ServletExec 6.0a (3.12.2008)
----------------------------
Updated Windows Installers for both SE ISAPI and SE AS. These 2 new installers address a variation of
- bug #2131: SE Installer does not correctly detect the bitness of the IIS webserver
The installer names are:
ServletExec_ISAPI_60a.exe
-and-
ServletExec_AS_60a.exe
The product components that they install are identical to those installed
by the ServletExec 6.0 final installers.
ServletExec 6.0 (11.30.2007)
----------------------------
Bug Fixes (General):
- bug #1277: Invalid username or password error if password uses non-alphanumeric characters
- bug #1876: Installer dialog for admin username/password is not clear
- expanded/modified fix for bug #2074: Potential security risk with the default error page for a JSP that is not found.
(The physical filepath is no longer displayed in the browser)
- bug #2945: Unix installer does not honor user:pass specified at install-time
- bug #2948: Windows AS installer does not look for Apache 2.2.x
- bug #2949: Windows AS installer does not find 64-bit JVMs
- bug #2953: SE ISAPI allows multiple JVMs to be loaded with IIS 6 causing stability problems
- bug #2954: getServletContext().getServerInfo() lacks version number of IIS (SE ISAPI only)
- bug #2955: SE ISAPI unable to load JVM 1.6 on Win Vista or Win 2003
ServletExec 6.0b1 (8/27/2007)
-----------------------------
New Features:
- Servlet API 2.5
- JSP API 2.1 (including Unified EL)
- JSTL 1.2
- JSF 1.2
- JavaMail 1.4
- JAX-WS 2.0 Web Services
- IPv6 addressing
- 64-bit support (x64) AMD64/INTEL64
Other Changes:
- Java 1.5/5.0 is now the minimum supported version of Java (this is
mandated by the Servlet 2.5 Spec.)
- Added support for Apache 2.2.x
- Native 64-bit support on AMD64/Intel64 CPUs in the following configurations:
* ServletExec ISAPI
* ServletExec AS (running behind IIS)
* ServletExec AS (running behind Apache on Unix/Linux only)
- Webapp Classloader (which has always cached classes, once loaded) will now also
cache Resources (.properties files for example) by default.
When a servlet or JSP running inside ServletExec uses Classloader.getResource(),
or Classloader.getResourceAsStream(), the returned URL or InputStream objects (respectively)
will now be cached versions whenever possible. This will improve performance for applications
that rely heavily on these calls, but which don't do the caching themselves.
The caching of resources can be turned off by passing an init parameter named
com.newatlanta.servletexec.cacheResources
to your webapp with a value of false.
A JVM System Property by the same name could also be used to disable this globally for all webapps.
- Many SE Admin UI pages now display their table rows in alphabetical order, and
allow ascending/descending sort by clicking on column headers.
- The "Manage Web Applications" page of the SE admin UI now presents a new column
which shows the context path for each webapp. If an app defines a welcome file,
then it's context path is a clickable link to the top-level welcome file of the app.
- Addition of an "Automatic" setting for ServletExec Extensions. This is now the
default setting. The result is that if a webapp's web.xml contains ServletExec Extensions
then ServletExec will Automatically honor them (unless SE Extensions are specifically disabled on the SE Admin UI).
Note that apps whose web.xml do NOT contain any SE Extensions will continue to be treated as
they have in the past (i.e. no SE Extensions will be enabled).
This feature makes the use of the SE Extensions feature easier for those who are already using it.
- Added a GlobalClassLoader which is only used when the following JVM System Property is set at JVM
startup time:
-Djava.system.class.loader=com.newatlanta.servletexec.GlobalClassLoader
This loader caches resources (as well as classes) globally (i.e. for all webapps) which can improve
performance of code that relies heavily on resource/.properties files but which does not cache such
resources. In addition, this loader will use the value of the JVM System Property named "java.class.path"
(i.e. the main JVM Classpath) to make a list of all the JARs listed there. This loader will then "favor"
those JARs over all other paths listed in the JVM's main classpath, by looking in those JARs first when
looking for a class or resource. And if any of those JARs have been indexed, then this loader will use the
index to locate the class or resource in a potentially more efficient manner.
