File openfire.changes of Package openfire
-------------------------------------------------------------------
Fri Apr 27 18:50:24 UTC 2018 - ecsos@opensuse.org
- update to 4.2.3
Bug
[OF-1191] - Client certificate authentication with BOSH not working in Openfire 4.0.x
[OF-1283] - SANCertificateIdentityMapping - Unable to parse a byte array (of length 42) as a subjectAltName 'otherName'. It is ignored.
[OF-1464] - Can't update plugins via Admin Console
[OF-1481] - NPE during bind (connection already null)
[OF-1482] - Monitoring plugin: MAM query response for MUC should have a 'from'
[OF-1483] - Monitoring plugin: ClassNotFound at startup
[OF-1494] - SAN 'xmppAddr' OIDs are not properly encoded in generated certificates.
[OF-1502] - CallbackOnOffline plugin is using wrong version number scheme
[OF-1505] - TLS cert admin console page throws Exception
[OF-1509] - Stream Management increments should be atomic
[OF-1518] - Stored XSS in Property Name in Security Audit Viewer
Improvement
[OF-1490] - Update HTTP File Upload Plugin's component implementation.
[OF-1493] - Allow admins to retrieve a PEM representation of installed certificates
[OF-1501] - Use 'most appropriate' certificate when multiple are available.
[OF-1507] - Handling of S2S stream errors.
[OF-1519] - Add a section about firewall into Installation guide
-------------------------------------------------------------------
Sat Feb 24 16:20:24 UTC 2018 - ecsos@opensuse.org
- update to 4.2.2
Bug
[OF-1440] - The Group Chat Administrators web page has blank JIDs
[OF-1460] - ClassCast Exception on admin console sessions listing when running hazelcast
[OF-1468] - Group Chat History returns one message too many
[OF-1470] - WebSocket endpoint should allow null path
[OF-1478] - Hazelcast Plugin Memory Leaks
[OF-1480] - LDAP auth fails with clustering plugin
New Feature
[OF-1469] - Implement XEP-0215 External Service Discovery
Task
[OF-1466] - Update bundled JRE with the latest version
Improvement
[OF-1454] - Add generic mapping function to AuthorizationBasedUserProviderMapper
[OF-1455] - Allow for bulk XML property migration
[OF-1461] - Making fastpath plugin compatible with openfire meetings
[OF-1471] - Terminate streams upon invalid XEP-0198 acknowledges.
- fix build for openSUSE Leap 15.0 and Tumbleweed
-------------------------------------------------------------------
Sun Dec 17 10:59:26 UTC 2017 - ecsos@opensuse.org
- update to 4.2.1
Bug
[OF-1254] - Database update scripts for 25 set version 24
[OF-1450] - Some admin console text is hardcoded
[OF-1451] - Support for SNAPSHOT plugin versions
Improvement
[OF-1447] - Improve deployability of Maven artifacts to public repository.
[OF-1448] - Don't require i18n source files to be encoded.
[OF-1452] - Updated Russian Translation
- changes from 4.2.0
Sub-task
[OF-210] - Add support for Roster Versioning (aka XEP-0237)
[OF-548] - Find maven-managed artifacts to replace third-party libraries.
[OF-549] - Create "XMMP Server" module
[OF-552] - Create "Webadmin" module
[OF-553] - Create distribution module(s).
[OF-554] - Create parent plugin module
[OF-555] - Create plugin modules
Bug
[OF-394] - Shouldn't show an exception when creating room with illegal characters in JID
[OF-1134] - JustMarried: Allow roster alias to be changed
[OF-1145] - Avatar Resizer plugin issues when using LdapVCardProvider
[OF-1159] - System Property Encryption is not cluster aware
[OF-1193] - Avatar resizer plugin: ClassNotFoundException
[OF-1208] - Option to block anonymous logins from sending s2s packets
[OF-1250] - Old DWR causes CSRF, XSS in Admin Console
[OF-1262] - Error message for failed login on admin console contains moderator verbage
[OF-1308] - Openfire not closing stream gracefully with </stream:stream>
[OF-1309] - S2S communication on wrong stream
[OF-1329] - Session fixation in admin web console
[OF-1335] - Forwarded messages rewritten to default namespace over S2S
[OF-1356] - Add a section about upgrading from x86 to x64 to Upgrade guide (Windows)
[OF-1366] - NullPointerException in Group lookup
[OF-1384] - Disco-item handler should process any domain
[OF-1393] - OpenFire randomString has too many digits
[OF-1400] - XSS in server name field
[OF-1401] - SMS error message handling doesn't escape content correctly
[OF-1403] - Muc admin doesn't escape group names correctly
[OF-1417] - CVE-2017-15911 XSS with domain in setup-host-settings.jsp
[OF-1422] - MUC Nick Sharing can cause rejoin to fail
[OF-1423] - Websocket message size is restricted to 65536
[OF-1424] - CME while calculating Group Cache stats
[OF-1427] - PEP should respond to service discovery
[OF-1429] - Closed BOSH sessions are still on admin console as client sessions
[OF-1430] - SCRAM-SHA-1 not offered when it should be, and maybe vice-versa
[OF-1431] - XMPP Ping without type= set causes a NPE
[OF-1436] - Sharing BOSH context should not prevent context restart.
[OF-1441] - <scope>test</scope> Maven dependencies being included in distribution
[OF-1442] - dom4j included twice in (maven) target directory
[OF-1443] - rpm install needlessly requires java-headless
[OF-1444] - mvn package is expanded environment variables
New Feature
[OF-35] - Create an admin console for pubsub
[OF-159] - Add an s2s testing feature
[OF-1336] - User Property Provider
[OF-1353] - Introduce 'priorToServerVersion' for plugins
[OF-1402] - XEP-0198 Resumption for Client Sessions
Task
[OF-1286] - Update shipped CA truststore
[OF-1316] - Update Tinder to 1.3.0
[OF-1320] - Update bundled JRE with the latest version
[OF-1339] - Merge websocket plugin with core
[OF-1380] - all.log should be exposed via Openfire Admin Console
[OF-1411] - Update bundled JRE with the latest version
[OF-1428] - Remove deprecated Clustering plugin
Improvement
[OF-200] - In user summary, display "currently logged in" instead of blank in last logout column
[OF-1030] - Monitoring Service plugin Search Archive Date Range field validation
[OF-1256] - Display the current clustering status on the admin screens
[OF-1306] - Cache LDAP UserDN searches
[OF-1313] - Add protection for Cross-Site Request Forgery in MoTD plugin
[OF-1314] - Add the ability to disabled delayed delivery (XEP-203)
[OF-1317] - Update dom4j from 1.6.1 to 2.0.0
[OF-1328] - Update JSTUN library in stunserver plugin
[OF-1368] - Add an informational message during failed login
[OF-1370] - inVerse plugin: hide registration tab when appropriate.
