Detailed Information
Product Name: ServletExec/NSAPI 5.0 for SPARC Solaris
Hotfix Name: ServletExec_NSAPI_50_SPARC_Hotfix_September_2007
Created: 2007-09-05
File Size: 1.00 MB
File URL: http://downloads.newatlanta.com/servletexec/5_0/hotfixes/ServletExec_NSAPI_50_SPARC_Hotfix_September_2007.zip
Description: v5.0.0.14
Comments:
   
Release Notes
**************************************************************************
* This hotfix contains only those components that are relevant for the   *
* configuration stated below.                                            *
*                                                                        *
* Hotfixes are cummulative, so they contain all the fixes found in their *
* previous hotfix (and patch) counterparts.                              *
*                                                                        *
* Directions to apply this hotfix are at the very end of this file.      *
**************************************************************************

09.05.2007
ReleaseNotes.txt for the ServletExec NSAPI for SPARC Solaris September 2007 hotfix.

ServletExec50.jar was updated to v5.0.0.14 to fix the following bugs:

- bug #1575: ServletExec.log.1 grows without limit (in rare conditions)
- A refix of bug #2443: No error displayed when ServletExec.log fails to rollover
- bug #2569: Abandoned & Swapped sessions are never cleaned up
- bug #2653: Submitting Role-Mapping form with 20 or more rows gives ArrayIndexOutOfBoundsException
- ServletExec.getDocumentBuilder() now restores the classloader inside a finally block
- Added a more complete fix of bug #2111: ClassNotFoundException if tagclass in TLD is surrounded by whitespace
- bug #2792: Unable to configure the default request encoding
   This is now configurable by passing a System property to the JVM at JVM startup time.
   For example to change the default request encoding from 8859_1 to UTF-8:
   -Dcom.newatlanta.servletexec.request.url.encoding=UTF-8

- bug #2816: Sessions lost across a webapp restart when using JVM 1.6

==============================================================================
08.26.2006
ReleaseNotes.txt for the ServletExec NSAPI for SPARC Solaris August 2006 hotfix.

ServletExec50.jar was updated to v5.0.0.13 to fix the following bugs:

- bug #2456: StringIndexOutOfBoundsException occurs when embedded session id is truncated
- bug #2472: Mapping of webapp role to container role may be undone in rare cases
- bug #2474: SE does not enforce transport guarantee for confidential (or integral)
- bug #806:  Request parameters disappear after Form-based login
- bug #2502: ServletContext.setAttribute("name", null) causes NullPointerException

===============================================================================

05.09.2006
ReleaseNotes.txt for the ServletExec NSAPI for SPARC Solaris May 2006 hotfix.

ServletExec50.jar was updated to v5.0.0.12 to fix the following bugs:

- bug #2283: Request.getCharacterEncoding() sometimes returns null when it should not
- bug #2317: Using %2500 in the querystring causes StringIndexOutOfBoundsException
- bug #2344: Value attribute of setProperty action cannot be EL construct that
            evaluates to a non-String Object
- bug #2434: Response.encodeRedirectURL() fails to embed the session ID when
            passed an httpS url
- bug #2443: No error displayed when ServletExec.log fails to rollover

===============================================================================

12.20.2005
ReleaseNotes.txt for the ServletExec NSAPI for SPARC Solaris December 2005 hotfix.

ServletExec50.jar was updated to v5.0.0.11 to fix the following bugs:

- bug #2089: JSP won't compile when certain custom tags implement TryCatchFinally
- bug #2111: ClassNotFoundException if tagclass in TLD is surrounded by whitespace
- bug #2225: Closing 1 JDNI InitialContext instance causes subsequently
            created instances to be closed too

===============================================================================

08.16.2005
ReleaseNotes.txt for the ServletExec NSAPI for SPARC Solaris August 2005 hotfix.

ServletExec50.jar was updated to v5.0.0.10 to fix the following bugs:

- bug #2050: ClassCastException when calling
            Request.getAttribute("javax.servlet.request.key-size")
- bug #2064: Request.getRemoteUser() gives incorrect value in certain
            situations
- bug #2074: Potential security risk with the default error page for a JSP
            that is not found
- bug #2078: Attribute Listener code is not called when the session is manually
            invalidated

- Removed the fix for bug #1818 that was added in the previous hotfix.
 That bug may never have existed in the first place, and its "fix"
 was causing certain sessions to be lost across a webapp restart due to a
 failure in the session attribute deserialization process.

