Openfire (master)

• 

  Guus der Kinderen 16 Dec 2021 c9912c91ecfdb2771bff59c2177b9bbeac0fa730

  Fix typo

  • distribution/src/installer/openfire.install4j (version c9912c91ecfdb2771bff59c2177b9bbeac0fa730)
• 

  Guus der Kinderen 16 Dec 2021 5be6e08630e61a7b41d118721b79f0b668c0c0f9

  OF-2353: Add log4j2.formatMsgNoLookups system property to startup scripts
  As another mitigation for CVE-2021-4428, add the log4j2.formatMsgNoLookups system property to all Openfire start scripts that we provide.

  • build/debian/openfire.init.d (version 5be6e08630e61a7b41d118721b79f0b668c0c0f9)
  • distribution/src/bin/extra/openfire-launchd-wrapper.sh (version 5be6e08630e61a7b41d118721b79f0b668c0c0f9)
  • distribution/src/bin/extra/redhat/openfire (version 5be6e08630e61a7b41d118721b79f0b668c0c0f9)
  • distribution/src/bin/openfire.bat (version 5be6e08630e61a7b41d118721b79f0b668c0c0f9)
  • distribution/src/bin/openfire.sh (version 5be6e08630e61a7b41d118721b79f0b668c0c0f9)
  • distribution/src/bin/openfirectl (version 5be6e08630e61a7b41d118721b79f0b668c0c0f9)
  • distribution/src/installer/openfire.install4j (version 5be6e08630e61a7b41d118721b79f0b668c0c0f9)
• 

  Guus der Kinderen 16 Dec 2021 5896d329f06c66c5b1f5eea49faa14c31a3d90a9

  OF-2353: Disable lookups in log4j2 message converter
  This adds the {nolookups} directive to the log4j message directive, which disables lookups on another level (CVE-2021-44228).
  
  Note that after upgrading to log4j2 2.16.0, this directive will be ignored by log4j2, as the lookup functionality has been removed completely in that version. A message might be logged to that effect when starting up.

  • distribution/src/resources/log4j2.xml (version 5896d329f06c66c5b1f5eea49faa14c31a3d90a9)
  • xmppserver/src/test/resources/log4j2-test-mvn.xml (version 5896d329f06c66c5b1f5eea49faa14c31a3d90a9)
  • xmppserver/src/test/resources/log4j2-test.xml (version 5896d329f06c66c5b1f5eea49faa14c31a3d90a9)
• 

  Guus der Kinderen 16 Dec 2021 80e593fb520189ded188e9e8a95f9a3462cd9678

  OF-2353: Upgrade log4j2 from 2.15.0 to 2.16.0

  • pom.xml (version 80e593fb520189ded188e9e8a95f9a3462cd9678)