Openfire releases

Improvement

• [OF-3156] - Improve error handling when MUC service creation fails in admin console
• [OF-3160] - Bump BouncyCastle.version from 1.78.1 to 1.83
• [OF-3164] - High CPU usage caused by exception-based control flow in UserManager.isRegisteredUser()
• [OF-3177] - Improve logging when TrustManager initialization fails (exception currently suppressed)
• [OF-3200] - Improve InMemoryPubSubPersistenceProvider.purgeNode() to target the service cache entry directly instead of scanning all entries

Task

• [OF-3161] - Upgrade Netty to 4.1.131 version
• [OF-3162] - Upgrade Apache commons-text from 1.10.0 to 1.15.0
• [OF-3178] - Update install4j to 12.0.2

Bug

• [OF-2637] - Admin Console -> Logs viewer. Selecting 'All' lines causes exception
• [OF-3132] - When obtaining user sessions for bare JID, not all sessions are returned
• [OF-3165] - Fix incorrect message in closeNeverEncryptedConnection method
• [OF-3175] - Openfire startup deadlocks during autosetup when encrypted XML properties are processed
• [OF-3197] - updateSubscription() sets wrong parameter index when deleting a subscription in state none, silently failing to delete the correct row
• [OF-3198] - LOAD_LAST_ITEMS_LIMIT query returns items in ascending order, causing incorrect results for non-SQL Server, non-Oracle databases
• [OF-3205] - always update lastPublished when same item is overwritten (XEP-0060 §7.1.2)

sha256sum values for release artifacts

c49add8f50999b2d7fcdd8960bc7d70bf59eb95d12daedf92902e4b034c1c737  openfire-5.0.4-1.noarch.rpm
14d22bef24fb01770f51c655c8b3b54207125b1b70641175d8ad25b585e6332a  openfire_5.0.4_all.deb
ddd40e0bac4c4fae0678b6df4fd5ad28f77af50fd530e3327326f3b488f16ae4  openfire_5_0_4.dmg
8c2fcb27f9afe01b79d59f7bf0736b21cdb72b5464de25a183b596329e351099  openfire_5_0_4.exe
01c7314268d87b1f8eee0677bb89656f12a082e6461b207d3955f5d9632e2f78  openfire_5_0_4.tar.gz
13b579672b2ce238934aa919cd968636c0f5c8afda5aeb3aec08d60feca35df4  openfire_5_0_4_x64.exe
05b9e5fa976202ef97d183177f6de699cf68bf0cfd422f721a4c8dc5676c1612  openfire_5_0_4.zip

Improvement

• [OF-3130] - Update PostgreSQL JDBC driver to 42.7.8
• [OF-3134] - Upgrade HSLQDB from 2.7.1 to 2.7.4
• [OF-3135] - Improve wording of TLS Auth setting
• [OF-3139] - Remove obsolete transport icons

Bug

• [OF-3127] - ConcurrentModificationException on room join
• [OF-3133] - Fix datatype of muc#register_faqentry field
• [OF-3144] - Upgrade sqlserver JDBC driver to 10.2.4
• [OF-3146] - Chat room count value is incorrect
• [OF-3147] - server_bytes_out statistic is not being populated
• [OF-3148] - Admin MUC affiliations are not persisted in ofMucAffiliation (lost after restart)
• [OF-3149] - IllegalStateException occurs when removing shared groups due to multiple Iterator.remove() calls for a single Iterator.next().
• [OF-3155] - Resource policy "Always kick" does not function correctly

sha256sum values

a08493cb19bef6dd2b51ebe88d4ffd121553e2e4473ddbecf94f5ff350e367aa  openfire-5.0.3-1.noarch.rpm
3dd1e9de84d6b177f3b890bea7d6cd88359698bd82c2e656d4b937a8ef7af96e  openfire_5.0.3_all.deb
b3674baa3ab53a1f61db8846c3cdd16ce211917c4df3cee2d4a46fbba265ea76  openfire_5_0_3.dmg
cfabc92ab9e473e71f42ec40533a5d4ae7a9c1dc5ebd060784ce434ae1ba6c12  openfire_5_0_3.exe
fb13bd4e0aff7bd6cc16d78e6f2c35d8b59a95e4f4f886d353265306f151ec45  openfire_5_0_3.tar.gz
dcad510a8a7fda677b07281d08ebb29017555944eeb41c98fb4f38c743a341c4  openfire_5_0_3_x64.exe
0ee9a0837e75b785a40653f78b94a900431067f8a9d2bac5104d2971c46a9779  openfire_5_0_3.zip

