Implement XEP-0030's security considerations

Description

XEP-0030 Service Discovery (section 8) contains a few security considerations that Openfire must implement. These apply mostly to scenario’s where requests are sent to bare JIDs of entities that do not exist, or to which the requester has no subscription.

Note that the XEP-0030 definition of how to handle a ‘user does not exist’ scenario in context of disco#items processing seems to contradict RFC 6121 8.5.1. "No Such User" (as implemented via OF-880). For disco#items handling, Openfire should follow the XEP, not the RFC, as the XEP is more specific standard of the affected functionality.

Environment

None

Linked issues

relates to

OF-880

Server MUST return <service-unavailable/> for IQ requests to unknown user. (RFC 6120 10.5.3.1.)

Activity

Show:

Fixed

Details
Assignee
Guus der Kinderen
Reporter
Guus der Kinderen
Components
Fix versions
4.8.2
Priority
Critical

Created May 9, 2024 at 7:00 PM

Updated June 28, 2024 at 2:38 PM

Resolved June 28, 2024 at 2:38 PM

Implement XEP-0030's security considerations

Description

Environment

Linked issues

relates to

Activity

DetailsAssigneeGuus der KinderenGuus der KinderenReporterGuus der KinderenGuus der KinderenComponentsFix versions4.8.2PriorityCritical

Details

Assignee

Reporter

Components

Fix versions

Priority

Details
Assignee
Guus der Kinderen
Reporter
Guus der Kinderen
Components
Fix versions
4.8.2
Priority
Critical