Skip navigation
All Places > Ignite Realtime Blog > 2016 > November
2016
wroot

Spark 2.8.2 Released

Posted by wroot Champion Nov 25, 2016

The Ignite Realtime community has just released Spark 2.8.2 and it can be downloaded from Ignite Realtime: Downloads .

 

This is a regular update. But there is a change, which can affect new users. "Accept all certificates" option on the Adanced menu on the Login screen won't be enabled by default for new users from now on. This option makes Spark automatically accept expired, self-signed and other incorrect TLS certificates. Which makes it less secure. If you are using self-signed certificates, your new users will have to enable this option manually (once). Or you can add this option to a preconfigured spark.properties file, if you distribute it to new users. Old users won't be affected by this (those upgrading straight from 2.7 version will still be affected). We encourage server admins to use certificates from trusted authorities (e.g. Let's Encrypt). This version also includes 4.1.9 update for Smack, which has a fix for a critical security vulnerability.

 

UPDATE (2016/11/29): it looks like Spark is not saving settings on Advanced menu, if a user has never opened it. For such users "Accept all certificates" setting will be disabled after updating to 2.8.2 from any version. They will have to go to Advanced menu and enable it, if they encounter "Unable to verify a certificate" error.

 

Those who are using Client Control plugin will have to update it to version 2.1.0 as Spark 2.8.2 is already modified to work with that version and it will miss many menus and checkboxes if being used with an older version of that plugin. 2.1.0 version requires Openfire 4.0.0 at least. If you are using older version of Openfire and want to keep using Client Control, you might want to hold of updating to Spark 2.8.2.

 

We also would like to mention SparkMeet plugin provided by our long time contributor Dele Olajide. Hopefully we will find a way to bundle this plugin with Spark or provide other options to use it. You can also vote here and tell what you think about it. Initial commit is done and its in Spark's source code sparkmeet plugin - initial release by deleolajide · Pull Request #253 · igniterealtime/Spark · GitHub.

 

For a complete list of changes please check Spark Changelog

 

As usually we encourage new developers to join Spark project and provide patches. Those familiar with Smack can join the development easier, as we are now using the latest stable version (4.1.9). Patches can be attached in the forums or submitted as PRs on GitHub.

 

Here are the contributors to this release (besides myself):

freeseawind · GitHub  contributed new skin for Spark - LittleLuck

Alexander198961 (Aleksander Kovtunenko) · GitHub  fixed the issue with Spark freezing on exit because of a faulty plugin

Michael  added more settings to default.properties and Client Control plugin, fixed showing of an empty Unfiled group and a few other issues

Martini26  updated Polish translation

speedy  fixed an issue with systray icon switching to regular one when it should be DND or Away and a few issues with invisible mode

nicoben (Nico Ben) · GitHub  updated Italian translation

 

Here are sha1 checksums for the downloads:

7a45319a723368b6c830a1c1a7287fb207140b4f spark_2_8_2.dmg

dd9c533868d42fc0ef651d544f463ff1fba5d21c  spark_2_8_2.exe

fb324011e7f1a61b5e793b2c6b1778306bf19102  spark_2_8_2_online.exe

20dbc5940a450ab3176f1dcf4d4dfd01f90b4b06  spark_2_8_2.tar.gz

813e110f6715f7f72af28e2ee90ed2bd9fa11005  spark-2.8.2.rpm

1409189a0877a203ef3fe16410a520056fe214d7  spark-2.8.2.src.rpm

565ff2947b4cca69f73f6818f18d49571db6bf78  spark_2.8.2.deb

A critical security vulnerability has been found in Smack. Please upgrade immediately to Smack 4.1.9. Like all Smack releases with the same major and minor version numbers, 4.1.9 is a drop in replacement for all Smack 4.1 releases. Smack 4.1.9 is available on Maven Central.

 

The Ignite Realtime community would like to thank Sylvain Sarméjeanne for discovering and reporting the vulnerability to security@igniterealtime.org.

Filter Blog

By date: By tag: