A security issue has been reported that allows malicious users to remotely upload code to Openfire via the built-in admin console. Although there is no known exploit "in the wild", it's highly recommended that users upgrade their server instances to fix this security issue. Affects: All previous releases of Openfire, at least through Openfire 3.0.0 Workaround: the security issue can be worked around in previous versions of Openfire by limiting access to the admin console port (9090 by default) via firewall rules.