Openfire Versions Save

An XMPP server licensed under the Open Source Apache License.

v4.8.1

2 months ago

Improvement

[OF-2651] - Give explict names to Netty's threads
[OF-2788] - Have distinct thread pools for each type of connection
[OF-2791] - Announce support for PubSub delete-item
[OF-2798] - Admin Console should warn end-user if plugin installation failed
[OF-2800] - Guard against a surplus of database connection errors being logged
[OF-2802] - Upgrade postgresql database driver for CVE-2024-1597

New Feature

[OF-284] - Add service administration support

Bug

[OF-2166] - When deleting a user, remove it from transient MUC rooms
[OF-2310] - Cache data inconsistency: MUC
[OF-2758] - Deleting an admin user does not remove the name from \`admin.authorizedJIDs\`
[OF-2768] - Do not use default value for user's creation / last modified date
[OF-2774] - 4.8.0 not counting "whitespace ping" as session activity
[OF-2775] - RSS News Feed appears empty
[OF-2777] - Misbehaving Shared-With-Group option for Contact List sharing
[OF-2778] - Duplicate \(group\)chat messages are received
[OF-2781] - SerializableCache appears to be unusable \(ClassCastException on creation\)
[OF-2782] - SerializableCache instances do not get recreated on cluster switch
[OF-2792] - Cache-summary page shows wrong stats when using Clustering
[OF-2795] - Delete MUC-based authorization when deleting user
[OF-2799] - OccupantManager doesn't remove all items when clustering
[OF-2805] - Session details shows 'resource' column, but does not show resources
[OF-2806] - Routing Servers cache inconsistency doesn't list the missing items
[OF-2807] - Contact List \(Roster\) Sharing changes are not immediately applied
[OF-2808] - Stream Management Resume fails
[OF-2809] - Disabling client idle time breaks websockets
[OF-2810] - Resumed stream is no longer resumable

sha256sum values

2ff28c5d7ff97305b2d6572e60b02f3708e86750d959459d7c5d6e17d4f9f932  openfire-4.8.1-1.noarch.rpm
f622719e4dbd43aadc9434ba4ebc0d8c65ec30dd25a7d2e99c7de33006a24f56  openfire_4.8.1_all.deb
3507b5d64c961daf526a52a73baaac7c84af12eb0115b961c2f95039255aec57  openfire_4_8_1.dmg
141f6eaf374dfb7c4cca345e1b598fed5ce3af9c70062a8cc0d9571e15c29c7d  openfire_4_8_1.exe
c6f0cf25a2d10acd6c02239ad59ab5954da5a4b541bc19949bd381fefb856da1  openfire_4_8_1.tar.gz
bec5b03ed56146fec2f84593c7e7b269ee5c32b3a0d5f9e175bd41f28a853abe  openfire_4_8_1_x64.exe
7403113b701aaf8a37dcd2d7e22fbb133161d322ad74505c95e54eaf6533f183  openfire_4_8_1.zip

v4.8.0

3 months ago

Improvement

[OF-1378] - Rename "Legacy SSL" into "Direct TLS"
[OF-1861] - Support for TLS 1.2 / 1.3
[OF-2116] - Using range retrieval for LDAP groups
[OF-2372] - Add support for proxied connections to Admin Console
[OF-2377] - Reduce potential thread contention in XMLProperties
[OF-2380] - Reduce thread contention in In-Memory pubsub persistence provider
[OF-2385] - Shouldn't attempt to load shared groups when feature is unsupported.
[OF-2403] - Improve Admin Console's memory usage reporting
[OF-2408] - Address static analysis warnings in Crowd package
[OF-2409] - Remove obsolete 'type' and 'language' attributes on HTML elements. Use HTML5.
[OF-2413] - Include a stream error when closing a stream due to a problem.
[OF-2440] - Increase default cache sizes
[OF-2449] - Return error when a BOSH pause is requested that is higher than the maximum allowable pause.
[OF-2455] - Explicitly promote websockets in admin console
[OF-2494] - Upgrade HSQLDB to a more recent version.
[OF-2513] - Do not require authzid on SASL EXTERNAL for S2S
[OF-2514] - Differentiate between missing and empty initial SASL response
[OF-2521] - S2S: Allow 'client auth' (required for SASL EXTERNAL) by default
[OF-2523] - Use less predictable resource value
[OF-2540] - Update SLF4j to 2.x
[OF-2542] - Drop Java 8 support
[OF-2547] - Update Mockito to 3.4.0 or later
[OF-2556] - Support additional namespaces when parsing streams
[OF-2557] - Show TLS config on each session/connection
[OF-2560] - Improve Admin Console load time when RSS can't be reached
[OF-2563] - Replace Session status constants with enums
[OF-2564] - ServerSession's state should be set to 'authenticated' after authentication
[OF-2565] - Openfire should close stream if client is sending a stanza in violation of RFC 6120, section 7.1
[OF-2566] - Enable Websocket Stream Management resumption
[OF-2581] - Invite people to improve translations in admin console
[OF-2594] - When locating Openfire Home, consider 'tmp' file
[OF-2608] - Do not wait for timeout when Dialback connection is closed
[OF-2611] - Improve automated tests for S2S functionality
[OF-2612] - Upgrade JUnit from 4 to 5
[OF-2613] - Upgrade unit test database to version 34
[OF-2615] - Use ConnectionManager interface where possible
[OF-2616] - Bump Guava to latest release
[OF-2623] - Migrate LoginLimitManager's properties to SystemProperties
[OF-2624] - When providing Forms, use client's language
[OF-2633] - When S2S TLS is required, announce that
[OF-2638] - Update Installation guide to suggest it is not okay to open-admin-console-to-internet
[OF-2639] - Server-to-Server SASL EXTERNAL should not require authz
[OF-2642] - Remove (unused?) PEP restriction for XEP-0084
[OF-2644] - Do not use getters in Session#toString
[OF-2650] - Failed S2S due to peer's certificate being invalid should be less verbose
[OF-2653] - hostname validation should not try to resolve host
[OF-2654] - Implement toString() in various Netty classes
[OF-2663] - Don't overly verbose log receiving IQ responses addressed to the server
[OF-2669] - Update postgresql driver to 42.6.0
[OF-2670] - Netty debug should log remote address when available
[OF-2671] - S2S tester can stop waiting after a bounce
[OF-2673] - Prevent double-closure of outbound s2s session
[OF-2678] - Prefer XML data type usage over String manipulation
[OF-2693] - Make XML declaration (and newline) configurable
[OF-2697] - Set up multiple S2S connections concurrently
[OF-2699] - PacketRejection should allow for PacketError to be defined
[OF-2703] - Websocket 'open' should be a collapsed element
[OF-2706] - Restructure session details page
[OF-2707] - When closing session on admin console, kill its stream management
[OF-2708] - Ensure that Groups operate on bare JIDs
[OF-2713] - Update Bouncy Castle to 1.76
[OF-2714] - Switch to Java 1.8+ variant of Bouncy Castle
[OF-2724] - Resolve (non-breaking) errors while compiling plugin JSP pages against Openfire 4.8
[OF-2731] - Update support for XEP-0280: Message Carbons
[OF-2732] - Update bundled search plugin to 1.7.4
[OF-2746] - Add Content Security Policy (CSP) headers to web endpoints

