildcard usage in AuthCheckFilter
  • [OF-2599] - Avoid having setup-specific auth-excludes after install
  • [OF-2600] - Upgrade Jetty
  • [OF-2604] - Bind admin console to loopback interface by default
  • [OF-2609] - Broken Tests - Expect NO_CONN, Get PLAIN_DIALB

Bug

  • [OF-880] - Server MUST return for IQ requests to unknown user. (RFC 6120 10.5.3.1.)
  • [OF-945] - Openfire returns Stanza error instead of Stream error when client tries to send stanzas over unauthenticated connections
  • [OF-1183] - Roster request denial is not pushed back to requester
  • [OF-1224] - No roster push after unsubscribe (probably only if presence subscription is not 'both")
  • [OF-1389] - PubSub Admin Console - Unable to click Node ID
  • [OF-1394] - PubSub Admin Console - Re-enabling service doesn't reload nodes
  • [OF-1399] - PubSub Admin Console - 'Max number of items to persist' appears configurable when it's not
  • [OF-1405] - S2S Connection Test - No validation on 'XMPP domain' field
  • [OF-1406] - S2S Connection Test - Able to edit results fields
  • [OF-1407] - S2S Connection Test - No indication on the page that anything is happening during search
  • [OF-1785] - In-band registration fails with websockets
  • [OF-1831] - TLS fails with "input record too big" exceptions
  • [OF-1913] - Various S2S interop issues
  • [OF-2242] - No possible to filter by Client Version on Sessions page
  • [OF-2378] - (deprecated) XMLProperties.getName() throws ClassCastException
  • [OF-2382] - When searching for shared groups by user, all groups are returned
  • [OF-2383] - Group methods are only validated on the frontend, or not at all
  • [OF-2391] - NPE during/directly after setup
  • [OF-2399] - Migrated System Properties report that restart is needed
  • [OF-2404] - Inbound presence 'subscribe' for preexisting contact MUST be auto-responded
  • [OF-2411] - Openfire fails to start because of a deadlock in XmlProperties' readWriteLock
  • [OF-2426] - Group cache can contain ghost entries
  • [OF-2429] - Fix count in database reconnect attempts
  • [OF-2435] - TLSv1.3 suffers from timing issue
  • [OF-2443] - SASL PLAIN should use authorization mapping
  • [OF-2492] - mvnw isn't executable
  • [OF-2551] - Server-to-Server TLS policy changes cause breakage
  • [OF-2552] - javax.el.MethodNotFoundException in offline-messages.jsp
  • [OF-2555] - Openfire allows S2S TLS to continue when certificate fails to validate
  • [OF-2567] - S2S with Direct TLS seems to be unstable
  • [OF-2568] - Stream Management roll-over detection
  • [OF-2580] - Make Portuguese locale selectable after setup
  • [OF-2590] - S2S Outbound must validate remote identity against certificate
  • [OF-2592] - Autosetup should not force the default database connection provider when using default auth provider
  • [OF-2595] - CVE-2023-32315 Admin Console Auth Bypass
  • [OF-2606] - Database errors keep getting logged when providing faulty db connection URL in setup
  • [OF-2614] - openfire-plugin-assembly is inflexible on project structure
  • [OF-2620] - Plugin-provided pages for the Admin Console should use Openfire assets for standard components
  • [OF-2621] - Incorrect link on MUC Service admin console page
  • [OF-2622] - Do not accept Dialback when disabled
  • [OF-2626] - Dialback status race condition
  • [OF-2627] - Deleting a group with a '+' character in its name fails
  • [OF-2630] - SystemProperties are not encrypted on Admin Console
  • [OF-2641] - Cannot establish S2S with conference subdomain
  • [OF-2648] - S2S stanza parsing of errors fails
  • [OF-2649] - CSI parsing error
  • [OF-2652] - To many exceptions when remote server sends to much data
  • [OF-2655] - Closing S2S session fails to close outbound
