Ignite Realtime is the community site for the users and developers of Jive Software's open source Real Time Communications projects. Your involvement is helping to change the open RTC landscape.
The Ignite Realtime Community is elated to be able to announce the release of Openfire version 4.7.0!
This release is the first non-patch release in more than a year, which brings a healthy amount of new features, as well as bug fixes.
I’d like to explicitly thank the many people in the community that have supported this release: not only were a significant amount of code contributions provided, the feedback that we get in our chatroom and on our community forums is of great value to us!
Highlights of this release include extensively improved clustering support, particularly around Multi-User Chat functionality, which should benefit high-volume environments.
The complete changelog contains more than 110 issues that have been resolved in this release.
We invite you to give this release a try. The process of upgrading from an earlier version is as lightweight as ever. It is outlined in the Openfire upgrade guide. Please note that, if desired, a significant amount of professional partners is available that can provide commercial support for upgrading, customization, or other services.
You can find Openfire release artifacts on the download page. These are the the applicable
061200b8925f9d248c7303a5e893c3bd3df256bae07956ac4aa5fccb88e247c7 openfire-4.7.0-1.noarch.rpm f1867b224082aa4baa3632bed465a51d21eb109cb57b01ac1a97f0662ab6f23c openfire_4.7.0_all.deb f7bc7d3dbeae4ce7f8620338c6f4cc27de873e8b7e736d2dc9b345a0942b89cc openfire_4_7_0.dmg 49d474983105665831a15204d2504d56a829a908c5ffc4837504edcf71e52519 openfire_4_7_0.exe 781e024118e46675134b712e92efd249dd86b0e64c6ae221484c03fa5c66fe6f openfire_4_7_0.tar.gz 7280870634edeba66b8ab274cab6c6e22c5fb4643942760de2c400d262917ac5 openfire_4_7_0_x64.exe 0ba7cac3dba81922fa254562f5e2fdb066bd195738910c4449e882195f936610 openfire_4_7_0.zip
As per usual, we have created a 4.7 branch in our source code repository, that will hold follow-up bug fixes for this release, which will be numbered with 4.7.x identifiers. The main branch will over time evolve into release 4.8. We do not expect to perform more releases on the 4.6 branch.
Thank you for using Openfire!
Openfire 4.5.6 has been released, that addresses an annoying issue that was affecting the earlier 4.5.5 release. We’ve updated the bundled log4j library to version 2.17.1 for good measure.
3cf7be64dec0ab0d410ec38b15fae00eecd681c72140a8ad3ccc48be52a88982 openfire-4.5.6-1.i686.rpm 16d1d487d852efd80312fa796ffbaa61dd16e7b0e6587234639e9716e82b0745 openfire-4.5.6-1.noarch.rpm db0fa0f3b0c904f6b15bcac3b4dc60db2aed8f8275f5f6af886d0bc8dbcdaf9c openfire-4.5.6-1.x86_64.rpm d7f2bca0bc82ef6ad404d36dcf4c3ba65a6f9191a00873a83c6739658ce124c6 openfire_4.5.6_all.deb c96f79db2a9e434cc08ef5989062eb352e57315a25765c2a4f1442072eadbe07 openfire_4_5_6_bundledJRE.exe 77061c8aae0a892d041b8695f38ba2fe91b2844259654bb2e55bf505b9debe27 openfire_4_5_6_bundledJRE_x64.exe c65ccbf45a69c0babe2876a9c511910d2601ff301539e9a4c3d94dc1b82952c9 openfire_4_5_6.dmg 5990611b18b9ffff5ff46dc8bb398306fc6361893c230ee5d71ad852564dcd49 openfire_4_5_6.exe 1f155e858a924e54b172fd884ccd49521fc55d89260b2e074e2b39b4271667c4 openfire_4_5_6.tar.gz 6df1c063efd674c059323431f786e9e2a70a3c6573e1012e2b56f6db7877d28f openfire_4_5_6_x64.exe 400269969398c6ed90322ea8d199225b0cdf87a90a840d9aa123c0b941b1cfae openfire_4_5_6.zip
Earlier today, we’ve restored the download page for Openfire’s nightly builds.