Improvement

• [OF-3104] - When a MUC room's config gets changed, send appropriate status code
• [OF-3107] - Synchronize launch scripts
• [OF-3110] - Guard against unexpectedly empty input
• [OF-3112] - Less strict with regards to whitespace in base64 encoding
• [OF-3114] - AdHoc 'end user session' command to report how many sessions were ended
• [OF-3116] - IQLastActivityHandler should ignore IQ responses
• [OF-3118] - Bump org.apache.commons:commons-lang3 from 3.9 to 3.18.0
• [OF-3123] - For client mutual authentication, prefer Subject Alternative Name for identities

New Feature

• [OF-3100] - Have PEP 'process' function return a future

Bug

• [OF-3106] - /etc/init.d/openfire: when JAVA\_HOME is empty it fails to detect the best java version
• [OF-3108] - Certificate update breaks functionality
• [OF-3109] - HSQLDB database viewer doesn't always start
• [OF-3113] - UserNotFoundException in PresenceSubscribeHandler
• [OF-3117] - Unit test failures when there's a space in the base path
• [OF-3124] - CVE-2025-59154 Potential identity spoofing via unsafe CN parsing

sha256sum values

4e907c615b3a19af0a1b5ab68ae24825b737496f9cf1715c9feafe8f909086da  openfire-5.0.2-1.noarch.rpm
21271a6f22895852e50712236c45c7d213430171d5a3178474b8398f036ac07a  openfire_5.0.2_all.deb
06794a12acdd8f23ca3c40fcd7af1677d8108b4b23bb72424c2751b30cfb3d14  openfire_5_0_2.dmg
c1e830b5e016d0bcff40005cc7bb14c846fe0ec26fc5a3fc967c30e5b6d2e356  openfire_5_0_2.exe
c84ca15cd470d3233add97c852c738eb373859dc9968ad34ec581725164c8114  openfire_5_0_2.tar.gz
98b5cf96326c668efb18cd9347b808a5ef85162b4a0b703aaf8e29d82cc6c727  openfire_5_0_2_x64.exe
8e09ca3dc7fb84b116ce95d10bfa3ff045708cdac4b23bd3d78ccf318e8742d8  openfire_5_0_2.zip

Improvement

• [OF-3095] - Do not warn about cache max lifetime settings with default values

Task

• [OF-3096] - Update bundled Search plugin

Bug

• [OF-3093] - Windows Launcher failure (missing images)
• [OF-3094] - Client-to-Server SASL EXTERNAL incorrectly queries for authzid
• [OF-3098] - Federated occupants get incorrectly identified as 'ghost'

sha256sum values

f3ce9c3ca91b357ca1bcea6623e9e083fe3193dc2084e1e09a72b6a82d467a9c  openfire-5.0.1-1.noarch.rpm
3cf96db06ed0bb2f0121ea7a76e44fd2c98a9c4e6239dda99a83039bcff4fa1e  openfire_5.0.1_all.deb
d2295fe212221cf3b0c0d93c24180526ec70bdaa1d46d1735d8bf5d21b4cf690  openfire_5_0_1.dmg
ad82c41c96ee0e16209b0c2d65f80d3b62ce58b76fdab7bd84435f25814b0c3f  openfire_5_0_1.exe
91ca2a3644463cf1e6c8150ad874963e8f50e5f85ff48fccd91a6d849c17b231  openfire_5_0_1.tar.gz
65e78936e051b52257f02f37f42271b358a7d1ab7775f9f4cf80837593887fb7  openfire_5_0_1_x64.exe
ce2e18ae1357d18938d709724718e32cce592575632640ad76c38a18d4dd793b  openfire_5_0_1.zip

