Open Realtime.

Ignite Realtime is the community site for the users and developers of Jive Software's open source Real Time Communications projects. Your involvement is helping to change the open RTC landscape.

Open Realtime.

Ignite Realtime is the community site for the users and developers of Jive Software's open source Real Time Communications projects. Your involvement is helping to change the open RTC landscape.
Latest Blog Entries
Guus der Kinderen
5

Openfire 4.7.0 has been released!

The Ignite Realtime Community is elated to be able to announce the release of Openfire version 4.7.0!

This release is the first non-patch release in more than a year, which brings a healthy amount of new features, as well as bug fixes.

I’d like to explicitly thank the many people in the community that have supported this release: not only were a significant amount of code contributions provided, the feedback that we get in our chatroom and on our community forums is of great value to us!

Highlights of this release include extensively improved clustering support, particularly around Multi-User Chat functionality, which should benefit high-volume environments.

The complete changelog contains more than 110 issues that have been resolved in this release.

We invite you to give this release a try. The process of upgrading from an earlier version is as lightweight as ever. It is outlined in the Openfire upgrade guide. Please note that, if desired, a significant amount of professional partners is available that can provide commercial support for upgrading, customization, or other services.

We’re always happy to hear about your experiences, good or bad! Please consider dropping a note in the community forums or hang out with us in our web support groupchat.

You can find Openfire release artifacts on the download page. These are the the applicable sha256sums:

061200b8925f9d248c7303a5e893c3bd3df256bae07956ac4aa5fccb88e247c7  openfire-4.7.0-1.noarch.rpm
f1867b224082aa4baa3632bed465a51d21eb109cb57b01ac1a97f0662ab6f23c  openfire_4.7.0_all.deb
f7bc7d3dbeae4ce7f8620338c6f4cc27de873e8b7e736d2dc9b345a0942b89cc  openfire_4_7_0.dmg
49d474983105665831a15204d2504d56a829a908c5ffc4837504edcf71e52519  openfire_4_7_0.exe
781e024118e46675134b712e92efd249dd86b0e64c6ae221484c03fa5c66fe6f  openfire_4_7_0.tar.gz
7280870634edeba66b8ab274cab6c6e22c5fb4643942760de2c400d262917ac5  openfire_4_7_0_x64.exe
0ba7cac3dba81922fa254562f5e2fdb066bd195738910c4449e882195f936610  openfire_4_7_0.zip

As per usual, we have created a 4.7 branch in our source code repository, that will hold follow-up bug fixes for this release, which will be numbered with 4.7.x identifiers. The main branch will over time evolve into release 4.8. We do not expect to perform more releases on the 4.6 branch.

Thank you for using Openfire!

For other release announcements and news follow us on Twitter

Tags: openfire, planetjabber, release 5
Guus der Kinderen
3

Openfire 4.5.6 is released

Openfire 4.5.6 has been released, that addresses an annoying issue that was affecting the earlier 4.5.5 release. We’ve updated the bundled log4j library to version 2.17.1 for good measure.

The changelog denotes the two Jira issues closed by this release. You can find Openfire build artifacts available for download here and they have the following sha256sum values

3cf7be64dec0ab0d410ec38b15fae00eecd681c72140a8ad3ccc48be52a88982  openfire-4.5.6-1.i686.rpm
16d1d487d852efd80312fa796ffbaa61dd16e7b0e6587234639e9716e82b0745  openfire-4.5.6-1.noarch.rpm
db0fa0f3b0c904f6b15bcac3b4dc60db2aed8f8275f5f6af886d0bc8dbcdaf9c  openfire-4.5.6-1.x86_64.rpm
d7f2bca0bc82ef6ad404d36dcf4c3ba65a6f9191a00873a83c6739658ce124c6  openfire_4.5.6_all.deb
c96f79db2a9e434cc08ef5989062eb352e57315a25765c2a4f1442072eadbe07  openfire_4_5_6_bundledJRE.exe
77061c8aae0a892d041b8695f38ba2fe91b2844259654bb2e55bf505b9debe27  openfire_4_5_6_bundledJRE_x64.exe
c65ccbf45a69c0babe2876a9c511910d2601ff301539e9a4c3d94dc1b82952c9  openfire_4_5_6.dmg
5990611b18b9ffff5ff46dc8bb398306fc6361893c230ee5d71ad852564dcd49  openfire_4_5_6.exe
1f155e858a924e54b172fd884ccd49521fc55d89260b2e074e2b39b4271667c4  openfire_4_5_6.tar.gz
6df1c063efd674c059323431f786e9e2a70a3c6573e1012e2b56f6db7877d28f  openfire_4_5_6_x64.exe
400269969398c6ed90322ea8d199225b0cdf87a90a840d9aa123c0b941b1cfae  openfire_4_5_6.zip

For other release announcements and news follow us on Twitter

Tags: openfire, planetjabber, release 3
Guus der Kinderen
1

Restored Openfire nightly builds

Earlier today, we’ve restored the download page for Openfire’s nightly builds. :partying_face:

For to many moons, it included only a couple of distributions, but now almost all of them are back again (we’re still working on the Mac build though)!

