Openfire 3.7.0 beta has been released!

Good things come to those who wait!

The Ignite Realtime Community is pleased to announce the beta for the next release of Openfire. This release contains a number of important fixes and improvements to stability and XMPP protocol compliance. You can find a full list of fixed issues here. This beta is also the first version of Openfire to be released by the Ignite Realtime community under the Apache License v2.0.

You can download the 3.7.0 beta release here. Please provide us your feedback on the Ignite Realtime support forums. It would be helpful if you would tag your comments, discussions and questions with a tag that reads “openfire370beta”

As always, but particularly since this is a beta release, make sure to backup any existing version of Openfire and the persistent storage that it uses, before upgrading!

Some important security related notes to this release:

  • Openfire no longer ignores the system property to disallow password changes via XMPP. With previous releases, it was not possible to prevent users from changing their password via their XMPP connection. (CVE-2009-1596)
  • Fixed a XSS attack on the admin console login form.

Protocol compliance improvements:

  • Publish Subscribe (PubSub)
  • BOSH (http-bind) xml namespace compliance fix.

Some highlights of this beta release:

  • Improves how Openfire handles “idle” connections. Some of you may have the system property xmpp.client.idle set to -1 to work around previously broken behaviour. You may now let it default to 6 minutes or set it to your preference.
  • Improved Openfire’s caching to be less prone to memory exhaustion by correctly calculating cache size usage.
  • Fixed a bug where admin console login into a newly installed Openfire server would fail until restarted.
  • Fixed a bug with shared rosters within a LDAP environment.
  • Openfire now ships with the latest JRE (1.6.0u21).
  • A memory leak with the Personal Eventing Protocol (PEP) was fixed.
  • Openfire’s custom log interface has been replaced with SLF4J and a Log4J backend.
  • Fix issues with self signed SSL certificates.
  • A number of improvements and fixes were made to the Multi-User Chat (MUC) configuration pages on the admin console
  • There were also some improvements made to the plugins.
  • There are also French, Russian, and Lithuanian langauge translation fixes for Openfire and some of the plugins.

Maybe there should be also section Known Issues? I suppose Kraken still won’t work in Spark with new logging system? Well, not really Openfire issue, but related and could be important to some users.


Any chance to get a .deb. package?

Marcio, check out - it has a Debian build.

Why would you want a beta version if there is already a final 3.7.0 release available? Links are working for me

Hello Harold,

The 3.7.0-beta release isn’t available for downloading any longer, but the 3.7.0 release is! You can get it from

Both files are downloading on my computer. Can you try a different computer?

Or try with other browser, or try disabling your antivirus software or maybe some noscript add-on in your browser. As i said before, links work fine for me (and Guus) and nobody else has complained so far.

Logs are not working in this version.

Getting no error or warning or debug( enabled).

Use the final version and report your issues in the forums. Logs work for me.