Skip to content

Openfire 4.8.0 Beta Release
Compare
Choose a tag to compare
@akrherz akrherz released this 17 Nov 15:10
· 359 commits to main since this release
v4.8.0beta
01625be
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Improvement

  • [OF-1378] - Rename "Legacy SSL" into "Direct TLS"
  • [OF-1861] - Support for TLS 1.2 / 1.3
  • [OF-2116] - Using range retrieval for LDAP groups
  • [OF-2372] - Add support for proxied connections to Admin Console
  • [OF-2377] - Reduce potential thread contention in XMLProperties
  • [OF-2380] - Reduce thread contention in In-Memory pubsub persistence provider
  • [OF-2385] - Shouldn't attempt to load shared groups when feature is unsupported.
  • [OF-2403] - Improve Admin Console's memory usage reporting
  • [OF-2408] - Address static analysis warnings in Crowd package
  • [OF-2409] - Remove obsolete 'type' and 'language' attributes on HTML elements. Use HTML5.
  • [OF-2413] - Include a stream error when closing a stream due to a problem.
  • [OF-2440] - Increase default cache sizes
  • [OF-2449] - Return error when a BOSH pause is requested that is higher than the maximum allowable pause.
  • [OF-2455] - Explicitly promote websockets in admin console
  • [OF-2494] - Upgrade HSQLDB to a more recent version.
  • [OF-2513] - Do not require authzid on SASL EXTERNAL for S2S
  • [OF-2514] - Differentiate between missing and empty initial SASL response
  • [OF-2521] - S2S: Allow 'client auth' \(required for SASL EXTERNAL\) by default
  • [OF-2523] - Use less predictable resource value
  • [OF-2540] - Update SLF4j to 2.x
  • [OF-2542] - Drop Java 8 support
  • [OF-2547] - Update Mockito to 3.4.0 or later
  • [OF-2556] - Support additional namespaces when parsing streams
  • [OF-2557] - Show TLS config on each session/connection
  • [OF-2560] - Improve Admin Console load time when RSS can't be reached
  • [OF-2563] - Replace Session status constants with enums
  • [OF-2564] - ServerSession's state should be set to 'authenticated' after authentication
  • [OF-2565] - Openfire should close stream if client is sending a stanza in violation of RFC 6120, section 7.1
  • [OF-2566] - Enable Websocket Stream Management resumption
  • [OF-2581] - Invite people to improve translations in admin console
  • [OF-2594] - When locating Openfire Home, consider 'tmp' file
  • [OF-2608] - Do not wait for timeout when Dialback connection is closed
  • [OF-2611] - Improve automated tests for S2S functionality
  • [OF-2612] - Upgrade JUnit from 4 to 5
  • [OF-2613] - Upgrade unit test database to version 34
  • [OF-2615] - Use ConnectionManager interface where possible
  • [OF-2616] - Bump Guava to latest release
  • [OF-2623] - Migrate LoginLimitManager's properties to SystemProperties
  • [OF-2624] - When providing Forms, use client's language
  • [OF-2633] - When S2S TLS is required, announce that
  • [OF-2638] - Update Installation guide to suggest it is not okay to open-admin-console-to-internet
  • [OF-2639] - Server-to-Server SASL EXTERNAL should not require authz
  • [OF-2642] - Remove \(unused?\) PEP restriction for XEP-0084
  • [OF-2644] - Do not use getters in Session#toString
  • [OF-2650] - Failed S2S due to peer's certificate being invalid should be less verbose
  • [OF-2653] - hostname validation should not try to resolve host
  • [OF-2654] - Implement toString\(\) in various Netty classes
  • [OF-2663] - Don't overly verbose log receiving IQ responses addressed to the server
  • [OF-2669] - Update postgresql driver to 42.6.0
  • [OF-2670] - Netty debug should log remote address when available
  • [OF-2671] - S2S tester can stop waiting after a bounce
  • [OF-2673] - Prevent double-closure of outbound s2s session
  • [OF-2678] - Prefer XML data type usage over String manipulation
  • [OF-2693] - Make XML declaration \(and newline\) configurable
  • [OF-2697] - Set up multiple S2S connections concurrently
  • [OF-2699] - PacketRejection should allow for PacketError to be defined
  • [OF-2703] - Websocket 'open' should be a collapsed element
  • [OF-2706] - Restructure session details page
  • [OF-2707] - When closing session on admin console, kill its stream management
  • [OF-2708] - Ensure that Groups operate on bare JIDs
  • [OF-2713] - Update Bouncy Castle to 1.76
  • [OF-2714] - Switch to Java 1.8\+ variant of Bouncy Castle
  • [OF-2724] - Resolve \(non-breaking\) errors while compiling plugin JSP pages against Openfire 4.8
  • [OF-2731] - Update support for XEP-0280: Message Carbons
  • [OF-2732] - Update bundled search plugin to 1.7.4

