Build #2,118

Plan branch:
Verifies the integrety of the projects, as builds are executed immediately after a code change was detected. This plan provides no artifiacts (use a nightly build instead).

Build: #2118 was successful Changes by daryl herzmann <akrherz@iastate.edu>

Code commits

Openfire (master)

  • daryl herzmann <akrherz@iastate.edu>

    daryl herzmann <akrherz@iastate.edu> fc3eceb013fb08d60466beea014b3976058d14d1

    Merge pull request #1809 from guusdk/OF-2206_BOSH-send-terminate-on-close
    OF-2206: When closing BOSH session, send 'terminate'

  • daryl herzmann <akrherz@iastate.edu>

    daryl herzmann <akrherz@iastate.edu> f3a293dea1e2b1c684e1b780655a8f0174801724

    Merge pull request #1821 from guusdk/OF-2212_Reload-certs-admin-console
    OF-2212: Allow admin console's cert to be auto-updated

  • daryl herzmann <akrherz@iastate.edu>

    daryl herzmann <akrherz@iastate.edu> a6f156a5893be407f64e2c1a2595a376b8d42080

    Merge pull request #1822 from Fishbowler/update_dependencies
    OF-2213: Update dependencies

  • snyk-bot <snyk-bot@snyk.io>

    snyk-bot <snyk-bot@snyk.io> 8d362194170fb0cdedeb93f4f5490c8f0db35faa m

    Upgrade Jetty from 9.4.35 to 9.4.39
    The following vulnerabilities are fixed with an upgrade:
    - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1090340

    • pom.xml (version 8d362194170fb0cdedeb93f4f5490c8f0db35faa)
  • snyk-bot <snyk-bot@snyk.io>

    snyk-bot <snyk-bot@snyk.io> 4ccebaf09fc4a9fa4ebc7c79ff31253e7b6331c6 m

    Upgrade apache commons-pool2 from 2.6.2 to 2.9.0

    • xmppserver/pom.xml (version 4ccebaf09fc4a9fa4ebc7c79ff31253e7b6331c6)
  • snyk-bot <snyk-bot@snyk.io>

    snyk-bot <snyk-bot@snyk.io> 7d3386d6d38b2bfc5d47cb125339b5c78139f28c m

    Upgrade rome from 1.12.0 to 1.15.0

    • xmppserver/pom.xml (version 7d3386d6d38b2bfc5d47cb125339b5c78139f28c)
  • Dan Caseley <dan@caseley.me.uk>

    Dan Caseley <dan@caseley.me.uk> 294c772f02f8cf6c5e98c1e04405e7910eb3cadc m

    Upgrade jaxb-runtime from 2.3.2 to 2.3.3
    Fixes issue in junit dependency https://nvd.nist.gov/vuln/detail/CVE-2020-15250

    • xmppserver/pom.xml (version 294c772f02f8cf6c5e98c1e04405e7910eb3cadc)
  • Dan Caseley <dan@caseley.me.uk>

    Dan Caseley <dan@caseley.me.uk> a3aa9b81df87a5d43f154fcce67725562062bc1c m

    Upgrade commons-codec from 1.12 to 1.15
    Fixes https://issues.apache.org/jira/browse/CODEC-134

    • xmppserver/pom.xml (version a3aa9b81df87a5d43f154fcce67725562062bc1c)
  • snyk-bot <snyk-bot@snyk.io>

    snyk-bot <snyk-bot@snyk.io> 5e7a9f037a53e6a66df59621c73b8804455b2bec m

    Upgrade mssql-jdbc from 7.2.2.jre8 to 7.4.1.jre8
    Snyk has created this PR to upgrade com.microsoft.sqlserver:mssql-jdbc from 7.2.2.jre8 to 7.4.1.jre8.

    See this package in Maven Repository:
    https://mvnrepository.com/artifact/com.microsoft.sqlserver/mssql-jdbc/

    See this project in Snyk:
    https://app.snyk.io/org/fishbowler/project/9c7cd3f2-28c6-4604-83cf-e35a98d3b409?utm_source=github&utm_medium=upgrade-pr

    • xmppserver/pom.xml (version 5e7a9f037a53e6a66df59621c73b8804455b2bec)
  • snyk-bot <snyk-bot@snyk.io>

    snyk-bot <snyk-bot@snyk.io> d380c03404d83b5dde1c61240e3e163e3fdef323 m

    Upgrade jsmpp from 2.3.7 to 2.3.10

    • xmppserver/pom.xml (version d380c03404d83b5dde1c61240e3e163e3fdef323)
  • Dan Caseley <dan@caseley.me.uk>

    Dan Caseley <dan@caseley.me.uk> 7dee7bf42af0ac07069273d2d3b36759c588302c m

    Upgrade postgresql from 42.2.14 to 42.2.19

    • xmppserver/pom.xml (version 7dee7bf42af0ac07069273d2d3b36759c588302c)
  • Guus der Kinderen

    Guus der Kinderen ca5c19fbcd312024c17b8abf8849de4bacfc4c78 m

    OF-2212: Allow admin console's cert to be auto-updated
    Openfire detects changes to its keystores, and reloads the various services that use them. This, for example, allows the CertificateManager plugin to update Openfire's security certificates dynamically.

    One element that does not automatically get updated after keystore changes is the webserver that is serving the admin console (which also can serve other web content). This is a conscious choice, as the admin console can be used to update the keystores. It would be very undesirable to have the admin user be logged out as a result of applying a change to the keystores. To work around this issue, the admin console remains unchanged when a keystore change is detected (although a warning will be displayed, telling an admin to restart things).

    This commit ensures that the admin console is automatically updated when certificate changes are detected, unless that change happened through the admin console, by briefly pausing the auto-updating feature.

    • xmppserver/src/main/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java (version ca5c19fbcd312024c17b8abf8849de4bacfc4c78)
    • xmppserver/src/main/webapp/import-keystore-certificate.jsp (version ca5c19fbcd312024c17b8abf8849de4bacfc4c78)
    • xmppserver/src/main/webapp/security-keystore-signing-request.jsp (version ca5c19fbcd312024c17b8abf8849de4bacfc4c78)
    • xmppserver/src/main/webapp/security-keystore.jsp (version ca5c19fbcd312024c17b8abf8849de4bacfc4c78)
  • Guus der Kinderen

    Guus der Kinderen b3aab0641df8c5c44bdb0ef33951d0b321b696ce m

    OF-2206: When closing BOSH session, send 'terminate'
    When a BOSH session gets terminated, the client should be told that not only the request is 'done' (eg: gets responded to) but also the session that the connection is part of is terminated. Without this, there is no way for the client to determine that this is the case, other than receiving an error on the next request where the client attempts to re-use the session (sends a request with the old SID value).

    • xmppserver/src/main/java/org/jivesoftware/openfire/http/HttpSession.java (version b3aab0641df8c5c44bdb0ef33951d0b321b696ce)