Smack is an Open Source XMPP (Jabber) client library for instant messaging and presence. A pure Java library, it can be embedded into your applications to create anything from a full XMPP client to simple XMPP integrations such as sending notification messages and presence-enabling devices.
The Ignite Realtime community is proud to announce that nearly 2 years after the release of Smack 4.1, the first Release Candidate (RC) of Smack 4.2 has been uploaded to Maven Central. Smack 4.2 marks another milestone in the development of Smack. With the availability of the first RC, the API of Smack 4.2 was sealed. This means that now is the ideal time for Smack users to adopt their codebase to the new Smack 4.2 API, and eventually start using Smack 4.2 in the experimental/development branch of their codebase. Please consult the Smack 4.2 Readme and Upgrade Guide for more information.
I'd like to use this post also to draw your attention at a very important topic. The codebase of smack-core and -tcp has grown historically over the past 15 years. This is not an issue per se. Smack was well designed from the beginning, is now modular and not affected by bit rot. But especially on important class, namely XMPPTCPConnection, has come to age. It is based on threads, when it should use NIO. It uses triggers for state changes, when it should be designed as finite state machine. And some more. I know that a lot of people are affected by Smack creating at least 2 threads per connection (instead of using NIO). This all also contributed at some amount to the latest security vulnerability found in Smack (SMACK-739 / CVE 2016-10027).
The only solution to tackle this would be to re-implement the affected code from scratch. But needles to say that this also would require funding, as it is not a simple one weekend task. I hope to have the resource to do this at some point in the future. If you think you can help, or know someone who possibly would be interested support the funding, then please contact me.
A critical security vulnerability has been found in Smack. Please upgrade immediately to Smack 4.1.9. Like all Smack releases with the same major and minor version numbers, 4.1.9 is a drop in replacement for all Smack 4.1 releases. Smack 4.1.9 is available on Maven Central.
The Ignite Realtime community would like to thank Sylvain Sarméjeanne for discovering and reporting the vulnerability to email@example.com.
I've just uploaded Smack 4.1.8 and 4.2.0-beta2 to Maven Central.
Smack 4.1.8 fixes a few minor issues and is expected to be the last release of the 4.1 branch. As always, Smack releases with the same major and minor version numbers are drop in replacements. Ideally you just need to change a single variable somewhere in your build system.
Smack 4.2.0-beta2 is the latest beta of Smack's current development branch. Notable additions include support for XEP-0313: Message Archive Management (MAM) and the IoT XEP series.
Starting with b91978dcc4ae partial support for the IoT XEPs was added to Smack. The XEPs consists, amongst other XEPs, of
The XEPs are in experimental state, which means changes to them are possible.
Smack does currently only support a partial set of the mechanisms specified, especially when it comes to Data and Control. For example only boolean and integer values can be read and written But support for more data types can be easily added.
The development of the API was sponsored by Clayster.
Clayster creates technology to secure trust in the transactions between physical and digital entities, and strives to be that generic foundation for your physical assets digital life.
Clayster has an IoT discovery and provisioning platform supporting XEP-0347 and XEP-0324. The platform is available for those who are interested to explore XMPP and IoT further. If you don't want to run your own infrastructure, Clayster is able to provide an XMPP Server and the discovery/provisioning platform for you. Feel free to reach out to rikard at clayster.com if you are interested to learn more about using XMPP for your next IoT project. www.clayster.com
Two new releases of Smack have just been pushed to Maven Central.
Smack 4.1.7 fixes a few bugs. One noteworthy bug is that on certain platforms Smack's setEnabledSSL(Protocols|Ciphers) had no effect. More information about the fixed bugs can be found in the Release Notes.
The careful reader may noticed that this is the first beta release of Smack 4.2. Which means that Smack 4.2 just entered the beta phase. My rough timeplan is to release Smack 4.2 in 6 months: starting with 3 months long beta period now, followed by 3 months of release candidates. But as all schedules in the software industry, take it with a grain of salt.