Tags: openfire 1
daryl herzmann
3

Openfire 4.6.7 released (Log4j 2.17.1 only change)

Openfire 4.6.7 has been released with only a single change to bump the bundled log4j library to version 2.17.1. Whilst we do not believe Openfire to be vulnerable to the CVEs associated with the log4j 2.17.0 and 2.17.1 releases, we realize that many folks are running naive security scanners that are simply checking for bundled jar versions.

The changelog denotes the one Jira issue closed by this release. You can find Openfire build artifacts available for download here and they have the following sha256sum values

1a8f1516a3d398b7701ec9a1c8b790a9ece8f3ea59265ccce4e769af5d485f26  openfire-4.6.7-1.i686.rpm
11972b17d60b828345b75fa049469085f22b9aa233082f8fb9bcac90ba0876a6  openfire-4.6.7-1.noarch.rpm
d802fbd9b1a4011fe23c6338d77642cfbc813760d1f5c805bc5934881635edfb  openfire-4.6.7-1.x86_64.rpm
4ab20cb022d5068c1dc0c7024350db4ac63b28a757e216e98ee6863d8ec7d253  openfire_4.6.7_all.deb
2157a17479acc12e6392ad10c2c61d38e478438a279c970a15313e1a49cce7ba  openfire_4_6_7_bundledJRE.exe
ac1e91d23742493a4d56f489e52f77ee5f1db138091600f84b406956e6b701ef  openfire_4_6_7_bundledJRE_x64.exe
baae9416e5979a7dc1c44dab156e540152baf3368e8afe838ee70a64dcaf2ca2  openfire_4_6_7.dmg
b76b304dcbca084830d52da900051f837f605ce22411033fae68a00d28dc0c34  openfire_4_6_7.exe
6b2ba7c4976dbd36249269a453eb176d71a1e7f80575951cdd173d0ec4247056  openfire_4_6_7.tar.gz
fec61e4a573faf634336e535c51112ab94c3f09388ea16948b8c6906ebbdf9ef  openfire_4_6_7_x64.exe
1a92b45968719b7de00181d8dcfc5ef10e335b02deafcf7d6a5053a968ed0646  openfire_4_6_7.zip

At this point and due to limited community usage, we do not plan to create an additional 4.5 series release with this associated change. Please note that the 4.7.0-beta release of Openfire was made prior to all the security vulnerabilities associated with log4j and is thus vulnerable. We hope to finalize a 4.7.0 release very soon, which will also bring log4j to version 2.17.1. Update: we needed a 4.5 release for a different issue. We pulled in the log4j update as we were releasing anyway.

Thanks for your usage and interest in Openfire!

For other release announcements and news follow us on Twitter

Tags: openfire, planetjabber, release 3
Guus der Kinderen
13

Openfire 4.6.6 and 4.5.5 releases (Log4j-only changes)

As we’re monitoring developments around the recent Log4j vulnerabilities, we’ve decided to provide another update for Openfire to pull in the latests available updates from Log4j.

Since the previous release, the Log4j team released a new version (2.16.0) of their library, that provides better protection against the original vulnerability (CVE-2021-44228), but also guards against a newly discovered vulnerability (CVE-2021-45046) in Log4j.

The Ignite Realtime community has decided to immediately make available new releases of Openfire that include this newer version of Log4j: Openfire 4.6.6 and Openfire 4.5.5.

In addition to upgrading the Log4j libraries to version 2.16.0, we have put in place the mitigation measures that were defined for these CVEs. It’s important to note that these mitigation measures are known to be insufficient to fully protect against the vulnerabilities. However, the update to version 2.16.0 of Log4j makes these measures redundant. We have opted to include them anyway, as we know that many of you modify Openfire to a great extent. If such modifications would inadvertently re-introduce a vulnerable version of Log4j, at least some mitigation is in place. No changes other than these Log4j-related changes are included in the releases that we are publishing today.