For to many moons, it included only a couple of distributions, but now almost all of them are back again (we’re still working on the Mac build though)!
Openfire 4.6.7 has been released with only a single change to bump the bundled log4j library to version 2.17.1. Whilst we do not believe Openfire to be vulnerable to the CVEs associated with the log4j 2.17.0 and 2.17.1 releases, we realize that many folks are running naive security scanners that are simply checking for bundled jar versions.
1a8f1516a3d398b7701ec9a1c8b790a9ece8f3ea59265ccce4e769af5d485f26 openfire-4.6.7-1.i686.rpm 11972b17d60b828345b75fa049469085f22b9aa233082f8fb9bcac90ba0876a6 openfire-4.6.7-1.noarch.rpm d802fbd9b1a4011fe23c6338d77642cfbc813760d1f5c805bc5934881635edfb openfire-4.6.7-1.x86_64.rpm 4ab20cb022d5068c1dc0c7024350db4ac63b28a757e216e98ee6863d8ec7d253 openfire_4.6.7_all.deb 2157a17479acc12e6392ad10c2c61d38e478438a279c970a15313e1a49cce7ba openfire_4_6_7_bundledJRE.exe ac1e91d23742493a4d56f489e52f77ee5f1db138091600f84b406956e6b701ef openfire_4_6_7_bundledJRE_x64.exe baae9416e5979a7dc1c44dab156e540152baf3368e8afe838ee70a64dcaf2ca2 openfire_4_6_7.dmg b76b304dcbca084830d52da900051f837f605ce22411033fae68a00d28dc0c34 openfire_4_6_7.exe 6b2ba7c4976dbd36249269a453eb176d71a1e7f80575951cdd173d0ec4247056 openfire_4_6_7.tar.gz fec61e4a573faf634336e535c51112ab94c3f09388ea16948b8c6906ebbdf9ef openfire_4_6_7_x64.exe 1a92b45968719b7de00181d8dcfc5ef10e335b02deafcf7d6a5053a968ed0646 openfire_4_6_7.zip
At this point and due to limited community usage, we do not plan to create an additional
4.5 series release with this associated change. Please note that the
4.7.0-beta release of Openfire was made prior to all the security vulnerabilities associated with
log4j and is thus vulnerable. We hope to finalize a
4.7.0 release very soon, which will also bring log4j to version
2.17.1. Update: we needed a 4.5 release for a different issue. We pulled in the log4j update as we were releasing anyway.
Thanks for your usage and interest in Openfire!
As we’re monitoring developments around the recent Log4j vulnerabilities, we’ve decided to provide another update for Openfire to pull in the latests available updates from Log4j.
Since the previous release, the Log4j team released a new version (2.16.0) of their library, that provides better protection against the original vulnerability (CVE-2021-44228), but also guards against a newly discovered vulnerability (CVE-2021-45046) in Log4j.
The Ignite Realtime community has decided to immediately make available new releases of Openfire that include this newer version of Log4j: Openfire 4.6.6 and Openfire 4.5.5.
In addition to upgrading the Log4j libraries to version 2.16.0, we have put in place the mitigation measures that were defined for these CVEs. It’s important to note that these mitigation measures are known to be insufficient to fully protect against the vulnerabilities. However, the update to version 2.16.0 of Log4j makes these measures redundant. We have opted to include them anyway, as we know that many of you modify Openfire to a great extent. If such modifications would inadvertently re-introduce a vulnerable version of Log4j, at least some mitigation is in place. No changes other than these Log4j-related changes are included in the releases that we are publishing today.
