Generates the latest/greatest Maven-based artifacts for the Openfire project, every night.
Build: #84 was successful Scheduled with changes by Guus der Kinderen
Code commits
Openfire (master)
-
Guus der Kinderen 4b031ebcf433f6748a36d1ebf6ea34f53d8ac76b
OF-1900: Advertise pubsub#multi-subscribe only when enabled.
- xmppserver/src/main/java/org/jivesoftware/openfire/pubsub/PubSubModule.java (version 4b031ebcf433f6748a36d1ebf6ea34f53d8ac76b)
-
Guus der Kinderen a3947a2ce2ddc455321f83a291f69fa768b14eb4
Increate favicon retrieval timeouts
I've noticed that many favicons are not shown. Increasing retrieval timeouts in the hope that this yields better results.- xmppserver/src/main/java/org/jivesoftware/util/FaviconServlet.java (version a3947a2ce2ddc455321f83a291f69fa768b14eb4)
-
Guus der Kinderen a3cbe2093f995782d4fe66903bf176cd122dc2cf
OF-1885: Guard against SSRF by inpecting favicon results
The Openfire servlet that is supposed to be used to retrieve favicons from remote servers could be used to obtain anything. To prevent unauthorized use, this commit adds a check that verifies if the returned data is an image. If that's not the case, the returned data is ignored.- xmppserver/src/main/java/org/jivesoftware/util/FaviconServlet.java (version a3cbe2093f995782d4fe66903bf176cd122dc2cf)
- xmppserver/src/main/java/org/jivesoftware/util/GraphicsUtils.java (version a3cbe2093f995782d4fe66903bf176cd122dc2cf)
- xmppserver/src/test/java/org/jivesoftware/util/GraphicsUtilsTest.java (version a3cbe2093f995782d4fe66903bf176cd122dc2cf)