Story

  • [OF-2527] - Include milliseconds in default log4j configuration
  • [OF-2573] - Add Name to Client Version column in Session Summary

New Feature

  • [OF-1574] - Add support for XEP-0352: Client State Indication
  • [OF-2474] - Allow IP-based access control to the admin console
  • [OF-2475] - Allow data to be persisted for future users.
  • [OF-2476] - Add trunking/gateway support to Openfire
  • [OF-2572] - Detect thread obtaining more than one database connection
  • [OF-2579] - Add Ukrainian translation
  • [OF-2646] - Allow property persistence to be skipped \(for tests\)
  • [OF-2658] - Dynamically modify Netty pipeline
  • [OF-2676] - Add support for XEP-0478: Stream Limits Advertisement

Task

  • [OF-1382] - Admin Console reuses \`username\` and \`password\` form fields, which fools browser auto-fill
  • [OF-2395] - Remove code that was deprecated prior to 4.7.0
  • [OF-2406] - Phase out calendarjs
  • [OF-2407] - Phase out /js/tooltip/\*
  • [OF-2418] - Phase out Scriptaculous
  • [OF-2419] - Remove unused pngfix.js library
  • [OF-2420] - Phase out lightbox.js
  • [OF-2510] - Create documentation for using Openfire with clustered databases
  • [OF-2559] - Replace Apache MINA with Netty
  • [OF-2610] - Update shipped CA truststore
  • [OF-2647] - Remove 4.8 deprecation
  • [OF-2687] - Update Jetty to 10.0.18
  • [OF-2688] - Update Netty to 4.1.100
  • [OF-2691] - Update org.json:json to 20231013
  • [OF-2725] - Update dependency-check to 8.4.2
  • [OF-2726] - Update dom4j to 2.1.4
  • [OF-2727] - Update mysql-connector from 8.0.32 to 8.2.0
  • [OF-2728] - Remove Rome
  • [OF-2733] - Sync Openfire's truststore with Mozilla's shipped CAs

Sub-task

  • [OF-2596] - Improve detection of path traversal
  • [OF-2597] - Add config option for using wildcards in AuthCheckFilter
  • [OF-2598] - Remove wildcard usage in AuthCheckFilter
  • [OF-2599] - Avoid having setup-specific auth-excludes after install
  • [OF-2600] - Upgrade Jetty
  • [OF-2604] - Bind admin console to loopback interface by default
  • [OF-2609] - Broken Tests - Expect NO\_CONN, Get PLAIN\_DIALB