[OF-1373] - Check for changes in keystores
[OF-1379] - Packet interceptors should trigger on error response when s2s fails
[OF-1391] - Update bundled postgresql JDBC Driver to 42.1.4
[OF-1408] - Display cache expiry times, entry, hit and miss counts on the Cache Summary page
[OF-1409] - Audit clearing of caches
[OF-1410] - Allow openfire.bat to start in other folders
[OF-1413] - Clarify Candy and InVerse readme
[OF-1415] - Simplify certificate management
[OF-1418] - LDAPManager reports UserNotFoundException unnecessarily
[OF-1425] - Allow plugins to define a minimum Java version
[OF-1434] - Optimize sender check in PubSubEngine#createNodeHelper
[OF-1438] - Add option to replace private key
[OF-1445] - Cache reconfig without restart
-------------------------------------------------------------------
Thu Oct 12 09:12:38 UTC 2017 - ecsos@opensuse.org
- update to 4.1.6
Sub-task
[OF-1020] - Admin Console Remote File Inclusion (RFI) Vulnerability
Bug
[OF-1304] - SQL syntax error with monitoring plugin IQ Query Handler
[OF-1362] - Websocket plugin fails when trying to use connection configuration
[OF-1363] - NPE when displaying properties for non-existing user
[OF-1366] - NullPointerException in Group lookup
[OF-1374] - Pubsub publish NullPointerException
[OF-1381] - User enumeration possible by SCRAM
New Feature
[OF-1354] - Add option to Client Control plugin to disable Start a chat in Spark
Task
[OF-1320] - Update bundled JRE with the latest version
Improvement
[OF-1340] - Create x64 Windows Installer
[OF-1349] - Create separate Windows installer with and without JRE
[OF-1359] - Elevate webclients to top level menu in openfire admin UI
[OF-1360] - Update inVerse plugin to match upstream Converse 3.1.0 release.
[OF-1365] - Some caches should not be purgeable.
[OF-1367] - BOSH URL should be based on FQDN, not XMPP domain.
[OF-1369] - Don't advertise in-band registration for read-only user providers
- fix build error for Tumbleweed
-------------------------------------------------------------------
Sun Jul 2 20:55:38 UTC 2017 - ecsos@opensuse.org
- update to 4.1.5
Bug
[OF-1310] - Can`t delete last item of the pubsub node
[OF-1327] - Should not compare incomparable types
[OF-1330] - Can't enable database query statistics on the admin console
[OF-1332] - Update bundled MySQL driver to fix utf8mb4 databases
[OF-1334] - Monitoring Plugin displays "Archive index rebuild failed"
[OF-1348] - AuthBased*Provider try to use SortedSet without Comparable items
[OF-1355] - UserImportExport plugin: import should not fail when optional config is missing
Task
[OF-1343] - Update install guide about the automatic service installation
Improvement
[OF-1277] - Change setting name to Invisible Login and Status
[OF-1325] - Implement separate History settings in Client Control
[OF-1326] - Allow BOSH context to be re-used.
[OF-1338] - Minimum server version restrictions should ignore release status identifier
[OF-1341] - Windows Launcher requires to run "as administrator"
[OF-1342] - Remove "Run Openfire" from the final step of the installer
[OF-1347] - Group settings update
[OF-1350] - Be less strict when setting a password on a MUC room
[OF-1351] - Parse 'release' number
[OF-1352] - Plugin version number should not wrap
-------------------------------------------------------------------
Mon May 22 20:26:09 UTC 2017 - ecsos@opensuse.org
- update to 4.1.4
Bug
[OF-119] - Ldap issue (search filter and '@' encoding) [patch]
[OF-1272] - DBAccess plugin XSS
[OF-1273] - Javadoc will not build in Docker
[OF-1305] - Openfire doesn't load user names with multi-byte characters from LDAP/AD
[OF-1322] - EXTERNAL is always offered for C2S sessions
Task
[OF-1319] - Update bundled JRE with the latest version
Improvement
[OF-1292] - NPE in Admin Console when cancelling creating a new room
[OF-1295] - Add information about windows service into Upgrade Guide
[OF-1297] - Add another note about UAC to the documentation
[OF-1301] - Don't fail when default value for FQDN cannot be resolved.
[OF-1311] - Store a list as a property value.
[OF-1312] - Allow SASL mechanisms to be configured through the admin console.
[OF-1321] - Prevent stacktrace when using admin console with stale session.
[OF-1324] - OutgoingSessionPromise outgoing queue should be limited
-------------------------------------------------------------------
Tue May 2 16:53:28 UTC 2017 - ecsos@opensuse.org
- insert file openfire.service for systemd
- enable systemd and disable sysvinit for distributions which has
systemd.
-------------------------------------------------------------------
Fri Mar 10 18:41:16 UTC 2017 - ecsos@opensuse.org
- update to 4.1.3
Bug
[OF-1263] - Contact List sharing shows stale data
[OF-1269] - Admin Console shows wrong group affiliation information for some users
- update to 4.1.2
Bug
[OF-1195] - JDBCAuthProvider does not play nice with SCRAM
[OF-1271] - MUC History doesn't replay copy complex elements correctly after restart
[OF-1278] - Recursive Loop in SCRAM salt generation
[OF-1280] - Wrong ADD COLUMN syntax for Oracle Upgrade Scripts
[OF-1282] - Setting TLS_CERTIFICATE_VERIFY false does not properly work
[OF-1291] - MAM not advertised on chatrooms
Task
[OF-1270] - Remove obsolete information and update links in the Readme
[OF-1281] - Update installation package with the latest Java JRE
Improvement
[OF-1275] - Openfire is unable to connect to LDAPS when using TLSv1.1 or TSLv1.2
[OF-1288] - Monitoring plugin does not add queryid and id to MAM responses
[OF-1289] - Openfire should load jars in a predictable order
[OF-1290] - Stack Overflow in SASL EXTERNAL auth
-------------------------------------------------------------------
Wed Jan 4 13:42:39 UTC 2017 - ecsos@opensuse.org
- update to 4.1.1
Bug
[OF-1253] - Due to initial mysql schema failure, a new install will ask for current admin password and fail due to non-existent schema
[OF-1254] - Database update scripts for 25 set version 24
[OF-1255] - Invalid SQL syntax in Mysql installation script.
[OF-1257] - SQLServer syntax error java.sql.SQLException: Incorrect syntax near the keyword 'COLUMN'.
[OF-1260] - ClientControl plugin: Improve CSRF error message
New Feature
[OF-1258] - Add an option to Client Control plugin to disable Anonymous login in Spark
Improvement
[OF-1259] - Migrate XML property 'xmpp.fqdn'
- update to 4.1.0
Sub-task
[OF-777] - Admin Console Cross Site Request Forgery (CSRF) Vulnerability
[OF-836] - Multiple Reflected XSS Vulnerabilities in Admin Console
[OF-845] - XSS vulnerability in Monitoring Service pages in Admin Console
[OF-941] - CVE-2015-7707 Admin Console Privilege Escalation Vulnerability
[OF-997] - Admin Console: Frameable Response (potential Clickjacking)
[OF-1018] - The “alias” field on the Trust Store Import Form permits entry of JavaScript
[OF-1019] - Admin Cross Site Scripting (XSS) Vulnerabilities
[OF-1252] - Log null cache stores
Bug
[OF-355] - ldap.authorizeField property is ignored in LdapAuthorizationPolicy
[OF-477] - SASL server in OF creates digest-uri based on xmpp.fqdn but it sends xmpp.domain to the client
[OF-817] - ofMucConversationLog only persists body of groupchat stanzas
[OF-867] - Inconsistent use of keys in groupMetaCache
[OF-927] - Pressing enter should trigger Continue button on admin password setup page
[OF-942] - CVE-2015-6972 CVE-2015-6973 Admin Console Security Improvements
[OF-1013] - Setting StartTLS policy for S2S has no effect
[OF-1040] - Banning users from room does not result in proper exit
[OF-1041] - Using AD specific attribute breaks OpenLDAP support
[OF-1042] - NPE in stanza handler (after failed TLS?)
