Overview
Request 557840 accepted
- update to 4.2.1
Bug
[OF-1254] - Database update scripts for 25 set version 24
[OF-1450] - Some admin console text is hardcoded
[OF-1451] - Support for SNAPSHOT plugin versions
Improvement
[OF-1447] - Improve deployability of Maven artifacts to public repository.
[OF-1448] - Don't require i18n source files to be encoded.
[OF-1452] - Updated Russian Translation
- changes from 4.2.0
Sub-task
[OF-210] - Add support for Roster Versioning (aka XEP-0237)
[OF-548] - Find maven-managed artifacts to replace third-party libraries.
[OF-549] - Create "XMMP Server" module
[OF-552] - Create "Webadmin" module
[OF-553] - Create distribution module(s).
[OF-554] - Create parent plugin module
[OF-555] - Create plugin modules
Bug
[OF-394] - Shouldn't show an exception when creating room with illegal characters in JID
[OF-1134] - JustMarried: Allow roster alias to be changed
[OF-1145] - Avatar Resizer plugin issues when using LdapVCardProvider
[OF-1159] - System Property Encryption is not cluster aware
[OF-1193] - Avatar resizer plugin: ClassNotFoundException
[OF-1208] - Option to block anonymous logins from sending s2s packets
[OF-1250] - Old DWR causes CSRF, XSS in Admin Console
[OF-1262] - Error message for failed login on admin console contains moderator verbage
[OF-1308] - Openfire not closing stream gracefully with
[OF-1309] - S2S communication on wrong stream
[OF-1329] - Session fixation in admin web console
[OF-1335] - Forwarded messages rewritten to default namespace over S2S
[OF-1356] - Add a section about upgrading from x86 to x64 to Upgrade guide (Windows)
[OF-1366] - NullPointerException in Group lookup
[OF-1384] - Disco-item handler should process any domain
[OF-1393] - OpenFire randomString has too many digits
[OF-1400] - XSS in server name field
[OF-1401] - SMS error message handling doesn't escape content correctly
[OF-1403] - Muc admin doesn't escape group names correctly
[OF-1417] - CVE-2017-15911 XSS with domain in setup-host-settings.jsp
[OF-1422] - MUC Nick Sharing can cause rejoin to fail
[OF-1423] - Websocket message size is restricted to 65536
[OF-1424] - CME while calculating Group Cache stats
[OF-1427] - PEP should respond to service discovery
[OF-1429] - Closed BOSH sessions are still on admin console as client sessions
[OF-1430] - SCRAM-SHA-1 not offered when it should be, and maybe vice-versa
[OF-1431] - XMPP Ping without type= set causes a NPE
[OF-1436] - Sharing BOSH context should not prevent context restart.
[OF-1441] - test Maven dependencies being included in distribution
[OF-1442] - dom4j included twice in (maven) target directory
[OF-1443] - rpm install needlessly requires java-headless
[OF-1444] - mvn package is expanded environment variables
New Feature
[OF-35] - Create an admin console for pubsub
[OF-159] - Add an s2s testing feature
[OF-1336] - User Property Provider
[OF-1353] - Introduce 'priorToServerVersion' for plugins
[OF-1402] - XEP-0198 Resumption for Client Sessions
Task
[OF-1286] - Update shipped CA truststore
[OF-1316] - Update Tinder to 1.3.0
[OF-1320] - Update bundled JRE with the latest version
[OF-1339] - Merge websocket plugin with core
[OF-1380] - all.log should be exposed via Openfire Admin Console
[OF-1411] - Update bundled JRE with the latest version
[OF-1428] - Remove deprecated Clustering plugin
Improvement
[OF-200] - In user summary, display "currently logged in" instead of blank in last logout column
[OF-1030] - Monitoring Service plugin Search Archive Date Range field validation
[OF-1256] - Display the current clustering status on the admin screens
[OF-1306] - Cache LDAP UserDN searches
[OF-1313] - Add protection for Cross-Site Request Forgery in MoTD plugin
[OF-1314] - Add the ability to disabled delayed delivery (XEP-203)
[OF-1317] - Update dom4j from 1.6.1 to 2.0.0
[OF-1328] - Update JSTUN library in stunserver plugin
[OF-1368] - Add an informational message during failed login
[OF-1370] - inVerse plugin: hide registration tab when appropriate.
[OF-1373] - Check for changes in keystores
[OF-1379] - Packet interceptors should trigger on error response when s2s fails
[OF-1391] - Update bundled postgresql JDBC Driver to 42.1.4
[OF-1408] - Display cache expiry times, entry, hit and miss counts on the Cache Summary page
[OF-1409] - Audit clearing of caches
[OF-1410] - Allow openfire.bat to start in other folders
[OF-1413] - Clarify Candy and InVerse readme
[OF-1415] - Simplify certificate management
[OF-1418] - LDAPManager reports UserNotFoundException unnecessarily
[OF-1425] - Allow plugins to define a minimum Java version
[OF-1434] - Optimize sender check in PubSubEngine#createNodeHelper
[OF-1438] - Add option to replace private key
[OF-1445] - Cache reconfig without restart
- Created by ecsos
- In state accepted
- 4 package maintainers
Request History
ecsos created request
- update to 4.2.1
Bug
[OF-1254] - Database update scripts for 25 set version 24
[OF-1450] - Some admin console text is hardcoded
[OF-1451] - Support for SNAPSHOT plugin versions
Improvement
[OF-1447] - Improve deployability of Maven artifacts to public repository.
