**************************************************************************
* This hotfix contains only those components that are relevant for the *
* configuration stated below. *
* *
* Hotfixes are cummulative, so they contain all the fixes found in their *
* previous hotfix (and patch) counterparts. *
* *
* Directions to apply this hotfix are at the very end of this file. *
**************************************************************************
09.05.2007
ReleaseNotes.txt for the ServletExec AS for Unix September 2007 hotfix.
ServletExec50.jar was updated to v5.0.0.14 to fix the following bugs:
- bug #1575: ServletExec.log.1 grows without limit (in rare conditions)
- A refix of bug #2443: No error displayed when ServletExec.log fails to rollover
- bug #2569: Abandoned & Swapped sessions are never cleaned up
- bug #2653: Submitting Role-Mapping form with 20 or more rows gives ArrayIndexOutOfBoundsException
- ServletExec.getDocumentBuilder() now restores the classloader inside a finally block
- Added a more complete fix of bug #2111: ClassNotFoundException if tagclass in TLD is surrounded by whitespace
- bug #2792: Unable to configure the default request encoding
This is now configurable by passing a System property to the JVM at JVM startup time.
For example to change the default request encoding from 8859_1 to UTF-8:
-Dcom.newatlanta.servletexec.request.url.encoding=UTF-8
- bug #2816: Sessions lost across a webapp restart when using JVM 1.6
ServletExec_Adapter.so for SunONE was updated to v5.0.0.14 w/ the following
changes:
- NSAPI callbacks [crit_init(), crit_enter(), crit_exit] to synchronize
socket pool use were replaced with calls to pthread_mutex_XXX() functions
which work better on Solaris.
- Added a new debug flag [_DEBUG_GENERAL_FLOW].
When enabled, it tracks basic code flow in the NSAPI adapter's filter
& service functions.
- removed use of _DEBUG_CONN_POOL flag. Messages that were triggered
by that flag are now triggered by the generic _DEBUG flag, thus making
that flag more verbose.
===============================================================================
08.26.2006
ReleaseNotes.txt for the ServletExec AS for Unix August 2006 hotfix.
ServletExec50.jar was updated to v5.0.0.13 to fix the following bugs:
- bug #2456: StringIndexOutOfBoundsException occurs when embedded session id is truncated
- bug #2472: Mapping of webapp role to container role may be undone in rare cases
- bug #2474: SE does not enforce transport guarantee for confidential (or integral)
- bug #806: Request parameters disappear after Form-based login
- bug #2502: ServletContext.setAttribute("name", null) causes NullPointerException
===============================================================================
05.09.2006
ReleaseNotes.txt for the ServletExec AS for Unix May 2006 hotfix.
ServletExec50.jar was updated to v5.0.0.12 to fix the following bugs:
- bug #2283: Request.getCharacterEncoding() sometimes returns null when it should not
- bug #2317: Using %2500 in the querystring causes StringIndexOutOfBoundsException
- bug #2344: Value attribute of setProperty action cannot be EL construct that
evaluates to a non-String Object
- bug #2434: Response.encodeRedirectURL() fails to embed the session ID when
passed an httpS url
- bug #2443: No error displayed when ServletExec.log fails to rollover
===============================================================================
12.20.2005
ReleaseNotes.txt for the ServletExec AS for Unix December 2005 hotfix.
ServletExec50.jar was updated to v5.0.0.11 to fix the following bugs:
- bug #2089: JSP won't compile when certain custom tags implement TryCatchFinally
- bug #2111: ClassNotFoundException if tagclass in TLD is surrounded by whitespace
- bug #2225: Closing 1 JDNI InitialContext instance causes subsequently
created instances to be closed too
The SE AS native adapters were updated to v5.0.0.11 to fix the following bug:
- bug #1959: A stopped SE AS instance can delay requests
webadapter.properties must contain the following line to get behavior that
fixes bug #1959:
servletexec.multiInstanceMode=enabled
===============================================================================
08.16.2005
ReleaseNotes.txt for the ServletExec AS for Unix August 2005 hotfix.
ServletExec50.jar was updated to v5.0.0.10 to fix the following bugs:
- bug #2050: ClassCastException when calling
Request.getAttribute("javax.servlet.request.key-size")
- bug #2064: Request.getRemoteUser() gives incorrect value in certain
situations
- bug #2074: Potential security risk with the default error page for a JSP
that is not found
- bug #2078: Attribute Listener code is not called when the session is manually
invalidated
- Removed the fix for bug #1818 that was added in the previous hotfix.
