A critical security vulnerability has been found in Smack. Please upgrade immediately to Smack 4.1.9. Like all Smack releases with the same major and minor version numbers, 4.1.9 is a drop in replacement for all Smack 4.1 releases. Smack 4.1.9 is available on Maven Central.
The Ignite Realtime community would like to thank Sylvain Sarméjeanne for discovering and reporting the vulnerability to security@igniterealtime.org.