Story

[OF-2527] - Include milliseconds in default log4j configuration
[OF-2573] - Add Name to Client Version column in Session Summary

New Feature

[OF-1574] - Add support for XEP-0352: Client State Indication
[OF-2474] - Allow IP-based access control to the admin console
[OF-2475] - Allow data to be persisted for future users.
[OF-2476] - Add trunking/gateway support to Openfire
[OF-2572] - Detect thread obtaining more than one database connection
[OF-2579] - Add Ukrainian translation
[OF-2646] - Allow property persistence to be skipped (for tests)
[OF-2658] - Dynamically modify Netty pipeline
[OF-2676] - Add support for XEP-0478: Stream Limits Advertisement
[OF-2753] - Kill detached session when resumption is attempted at different cluster node
[OF-2766] - Apply s2s permissions recursively
[OF-2770] - Add pub/sub debug logging

Task

[OF-1382] - Admin Console reuses `username` and `password` form fields, which fools browser auto-fill
[OF-2395] - Remove code that was deprecated prior to 4.7.0
[OF-2406] - Phase out calendarjs
[OF-2407] - Phase out /js/tooltip/*
[OF-2418] - Phase out Scriptaculous
[OF-2419] - Remove unused pngfix.js library
[OF-2420] - Phase out lightbox.js
[OF-2510] - Create documentation for using Openfire with clustered databases
[OF-2559] - Replace Apache MINA with Netty
[OF-2610] - Update shipped CA truststore
[OF-2647] - Remove 4.8 deprecation
[OF-2687] - Update Jetty to 10.0.18
[OF-2688] - Update Netty to 4.1.100
[OF-2691] - Update org.json:json to 20231013
[OF-2725] - Update dependency-check to 8.4.2
[OF-2726] - Update dom4j to 2.1.4
[OF-2727] - Update mysql-connector from 8.0.32 to 8.2.0
[OF-2728] - Remove Rome
[OF-2733] - Sync Openfire's truststore with Mozilla's shipped CAs
[OF-2767] - Don't have separate database CI workflow

Sub-task

[OF-2596] - Improve detection of path traversal
[OF-2597] - Add config option for using wildcards in AuthCheckFilter
[OF-2598] - Remove wildcard usage in AuthCheckFilter
[OF-2599] - Avoid having setup-specific auth-excludes after install
[OF-2600] - Upgrade Jetty
[OF-2604] - Bind admin console to loopback interface by default
[OF-2609] - Broken Tests - Expect NO_CONN, Get PLAIN_DIALB

Bug

[OF-880] - Server MUST return for IQ requests to unknown user. (RFC 6120 10.5.3.1.)
[OF-945] - Openfire returns Stanza error instead of Stream error when client tries to send stanzas over unauthenticated connections
[OF-1183] - Roster request denial is not pushed back to requester
[OF-1224] - No roster push after unsubscribe (probably only if presence subscription is not 'both")
[OF-1389] - PubSub Admin Console - Unable to click Node ID
[OF-1394] - PubSub Admin Console - Re-enabling service doesn't reload nodes
[OF-1399] - PubSub Admin Console - 'Max number of items to persist' appears configurable when it's not
[OF-1405] - S2S Connection Test - No validation on 'XMPP domain' field
[OF-1406] - S2S Connection Test - Able to edit results fields
[OF-1407] - S2S Connection Test - No indication on the page that anything is happening during search
[OF-1785] - In-band registration fails with websockets
[OF-1831] - TLS fails with "input record too big" exceptions
[OF-1913] - Various S2S interop issues
[OF-2242] - No possible to filter by Client Version on Sessions page
[OF-2378] - (deprecated) XMLProperties.getName() throws ClassCastException
[OF-2382] - When searching for shared groups by user, all groups are returned
[OF-2383] - Group methods are only validated on the frontend, or not at all
[OF-2391] - NPE during/directly after setup
[OF-2399] - Migrated System Properties report that restart is needed
[OF-2404] - Inbound presence 'subscribe' for preexisting contact MUST be auto-responded
[OF-2411] - Openfire fails to start because of a deadlock in XmlProperties' readWriteLock
[OF-2426] - Group cache can contain ghost entries
[OF-2429] - Fix count in database reconnect attempts
[OF-2435] - TLSv1.3 suffers from timing issue
[OF-2443] - SASL PLAIN should use authorization mapping
[OF-2492] - mvnw isn't executable
[OF-2551] - Server-to-Server TLS policy changes cause breakage
[OF-2552] - javax.el.MethodNotFoundException in offline-messages.jsp
[OF-2555] - Openfire allows S2S TLS to continue when certificate fails to validate
[OF-2567] - S2S with Direct TLS seems to be unstable
[OF-2568] - Stream Management roll-over detection
[OF-2580] - Make Portuguese locale selectable after setup
[OF-2590] - S2S Outbound must validate remote identity against certificate
[OF-2592] - Autosetup should not force the default database connection provider when using default auth provider
[OF-2595] - CVE-2023-32315 Admin Console Auth Bypass
[OF-2606] - Database errors keep getting logged when providing faulty db connection URL in setup
[OF-2614] - openfire-plugin-assembly is inflexible on project structure
[OF-2620] - Plugin-provided pages for the Admin Console should use Openfire assets for standard components
[OF-2621] - Incorrect link on MUC Service admin console page
[OF-2622] - Do not accept Dialback when disabled
[OF-2626] - Dialback status race condition
[OF-2627] - Deleting a group with a '+' character in its name fails
[OF-2630] - SystemProperties are not encrypted on Admin Console
[OF-2641] - Cannot establish S2S with conference subdomain
[OF-2648] - S2S stanza parsing of errors fails
[OF-2649] - CSI parsing error
[OF-2652] - To many exceptions when remote server sends to much data
[OF-2655] - Closing S2S session fails to close outbound
[OF-2656] - TLS information missing for outbound S2S connections
[OF-2657] - Stream parsing failure
[OF-2659] - Remote (ejabberd) servers close stream with 'duplicate attribute' stream error
[OF-2660] - Outbound DirectTLS S2S connections seem to stall
[OF-2661] - Peer closing stream leads to timeout
[OF-2662] - S2S prefix issue
[OF-2664] - S2S failure with isode.com
[OF-2665] - Cache state inconsistencies after Netty upgrade
[OF-2668] - Cannot compile plugin with web assets against Openfire 4.8 following Jetty upgrade
[OF-2672] - Netty Debug log incorrectly suggests class cast issue
[OF-2674] - Closing a Netty channel must close the underlying connection
[OF-2675] - HTTP ERROR 400 Invalid SNI on admin console after jetty upgrade for Openfire 4.8
[OF-2677] - Failure to process all UTF-8 characters
[OF-2680] - NullPointer in idle handler
[OF-2681] - Failure to define Dialback XML prefix
[OF-2682] - ConcurrentModificationException in Netty S2S
[OF-2689] - DirectTLS client-to-server (5223) broken
[OF-2690] - Incorrect namespace definitions on server dialback elements
[OF-2692] - NullPointerException in S2S when ID attribute is missing
[OF-2696] - Cannot resolve CAPS for MUC occupants
[OF-2698] - Netty idle state detects mixes 'read' and 'write' idle events
[OF-2700] - X-Forwarded-For header content not in audit log
[OF-2704] - Closing websockets should send `close` element
[OF-2705] - Route stanzas addressed to full JIDs of connected resource
[OF-2711] - CSI delays don't then deliver stanzas
[OF-2712] - Session accounting differs on alternate sides of the S2S conversation
[OF-2715] - Websocket 'close' frame whould be sent when closing a connection
[OF-2716] - Missing Copyright Notices
[OF-2730] - Stop S2S under strict verification mode, when TLS fails.
[OF-2734] - JspPropertyNotFoundException on Pubsub node detail page
[OF-2735] - Certificate Details doesn't show store name
[OF-2738] - Server-to-Server SNI issue / connecting to a host that serves multiple domains
[OF-2740] - Incorrect determination of macOS JAVA_HOME when none is set
[OF-2745] - MUC Occupants get kicked for being idle, after responding to idle check
[OF-2750] - CSI-enabled client does not receive Jingle invitations
[OF-2751] - Disable Stream Management when server closes stream with error
[OF-2752] - Disable Stream Management when server closes stream
[OF-2755] - NullPointerException in S2S when cluster node is switched off
[OF-2756] - setup fails to properly detect JRE 21
[OF-2757] - pub/sub notifications not sent to full JIDs on remote domains
[OF-2761] - NullPointerException when MUC Service processes an IQ result
[OF-2763] - HTTP requests for 'other' plugin files (eg: images) return 403
[OF-2764] - Typo in i18n key 'cliked'
[OF-2765] - Some mvn references aren't using mvnw

