Below is a list of versions that are available for the authfiltersanitizer plugin. To find other plugins, please review this listing of most recent releases of all plugins.
Plugins extend and enhance the functionality of Openfire. To install plugins, copy the .jar file into the plugins directory of your Openfire installation.
AuthFilter Sanitizer Plugin Readme
Overview
A plugin for the Openfire Real-time communications server that removes entries for Openfire's authentication filter that are susceptible to abuse (CVE-2023-32315).
Installation
Copy the authfiltersanitizer.jar file into the plugins directory of your Openfire installation. The plugin will then be automatically deployed. To upgrade to a new version, copy the new authfiltersanitizer.jar file over the existing file.
Configuration
The plugin can be configured by using these Openfire system properties:
- plugin.authfiltersanitizer.sanitizetask.periodms (default 10000) - The time (in milliseconds) between successive runs of the task that removes susceptible entries.
- plugin.authfiltersanitizer.sanitizetask.delayms (default 2000) - The time (in milliseconds) between a (re)load of this plugin, and the first run of the task that removes susceptible entries.
- plugin.authfiltersanitizer.sanitizetask.disableSearch (default false) - Controls if, apart from known, hard-coded susceptible entries, the task will dynamically search for other susceptible entries.
Using the Plugin
After the plugin has been installed, the Openfire authentication filter will be periodically cleaned from entries automatically.
Releases | Info | File | Version | Released | Openfire Version | ||||
|
Download | 1.0.0 | May 23, 2023 | + |
The plugins below, so-called SNAPSHOTS, are build automatically by the continuous integration system. They represent the latest development, but are untested.
Snapshots | Info | File | Version | Built at | Openfire Version | ||
|
Download | 1.1.0-SNAPSHOT | Sep 12, 2024 | 4.0.0 + | |||
|
Download | 1.1.0-SNAPSHOT | May 23, 2023 | + |