Code commits
Openfire (master)
-
Dave Cridland <dave@cridland.net> 922931473f8ce4659084c0599e3f44e2e548ace9
Fix client route removal (#930)
Cut/paste error in removeClientRoute() caused old sessions to be
kept around.
In order to help debug this, I also added some detailing to
session-details.jsp which turned out not to be needed. But it
might prove useful/interesting.- src/i18n/openfire_i18n_en.properties (version 922931473f8ce4659084c0599e3f44e2e548ace9)
- src/java/org/jivesoftware/openfire/spi/RoutingTableImpl.java (version 922931473f8ce4659084c0599e3f44e2e548ace9)
- src/web/session-details.jsp (version 922931473f8ce4659084c0599e3f44e2e548ace9)
-
Dave Cridland <dave@cridland.net> 7ff1f73077cca1b3ec25d5897f31f15340c8fa4e
Fix several security issues in 4.2 (#929)
* OF-1417 CVE-2017-15911 Fix XSS issues in host setup
* OF-1329 Prevent session fixation attack
* OF-1403 Escape group name in MUC admin
* OF-1393 Make randomString more random
* OF-1400 Escape servername field
* OF-1401 Validate SMS host and escape error message- src/i18n/openfire_i18n_en.properties (version 7ff1f73077cca1b3ec25d5897f31f15340c8fa4e)
- src/java/org/jivesoftware/util/StringUtils.java (version 7ff1f73077cca1b3ec25d5897f31f15340c8fa4e)
- src/java/org/jivesoftware/util/WebManager.java (version 7ff1f73077cca1b3ec25d5897f31f15340c8fa4e)
- src/web/index.jsp (version 7ff1f73077cca1b3ec25d5897f31f15340c8fa4e)
- src/web/login.jsp (version 7ff1f73077cca1b3ec25d5897f31f15340c8fa4e)
- src/web/muc-sysadmins.jsp (version 7ff1f73077cca1b3ec25d5897f31f15340c8fa4e)
- src/web/server-props.jsp (version 7ff1f73077cca1b3ec25d5897f31f15340c8fa4e)
- src/web/setup/setup-host-settings.jsp (version 7ff1f73077cca1b3ec25d5897f31f15340c8fa4e)
- src/web/system-sms.jsp (version 7ff1f73077cca1b3ec25d5897f31f15340c8fa4e)
- src/web/system-smstest.jsp (version 7ff1f73077cca1b3ec25d5897f31f15340c8fa4e)
-
Dmitry Deshevoy <mityada@gmail.com> 56ac5211782bcbf5feb3853e64b1698bcea550fb
Set correct sequence number in the <resumed/> element
According to XEP-0198 'h' attribute should be set to the sequence number
of the last handled stanza sent over the former stream from the client to the server- src/java/org/jivesoftware/openfire/streammanagement/StreamManager.java (version 56ac5211782bcbf5feb3853e64b1698bcea550fb)
-
Paweł Ścibiorski <Alameyo@users.noreply.github.com> 04628004dda8ab5549b51cf796bd512fe2765dea
Test was looking trying to assure that English names for time units are the same as foreignin. That was causing problems while I was building Openfire and units were named in Polish (e.g. second - sekunda). (#925)
- src/test/java/org/jivesoftware/util/StringUtilsTest.java (version 04628004dda8ab5549b51cf796bd512fe2765dea)