Openfire Changelog
Openfire Changelog
Readme
Changelog
License
5.0.4 --
March 17, 2026
Improvement
OF-3156
] - Improve error handling when MUC service creation fails in admin console
OF-3160
] - Bump BouncyCastle.version from 1.78.1 to 1.83
OF-3164
] - High CPU usage caused by exception-based control flow in UserManager.isRegisteredUser()
OF-3177
] - Improve logging when TrustManager initialization fails (exception currently suppressed)
OF-3200
] - Improve InMemoryPubSubPersistenceProvider.purgeNode() to target the service cache entry directly instead of scanning all entries
Task
OF-3161
] - Upgrade Netty to 4.1.131 version
OF-3162
] - Upgrade Apache commons-text from 1.10.0 to 1.15.0
OF-3178
] - Update install4j to 12.0.2
Bug
OF-2637
] - Admin Console -> Logs viewer. Selecting 'All' lines causes exception
OF-3132
] - When obtaining user sessions for bare JID, not all sessions are returned
OF-3165
] - Fix incorrect message in closeNeverEncryptedConnection method
OF-3175
] - Openfire startup deadlocks during autosetup when encrypted XML properties are processed
OF-3197
] - updateSubscription() sets wrong parameter index when deleting a subscription in state none, silently failing to delete the correct row
OF-3198
] - LOAD_LAST_ITEMS_LIMIT query returns items in ascending order, causing incorrect results for non-SQL Server, non-Oracle databases
OF-3205
] - always update lastPublished when same item is overwritten (XEP-0060 §7.1.2)
5.0.3 --
December 12, 2025
Improvement
OF-3130
] - Update PostgreSQL JDBC driver to 42.7.8
OF-3134
] - Upgrade HSLQDB from 2.7.1 to 2.7.4
OF-3135
] - Improve wording of TLS Auth setting
OF-3139
] - Remove obsolete transport icons
Bug
OF-3127
] - ConcurrentModificationException on room join
OF-3133
] - Fix datatype of muc#register_faqentry field
OF-3144
] - Upgrade sqlserver JDBC driver to 10.2.4
OF-3146
] - Chat room count value is incorrect
OF-3147
] - server_bytes_out statistic is not being populated
OF-3148
] - Admin MUC affiliations are not persisted in ofMucAffiliation (lost after restart)
OF-3149
] - IllegalStateException occurs when removing shared groups due to multiple Iterator.remove() calls for a single Iterator.next().
OF-3155
] - Resource policy "Always kick" does not function correctly
5.0.2 --
September 15, 2025
Improvement
OF-3104
] - When a MUC room's config gets changed, send appropriate status code
OF-3107
] - Synchronize launch scripts
OF-3110
] - Guard against unexpectedly empty input
OF-3112
] - Less strict with regards to whitespace in base64 encoding
OF-3114
] - AdHoc 'end user session' command to report how many sessions were ended
OF-3116
] - IQLastActivityHandler should ignore IQ responses
OF-3118
] - Bump org.apache.commons:commons-lang3 from 3.9 to 3.18.0
OF-3123
] - For client mutual authentication, prefer Subject Alternative Name for identities
New Feature
OF-3100
] - Have PEP 'process' function return a future
Bug
OF-3106
] - /etc/init.d/openfire: when JAVA\_HOME is empty it fails to detect the best java version
OF-3108
] - Certificate update breaks functionality
OF-3109
] - HSQLDB database viewer doesn't always start
OF-3113
] - UserNotFoundException in PresenceSubscribeHandler
OF-3117
] - Unit test failures when there's a space in the base path
OF-3124
] - CVE-2025-59154 Potential identity spoofing via unsafe CN parsing
5.0.1 --
June 30, 2025
Improvement
OF-3095
] - Do not warn about cache max lifetime settings with default values
Task
OF-3096
] - Update bundled Search plugin
Bug
OF-3093
] - Windows Launcher failure (missing images)
OF-3094
] - Client-to-Server SASL EXTERNAL incorrectly queries for authzid
OF-3098
] - Federated occupants get incorrectly identified as 'ghost'
5.0.0 --
June 20, 2025
Improvement
OF-2132
] - Use CRL as provided by CA
OF-2134
] - Restore and improve Certificate Revocation support
OF-2280
] - Guard against S2S connection inconsistency in cluster
OF-2453
] - Disable Connection Manager ports by default
OF-2785
] - Add IPv6 support when evaluating Client Session IP addresses
OF-2786
] - IPv6/IPv4 fallback
OF-2787
] - Add IPv6-specific documentation
OF-2811
] - Do not block Netty EventLoop threads
OF-2821
] - Allow session-summary to display resource string
OF-2859
] - Rename MUCRole