That bug may never have existed in the first place, and its "fix"
was causing certain sessions to be lost across a webapp restart due to a
failure in the session attribute deserialization process.
===============================================================================
06.07.2005
ReleaseNotes.txt for the ServletExec AS for Unix June 2005 hotfix.
ServletExec50.jar was updated to v5.0.0.09 to fix the following bugs:
- bug #1813: Using '-' character in a taglib prefix causes the JSP compile
to fail
- bug #1818: Unable to load classes whose Class.getName() is of the
form "[L<classname>;"
- bug #1824: unicode strings longer than 64k may be broken in the middle of a
unicode character
- bug #1833: ServletContext.getResourcePaths() throws NullPointerException
when passed a nonexistent path
- bug #1870: NullPointerException occurs when response.setHeader("val", null)
- bug #1921: Custom tags that use a full closing tag as in <a:b></a:b> should
be treated the same as those that don't as in <a:b/>
- bug #1926: Webapp custom classloader does not make use of JAR index
(INDEX.LIST) if present
This new feature can improve classloader performance (webapp
initialization & execution) for the following cases:
1. when loading a class that's inside a webapp, for the 1st time
(classes have always been cached after the first load)
2. when loading a resource via getResourceAsStream()
(resources have never been cached by SE)
To use this feature:
a. Utilize the -i option of the jar tool to generate a Jar Index
for as many JARs (in WEB-INF/lib) as you wish
(multiple INDEX.LIST files can be used).
b. Pass an init parameter named
com.newatlanta.servletexec.useJarIndex
to your webapp with a value of true.
A JVM System Property by the same name could also be used
to enable this globally for all webapps.
c. See http://java.sun.com/j2se/1.5.0/docs/guide/jar/jar.html
for more information about the JAR Index mechanism.
- bug #1987: Custom tag attribute validation is not enforced for nested tags
- Also fixed a NullPointerException introduced by the bugfix for bug #785:
"With SE AS, ServletContext.getServerInfo() can sometimes return
wrong webserver info". This would only occur in the rare case that a servlet
running inside SE AS causes response headers to be sent to the client
while running inside it's own privately spawned thread.
The SE AS native adapters were updated to v5.0.0.09 to fix the following bug:
- bug #1149: Using ';' character in querystring gives 404
That bug was originally thought to only exist in ServletExec50.jar and
was fixed there in a previous SE 5.0 update/hotfix, but was later found
to exist in the native adapters also and so now we fix it there too.
ServletExecAdmin.jar was simply carried over (unchanged) from the
previous hotfix.
===============================================================================
12.21.2004
ReleaseNotes.txt for the ServletExec AS for Unix December 2004 hotfix.
ServletExec v5.0.0.08
ServletExec50.jar was updated to fix the following bug:
- bug #1624: No error displayed when admin GUI changes fail to be written to web.xml
ServletExecAdmin.jar was updated to fix the following bug:
- bug #1520: The Admin UI should list virtual servers alphabetically
All other components were simply carried over (unchanged) from the previous
hotfix, so they are still v5.0.0.07
===============================================================================
10.11.2004
ReleaseNotes.txt for the ServletExec AS for Unix October 2004 hotfix.
ServletExec v5.0.0.07
The JAR was updated to fix some bugs.
The native components were updated simply to reflect the current version
[v5.0.0.07] (to avoid confusion).
ServletExec50.jar fixes the following bugs:
- bug #0193: HttpServletRequest.getRemoteUser() returns null when NTLM/IWA Authentication is used
- bug #1391: Custom classloader is not as optimized as it could be
- bug #1430: Character encoding not being honored for the body of a custom tag
- bug #1438: Webserver default pages not found if default-app deployed without welcome files
[introduced by the fix for bug #1075 in p03]
- bug #1440: No error occurs if a non DataSource class is configured as a DataSource
- bug #1441: Datasource disappears from Admin UI if datasources.xml uses empty body tags
- bug #1442: Datasource properties disappear from admin UI if an invalid value is specified in datasources.xml
===============================================================================
Here is a history of the SE 5.0 bugs that were fixed in
previous 5.0 "patches", and whose fixes are included
in all 5.0 hotfixes (based upon configuration):
from p06
--------
- bug #606: Updating monitor threads refresh interval causes null ptr exception
This bug also occurs with the Monitor Requests and Monitor Sessions page.
This patch fixes it for those pages as well.
