Openfire 4.6.0 Release
sha1sum's
3747eb30a9c301cb4e169ea58682bffaec928d45 openfire-4.6.0-1.i686.rpm
446dd40b68e89311f4e7de62af4cb1dfe44cff2d openfire-4.6.0-1.noarch.rpm
74023de1be0211bbc6879173bc9a5875605cd375 openfire-4.6.0-1.x86_64.rpm
0db33511ff833dc904ea7845d6eb3294cf418782 openfire_4.6.0_all.deb
fe7684d7ddf12896d138af64adb2d79f62874c29 openfire_4_6_0_bundledJRE.exe
cb490c5762c2f2f4ccd70a5a09b5faab59dc5e99 openfire_4_6_0_bundledJRE_x64.exe
fb915d112f522860fdd419c8bc0371f7a4a2105a openfire_4_6_0.dmg
a5fada882ace449df9056205618e86312a08ec6e openfire_4_6_0.exe
43a5b890e52b4baa7e8096410a7b398c89ad4d33 openfire_4_6_0.tar.gz
d11cfed06901fef69fcac1c3c4e28f60256baf62 openfire_4_6_0_x64.exe
86e150c2cb9b74c63b3907e3c036cc046c78c5ba openfire_4_6_0.zip
436f9833fe8d7185c800daf3d35c2d5d11d1f6ea openfire_src_4_6_0.tar.gz
a3a274b2f12d4cf9f15cb981e6c2b18c78ca07c6 openfire_src_4_6_0.zip
Changelog
Bug
- [OF-872] - Openfire violates RFC 6120 § 10.3.
- [OF-1696] - Personal Eventing menu shows exception on a first try
- [OF-1789] - HTTP-Bind failure
- [OF-1836] - Properly handle s2s timeouts
- [OF-1888] - Faulty assumption in RoutingTableImpl leads to NPE
- [OF-1975] - Do not trigger offlinemessagelisteners when no message is stored
- [OF-1992] - IQPEPHandler does not consistently identify "addressed to server" stanzas
- [OF-1993] - Prepared Statement should always close on method exit
- [OF-1995] - It should be possible to query anonymous users for service discovery
- [OF-1998] - HTTP Bind session listeners are never invoked
- [OF-2012] - Should not add client route when client becomes unavailable.
- [OF-2016] - Do not depend on existing PEP service when creating PEP service
- [OF-2038] - Shared groups should not be looked up in LDAP
- [OF-2042] - MUC does not adhere to XEP-0045 Order of Events
- [OF-2046] - Comments in sidebar-admin.xml
- [OF-2049] - Ensure room isn't deleted before leave presences are sent
- [OF-2050] - Stream management concurrency
- [OF-2054] - Dataforms of type result should include form field types
- [OF-2057] - All resources PEP service owner should receive notification
- [OF-2058] - LDAP group with non-existing user not loaded
- [OF-2060] - Cluster nodes leaving break component routing
- [OF-2080] - NPE when retrieving empty pubsub node
- [OF-2084] - PubSubModule incorrectly disregards empty strings as parent IDs
- [OF-2085] - Pubsub: Do not require items to persist cache content
- [OF-2086] - Persist cached pubsub data prior to shutdown
- [OF-2092] - PEP service memory leak
- [OF-2093] - JDK11: java.lang.NoSuchMethodError: java.nio.CharBuffer.flip()
- [OF-2100] - Admin Console error when editing group with non-local members
- [OF-2102] - Incorrect Pubsub Service shutdown logic
- [OF-2105] - PEPService removal should occur when not loaded in memory.
- [OF-2106] - Incorrect usage of UserManager.isRegisteredUser()
- [OF-2107] - Server message broadcast doesn't do as advertised
New Feature
- [OF-1968] - Avatar support for MUC rooms.
- [OF-1978] - MUC: add configuration that allows join presence to be suppressed
- [OF-1989] - Introduce in-memory only pubsub persistence provider
- [OF-2030] - Add support for XEP-0289: Federated MUC for Constrained Environments
- [OF-2033] - Add automatic cleaning of outdated offline messages
- [OF-2108] - Expose use privacy lists on admin console
Task
- [OF-1880] - Provide DOAP for Openfire
- [OF-2031] - CVE-2020-10683 Update dom4j to 2.1.3 or later
- [OF-2088] - Update MySQL Connector/J to version 8.0.21
Improvement
- [OF-1837] - JDBC providers should have an option to escape data
- [OF-1869] - Announce PEP feature support for 'auto-subscribe' and 'filtered notifications'
- [OF-1981] - Allow roster item 'ask' to be modified.
- [OF-1982] - Add -Djdk.tls.ephemeralDHKeySize=matched and/or Djsse.SSLEngine.acceptLargeFragments=true to startup parameters
- [OF-1983] - Provide start argument to run dev mode
- [OF-1984] - Replace DummyExternalizableUtil
- [OF-1985] - Decouple Pubsub implementation
- [OF-1986] - Don't unconditionally auto-create PEPService.
- [OF-1987] - Improve PubSub Caching
- [OF-1988] - Introduce pluggable provider mechanism for PubSub persistency
- [OF-1990] - pubsub: split cache from persistence
- [OF-1994] - Properly deny anonymous users access to Private Storage
- [OF-1996] - Improve shutdown sequence
- [OF-2000] - Don't use intern'ed strings to synchronize on
- [OF-2001] - IQ Bind results should not have a 'from' value.
- [OF-2002] - Do not offer private blocking to anonymous users.
- [OF-2003] - Bump slf4j to version 1.7.30
- [OF-2004] - Have an ad-hoc command accessible to everyone
- [OF-2008] - Autosetup should allow for users to be provisioned
- [OF-2024] - Fix favicons
- [OF-2025] - PEP publishing should evaluate all recipient JIDs
- [OF-2032] - Make connection type fallback for WEBADMIN c2s
- [OF-2039] - Support on_sub_and_presence
- [OF-2047] - When setting HTTP response headers, set instead of add them.
- [OF-2048] - Update log4j dependency
- [OF-2053] - XEP-0013 Return an <item-not-found/> error while retrieving specific offline message
- [OF-2056] - DefaultPubSubPersistenceProvider#savePublishedItems is leaking database connections
- [OF-2061] - Default value for pubsub#persist_items (in PEP) should be 'true'
- [OF-2062] - Pubsub item payload should allow for (much) larger size
- [OF-2064] - Invoke IQResultListeners on other cluster nodes for domain-addressed stanzas
- [OF-2071] - 'Lock' should be locked in front of a 'try' block (instead of in to block).
- [OF-2072] - Allow empty 'mechanisms' SASL tag to be excluded
- [OF-2087] - Update Jetty to 9.4.31.v20200723
- [OF-2089] - XEP-0045 7.2.13 - ofrom adresses in message stanza
- [OF-2091] - Decorate 'warning' text
- [OF-2094] - Mitigate XXE attacks
- [OF-2095] - Account for a PEP notification recipient to be the service owner
- [OF-2096] - Prevent bypassing PEP notification logic
- [OF-2097] - Allow CAPS to be reviewed in admin console
- [OF-2098] - Show pubsub node configuration on Admin Console
- [OF-2110] - Refactoring of fallback check inConnectionType