Some user providers might not provide a creation date for each user. There's no
reason that the Admin Console should not be able to cope with that.

With the current implementation, any user can send the register IQ to register with
a room as a 'member'. This also allows outcasts, that were banned from a room, to be
able to register again as a member, and eventually re-join the room. The solution is
to prevent outcasts from registering with the room.

In dom4j, the default namespace of an element cannot be set by adding
a namespace that has an empty-string prefix. Although the string
representation of the element will be correct, that namespace is not
being recognized as the default namespace of the element (instead, it
is a namespace like any other prefixed namespace, to be used in child
elements).

The original code depends on a whitespace to be present within the limits
of the element. This is not safe (eg: <message><foo/></message> fails).
Instead, the closing characters ( > or /> ) of the first element should
be used, as that's guaranteed to be present.

A change introduced in Openfire 3.10.3 (OF-938) changed how the BOSH
implementation would add default namespace definitions where applicable.
This new implementation depends on a space from being present in the
outer stanza. The 'fin' element that's transmitted here is wrapped in
a message stanza without any attributes ( <message><fin ... ) which
caused the namespace to be injected in the fin element (where the first
space was).

This commit adds a 'to' attribute to the wrapping message stanza, to
allow for users to work around the problem without having to update
Openfire itself.

The BOSH implementation will be adjusted to account for this in another
commit.

When a room occupant sends an availability update to a host in an
Openfire cluster, other users cannot join the room from other hosts in
the cluster. The availability update causes the other hosts to lose an
occupant's role and affiliation. New occupants encounter an NPE when
joining and are prevented from joining the room. Specifically, the NPE
occurs when Openfire attempts to send initial presences for current
occupants.

Remote hosts in the cluster lose the occupant's association because the
local room simply broadcasts the presence packet for the occupant's
availability update. Because it is from the client, this packet does not
have the occupant's role or affiliation. The remote hosts treat the
presence packet as the occupant's presence without modification.

This fix changes the order in which Openfire handles an availability
update. First, it updates its local view of an occupant's presence. This
populates the correct association. Then, it broadcasts the updated
presence to remote hosts in the cluster.

In the current read scheme for Openfire, it is possible that due
to variable width encoding that we sometimes only create a
string with a partial character.

This breaks the message text and causes encoding issues when read.

This change modifies the way the characters are
read to use an bytearrayoutputstream and
only do the string conversion once.

Since we only do the string creation once after the full
buffer is read, we no longer have encoding
issues with broken unicode characters.

In #routeToComponent, it is first checked if the component is being hosted in the local JVM. If it was not found, then all nodes in the ComponentsCache are checked to find if the component is hosted by one of those. In this process, the local routing table is again searched for the component, because it may have been added after the previous check. However, after this search, there is no null check done for the searched route. This results in an NPE when the component was not found locally and the #process(packet) method is called on the object. 

This also prevents the code from searching other nodes that may have been in the nodes set. Added a null check to prevent this scenario.

See XEP-0016, example 50.

Patch submitted by community member lukzie.

This commit moves jetty 9.2.9 to 9.2.14, which currently is the
latest release of it 9.2 branch.

Conflicts:
	build/lib/versions.txt

Ensure cluster listener is properly initialized (and destroyed).

The unmodifiable collection in the original code is not immutable: when
the original collection is modified, this is reflected (which can cause
problems in iterators created from the unmodifiable collection). This
commit creates a new collection to prevent this from happening.

Conflicts:
	src/java/org/jivesoftware/openfire/keystore/IdentityStore.java

IdentityStore.addSelfSignedDomainCertificate considers the certificate
validity in days, not in months.

The admin console should existing-but-invalid configuration.
Configuration should be modifiable through admin console.

By reversing the order in which objects are added to the internal state,
a failure during store construction won't put the manager in a half-initialized
state.

Check if the keys in the identity store can be accessed when the identity store is
being created.

Don't initialize the admin console TLS connector when no identity store
is available (that's guaranteed to fail).
Don't log admin console startup success when there's an error.

Replaced all apostrophes with HTML-encoded entities to prevent
formatting problems.

Existing code already tried to prevent message bounces when a stanza was
sent by the server itself. This commit builds on that solution.
Also, debug logging was added for the store-and-* strategies when storage
was no longer possible as a result of quota limitations (we had a hard time
debugging this)

Made a search by distinguishedName Active Directory specific
as it is difficult to come up with a generic solution.

The problem was, that the logic stored empty chat messages, which contained a thread and chat state. The loop first checked the namespace of the thread, which was empty and therefore thought it should store it.

Previously, we had a quasi-hack of `3.11.0-alpha` as the min requirement
on these, but this release never happened.  This update moves all these
plugins to 4.0.0, which hopefully provokes less confusion.

After banning, the user is not kicked from the room. The user is added
to the ban list so they can't re-join the room or post messages, but
they are not kicked out of the room so the user can still receive messages
sent to the room.

The problem is an additional check for isMembersOnly() was only allowing users
to be kicked from members only chat rooms. Whenever a user is marked as an
outcast they should be kicked from the room regardless of if the room is a
members only room or not.

Looks like this problem was introduced in commit
822abb01

Based on the MUC spec it should be sending "outcast" on banning.

Looks like this was introduced in commit 822abb01

Denote Openfire 4.0.0 Release