[OF-1045] - NPE with cluster management if cluster has not been started
[OF-1046] - Error 503 emitted sending update notifications to offline admins that are over offline storage quota
[OF-1051] - ConcurrentModificationException in PluginManager
[OF-1053] - i18n params fail when text has apostrophe
[OF-1054] - IllegalStateException when destroying MUC room prevents unavailable broadcast to be sent
[OF-1061] - MUC history and room subject are sent in wrong order
[OF-1063] - Avoid thread pool startvation under load
[OF-1079] - Database migration script for oracle has wrong syntax in v22
[OF-1081] - StartTLS policy 'required' ignored for S2S
[OF-1082] - Fix unicode read on BOSH
[OF-1083] - Cannot join room in a cluster after an availability update
[OF-1087] - Monitoring plugin gives invalid responses
[OF-1090] - Outcasts should not be allowed to register with room
[OF-1091] - Set affiliation to 'none' after removing registration from room
[OF-1093] - Prevent NPE on Admin Console user listing when user has no creationDate
[OF-1100] - SSL Certificate import should be more forgiving
[OF-1103] - Stun server plugin is not showing saved configuration
[OF-1104] - Scram support bypasses AuthProvider
[OF-1105] - Plugin-registered servlets won't work with uppercase characters in path
[OF-1116] - Java 7 incompatibility
[OF-1122] - GSSAPI fails
[OF-1126] - AbstractGroupProvider hides exception from interface definition
[OF-1129] - Setup truncates LDAP password to 30 characters
[OF-1132] - Monitoring plugin does not add namespace
[OF-1146] - LocalMUCRoom.addParticipant no longer works
[OF-1156] - Cache implementations should have consistent behavior regarding null keys
[OF-1167] - Fresh installation asks for a current password
[OF-1171] - Update message routing to RFC 6120
[OF-1173] - Add EXTERNAL to the list of default SASL mechanisms
[OF-1175] - noarch RPM should explicitly require jre-headless >= 7
[OF-1188] - Blacklisted s2s domain still consumes outbound available threads
[OF-1203] - Concurrency issues during plugin load/unload
[OF-1204] - When unloading a parent plugin, all children should be unloaded.
[OF-1206] - PrivacyManager does not share data between instances.
[OF-1207] - NullPointException in LocalMUCRoom canSendPrivateMessage
[OF-1212] - Monitoring plugin usage of LONG column type for Oracle
[OF-1213] - Add extension points to MUC
[OF-1220] - Allow logins with non-latin usernames
[OF-1228] - First startup emits NPE for AdminConsolePlugin HTTPS
[OF-1229] - [HSQL] PubSubPersistenceManager - statement is not in batch mode
[OF-1230] - Fastpath Service plugin not working
[OF-1233] - Incoming stream open response always contains IM domain
[OF-1236] - SASL code does not generate/handle equals sign properly in all cases
[OF-1239] - NPE in MultiUserChatServiceImpl#process(IQ) with null iqHandlers
[OF-1240] - Empty nicknames allowed even when MUC requires registration
[OF-1245] - Openfire fails to parse the subject alternate name of certs it generated itself.
[OF-1247] - Monitoring plugin database script fails
New Feature
[OF-190] - RFE: show openfire process owner on admin console
[OF-862] - Add support for XEP-313: Message Archive Management
[OF-1139] - User-to-Provider mapped User and AuthProvider
[OF-1197] - Support XEP-0227 Portable Import/Export Format for XMPP-IM Servers
[OF-1199] - Allow list of admins to be defined through JDBC.
[OF-1214] - Update MAM (XEP-0313) to support :0 and :1 versions
[OF-1225] - Add Russian translation for Search plugin
[OF-1232] - Fastpath now has JiveSharedSecretSaslServer requirement found in 4.1 Openfire
[OF-1246] - Support MAM (XEP-0313) for MUC (XEP-0045)
Task
[OF-1217] - Update install4j config file to match current release schema
Improvement
[OF-512] - Configurable host/IP for file transfers (streamhost / port 7777)
[OF-955] - Update HSQLDB to the latest version
[OF-1037] - Split bookmark from clientcontrol
[OF-1048] - Should not store chat state messages
[OF-1049] - Improve Certificate Store Management
[OF-1055] - Remove exclamation mark from the Search button
[OF-1056] - Have proper drop-in replacement for commons-logging
[OF-1057] - Upgrade Jetty to latest patch release of its 9.2 branch.
[OF-1085] - Allows dynamic setting of disco info handler and disco items handler
[OF-1088] - Update Chinese Simplified translation
[OF-1089] - XEP-0313: send IQ result only after messages
[OF-1092] - Allow SASL mechanisms to be plugged in
[OF-1094] - Allow UserProvider to be reset to default
[OF-1095] - Have uniform logging of plugin lifecycle
[OF-1096] - Update log4j to its latest release.
[OF-1097] - Make jabber:iq:auth (XEP-0078) optional
[OF-1098] - Anonymous authentication should not be enabled by default.
[OF-1111] - Bundle 64bit JVM with RPM artifact
[OF-1117] - Improve performance of monitoring plugin by adding database indexes.
[OF-1123] - Should not offer SASL mechanisms when there's no implementation.
[OF-1124] - Changing SASL config should not require restart
[OF-1125] - Use StreamID class instead of plain string
[OF-1133] - Allow JSP compilation with developmentMode=true
[OF-1147] - Improve Plugin Management
[OF-1149] - Improve (plugin) build speed
[OF-1150] - Add support for muc#roomconfig_allowpm
[OF-1162] - Update bundled postgresql driver to 9.4-1209
[OF-1170] - File Transfer Proxy should list on all addresses
[OF-1172] - Add support for a wildcard DNS override
[OF-1182] - Remove obsolete Releases news from RSS and expand Blog section
[OF-1184] - Improve Domain field's tooltip in the setup process
[OF-1189] - Get enum value from JiveGlobals
[OF-1194] - SMS notification
[OF-1196] - System properties should not be shortened when unnecessary.
[OF-1198] - Improve MUC error handling (don't try to respond to responses)
[OF-1205] - Show message when plugin manager is working
[OF-1227] - Improve Plugin servlet filter functionality
[OF-1238] - Introduce LocalMUCRoomManager to encapsule the simple management for LocalMucRooms
[OF-1241] - Add NT Hashing for JDBC connections
[OF-1244] - Help evaluate DNS SRV config
- clean spec-file
-------------------------------------------------------------------
Mon Dec 5 16:49:24 UTC 2016 - ecsos@opensuse.org
- update to 4.0.4
Bug
[OF-266] - Fastpath Form UI page in Admin Console doesnt show images
[OF-1141] - PEP nodes return no items when asked for all of them
[OF-1152] - XmlDebugger not printing non-interpreted xml traffic
[OF-1174] - MUC should respond to IQ queries
[OF-1177] - .deb requirement of default-jre is too strict and does not allow for side loaded Oracle
[OF-1180] - BOSH endpoints redirect all the requests with the trailing slash
[OF-1201] - BOSH servlet should close async context on exception
[OF-1202] - Proxool disconnects active threads after 5 minutes
[OF-1209] - s2s connection settings whitelisting does not work / console UI broken
[OF-1210] - correct time-to-live-seconds and MaxLifetime settings for hazelcast
[OF-1223] - Messages loaded from ofOffline are not sorted by time stamp leading to out-of-order receipt
[OF-1226] - Enable use of wildcard when searching users in LDAP
Task
[OF-1158] - Update installation package with the latest Java JRE
Improvement
[OF-1142] - Improve documentation part about UAC on Windows
[OF-1211] - Fix description of Broadcast disabling option in Client Control plugin
[OF-1221] - Add options from default.properties to Client Control plugin
-------------------------------------------------------------------
Fri Aug 19 08:18:09 UTC 2016 - ecsos@opensuse.org
- update to 4.0.3
Bug
[OF-1116] - Java 7 incompatibility
[OF-1118] - Check encryption protocol & cipher suite configuration against currently available ones.
