- update to 4.2.3
  Bug
    [OF-1191] - Client certificate authentication with BOSH not working in Openfire 4.0.x
    [OF-1283] - SANCertificateIdentityMapping - Unable to parse a byte array (of length 42) as a subjectAltName 'otherName'. It is ignored.
    [OF-1464] - Can't update plugins via Admin Console
    [OF-1481] - NPE during bind (connection already null)
    [OF-1482] - Monitoring plugin: MAM query response for MUC should have a 'from'
    [OF-1483] - Monitoring plugin: ClassNotFound at startup
    [OF-1494] - SAN 'xmppAddr' OIDs are not properly encoded in generated certificates.
    [OF-1502] - CallbackOnOffline plugin is using wrong version number scheme
    [OF-1505] - TLS cert admin console page throws Exception
    [OF-1509] - Stream Management increments should be atomic
    [OF-1518] - Stored XSS in Property Name in Security Audit Viewer
  Improvement
    [OF-1490] - Update HTTP File Upload Plugin's component implementation.
    [OF-1493] - Allow admins to retrieve a PEM representation of installed certificates
    [OF-1501] - Use 'most appropriate' certificate when multiple are available.
    [OF-1507] - Handling of S2S stream errors.
    [OF-1519] - Add a section about firewall into Installation guide

• Files Changed
• Browse Source

- update to 4.2.2
  Bug
    [OF-1440] - The Group Chat Administrators web page has blank JIDs
    [OF-1460] - ClassCast Exception on admin console sessions listing when running hazelcast
    [OF-1468] - Group Chat History returns one message too many
    [OF-1470] - WebSocket endpoint should allow null path
    [OF-1478] - Hazelcast Plugin Memory Leaks
    [OF-1480] - LDAP auth fails with clustering plugin
  New Feature
    [OF-1469] - Implement XEP-0215 External Service Discovery
  Task
    [OF-1466] - Update bundled JRE with the latest version
  Improvement
    [OF-1454] - Add generic mapping function to AuthorizationBasedUserProviderMapper
    [OF-1455] - Allow for bulk XML property migration
    [OF-1461] - Making fastpath plugin compatible with openfire meetings
    [OF-1471] - Terminate streams upon invalid XEP-0198 acknowledges.
- fix build for openSUSE Leap 15.0 and Tumbleweed

• Files Changed
• Browse Source

- update to 4.2.1
 Bug
    [OF-1254] - Database update scripts for 25 set version 24
    [OF-1450] - Some admin console text is hardcoded
    [OF-1451] - Support for SNAPSHOT plugin versions
Improvement
    [OF-1447] - Improve deployability of Maven artifacts to public repository.
    [OF-1448] - Don't require i18n source files to be encoded.
    [OF-1452] - Updated Russian Translation
- changes from 4.2.0
 Sub-task
    [OF-210] - Add support for Roster Versioning (aka XEP-0237)
    [OF-548] - Find maven-managed artifacts to replace third-party libraries.
    [OF-549] - Create "XMMP Server" module
    [OF-552] - Create "Webadmin" module
    [OF-553] - Create distribution module(s).
    [OF-554] - Create parent plugin module
    [OF-555] - Create plugin modules
Bug
    [OF-394] - Shouldn't show an exception when creating room with illegal characters in JID
    [OF-1134] - JustMarried: Allow roster alias to be changed
    [OF-1145] - Avatar Resizer plugin issues when using LdapVCardProvider
    [OF-1159] - System Property Encryption is not cluster aware
    [OF-1193] - Avatar resizer plugin: ClassNotFoundException
    [OF-1208] - Option to block anonymous logins from sending s2s packets
    [OF-1250] - Old DWR causes CSRF, XSS in Admin Console
    [OF-1262] - Error message for failed login on admin console contains moderator verbage
    [OF-1308] - Openfire not closing stream gracefully with </stream:stream>
    [OF-1309] - S2S communication on wrong stream
    [OF-1329] - Session fixation in admin web console
    [OF-1335] - Forwarded messages rewritten to default namespace over S2S
    [OF-1356] - Add a section about upgrading from x86 to x64 to Upgrade guide (Windows)
    [OF-1366] - NullPointerException in Group lookup
    [OF-1384] - Disco-item handler should process any domain
    [OF-1393] - OpenFire randomString has too many digits
    [OF-1400] - XSS in server name field
    [OF-1401] - SMS error message handling doesn't escape content correctly
    [OF-1403] - Muc admin doesn't escape group names correctly
    [OF-1417] - CVE-2017-15911 XSS with domain in setup-host-settings.jsp
    [OF-1422] - MUC Nick Sharing can cause rejoin to fail
    [OF-1423] - Websocket message size is restricted to 65536
    [OF-1424] - CME while calculating Group Cache stats
    [OF-1427] - PEP should respond to service discovery
    [OF-1429] - Closed BOSH sessions are still on admin console as client sessions
    [OF-1430] - SCRAM-SHA-1 not offered when it should be, and maybe vice-versa
    [OF-1431] - XMPP Ping without type= set causes a NPE
    [OF-1436] - Sharing BOSH context should not prevent context restart.
    [OF-1441] - <scope>test</scope> Maven dependencies being included in distribution
    [OF-1442] - dom4j included twice in (maven) target directory
    [OF-1443] - rpm install needlessly requires java-headless
    [OF-1444] - mvn package is expanded environment variables
New Feature
    [OF-35] - Create an admin console for pubsub
    [OF-159] - Add an s2s testing feature
    [OF-1336] - User Property Provider
    [OF-1353] - Introduce 'priorToServerVersion' for plugins
    [OF-1402] - XEP-0198 Resumption for Client Sessions
Task
    [OF-1286] - Update shipped CA truststore
    [OF-1316] - Update Tinder to 1.3.0
    [OF-1320] - Update bundled JRE with the latest version
    [OF-1339] - Merge websocket plugin with core
    [OF-1380] - all.log should be exposed via Openfire Admin Console
    [OF-1411] - Update bundled JRE with the latest version
    [OF-1428] - Remove deprecated Clustering plugin
Improvement
    [OF-200] - In user summary, display "currently logged in" instead of blank in last logout column
    [OF-1030] - Monitoring Service plugin Search Archive Date Range field validation
    [OF-1256] - Display the current clustering status on the admin screens
    [OF-1306] - Cache LDAP UserDN searches
    [OF-1313] - Add protection for Cross-Site Request Forgery in MoTD plugin
    [OF-1314] - Add the ability to disabled delayed delivery (XEP-203)
    [OF-1317] - Update dom4j from 1.6.1 to 2.0.0
    [OF-1328] - Update JSTUN library in stunserver plugin
    [OF-1368] - Add an informational message during failed login
    [OF-1370] - inVerse plugin: hide registration tab when appropriate.
    [OF-1373] - Check for changes in keystores
    [OF-1379] - Packet interceptors should trigger on error response when s2s fails
    [OF-1391] - Update bundled postgresql JDBC Driver to 42.1.4
    [OF-1408] - Display cache expiry times, entry, hit and miss counts on the Cache Summary page
    [OF-1409] - Audit clearing of caches
    [OF-1410] - Allow openfire.bat to start in other folders
    [OF-1413] - Clarify Candy and InVerse readme
    [OF-1415] - Simplify certificate management
    [OF-1418] - LDAPManager reports UserNotFoundException unnecessarily
    [OF-1425] - Allow plugins to define a minimum Java version
    [OF-1434] - Optimize sender check in PubSubEngine#createNodeHelper
    [OF-1438] - Add option to replace private key
    [OF-1445] - Cache reconfig without restart

