Build: #6 was successful Manual run by daryl herzmann
Code commits
Openfire (master)
-
Guus der Kinderen ada531abba9c8991484e9d4d8e600030fc2c91f6
OF-1886: Plugin Servlet shouldn't provide access to any file on the host
- i18n/src/main/resources/openfire_i18n.properties (version ada531abba9c8991484e9d4d8e600030fc2c91f6)
- xmppserver/src/main/java/org/jivesoftware/openfire/container/PluginServlet.java (version ada531abba9c8991484e9d4d8e600030fc2c91f6)
-
Greg Thomas <greg.d.thomas@gmail.com> 1793a26588751608cca66c41f40b1297f825a6df
OF-1894: Allow the contents of Cache's to be kept private
- xmppserver/src/main/java/org/jivesoftware/admin/servlet/SystemCacheDetailsServlet.java (version 1793a26588751608cca66c41f40b1297f825a6df)
- xmppserver/src/main/java/org/jivesoftware/util/cache/Cache.java (version 1793a26588751608cca66c41f40b1297f825a6df)
-
Guus der Kinderen 7b3cc711ddd5dc292a7bf067c3c7091c882e9061
OF-1909: Allow CertificateStoreWatcher to be disabled by config.
- i18n/src/main/resources/openfire_i18n.properties (version 7b3cc711ddd5dc292a7bf067c3c7091c882e9061)
- xmppserver/src/main/java/org/jivesoftware/openfire/keystore/CertificateStoreWatcher.java (version 7b3cc711ddd5dc292a7bf067c3c7091c882e9061)
-
Guus der Kinderen aec46ae765aa943d9b2cec289fea020e7e3ba7b3
Limit max duration of Module shutdown
- xmppserver/src/main/java/org/jivesoftware/openfire/XMPPServer.java (version aec46ae765aa943d9b2cec289fea020e7e3ba7b3)
-
Guus der Kinderen 82537d292dd7a7388b3ea08675d4d51a39492dc6
OF-1609: Ensure that the first module to be shut down is the ConnectionManager.
- xmppserver/src/main/java/org/jivesoftware/openfire/XMPPServer.java (version 82537d292dd7a7388b3ea08675d4d51a39492dc6)
-
cpetzka <31418387+cpetzka@users.noreply.github.com> b62ee731c3a7a54cfa215ea826b63b68e80462e8
fix that the maxLifetime settings of a cache take effect on runtime
It was just a typo. Also introduced constants for the property
parameters.- xmppserver/src/main/java/org/jivesoftware/util/cache/CacheFactory.java (version b62ee731c3a7a54cfa215ea826b63b68e80462e8)
-
Guus der Kinderen 8d997c422808faaee7f44ce6157cfa883f4bd825
OF-1910: Fix potential NPE in AuditorImpl
- xmppserver/src/main/java/org/jivesoftware/openfire/audit/spi/AuditorImpl.java (version 8d997c422808faaee7f44ce6157cfa883f4bd825)
-
Guus der Kinderen f86a7f6c64f2de18100539fd69ea72cf982eecfe
OF-1901: pubsub: compare bare JIDs while checking unsubscribe auth
To verify if a JID can issue an pubsub-unsubscribe for a (potentially other) JID, both JIDs should be compared based on their bare JID representation.- xmppserver/src/main/java/org/jivesoftware/openfire/pubsub/NodeSubscription.java (version f86a7f6c64f2de18100539fd69ea72cf982eecfe)
-
Guus der Kinderen 3c1de49577e7f62c47458132ab95eb795f3a41cf
OF-1901: Pubsub: stop allowing everyone to unsubscribe anyone
This commit removes a condition that appears to evaluate to 'true' always. This resuls in the permission-check to be overly permissive.- xmppserver/src/main/java/org/jivesoftware/openfire/pubsub/PubSubEngine.java (version 3c1de49577e7f62c47458132ab95eb795f3a41cf)
-
Guus der Kinderen 7eec4036ae59fbd96606c5ba087b1078475737d1
OF-1899: Pubsub subscribing while subscription pending should cause error.