[OF-1119] - TLS failure when certificate chain is a tree
[OF-1126] - AbstractGroupProvider hides exception from interface definition
[OF-1157] - max_items ignored for some admin commands
[OF-1165] - Stored Cross-Site Scripting
[OF-1168] - Invalid Oracle DDL statements for Oracle 11g
[OF-1169] - Debian dpkg java requirements should allow for java 7 or java 8
New Feature
[OF-1128] - Avatar Resizer plugin
Task
[OF-1062] - Update installation package with the latest Java JRE
Improvement
[OF-1099] - Update StartCom Class 1 DV Server CA
[OF-1120] - Change default behavior of Email on Away plugin
[OF-1142] - Improve documentation part about UAC on Windows
[OF-1161] - Sync Openfire's truststore with Mozilla's shipped CAs
-------------------------------------------------------------------
Sun Apr 17 21:59:21 UTC 2016 - ecsos@opensuse.org
- update to 4.0.2
Bug
[OF-829] - Ghost sessions left on a server when using Pidgin client
[OF-954] - Openfire clustering fails to correctly sync MUC room occupants
[OF-1082] - Fix unicode read on BOSH
[OF-1083] - Cannot join room in a cluster after an availability update
[OF-1087] - Monitoring plugin gives invalid responses
[OF-1090] - Outcasts should not be allowed to register with room
Improvement
[OF-1086] - Update bundled JRE to 1.8u74
[OF-1089] - XEP-0313: send IQ result only after messages
[OF-1107] - Add option to not show email in Email on Away plugin
-------------------------------------------------------------------
Fri Feb 5 23:32:36 UTC 2016 - ecsos@opensuse.org
- update to 4.0.1
Bug
[OF-1040] - Banning users from room does not result in proper exit
[OF-1041] - Using AD specific attribute breaks OpenLDAP support
[OF-1042] - NPE in stanza handler (after failed TLS?)
[OF-1045] - NPE with cluster management if cluster has not been started
[OF-1046] - Error 503 emitted sending update notifications to offline admins that are over offline storage quota
[OF-1051] - ConcurrentModificationException in PluginManager
[OF-1053] - i18n params fail when text has apostrophe
[OF-1054] - IllegalStateException when destroying MUC room prevents unavailable broadcast to be sent
Improvement
[OF-1048] - Should not store chat state messages
[OF-1049] - Improve Certificate Store Management
[OF-1055] - Remove exclamation mark from the Search button
[OF-1057] - Upgrade Jetty to latest patch release of its 9.2 branch.
-------------------------------------------------------------------
Fri Jan 15 10:54:36 UTC 2016 - ecsos@opensuse.org
- update to 4.0.0
Sub-task
[OF-454] - Openfire does not send user presence information to all resources of the user
[OF-547] - Create branch of code to test-drive new setup.
[OF-631] - Implement SCRAM support
[OF-834] - Admin console login.jsp allows redirects to non-local URIs
[OF-997] - Admin Console: Frameable Response (potential Clickjacking)
[OF-1022] - Reflected XSS vulnerability in muc-room-edit-form.jsp params in Admin Console
Bug
[OF-122] - Shouldn't allow subject change, when it is forbidden in room settings
[OF-317] - Subscribe with Response Unsubscribed Causes Roster Push to Responding Client
[OF-373] - Ant buildscript should not check for explicit Ant version numbers
[OF-484] - Windows installer getting stuck on Uninstalling the previous version
[OF-509] - Unable to disable weak ciphers
[OF-793] - javax.net.ssl.SSLException: Unsupported record version Unknown-47.115
[OF-798] - Embedded RSS/community links need to be updated for new (SSL) locations
[OF-821] - MUC service returns wrong number of occupants and duplicate occupants in service discovery
[OF-856] - Monitoring plugin uses secs attribute relative from beginning message instead of last message
[OF-868] - User name update does not propagate to the affected roster(s)
[OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
[OF-898] - Timestamp parsing fails when fractions of seconds are supplied.
[OF-905] - Admin console taglib URI does not correspond with usage.
[OF-906] - SSO does not work with Openfire + Java 8
[OF-913] - lib/log4j.xml should be denoted as a config file in the installers
[OF-915] - Private Storage should return an error if feature is disabled
[OF-918] - Character encoding issue in BOSH
[OF-919] - Update jDTS driver to 1.3.1 Release
[OF-921] - MUC Group ACLs are not updated when users join a group
[OF-922] - Major performance hit with MINA 2.0.9 vs 2.0.7
[OF-928] - Error with adding presence to MUC presence stanza
[OF-930] - Overlay enhancements
[OF-932] - XEP-0202 Entity Time should respect Daylight Saving Time
[OF-934] - Buildscript: preset javac configuration should have all shared properties
[OF-936] - Plugins build should fail fast by default
[OF-939] - NPE in ScramSha1SaslServer#getStoredKey
[OF-958] - Setup fails with StackOverflowException
[OF-959] - Database installation script does not set correct version
[OF-964] - message body tag getting empty xmlns set sometimes when BOSH client is in MUC room
[OF-974] - Copy cache content when updating cache factory strategy
[OF-976] - Language is not properly set in HttpSession
[OF-982] - jabber:iq:last queries without 'to' attribute should not return server uptime
[OF-983] - Deadlock (federation)
[OF-984] - Deadlock (MUC / federation?)
[OF-985] - Missing to attribute in stream open
[OF-986] - Dialback verify-only connections do not negotiate TLS
[OF-987] - MUC Freezes when someone joins from federated domain
[OF-988] - Sometimes, messages are duplicated in MUC
[OF-989] - BOSH packet delivery fails for larger packets with WritePendingException
[OF-992] - BOSH fails when disabling/re-enabling the port
[OF-995] - Parent Plugin case sensitivity
[OF-996] - NullPointerException on Admin Console /audit-policy.jsp
[OF-998] - Openfire build should not need internet connectivity
[OF-999] - BOSH worker threads should be configurable
[OF-1000] - Audit file log rotation causes NullPointerException
[OF-1002] - NPE during connection close with XEP-0198
[OF-1003] - Exception during <a/> propcessing in XEP-0198
[OF-1008] - Iteratively failure to deliver message
[OF-1009] - [s2s] Federation issue with talkonaut.com
[OF-1010] - LDAPS fails
[OF-1023] - Roster cache not being updated for shared group changes
[OF-1025] - web-custom.xml fails to load
[OF-1028] - NoSuchElement Exception in XEP-0198 support
Improvement
[OF-675] - Add a comment about restarting in Managing Plugins section of documentation
[OF-844] - CertificateManager logs useless warning messages
[OF-892] - Mutual authentication support
[OF-925] - AdHoc SessionData should be extensible
[OF-931] - Improve installation guide
[OF-935] - During build, parentPlugin should be on classpath
[OF-940] - Update bundled postgresql driver to 9.4-1202
[OF-951] - Drop support for the Solaris platform
[OF-953] - Replace antiquated JSP libraries
[OF-956] - Admins should be able to configure cryptographical protocols & cypher suites
[OF-957] - AuditManager Module does not load properly
[OF-969] - Delete URLUTF8Encoder.java in favor of java.net.URLEncoder.
[OF-970] - Modernize XMLProperties with Java NIO.2 File API
[OF-971] - Add PropertyListener support to AuditManagerImpl
[OF-972] - Remove unused classes
[OF-973] - Tests should retrieve resources from the classpath rather than files.
