powered by Jive Software

Openfire 3.6.4 has been released

We are happy to announce a new release of Openfire. The new release includes an important security fixe. Existing installations should update to this version. The complete set of changes can be found here.

Download Openfire from: http://www.igniterealtime.org/downloads/index.jsp


Openfire Team


it is not very fun to have Jive show up once per month to fix yet another security vulnerability. Is this what we are to expect in the future? Any sort of clarity on Jive future role with Ignite would be nice. Currently, all we have are blog posts which rarely come true.


Hey Daryl,

We are formalizing a plan that will make it easier for the community to maintain the site and projects. I know that we have been pushing Openfire and the other projects very slowly and we want to change that. If you are looking to maintain the products and push new releases then these are probably good news to you.

– Gato

Hi Gato,

Thanks for responding to my flame. Yes, commiting my patches will be nice and backing out a number that made it for 3.6.0 will be nice.


Hi Gato/Darryl,

I have upgraded openfire on my test box from 3.6.3 to 3.6.4. Everything works fine except the sparkweb. It can not connect to the openfire with my current config through HTTPS binding and port 5229. No error message on the log. But it works if I used sparkweb’s original index.html file (not secure which I don’t want).

Herewith, my sparkweb config file in the index.html file which is working fine on my production openfire 3.6.3:

function jive_sparkweb_getConfig()
return {
server: “domain.com”,
connectionType: “https”,
port: “7443”,
autoLogin: “false”,
policyFileURL: “xmlsocket://domain.com:5229”