Build: #919 was successful Scheduled with changes by Guus der Kinderen
Code commits
Openfire (master)
-
Guus der Kinderen 931ed89ac7342448eb807c45448b50af8c52c8ae
OF-2163: Prevent unexpected stanza modifications to leak information
Delivering a stanza to a MUC room occupant changes the addressing of the stanza (the room JID is replaced by the real JID). It is often undesirable that this change is applied to the original stanza (that can be processed further), as such changes can leak the privacy-sensitive real address of the recipient.
This commit creates defensive copies of the stanza that is being sent, to prevent leaking the real address of the recipient.- xmppserver/src/main/java/org/jivesoftware/openfire/muc/HistoryRequest.java (version 931ed89ac7342448eb807c45448b50af8c52c8ae)
- xmppserver/src/main/java/org/jivesoftware/openfire/muc/MUCRole.java (version 931ed89ac7342448eb807c45448b50af8c52c8ae)
- xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/IQMUCvCardHandler.java (version 931ed89ac7342448eb807c45448b50af8c52c8ae)
- xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/LocalMUCRoom.java (version 931ed89ac7342448eb807c45448b50af8c52c8ae)
- xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/MultiUserChatServiceImpl.java (version 931ed89ac7342448eb807c45448b50af8c52c8ae)