[OF-975] - JDBCAuthProvider: add support for bcrypt and more
[OF-981] - Remove 'ant-jive-edition' and 'qdox' libraries from build
[OF-991] - In Ant buildfile, use properties instead of hardcoded value.
[OF-993] - Remove thread factory code duplication
[OF-1004] - Improve connection configuration in admin console
[OF-1005] - Undo module loading driven by a file
[OF-1007] - Improve support for whitelisting/blacklisting client IP addresses
[OF-1011] - When importing PEM certificates, ignore leading/trailing whitespace
[OF-1029] - Overlay should be able to override web.xml
[OF-1033] - Orderly shutdown of MUC Service
New Feature
[OF-446] - Implement XEP-0198: Stream Management
[OF-682] - Add Portuguese translation
[OF-923] - FileTransferManager should generate 'complete' event.
[OF-946] - Allow for multiple sets of keystores
[OF-947] - Overlay should support i18n
[OF-948] - Overlay should allow modification of src/resources
[OF-950] - Buildscript should be able to clean one plugin
[OF-967] - Add option to use Name as a nickname when adding muc bookmark
Story
[OF-990] - Remove support for Legacy Date Time (XEP-0090 / 91)
Task
[OF-767] - Bundle Openfire with Java 8 SE JRE
[OF-1001] - Drop Clearspace support
[OF-1016] - Add explanation to setup about default admin password
-------------------------------------------------------------------
Wed Nov 18 18:25:29 UTC 2015 - ecsos@opensuse.org
- update to 3.10.3
Bug
[OF-332] - ldap.connect.timeout not working with SSL connection
[OF-477] - SASL server in OF creates digest-uri based on xmpp.fqdn but it sends xmpp.domain to the client
[OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
[OF-887] - ldap.readTimeout not used when LDAP getContext() is called for queries
[OF-903] - ISE attempting to write data to a closed/closing session
[OF-918] - Character encoding issue in BOSH
[OF-926] - Clients can't authenticate using LDAP SSL
[OF-938] - BOSH packet namespace issue
[OF-949] - Offline message delivery failures
[OF-954] - Openfire clustering fails to correctly sync MUC room occupants
[OF-966] - failure tag not closed for TLS Negotiation Failure
New Feature
[OF-933] - Update websocket support per RFC 7395
-------------------------------------------------------------------
Sun Jul 5 22:50:58 UTC 2015 - ecsos@opensuse.org
- update to 3.10.2
Bug
[OF-992] - Downgrade Apache MINA to version 2.0.7 to fix performance and 100% CPU issue
[OF-924] - Enable LDAP SSL Connection Pooling
- changes from 3.10.1
Bug
[OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
[OF-883] - High CPU usage and hangup after a few days of running
[OF-889] - NPE on Admin Console (client sessions listing)
[OF-907] - SSLv2 Hello is rejected; prevents some clients connecting
[OF-909] - BOSH response should return ack attribute
[OF-910] - MUC de-synchronization issues
[OF-916] - Deadlock with MINA sslFilter
-------------------------------------------------------------------
Fri Apr 24 18:36:17 UTC 2015 - ecsos@opensuse.org
- update to 3.10.0
Bug
[OF-116] - Add a text explaining the path used for http-binding
[OF-397] - Do not deliver offline messages to clients with negative priority
[OF-405] - Openfire fails to verify chained certificates
[OF-444] - Jingle Nodes plugin should use lowercase in i18n file's name
[OF-460] - Debug log is not saving its state between restarts
[OF-474] - OpenFire still provides entry forms for already-registered room users
[OF-560] - Restore or drop support for Pack200 compression
[OF-565] - ConnectionHandler has parsing problems due to use of hashcode under heavy load.
[OF-629] - Remove XMPP Sessions
[OF-670] - MUC user count not kept in sync across cluster nodes
[OF-736] - Openfire should return <incorrect-encoding/> SASL failure, when not using base64 encoding
[OF-754] - Lock out user option works incorrectly in some cases
[OF-778] - Setup LDAP broken during initial openfire configuration
[OF-786] - Muc - grant membership: nickname is not stored
[OF-794] - Client sessions for failed cluster nodes are not being cleaned up properly
[OF-795] - Unable to disable Message Carbons after they have been enabled by the client
[OF-796] - Plugin version check should be numeric rather than textual
[OF-799] - Changing server 2 server idle settings has broken UI
[OF-800] - Encryption setting wrong when adding a property via System Properties page
[OF-802] - MUC Invites result in 404
[OF-803] - Message Carbons may throw org.dom4j.IllegalAddException, resulting in disconnection
[OF-804] - Joining a locked MUC room should return <item-not-found/> instead of <recipient-unavailable/>
[OF-805] - [MUC] OF does not return all affiliated users when requesting multiple affiliations
[OF-806] - Flash client connection closing with invalid_namespace error
[OF-807] - S2S whitelist form saving domains with "-" without it
[OF-811] - Remove deprecated "xml-not-well-formed" error in favor of "not-well-formed"
[OF-812] - Monitor plugin fails to handle start date properly
[OF-813] - Memory leak
[OF-818] - Message routing to bare JID can route to negative priority resources
[OF-819] - IQs (e.g. XMPP Pings) of type error get falsely routed to IQ.createResult() which results in an Exception and connection termination
[OF-822] - If a non-occupant sends a request to an occupant, a MUC service MUST return a <bad-request/> error.
[OF-823] - Numeric overflow in MUCPersistenceManager when loading history older than 24 days.
[OF-830] - LDAP shared groups disappear after some time
[OF-832] - Monitoring plugin fixes
[OF-837] - PubSub should return non-persistent items (last published item)
[OF-839] - Forwarded extension should not overwrite extension namespaces of the forwarded message.
[OF-840] - BOSH <stream:features> does not include <register/>
[OF-845] - XSS vulnerability in Monitoring Service pages in Admin Console
[OF-849] - Error decoding subjectAltName DERTaggedObject cannot be cast to ASN1Sequence
[OF-853] - XEP-0077 Registration must return <not-acceptable/> if username or password are unspecified.
[OF-855] - Openfire looses messages when multiple senders send messages to the same receiver that looses connection
[OF-857] - c2s stop responding, new connections hang
[OF-859] - Remove static service id reference in Node.class
[OF-860] - No MUC status code 110 (self-presence) after joining a room with more than one user
[OF-861] - Disable SSLv3 by default as per POODLE vulnerability
[OF-863] - Multiple NPEs encountered when running under high load/latency in cluster mode (via hazelcast plugin)
[OF-864] - Cleanup routes from defunct cluster member servers
[OF-866] - Unexpected "session not found" errors under load
[OF-870] - stanza with multiple "to" attributes generated after restart
[OF-874] - disco#items request SHOULD return connected or available resources
[OF-875] - Roster requests to bare JID of the user are not responded
[OF-876] - IQRosterHandler does not respect error cases in RFC 6121 § 2.3.3.
[OF-877] - BOSH connector does not properly restart after a configuration change
[OF-878] - NPE in MINAStatCollector
[OF-881] - NIOConnection Thread Deadlock when two clients in each others roster simultaneously disconnect
[OF-884] - Auditor uses wrong hour for file rotation
[OF-885] - Use non-blocking, async API for BOSH servlet
[OF-886] - Openfire fails to parse CDATA when it ends with sequence ]]]>
[OF-888] - s2s locks up with gmail
[OF-890] - BOSH client connections sometimes failing
[OF-894] - Openfire tries to close a closing session over and over.
