I wrote an update to this article.
TL;DR: This vulnerability is bad and abused in the wild. The information in the original security advisory is still up to date. Affected instances of Openfire should be updated as soon as possible.
1 Like