sha256sum values for release artifacts

6c24dd3c221219594237cbfd94b237dd51e853665a898c2e2a4f67bc57df415c  openfire-4.8.0-1.noarch.rpm
21609f9245cb3ea59ebaddd92aa2378daefb4c526f2b48f764bc61cba478f446  openfire_4.8.0_all.deb
fa337a050af5db86b3a0c05547b1c505f3dfe01f95264aecb046ad03e6e54007  openfire_4_8_0.dmg
daba71eec8eca9978e22add1198123c045218df95ae02c7d96567870a92a9c75  openfire_4_8_0.exe
e8b9dfb00e47477c9c6fd6cd4c5f3ac775c74ed9ded86c830f3b220a8cd8a15f  openfire_4_8_0.tar.gz
f0469bb13e38264ae69cb55006a88fd0572dd5b3c41fe1021d1c778336242bcb  openfire_4_8_0_x64.exe
4b940c4eefb7fcf3ae080983a671b6c5b7744ee95b12026f04b71e94f896f206  openfire_4_8_0.zip

v4.8.0beta

5 months ago

Improvement

[OF-1378] - Rename "Legacy SSL" into "Direct TLS"
[OF-1861] - Support for TLS 1.2 / 1.3
[OF-2116] - Using range retrieval for LDAP groups
[OF-2372] - Add support for proxied connections to Admin Console
[OF-2377] - Reduce potential thread contention in XMLProperties
[OF-2380] - Reduce thread contention in In-Memory pubsub persistence provider
[OF-2385] - Shouldn't attempt to load shared groups when feature is unsupported.
[OF-2403] - Improve Admin Console's memory usage reporting
[OF-2408] - Address static analysis warnings in Crowd package
[OF-2409] - Remove obsolete 'type' and 'language' attributes on HTML elements. Use HTML5.
[OF-2413] - Include a stream error when closing a stream due to a problem.
[OF-2440] - Increase default cache sizes
[OF-2449] - Return error when a BOSH pause is requested that is higher than the maximum allowable pause.
[OF-2455] - Explicitly promote websockets in admin console
[OF-2494] - Upgrade HSQLDB to a more recent version.
[OF-2513] - Do not require authzid on SASL EXTERNAL for S2S
[OF-2514] - Differentiate between missing and empty initial SASL response
[OF-2521] - S2S: Allow 'client auth' \(required for SASL EXTERNAL\) by default
[OF-2523] - Use less predictable resource value
[OF-2540] - Update SLF4j to 2.x
[OF-2542] - Drop Java 8 support
[OF-2547] - Update Mockito to 3.4.0 or later
[OF-2556] - Support additional namespaces when parsing streams
[OF-2557] - Show TLS config on each session/connection
[OF-2560] - Improve Admin Console load time when RSS can't be reached
[OF-2563] - Replace Session status constants with enums
[OF-2564] - ServerSession's state should be set to 'authenticated' after authentication
[OF-2565] - Openfire should close stream if client is sending a stanza in violation of RFC 6120, section 7.1
[OF-2566] - Enable Websocket Stream Management resumption
[OF-2581] - Invite people to improve translations in admin console
[OF-2594] - When locating Openfire Home, consider 'tmp' file
[OF-2608] - Do not wait for timeout when Dialback connection is closed
[OF-2611] - Improve automated tests for S2S functionality
[OF-2612] - Upgrade JUnit from 4 to 5
[OF-2613] - Upgrade unit test database to version 34
[OF-2615] - Use ConnectionManager interface where possible
[OF-2616] - Bump Guava to latest release
[OF-2623] - Migrate LoginLimitManager's properties to SystemProperties
[OF-2624] - When providing Forms, use client's language
[OF-2633] - When S2S TLS is required, announce that
[OF-2638] - Update Installation guide to suggest it is not okay to open-admin-console-to-internet
[OF-2639] - Server-to-Server SASL EXTERNAL should not require authz
[OF-2642] - Remove \(unused?\) PEP restriction for XEP-0084
[OF-2644] - Do not use getters in Session#toString
[OF-2650] - Failed S2S due to peer's certificate being invalid should be less verbose
[OF-2653] - hostname validation should not try to resolve host
[OF-2654] - Implement toString\(\) in various Netty classes
[OF-2663] - Don't overly verbose log receiving IQ responses addressed to the server
[OF-2669] - Update postgresql driver to 42.6.0
[OF-2670] - Netty debug should log remote address when available
[OF-2671] - S2S tester can stop waiting after a bounce
[OF-2673] - Prevent double-closure of outbound s2s session
[OF-2678] - Prefer XML data type usage over String manipulation
[OF-2693] - Make XML declaration \(and newline\) configurable
[OF-2697] - Set up multiple S2S connections concurrently
[OF-2699] - PacketRejection should allow for PacketError to be defined
[OF-2703] - Websocket 'open' should be a collapsed element
[OF-2706] - Restructure session details page
[OF-2707] - When closing session on admin console, kill its stream management
[OF-2708] - Ensure that Groups operate on bare JIDs
[OF-2713] - Update Bouncy Castle to 1.76
[OF-2714] - Switch to Java 1.8\+ variant of Bouncy Castle
[OF-2724] - Resolve \(non-breaking\) errors while compiling plugin JSP pages against Openfire 4.8
[OF-2731] - Update support for XEP-0280: Message Carbons
[OF-2732] - Update bundled search plugin to 1.7.4

