Presence <show/>

Secure BOSH listener fails to start because certificates are not correctly recognized

Connection Manager should use the updated BOSH code

Use stronger RSA encryption algorithm

Log stacktrace of exception while initializing SSLConfig

LdapGroups assume all members never in AltBaseDN

Testing

Fix In-Band Registration

Fix cross-site scripting attacks in several pages

fix bug within DefaultGroupProvider

Fix ClassCastException that prevents certificates from being imported

Flash cross domain handler (port 5229) should not spit crossdomain.xml immediately

Update MINA to latest version

Editing Profile Settings clears preconfigured data

sslEnabled in HttpBindManager always false at boot, causing httpbind not to start

Openfire is not properly handling the NULL bytes chars send by a XMLSocket Flash client

Fix leaking of threads in PEP code

AdminManager doesn't handle JIDs properly.

AdHoc command AuthenticateUser requires 'username' field, but uses 'accountjid'

AdHoc command AuthenticateUser should work if the UserProvider is readonly.

Authentication bypass allowing arbitrary code execution

CallLogDAO in SIP Plugin enables SQL Injection

LoginLimitManager checks user connection limit against wrong setting

Another Group Sharing Option

Allow JDBC providers to use connections from the DB pool instead of opening new ones

Non-Sasl authentication shouldn't allow for spaces post- or prepending the provided form data.

patch: JDBC providers using the main Openfire database connection pool

In Chat Room, the count of users between nodes is different. Node running room shows correct value, remote nodes show incorrect values.

legacy muc-room-occupants..jsp link in Monitor Plugin

NullPointerException while logging in sometimes

Add an option to share all LDAP groups by default

IQ packet without 'id' attribute causes connection drop

NPE on admin console login when nothing is provided

fix tablename for ofMucaffiliation

User permissions by LDAP group in Group Chat

Internal cache of JID class does not use a LRU based eviction policy.

JID class cache should not use one single mutex to synchronize all access on.

LocaleUtils should serve plugins better.

Add support for validating certificates of BOSH clients

Impove cmanagerd to support status and stop parameters

Delete offline presence information when removing user account

BOSH terminate, pause and xmpp:restart requests are considered polling

Packets sent from entities hosted by components to connected but not-available users are not being routed

Stream Initiation cannot be used with anything but file transfer

Openfire does not respond to xmpp:restart (BOSH) correctly

Update URL that checks the feed for new releases

Prevent empty-bodied messages from being stored in the offline message store.

Use server dialback over TLS when using self-signed certificates

vCard mappings incomplete during setup