[OF-1448] - Don't require i18n source files to be encoded.
[OF-1452] - Updated Russian Translation
- changes from 4.2.0
Sub-task
[OF-210] - Add support for Roster Versioning (aka XEP-0237)
[OF-548] - Find maven-managed artifacts to replace third-party libraries.
[OF-549] - Create "XMMP Server" module
[OF-552] - Create "Webadmin" module
[OF-553] - Create distribution module(s).
[OF-554] - Create parent plugin module
[OF-555] - Create plugin modules
Bug
[OF-394] - Shouldn't show an exception when creating room with illegal characters in JID
[OF-1134] - JustMarried: Allow roster alias to be changed
[OF-1145] - Avatar Resizer plugin issues when using LdapVCardProvider
[OF-1159] - System Property Encryption is not cluster aware
[OF-1193] - Avatar resizer plugin: ClassNotFoundException
[OF-1208] - Option to block anonymous logins from sending s2s packets
[OF-1250] - Old DWR causes CSRF, XSS in Admin Console
[OF-1262] - Error message for failed login on admin console contains moderator verbage
[OF-1308] - Openfire not closing stream gracefully with
[OF-1309] - S2S communication on wrong stream
[OF-1329] - Session fixation in admin web console
[OF-1335] - Forwarded messages rewritten to default namespace over S2S
[OF-1356] - Add a section about upgrading from x86 to x64 to Upgrade guide (Windows)
[OF-1366] - NullPointerException in Group lookup
[OF-1384] - Disco-item handler should process any domain
[OF-1393] - OpenFire randomString has too many digits
[OF-1400] - XSS in server name field
[OF-1401] - SMS error message handling doesn't escape content correctly
[OF-1403] - Muc admin doesn't escape group names correctly
[OF-1417] - CVE-2017-15911 XSS with domain in setup-host-settings.jsp
[OF-1422] - MUC Nick Sharing can cause rejoin to fail
[OF-1423] - Websocket message size is restricted to 65536
[OF-1424] - CME while calculating Group Cache stats
[OF-1427] - PEP should respond to service discovery
[OF-1429] - Closed BOSH sessions are still on admin console as client sessions
[OF-1430] - SCRAM-SHA-1 not offered when it should be, and maybe vice-versa
[OF-1431] - XMPP Ping without type= set causes a NPE
[OF-1436] - Sharing BOSH context should not prevent context restart.
[OF-1441] - test Maven dependencies being included in distribution
[OF-1442] - dom4j included twice in (maven) target directory
[OF-1443] - rpm install needlessly requires java-headless
[OF-1444] - mvn package is expanded environment variables
New Feature
[OF-35] - Create an admin console for pubsub
[OF-159] - Add an s2s testing feature
[OF-1336] - User Property Provider
[OF-1353] - Introduce 'priorToServerVersion' for plugins
[OF-1402] - XEP-0198 Resumption for Client Sessions
Task
[OF-1286] - Update shipped CA truststore
[OF-1316] - Update Tinder to 1.3.0
[OF-1320] - Update bundled JRE with the latest version
[OF-1339] - Merge websocket plugin with core
[OF-1380] - all.log should be exposed via Openfire Admin Console
[OF-1411] - Update bundled JRE with the latest version
[OF-1428] - Remove deprecated Clustering plugin
Improvement
[OF-200] - In user summary, display "currently logged in" instead of blank in last logout column
[OF-1030] - Monitoring Service plugin Search Archive Date Range field validation
[OF-1256] - Display the current clustering status on the admin screens
[OF-1306] - Cache LDAP UserDN searches
[OF-1313] - Add protection for Cross-Site Request Forgery in MoTD plugin
[OF-1314] - Add the ability to disabled delayed delivery (XEP-203)
[OF-1317] - Update dom4j from 1.6.1 to 2.0.0
[OF-1328] - Update JSTUN library in stunserver plugin
[OF-1368] - Add an informational message during failed login
[OF-1370] - inVerse plugin: hide registration tab when appropriate.
[OF-1373] - Check for changes in keystores
[OF-1379] - Packet interceptors should trigger on error response when s2s fails
[OF-1391] - Update bundled postgresql JDBC Driver to 42.1.4
[OF-1408] - Display cache expiry times, entry, hit and miss counts on the Cache Summary page
[OF-1409] - Audit clearing of caches
[OF-1410] - Allow openfire.bat to start in other folders
[OF-1413] - Clarify Candy and InVerse readme
[OF-1415] - Simplify certificate management
[OF-1418] - LDAPManager reports UserNotFoundException unnecessarily
[OF-1425] - Allow plugins to define a minimum Java version
[OF-1434] - Optimize sender check in PubSubEngine#createNodeHelper
[OF-1438] - Add option to replace private key
[OF-1445] - Cache reconfig without restart
seilerphilipp accepted request
checked the sha1sum of the source code. Looks good