  • [OF-2656] - TLS information missing for outbound S2S connections
  • [OF-2657] - Stream parsing failure
  • [OF-2659] - Remote (ejabberd) servers close stream with 'duplicate attribute' stream error
  • [OF-2660] - Outbound DirectTLS S2S connections seem to stall
  • [OF-2661] - Peer closing stream leads to timeout
  • [OF-2662] - S2S prefix issue
  • [OF-2664] - S2S failure with isode.com
  • [OF-2665] - Cache state inconsistencies after Netty upgrade
  • [OF-2668] - Cannot compile plugin with web assets against Openfire 4.8 following Jetty upgrade
  • [OF-2672] - Netty Debug log incorrectly suggests class cast issue
  • [OF-2674] - Closing a Netty channel must close the underlying connection
  • [OF-2675] - HTTP ERROR 400 Invalid SNI on admin console after jetty upgrade for Openfire 4.8
  • [OF-2677] - Failure to process all UTF-8 characters
  • [OF-2680] - NullPointer in idle handler
  • [OF-2681] - Failure to define Dialback XML prefix
  • [OF-2682] - ConcurrentModificationException in Netty S2S
  • [OF-2689] - DirectTLS client-to-server (5223) broken
  • [OF-2690] - Incorrect namespace definitions on server dialback elements
  • [OF-2692] - NullPointerException in S2S when ID attribute is missing
  • [OF-2696] - Cannot resolve CAPS for MUC occupants
  • [OF-2698] - Netty idle state detects mixes 'read' and 'write' idle events
  • [OF-2700] - X-Forwarded-For header content not in audit log
  • [OF-2704] - Closing websockets should send `close` element
  • [OF-2705] - Route stanzas addressed to full JIDs of connected resource
  • [OF-2711] - CSI delays don't then deliver stanzas
  • [OF-2712] - Session accounting differs on alternate sides of the S2S conversation
  • [OF-2715] - Websocket 'close' frame whould be sent when closing a connection
  • [OF-2716] - Missing Copyright Notices
  • [OF-2730] - Stop S2S under strict verification mode, when TLS fails.
  • [OF-2734] - JspPropertyNotFoundException on Pubsub node detail page
  • [OF-2735] - Certificate Details doesn't show store name
  • [OF-2738] - Server-to-Server SNI issue / connecting to a host that serves multiple domains
  • [OF-2740] - Incorrect determination of macOS JAVA_HOME when none is set
  • [OF-2745] - MUC Occupants get kicked for being idle, after responding to idle check
  • [OF-2750] - CSI-enabled client does not receive Jingle invitations
  • [OF-2751] - Disable Stream Management when server closes stream with error
  • [OF-2752] - Disable Stream Management when server closes stream
  • [OF-2755] - NullPointerException in S2S when cluster node is switched off
  • [OF-2756] - setup fails to properly detect JRE 21
  • [OF-2757] - pub/sub notifications not sent to full JIDs on remote domains
  • [OF-2761] - NullPointerException when MUC Service processes an IQ result
  • [OF-2763] - HTTP requests for 'other' plugin files (eg: images) return 403
  • [OF-2764] - Typo in i18n key 'cliked'
  • [OF-2765] - Some mvn references aren't using mvnw

sha256sum values for release artifacts

6c24dd3c221219594237cbfd94b237dd51e853665a898c2e2a4f67bc57df415c  openfire-4.8.0-1.noarch.rpm
21609f9245cb3ea59ebaddd92aa2378daefb4c526f2b48f764bc61cba478f446  openfire_4.8.0_all.deb
fa337a050af5db86b3a0c05547b1c505f3dfe01f95264aecb046ad03e6e54007  openfire_4_8_0.dmg
daba71eec8eca9978e22add1198123c045218df95ae02c7d96567870a92a9c75  openfire_4_8_0.exe
e8b9dfb00e47477c9c6fd6cd4c5f3ac775c74ed9ded86c830f3b220a8cd8a15f  openfire_4_8_0.tar.gz
f0469bb13e38264ae69cb55006a88fd0572dd5b3c41fe1021d1c778336242bcb  openfire_4_8_0_x64.exe
4b940c4eefb7fcf3ae080983a671b6c5b7744ee95b12026f04b71e94f896f206  openfire_4_8_0.zip

Don't miss a new Openfire release

NewReleases is sending notifications on new releases.