Open Realtime.

Ignite Realtime is the community site for the users and developers of Jive Software's open source Real Time Communications projects. Your involvement is helping to change the open RTC landscape.

Open Realtime.

Ignite Realtime is the community site for the users and developers of Jive Software's open source Real Time Communications projects. Your involvement is helping to change the open RTC landscape.
Latest Blog Entries
Flow
1

(a)Smack 4.0.0-rc1 has been released

We are happy to announce the release of (a)Smack 4.0.0-rc1. This is the first aSmack release that is in sync with Smack's codebase and therefore marks an important milestone for Smack on Android. It is also the first non-snapshot release that is going to be available on the Maven Central Repositories (SMACK-265).

 

Smack 4.0.0-rc1 includes some major changes and important improvements including security related fixes. While this is marked as release candidate, users are encouraged to update because some important security bugs have been fixed. Please consult the "Smack 4.0 Readme and Upgrade Guide" for further information regarding the changes between Smack 3.4 and 4.0.

 

Previous Smack versions suffered from a missing "Basic Constraints" check in ServerTrustManager (SMACK-410): this allowed anyone with a valid CA-signed certificate for any domain to generate a certificate for any other domain that would be accepted by Smack's ServerTrustManager. Moxie Marlinspike found the same error in IE back in 2002 and wrote a detailed summary about it: http://www.thoughtcrime.org/ie-ssl-chain.txt

We would like to thank Ryan Sleevi of the Google Chrome Security Team for reporting the issue to us.

 

The fix for Smack was simply removing ServerTrustManager and the related code altogether. ConnectionConfiguration now only has a setting for a custom SSLContext. We shifted the responsibility for TLS certificate validation out of the library to the user, where it belongs. A fixed version of ServerTrustManager may return as an optional module in a future Smack release. Contributions are, as always, welcome.

 

A second important security vulnerability often found in XMPP implementations was made public by Thijs Alkemad aka xnyhps early this year. Affected implementations did not properly verify the 'from' attribute of IQ responses and were therefore vulnerable to spoofed IQ packets. You can read more about it here: http://tools.ietf.org/html/draft-alkemade-xmpp-iq-validation-00

 

Thijs also reported Smack as vulnerable in SMACK-533 and SMACK-538. Thanks to Lars Noschinski, patches were quickly provided and Smack is now immune.

 

(a)Smack 4.0.0-rc1 is considered mature. It is marked as release candidate because we have only a small number of people who are testing the current (a)Smack development snapshot. We ask everyone using Smack in some sort of staging, development or non-critical production environment to try 4.0.0-rc1 and report any problems or feedback to the community forums.

 

Thanks to everyone working on Smack 4.0:

 

git shortlog -sn 3.4.1..4.0.0-rc1

   166  Florian Schmaus

    10  Lars Noschinski

     4  Georg Lukas

     2  Vyacheslav Blinov

     2  rcollier

     1  Daniele Ricci

     1  Jason Sipula

     1  XiaoweiYan

     1  atsykholyas

 

Besides the mentioned security issues, Smack 4.0 contains also many new improvments and other bugfixes. An overview of all resolved issues in Smack 4.0.0-rc1 can be found in JIRA

 

Smack 4.0.0-rc1 can be downloaded from maven central

aSmack 4.0.0-rc1 is avaiable as jar at http://asmack.freakempire.de/4.0.0-rc1/

Tags: planetjabber , smack , release 1
Flow
15

Hello World! I'm Smack's new maintainer. Smack 3.4.1 released.

Hi there, I'm Smack's new maintainer. Some of you may know me already as the maintainer of aSmack, the Android port of Smack. I first like to thank Robin for his work on Smack in the past.

 

Smack has a long development history. The first recorded commit dates back to Jan 13 2003. Now, over 11 years later, we are going make fundamental changes to Smack in order to ensure that it will last another decade.

 

Most importantly: Ignite Realtime is applying as Google Summer of Code organization. We propose a project to modernize and modularize Smacks build system. One reason why this is necessary, is that we want Smack to be able to target Java SE and Android. Read more about it here.

 

Smacks SVN repository has been migrated to git, and the code is now hosted on GitHub. We are currently evaluating hosting the code in our own Atlassian Stash, but that isn't decided yet and is not a high priority right now.

 

Let's have a look at Smack's contributors of the last 11 years:

 

   513  Gaston Dombiak

   474  Matt Tucker

   123  rcollier

   105  Thiago Camargo

   104  Florian Schmaus

    69  Alex Wenckus

    46  Bill Lynch

    43  Derek DeMoro

    24  Günther Niess

    15  Daniel Henninger

    12  Henning Staib

    11  loki

     7  Michael Will

     7  Wolf Posdorfer

     7  guus

     6  Holger Bergunde

     6  Jeff Williams

     5  Jay Kline

     4  Marilyn Daum

     3  Francisco Vives

     2  bruce

     1  (no author)

     1  Andrew Wright

     1  Pete Matern

     1  Tim Jentz

     1  root

 

Hopefully this list will grow over the time. If you'd like to contribute bigger patches to Smack, please consult the developers. Either via IRC #smack (freenode) or via the developers forum. All patches will be reviewed, since there are usually a few things that should be improved before the commit is ready for Smack's master branch. Make also sure to read the Guidelines for Smack Developers and Contributors.

 

Besides the GSOC project, there are more goodies in the queue, like XEP-0198 Stream Mangament and Roster Versioning.