===============================================================================

06.07.2005
ReleaseNotes.txt for the ServletExec NSAPI for SPARC Solaris June 2005 hotfix.

ServletExec50.jar was updated to v5.0.0.09 to fix the following bugs:

- bug #1813: Using '-' character in a taglib prefix causes the JSP compile
             to fail
- bug #1818: Unable to load classes whose Class.getName() is of the
             form "[L<classname>;"
- bug #1824: unicode strings longer than 64k may be broken in the middle of a
             unicode character 
- bug #1833: ServletContext.getResourcePaths() throws NullPointerException
             when passed a nonexistent path 
- bug #1870: NullPointerException occurs when response.setHeader("val", null)
- bug #1921: Custom tags that use a full closing tag as in <a:b></a:b> should
             be treated the same as those that don't as in <a:b/>
- bug #1926: Webapp custom classloader does not make use of JAR index
             (INDEX.LIST) if present

             This new feature can improve classloader performance (webapp
             initialization & execution) for the following cases:

             1. when loading a class that's inside a webapp, for the 1st time
                (classes have always been cached after the first load)
             2. when loading a resource via getResourceAsStream()
                (resources have never been cached by SE)

             To use this feature:
             a. Utilize the -i option of the jar tool to generate a Jar Index
                for as many JARs (in WEB-INF/lib) as you wish
                (multiple INDEX.LIST files can be used).
             b. Pass an init parameter named
                com.newatlanta.servletexec.useJarIndex
                to your webapp with a value of true.
                A JVM System Property by the same name could also be used
                to enable this globally for all webapps.
             c. See http://java.sun.com/j2se/1.5.0/docs/guide/jar/jar.html
                for more information about the JAR Index mechanism.

- bug #1987: Custom tag attribute validation is not enforced for nested tags

- Also fixed a NullPointerException introduced by the bugfix for bug #785:
  "With SE AS, ServletContext.getServerInfo() can sometimes return
  wrong webserver info". This would only occur in the rare case that a servlet
  running inside SE AS causes response headers to be sent to the client
  while running inside it's own privately spawned thread.

The native .so was updated to v5.0.0.09, simply to avoid confusion.

ServletExecAdmin.jar was simply carried over (unchanged) from the
previous hotfix.

===============================================================================

12.21.2004
ReleaseNotes.txt for the ServletExec NSAPI for SPARC Solaris December 2004 hotfix.
ServletExec v5.0.0.08

ServletExec.jar was updated to fix the following bug:
- bug #1624: No error displayed when admin GUI changes fail to be written to web.xml

ServletExecAdmin.jar was updated to fix the following bug:
- bug #1520: The Admin UI should list virtual servers alphabetically

The native .so was was updated to fix the following bug:
- bug #1513: If VMSettings.pref is not read correctly by ServletExec,
             defaults are used and no visible error is displayed.

===============================================================

10.11.2004
ReleaseNotes.txt for the ServletExec NSAPI for SPARC Solaris October 2004 hotfix.
ServletExec v5.0.0.07

This hotfix contains only those components which are relevant for SE NSAPI on SPARC Solaris.
Hotfixes are cummulative, so they contain all the fixes found in their
previous counterparts.