[OF-895] - Update postgresql driver to support PostgreSQL 9.4
[OF-896] - Default client compression inconsistency
[OF-897] - GZipFilter fails on Async BOSH servlet
Improvement
[OF-189] - do not use com.sun.* classes
[OF-593] - LocaleUtils.java_dots_ to_underscores_i18n _bundles
[OF-797] - Move ant-tasks in subdirectory (and delete ant.jar)
[OF-801] - Extend ant build script to support multi-platform binaries that do not have a file extension
[OF-828] - Add the MUC service plugin to Openfire plugins
[OF-835] - Prevent fast clients flooding Openfire causing OutOfMemoryError
[OF-838] - Allow for custom lib and conf file placement
[OF-841] - Add a note about UAC to the Installation Guide
[OF-842] - Additional properties in User Properties view
[OF-847] - Upgrade bouncycastle from 1.50 to 1.51
[OF-850] - Improve initialization state for JiveGlobals
[OF-869] - Update Jetty to 9.2.x version
[OF-893] - Mutual Authentication Broken for BOSH
New Feature
[OF-69] - Add "Groups user belongs to" column to the User Summary page
[OF-179] - Allow MUC permissions to be set using groups
[OF-250] - Allow to configure the groups of a user from the user profile
[OF-324] - Offline Email Notification
[OF-843] - Upgrade clustering components for new Session API method
Task
[OF-421] - Update MINA library to latest version
[OF-466] - Drop Java 5 support
[OF-709] - Update Jetty from 7.4 to 9.1
[OF-831] - A typo on Database Settings page during setup
[OF-901] - Update bundled JRE to 1.7.0_76
-------------------------------------------------------------------
Fri Dec 19 09:24:16 UTC 2014 - ecsos@opensuse.org
- insert requirements for building in openSUSE_13.2
xerces-j2-xml-apis xerces-j2-xml-resolver
-------------------------------------------------------------------
Wed Jun 18 23:13:34 UTC 2014 - ecsos@opensuse.org
- update to 3.9.3
Openfire Bugfix
[OF-2] - LocalOutgoingServerSession logs connection failures over verbosely
[OF-746] - Use update-alternatives to set JAVA_HOME on debian
[OF-779] - fetching from LDAP should escape results
[OF-780] - Update reCaptcha for HTTPS
[OF-781] - ConcurrentModificationException in kickPresence
[OF-782] - Wrong URL generated for editing groups with space in the names
[OF-783] - Apply encryption to secure properties during setup
[OF-784] - Possible NullPointerException in MessageRouter logic
[OF-787] - TLS server to server connections are not working with 3.9.2
[OF-788] - UserService plugin should not reset group properties when adding user to group
[OF-789] - Invalid token in Pubsub item purge SQL
[OF-791] - Joining new MUC room results in a 404 error
Openfire Improvement
[OF-744] - Replace package.html with package-info.java
-------------------------------------------------------------------
Sat May 3 23:51:02 UTC 2014 - marcelloceschia@users.sourceforge.net
- update to 3.9.2
Openfire Bugfix
[OF-24] - "Issue with IQ subscription="remove"
[OF-114] - Clearing cache can lock up MUC
[OF-183] - Bad-namespace prefix is actually invalid-namespace?
[OF-193] - Last logouts are not recorded when server is shut down
[OF-297] - fix: mutual roster deletion problem
[OF-303] - fix Flexible Offline Message Retrieval (XEP-0013) support
[OF-455] - Some unicode pattern in status message can break the session connection
[OF-471] - Error integrity of the compressed stream
[OF-544] - MUC change affiliation/role - admin IQ item processing bug
[OF-562] - Broadcasting roles for MUC are not loaded correctly from DB
[OF-633] - Current OfflineMessageStore logic discards valid MUC invites
[OF-640] - log4j doesn't pick up ${openfireHome}
[OF-669] - Visually failed first login to Admin Console
[OF-686] - Anonymous registration permits name with javascript payload
[OF-687] - MUC topic permits javascript payloads
[OF-692] - Node column in ofSecurityAuditLog table should accept NULL entries
[OF-693] - openfire init script target reload should not call restart
[OF-699] - Race condition during cluster initialization (Hazelcast plugin)
[OF-705] - Admin console (XSS) vulnerability lets attacker change admin password or create new admin
[OF-706] - Openfire does not close the stream with a stream error if the namespace is not 'http://etherx.jabber.org/streams'
[OF-717] - The BOSH implementation should include a 'from' attribute in its session creation response.
[OF-720] - Roster deletion of userB by userA should not remove userA from userB's roster
[OF-722] - Openfire should save XEP-0184 delivery receipts as offline message
[OF-725] - Openfire must return a service-unavailable error when blocking an IQ of type get or set because of a privacy list. OF should return error if a message stanza is blocked
[OF-731] - HybridUserProvider does not initialize correctly
[OF-733] - OF should not silently close a connection, when receiving a message without 'to' attribute
[OF-734] - Openfire cannot deal with SASL <abort/>
[OF-735] - Openfire should return <invalid-mechanism/> SASL failure, when requesting an unknown mechanism
[OF-741] - Debian Installer should allow Java7 as a prereq
[OF-742] - MUC Service sends "disturbing" service messages.
[OF-743] - MUC room does not return its identity or features, when querying for room info
[OF-745] - Use TLS-dialback even if that mechanism is not advertised
[OF-746] - Use update-alternatives to set JAVA_HOME on debian
[OF-751] - NPE on PubSubEngine#shutdown on server shutdown
[OF-753] - Improve init script to work with opensuse and fix logic with PID file
[OF-755] - Monitoring plugin database fixes
[OF-756] - Fix Postgres purge process error
[OF-757] - Allow s2s message of subdomain of XMPP domain when no components are found
[OF-759] - Update bundled postgresql driver to PostgreSQL 9.3 JDBC4 (build 1101)
[OF-760] - MUC service does not include "self-presence" status code 110
[OF-761] - OF must return <jid-malformed/> instead of <bad-request/> when joining a MUC room without nickname
[OF-769] - Fix typo in monitoring plugin
[OF-770] - CVE-2014-2741 Uncontrolled Resource Consumption with XMPP-Layer Compression
[OF-772] - IQ type="result" getting java.lang.IllegalArgumentException
[OF-774] - Needless code in AuthorizationManager
Openfire Improvements
[OF-163] - fix RosterItemProvider.getItems() for Oracle
[OF-298] - EntityCapabilityManager should not use a clustered cache
[OF-309] - Privacy Lists drop messages silently
[OF-411] - Admin or owner should be able to join a room when it has reached maximum occupants number
[OF-464] - Verify if there were packets pending to be sent and decide what to do with them
[OF-569] - Add deluser adhoc command
[OF-592] - build.xml_chmod_executables.patch
[OF-594] - PluginServlet.java_support_registering_servlets_programmatically.patch
[OF-729] - Upgrade Hazelcast plugin to latest release version (3.1.x)
[OF-730] - Migrate operational configuration properties from openfire.xml to DB
[OF-749] - Upgrade bouncycastle library from 1.49 to 1.50 to keep up with JitsiVideobridge
[OF-764] - Group chat history (MUC) should match configuration after server restart
[OF-771] - MUC service should flush recent history before shutting down
Openfire Features
[OF-125] - Restrict discovery of rooms based on users membership
[OF-206] - Add HybridUserProvider
[OF-347] - The domain should add support for Last Activity requests
[OF-638] - Add support for XEP-0202: Entity Time
[OF-682] - Add Portuguese translation
[OF-714] - Add ability to encrypt properties so they are encrypted in the db and do not appear in the admin console.