Depending on what your applications do, how they do it, and when they do it (i.e. at webapp init time for example),
then the use of this loader could potentially result in faster startups or webapp (or JVM) reloads.
You'd need to do your own testing (with your own webapps) to learn the impact of using this loader in your own environment.
Bug Fixes (General):
- bug #2901: default-app for new SE Virtual Servers does not list any External Libraries
- bug #2900: Some pref files remain after removing or renaming an SE Virtual Server
- bug #2485: javax.servlet.forward Request attributes not set when container forwards to configured error handler
- bug #2502: ServletContext.setAttribute("name", null) causes NPE
- bug #1575: ServletExec.log.1 grows without limit
- bug #2443 (refix): No error displayed when ServletExec.log fails to rollover
- bug #2500: Response body is left in the buffer when content length is set to zero
- bug #2111 (refix): ClassNotFoundException if tagclass in TLD is
surrounded by whitespace
- bug #2744: NoSuchElementException when accessing client-cert
protected resource and no app roles defined
- bug #2745: Username not extracted from client-cert properly
- bug #2792: Unable to configure the default request encoding
This is now configurable by passing a System property to
the JVM at JVM startup time.
For example to change the default request encoding from 8859_1 to UTF-8:
-Dcom.newatlanta.servletexec.request.url.encoding=UTF-8
Now calls to request.getParameter() will return UTF-8 encoded Strings.
NOTE that *both* the parameter names & parameter values will have the same
encoding so in the above example, the String you pass to getParameter() must be
encoded using UTF8.
- bug #2816: Sessions lost across a webapp restart when using JVM 1.6
- bug #2936: response.sendRedirect("mailto:x@y.z") causes 404
- bug #2922: Error Page mapping silently fails if Location lacks a leading slash
- bug #1952: SE installer - slow performance on Windows 2003 - IIS 6
- bug #1090: Installer unable to stop IIS admin service if NNTP service is running
- bug #1876: Installer dialog for admin username/password is not clear
Bug Fixes (Admin):
- bug #2714: ServletExec Admin UI does not support IPv6
ServletExec 5.0.0.13 (8/24/2006)
--------------------------------
New Features:
- This version includes updated native adapters for Apache 1 & Apache 2 (all supported platforms).
These updated adapters add a new feature in which the name of the SE instance
to which the request is to be routed is stored in apache's request notes table.
This allows the option of using Apache's mod_log_config() to log the SE
instance name that serviced a request, on a per-request basis.
Search the mod_servletexec.c source file for the SE_INSTANCE_NAME_KEY
for comments in the code which provide more information.
Bug Fixes (General):
- bug #2456: StringIndexOutOfBoundsException occurs when embedded session id is truncated
- bug #2472: Mapping of webapp role to container role may be undone in rare cases
- bug #2474: SE does not enforce transport guarantee for confidential (or integral)
- bug #2483: SE AS instance on 64-bit windows won't startup
- bug #806: Request parameters disappear after Form-based login
- bug #2502: ServletContext.setAttribute("name", null) causes NullPointerException
- bug #2283: Request.getCharacterEncoding() sometimes returns null when it should not
- bug #2317: Using %2500 in the querystring causes StringIndexOutOfBoundsException
- bug #2434: Response.encodeRedirectURL() fails to embed the session ID when passed an httpS url
- bug #2443: No error displayed when ServletExec.log fails to rollover
- bug #2225: Closing 1 JDNI InitialContext instance causes subsequently created instances to be closed too
- bug #2050: ClassCastException when calling Request.getAttribute("javax.servlet.request.key-size")
- bug #2064: Request.getRemoteUser() gives incorrect value in certain situations
- bug #2078: Attribute Listener code is not called when the session is manually invalidated
- bug #1833: ServletContext.getResourcePaths() throws NullPointerException when passed a nonexistent path
- bug #1870: NullPointerException occurs when response.setHeader("val", null)
- bug #1926: Webapp custom classloader does not make use of JAR index
(INDEX.LIST) if present
This new feature can improve classloader performance (webapp
initialization & execution) for the following cases:
1. when loading a class that's inside a webapp, for the 1st time
(classes have always been cached after the first load)
2. when loading a resource via getResourceAsStream()
(resources have never been cached by SE)
To use this feature:
a. Utilize the -i option of the jar tool to generate a Jar Index
for as many JARs (in WEB-INF/lib) as you wish
(multiple INDEX.LIST files can be used).
b. Pass an init parameter named
com.newatlanta.servletexec.useJarIndex
to your webapp with a value of true.