Story

[OF-2527] - Include milliseconds in default log4j configuration
[OF-2573] - Add Name to Client Version column in Session Summary

New Feature

[OF-1574] - Add support for XEP-0352: Client State Indication
[OF-2474] - Allow IP-based access control to the admin console
[OF-2475] - Allow data to be persisted for future users.
[OF-2476] - Add trunking/gateway support to Openfire
[OF-2572] - Detect thread obtaining more than one database connection
[OF-2579] - Add Ukrainian translation
[OF-2646] - Allow property persistence to be skipped \(for tests\)
[OF-2658] - Dynamically modify Netty pipeline
[OF-2676] - Add support for XEP-0478: Stream Limits Advertisement

Task

[OF-1382] - Admin Console reuses \`username\` and \`password\` form fields, which fools browser auto-fill
[OF-2395] - Remove code that was deprecated prior to 4.7.0
[OF-2406] - Phase out calendarjs
[OF-2407] - Phase out /js/tooltip/\*
[OF-2418] - Phase out Scriptaculous
[OF-2419] - Remove unused pngfix.js library
[OF-2420] - Phase out lightbox.js
[OF-2510] - Create documentation for using Openfire with clustered databases
[OF-2559] - Replace Apache MINA with Netty
[OF-2610] - Update shipped CA truststore
[OF-2647] - Remove 4.8 deprecation
[OF-2687] - Update Jetty to 10.0.18
[OF-2688] - Update Netty to 4.1.100
[OF-2691] - Update org.json:json to 20231013
[OF-2725] - Update dependency-check to 8.4.2
[OF-2726] - Update dom4j to 2.1.4
[OF-2727] - Update mysql-connector from 8.0.32 to 8.2.0
[OF-2728] - Remove Rome
[OF-2733] - Sync Openfire's truststore with Mozilla's shipped CAs

Sub-task

[OF-2596] - Improve detection of path traversal
[OF-2597] - Add config option for using wildcards in AuthCheckFilter
[OF-2598] - Remove wildcard usage in AuthCheckFilter
[OF-2599] - Avoid having setup-specific auth-excludes after install
[OF-2600] - Upgrade Jetty
[OF-2604] - Bind admin console to loopback interface by default
[OF-2609] - Broken Tests - Expect NO\_CONN, Get PLAIN\_DIALB

