By default, the MINA artifacts pull in 'bundle' instead of 'jar' dependencies. This confuses Intellij,
and likely, other tooling. This commit excludes the 'bundle' dependencies, instead relying on the
fact that all excluded dependency-dependencies are present (as first-level dependencies of the project
itself).

This commit should not introduce any functional changes, but should facilitate developers.

* Denote Openfire 4.2.0-beta

* Bump maven openfire version to 4.2.0-beta

via mvn versions:set -DnewVersion=4.2.0-beta -DartifactId=*  -DgroupId=*

and had to manually edit
 * src/plugins/jingleNodes/pom.xml
 * src/plugins/kraken/pom.xml
 * src/plugins/pom.xml
 * src/plugins/rayo/pom.xml
 * src/plugins/sip/pom.xml

* update changelog and date

* bump beta release date

Cut/paste error in removeClientRoute() caused old sessions to be
kept around.

In order to help debug this, I also added some detailing to
session-details.jsp which turned out not to be needed. But it
might prove useful/interesting.

* OF-1417 CVE-2017-15911 Fix XSS issues in host setup

* OF-1329 Prevent session fixation attack

* OF-1403 Escape group name in MUC admin

* OF-1393 Make randomString more random

* OF-1400 Escape servername field

* OF-1401 Validate SMS host and escape error message

According to XEP-0198 'h' attribute should be set to the sequence number
of the last handled stanza sent over the former stream from the client to the server

Test was looking trying to assure that English names for time units are the same as foreignin. That was causing problems while I was building Openfire and units were named in Polish (e.g. second - sekunda). (#925)

remove CRLF from *.{html,css,sql,xml,js,properties,jspf,java,jsp}

command form this time was
git ls-files  '*.jsp' | while read f; do tail -n1 $f | read -r _ || echo >> $f; done

the command line form was
find . -name '*.jsp' ! -type d -exec bash -c 'expand -i -t 4 "$0" > /tmp/e && mv /tmp/e "$0"' {} \;

all done via the magic of dos2unix

* OF-1309 Route based on DomainPairs

* Fixes found during test

* Fixes found during test II

* Fixes in plugins (Kraken)

* Update minServerVersion/version for Kraken

* Support for Roster Versioning (without send the modifications via roster pushes)

* Roster versioning comparison clearing

* Implementation Note: This empty IQ-result is different from an empty <query/> element, thus disambiguating this usage from an empty roster.

* Avoid cache miss while updating roster

When the roster is updated via group renaming, group user adding or removing, the roster pushes only happen if there is a cache hit. If there is a cache miss (what can happen if the cache is full or if the admin cleaned up the cache) the user is not properly notified about the roster update. Thus only update rosters in memory can lead to this undesired behavior.

This commit avoids the use of the cache directly (where there can be a cache miss or a cache hit). It is using the method getRoster(username) that instantiante a new Roster in the case of a cache miss.

* Clarify the code

* OF-210: Base roster version on its hashCode.

This commit removes all fields from the Roster class that do not relate to its state
(replacing them with method variables - which seems harmless, as they're all final
singletons). This allows for an easy override of Object#hashCode() and equals().
These, in turn, are used to calculate the roster version from.

* Simplified loop

* Prevent potential NPEs.

* Log exceptions for exceptions that cannot happen.

If they cannot happen, we should scream murder if they do...

* OF-210: Roster versioning enabled by default.

Simply repeated dwd's commit 73b59106 on Ubuntu Trusty (20170717~14.04.1)

When creating a new MUC room, using an invalid name (invalid JID) should not cause an ugly
stacktrace to be displayed.

On the user overview page on the admin console, the column 'last logged out' now either displays
'online' or 'never logged in before', instead of being empty.

OF-1030 prevent entry of 'any' as date to cause exception

* AvatarPlugin: Add prior-to-openfire 4.2.0. restriction

* Merged avatarResizer plugin with Openfire core (prevents OF-1145 & OF-1193)

OF-1424: Use weakly consistent impl to prevent CME.

OF-1423 Honour configuration for message size

Allow code reuse from plugins

* WIP: XEP-0198 Stream Resumption

This patch implements a first cut of XEP-0198
Stream Resumption for TCP and WebSockets.

This appears to work on (very) basic testing, but
the code is very likely to run into problems with
existing code assuming that LocalSession.getConnection()
never returns null, and similar issues.

This is likely to generate unexpected (and
possibly unhandled) NPEs.

The basic premise to the design is that
StanzaHandlers (or similar) and Connections
from the new session are re-pointed to the old
session. The old session lives on in limbo with its
conn field set to null during detachment.

I strongly suspect that bits are missing from this,
but so far...

* Fix CR/LF

* WIP

* WIP

* Close detached 198 sessions after timeout

Also:
* Quick audit of LocalSession.getConnection
* Add in guard code for LocalSession.getConnection

* CRLF

* CRLF

OF-1416: Ensure that hazelcast cache entries expire correctly

* Update JustMarriedPlugin.java

* OF-1134 - Update copied users nickname on other users rosters

* OF-1134 - Update copied users nickname on other users rosters

Updated version and changelog

* OF-1422 Check all MUCRoles to see if this is rejoin

* Handle errors and other presence better in MUC

Also refuse nickname changes on shared nicknames,
since they don't currently work.

* Crazy wRong Line-ending Fix

Use a ServletRequestAuthenticator to authenticate SiteMinder users

OF-1335 Part Two: Strip namespaces differently

Disable External Entities in plugin.xml

Openfire already uses xmpp.parser.buffer.size as
the maximum stanza size in NIO client sessions.

This change ensures that this is also used when
configuring Websocket sessions.