Improvement

• [OF-2132] - Use CRL as provided by CA
• [OF-2134] - Restore and improve Certificate Revocation support
• [OF-2280] - Guard against S2S connection inconsistency in cluster
• [OF-2453] - Disable Connection Manager ports by default
• [OF-2785] - Add IPv6 support when evaluating Client Session IP addresses
• [OF-2786] - IPv6/IPv4 fallback
• [OF-2787] - Add IPv6-specific documentation
• [OF-2811] - Do not block Netty EventLoop threads
• [OF-2821] - Allow session-summary to display resource string
• [OF-2859] - Rename MUCRole
• [OF-2862] - Refactor 'role' and 'affiliation' related privileges
• [OF-2871] - Allow optional password for alternate venue when destroying room
• [OF-2876] - Rise minimal required JRE to 17
• [OF-2877] - Reproducible builds
• [OF-2889] - i18n properties: don't convert from UTF-8 to Latin1
• [OF-2892] - Available Plugins page: redesign to make Documentation easier to see
• [OF-2902] - Update commons-fileupload for transitive CVE
• [OF-2903] - Upgrade Sitemesh
• [OF-2914] - Reduce verbosity of TLS issues
• [OF-2919] - Don't let XMPP-decoder decode TLS's End-of-Transmission
• [OF-2924] - Reduce duplicate code in Multi-providers
• [OF-2926] - Add documented configuration options for LdapAuthProvider's cache
• [OF-2927] - Allow LDAP alternateBaseDN to be configured in admin console
• [OF-2928] - Improve parallel execution of multi-providers
• [OF-2939] - Show plugin warning on index page
• [OF-2940] - Run all plugin database update scripts
• [OF-2942] - S2S outbound can give up faster when encryption and/or auth mechanisms are exhausted
• [OF-2945] - Suppress warning during JSPC precompilation
• [OF-2950] - RemoteSessionLocator should ignore local node
• [OF-2951] - Faster log-in \(with federated contacts\)
• [OF-2955] - Update PostgreSQL JDBC driver to 42.7.7
• [OF-2958] - Bump up timeout for MUC non-responsiveness check
• [OF-2967] - Remove newline before presence in ClientSession toString
• [OF-3027] - Give parent eventloop threads a recognizable name
• [OF-3028] - Netty threads from 'child' eventloop should use Netty-default settings
• [OF-3030] - "Setting locale to X" isn't a warning
• [OF-3033] - Modify Stream Management to account for short-lived background apps
• [OF-3034] - Stream Management optional close shouldn't log error
• [OF-3035] - Failure to get address from detached session over cluster shouldn't log an error
• [OF-3036] - Improve log messages when unable to connect to a remote host that is unreachable
• [OF-3038] - Reduce verbosity of Socket Connection reset log messages \(c2s only\)
• [OF-3048] - Load time of session-summary admin page in a cluster
• [OF-3052] - Consistently use pagination for ad-hoc commands
• [OF-3055] - When removing XML elements, don't expect there to be only one.
• [OF-3056] - Reduce reliance on RoutingTable when processing directed presence
• [OF-3059] - Deprecate concept of 'anonymous route'
• [OF-3061] - Improve DB query to get last pubsub items
• [OF-3062] - Ignore unexpected 'subscription' values in Roster Set
• [OF-3063] - CAPS calculation debug info
• [OF-3065] - Allow Connection Manager DirectTLS endpoint configuration
• [OF-3067] - Bump up xmpp.server.outgoing.max.threads
• [OF-3068] - SocketUtil should give up sooner
• [OF-3071] - Replace Pull Parser \(XPP3\) library for compat with Java 11
• [OF-3078] - JDBCAuthProvider: Default bcrypt log rounds 10
• [OF-3079] - Backwards compat plugins
• [OF-3083] - SerializingCache should dereference classes when unused