OF-2862
] - Refactor 'role' and 'affiliation' related privileges
OF-2871
] - Allow optional password for alternate venue when destroying room
OF-2876
] - Rise minimal required JRE to 17
OF-2877
] - Reproducible builds
OF-2889
] - i18n properties: don't convert from UTF-8 to Latin1
OF-2892
] - Available Plugins page: redesign to make Documentation easier to see
OF-2902
] - Update commons-fileupload for transitive CVE
OF-2903
] - Upgrade Sitemesh
OF-2914
] - Reduce verbosity of TLS issues
OF-2919
] - Don't let XMPP-decoder decode TLS's End-of-Transmission
OF-2924
] - Reduce duplicate code in Multi-providers
OF-2926
] - Add documented configuration options for LdapAuthProvider's cache
OF-2927
] - Allow LDAP alternateBaseDN to be configured in admin console
OF-2928
] - Improve parallel execution of multi-providers
OF-2939
] - Show plugin warning on index page
OF-2940
] - Run all plugin database update scripts
OF-2942
] - S2S outbound can give up faster when encryption and/or auth mechanisms are exhausted
OF-2945
] - Suppress warning during JSPC precompilation
OF-2950
] - RemoteSessionLocator should ignore local node
OF-2951
] - Faster log-in \(with federated contacts\)
OF-2955
] - Update PostgreSQL JDBC driver to 42.7.7
OF-2958
] - Bump up timeout for MUC non-responsiveness check
OF-2967
] - Remove newline before presence in ClientSession toString
OF-3027
] - Give parent eventloop threads a recognizable name
OF-3028
] - Netty threads from 'child' eventloop should use Netty-default settings
OF-3030
] - "Setting locale to X" isn't a warning
OF-3033
] - Modify Stream Management to account for short-lived background apps
OF-3034
] - Stream Management optional close shouldn't log error
OF-3035
] - Failure to get address from detached session over cluster shouldn't log an error
OF-3036
] - Improve log messages when unable to connect to a remote host that is unreachable
OF-3038
] - Reduce verbosity of Socket Connection reset log messages \(c2s only\)
OF-3048
] - Load time of session-summary admin page in a cluster
OF-3052
] - Consistently use pagination for ad-hoc commands
OF-3055
] - When removing XML elements, don't expect there to be only one.
OF-3056
] - Reduce reliance on RoutingTable when processing directed presence
OF-3059
] - Deprecate concept of 'anonymous route'
OF-3061
] - Improve DB query to get last pubsub items
OF-3062
] - Ignore unexpected 'subscription' values in Roster Set
OF-3063
] - CAPS calculation debug info
OF-3065
] - Allow Connection Manager DirectTLS endpoint configuration
OF-3067
] - Bump up xmpp.server.outgoing.max.threads
OF-3068
] - SocketUtil should give up sooner
OF-3071
] - Replace Pull Parser \(XPP3\) library for compat with Java 11
OF-3078
] - JDBCAuthProvider: Default bcrypt log rounds 10
OF-3079
] - Backwards compat plugins
OF-3083
] - SerializingCache should dereference classes when unused
Task
OF-2717
] - Migrate to Jetty 12
OF-2722
] - Phase out commons-fileupload
OF-2729
] - Setup IPv6 tests
OF-2754
] - Deprecate FastDateFormat
OF-2793
] - Include Oracle Database Driver in distribution
OF-2905
] - Update Maven Wrapper to 3.3.2
OF-2943
] - Update database used by unit tests
OF-2956
] - Drop unused database table ofSASLAuthorized
OF-2961
] - Update Netty to 4.1.118
OF-3051
] - Update to Tinder 2.1.0
OF-3082
] - Allow SerializingCache to use 'raw' types
OF-3084
] - Remove code that is deprecated and scheduled for removal in 5.0.0
New Feature
OF-2607
] - Implement XEP-0421: Anonymous unique occupant identifiers for MUCs
OF-2760
] - Add option to tombstone/retire a MUC upon deletion, preventing the name from use in the future
OF-2885
] - TaskEngine jobs to support Future
OF-2916
] - Add option to delete history on room deletion
OF-2917
] - Add option to preserve room history on room deletion
OF-2918
] - Add option to clear history for a given MUC
OF-2923
] - Use more than one AD/LDAP server
OF-2925
] - Have multi-providers for groups
OF-2952
] - Alert admins that certificate is about to expire
OF-3053
] - Add support for XEP-0433: Extended Channel Search
OF-3090
] - Add Italian translation
OF-3091
] - Add Turkish translation
OF-3092
] - Add Swedish Language
Sub-task
OF-2861
] - Rename MUCRole, breaking changes
OF-2973
] - Remove empty
US