Here is a solution which fixes the leak for us, let me know if this seems sane to you or not Gato, this is the checkForTimedOutUsers() function in MultiUserChatServerImpl.java:

 
private void checkForTimedOutUsers() {
 
        final long deadline = System.currentTimeMillis() - user_idle;
 
        for (LocalMUCUser user : users.values()) {
 
            try {
 
             & nbsp;  // If user is not present in any room then remove the user from
 
             & nbsp;  // the list of users
 
             & nbsp;  if (!user.isJoined()) {
 
             & nbsp;      removeUser(user.getAddress());
 
             & nbsp;      continue;
 
             & nbsp;  }
 
             & nbsp;  
 
             & nbsp;  // Do nothing if this feature is disabled (i.e USER_IDLE equals -1)
 
             & nbsp;  if( user_idle == -1 ){
 
             & nbsp;      continue;
 
             & nbsp;  }
 
             & nbsp;  
 
             & nbsp;  if ( user.getLastPacketTime() < deadline) {
 
             & nbsp;      // Kick the user from all the rooms that he/she had previuosly joined
 
             & nbsp;      MUCRoom room;
 
             & nbsp;      Presence kickedPresence;
 
             & nbsp;      for (LocalMUCRole role : user.getRoles()) {
 
             & nbsp;          room = role.getChatRoom();
 
             & nbsp;          try {
 
             & nbsp;            &nb sp; kickedPresence =
 
             & nbsp;            &nb sp;         room.kickOccupant(user.getAddress(), null, null);
 
             & nbsp;            &nb sp; // Send the updated presence to the room occupants
 
             & nbsp;            &nb sp; room.send(kickedPresence);
 
             & nbsp;          }
 
             & nbsp;          catch (NotAllowedException e) {
 
             & nbsp;            &nb sp; // Do nothing since we cannot kick owners or admins
 
             & nbsp;          }
 
             & nbsp;      }
 
             & nbsp;  }
 
            }
 
            catch (Throwable e) {
 
             & nbsp;  Log.error(LocaleUtils.getLocalizedString("admin.error"), e);
 
            }
 
        }
 
    } 
 
 

You'll notice that basically the if(user_idle == -1) check has been moved after the logic which checks to see if a user is still in any rooms. This will allow users who are not in any rooms to be removed from the users map, which should fix the leak.  Let me know what you think!

Not sure why this code window is showing up so narrow, sorry about that

Hey Guus, just wanted to say thanks a lot for noticing this. I FINALLY got around to installing 3.4.5 and noticed this incorrect fix (continue being switched with return), and was about to write up a report for it (which would have been sadly too late for 3.5.0) so I just wanted to thank you for taking charge on this issue