Task

• [OF-2717] - Migrate to Jetty 12
• [OF-2722] - Phase out commons-fileupload
• [OF-2729] - Setup IPv6 tests
• [OF-2754] - Deprecate FastDateFormat
• [OF-2793] - Include Oracle Database Driver in distribution
• [OF-2905] - Update Maven Wrapper to 3.3.2
• [OF-2943] - Update database used by unit tests
• [OF-2956] - Drop unused database table ofSASLAuthorized
• [OF-2961] - Update Netty to 4.1.118
• [OF-3051] - Update to Tinder 2.1.0
• [OF-3082] - Allow SerializingCache to use 'raw' types
• [OF-3084] - Remove code that is deprecated and scheduled for removal in 5.0.0

New Feature

• [OF-2607] - Implement XEP-0421: Anonymous unique occupant identifiers for MUCs
• [OF-2760] - Add option to tombstone/retire a MUC upon deletion, preventing the name from use in the future
• [OF-2885] - TaskEngine jobs to support Future
• [OF-2916] - Add option to delete history on room deletion
• [OF-2917] - Add option to preserve room history on room deletion
• [OF-2918] - Add option to clear history for a given MUC
• [OF-2923] - Use more than one AD/LDAP server
• [OF-2925] - Have multi-providers for groups
• [OF-2952] - Alert admins that certificate is about to expire
• [OF-3053] - Add support for XEP-0433: Extended Channel Search
• [OF-3090] - Add Italian translation
• [OF-3091] - Add Turkish translation
• [OF-3092] - Add Swedish Language

Sub-task

• [OF-2861] - Rename MUCRole, breaking changes
• [OF-2973] - Remove empty <script> element in main.jsp decorator
• [OF-2974] - Remove inline <script> elements in connection management pages
• [OF-2975] - Remove empty <script> element in setup-datasource-jndi.jsp
• [OF-2982] - Replace inline <script> element in setup-host-settings.jsp
• [OF-3011] - Replace inline <script> element in user-roster-add.jsp
• [OF-3012] - Replace inline <script> element in user-search.jsp
• [OF-3085] - Deprecate custom Base64 implementation
• [OF-3086] - Remove deprecated date/time API usage
• [OF-3087] - Remove deprecated PluginManager#getPlugin
• [OF-3088] - Refactor Cache Locking implementation

Bug

• [OF-2397] - Subscription change requests for shared contacts are partially processed
• [OF-2437] - Primary Key constraint violations when flushing pubsub nodes
• [OF-2526] - Support systemd for Debian
• [OF-2631] - Access model of leaf nodes is ignored
• [OF-2784] - IPv6 addresses should be usable in Registration&Login settings
• [OF-2865] - A moderator SHOULD NOT be allowed to revoke moderation privileges from someone with a higher affiliation than themselves
• [OF-2883] - Base64 decoding issue preventing startup (after upgrade to 4.9.0)
• [OF-2904] - Invalid OtherName parsing of TLS certificates
• [OF-2911] - NPE: Cannot invoke "java.lang.StringBuilder.length()" because "this.buffer" is null
• [OF-2912] - Admin Console reports DNS Issue while dns-check.jsp reporting no issue
• [OF-2915] - Database statistics don't observe end-time
• [OF-2930] - Vulnerability discovered in netty-common- 4.1.108.Final.jar CVE-2024-47535
• [OF-2935] - Unable to set the 'Retire room names on deletion..' check box in a clustered environment
• [OF-2938] - Missing warnings for incompatible plugins
• [OF-2941] - Incorrect detection of plugin update with SNAPSHOTs
• [OF-2948] - Openfire 5.0.0 Alpha RPM workflow failed to generate a proper artifact
• [OF-2949] - Mac happyeyeballs test failures
• [OF-2959] - Plugin download in audit log
• [OF-2960] - RPM build fails in new OJDBC driver
• [OF-2966] - Race condition in BOSH logout leads to inconsistent state
• [OF-3026] - Race condition in RoutingTable lead to inconsistent state
• [OF-3029] - False postivie for "Client route not found for route {}, while user session still existed"
• [OF-3031] - Detached clients generate errors in log when inspected (clustering)
• [OF-3040] - Base64 decoding issue when resizing avatars
• [OF-3041] - LocalOutgoingServer's canProcess error handling introduces deadlock
• [OF-3043] - Get Idle Users command is implemented but not returned in Disco
• [OF-3044] - Cache inconsistency: routeOwnersByClusterNode out of sync
• [OF-3046] - MultiUserProvider should only use supported fields
• [OF-3047] - LDAP Authentication Password 'authpassword' value
• [OF-3049] - Session overview page error in cluster
• [OF-3050] - Client session sorting on last activity issue
• [OF-3054] - HybridUserProvider throws IndexOutOfBoundsException
• [OF-3064] - Roster versioning doesn't generate usable identifiers
• [OF-3069] - Not all elements in sessionInfosByClusterNode exist in Client Session Info Cache.
• [OF-3072] - Incorrect presence probe processing
• [OF-3076] - Launcher XML config parser XXE
• [OF-3089] - Inconsistent property name usage for S2S max idle time

