Smack is an Open Source XMPP (Jabber) client library for instant messaging and presence. A pure Java library, it can be embedded into your applications to create anything from a full XMPP client to simple XMPP integrations such as sending notification messages and presence-enabling devices.
Around two years ago, on 2015-03-29 to be precise, Smack 4.1.0 was tagged and released. A few days ago I've tagged and released Smack 4.2.0 to Maven Central. The 4.2.0 release marks a milestone for Smack, but before I got into the exciting new features, I'd like to thank the various contributors:
$ git shortlog -sn 4.1.0..4.2.0
459 Florian Schmaus
8 Fernando Ramirez
3 Anno van Vliet
2 Andrey Starodubtsev
2 Vyacheslav Blinov
1 Andrey Prokopenko
1 Daniel Hintze
1 Dave Cridland
1 David Black
1 Dmitry Deshevoy
1 Grigory Fedorov
1 Hugues Bruant
1 Ishan Khanna
1 Tomas Nosek
1 Tomáš Havlas
I can not remember when Smack had so many contributors. Thanks everyone and keep the contributions coming.
The notable changes to Smack 4.2 include support for DNSSEC (thanks to a previous MiniDNS GSOC project), JIDs as first class citizens by using JXMPP's JID API, and tons of other improvements, new features and bug fixes. You can read more in the Smack 4.2 Readme and Upgrade Guide and the Smack's JIRA release notes.
Last but not least, thanks to Bilal Siddiq, Smack now has a logo.
Ever wanted to contribute to open source? Are you interested in XMPP/DNS/DNSSEC? Google gives students the chance to work on open source projects and get paid for it as part of Google's Summer of Code 2017. The XSF acts as umbrella organization for projects like Smack and MiniDNS . Feel free to contact me in the firstname.lastname@example.org if you are interested in participating or if you want to discuss your own Smack/MiniDNS related project ideas.
For many years now, Google is orchestrating its "Summer of Code" program. GSoC aims to bring student developers into the open source community, during the summer holidays.
As it did before, the XMPP Standards Foundation (XSF) will act as an umbrella organisation for this years edition of GSoC. The Ignite Realtime community is open to accept students under this umbrella.
If you're a student and interested in working on one of our projects as part of GSoC, you should get in contact! We've prepared a number of teaser tasks as well as project ideas, all of which are available in the XSF wiki.
I've just released Smack 4.2.0-rc3 to Maven Central. Smack 4.2.0 is scheduled to be released early Q2 2017, according to Smack's release life cycle. And right now, it looks like the train is right on time.
The Ignite Realtime community is proud to announce that nearly 2 years after the release of Smack 4.1, the first Release Candidate (RC) of Smack 4.2 has been uploaded to Maven Central. Smack 4.2 marks another milestone in the development of Smack. With the availability of the first RC, the API of Smack 4.2 was sealed. This means that now is the ideal time for Smack users to adopt their codebase to the new Smack 4.2 API, and eventually start using Smack 4.2 in the experimental/development branch of their codebase. Please consult the Smack 4.2 Readme and Upgrade Guide for more information.
I'd like to use this post also to draw your attention at a very important topic. The codebase of smack-core and -tcp has grown historically over the past 15 years. This is not an issue per se. Smack was well designed from the beginning, is now modular and not affected by bit rot. But especially on important class, namely XMPPTCPConnection, has come to age. It is based on threads, when it should use NIO. It uses triggers for state changes, when it should be designed as finite state machine. And some more. I know that a lot of people are affected by Smack creating at least 2 threads per connection (instead of using NIO). This all also contributed at some amount to the latest security vulnerability found in Smack (SMACK-739 / CVE 2016-10027).
The only solution to tackle this would be to re-implement the affected code from scratch. But needles to say that this also would require funding, as it is not a simple one weekend task. I hope to have the resource to do this at some point in the future. If you think you can help, or know someone who possibly would be interested support the funding, then please contact me.
A critical security vulnerability has been found in Smack. Please upgrade immediately to Smack 4.1.9. Like all Smack releases with the same major and minor version numbers, 4.1.9 is a drop in replacement for all Smack 4.1 releases. Smack 4.1.9 is available on Maven Central.
The Ignite Realtime community would like to thank Sylvain Sarméjeanne for discovering and reporting the vulnerability to email@example.com.