Openfire

This release features a stronger RSA encryption algorithm for certificate creation, prevents users from changing other users' passwords, fixes handling of AltBaseDN for LdapGroups members, logs stack traces while initializing SSLConfig, and fixes a problem with DefaultAdminProvider not including a default admin account.

Cross-site scripting attacks were fixed on several pages. An error in DefaultGroupProvide, certificate import, and the Flash cross domain handler were fixed.

An IQ packet without the 'id' attribute could disconnect other users. Stream Compression has been re-added. A UTF-8 problem in HttpBindServlet has been fixed. The HTTPS port is once again working with HTTP Binding.

A security flaw allowed authentication to be
bypassed, allowing arbitrary code execution. This
was fixed. JDBC and JID optimizations were done.

Clearspace integration was improved. LDAP support
was improved. Multiple conference services are
supported. BOSH (HTTP Binding) was improved.