sha256sum values

389c5cfbe7adfb169f6a741cd2a7006550631daa6a471b1302b86e0bd83fd22f  openfire-5.0.0-1.noarch.rpm
de21c16a4dfdf08c0635c503796c685d7d99ceba07841f27fe0780982d0d9460  openfire_5.0.0_all.deb
6808bc58168e2b73fe94ef706b8d5052ab7f48acca26bcc36d08c5e5c1e90a4f  openfire_5_0_0.dmg
4f4b9f340d79a12dfbff9711b47c1fd1ddef7495adc61953bb79c4f5e1557070  openfire_5_0_0.exe
9ca32b33f960e642fd502616726c51749fbf76678cbb0d097a12634356f10218  openfire_5_0_0.tar.gz
e21268131425321716582ba32fff56cb34b9fc0b95623898f59cac29dbbff7cc  openfire_5_0_0_x64.exe
8031a12acb8fd3bdd631d336e93af0f227fb5a193b5ad254a49564b7f02dddee  openfire_5_0_0.zip

Improvement

• [OF-2132] - Use CRL as provided by CA
• [OF-2134] - Restore and improve Certificate Revocation support
• [OF-2280] - Guard against S2S connection inconsistency in cluster
• [OF-2453] - Disable Connection Manager ports by default
• [OF-2785] - Add IPv6 support when evaluating Client Session IP addresses
• [OF-2786] - IPv6/IPv4 fallback
• [OF-2787] - Add IPv6-specific documentation
• [OF-2811] - Do not block Netty EventLoop threads
• [OF-2821] - Allow session-summary to display resource string
• [OF-2859] - Rename MUCRole
• [OF-2862] - Refactor 'role' and 'affiliation' related privileges
• [OF-2871] - Allow optional password for alternate venue when destroying room
• [OF-2876] - Rise minimal required JRE to 17
• [OF-2877] - Reproducible builds
• [OF-2889] - i18n properties: don't convert from UTF-8 to Latin1
• [OF-2892] - Available Plugins page: redesign to make Documentation easier to see
• [OF-2902] - Update commons-fileupload for transitive CVE
• [OF-2903] - Upgrade Sitemesh
• [OF-2914] - Reduce verbosity of TLS issues
• [OF-2919] - Don't let XMPP-decoder decode TLS's End-of-Transmission
• [OF-2924] - Reduce duplicate code in Multi-providers
• [OF-2926] - Add documented configuration options for LdapAuthProvider's cache
• [OF-2927] - Allow LDAP alternateBaseDN to be configured in admin console
• [OF-2928] - Improve parallel execution of multi-providers
• [OF-2939] - Show plugin warning on index page
• [OF-2940] - Run all plugin database update scripts
• [OF-2942] - S2S outbound can give up faster when encryption and/or auth mechanisms are exhausted
• [OF-2945] - Suppress warning during JSPC precompilation
• [OF-2950] - RemoteSessionLocator should ignore local node
• [OF-2951] - Faster log-in \(with federated contacts\)
• [OF-2955] - Update PostgreSQL JDBC driver to 42.7.7
• [OF-2958] - Bump up timeout for MUC non-responsiveness check
• [OF-2967] - Remove newline before presence in ClientSession toString
• [OF-3027] - Give parent eventloop threads a recognizable name
• [OF-3028] - Netty threads from 'child' eventloop should use Netty-default settings
• [OF-3030] - "Setting locale to X" isn't a warning
• [OF-3033] - Modify Stream Management to account for short-lived background apps
• [OF-3034] - Stream Management optional close shouldn't log error
• [OF-3035] - Failure to get address from detached session over cluster shouldn't log an error
