XML properties can be set in Openfire which contain XML entities. Since these entities are not escaped Openfire chokes when attempting to load them again from the XML file. Logic should be added to XMLProperties in order to escape and unescape XML entities from property values and not allow them in property keys, by throwing an exception.
Set a property contained in the Openfire.xml file through the API with a value that contains an xml entity such as &
Load this property back from the API, after restarting Openfire, and ensure an exception isn't thrown.
This issue supersedes the & in the admin password for LDAP.