A JVM System Property by the same name could also be used
to enable this globally for all webapps.
c. See http://java.sun.com/j2se/1.5.0/docs/guide/jar/jar.html
for more information about the JAR Index mechanism.
- bug #0193: HttpServletRequest.getRemoteUser() returns null when NTLM/IWA Authentication is used
- bug #1391: Custom classloader is not as optimized as it could be
- bug #1438: Webserver default pages not found if default-app deployed without welcome files
[introduced by the fix for bug #1075 in p03]
- bug #1307: 404 is sometimes returned when request for a static file uses a querystring
- bug #1139: request.setAttribute("attName", null) does not remove the attribute
- bug #1149: Using ';' character in querystring gives 404
- bug #1185: Includes fail when filter is invoked
- bug #1212: Java VM Hotspot Error occurs during Windows XP shutdown
- bug #1075: IIS 6 unable to serve static content for welcome file requests
to certain webapps
- bug #1087: 'data already sent to client' error occurs if an errorPage is
used and an exception occurs after an include
- bug #1038: SE installer displays failed to configure filter message
- bug #1075: IIS 6 unable to serve static content for welcome file requests
to certain webapps
- bug #874: Sometimes session is not found with MacOS browsers
- bug #885: Class.getPackage() returns null
- bug #891: Request for header with no user-agent throws a null pointer exception
- bug #924: Java Server Faces - JSFbeta - a NullPointerException is thrown
when running guessNumber.war example
- bug #959: Synchronized JSP or Servlet code can cause JVM-wide blocking
(or be blocked) in rare cases
- bug #966: The Response wrapper from a filter is ignored when SE returns the
default 404 response
- bug #967: Multiple doc roots not being recognized
- bug #813: Filters can't redirect or setStatus if requested resource does
not exist and 404 mapping exists
- bug #814: Response status code is not set correctly for Error Page mappings
- bug #815: Requests for /WEB-INF or /META-INF resources return 403 status code
- bug #822: If servlet set to load-on-startup throws error no subsequent app's
servlets are executed. (actually this bug had already been fixed
in the unpatched SE 5.0 final, and so should not have been
mentioned in this list).
- bug #823: Outdated XML parser in webapp prevents successful deployment
- bug #826: ejb-ref classes not found unless in the main SE classpath
- bug #850: Incorrect classloader used when invoking error pages mapped to status codes
Bug Fixes (Admin):
- bug #1624: No error displayed when admin GUI changes fail to be written to web.xml
- bug #1520: The Admin UI should list virtual servers alphabetically
- bug #1440: No error occurs if a non DataSource class is configured as a DataSource
- bug #1441: Datasource disappears from Admin UI if datasources.xml uses empty body tags
- bug #1442: Datasource properties disappear from admin UI if an invalid value is specified in datasources.xml
- bug #606: Updating monitor threads refresh interval causes null ptr exception
- The SE Admin UI no longer throws a NullPointerException when it encounters:
bug #806: "Request parameters disappear after Form-based login"
(Note: This is NOT a fix for that bug)
- bug #910: SE admin UI does not indicate the patch level of the ServletExec JAR file
- bug #971: Add webapp page of SE AS admin UI incorrectly says that webadapter.properties requires manual update
Bug Fixes (ServletExec AS Specific):
- bug #1959: A stopped SE AS instance can delay requests
NOTE: webadapter.properties must contain the following line to get behavior that fixes bug #1959:
servletexec.multiInstanceMode=enabled
- bug #1149: Using ';' character in querystring gives 404
- bug #1292: A single SE AS adapter only allows up to 100 SE AS Java instances
- bug #1334: Graceful shutdown of SE AS instance can sometimes cause high CPU usage by native adapter
(bug #1334 may occur with Apache 1.3.x, IIS, or iPlanet, but not with Apache 2)
- bug #1347: An invalid request URI can sometimes cause the webserver to crash
- bug #1108: Socket pool configuration settings are ignored when Apache 2 is