This patch includes an updated ServletExec50.jar file which includes the following changes/bugfixes:

- bug #0193: HttpServletRequest.getRemoteUser() returns null when NTLM/IWA Authentication is used
- bug #1391: Custom classloader is not as optimized as it could be 
- bug #1430: Character encoding not being honored for the body of a custom tag
- bug #1438: Webserver default pages not found if default-app deployed without welcome files
             [introduced by the fix for bug #1075 in p03]
- bug #1440: No error occurs if a non DataSource class is configured as a DataSource
- bug #1441: Datasource disappears from Admin UI if datasources.xml uses empty body tags
- bug #1442: Datasource properties disappear from admin UI if an invalid value is specified in datasources.xml

ServletExecNSAPI.so fixes the following bugs:

- bug #1429: SSI does not work with ServletExec installed
- bug #1455: SE NSAPI sometimes logs IOException Error writing Response Header: -3 

===============================================================

Here is a history of the SE 5.0 bugs that were fixed in
previous 5.0 "patches", and whose fixes are included
in all 5.0 hotfixes (based upon configuration):

from p06
--------
- bug #606: Updating monitor threads refresh interval causes null ptr exception
  This bug also occurs with the Monitor Requests and Monitor Sessions page.
  This patch fixes it for those pages as well.

- The SE Admin UI no longer throws a NullPointerException when it encounters:
  bug #806: "Request parameters disappear after Form-based login"
  (Note: This is NOT a fix for that bug)

- bug #1307: 404 is sometimes returned when request for a static file uses a querystring

an updated version of ServletExec_Adapter.dllIIS32bit which fixes the following IIS-specific bug:

- bug #1292: A single SE AS adapter only allows up to 100 SE AS Java instances

This patch includes updated native adapters for SE AS which address the following bugs:

- bug #1334: Graceful shutdown of SE AS instance can sometimes cause high CPU usage by native adapter
             (bug #1334 may occur with Apache 1.3.x, IIS, or iPlanet, but not with Apache 2)

- bug #1347: An invalid request URI can sometimes cause the webserver to crash

from p05
--------
- bug #1139: request.setAttribute("attName", null) does not remove the attribute
- bug #1149: Using ';' character in querystring gives 404
- bug #1185: Includes fail when filter is invoked

and updated versions of ServletExec_ISAPI.dll & ServletExec_NSAPI.dll
which fix the following bug:

 - bug #1212: Java VM Hotspot Error occurs during Windows XP shutdown 

This patch also includes updated native adapters for Apache 1 & Apache 2
(all supported platforms).
These updated adapters add a new feature in which the name of the SE instance
to which the request is to be routed is stored in apache's request notes table.
This allows the option of using Apache's mod_log_config() to log the SE
instance name that serviced a request, on a per-request basis.
Search the mod_servletexec.c source file for the SE_INSTANCE_NAME_KEY
for comments in the code which provide more information.

from p04
--------
This patch includes updated native adapters for SE AS which address the
following bug:

 - A refix of bug #1099: Native adapter can sometimes fail to read all
                         response data

 - bug #1108: Socket pool configuration settings are ignored when Apache 2 is
              running in multi-threaded mode

from p03
--------
This patch contains patched versions of both native and Java components.
The Java component is ServletExec50.jar, and is for use with all configurations
of ServletExec.

ServletExec50.jar adds fixes for the following bug(s):

 - bug #1075: IIS 6 unable to serve static content for welcome file requests
              to certain webapps
 - bug #1087: 'data already sent to client' error occurs if an errorPage is
              used and an exception occurs after an include

ServletExecAdmin.jar is the same one that came with patch #2

Bug fixes in various native 5.0 adapters include:
 
 - bug #1038: SE installer displays failed to configure filter message
 - bug #1071: Unable to use uppercase letters in hostnames specified in
              adapter configuration file
 - bug #1075: IIS 6 unable to serve static content for welcome file requests
              to certain webapps
 - bug #1095: SE AS performs slowly on IIS 6  
 - bug #1096: Adapter connection/socket pooling code should be more defensive
 - bug #1099: Native adapter can sometimes fail to read all response data

from p02
--------
This patch contains patched versions of both native and Java components.
The Java components are ServletExec50.jar (patch level 2) and 
ServletExecAdmin.jar. Both Java components are patches for all configurations
of ServletExec.