Bug

[OF-880] - Server MUST return for IQ requests to unknown user. \(RFC 6120 10.5.3.1.\)
[OF-945] - Openfire returns Stanza error instead of Stream error when client tries to send stanzas over unauthenticated connections
[OF-1183] - Roster request denial is not pushed back to requester
[OF-1224] - No roster push after unsubscribe \(probably only if presence subscription is not 'both"\)
[OF-1389] - PubSub Admin Console - Unable to click Node ID
[OF-1394] - PubSub Admin Console - Re-enabling service doesn't reload nodes
[OF-1399] - PubSub Admin Console - 'Max number of items to persist' appears configurable when it's not
[OF-1405] - S2S Connection Test - No validation on 'XMPP domain' field
[OF-1406] - S2S Connection Test - Able to edit results fields
[OF-1407] - S2S Connection Test - No indication on the page that anything is happening during search
[OF-1785] - In-band registration fails with websockets
[OF-1831] - TLS fails with "input record too big" exceptions
[OF-1913] - Various S2S interop issues
[OF-2242] - No possible to filter by Client Version on Sessions page
[OF-2378] - \(deprecated\) XMLProperties.getName\(\) throws ClassCastException
[OF-2382] - When searching for shared groups by user, all groups are returned
[OF-2383] - Group methods are only validated on the frontend, or not at all
[OF-2391] - NPE during/directly after setup
[OF-2399] - Migrated System Properties report that restart is needed
[OF-2404] - Inbound presence 'subscribe' for preexisting contact MUST be auto-responded
[OF-2411] - Openfire fails to start because of a deadlock in XmlProperties' readWriteLock
[OF-2426] - Group cache can contain ghost entries
[OF-2429] - Fix count in database reconnect attempts
[OF-2435] - TLSv1.3 suffers from timing issue
[OF-2443] - SASL PLAIN should use authorization mapping
[OF-2551] - Server-to-Server TLS policy changes cause breakage
[OF-2555] - Openfire allows S2S TLS to continue when certificate fails to validate
[OF-2567] - S2S with Direct TLS seems to be unstable
[OF-2568] - Stream Management roll-over detection
[OF-2580] - Make Portuguese locale selectable after setup
[OF-2590] - S2S Outbound must validate remote identity against certificate
[OF-2592] - Autosetup should not force the default database connection provider when using default auth provider
[OF-2595] - CVE-2023-32315 Admin Console Auth Bypass
[OF-2606] - Database errors keep getting logged when providing faulty db connection URL in setup
[OF-2614] - openfire-plugin-assembly is inflexible on project structure
[OF-2620] - Plugin-provided pages for the Admin Console should use Openfire assets for standard components
[OF-2621] - Incorrect link on MUC Service admin console page
[OF-2622] - Do not accept Dialback when disabled
[OF-2626] - Dialback status race condition
[OF-2627] - Deleting a group with a '\+' character in its name fails
[OF-2630] - SystemProperties are not encrypted on Admin Console
[OF-2641] - Cannot establish S2S with conference subdomain
[OF-2648] - S2S stanza parsing of errors fails
[OF-2649] - CSI parsing error
[OF-2652] - To many exceptions when remote server sends to much data
[OF-2655] - Closing S2S session fails to close outbound
[OF-2656] - TLS information missing for outbound S2S connections
[OF-2657] - Stream parsing failure
[OF-2659] - Remote \(ejabberd\) servers close stream with 'duplicate attribute' stream error
[OF-2660] - Outbound DirectTLS S2S connections seem to stall
[OF-2661] - Peer closing stream leads to timeout
[OF-2662] - S2S prefix issue
[OF-2664] - S2S failure with isode.com
[OF-2665] - Cache state inconsistencies after Netty upgrade
[OF-2668] - Cannot compile plugin with web assets against Openfire 4.8 following Jetty upgrade
[OF-2672] - Netty Debug log incorrectly suggests class cast issue
[OF-2674] - Closing a Netty channel must close the underlying connection
[OF-2675] - HTTP ERROR 400 Invalid SNI on admin console after jetty upgrade for Openfire 4.8
[OF-2677] - Failure to process all UTF-8 characters
[OF-2680] - NullPointer in idle handler
[OF-2681] - Failure to define Dialback XML prefix
[OF-2682] - ConcurrentModificationException in Netty S2S
[OF-2689] - DirectTLS client-to-server \(5223\) broken
[OF-2690] - Incorrect namespace definitions on server dialback elements
[OF-2692] - NullPointerException in S2S when ID attribute is missing
[OF-2696] - Cannot resolve CAPS for MUC occupants
[OF-2698] - Netty idle state detects mixes 'read' and 'write' idle events
[OF-2705] - Route stanzas addressed to full JIDs of connected resource
[OF-2711] - CSI delays don't then deliver stanzas
[OF-2712] - Session accounting differs on alternate sides of the S2S conversation
[OF-2715] - Websocket 'close' frame whould be sent when closing a connection
[OF-2730] - Stop S2S under strict verification mode, when TLS fails.
[OF-2734] - JspPropertyNotFoundException on Pubsub node detail page
[OF-2735] - Certificate Details doesn't show store name
[OF-2738] - Server-to-Server SNI issue / connecting to a host that serves multiple domains

sha256sum values

7daea05d2242050bfe76d8f129d7d4b33bc901f6ee62a0bfdaf2ea84da775d50  openfire-4.8.0-0.2.beta.noarch.rpm
c2be2485021268bf1f069158199e8ab683007aa7ed5661ffa8bbaf70969a9358  openfire_4.8.0.beta_all.deb
19fef3dfd18d804d583d1aba80caae7a788457d809760facdb3ec0cbd132c234  openfire_4_8_0_beta.dmg
ead9abd03eba77d9795cd11a4f6d6c32c46bacc9ee44a1b5448a2ce86ec542ef  openfire_4_8_0_beta.exe
6443380ac63fe4fa4aea28f871fa6baa778e50996d401bc39aa06f57aec3bbb4  openfire_4_8_0_beta.tar.gz
9ce6a3c8132d71c2c3c0b81922550a403db94c38b9aedfe13a3923bc3f7f9db6  openfire_4_8_0_beta_x64.exe
20e43132dc9d7e9df9be78b4bf0a8f8e9e4efeb8d3d66943302382bfd2cd4553  openfire_4_8_0_beta.zip

v4.7.5

11 months ago

4.7.5 -- May 23, 2023

Improvement

[OF-2459] - Admin console CSS tweaks
[OF-2461] - Validate JIDs that are sent by remote servers
[OF-2462] - Apply nodeprep on S2S stanza addresses
[OF-2464] - Do not default to Chinese locale
[OF-2539] - Name threads
[OF-2541] - Plugins should have updated SCM references

Task

[OF-2508] - Ensure that MUC Room names are nodeprepped
[OF-2584] - Update dependency-check to 8.1.2
[OF-2585] - Update commons-fileupload to 1.5
[OF-2586] - Update mysql-connector from 8.0.28 to 8.0.32
[OF-2587] - Update twelvemonkeys imageio-core from 3.5 to 3.7.1 or higher
[OF-2588] - Update SQL Server JDBC driver from 7.4.1 to 9.4.1
[OF-2589] - Remove protobuf-java from mysql-connector-j

Story

[OF-2493] - Update postgresql to 42.4.1

Sub-task

[OF-2596] - Improve detection of path traversal
[OF-2597] - Add config option for using wildcards in AuthCheckFilter
[OF-2598] - Remove wildcard usage in AuthCheckFilter
[OF-2599] - Avoid having setup-specific auth-excludes after install

Bug

[OF-2538] - Overzealous deletion of child properties
[OF-2543] - pubsub should always deliver payloads when items are retrieved.
[OF-2561] - Fallback of verifyCertificateValidity for connection listener uses incorrect setting
[OF-2575] - Text formatting error in registration settings
[OF-2578] - Fix failing aioxmpp tests
[OF-2595] - CVE-2023-32315 Admin Console Auth Bypass

sha256sum values

f70faf11b4798fefb26a20f7d60288d275a6d568db78faf79a4194cbae72eab4  openfire-4.7.5-1.noarch.rpm
d1283d417dacb74d67334c06420679aae62d088bd3439c8135ccfc272fd5b95b  openfire_4.7.5_all.deb
60d8efb96a1891cda2deac2cda9808cf6adec259f090d3a7fb2b7ca21484d75b  openfire_4_7_5.exe
98d36c2318706c545345274234e2f5ccbf0f72f7801133effea342e2776b8bb0  openfire_4_7_5.tar.gz
e95348be890aff64a7447295ab18eebb29db4bdc346b802df0c878ebbbf1d18e  openfire_4_7_5_x64.exe
a5bb8c9b944b915bdf7ecf92cd2a689d0cf09e88bfc2df960f38000f6b788194  openfire_4_7_5.zip

v4.6.8

11 months ago

Bug

[OF-2595] - CVE-2023-32315 Admin Console Auth Bypass.
[OF-2596] - OF-2596 Improve detection of path traversal.
[OF-2597] - OF-2597 Add config option for using wildcards in AuthCheckFilter.
[OF-2598] - OF-2598 Remove wildcard usage in AuthCheckFilter.
[OF-2599] - OF-2599 Avoid having setup-specific auth-excludes after install.

