Hello!
I am really surprised!
After adding a non-local (=from another xmpp server) contact to my roster I am able to see the contacts avatar pic of his profile although the other part did not yet confirm me as one of his contact?!
How come? I though the profile incl. the profile pic is “private” so it can only be seen AFTER establishing “friendship”, i.e. the other party confirming.
Openfire 3.7.1 with Spark 2.6.3 on Windows.
Thanks for the insight!