• Files Changed
• Browse Source

update to 4.1.6 and fix build error for Tumbleweed

- update to 4.1.6
Sub-task
    [OF-1020] - Admin Console Remote File Inclusion (RFI) Vulnerability
Bug
    [OF-1304] - SQL syntax error with monitoring plugin IQ Query Handler
    [OF-1362] - Websocket plugin fails when trying to use connection configuration
    [OF-1363] - NPE when displaying properties for non-existing user
    [OF-1366] - NullPointerException in Group lookup
    [OF-1374] - Pubsub publish NullPointerException
    [OF-1381] - User enumeration possible by SCRAM
New Feature
    [OF-1354] - Add option to Client Control plugin to disable Start a chat in Spark
Task
    [OF-1320] - Update bundled JRE with the latest version
Improvement
    [OF-1340] - Create x64 Windows Installer
    [OF-1349] - Create separate Windows installer with and without JRE
    [OF-1359] - Elevate webclients to top level menu in openfire admin UI
    [OF-1360] - Update inVerse plugin to match upstream Converse 3.1.0 release.
    [OF-1365] - Some caches should not be purgeable.
    [OF-1367] - BOSH URL should be based on FQDN, not XMPP domain.
    [OF-1369] - Don't advertise in-band registration for read-only user providers
- fix build error for Tumbleweed

• Files Changed
• Browse Source

update to 4.1.5

• Files Changed
• Browse Source

update to 4.1.4

• Files Changed
• Browse Source

update to 4.1.3 and insert/enable systemd

• Files Changed
• Browse Source

update to 4.1.1

• Files Changed
• Browse Source

update to 4.0.4

• Files Changed
• Browse Source

update to 4.0.3

• Files Changed
• Browse Source

update to 4.0.2

• Files Changed
• Browse Source

update to 4.0.1

• Files Changed
• Browse Source

update to 4.0.0

• Files Changed
• Browse Source

update to 3.10.3

• Files Changed
• Browse Source

update to 3.10.2

• Files Changed
• Browse Source

update to 3.10.0

• Files Changed
• Browse Source

fix requirements to build openfire for openSUSE_13.2

• Files Changed
• Browse Source

update to 3.9.3

• Files Changed
• Browse Source

update to openfire version 3.9.2

• Files Changed
• Browse Source

This release includes a patch that allows openfire to play nice with systemd under openSuSE.

Specifically, the pid file is handled very differently.  Systemd expects a pid file to be created upon start.  The init script also needs the pid file in order to shut the service down properly.

• Files Changed
• Browse Source