ServletExec50.jar adds fixes for the following bug(s):
 - bug #874: Sometimes session is not found with MacOS browsers  
 - bug #885: Class.getPackage() returns null  
 - bug #891: Request for header with no user-agent throws a null pointer
             exception    
 - bug #902: ClassCastException is thrown from JSP in rare cases
 - bug #910: SE admin UI does not indicate the patch level of the ServletExec
             JAR file 
 - bug #924: Java Server Faces - JSFbeta - a NullPointerException is thrown
             when running guessNumber.war example
 - bug #959: Synchronized JSP or Servlet code can cause JVM-wide blocking
             (or be blocked) in rare cases
 - bug #966: The Response wrapper from a filter is ignored when SE returns the
             default 404 response
 - bug #967: Multiple doc roots not being recognized  


ServletExecAdmin.jar fixes the following bug(s):
 - bug #910: SE admin UI does not indicate the patch level of the ServletExec JAR file
 - bug #971: Add webapp page of SE AS admin UI incorrectly says that webadapter.properties requires manual update

Note: If you update your ServletExecAdmin.jar then you must also update your
     ServletExec50.jar

The native components are at patch level 1 (since they are the first
patch to those components in 5.0), and their use does NOT apply to all
configurations. In other words, each native component applies to only
one OS/Web Server combination.
Consult the SE 5.0 Installation Guide in order to learn which native component
your SE installation uses and where it resides.

The patched native components include:

For Windows:

 ServletExec_Adapter.dll.IIS32bit
 ServletExec_Adapter.dll.IIS64bit
 ServletExec_Adapter.dll.SUNONE
 ApacheModuleServletExec.dll.APACHE1.3.x
 ApacheModuleServletExec.dll.APACHE2.x

For Unix:
 ServletExec_Adapter.so.SUNONE_SPARC
 ServletExec_Adapter.so.SUNONE_LINUX
 ServletExec_Adapter.so.SUNONE_HP-UX
 ServletExec_Adapter.so.SUNONE_AIX
 mod_servletexec.c  (for apache 1.3.x on Unix)
 mod_servletexec2.c (for apache 2.x on Unix)

The IIS and iWS/SunONE adapters include fixes for bugs #886 & #929
The Apache adapters include fixes for bugs #886, #956, & #958

Here is more information about the bugs fixed in the native adapters:
 
 - bug #886: A single SE AS adapter only allows up to 50 SE AS Java instances
 - bug #929: Adapter may sometimes use an outdated alias cache more than once  
 - bug #956: Unable to Post more than 48k to a servlet running behind Apache 2 
 - bug #958: Protocol between Apache2 se-adapter & se-java may fail (NEVER reported or reproduced)

from p01
--------
- bug #813: Filters can't redirect or setStatus if requested resource does
            not exist and 404 mapping exists
- bug #814: Response status code is not set correctly for Error Page mappings
- bug #815: Requests for /WEB-INF or /META-INF resources return 403 status code
- bug #822: If servlet set to load-on-startup throws error no subsequent app's
            servlets are executed. (actually this bug had already been fixed
            in the unpatched SE 5.0 final, and so should not have been
            mentioned in this list).
- bug #823: Outdated XML parser in webapp prevents successful deployment
- bug #826: ejb-ref classes not found unless in the main SE classpath
- bug #850: Incorrect classloader used when invoking error pages mapped to
            status codes       

===============================================================

How to apply any SE hotfix
--------------------------
Generally this involves:

1. Stopping SE and the webserver
2. Renaming the component to be hotfixed
3. Putting the hotfixed component in place of the un-hotfixed component
   (giving it the original name of the un-hotfixed component)

The specifics of doing this can vary based on which component you are updating.
Consult the ServletExec 5.0 Installation Guide to learn which components were
installed with your configuration of ServletExec and where those components
reside, so that you will be able to hotfix them if hotfixed versions were
provided in this hotfix.

- ServletExecXX.jar can typically be found in the
  <ServletExec Install Directory>/lib/ directory.