We are aware that for some, the process of deploying a new major version of Openfire is not a trivial matter, as it may encompass a lot more than only performing the update of the executables. Depending on regulations that are in place, this process can require a lot of effort and take a long time to complete. To facilitate users that currently use an older version of Openfire, we are also making available a new release in the older 4.5 branch of Openfire that pulls in the Log4j update. An upgrade to that version will, for some, require a lot less effort. Note well: although we are making available a new version in the 4.5 branch of Openfire, we strongly recommend that you upgrade to the latest version of Openfire (currently in the 4.6 branch), as that includes important fixes and improvements that are not available in 4.5.
sha256 checksums are valid for the Openfire 4.6.6 distributables:
507b4899fb1c84b0ffd95c29278eeefd56ac63849bb730192b26779997ada21b openfire-4.6.6-1.i686.rpm d2913d913449a9e255b10ea6ee22a5967083a295038c21d3b761bb236c22e0cd openfire-4.6.6-1.noarch.rpm 02aa7af09286f25fbceef1ea27940e1696ced1e3a6c28b5e0ae094d409580734 openfire-4.6.6-1.x86_64.rpm 3add3c877745dcc6aacd335cfc8fe1674567bb3b28728cfa6c008556c59a9e98 openfire_4.6.6_all.deb 00c5ecbbf725de1093bfe3e5774b8c0e532742435439f70a4435fc5bed828b99 openfire_4_6_6_bundledJRE.exe 4ff92208e62f0455295a8cf68d57e2d9e3ede15c71aaab26cf1a410dce5aba5b openfire_4_6_6_bundledJRE_x64.exe 2584a6b61f0d9447a868f9bfadb5892d56d854198604b3ace9b638b8c217cac4 openfire_4_6_6.dmg 6cc42bfb60a5f8453c37d980c24c2a5ba48e1e1363ebfcc5d7f2e1deb6da5f17 openfire_4_6_6.exe 6431a22d2dd9f077b9b2ee8949238c0f076ab34d43ee200a6873fa5453630bd6 openfire_4_6_6.tar.gz ec8da5fdc93065df9bf41c0f4aebd6bb47f1dea11dcc96665ac0105f035378b2 openfire_4_6_6_x64.exe af68252b98b8af6afb0753b4054adcf4cab1968579eaaf644d4da663e9461dce openfire_4_6_6.zip
For Openfire 4.5.5, the
sha256 checksums are:
247f0769e0a449c698ac9c23b658a02131ac6f774f4394dc9bb4e7f114159cc8 openfire-4.5.5-1.i686.rpm 4603f92ce9822d1f43d27a9e15b859232cd09f391e9aeef0b99a782a03ecd12e openfire-4.5.5-1.noarch.rpm 9df54cbef30664635ed2977a21beded56fa120c5ff9e89b4cfa7466171344517 openfire-4.5.5-1.x86_64.rpm 0815f07094fcfaf4e17aca3ea26f42835b5ff1b486475aff6b743e914709e788 openfire_4.5.5_all.deb dff2e81da7457e3d8c1ee9e23ff43dd812f56db09df53588df7a5ea5622b1e6e openfire_4_5_5_bundledJRE.exe 96c2a4f5ed94dda76942ec7e540430c505448a2625a10f52cdc91c2dae0f720a openfire_4_5_5_bundledJRE_x64.exe a1ddd675b24b661186645786d1489cb6d80c90c2cae178992af509b5241fb275 openfire_4_5_5.dmg 971b97bc9d405a03d2c3fba51a698cf92397b24104b28fec06b993b6d52568ce openfire_4_5_5.exe a5f199bf2347725b952a995c1cfbeb1b8e45c9a26c177100669eeed7679da742 openfire_4_5_5.tar.gz b5b55c5938b430fa50c702da6b8336be7f79d2c97eb09623dc0c9bd59663aead openfire_4_5_5_x64.exe 44f90a4f4f7ecebd7cffadc7f108e4bcb8b70dc77b36698d48efaf3eb7650c91 openfire_4_5_5.zip
We are always happy to hear about your experiences, good or bad! Please consider dropping a note in the community forums or hang out with us in our web support groupchat.