Openfire (master)

• 

  Guus der Kinderen 21 Jun 2022 f0da4c125f1c1281a2b97fbf0aff0b287852295f

  Minor updates to javadoc, style and annotations of OccupantManager.

  • xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/OccupantManager.java (version f0da4c125f1c1281a2b97fbf0aff0b287852295f)
• 

  Guus der Kinderen 21 Jun 2022 1aba54c4cfdc9dbaffb327ae68028a865853fa90

  OF-2421: Make OccupantManager thread safe
  Access to the internal state of OccupantManager is now protected by a read/write lock, to help prevent concurrent access / modifications.

  • xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/OccupantManager.java (version 1aba54c4cfdc9dbaffb327ae68028a865853fa90)
• 

  Guus der Kinderen 15 Jun 2022 3ffc1bd11b00f849742796c261687eda0c4ca2e8

  Update install-guide.html
  Fix incorrect XML tags in example.

  • documentation/install-guide.html (version 3ffc1bd11b00f849742796c261687eda0c4ca2e8)
• 

  daryl herzmann <akrherz@iastate.edu> 29 Apr 2022 d9c6615ba94359de48cba783380fa7cd6b3bba5e

  Merge pull request #2041 from guusdk/OF-2431_OF-2432_MUC-member-lists
  OF-2431 & OF-2432: Member list of MUC rooms
• 

  daryl herzmann <akrherz@iastate.edu> 29 Apr 2022 dfd773ea852c144a624ce8ac03a5923c2551d1b8

  Merge pull request #2038 from guusdk/OF-2428_MUC-occupant-vcard
  OF-2428: Allow MUC occupants to request each-other's VCards
• 

  daryl herzmann <akrherz@iastate.edu> 29 Apr 2022 0d9ba118466ef64d366c1f896bfd245e5b4ee8ff

  Merge pull request #2031 from guusdk/OF-2418_Phase-out-scriptaculous
  OF-2418: phase out scriptaculous
• 

  daryl herzmann <akrherz@iastate.edu> 29 Apr 2022 6ffe45bb944461470ecf0f33ce35ba3cc8c64d96

  Merge pull request #2030 from guusdk/lgtm_null-checks-hybridauthprovider
  LGTM: prevent possible null-references
• 

  daryl herzmann <akrherz@iastate.edu> 29 Apr 2022 c89f6948ae53693d9f2d1a0c53ff0b61ec93a5e1

  Merge pull request #2026 from guusdk/OF-2413_stream-error-when-closing
  OF-2414: Where appropriate, send a stream error before closing a stream.
• 

  daryl herzmann <akrherz@iastate.edu> 29 Apr 2022 f135ba8cc63318c879b5d6119e68744a356aea71

  Merge pull request #2024 from guusdk/LGTM-suppress-favicon-ssrf-OF-1885
  LGTM: ignore ssrf result when obtaining favicon
• 

  daryl herzmann <akrherz@iastate.edu> 29 Apr 2022 c9666f35fcfd61075ec60fe178122c690c952e14

  Merge pull request #2010 from guusdk/OF-2404_auto-reply-subscription
  OF-2404 / OF-38: Inbound presence 'subscribe' for preexisting contact MUST be auto-responded
• 

  daryl herzmann <akrherz@iastate.edu> 29 Apr 2022 1f61e9efafc471cd547461ff30e9d199a87e2b77

  Merge pull request #2008 from guusdk/OF-2401_pubsub-change-parent
  OF-2401: Pubsub change parent fix
• 

  daryl herzmann <akrherz@iastate.edu> 29 Apr 2022 2522616cd172661b8628dd7cd357f3dec2759f2b

  Merge pull request #2028 from guusdk/OF-2416_PEP-enable-property-dynamic
  OF-2416: Make xmpp.pep.enabled dynamic
• 

  daryl herzmann <akrherz@iastate.edu> 21 Apr 2022 e6e57ce437540cd66e395f79c5418c33e7c9c3e6

  Merge pull request #2042 from akrherz/master2main
  update master git branch to main
• 

  akrherz <akrherz@iastate.edu> 20 Apr 2022 1b3a400326a80f21b782448c476ba9210a89d6af

  update master git branch to main

  • .github/workflows/continuous-integration-workflow.yml (version 1b3a400326a80f21b782448c476ba9210a89d6af)
  • .github/workflows/database-upgrades.yml (version 1b3a400326a80f21b782448c476ba9210a89d6af)
  • README.md (version 1b3a400326a80f21b782448c476ba9210a89d6af)
  • documentation/docker.html (version 1b3a400326a80f21b782448c476ba9210a89d6af)
  • documentation/plugin-dev-guide.html (version 1b3a400326a80f21b782448c476ba9210a89d6af)
  • documentation/working-with-openfire.html (version 1b3a400326a80f21b782448c476ba9210a89d6af)
  • pom.xml (version 1b3a400326a80f21b782448c476ba9210a89d6af)
• 

  Guus der Kinderen 12 Apr 2022 2d6b2b344c75c79c99fa9f1a6f3081c67981b5c3 m

  OF-2432: Allow members to retrieve member-list of member-only room.
  Strictly speaking, all occupants should be allowed. As occupants of a member-only room must be either admin, owner or member, checking for these roles should be sufficient.

  • xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/IQAdminHandler.java (version 2d6b2b344c75c79c99fa9f1a6f3081c67981b5c3)
• 

  Guus der Kinderen 12 Apr 2022 796fa67426d444d3bdee15a3adb6b52a292d07e7 m

  OF-2431: Restrict member-list retrieval of member-only (not open) rooms.

  • xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/IQAdminHandler.java (version 796fa67426d444d3bdee15a3adb6b52a292d07e7)
• 

  Guus der Kinderen 06 Apr 2022 189351c7981365b6cdf86e500601e15ff38c2e2b m

  OF-2428: Allow MUC occupants to request each-other's VCards
  This implements a hack that redirects IQ requests from one MUC occupant to another to the bare JID of the occupant, rather than the full JID. This allows the home server of the occupant (rather than its client) to process the request. This is in-line with how XEP-0054 defines how VCards should be requested.

  • xmppserver/src/main/java/org/jivesoftware/openfire/muc/MUCRoom.java (version 189351c7981365b6cdf86e500601e15ff38c2e2b)
  • xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/MultiUserChatServiceImpl.java (version 189351c7981365b6cdf86e500601e15ff38c2e2b)
• 

  Guus der Kinderen 17 Mar 2022 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712 m

  OF-2418: Remove Scriptaculous javascript libraries
  This removes all Scriptaculous javascript libraries. Previous commits have replaced their usage.
  
  The libraries removed here were hardly used, very old, and caused alarms in static analysis tools.

  • xmppserver/src/main/webapp/decorators/main.jsp (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
  • xmppserver/src/main/webapp/decorators/setup.jsp (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
  • xmppserver/src/main/webapp/js/builder.js (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
  • xmppserver/src/main/webapp/js/controls.js (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
  • xmppserver/src/main/webapp/js/dragdrop.js (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
  • xmppserver/src/main/webapp/js/effects.js (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
  • xmppserver/src/main/webapp/js/prototype.js (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
  • xmppserver/src/main/webapp/js/scriptaculous.js (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
  • xmppserver/src/main/webapp/js/slider.js (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
  • xmppserver/src/main/webapp/js/unittest.js (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
  • xmppserver/src/main/webapp/ldap-group.jsp (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
  • xmppserver/src/main/webapp/ldap-server.jsp (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
  • xmppserver/src/main/webapp/ldap-user.jsp (version 9e8dd94fcd04c0a8179f61a24bca42c3c9d37712)
• 

  Guus der Kinderen 17 Mar 2022 d0cce4fa5896a182021bab5da426be98191b9b9c m

  OF-2418: Do not use scriptaculous to fade out elements
  This replaces a fade-out effect provided by scriptaculous on the plugin download page, with a small bit of javascript that doesn't depend on any library.
  
  A small functional change was introduced: an error message now no longer fades out. This prevents end-users from missing an error when they weren't paying close attention.

  • xmppserver/src/main/webapp/available-plugins.jsp (version d0cce4fa5896a182021bab5da426be98191b9b9c)
• 

  Guus der Kinderen 17 Mar 2022 f812a3ad90f14896eaa552d6be62ccc415181dfa m

  OF-2418: Update implemenation of /js/setup.js to not use Scriptaculous
  The /js/setup.js file contains one function. Its purpose is to toggle the visibility of a HTML panel.
  
  This commit updates the implementation in a way that is backwards compatible, but no longer depends on other Javascript libraries.

  • xmppserver/src/main/webapp/js/setup.js (version f812a3ad90f14896eaa552d6be62ccc415181dfa)
• 

  Guus der Kinderen 16 Mar 2022 e92ed46f040457d4f757156a6f50f73b87f42c9f m

  LGTM: prevent possible null-references

  • xmppserver/src/main/java/org/jivesoftware/openfire/auth/HybridAuthProvider.java (version e92ed46f040457d4f757156a6f50f73b87f42c9f)
• 

  Guus der Kinderen 15 Mar 2022 3ef0a6f7ddf7873e8556494e9204c870667bbf33 m

  OF-2416: Make xmpp.pep.enabled dynamic

  • i18n/src/main/resources/openfire_i18n.properties (version 3ef0a6f7ddf7873e8556494e9204c870667bbf33)
  • i18n/src/main/resources/openfire_i18n_nl.properties (version 3ef0a6f7ddf7873e8556494e9204c870667bbf33)
  • xmppserver/src/main/java/org/jivesoftware/openfire/pep/IQPEPHandler.java (version 3ef0a6f7ddf7873e8556494e9204c870667bbf33)
• 

  Guus der Kinderen 07 Mar 2022 257806e4ce061462de782d69fe5afeabdcdc9264 m

  OF-2414: Where appropriate, send a stream error before closing a stream.
  When a stream is being closed, it's often helpful to signal why this happens, especially when the stream is closed due to an error.
  