sha256sum values

aa1947097895a6d41bc8d1ac29f6ea60507bce69caadc497b4794a2a4110dc20  openfire-4.6.8-1.i686.rpm
346871c71eff8e3b085fecd2f8dce5bfbf387885cfa7aff2076d42bd7273f70b  openfire-4.6.8-1.noarch.rpm
37e4cc510cc2a59de50288c0e3baa53dcc702631433a01873a9270eeb7c789db  openfire-4.6.8-1.x86_64.rpm
e92c5a0b76da5964b2e3fa43686ad63db29ef891ec7266ab16fe3a93b06c9e01  openfire_4.6.8_all.deb
c6e0e40c55a81276881e93469ce88a862226ce33e58c8811e760427b878ebed4  openfire_4_6_8_bundledJRE.exe
1b4c209453fffb6a6310354b425995bb92c1f09944eed35a1fd61a30201355bc  openfire_4_6_8_bundledJRE_x64.exe
6b19394dc3f275ca039f85af59ca4f2fc5f628e2505cb39e59f5cfa55d605788  openfire_4_6_8.exe
b22fce993bce4930346183d5edc1e9e38827a47ed8f64c41486a105f574cc116  openfire_4_6_8.tar.gz
7c5769c7c8869ce2dfbb93fbbf1ec97a4e8509d61f8c14ba3f6be20abd05e90e  openfire_4_6_8_x64.exe
72f27d063446479e1d4ceb2a46ac838f5462dfca53032cfa068eb96ef08d0697  openfire_4_6_8.zip

v4.7.4

1 year ago

Improvement

[OF-2498] - Improve performance of MUC, based on stress test profiling
[OF-2499] - MUC Room history shouldn't be serialized as part of a MUC Room
[OF-2502] - Reduce resource usage of MUC stats collection
[OF-2504] - Re-instate MINA JMX monitoring
[OF-2511] -Prevent retrieving more MUC messages from DB than needed
[OF-2516] - Add TX/RX, Remove Priority from session summary page
[OF-2518] - Try loading favicons over HTTPS and HTTP
[OF-2524] - Improve MUC history load time for single rooms
[OF-2525] - Deprecate XMLProperties constructors that can't write back
[OF-2531] - Remove unneeded JID-based lock in MUC
[OF-2537] - Advertise support for pubsub's "multi-item" feature.

Story

[OF-2528] - Migrate usages of set-output in Github Actions
[OF-2529] - Upgrade Apache Commons Text from 1.6 to 1.10

Bug

[OF-2415] - Openfire Docker image fails to start if an empty plugins directory exists
[OF-2495] - Websocket onError handler prevents earlier data to be processed
[OF-2509] - openfirectl does not store PID
[OF-2512] - User lock-out with custom value does not take effect
[OF-2517] - "Packet sent" session stat remains 0 for BOSH sessions
[OF-2519] - Group JIDs in MUC rooms without preloading causes issues

sha256sum values

a6a98540e3ab6da65916f630b7b22d04e7ec125be9d09ae98121f6075ef2ef77  openfire-4.7.4-1.noarch.rpm
5f4bd4e6390bdfe99a63e4e72b25200461854348a9f6039368cffe1c509782fa  openfire_4.7.4_all.deb
6bebb52b4828d9564b1e22f3d0aebaeec6eefb1e5c7899549747b48bc8d6e30d  openfire_4_7_4.dmg
142d923f0b17e4dff65b01f69d9d5885494798011157a64cfef8847063f503ee  openfire_4_7_4.exe
9ebcb9c15d38d4f8fb528a79f0f53440179d64c214176c2d9e578b11762258dd  openfire_4_7_4.tar.gz
ef233db999c8a18ac43edb7fd17657c7677c0ce2e29f09c9ccb53185c451ded3  openfire_4_7_4_x64.exe
ba0fb1d992c5169da466107e7752f5eee588d79987dcf052e5b68abc101f7173  openfire_4_7_4.zip

v4.7.3

1 year ago

Bug

[OF-2486] - MUC mediated invite MUST have a invite-from
[OF-2484] - UpdateManager - Error: update service check did not save correctly. Stopping update service.
[OF-2482] - Error when opening keystore admin console page
[OF-2480] - Admin console is unavailable ~30 seconds after setup finishes
[OF-2473] - Deadlock Websocket
[OF-2470] - NPE in MultiUserChatServiceImpl
[OF-2469] - NPE in Pubsub admin console page
[OF-2423] - Too many sessions removed when one session logs out
[OF-2181] - "click here" HTTP server restart link on certificate store admin console page is same color as info message
[OF-1396] - PubSub Admin Console - 'Cancel' takes user to 'Node Summary'

Improvement

[OF-2490] - Reduce log level when anonymous user tries to use PEP
[OF-2489] - Reduce log level severity of SOCKS5 error
[OF-2488] - Reduce log level severity of failure to do a DNS lookup
[OF-2487] - Make replacement of XML file more atomic
[OF-2483] - Delay restart of admin console when truststore content is changed
[OF-2481] - Software version not visible in admin console in S2S Overview
[OF-2472] - Pubsub node summary search/order functionality
[OF-2471] - Audit log should show friendly name for groupJID and not base32hex encoded one
[OF-2467] - Groups are deselected when changing role within Room Permissions
[OF-2466] - Groups should be sorted within Room Permissions area

