Openfire 3.7.0 Beta is released

[the following is a draft blog post announcing the release of OF3.7 beta]

The Ignite Realtime Community is pleased to announce the beta for the next release of Openfire. This release contains a number of important fixes and improvements to stability and XMPP protocol compliance. You can find a full list of fixed issues here. This beta is also the first to be released by Ignite Realtime under the Apache License v2.0.

You can download the 3.7.0 beta release here. Please provide us your feedback on the Ignite Realtime support forums.

Some important security related notes to this release:

  • Openfire no longer ignores the system property to disallow password changes via XMPP. With previous releases, it was not possible to prevent users from changing their password via their XMPP connection. (CVE-2009-1596)
  • Fixed a XSS attack on the admin console login form.

Protocol compliance improvements:

  • Publish Subscribe (PubSub)
  • BOSH (http-bind) xml namespace compliance fix.

Some highlights of this beta release:

  • Improves how Openfire handles “idle” connections. Some of you may have the system property xmpp.client.idle set to -1 to work around previously broken behaviour. You may now let it default to 6 minutes or set it to your preference.
  • Improved Openfire’s caching to be less prone to memory exhaustion by correctly calculating cache size usage.
  • Fixed a bug where admin console login into a newly installed Openfire server would fail until restarted.
  • Fixed a bug with shared rosters within a LDAP environment.
  • Openfire now is built and shipped with the latest JRE (1.6.0u18).
  • A memory leak with the Personal Eventing Protocol (PEP) was fixed.
  • Openfire’s custom log interface has been replaced with SLF4J and a Log4J backend.
  • Fix issues with self signed SSL certificates.
  • A number of improvements and fixes were made to the Multi-User Chat (MUC) configuration pages on the admin console
  • There were also some improvements made to the plugins.
  • There are also French, Russian, and Lithuanian langauge translation fixes for Openfire and some of the plugins.

The Personal Eventing Protocol (PEP) could lead to memory leaks and server memory exhaustion.

Maybe this one should be in the separate paragraph, like Known Issues.

Thanks wroot, I had that worded in the wrong tense. English is my first language!

Should we ask the users to tag their findings in the forum? That’ll make it easier for us to identify them.

Also, we’re not using Log4j (at least, not directly). We’re using SLF4j, with a Log4j backend.

Thanks Guus. I read all the forum posts, so I’ll be closely watching and triaging anything folks may post. Maybe we just need a beta forum to place posts in? I am not sure.

You can download the 3.7.0 beta release here.
Uhm, no? I see only a “Spark 2.6.0.beta2” there?

Hi coolcat,

What does the first line of the document say?


Okay…I tought I would be already available. I scheduled the update of the primary server already for tomorrow moring, that’s in 14 hours from now. I think I will have to will have to wait

If you build trunk, that should be what the beta would have been. Currently, it looks like the beta will take a while to release due to work ongoing by Benjamin to help us out.


Are there any updates on a beta build release? I’m in the process of migrating our server to a virtual machine, and I would love to ditch the cron job that restarts the server nightly because of the Empathy memory leak problem.


If you are able to use a RPM? If so, try this:

(link expired)


Thanks for the link, I will try that if I have problems. I turned off PEP, which is supposed to be a workable solution to the Empathy issue.

There’s only a spark beta release at that link. Where can I download opefire beta?