Bug

  • [OF-880] - Server MUST return for IQ requests to unknown user. \(RFC 6120 10.5.3.1.\)
  • [OF-945] - Openfire returns Stanza error instead of Stream error when client tries to send stanzas over unauthenticated connections
  • [OF-1183] - Roster request denial is not pushed back to requester
  • [OF-1224] - No roster push after unsubscribe \(probably only if presence subscription is not 'both"\)
  • [OF-1389] - PubSub Admin Console - Unable to click Node ID
  • [OF-1394] - PubSub Admin Console - Re-enabling service doesn't reload nodes
  • [OF-1399] - PubSub Admin Console - 'Max number of items to persist' appears configurable when it's not
  • [OF-1405] - S2S Connection Test - No validation on 'XMPP domain' field
  • [OF-1406] - S2S Connection Test - Able to edit results fields
  • [OF-1407] - S2S Connection Test - No indication on the page that anything is happening during search
  • [OF-1785] - In-band registration fails with websockets
  • [OF-1831] - TLS fails with "input record too big" exceptions
  • [OF-1913] - Various S2S interop issues
  • [OF-2242] - No possible to filter by Client Version on Sessions page
  • [OF-2378] - \(deprecated\) XMLProperties.getName\(\) throws ClassCastException
  • [OF-2382] - When searching for shared groups by user, all groups are returned
  • [OF-2383] - Group methods are only validated on the frontend, or not at all
  • [OF-2391] - NPE during/directly after setup
  • [OF-2399] - Migrated System Properties report that restart is needed
  • [OF-2404] - Inbound presence 'subscribe' for preexisting contact MUST be auto-responded
  • [OF-2411] - Openfire fails to start because of a deadlock in XmlProperties' readWriteLock
  • [OF-2426] - Group cache can contain ghost entries
  • [OF-2429] - Fix count in database reconnect attempts
  • [OF-2435] - TLSv1.3 suffers from timing issue
  • [OF-2443] - SASL PLAIN should use authorization mapping
  • [OF-2551] - Server-to-Server TLS policy changes cause breakage
  • [OF-2555] - Openfire allows S2S TLS to continue when certificate fails to validate
  • [OF-2567] - S2S with Direct TLS seems to be unstable
  • [OF-2568] - Stream Management roll-over detection
  • [OF-2580] - Make Portuguese locale selectable after setup
  • [OF-2590] - S2S Outbound must validate remote identity against certificate
  • [OF-2592] - Autosetup should not force the default database connection provider when using default auth provider
  • [OF-2595] - CVE-2023-32315 Admin Console Auth Bypass
  • [OF-2606] - Database errors keep getting logged when providing faulty db connection URL in setup
  • [OF-2614] - openfire-plugin-assembly is inflexible on project structure
  • [OF-2620] - Plugin-provided pages for the Admin Console should use Openfire assets for standard components
  • [OF-2621] - Incorrect link on MUC Service admin console page
  • [OF-2622] - Do not accept Dialback when disabled
  • [OF-2626] - Dialback status race condition
  • [OF-2627] - Deleting a group with a '\+' character in its name fails
  • [OF-2630] - SystemProperties are not encrypted on Admin Console
  • [OF-2641] - Cannot establish S2S with conference subdomain
  • [OF-2648] - S2S stanza parsing of errors fails
  • [OF-2649] - CSI parsing error
  • [OF-2652] - To many exceptions when remote server sends to much data
  • [OF-2655] - Closing S2S session fails to close outbound
  • [OF-2656] - TLS information missing for outbound S2S connections
  • [OF-2657] - Stream parsing failure
  • [OF-2659] - Remote \(ejabberd\) servers close stream with 'duplicate attribute' stream error
  • [OF-2660] - Outbound DirectTLS S2S connections seem to stall
  • [OF-2661] - Peer closing stream leads to timeout
  • [OF-2662] - S2S prefix issue
  • [OF-2664] - S2S failure with isode.com
  • [OF-2665] - Cache state inconsistencies after Netty upgrade
  • [OF-2668] - Cannot compile plugin with web assets against Openfire 4.8 following Jetty upgrade
  • [OF-2672] - Netty Debug log incorrectly suggests class cast issue
  • [OF-2674] - Closing a Netty channel must close the underlying connection
  • [OF-2675] - HTTP ERROR 400 Invalid SNI on admin console after jetty upgrade for Openfire 4.8
  • [OF-2677] - Failure to process all UTF-8 characters
  • [OF-2680] - NullPointer in idle handler
  • [OF-2681] - Failure to define Dialback XML prefix
  • [OF-2682] - ConcurrentModificationException in Netty S2S
  • [OF-2689] - DirectTLS client-to-server \(5223\) broken
  • [OF-2690] - Incorrect namespace definitions on server dialback elements
  • [OF-2692] - NullPointerException in S2S when ID attribute is missing
  • [OF-2696] - Cannot resolve CAPS for MUC occupants
  • [OF-2698] - Netty idle state detects mixes 'read' and 'write' idle events
  • [OF-2705] - Route stanzas addressed to full JIDs of connected resource
  • [OF-2711] - CSI delays don't then deliver stanzas
  • [OF-2712] - Session accounting differs on alternate sides of the S2S conversation
  • [OF-2715] - Websocket 'close' frame whould be sent when closing a connection
  • [OF-2730] - Stop S2S under strict verification mode, when TLS fails.
  • [OF-2734] - JspPropertyNotFoundException on Pubsub node detail page
  • [OF-2735] - Certificate Details doesn't show store name
  • [OF-2738] - Server-to-Server SNI issue / connecting to a host that serves multiple domains

sha256sum values

7daea05d2242050bfe76d8f129d7d4b33bc901f6ee62a0bfdaf2ea84da775d50  openfire-4.8.0-0.2.beta.noarch.rpm
c2be2485021268bf1f069158199e8ab683007aa7ed5661ffa8bbaf70969a9358  openfire_4.8.0.beta_all.deb
19fef3dfd18d804d583d1aba80caae7a788457d809760facdb3ec0cbd132c234  openfire_4_8_0_beta.dmg
ead9abd03eba77d9795cd11a4f6d6c32c46bacc9ee44a1b5448a2ce86ec542ef  openfire_4_8_0_beta.exe
6443380ac63fe4fa4aea28f871fa6baa778e50996d401bc39aa06f57aec3bbb4  openfire_4_8_0_beta.tar.gz
9ce6a3c8132d71c2c3c0b81922550a403db94c38b9aedfe13a3923bc3f7f9db6  openfire_4_8_0_beta_x64.exe
20e43132dc9d7e9df9be78b4bf0a8f8e9e4efeb8d3d66943302382bfd2cd4553  openfire_4_8_0_beta.zip
Assets 9
Loading