Openfire (master)

• 

  Guus der Kinderen 21 Mar 2023 18367c25d148ac57dd8792146159d6fb683c89c1

  OF-2572: Detect thread obtaining more than one database connection
  Logs a warning (and stack traces) when one thread obtains more than one database connection from the database connection pool. This intends to flag inefficient code.
  
  This feature is enabled only when ProfiledConnections are used, which is not the case by default.

  • xmppserver/src/main/java/org/jivesoftware/database/ProfiledConnection.java (version 18367c25d148ac57dd8792146159d6fb683c89c1)
• 

  Dan Caseley <dan@caseley.me.uk> 21 Mar 2023 37b5874ee7c92e74be40ee12ef7c9c6d59b363ae

  OF-2494 Bump hsqldb from 2.4.1 to 2.7.1

  • build/ci/updater/pom.xml (version 37b5874ee7c92e74be40ee12ef7c9c6d59b363ae)
  • xmppserver/pom.xml (version 37b5874ee7c92e74be40ee12ef7c9c6d59b363ae)
• 

  Dan Caseley <dan@caseley.me.uk> 21 Mar 2023 4ce07d24292f249a70c6eae200ae700815fddccb

  OF-2588 Upgrade mssql-jdbc from 7.4.1-java8 to 9.4.1-java11

  • build/ci/updater/pom.xml (version 4ce07d24292f249a70c6eae200ae700815fddccb)
  • xmppserver/pom.xml (version 4ce07d24292f249a70c6eae200ae700815fddccb)
• 

  Dan Caseley <dan@caseley.me.uk> 21 Mar 2023 7fcde9ff0c1a2605f411a121384fbebaddde83e4

  OF-2494 Update docs to match hsqldb changes

  • documentation/database.html (version 7fcde9ff0c1a2605f411a121384fbebaddde83e4)
• 

  Dan Caseley <dan@caseley.me.uk> 21 Mar 2023 47ec200cd1f5c4b233cd3c495c99efd2fbfe7f22

  OF-2584 Update dependency-check-maven from 6.2.2 to 8.1.2

  • pom.xml (version 47ec200cd1f5c4b233cd3c495c99efd2fbfe7f22)
• 

  Dan Caseley <dan@caseley.me.uk> 21 Mar 2023 478d46ee8039f79d668f315a459df2f6b8d5c786

  OF-2584 Suppress new/old Guava vulnerability
  Guava has vulnerability related to permissions on a temp directory (https://github.com/google/guava/issues/4011) but we don't use that method. This wasn't flagged by the previous version of dependency-check-maven, as it'd been assumed fixed in Guava.

  • .dependency-check-suppressions.xml (version 478d46ee8039f79d668f315a459df2f6b8d5c786)
• 

  Dan Caseley <dan@caseley.me.uk> 21 Mar 2023 a4d0687b6c136d8e95ae7533f61c45154e56d7d0

  OF-2586 Update mysql-connector from 8.0.28 to 8.0.32

  • build/ci/updater/pom.xml (version a4d0687b6c136d8e95ae7533f61c45154e56d7d0)
  • xmppserver/pom.xml (version a4d0687b6c136d8e95ae7533f61c45154e56d7d0)
• 

  Dan Caseley <dan@caseley.me.uk> 21 Mar 2023 5e92f3da774a07abc8fbb7609b9e1127fe29ff4c

  OF-2585 Bump commons-fileupload from 1.4 to 1.5

  • xmppserver/pom.xml (version 5e92f3da774a07abc8fbb7609b9e1127fe29ff4c)
• 

  Dan Caseley <dan@caseley.me.uk> 21 Mar 2023 e29d504d824085bb7b8cc57c50c89fe9a02bb5e0

  OF-2589 Exclude protobuf-java from mysql-connector-j
  Since we don't need X DevAPI features

  • build/ci/updater/pom.xml (version e29d504d824085bb7b8cc57c50c89fe9a02bb5e0)
  • xmppserver/pom.xml (version e29d504d824085bb7b8cc57c50c89fe9a02bb5e0)
• 

  Dan Caseley <dan@caseley.me.uk> 21 Mar 2023 39d0852294a58c965f1866264b597037af8432ab

  OF-2585 Add safety limit for uploading plugin files
  Recommended mitigation for CVE-2023-24998

  • xmppserver/src/main/webapp/plugin-admin.jsp (version 39d0852294a58c965f1866264b597037af8432ab)
• 

  Dan Caseley <dan@caseley.me.uk> 21 Mar 2023 ca4c5723f812f33261f3283900c12e0360b11508

  OF-2587 Upgrade TwelveMonkeys image-io extensions from 3.5 to 3.9.4

  • xmppserver/pom.xml (version ca4c5723f812f33261f3283900c12e0360b11508)