 

We also work on migrating the build system to gradle, including deployments to sonatype/maven central. I expect the next release to be available as jar and via maven central.

 

Finally, shortly after the 3.4.0 release, a memory leak was reported in the forum. The cause was identified 6 hours later, and a fixed nighlty release was made availabe shortly after. I am going to use this importand fix as reason to release Smack 3.4.1 today, in order to get familar with the release process of Smack.

Tags: planetjabber , smack 15
akrherz
26

Openfire 3.9.1 has been released

Yesterday's release of Openfire 3.9.0 had some problems with packaging of the release.  Bouncycastle signed jar files were getting packed, which then caused problems when Openfire attempted to load them.  We have hopefully fixed this issue and cleaned up a few other details and are proud to announce a 3.9.1 release!

 

Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache license. It uses the only widely adopted open protocol for instant messaging, XMPP (also called Jabber). Openfire is incredibly easy to setup and administer, but offers rock-solid security and performance.

 

The download page offers these files and here are their md5sums for your comparison.

 

md5sum
filename

979c431cbf416d387b2ef7ca5d7f6531

JSopenfire-3.9.1-ALL.pkg.gz
7fb231b58d581babd5d7b65e05b9a953openfire-3.9.1-1.i386.rpm
0ffbeb206b45538e8f0ff63325026e37openfire-3.9.1-1.src.rpm
3ca1d72c5a34b820a5e0ab15ab21ee34openfire_3.9.1_all.deb
028af7beb80cd552a4233434e7597729openfire_3_9_1.dmg
79c13434815d05d88031b75adcf85275openfire_3_9_1.exe
f05b0bfbbc6e04a6fc8cbcdd53e79d8copenfire_3_9_1.tar.gz
9799c471bed11058c971ed8598ce8449openfire_3_9_1.zip
25f716c5497597b59dcce71b7fb0dbb2openfire_src_3_9_1.tar.gz
9b7ccb7d1483f62f4da930553c9363c2openfire_src_3_9_1.zip

 

Please report any issues to us in the forums.  We are always looking for developers to help improve Openfire, so please let us know if interested!

Tags: planetjabber , openfire , release , 3.9.1 26
akrherz
18

Openfire 3.9.0 has been released

The Ignite Realtime community is happy to announce the release of version 3.9.0 of Openfire! Downloads for various platforms are available here.

 

Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache license. It uses the only widely adopted open protocol for instant messaging, XMPP (also called Jabber). Openfire is incredibly easy to setup and administer, but offers rock-solid security and performance.

 

There are a few important fixes with this release, be sure to checkout the changelog for more details.

 

As always, we welcome your feedback, suggestions, tips, hints, questions and other contributions in the Ignite Realtime Community pages.

 

We are also looking for people interested in helping to develop Openfire!  If you enjoy hacking at Java code and would like to pitch in, please let us know on the forums.

 

Update 6 Feb 2014 20 UTC: There was a problem with the initial build of 3.9.0 and the packaging of the bouncycastle libraries.  This has been fixed.  The following MD5 checksums should be used to check the files you download.

 

md5sumfilename

e68c95feba256d8f010682b845a901e2

openfire_3_9_0.dmg
a5cf6e3121aaf8b8367381db0eddb7e5openfire_3_9_0.exe
a0b4e5d15e4e9c0ac9f5fb8645a32fafopenfire_3_9_0.tar.gz
a3088db15e73c884f22ff14842d80642openfire_3_9_0.zip
d09cb027cf537c866c2e8896b1f3125dopenfire_src_3_9_0.tar.gz
8fffc005508684e2fb23314df8d4f502openfire_src_3_9_0.zip
674b86bc209ca51e71fe8fe9f05883f4JSopenfire-3.9.0-ALL.pkg.gz
3e883a6c8a8504f6a0934b7054efce66openfire-3.9.0-1.i386.rpm
8d661624495d232323ae061246b47ecdopenfire-3.9.0-1.src.rpm
48167fb89ba804e297faa70b37da1b95openfire_3.9.0_all.deb
Tags: planetjabber , openfire , release , 3.9.0 18
rcollier
6

Stepping Down as Lead

It is with a heavy heart that I am stepping down as the project lead for Smack. 

 

I am happy to have managed to push out 6 releases in the last 3 years, but even from the start I always had issues finding the time to dedicate to this project.  Things have never really improved on that front.  Three young children and some unexpected illnesses in my family haven't exactly made for a lot of free time over the last couple of years. 

 

I have been thinking about this for awhile actually, but it has only been this year that some other eager contributors have come along with a lot of ideas and motivation for the project. So that makes for a good time to step aside and let those with time and dedication move the project forward.

 

I still plan on contributing when and if I can, but it will probably be less code and more helping others in the forums.  It takes much shorter blocks of time.

 

So, I wish the best of luck to Flow, who will be taking over my role as project lead.

Tags: smack 6
Openfire 3.9.1
Spark 2.6.3
SparkWeb 0.9.0
Smack API 3.4.1
Tinder API 1.2.2
Whack API 1.0.0
XIFF API 3.1.0
Downloads 18,842,758
Members 18535
Forum Posts 141501
Blog Entries 196

The interaction with talented developers and with enthusiasts from around the world makes working with Openfire and Spark very enjoyable. IgniteRealtime.org opens exciting new ways for this vibrant community to share ideas and work together.

– Guus der Kinderen, Software Architect, Nimbuzz.