Build #2,919

Plan branch:

Build: #2919 was successful

Job: RPM Workflow was successful

Stages & jobs

  1. Build and Package

Code commits

Openfire (master)

  • Guus der Kinderen

    Guus der Kinderen 8644f4de8cfaef3c626bb6c9e424f12ef3dbe759

    OF-3260: Support RFC 7239 Forwarded header for proxied client IP resolution
    Add support for the standardized HTTP `Forwarded` header (RFC 7239) alongside existing `X-Forwarded-*` handling in proxied deployments.

    Extended proxy connector configuration in both BOSH and Admin Console to include a configurable `Forwarded` header name.

    Updated admin pages to expose and persist the RFC-compliant header setting (`FHeader`) in addition to legacy header settings.

    • i18n/src/main/resources/openfire_i18n.properties (version 8644f4de8cfaef3c626bb6c9e424f12ef3dbe759)
    • xmppserver/src/main/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java (version 8644f4de8cfaef3c626bb6c9e424f12ef3dbe759)
    • xmppserver/src/main/java/org/jivesoftware/openfire/http/HttpBindManager.java (version 8644f4de8cfaef3c626bb6c9e424f12ef3dbe759)
    • xmppserver/src/main/webapp/http-bind.jsp (version 8644f4de8cfaef3c626bb6c9e424f12ef3dbe759)
    • xmppserver/src/main/webapp/system-admin-console-access.jsp (version 8644f4de8cfaef3c626bb6c9e424f12ef3dbe759)
  • Guus der Kinderen

    Guus der Kinderen 01a4e5ab740951a861cd576740a3a6de3fdb08e8

    (code review) Use consistent names for i18n properties

    • i18n/src/main/resources/openfire_i18n.properties (version 01a4e5ab740951a861cd576740a3a6de3fdb08e8)
    • xmppserver/src/main/webapp/http-bind.jsp (version 01a4e5ab740951a861cd576740a3a6de3fdb08e8)
  • Guus der Kinderen

    Guus der Kinderen 04a773e3c7da10b1a2324e32b1b0754f1da46b6d

    (code review) Improve audit logged messages
    Log the value obtained from the property, rather than whatever was provided by the end-user. In 99% of the times, this should be equal, but the property itself should always be right.

    • xmppserver/src/main/webapp/system-admin-console-access.jsp (version 04a773e3c7da10b1a2324e32b1b0754f1da46b6d)
  • Guus der Kinderen

    Guus der Kinderen ec8f7065790c6fd0001f8907ba9d6d8929e77a88

    (review feedback): Change name used in property change listener
    The old value was clearly copy/pasted from another listener, referencing the purpose of that property. Although the values aren't used, their names should either be ambiguous, or reference the correct functionality. This helps avoid confusion.

    • xmppserver/src/main/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java (version ec8f7065790c6fd0001f8907ba9d6d8929e77a88)
  • Guus der Kinderen

    Guus der Kinderen 0f97a7b5aa2f2adcc5c615af797f2f066d0a731a

    OF-3261 (code review): improve errors shown when invalid values are provided

    • i18n/src/main/resources/openfire_i18n.properties (version 0f97a7b5aa2f2adcc5c615af797f2f066d0a731a)
    • xmppserver/src/main/webapp/http-bind.jsp (version 0f97a7b5aa2f2adcc5c615af797f2f066d0a731a)
    • xmppserver/src/main/webapp/system-admin-console-access.jsp (version 0f97a7b5aa2f2adcc5c615af797f2f066d0a731a)
  • Guus der Kinderen

    Guus der Kinderen d645fa41d51d324f05de494843bda426c9c894f4

    OF-3261: Addressing minor code review feedback
    - Changed package name to reflect that the code relates to Jetty (not Netty)
    - Switch to IpUtils-provided API that ignores zone/scope parts in IPv6 addresses
    - Use default capacity of new sets
    - Fixes javadoc

