I am a security researcher working on the latest current stable release of Openfire. I would want to know a single point of contact, an email address or something similar to whom I can report security vulnerabilities that I have discovered during the course of my research so that a co-ordinated disclosure to the security community can be made after the issues are fixed.
Try sending your message to security atigniterealtime.org. This will forward your messages to 4 addresses (including me, another community member and couple JiveSoftware developers). We haven’t tested this email for a while, so i’m not sure it still working. Ping back here after you send it. There was also a wiki document with list of fixed and standing issues. But i think it wasn’t finished. And it is still in the private Community planning group.