running in multi-threaded mode
- bug #1071: Unable to use uppercase letters in hostnames specified in
adapter configuration file
- bug #1095: SE AS performs slowly on IIS 6
- bug #1096: Adapter connection/socket pooling code should be more defensive
- bug #1099: Native adapter can sometimes fail to read all response data
- bug #886: A single SE AS adapter only allows up to 50 SE AS Java instances
- bug #929: Adapter may sometimes use an outdated alias cache more than once
- bug #956: Unable to Post more than 48k to a servlet running behind Apache 2
- bug #958: Protocol between Apache2 se-adapter & se-java may fail (NEVER reported or reproduced)
Bug Fixes (JSP Specific):
- bug #2344: Value attribute of setProperty action cannot be EL construct that
evaluates to a non-String Object
- bug #2089: JSP won't compile when certain custom tags implement TryCatchFinally
- bug #2111: ClassNotFoundException if tagclass in TLD is surrounded by whitespace
- bug #2074: Potential security risk with the default error page for a JSP that is not found
- bug #1813: Using '-' character in a taglib prefix causes the JSP compile to fail
- bug #1824: unicode strings longer than 64k may be broken in the middle of a unicode character
- bug #1921: Custom tags that use a full closing tag as in should
be treated the same as those that don't as in
- bug #1987: Custom tag attribute validation is not enforced for nested tags
- bug #1430: Character encoding not being honored for the body of a custom tag
- bug #902: ClassCastException is thrown from JSP in rare cases
Bug Fixes (ServletExec AS Specific - Unix only):
- bug #2245: AS installer on Unix adds built-in webserver entries to webadapter.properties
- bug #2246: AS installer on Unix fails to create security.xml
- bug #2417: ServletExec AS on Unix won't install or run with JVM 1.5
- bug #2425: AS installer on Unix fails to honor port choice for built-in webserver
- bug #2428: AS installer on Unix outputs error message when installing adapter only
- bug #2247: AS installer on Unix fails to build native adapter when a built-in webserver
instance exists
- bug #2426: AS installer on Unix requires a webserver
- bug #2430: AS installer on Unix requires 1st installed ASI to be non built-in,
if adapter is ever desired
ServletExec 5.0 (10/13/03)
--------------------------
Bug Fixes (General):
- A servlet invoked by a request dispatcher include call can set response headers (bug #121)
- License key rejected when it contains blank spaces at the end (bug #709)
- Request events are not processed properly when forwarding to a different context (bug #788)
- A request attr removed event is sometimes generated when it shouldn't be (bug #789)
- Include request attributes are not removed after a RequestDispatcher include (bug #790)
- Having web server serve static content fails after first request (bug #794)
- With default-app, web server cannot serve index/default files (bug #795)
- Invalid webapps can partially deploy when they should not deploy at all (bug #797)
- Unix installers sometimes fail to create installation directory (bug #801)
- The Max Sessions setting isn't being honored (Part 2) (bug #802)
Bug Fixes (ServletExec AS Specific):
- With SE AS, ServletContext.getServerInfo() can sometimes return wrong webserver info (bug #785)
- SE/AS built-in web server fails to start with JDK 1.3 (bug #786)
- SE/AS with IIS, Request headers cannot exceed 5k in length (bug #796)
- SE/AS installer can place duplicate instance entries in webadapter.properties (bug #799)
- SE/AS on Windows fails to install with Apache 2.x if Apache 1.3.x is present (bug #800)
Bug Fixes (JSP Specific):
- An inner class cannot be defined as a tag handler (bug #787)
ServletExec 5.0b1 (9/25/03)
---------------------------
New Features:
- Servlet API 2.4 support. This includes request listeners, filters invoked for a
RequestDispatcher include or forward and the setting of new request attributes for a
RequestDispatcher forward.
- JSP 2.0 support. This includes an Expression Language, JSP fragments, Simple Tag
handlers, tag files and the generation of debug information based on JRS-045.
