I am not sure its a good idea to update the builds as it gets confusing as to which build was downloaded by a user. I am also struggling to understand why this bug is happening in the first place. Would it be better to figure out why the bug is happening and squash it, then release 3.9.3 ?
This also did the trick for me.
conf/security.xml
windows server 2012 r2 & windows AD
well done.
This update broke my installation as well. The fix worked.
However, since the installed encrypted the db username and password in the openfire.xml, one can not longer downgrade, as the downgrade doesn’t understand the encryption. I had immediately tried to downgrade when the new version failed.