New Feature

[OF-2479] - Allow Tsung to test with websockets

sha256sum values

f05df8e68b8d52ef2941d80884484e62dcface5069868d3f51d2bfe17a72ea5a  openfire-4.7.3-1.noarch.rpm
8ba71bbf0b1abb5c2cd0e18dc20ade77ca2714d58a8ad5313f64614bdc7dac44  openfire_4.7.3_all.deb
d2b1ffa24b3d86858e4d5451a094193c839bceae0a73773fa5ae0e114d0732ff  openfire_4_7_3.dmg
41056744e15e3a9b384b852f5e2c1d1ebb4bfd1d79bb10b54526a1fd9a7fee07  openfire_4_7_3.exe
3ced4613c3cef61068fb89eed723e49b5845e960c6eec194961f75bc65042832  openfire_4_7_3.tar.gz
9c8ebcb930f2373713c1eb53a4b70d9f76a8577b95cbefd41e1ae284c2ff28aa  openfire_4_7_3_x64.exe
670db7574e6b528145c002f22f58789f949d5d5c03fbe372204816db07bd01e7  openfire_4_7_3.zip

v4.7.2

1 year ago

Bug

[OF-2465] - Prevent using a collection function with itself as an argument
[OF-2458] - ConcurrentModificationException in MUC cache size calculation
[OF-2456] - MUC nickname changes are not properly propagated in cluster
[OF-2450] - When pausing a BOSH connection, wrong connection could get answered to
[OF-2448] - Do not close replacement BOSH connection
[OF-2444] - Deadlock in BOSH
[OF-2431] - Incorrect restriction on retrieving member-list of MUC room
[OF-2421] - OccupantManager should be thread-safe
[OF-2401] - Pubsub node should not change parent without changing parentIdentifier

Improvement

[OF-2460] - Bumps mysql-connector-java from 8.0.27 to 8.0.28.
[OF-2446] - Use more appropriate data type for org.jivesoftware.openfire.http.HttpSession#sentElements
[OF-2445] - BOSH: prevent pendingElements to be added to if HttpSession is closed
[OF-2432] - Expose member-only MUCs member list to all occupants
[OF-2428] - Allow MUC occupants to ask each-other's VCards
[OF-2424] - LocalSession.toString should not log an error
[OF-2416] - Allow PEP to be enabled/disabled without restarting Openfire
[OF-2405] - Enhance log info of loaded plugin by version
[OF-2398] - Show 'locked' room status in admin console

sha256sum values

998e469fad00452004c9f9d6c309c6749fa48d53af48c1501407f0f77870edca  openfire-4.7.2-1.noarch.rpm
72ee5a31685f6010fc14a992d87d2d1f9c49b79b4e718c239520911ec7167340  openfire_4.7.2_all.deb
674bab49908ff4de14f54dab1fdf7a6a29904b32f00669289b793d8dc19189c8  openfire_4_7_2.dmg
66571c760776d02a28d00ed3c0ca085c327a1874f9d75f8b2037b347ec99decb  openfire_4_7_2.exe
707ede6cc6d8d8bcce257c7f30d8a79fc7ed52576fb217a8220b800f2d52be64  openfire_4_7_2.tar.gz
8eeaf4f07948d10b6b77b3e1e8b8d1f65a6ad3ffd85e5353a2d8055503d724fc  openfire_4_7_2_x64.exe
ad07c991a3812a45250b303e95129a37242de01a591cce438057437d4f5a30d9  openfire_4_7_2.zip

v4.7.1

2 years ago

Bug

[OF-2392] - Logging fails when Openfire started with Install4j 'openfire' launcher
[OF-2381] - MUC idle user handling
[OF-2379] - In-memory pubsub representation should guarantee order of items
[OF-2375] - Fix references to openfire.log

Improvement

[OF-2394] - Bump postgresql from 42.2.25 to 42.3.3
[OF-2393] - Update SLF4J to 1.7.36
[OF-2390] - Increase MUC idle kick default value to allow for SM
[OF-2387] - Update Postgres driver

Sub Task

[OF-113] - Openfires admin gui allows to enter long group names while the database supports only 50 characters.

Tasks

[OF-2384] - Enable Openfire debugging for Docker
[OF-2376] - Update mysql-connector from 8.0.27 to 8.0.28

sha256sum values

ec8e0a8a52cb28b50afea8060664d2c28a66b99f529e1c79a80e44d3dd14322d  openfire-4.7.1-1.noarch.rpm
be5fd37af0d45f5b22a56b617154615ac8ed0d8424744d8cfb0b94c34b182cbb  openfire_4.7.1_all.deb
2a5db207e92482147082157ea7c0b308865cbf5efc414be244fb29d14a87c0d3  openfire_4_7_1.dmg
5632e794bc13cb00556d1fa80a3262837049e21a6c9a40ea6dce06b4411d8608  openfire_4_7_1.exe
c8007ca87780b349db2c42e013fd129c7f24a189ce34c4595fe2a55fcb8ac404  openfire_4_7_1.tar.gz
ece0e0adaa907710779633427be96b0c72b00bf61d335a28f18a04e0d32fd683  openfire_4_7_1_x64.exe
112b0ef0604e6d3a3ee5eaac9fc604d468c679fa453825164fb51ea16149348b  openfire_4_7_1.zip

v4.7.0

2 years ago

Release notes - Openfire - Version 4.7.0

Bug

OF-2368 Ghost detection shouldn't kick non-ghost occupants

OF-2367 (TCP) clients are suddenly unable to log into the server

OF-2365 Parent node subscribers shouldn't always get pubsub node notifications

OF-2358 When a room is destroyed, the room instance might be non-existent

OF-2350 DefaultExternalizableUtil ignores provided ClassLoader instances

OF-2348 Plugin JAR can't unload on Windows with newer versions of Java

OF-2346 XMPPServer#matchesComponent shouldn't require full-JID match

OF-2345 component-based address incorrectly identified as remote

OF-2343 Inconsistent leave presence sending to leaving occupant

OF-2341 Apparent thread lock (deadlock?) in MUC after clustering reimplementation

OF-2339 Incomplete room list following a cluster split

OF-2338 NullPointerException on MUC search if name is empty

OF-2337 PEP publishing fails after reboot

OF-2336 DefaultCache put returns wrong value when to big value is added

OF-2329 XML parsing bug when tag-name is not followed by space or '>'

OF-2328 Error when standalone Openfire checks for timed out users

OF-2325 100% CPU from never-ending Dialback

OF-2324 NullPointerException in client sessions page on admin console

OF-2322 Outbound S2S stanzas can be delivered out-of-order

OF-2321 Concurrency issue with sending/establishing outbound S2S connection.

OF-2315 NPE when setting up S2S

OF-2314 Cache data inconsistency: outgoing server sessions

OF-2313 Cache data inconsistency: incoming server sessions

OF-2312 Not all admins are warned when cache inconsistencies occur

OF-2311 Cache data inconsistency: Sessions

OF-2308 MUC should disallow nickname change to reserved nickname

OF-2305 MUC nickname change processed as new join

OF-2304 MUC nickname changes should not be possible for non-occupants

OF-2300 Clustered caches can loose 'local' data upon cluster breakage.