  This commit adds stream errors in various places where such context is desirable.
  
  The API to close a connection has been modified to be able to include an optional stream error. This replaces an older structure where a stream error is first sent manually, followed by a call to the 'close' API. With this change, only one attempt to send data is made instead of two (one for the stream error, and another one for the end-stream tag).

  • xmppserver/src/main/java/org/jivesoftware/openfire/Connection.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/http/HttpSession.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/multiplex/ClientSessionConnection.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/net/ServerSocketReader.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/net/SocketConnection.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/net/SocketReader.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/net/SocketReadingMode.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/net/StanzaHandler.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/net/VirtualConnection.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/nio/ConnectionHandler.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/nio/NIOConnection.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalClientSession.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalComponentSession.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalConnectionMultiplexerSession.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalIncomingServerSession.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalOutgoingServerSession.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalSession.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/streammanagement/StreamManager.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/websocket/WebSocketConnection.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
  • xmppserver/src/main/java/org/jivesoftware/openfire/websocket/XmppWebSocket.java (version 257806e4ce061462de782d69fe5afeabdcdc9264)
• 

  Guus der Kinderen 06 Mar 2022 7275bd696e2e4f43cfff02ff18271d41bb64d36e m

  OF-1885: Validate user-provided input before using it to perform HTTP request
  This commit ensures that the user-provided 'host' value is a valid hostname, before we start using it. This should further reduce SSRF opportunities.

  • xmppserver/src/main/java/org/jivesoftware/util/FaviconServlet.java (version 7275bd696e2e4f43cfff02ff18271d41bb64d36e)
• 

  Guus der Kinderen 06 Mar 2022 7e6da62dd799e3795c331775373aad7bd9fe3eeb m

  LGTM: ignore ssrf result when obtaining favicon
  LGTM static analysis spot that we obtain a favicon from user-provided input (a hostname). In OF-1885, we've addressed this by asserting that the entity that is retrieved is valid. This LGTM warning can be ignored here.

  • xmppserver/src/main/java/org/jivesoftware/util/FaviconServlet.java (version 7e6da62dd799e3795c331775373aad7bd9fe3eeb)
• 

  Guus der Kinderen 06 Mar 2022 059d1a47aac2d3692aaaaee515be753c2042cdba m

  OF-2404 / OF-38: Inbound presence 'subscribe' for preexisting contact MUST be auto-responded
  RFC 6121 section 3.1.3 mandates that when processing an inbound presence subscription request, if the contact exists and the user already has a subscription to the contact's presence, then the contact's server MUST auto-reply on behalf of the contact by sending a presence stanza of type "subscribed"
  
  Openfire currently does not do this. This behavior was removed as part of OF-38, to prevent a loop of presence stanzas that occur when an RFC3921-style client acknowledges receipt of a ‘subscribed’ presence stanza by sending a ‘subscribe’ stanza.
  
  This commit changes the fix for OF-38 by moving the supression of the stanza to code that processes the acknowledging 'subscribe'. It was previously handled in context of the intended recipient receiving it. It now is processed in context of the originator sending it off. With that change, the code that processes subscription requests in context of the recipient can again auto-respond to a stanza.
  
  In case this change does cause issues, the auto-replying mechanism can be disabled by setting a new property named 'xmpp.presence.suppress-subscribe-autoreply' to 'true'

  • xmppserver/src/main/java/org/jivesoftware/openfire/handler/PresenceSubscribeHandler.java (version 059d1a47aac2d3692aaaaee515be753c2042cdba)
• 

  Guus der Kinderen 02 Mar 2022 7a1fa55c2caf1a0bfb4d81a9133a3e2519552962 m

  OF-2401: When changing the parent of a Pubsub node, update the parent identifier

  • xmppserver/src/main/java/org/jivesoftware/openfire/pubsub/Node.java (version 7a1fa55c2caf1a0bfb4d81a9133a3e2519552962)
• 

  Guus der Kinderen 02 Mar 2022 92c5a3f3a08aab0c3e31931bba012215675c257a m

  Add FIXME comment for OF-2402

  • xmppserver/src/main/java/org/jivesoftware/openfire/pubsub/Node.java (version 92c5a3f3a08aab0c3e31931bba012215675c257a)