The IgniteRealtime community is happy to announce a new release of its open source, real-time communications server server Openfire! Version 5.0.2 brings a number of stability improvements and bug fixes.

Notably, it addresses a recently identified security vulnerability, identifies as CVE-2025-59154 . The issue allows for potential identity spoofing via unsafe Common Name attribute parsing. It is mostly applicable to what we perceive to be niche use-cases of Openfire. Please read the full security advisory for more information.

Openfire 5.0.2 is a bugfix release, with various bugfixes and improvements. Of particular interest to some will be the improvements made to the SystemD-based scripts (used in many Linux environments), which remove a few annoyances that were introduced in Openfire 5.0.1. Please refer to the full changelog for more details.

You can obtain the new version of Openfire for your platform from its download page . The checksums for the binaries are:

4e907c615b3a19af0a1b5ab68ae24825b737496f9cf1715c9feafe8f909086da  openfire-5.0.2-1.noarch.rpm
21271a6f22895852e50712236c45c7d213430171d5a3178474b8398f036ac07a  openfire_5.0.2_all.deb
06794a12acdd8f23ca3c40fcd7af1677d8108b4b23bb72424c2751b30cfb3d14  openfire_5_0_2.dmg
c1e830b5e016d0bcff40005cc7bb14c846fe0ec26fc5a3fc967c30e5b6d2e356  openfire_5_0_2.exe
c84ca15cd470d3233add97c852c738eb373859dc9968ad34ec581725164c8114  openfire_5_0_2.tar.gz
98b5cf96326c668efb18cd9347b808a5ef85162b4a0b703aaf8e29d82cc6c727  openfire_5_0_2_x64.exe
8e09ca3dc7fb84b116ce95d10bfa3ff045708cdac4b23bd3d78ccf318e8742d8  openfire_5_0_2.zip

We’d love to hear from you! Please join our community forum or group chat and let us know what you think!

For other release announcements and news follow us on Mastodon or X

1 post - 1 participant

Read full topic