    • xmppserver/src/main/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java (version d645fa41d51d324f05de494843bda426c9c894f4)
    • xmppserver/src/main/java/org/jivesoftware/openfire/http/HttpBindManager.java (version d645fa41d51d324f05de494843bda426c9c894f4)
    • xmppserver/src/main/java/org/jivesoftware/util/jetty/TrustedForwardedRequestCustomizer.java (version d645fa41d51d324f05de494843bda426c9c894f4)
    • xmppserver/src/main/webapp/http-bind.jsp (version d645fa41d51d324f05de494843bda426c9c894f4)
    • xmppserver/src/main/webapp/system-admin-console-access.jsp (version d645fa41d51d324f05de494843bda426c9c894f4)
    • xmppserver/src/test/java/org/jivesoftware/util/jetty/TrustedForwardedRequestCustomizerTest.java (version d645fa41d51d324f05de494843bda426c9c894f4)
  • Guus der Kinderen

    Guus der Kinderen 68ebbe69bf0fcb74499ee9c4b62eb51143e68065

    OF-3261 (code review): Prevent nondeterministic order of stored trusted proxies

    • xmppserver/src/main/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java (version 68ebbe69bf0fcb74499ee9c4b62eb51143e68065)
    • xmppserver/src/main/java/org/jivesoftware/openfire/http/HttpBindManager.java (version 68ebbe69bf0fcb74499ee9c4b62eb51143e68065)
  • Guus der Kinderen

    Guus der Kinderen 44adcf2227b3ff3845eb4ac8eed40b1669901580

    OF-3261 (code review): Prevent persisting changes when errors are detected

    • xmppserver/src/main/webapp/http-bind.jsp (version 44adcf2227b3ff3845eb4ac8eed40b1669901580)
  • Guus der Kinderen

    Guus der Kinderen 5e152d9031f8b6f4e72f023d5c5a19d27f7ab78c

    OF-3261: Allow reverse proxies to be verified
    Before trusting remote-peer provided HTTP headers like `Forwarded` and `X-Forwarded-For`, the source of these headers should be validated. This prevents malicious clients from setting this header themselves.

    This commit introduces a wrapper for Jetty's ForwarededRequestCustomizer (which replaces the reported IP address of the remote peer with a value from the HTTP headers). When Openfire is now configured with a non-empty set of trusted proxies, such replacement only occurs when the remote peer is one of the trusted proxies.

    This functionality has been added to the Admin Console and webbinding implementations, using two distinct properties:
    - `adminConsole.forwarded.trusted.proxies`
    - `httpbind.forwarded.trusted.proxies`

    Valid values are IP addresses (IPv4 and IPv6) and ranges.

    The admin console has been modified to allow for configuration of these values through the pages where related functionality was already provided.

    A small CSS tweak was introduced: Openfire's setup had an implementation where a question-mark icon can be used to provide a tooltip help text. That has now been moved from 'setup' to 'global', so that it can be used both during setup, but also in the admin console itself (after setup has finished).

    • i18n/src/main/resources/openfire_i18n.properties (version 5e152d9031f8b6f4e72f023d5c5a19d27f7ab78c)
    • xmppserver/src/main/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java (version 5e152d9031f8b6f4e72f023d5c5a19d27f7ab78c)
    • xmppserver/src/main/java/org/jivesoftware/openfire/http/HttpBindManager.java (version 5e152d9031f8b6f4e72f023d5c5a19d27f7ab78c)
    • xmppserver/src/main/java/org/jivesoftware/util/netty/TrustedForwardedRequestCustomizer.java (version 5e152d9031f8b6f4e72f023d5c5a19d27f7ab78c)
    • xmppserver/src/main/webapp/http-bind.jsp (version 5e152d9031f8b6f4e72f023d5c5a19d27f7ab78c)
    • xmppserver/src/main/webapp/style/global.css (version 5e152d9031f8b6f4e72f023d5c5a19d27f7ab78c)
    • xmppserver/src/main/webapp/style/ldap.css (version 5e152d9031f8b6f4e72f023d5c5a19d27f7ab78c)
    • xmppserver/src/main/webapp/style/setup.css (version 5e152d9031f8b6f4e72f023d5c5a19d27f7ab78c)
    • xmppserver/src/main/webapp/system-admin-console-access.jsp (version 5e152d9031f8b6f4e72f023d5c5a19d27f7ab78c)
    • xmppserver/src/test/java/org/jivesoftware/util/netty/TrustedForwardedRequestCustomizerTest.java (version 5e152d9031f8b6f4e72f023d5c5a19d27f7ab78c)