In the current read scheme for Openfire, it is possible that due
to variable width encoding that we sometimes only create a
string with a partial character.

This breaks the message text and causes encoding issues when read.

This change modifies the way the characters are
read to use an bytearrayoutputstream and
only do the string conversion once.

Since we only do the string creation once after the full
buffer is read, we no longer have encoding
issues with broken unicode characters.

In #routeToComponent, it is first checked if the component is being hosted in the local JVM. If it was not found, then all nodes in the ComponentsCache are checked to find if the component is hosted by one of those. In this process, the local routing table is again searched for the component, because it may have been added after the previous check. However, after this search, there is no null check done for the searched route. This results in an NPE when the component was not found locally and the #process(packet) method is called on the object. 

This also prevents the code from searching other nodes that may have been in the nodes set. Added a null check to prevent this scenario.

See XEP-0016, example 50.

Patch submitted by community member lukzie.

This commit moves jetty 9.2.9 to 9.2.14, which currently is the
latest release of it 9.2 branch.

Conflicts:
	build/lib/versions.txt

Ensure cluster listener is properly initialized (and destroyed).

The unmodifiable collection in the original code is not immutable: when
the original collection is modified, this is reflected (which can cause
problems in iterators created from the unmodifiable collection). This
commit creates a new collection to prevent this from happening.

Conflicts:
	src/java/org/jivesoftware/openfire/keystore/IdentityStore.java

IdentityStore.addSelfSignedDomainCertificate considers the certificate
validity in days, not in months.

The admin console should existing-but-invalid configuration.
Configuration should be modifiable through admin console.

By reversing the order in which objects are added to the internal state,
a failure during store construction won't put the manager in a half-initialized
state.

Check if the keys in the identity store can be accessed when the identity store is
being created.

Don't initialize the admin console TLS connector when no identity store
is available (that's guaranteed to fail).
Don't log admin console startup success when there's an error.

Replaced all apostrophes with HTML-encoded entities to prevent
formatting problems.

Existing code already tried to prevent message bounces when a stanza was
sent by the server itself. This commit builds on that solution.
Also, debug logging was added for the store-and-* strategies when storage
was no longer possible as a result of quota limitations (we had a hard time
debugging this)

Made a search by distinguishedName Active Directory specific
as it is difficult to come up with a generic solution.

The problem was, that the logic stored empty chat messages, which contained a thread and chat state. The loop first checked the namespace of the thread, which was empty and therefore thought it should store it.

Previously, we had a quasi-hack of `3.11.0-alpha` as the min requirement
on these, but this release never happened.  This update moves all these
plugins to 4.0.0, which hopefully provokes less confusion.

After banning, the user is not kicked from the room. The user is added
to the ban list so they can't re-join the room or post messages, but
they are not kicked out of the room so the user can still receive messages
sent to the room.

The problem is an additional check for isMembersOnly() was only allowing users
to be kicked from members only chat rooms. Whenever a user is marked as an
outcast they should be kicked from the room regardless of if the room is a
members only room or not.

Looks like this problem was introduced in commit
822abb01

Based on the MUC spec it should be sending "outcast" on banning.

Looks like this was introduced in commit 822abb01

Denote Openfire 4.0.0 Release

OF-454 Reflect presence to originator

Only use SSLv2Hello for client-mode