Hi,
If I send a presence stanza of type=“subscribed” to a user, Wildfire forwards the request and sends roster push items to the user in question. This happens even if I am not yet on their roster with ask=“subscribe” and a subscription of neither “none” nor “from”.
This seems a directly contradictory to section 8 of chapter 8.2 in RFC 3921. The proper behaviour is that the server MUST silently ignore it, so I guess that makes it a bug.
I feel it’'s a fairly important one, since it opens the way for spam/spim (especially if you consider that many clients use vcards to read avatars and nicknames) that cannot be easily blocked by clients.
Regards,
Frank