[OF-758] - Add support for XEP-0280 "Message Carbons"
[OF-775] - Improve logging of invalid presence show
Openfire Tasks
[OF-728] - Update installation package with the latest Java JRE
Openfire Sub-task
[OF-10] - Pubsub event message with SHIM information holding multiple subscriptions should have the name='SubID'.
[OF-103] - [MUC] Allow nicknames to be used more than once in the same room
-------------------------------------------------------------------
Thu Feb 6 22:51:04 UTC 2014 - ecsos@opensuse.org
- update to 3.9.1
Openfire Improvements
[OF-697] - Update bundled MySQL JDBC driver to the newest 5.1.x version
[OF-715] - Update Openfire bouncycastle library from 1.46 to 1.49
Openfire Features
[OF-727] - Configuration option to disable presence broadcast for other resources on single user
Openfire Tasks
[OF-513] - Update installation package with the latest Java JRE (1.7.0_2 or higher)
-------------------------------------------------------------------
Thu Feb 6 18:57:27 UTC 2014 - ecsos@opensuse.org
- update to 3.9.0
Openfire Bug Fixes
[OF-454] - Openfire does not send user presence information to all resources of the user
[OF-496] - javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
[OF-676] - Pressing on workgroup in Fastpath causes an exception
[OF-677] - Monitoring Plugin - "Null" reappearing in Archive for Message Body
[OF-678] - Monitoring Plugin - Ever expanding Index
[OF-680] - Packet Filter Plugin does not allow creation of wildcard rules
[OF-718] - Fix Debian initscript to support more JAVA_HOME paths
[OF-719] - Userservice plugin leaves user roster items in DB when user is deleted
Openfire Improvements
[OF-654] - Openfire failes to create tables on MySQL 5.6
[OF-679] - Packet Filter - Add option for "All Groups" and auto creation of rules based on Openfire Group Settings
[OF-700] - Add a method to refresh a MUC room
[OF-701] - Better group properties handling
[OF-703] - UserService Plugin - Auto-create shared groups if not existing
[OF-704] - Make LDAP connection timeout configurable
[OF-715] - Update Openfire bouncycastle library from 1.46 to 1.49
Openfire New Features
[OF-681] - Add ability to search plugin to be able to restrict searching for users to only the group a user is in
[OF-716] - Add Jitsi Videobridge plugin to Openfire plugins
Openfire Task Fixes
[OF-698] - Bump version on all bundled openfire plugins, bump min version due to distributing java6 binaries now
-------------------------------------------------------------------
Sun Jun 16 22:27:17 UTC 2013 - ecsos@opensuse.org
- update to 3.8.2
Openfire Improvements
[OF-342] - Add CORS headers to HTTP-Binding/BOSH
[OF-393] - Group names with <> should be properly HTML escaped
[OF-650] - Add support for X-Forwarded-For (XFF) headers from proxied BOSH clients
[OF-655] - Add configurable JMX support
[OF-657] - Merge Atlassian Crowd provider into Openfire core
[OF-660] - Enhance the sessions pages (summary/detail) in the admin console
[OF-674] - Add roster management capabilities to userservice plugin
Openfire Bug Fixes
[OF-14] - Subscriptions to pubsub node should be based on the JID as supplied, not the bare JID
[OF-108] - Admin Console is adding BR tags when editing system property containing string with newlines
[OF-453] - Ensure HttpSession is terminated properly by session reaper
[OF-465] - Kicking MUC occupant on server is not propagated to clients
[OF-476] - FlashCrossDomainHandler causes infinite loop under some circumstances
[OF-477] - SASL server in OF creates digest-uri based on xmpp.fqdn but it sends xmpp.domain to the client
[OF-595] - Security audit logviewer is not escaping tags
[OF-646] - XmppDateTimeFormat is unable to parse date Strings
[OF-653] - BOSH deadlock
[OF-656] - Fix crossdomain.xml for BOSH
[OF-659] - JDBCUserProvider returns all users for a paginated search
[OF-661] - MUC Topic/Subject change not propagated to other cluster nodes
[OF-664] - Monitoring archive shows null in room chat logs
[OF-665] - MUC changes/activities do not propagate across cluster nodes
[OF-666] - Pubsub items should be created using cluster time rather than local time
[OF-667] - Monitoring plugin bad SQL for upgrade
[OF-668] - Pubsub items (persistent) may be dropped in certain cases
[OF-671] - XSS in server2server.jsp
[OF-673] - Should include a 'to' attribute in initiating s2s streams
Openfire New Features
[OF-651] - Monitoring plugin should have an option to purge and restrict
-------------------------------------------------------------------
Wed Apr 3 17:22:44 UTC 2013 - ecsos@opensuse.org
- update to 3.8.1
Openfire Improvements
[OF-597] - Increase performance of fetch last pubsub item for a node
[OF-614] - Add /usr/lib/jvm/default-java to the collection of default locations to look for a JRE
Openfire Bug Fixes
[OF-102] - Deleting user does not clear out ofUserFlag
[OF-415] - Group disappears from the Group Summary view after editing its details
[OF-596] - Last published item is not loaded when leaf node is loaded into memory.
[OF-610] - Restore shared group support for read-only GroupProviders (LDAP)
[OF-612] - Upgrade bundled JRE to last version...
[OF-613] - RPM build failure with
[OF-615] - Improve Robustness of loading MUC service at startup
[OF-616] - Can't see newly created groups in Admin Console after the upgrade to 3.8.0
[OF-617] - Fastpath plugin fails to build
[OF-618] - Error in Admin console, MUC
[OF-619] - GoJara plugin library has Java-6 code
[OF-620] - JustMarried plugin library has Java-6 code
[OF-621] - JustMarried plugin throws NullPointerException
[OF-623] - PubsubPersistenceManager does not load nodes properly if the hierarchy has more than two levels.
[OF-624] - Illegal JID when configuring a created MUC room
[OF-627] - Update rpm bundled JRE 1.6u41
-------------------------------------------------------------------
Sun Feb 24 12:24:31 UTC 2013 - ecsos@opensuse.org
- update to 3.8.0
Openfire New Features
[OF-204] - Add clustering support to Personal Eventing via Pubsub
[OF-205] - Add clustering support to pub-sub
[OF-240] - Show last history messages in room with a specified age
[OF-483] - JDBCUserProvider hardcodes searchSQL
[OF-543] - Support OpenJDK for Debian build
Openfire Improvements
[OF-197] - Make openfire's plugin unloading -> loading more robust
[OF-278] - Do not load all the system user to memory for shared groups
[OF-342] - Add CORS headers to HTTP-Binding/BOSH
[OF-448] - Add support for Ant 1.8
[OF-481] - Upgrade Jetty from 7.0.1 to 7.5.4
[OF-497] - Properly determine size of Collections to be cached
[OF-506] - Phase out JettyLog
[OF-507] - Improve logging of failed roster updates
[OF-517] - Openfire should ignore Othername formats it doesn't understand
[OF-524] - When closing a session as a result of a problem, send a <stream:error> stanza.
[OF-529] - Allow users to get their own presence via presence plugin
[OF-535] - Fixed Lithuanian translation for the Search plugin
[OF-537] - Update Russian translation
[OF-561] - Update Webchat for Jetty 7
[OF-566] - Add RPM noarch build capability
[OF-575] - Fix the installation guide (Custom Parameters)
[OF-579] - Allow configuration of hazelcast plugin from outside the plugin jar
[OF-581] - Improve startup script for RedHat
[OF-582] - Improve locking on user's properties
[OF-602] - Hazelcast clustering plugin improvements
[OF-607] - When serializing JID instances in a cluster, do not use the (expensive) JID constructor
Openfire Bug Fixes
[OF-39] - The storage of items in memory in a persistent LeafNode is a memory leak
[OF-191] - store offline messages with empty body for pubsub
[OF-270] - Duplicate entry 'user xxx' for key 1 -- Exposed during load testing.
