About CVE-2022-41853 hsqldb does openfire has any plan to update hsqldb


the CVE-2022-41853 is about hsqldb need to update above 2.7.1, but latest openfire 4.7.4 the hsqldb is still 2.4.1. Does openfire has any plan to update this ?


Thank you for raising this concern. HSQLDB will be updated in the next release of Openfire. We are tracking this effort in [OF-2494] - Ignite Realtime Jira

Thanks, so may I know when the next release will be published ?

1 Like

You can manually update your instance.
Download the the version of hsqldb.
stop openfire
replace the hsqldb jar in openfire with the one you downloaded.
start openfire.