• [OF-3036] - Improve log messages when unable to connect to a remote host that is unreachable
• [OF-3038] - Reduce verbosity of Socket Connection reset log messages \(c2s only\)
• [OF-3048] - Load time of session-summary admin page in a cluster
• [OF-3052] - Consistently use pagination for ad-hoc commands
• [OF-3055] - When removing XML elements, don't expect there to be only one.
• [OF-3056] - Reduce reliance on RoutingTable when processing directed presence
• [OF-3059] - Deprecate concept of 'anonymous route'
• [OF-3061] - Improve DB query to get last pubsub items
• [OF-3062] - Ignore unexpected 'subscription' values in Roster Set
• [OF-3063] - CAPS calculation debug info
• [OF-3065] - Allow Connection Manager DirectTLS endpoint configuration
• [OF-3067] - Bump up xmpp.server.outgoing.max.threads
• [OF-3068] - SocketUtil should give up sooner
• [OF-3071] - Replace Pull Parser \(XPP3\) library for compat with Java 11
• [OF-3078] - JDBCAuthProvider: Default bcrypt log rounds 10
• [OF-3079] - Backwards compat plugins
• [OF-3083] - SerializingCache should dereference classes when unused

Task

• [OF-2717] - Migrate to Jetty 12
• [OF-2722] - Phase out commons-fileupload
• [OF-2729] - Setup IPv6 tests
• [OF-2754] - Deprecate FastDateFormat
• [OF-2793] - Include Oracle Database Driver in distribution
• [OF-2905] - Update Maven Wrapper to 3.3.2
• [OF-2943] - Update database used by unit tests
• [OF-2956] - Drop unused database table ofSASLAuthorized
• [OF-2961] - Update Netty to 4.1.118
• [OF-3051] - Update to Tinder 2.1.0
• [OF-3082] - Allow SerializingCache to use 'raw' types
• [OF-3084] - Remove code that is deprecated and scheduled for removal in 5.0.0

New Feature

• [OF-2607] - Implement XEP-0421: Anonymous unique occupant identifiers for MUCs
• [OF-2760] - Add option to tombstone/retire a MUC upon deletion, preventing the name from use in the future
• [OF-2885] - TaskEngine jobs to support Future
• [OF-2916] - Add option to delete history on room deletion
• [OF-2917] - Add option to preserve room history on room deletion
• [OF-2918] - Add option to clear history for a given MUC
• [OF-2923] - Use more than one AD/LDAP server
• [OF-2925] - Have multi-providers for groups
• [OF-2952] - Alert admins that certificate is about to expire
• [OF-3053] - Add support for XEP-0433: Extended Channel Search

Sub-task

• [OF-2861] - Rename MUCRole, breaking changes
• [OF-2973] - Remove empty <script$gt; element in main.jsp decorator
• [OF-2974] - Remove inline <script$gt; elements in connection management pages
• [OF-2975] - Remove empty <script$gt; element in setup-datasource-jndi.jsp
• [OF-2982] - Replace inline <script$gt; element in setup-host-settings.jsp
• [OF-3011] - Replace inline <script$gt; element in user-roster-add.jsp
• [OF-3012] - Replace inline <script$gt; element in user-search.jsp
• [OF-3085] - Deprecate custom Base64 implementation
• [OF-3086] - Remove deprecated date/time API usage
• [OF-3087] - Remove deprecated PluginManager#getPlugin
• [OF-3088] - Refactor Cache Locking implementation

