net-im/openfire: Update to 4.7.5
ChangeLog: http://download.igniterealtime.org/openfire/docs/4.7.5/changelog.html
Improvement
- Admin console CSS tweaks
- Validate JIDs that are sent by remote servers
- Apply nodeprep on S2S stanza addresses
- Do not default to Chinese locale
- Name threads
- Plugins should have updated SCM references
Task
- Ensure that MUC Room names are nodeprepped
- Update dependency-check to 8.1.2
- Update commons-fileupload to 1.5
- Update mysql-connector from 8.0.28 to 8.0.32
- Update twelvemonkeys imageio-core from 3.5 to 3.7.1 or higher
- Update SQL Server JDBC driver from 7.4.1 to 9.4.1
- Remove protobuf-java from mysql-connector-j
Story
- Update postgresql to 42.4.1
Sub-task
- Improve detection of path traversal
- Add config option for using wildcards in AuthCheckFilter
- Remove wildcard usage in AuthCheckFilter
- Avoid having setup-specific auth-excludes after install
Bug
- Overzealous deletion of child properties
- pubsub should always deliver payloads when items are retrieved.
- Fallback of verifyCertificateValidity for connection listener uses incorrect setting
- Text formatting error in registration settings
- Fix failing aioxmpp tests
- CVE-2023-32315 Admin Console Auth Bypass
PR: 271922
Reported by: nikita@druba.su (maintainer)