We are aware that for some, the process of deploying a new major version of Openfire is not a trivial matter, as it may encompass a lot more than only performing the update of the executables. Depending on regulations that are in place, this process can require a lot of effort and take a long time to complete. To facilitate users that currently use an older version of Openfire, we are also making available a new release in the older 4.5 branch of Openfire that pulls in the Log4j update. An upgrade to that version will, for some, require a lot less effort. Note well: although we are making available a new version in the 4.5 branch of Openfire, we strongly recommend that you upgrade to the latest version of Openfire (currently in the 4.6 branch), as that includes important fixes and improvements that are not available in 4.5.

The following sha256 checksums are valid for the Openfire 4.6.6 distributables:

507b4899fb1c84b0ffd95c29278eeefd56ac63849bb730192b26779997ada21b  openfire-4.6.6-1.i686.rpm
d2913d913449a9e255b10ea6ee22a5967083a295038c21d3b761bb236c22e0cd  openfire-4.6.6-1.noarch.rpm
02aa7af09286f25fbceef1ea27940e1696ced1e3a6c28b5e0ae094d409580734  openfire-4.6.6-1.x86_64.rpm
3add3c877745dcc6aacd335cfc8fe1674567bb3b28728cfa6c008556c59a9e98  openfire_4.6.6_all.deb
00c5ecbbf725de1093bfe3e5774b8c0e532742435439f70a4435fc5bed828b99  openfire_4_6_6_bundledJRE.exe
4ff92208e62f0455295a8cf68d57e2d9e3ede15c71aaab26cf1a410dce5aba5b  openfire_4_6_6_bundledJRE_x64.exe
2584a6b61f0d9447a868f9bfadb5892d56d854198604b3ace9b638b8c217cac4  openfire_4_6_6.dmg
6cc42bfb60a5f8453c37d980c24c2a5ba48e1e1363ebfcc5d7f2e1deb6da5f17  openfire_4_6_6.exe
6431a22d2dd9f077b9b2ee8949238c0f076ab34d43ee200a6873fa5453630bd6  openfire_4_6_6.tar.gz
ec8da5fdc93065df9bf41c0f4aebd6bb47f1dea11dcc96665ac0105f035378b2  openfire_4_6_6_x64.exe
af68252b98b8af6afb0753b4054adcf4cab1968579eaaf644d4da663e9461dce  openfire_4_6_6.zip

For Openfire 4.5.5, the sha256 checksums are:

247f0769e0a449c698ac9c23b658a02131ac6f774f4394dc9bb4e7f114159cc8  openfire-4.5.5-1.i686.rpm
4603f92ce9822d1f43d27a9e15b859232cd09f391e9aeef0b99a782a03ecd12e  openfire-4.5.5-1.noarch.rpm
9df54cbef30664635ed2977a21beded56fa120c5ff9e89b4cfa7466171344517  openfire-4.5.5-1.x86_64.rpm
0815f07094fcfaf4e17aca3ea26f42835b5ff1b486475aff6b743e914709e788  openfire_4.5.5_all.deb
dff2e81da7457e3d8c1ee9e23ff43dd812f56db09df53588df7a5ea5622b1e6e  openfire_4_5_5_bundledJRE.exe
96c2a4f5ed94dda76942ec7e540430c505448a2625a10f52cdc91c2dae0f720a  openfire_4_5_5_bundledJRE_x64.exe
a1ddd675b24b661186645786d1489cb6d80c90c2cae178992af509b5241fb275  openfire_4_5_5.dmg
971b97bc9d405a03d2c3fba51a698cf92397b24104b28fec06b993b6d52568ce  openfire_4_5_5.exe
a5f199bf2347725b952a995c1cfbeb1b8e45c9a26c177100669eeed7679da742  openfire_4_5_5.tar.gz
b5b55c5938b430fa50c702da6b8336be7f79d2c97eb09623dc0c9bd59663aead  openfire_4_5_5_x64.exe
44f90a4f4f7ecebd7cffadc7f108e4bcb8b70dc77b36698d48efaf3eb7650c91  openfire_4_5_5.zip

The process of upgrading is outlined in the Openfire upgrade guide. If you would prefer to enlist support in applying this update, various professional partners are available that can help.

We are always happy to hear about your experiences, good or bad! Please consider dropping a note in the community forums or hang out with us in our web support groupchat.

For other release announcements and news follow us on Twitter!

Tags: openfire, planetjabber, release 13