Bug

• [OF-2397] - Subscription change requests for shared contacts are partially processed
• [OF-2437] - Primary Key constraint violations when flushing pubsub nodes
• [OF-2526] - Support systemd for Debian
• [OF-2631] - Access model of leaf nodes is ignored
• [OF-2784] - IPv6 addresses should be usable in Registration&Login settings
• [OF-2865] - A moderator SHOULD NOT be allowed to revoke moderation privileges from someone with a higher affiliation than themselves
• [OF-2883] - Base64 decoding issue preventing startup (after upgrade to 4.9.0)
• [OF-2904] - Invalid OtherName parsing of TLS certificates
• [OF-2911] - NPE: Cannot invoke "java.lang.StringBuilder.length\(\)" because "this.buffer" is null
• [OF-2912] - Admin Console reports DNS Issue while dns-check.jsp reporting no issue
• [OF-2915] - Database statistics don't observe end-time
• [OF-2930] - Vulnerability discovered in netty-common- 4.1.108.Final.jar CVE-2024-47535
• [OF-2935] - Unable to set the 'Retire room names on deletion..' check box in a clustered environment
• [OF-2938] - Missing warnings for incompatible plugins
• [OF-2941] - Incorrect detection of plugin update with SNAPSHOTs
• [OF-2948] - Openfire 5.0.0 Alpha RPM workflow failed to generate a proper artifact
• [OF-2959] - Plugin download in audit log
• [OF-2960] - RPM build fails in new OJDBC driver
• [OF-2966] - Race condition in BOSH logout leads to inconsistent state
• [OF-3026] - Race condition in RoutingTable lead to inconsistent state
• [OF-3029] - False postivie for "Client route not found for route {}, while user session still existed"
• [OF-3031] - Detached clients generate errors in log when inspected (clustering)
• [OF-3040] - Base64 decoding issue when resizing avatars
• [OF-3041] - LocalOutgoingServer's canProcess error handling introduces deadlock
• [OF-3043] - Get Idle Users command is implemented but not returned in Disco
• [OF-3044] - Cache inconsistency: `routeOwnersByClusterNode` out of sync
• [OF-3046] - MultiUserProvider should only use supported fields
• [OF-3047] - LDAP Authentication Password 'authpassword' value
• [OF-3049] - Session overview page error in cluster
• [OF-3050] - Client session sorting on last activity issue
• [OF-3054] - HybridUserProvider throws IndexOutOfBoundsException
• [OF-3064] - Roster versioning doesn't generate usable identifiers
• [OF-3069] - Not all elements in sessionInfosByClusterNode exist in Client Session Info Cache.
• [OF-3072] - Incorrect presence probe processing
• [OF-3076] - Launcher XML config parser XXE

sha256sum values

b36cb22786b076a532289b37b500b733d33c350d661e819ab9b3b3930d9c426f  openfire-5.0.0-0.2.beta.noarch.rpm
156cd5b0536ba97e1a41b8abb49391f7ad4437fedf7ed69d3dd8c061254f20e4  openfire_5.0.0.beta_all.deb
17e658cff2a586b30044cbf6c0cdf3261295c868e72c3ae488ab54db15334147  openfire_5_0_0_beta.dmg
d8e616a7bd28c543739996cd3846c657302137d9ef32797b4f218cce36a5540c  openfire_5_0_0_beta.exe
a7499dc939a84289379333a47c6e85cfa2a7a25538352f41c508471f59abe96c  openfire_5_0_0_beta.tar.gz
491cbb256ebfb397fbfb93eb10f6ce9d62936feaba658617d5f5b97f56074474  openfire_5_0_0_beta_x64.exe
73aaa5d929d732d4bc25c2bc69afc3d9c07ccf391e693862c486ae822fcc8296  openfire_5_0_0_beta.zip