OF-2299 NullPointerException when cleaning up directed presences in 3-node cluster

OF-2297 Cluster leave can result in lost data MUC

OF-2296 Cluster join/leave events are processed twice in MUC

OF-2294 MUC consistency check failure

OF-2293 Duplicate occupant in MUC

OF-2292 ConcurrentModificationException in new MUC cluster code

OF-2291 ConcurrentModificationException in new MUC cluster code

OF-2290 Cache locking with Strings has problems equal to using a String as a mutex

OF-2289 String-based Interners still can cause deadlocks

OF-2282 Log4j config is ignored at boot time.

OF-2281 Admin console error when using In-Memory datastore for pubsub

OF-2278 Cache locking does not always work with primitive types

OF-2250 Multiplexer backup deliverer should be used

OF-2249 Backup delivery for BOSH should be 'offline'

OF-2245 Prevent needlessly scheduled tasks after Http Session closure

OF-2244 Offline presence subscription loses details

OF-2213 Update dependencies identified by Snyk

OF-2206 BOSH session disconnect through server should inform client

OF-2167 Federated users should be able to query a MUC room in a cluster

OF-2165 Prevent potential nickname clashes when occupants of clustered MUC room are merged.

OF-2164 Updating A MUC service should propagate in the cluster

OF-2156 BOSH Concurrency issue

Improvement

OF-2371 Outbound S2S stanza queue should be larger

OF-2370 RemoteServerManager's canAccess should evaluate both Direct and nonDirect TLS

OF-2369 Do not establish S2S when not accepting S2S of the same type

OF-2363 Improve LGTM score for xmppserver/webapp/javascript

OF-2362 JDBCAdminProvider LGTM synchronising on a string

OF-2361 GroupManager LGTM String Synchronisation Changes

OF-2360 Create API to check for availability of plugins/versions on each cluster node

OF-2357 Update SLF4J to 1.7.32

OF-2356 Update Bouncy Castle to 1.70

OF-2355 Update Log4j to 2.17.1

OF-2354 String-based SystemProperty lists should allow for whitespace comma separation

OF-2353 Update Log4j dependency to 2.16.0 to address Log4Shell/LogJam

OF-2352 Use plugin-provided servlet context

OF-2351 Update Log4j dependency to 2.15.0 to address Log4Shell/LogJam

OF-2349 Admin console should show (full) default value for system property

OF-2340 send stanzas that are 'responses' through PacketRouter, not RoutingTable

OF-2320 MUC room avatars fail

OF-2319 muc#roomconfig_allowpm should only affect Message stanzas

OF-2317 Prevent NPE when admin page obtained without session

OF-2316 Make S2S fast-discard timeout configurable

OF-2307 Changing MUC nickname to one that's already used by your other resource

OF-2303 Remove unused UserManager field from SessionManager

OF-2298 Use status code 333 when MUC occupants leave due to clustering error

OF-2287 Add MUCEventDelegate to interface

OF-2283 Show distinct servers when looking at remote S2S details

OF-2276 Broadcast status codes when privacy settings of a MUC room change

OF-2275 When joining a MUC room that has logging enabled, status 170 should be returned.

OF-2256 Add CORS headers to websockets

OF-2254 Distinguish between property values that are set to the default value, or are just defaults.

OF-2252 Reduce log level for BOSH request that time out

OF-2251 Threadpool for BOSH network-IO should be configurable

OF-2248 BOSH configuration should go into SystemProperty instances

OF-2247 BOSH session configuration should not be mutable

OF-2246 Allow backup delivery to be disabled

OF-2239 Make it easier to cache plugin class instances

OF-2212 Allow admin console's cert to be auto-updated

OF-2200 Apply alternating row background color scheme to group members list.

OF-2175 Reduce verbosity of anonymous users trying to authenticate errors

OF-2129 Remove Flash support

OF-2115 Remove unused webdav servlet

OF-1840 Improve admin console log viewer

OF-264 Add group selection field in Create New User page

New Feature

OF-2286 Allow log file to be downloaded from Admin Console

OF-2158 Update notifications should include cluster node reference

Sub-task

OF-2272 Remove notion of 'remote' and 'local' MUC entities

OF-2236 Test appropriate join/leave presences are sent to occupants when joining & leaving cluster

OF-2233 On joining a cluster, generate appropriate join presences to reconcile the MUC participant visibility

OF-2232 On reconciling the membership of a particular MUC, reconcile any nickname conflicts

OF-2230 On witnessing another node leaving a cluster, generate leave presence about all MUC participants from that node to all node-local MUC participants

OF-2228 On Cluster Join, repopulate the newly acquired clustered cache with the local copy of items

OF-2227 On Cluster Leave, repopulate the new blank local cache with the local copy of items contributed to the clustered cache

OF-2223 Test the local list of cache items to ensure it contains the expected state of items given various conditions and operations in/on the MUC

OF-2220 Ensure that caches are updated every time a item from the cache is modified locally

Task

OF-2366 Drop barely-used commons-io library

OF-2333 Update dependency-check from 6.0.4 to 6.2.2

OF-2332 Update commons-dbcp2 from 2.6.0 to 2.9.0

OF-2331 Update mysql-connector from 8.0.21 to 8.0.27

OF-2330 Update Jetty from 9.4.39 to 9.4.43

OF-2327 Drop runtime compilation of JSPs

OF-2199 Stop bundling JRE with Openfire Release Artifacts

OF-2066 Evaluate if additional event listeners are required

OF-1780 Add OWASP dependency check to build

sha256sum values

061200b8925f9d248c7303a5e893c3bd3df256bae07956ac4aa5fccb88e247c7  openfire-4.7.0-1.noarch.rpm
f1867b224082aa4baa3632bed465a51d21eb109cb57b01ac1a97f0662ab6f23c  openfire_4.7.0_all.deb
f7bc7d3dbeae4ce7f8620338c6f4cc27de873e8b7e736d2dc9b345a0942b89cc  openfire_4_7_0.dmg
49d474983105665831a15204d2504d56a829a908c5ffc4837504edcf71e52519  openfire_4_7_0.exe
781e024118e46675134b712e92efd249dd86b0e64c6ae221484c03fa5c66fe6f  openfire_4_7_0.tar.gz
7280870634edeba66b8ab274cab6c6e22c5fb4643942760de2c400d262917ac5  openfire_4_7_0_x64.exe
0ba7cac3dba81922fa254562f5e2fdb066bd195738910c4449e882195f936610  openfire_4_7_0.zip