- support for recompiling a JSP page whenever any of its dependent files is modified.
- JSTL 1.1 support.
- JSF 1.0 support
- Apache 2.0 support.
- Web Services support using JWSDP 1.2 or Axis 1.1.
- Customizable Session Tracking.
- ServletExec Server.
- Auto update of ServletExec AS adapter settings.
- Improved session monitoring.
- System Properties admin page.
- Web Application Environment Entries support.
- Web Application EJB References support.
Other Changes:
- ServletExec admin interface was moved to a web application and updated.
- Legacy servlets now run under context of default web application.
- Most .properties files were changed to XML files.
- Improved DataSource configuration.
- Removal of deprecated code (SSIServlet, TemplateServlet, JIServlet and JSP 0.91 Servlet).
- Removal of Servlet Security and IIS Security features.
Bug Fixes (General):
- Retrieving the attribute javax.servlet.request.X509Certificate doesn't return an array (bug #106)
- A servlet invoked by a request dispatcher include call can set response headers (bug #121)
- naming space for JDBC data sources is not correct (bug #271)
- Calling new InitialContext() from doFilter() gives ClassNotFoundException (bug #629)
- use of symbolic links can cause SE to fail to find a file (JSP, or static) (bug #725)
- Using / in the name of a webapp can cause it to fail (bug #734)
- getQueryString() returns null when a query string is forwarded. (bug #737)
- ClassNotFoundException in contextDestroyed() method (bug #743)
- log files become locked if contextDestoyed() throws exception (bug #744)
- Servlets that use chunked encoding will have connection closed on them (bug #746)
- Servlet.log files rollover without limit (bug #757)
Bug Fixes (JSP Specific):
- Infinite Loop occurs when a dynamically included jsp tries to do a forward (bug #607)
- JSPs recompiled after SE/webapp reload, even if JSP timestamp hasn't changed. (bug #608)
- Illegal chars in JSP are not escaped in XML view (bug #660)
- Exception if two JSPs in different web apps are compiled at the same time (bug #692)
- Absolute paths in web.xml element taglib-uri are not parsed properly (bug #759)
Bug Fixes (Web Application Security):
- Infinite loop occurs when prefix /* is used with Form authentication (bug #657)
- Web Application CLIENT-CERT authentication does not work (bug #754)
Bug Fixes (Session Tracking):
- SessionSwapping background thread remains suspended forever (bug #620)
- MaxSessions value is reset to 1024 (bug #624)
- Old session .data files sometimes hang around on the hard drive (bug #625)
- Session ID cookie is not returned to server on certain webapp requests (bug #658)
Bug Fixes (Admin):
- Mapping "/admin" to something other than ApplAdminServlet, breaks it. (bug #564)
- Updating monitor threads refresh interval causes null ptr exception (bug #606)
- Filter order in web.xml is arbitrarily changed (bug #623)
- Null Pointer when removing license key from ServletExec Admin UI. (bug #686)
- Web app servlets are not destroyed when they are removed or modified (bug #766)
Bug Fixes (ServletExec AS Specific):
- Apache Native Adapter leaks memory & file descriptors if request times out (bug #722)
- improper protocol shutdown (bug #723)
- memory leak - malloc of tmpcert never gets deallocated (bug #724)
- Native Adapter leaks memory if an error occurs when opening a socket (bug #735)
- Native Adapter does not declare global vars as static, causing possible namespace conflicts (bug #736)
Bug Fixes (ServletExec AS Specific - Windows only):
- StopServletExec.bat throws an exception, even though SE stops correctly. (bug #621)
- Only one servletexec.properties can be used with IIS. (bug #661)
- IIS Adapter fails to get host when request lacks a host header (bug #662)
- With IIS, Requests are sometimes matched to webapp context paths when they should not be (bug #716)
- ServletExec/AS installer fails if install web adapter only is selected (bug #779)
Bug Fixes (ServletExec AS Specific - Unix only):
- If SE/AS Unix installer aborts due to failure, it deletes entire install dir (bug #589)
- SE/AS Unix installer assumes installing instance and adapter (bug #590)
- SE/AS Unix installer assumes automatic server configuration (bug #591)