Hi,
the CVE-2022-41853 is about hsqldb need to update above 2.7.1, but latest openfire 4.7.4 the hsqldb is still 2.4.1. Does openfire has any plan to update this ?
Thanks,
Joe
Thank you for raising this concern. HSQLDB will be updated in the next release of Openfire. We are tracking this effort in [OF-2494] - Ignite Realtime Jira
Thanks, so may I know when the next release will be published ?
1 Like
You can manually update your instance.
Download the the version of hsqldb.
stop openfire
replace the hsqldb jar in openfire with the one you downloaded.
start openfire.