Openfire (master)

• 

  Guus der Kinderen 13 Nov 2023 0593f9fe76d29e4ff7712f7d7586fb5d7b076851

  OF-2728: Phase out Rome
  The admin console shows a bit of RSS data. The RSS functionality that we use is very limited. Instead of using a full-fledged RSS parser (that historically has triggered a lot of static analysis warnings), we might as well roll our own implementation, based on all of the XML parsing implementation that we already have for XMPP parsing.

  • .dependency-check-suppressions.xml (version 0593f9fe76d29e4ff7712f7d7586fb5d7b076851)
  • xmppserver/pom.xml (version 0593f9fe76d29e4ff7712f7d7586fb5d7b076851)
  • xmppserver/src/main/java/org/jivesoftware/admin/servlet/BlogPostServlet.java (version 0593f9fe76d29e4ff7712f7d7586fb5d7b076851)
  • xmppserver/src/main/webapp/index.jsp (version 0593f9fe76d29e4ff7712f7d7586fb5d7b076851)
  • xmppserver/src/test/java/org/jivesoftware/admin/servlet/BlogPostServletTest.java (version 0593f9fe76d29e4ff7712f7d7586fb5d7b076851)
  • xmppserver/src/test/resources/rss/ignite-blog.rss (version 0593f9fe76d29e4ff7712f7d7586fb5d7b076851)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 2c850678e077c693d1ed374ed8f45d5369057b59

  OF-2727: Update mysql-connector-j from 8.0.32 to 8.2.0

  • xmppserver/pom.xml (version 2c850678e077c693d1ed374ed8f45d5369057b59)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 205c48ef4bd7986cfa3850adbbf451964720baca

  OF-2725: Suppress CVE related to to Tomcat clustering

  • .dependency-check-suppressions.xml (version 205c48ef4bd7986cfa3850adbbf451964720baca)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 5ef0928d22cd6689a3b6a45e72a8bc4aaad7399b

  OF-2725: Add suppression for a false positive CVE for Jetty

  • .dependency-check-suppressions.xml (version 5ef0928d22cd6689a3b6a45e72a8bc4aaad7399b)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 9d058644f83900034aff07b94783223f1ade5dfe

  OF-2725: Add a suppression for a retracted CVE for dom4j

  • .dependency-check-suppressions.xml (version 9d058644f83900034aff07b94783223f1ade5dfe)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 4861be05dacd3625fbcdb774970c4dca4b681d67

  OF-2725: Suppress Rapid Reset false positive

  • .dependency-check-suppressions.xml (version 4861be05dacd3625fbcdb774970c4dca4b681d67)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 b120a9dd1aa6affc78cbbc878a6a6a8dfc466976

  OF-2725: Add suppression for false positives on jetty-servlet-api

  • .dependency-check-suppressions.xml (version b120a9dd1aa6affc78cbbc878a6a6a8dfc466976)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 ec713fc1cc65d0d57bfe433ec8c3fe79307b7818

  OF-2725: Suppress CVE related to ROOT webapp in Tomcat

  • .dependency-check-suppressions.xml (version ec713fc1cc65d0d57bfe433ec8c3fe79307b7818)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 4db3da6b128c2f55d43fd2d99b5e0a369819b286

  OF-2725: Suppress CVE related to Tomcat persisted sessions

  • .dependency-check-suppressions.xml (version 4db3da6b128c2f55d43fd2d99b5e0a369819b286)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 d71a8ce477d8b46bb6ecf9dc34c073b7839c3fd5

  OF-2726: Update dom4j from 2.1.3 to 2.1.4

  • xmppserver/pom.xml (version d71a8ce477d8b46bb6ecf9dc34c073b7839c3fd5)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 069a17dc81fa0e88c7cfe1594d35fc4a0a6d2d6f

  OF-2725: Add suppression for a default hostname validation check in Netty that Openfire doesn't use
  Hostname validation is implemented separately in Openfire
  https://github.com/igniterealtime/Openfire/blob/7a53b23e565cdf06a541af82560a6c49d6c9d2ae/xmppserver/src/main/java/org/jivesoftware/openfire/net/SASLAuthentication.java#L485-L497
  https://github.com/igniterealtime/Openfire/blob/7a53b23e565cdf06a541af82560a6c49d6c9d2ae/xmppserver/src/main/java/org/jivesoftware/openfire/nio/NettyOutboundConnectionHandler.java#L120-L126

  • .dependency-check-suppressions.xml (version 069a17dc81fa0e88c7cfe1594d35fc4a0a6d2d6f)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 4e7d86613ad71a6c4945b041460c5b2b35594447

  OF-2727: Update the tests to mysql-connector-j too

  • build/ci/updater/pom.xml (version 4e7d86613ad71a6c4945b041460c5b2b35594447)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 48cd011ddcf5a8e5d746d0dcfca438de2f8ce7b3

  OF-2725: Update dependency-check to 8.4.2

  • pom.xml (version 48cd011ddcf5a8e5d746d0dcfca438de2f8ce7b3)
• 

  Dan Caseley <dan@caseley.me.uk> 13 Nov 2023 cfd2afce80385ce613a2314d7cd53412d1c5183a

  OF-2725: Suppress CVE related to a Tomcat shipped example app

  • .dependency-check-suppressions.xml (version cfd2afce80385ce613a2314d7cd53412d1c5183a)
• 

  Guus der Kinderen 13 Nov 2023 7a53b23e565cdf06a541af82560a6c49d6c9d2ae

  OF-2724: Prevent non-fatal errors when compiling plugin JSPs against Openfire 4.8.0
  Disabling the 'scanManifest' option for the Jspc compiler should prevent illogical lookups by the compiler of JSP pages.

  • plugins/pom.xml (version 7a53b23e565cdf06a541af82560a6c49d6c9d2ae)
• 

  Guus der Kinderen 13 Nov 2023 1356cf2a9c5b08f4bc1187e6438b6db74cabb924

  OF-2668 / OF-2723: Allow plugins to be compiled against Openfire 4.8
  In this commit, a second artifact is produced from the xmppserver module. Apart from the prexisting 'jar' artifact, there now is a 'taglib' artifact.
  
  This taglib artifact is a jar file (that needs to go into our maven repository), that holds the Admin Console taglibs, in a spec-compliant directory structure.
  
  The plugin's parent pom-file is modified to be able to make use of this new artifact.
  
  With this, compilation of a plugin that defins the plugin parent pom as its parent succeeds (although an unhealty amount of errors is logged). The resulting admin console pages appear functional, at least in Openfire 4.8.

  • plugins/pom.xml (version 1356cf2a9c5b08f4bc1187e6438b6db74cabb924)
  • xmppserver/pom.xml (version 1356cf2a9c5b08f4bc1187e6438b6db74cabb924)
  • xmppserver/src/assembly/taglib.xml (version 1356cf2a9c5b08f4bc1187e6438b6db74cabb924)