Openfire should follow XEP-0060 Pubsub § 6.1.3.7.- xmppserver/src/main/java/org/jivesoftware/openfire/pubsub/Node.java (version 7eec4036ae59fbd96606c5ba087b1078475737d1)
-
Guus der Kinderen a177beb31da181b0c5830ecf36e9ecc16b00c14f
OF-1908: Add property type 'double' with 4.4 branch backport
- xmppserver/src/main/java/org/jivesoftware/util/JiveGlobals.java (version a177beb31da181b0c5830ecf36e9ecc16b00c14f)
- xmppserver/src/main/java/org/jivesoftware/util/StringUtils.java (version a177beb31da181b0c5830ecf36e9ecc16b00c14f)
- xmppserver/src/main/java/org/jivesoftware/util/SystemProperty.java (version a177beb31da181b0c5830ecf36e9ecc16b00c14f)
- xmppserver/src/test/java/org/jivesoftware/util/SystemPropertyTest.java (version a177beb31da181b0c5830ecf36e9ecc16b00c14f)
-
Greg Thomas <greg.d.thomas@gmail.com> 95f00b2d2b585a5735b462b6e528f8686fbe86e3
OF-1905: Improved filtering/paging for the audit viewer
- i18n/src/main/resources/openfire_i18n.properties (version 95f00b2d2b585a5735b462b6e528f8686fbe86e3)
- xmppserver/src/main/java/org/jivesoftware/admin/servlet/SecurityAuditViewerServlet.java (version 95f00b2d2b585a5735b462b6e528f8686fbe86e3)
- xmppserver/src/main/webapp/security-audit-viewer-jsp.jsp (version 95f00b2d2b585a5735b462b6e528f8686fbe86e3)
- xmppserver/src/main/webapp/security-audit-viewer.jsp (version 95f00b2d2b585a5735b462b6e528f8686fbe86e3)
-
Greg Thomas <greg.d.thomas@gmail.com> 7f8ad48ab895639e1f078fbbd79b5b78d28ae11d
OF-1905: Ensure that updating properties records the details of the change
- xmppserver/src/main/java/org/jivesoftware/admin/servlet/SystemPropertiesServlet.java (version 7f8ad48ab895639e1f078fbbd79b5b78d28ae11d)
-
Dele Olajide <dele@4ng.net> 505c90e3e99dc81285f06f683af2bfd5bd2eba05
Added an asynchronous ExecutorService thread for roster update broadcast
- xmppserver/src/main/java/org/jivesoftware/openfire/roster/RosterManager.java (version 505c90e3e99dc81285f06f683af2bfd5bd2eba05)
-
Dele Olajide <dele@4ng.net> 57bdf3f7804a12b7da80004266621ce81529b2cb
This fix is an interim solution to OF-1904
- xmppserver/src/main/java/org/jivesoftware/openfire/roster/Roster.java (version 57bdf3f7804a12b7da80004266621ce81529b2cb)
- xmppserver/src/main/java/org/jivesoftware/openfire/roster/RosterManager.java (version 57bdf3f7804a12b7da80004266621ce81529b2cb)
-
Guus der Kinderen 4b031ebcf433f6748a36d1ebf6ea34f53d8ac76b
OF-1900: Advertise pubsub#multi-subscribe only when enabled.
- xmppserver/src/main/java/org/jivesoftware/openfire/pubsub/PubSubModule.java (version 4b031ebcf433f6748a36d1ebf6ea34f53d8ac76b)
-
Guus der Kinderen a3947a2ce2ddc455321f83a291f69fa768b14eb4
Increate favicon retrieval timeouts
I've noticed that many favicons are not shown. Increasing retrieval timeouts in the hope that this yields better results.- xmppserver/src/main/java/org/jivesoftware/util/FaviconServlet.java (version a3947a2ce2ddc455321f83a291f69fa768b14eb4)
-
Guus der Kinderen a3cbe2093f995782d4fe66903bf176cd122dc2cf
OF-1885: Guard against SSRF by inpecting favicon results
The Openfire servlet that is supposed to be used to retrieve favicons from remote servers could be used to obtain anything. To prevent unauthorized use, this commit adds a check that verifies if the returned data is an image. If that's not the case, the returned data is ignored.- xmppserver/src/main/java/org/jivesoftware/util/FaviconServlet.java (version a3cbe2093f995782d4fe66903bf176cd122dc2cf)
- xmppserver/src/main/java/org/jivesoftware/util/GraphicsUtils.java (version a3cbe2093f995782d4fe66903bf176cd122dc2cf)
- xmppserver/src/test/java/org/jivesoftware/util/GraphicsUtilsTest.java (version a3cbe2093f995782d4fe66903bf176cd122dc2cf)
-
akrherz <akrherz@iastate.edu> 54738d27ec1a0ead249ae308c35ef4ec77efc9eb
march 4.4 branch to version 4.4.3-SNAPSHOT
- distribution/pom.xml (version 54738d27ec1a0ead249ae308c35ef4ec77efc9eb)
- i18n/pom.xml (version 54738d27ec1a0ead249ae308c35ef4ec77efc9eb)
- plugins/openfire-plugin-assembly-descriptor/pom.xml (version 54738d27ec1a0ead249ae308c35ef4ec77efc9eb)
- plugins/pom.xml (version 54738d27ec1a0ead249ae308c35ef4ec77efc9eb)
- pom.xml (version 54738d27ec1a0ead249ae308c35ef4ec77efc9eb)
- starter/pom.xml (version 54738d27ec1a0ead249ae308c35ef4ec77efc9eb)
- xmppserver/pom.xml (version 54738d27ec1a0ead249ae308c35ef4ec77efc9eb)
- xmppserver/src/main/java/org/jivesoftware/openfire/spi/XMPPServerInfoImpl.java (version 54738d27ec1a0ead249ae308c35ef4ec77efc9eb)