[OF-271] - fix "duplicate key violates unique constraint "ofpresence_pk""
[OF-419] - FastPath Web Authentication Bug
[OF-439] - Memory leak in PEP service
[OF-443] - S2S doesn't work (dialback broken)
[OF-480] - Logs directory is not created in the correct location on some systems
[OF-498] - "Supplied key (null) is not a RSAPrivateKey instance" error in the Server Settings / Server Certificates screen
[OF-510] - Buildfile fails if ran using Java 1.7
[OF-514] - BOSH terminate stanza needs terminate attribute
[OF-516] - user-roster-add.jsp has wrong name for groups textfield
[OF-518] - Admin Console saving 'CHOOSE' for a STUN address, which causes annoying traceback
[OF-522] - Upgrade bundled JRE to 1.6u30
[OF-525] - Creating chatroom on console yields "room_already_exists" error when it does not
[OF-526] - Deleting room and specifying invalid alternate room JID causes trouble
[OF-527] - muc-create-permission.jsp displays an immediate error without adding users
[OF-533] - TLS filter applied to non-SSL connections does not use configurable algorithm
[OF-539] - HybridUserProvider does not load tertiaryClass due to typo
[OF-540] - Prevent NPE in LdapVcardProvider.java
[OF-542] - Fix Deprecated use in Log.java
[OF-558] - Improve BOSH robustness when connections drop for unknown reasons
[OF-564] - User import/export plugin concatenates group names in export
[OF-567] - zlib inflate synchronization issue
[OF-572] - The node configuration form does not contain the parent, children or type on a configured node.
[OF-573] - Thread synchronization issues with HttpSession/BOSH
[OF-584] - Fix DNS SRV support
[OF-586] - Deliver event notifications to all subscribed JIDs
[OF-588] - PEPService fails to be added to a clustered Cache
[OF-589] - improve JAVA_HOME detection in openfire.sh
[OF-590] - Console error in session view when a cluster member goes offline
[OF-591] - NullPointer exception thrown when deleting rooms via the Webinterface
[OF-598] - database.defaultProvider.testAfterUse/testBeforeUse should default to false
[OF-600] - Let a client to ask for the history messages of a specific date (XEP-0045)
[OF-601] - NPE with Privacy Lists while in cluster mode
[OF-605] - PEPHandler tries to cache presence for the entire world
[OF-606] - MUC room destroy can fail when no alternate JID is supplied
[OF-608] - ClassCastException: org.jivesoftware.openfire.component.InternalComponentManager$RoutableComponents cannot be cast to org.jivesoftware.openfire.session.OutgoingServerSession
Openfire Completed Tasks
[OF-352] - Change license to Apache
[OF-467] - Update build.xml to check for Java 7
[OF-511] - Upgrade BouncyCastle from 1.45 to 1.46
[OF-534] - Make the STUN implementation a plugin
[OF-98] - Bug in xmlns for grantowner and grantadmin / not in sync with JEP-0045
[OF-495] - A RosterItem could only be in one group
[OF-499] - Update org/jivesoftware/util/log/util/JettyLog to the Jetty 7.6.0/8.0 API
[OF-603] - Transport sends subscribe-Presence that can be denied
-------------------------------------------------------------------
Sun Nov 25 10:06:25 UTC 2012 - ecsos@opensuse.org
- * change so openfire can use openjdk-1.7
* some other patches
-------------------------------------------------------------------
Tue Jan 26 10:24:35 UTC 2010 - nix@opensuse.org
- Dont enable fdupes (on resources/security/) as it breaks the crypto store
See: http://www.igniterealtime.org/issues/browse/OF-30
For now disabled completely..
-------------------------------------------------------------------
Tue Jan 19 10:15:01 UTC 2010 - nix@opensuse.org
- Add openfire-3.6.4-self_signed_certificate.patch from to fix SSL
cert problem: http://www.igniterealtime.org/issues/browse/OF-30
-------------------------------------------------------------------
Fri Oct 23 18:32:29 UTC 2009 - nix@opensuse.org
- Change java dependency to "java-sun >=1.6.0" so that SLES 11 works properly
-------------------------------------------------------------------
Fri Jun 19 15:14:37 CEST 2009 - claes.backstrom@fsfe.org
- New upstrean 3.6.4
Openfire New Features
* Use stronger RSA encryption algorithm for certificates
creation.
Openfire Bug Fixes
* Prevent users from changing other users passwords.
* LdapGroups assumed all members never in AltBaseDN.
* Stacktrace of exception while initializing SSLConfig are
now logged.
* DefaultAdminProvider was not including default admin account
when there were no admins specified.
-------------------------------------------------------------------
Wed Apr 29 16:22:20 CEST 2009 - claes.backstrom@fsfe.org
- New upstream 3.6.3
- Handle sysconfig file correctly
- Created rcopenfire symlink
- Moved to /usr/share for openSUSE 11.1 and later
-------------------------------------------------------------------
Thu Apr 23 15:21:54 CDT 2009 - maw@pobox.com
- Replace openfirect.patch with openfire-sysvinit.patch, which
patches the file necessary to allow openfire to build on
openSUSE 11.1.
-------------------------------------------------------------------
Wed Jan 07 22:18:00 UTC 2008 - Peter Nixon
- Patch init script to add LSB compliant headers (to build on openSUSE 11.1+)
- Add rpm prereq line to silence rpmlint
-------------------------------------------------------------------
Sat Nov 22 04:18:51 CET 2008 - claes.backstrom@fsfe.org
- New upstream 3.6.2
-------------------------------------------------------------------
Wed Aug 27 10:02:00 CEST 2008 - claes.backstrom@fsfe.org
- New upstream release 3.6.0
-------------------------------------------------------------------
Wed Jul 9 08:28:34 CEST 2008 - claes.backstrom@fsfe.org
- New upstream release 3.5.2
-------------------------------------------------------------------
Thu Feb 14 16:49:13 CET 2008 - claes.backstrom@fsfe.org
- New Upstream Release 3.4.5
Openfire New Features
* Improved connection pool recovery logic by switching to proxool.
* Now possible to allow the same component to connect many times to the same JVM.
Openfire Bug Fixes
* Fixed small memory leak in Multi User Chat.
* LDAP settings (particularly search filters) will no longer get corrupted upon saving.
* SSL settings pages now handle broken keystores without crashing.
* Added JID to room search results.
* Setting VM options from config file in Debian now works.
* RPM is no longer throwing warnings about ci and jivedev users.
* Debian postinstall is now checking to make sure openfire group exists.
-------------------------------------------------------------------
Sun Jan 20 14:32:07 CET 2008 - claes.backstrom@fsfe.org
- New Upstream Release 3.4.4
* Jetty upgraded to fix announced security issue (http://www.kb.cert.org/vuls/id/553235)
* LDAP vCard database storage fixed to work properly with Active Directory and others. !!NOTE!! API Changes for providers were required. See important notes below. (1 vote)
* Can now delete an avatar when using LDAP.
* Current LDAP settings now being kept when editing config from admin interface.
* Openfire install directories, log directories, etc are no longer world readable. (1 vote)
* RPM uninstall no longer fails if Openfire not currently running.
-------------------------------------------------------------------
Wed Jan 09 13:50:15 CET 2008 - claes.backstrom@fsfe.org
- Initial package
