OF-1373: Wait until file modifications are complete.

OF-546: Exclude MINA bundles

The logic here was wrong, but trying to handle SCRAM when we
could read the password, or there was native support. However,
the existing SCRAM code doesn't perform any fallback - instead
that's left to the AuthProviders themselves to implement.

So the new logic just assumes that an AuthProvider which can
provide that fallback will advertise it. If we later make this
support generic, it can go into the AuthFactory level.

This commit prevents file changes from being applied while the file is still being modified.

* OF-1437 Try to stop sessions having their routes removed

This patch adds a lot of debug logging, plus stops the
console NPE'ing when you try to view a detached session.

It also detaches a session before trying to reattach it, to
avoid it being unrouted when the connection is closed.

* OF-1437 Address comments from Guus

* Don't use toString() in debug logging statements.
* Debug log previd and h values.

This prevents errors (caused by the extensionHandlers to still be in 'running' state) when
restarting the HttpBindManager.

By default, the MINA artifacts pull in 'bundle' instead of 'jar' dependencies. This confuses Intellij,
and likely, other tooling. This commit excludes the 'bundle' dependencies, instead relying on the
fact that all excluded dependency-dependencies are present (as first-level dependencies of the project
itself).

This commit should not introduce any functional changes, but should facilitate developers.

OF-1431 Add null safety on packet.getType()

replace old community links with discourse equiv

* Denote Openfire 4.2.0-beta

* Bump maven openfire version to 4.2.0-beta

via mvn versions:set -DnewVersion=4.2.0-beta -DartifactId=*  -DgroupId=*

and had to manually edit
 * src/plugins/jingleNodes/pom.xml
 * src/plugins/kraken/pom.xml
 * src/plugins/pom.xml
 * src/plugins/rayo/pom.xml
 * src/plugins/sip/pom.xml

* update changelog and date

* bump beta release date

Cut/paste error in removeClientRoute() caused old sessions to be
kept around.

In order to help debug this, I also added some detailing to
session-details.jsp which turned out not to be needed. But it
might prove useful/interesting.

* OF-1417 CVE-2017-15911 Fix XSS issues in host setup

* OF-1329 Prevent session fixation attack

* OF-1403 Escape group name in MUC admin

* OF-1393 Make randomString more random

* OF-1400 Escape servername field

* OF-1401 Validate SMS host and escape error message

According to XEP-0198 'h' attribute should be set to the sequence number
of the last handled stanza sent over the former stream from the client to the server

Test was looking trying to assure that English names for time units are the same as foreignin. That was causing problems while I was building Openfire and units were named in Polish (e.g. second - sekunda). (#925)

remove CRLF from *.{html,css,sql,xml,js,properties,jspf,java,jsp}

command form this time was
git ls-files  '*.jsp' | while read f; do tail -n1 $f | read -r _ || echo >> $f; done

the command line form was
find . -name '*.jsp' ! -type d -exec bash -c 'expand -i -t 4 "$0" > /tmp/e && mv /tmp/e "$0"' {} \;

all done via the magic of dos2unix

* OF-1309 Route based on DomainPairs

* Fixes found during test

* Fixes found during test II

* Fixes in plugins (Kraken)

* Update minServerVersion/version for Kraken

* Support for Roster Versioning (without send the modifications via roster pushes)

* Roster versioning comparison clearing

* Implementation Note: This empty IQ-result is different from an empty <query/> element, thus disambiguating this usage from an empty roster.

* Avoid cache miss while updating roster

When the roster is updated via group renaming, group user adding or removing, the roster pushes only happen if there is a cache hit. If there is a cache miss (what can happen if the cache is full or if the admin cleaned up the cache) the user is not properly notified about the roster update. Thus only update rosters in memory can lead to this undesired behavior.

This commit avoids the use of the cache directly (where there can be a cache miss or a cache hit). It is using the method getRoster(username) that instantiante a new Roster in the case of a cache miss.

* Clarify the code

* OF-210: Base roster version on its hashCode.

This commit removes all fields from the Roster class that do not relate to its state
(replacing them with method variables - which seems harmless, as they're all final
singletons). This allows for an easy override of Object#hashCode() and equals().
These, in turn, are used to calculate the roster version from.

* Simplified loop

* Prevent potential NPEs.

* Log exceptions for exceptions that cannot happen.

If they cannot happen, we should scream murder if they do...

* OF-210: Roster versioning enabled by default.

Simply repeated dwd's commit 73b59106 on Ubuntu Trusty (20170717~14.04.1)

When creating a new MUC room, using an invalid name (invalid JID) should not cause an ugly
stacktrace to be displayed.

On the user overview page on the admin console, the column 'last logged out' now either displays
'online' or 'never logged in before', instead of being empty.

OF-1030 prevent entry of 'any' as date to cause exception

* AvatarPlugin: Add prior-to-openfire 4.2.0. restriction

* Merged avatarResizer plugin with Openfire core (prevents OF-1145 & OF-1193)

OF-1424: Use weakly consistent impl to prevent CME.

OF-1423 Honour configuration for message size

Allow code reuse from plugins

* WIP: XEP-0198 Stream Resumption

This patch implements a first cut of XEP-0198
Stream Resumption for TCP and WebSockets.

This appears to work on (very) basic testing, but
the code is very likely to run into problems with
existing code assuming that LocalSession.getConnection()
never returns null, and similar issues.

This is likely to generate unexpected (and
possibly unhandled) NPEs.

The basic premise to the design is that
StanzaHandlers (or similar) and Connections
from the new session are re-pointed to the old
session. The old session lives on in limbo with its
conn field set to null during detachment.

I strongly suspect that bits are missing from this,
but so far...

* Fix CR/LF

* WIP

* WIP

* Close detached 198 sessions after timeout

Also:
* Quick audit of LocalSession.getConnection
* Add in guard code for LocalSession.getConnection

* CRLF

* CRLF