- The SE Admin UI no longer throws a NullPointerException when it encounters:
bug #806: "Request parameters disappear after Form-based login"
(Note: This is NOT a fix for that bug)
- bug #1307: 404 is sometimes returned when request for a static file uses a querystring
an updated version of ServletExec_Adapter.dllIIS32bit which fixes the following IIS-specific bug:
- bug #1292: A single SE AS adapter only allows up to 100 SE AS Java instances
This patch includes updated native adapters for SE AS which address the following bugs:
- bug #1334: Graceful shutdown of SE AS instance can sometimes cause high CPU usage by native adapter
(bug #1334 may occur with Apache 1.3.x, IIS, or iPlanet, but not with Apache 2)
- bug #1347: An invalid request URI can sometimes cause the webserver to crash
from p05
--------
- bug #1139: request.setAttribute("attName", null) does not remove the attribute
- bug #1149: Using ';' character in querystring gives 404
- bug #1185: Includes fail when filter is invoked
and updated versions of ServletExec_ISAPI.dll & ServletExec_NSAPI.dll
which fix the following bug:
- bug #1212: Java VM Hotspot Error occurs during Windows XP shutdown
This patch also includes updated native adapters for Apache 1 & Apache 2
(all supported platforms).
These updated adapters add a new feature in which the name of the SE instance
to which the request is to be routed is stored in apache's request notes table.
This allows the option of using Apache's mod_log_config() to log the SE
instance name that serviced a request, on a per-request basis.
Search the mod_servletexec.c source file for the SE_INSTANCE_NAME_KEY
for comments in the code which provide more information.
from p04
--------
This patch includes updated native adapters for SE AS which address the
following bug:
- A refix of bug #1099: Native adapter can sometimes fail to read all
response data
- bug #1108: Socket pool configuration settings are ignored when Apache 2 is
running in multi-threaded mode
from p03
--------
This patch contains patched versions of both native and Java components.
The Java component is ServletExec50.jar, and is for use with all configurations
of ServletExec.
ServletExec50.jar adds fixes for the following bug(s):
- bug #1075: IIS 6 unable to serve static content for welcome file requests
to certain webapps
- bug #1087: 'data already sent to client' error occurs if an errorPage is
used and an exception occurs after an include
ServletExecAdmin.jar is the same one that came with patch #2
Bug fixes in various native 5.0 adapters include:
- bug #1038: SE installer displays failed to configure filter message
- bug #1071: Unable to use uppercase letters in hostnames specified in
adapter configuration file
- bug #1075: IIS 6 unable to serve static content for welcome file requests
to certain webapps
- bug #1095: SE AS performs slowly on IIS 6
- bug #1096: Adapter connection/socket pooling code should be more defensive
- bug #1099: Native adapter can sometimes fail to read all response data
from p02
--------
This patch contains patched versions of both native and Java components.
The Java components are ServletExec50.jar (patch level 2) and
ServletExecAdmin.jar. Both Java components are patches for all configurations
of ServletExec.
ServletExec50.jar adds fixes for the following bug(s):
- bug #874: Sometimes session is not found with MacOS browsers
- bug #885: Class.getPackage() returns null
- bug #891: Request for header with no user-agent throws a null pointer
exception
- bug #902: ClassCastException is thrown from JSP in rare cases
- bug #910: SE admin UI does not indicate the patch level of the ServletExec
JAR file
- bug #924: Java Server Faces - JSFbeta - a NullPointerException is thrown
when running guessNumber.war example
- bug #959: Synchronized JSP or Servlet code can cause JVM-wide blocking
(or be blocked) in rare cases
- bug #966: The Response wrapper from a filter is ignored when SE returns the
default 404 response
- bug #967: Multiple doc roots not being recognized
ServletExecAdmin.jar fixes the following bug(s):
- bug #910: SE admin UI does not indicate the patch level of the ServletExec JAR file
- bug #971: Add webapp page of SE AS admin UI incorrectly says that webadapter.properties requires manual update
Note: If you update your ServletExecAdmin.jar then you must also update your
ServletExec50.jar
The native components are at patch level 1 (since they are the first
patch to those components in 5.0), and their use does NOT apply to all
configurations. In other words, each native component applies to only
one OS/Web Server combination.
Consult the SE 5.0 Installation Guide in order to learn which native component
your SE installation uses and where it resides.
The patched native components include:
For Windows:
ServletExec_Adapter.dll.IIS32bit
ServletExec_Adapter.dll.IIS64bit
ServletExec_Adapter.dll.SUNONE
ApacheModuleServletExec.dll.APACHE1.3.x
ApacheModuleServletExec.dll.APACHE2.x
For Unix:
ServletExec_Adapter.so.SUNONE_SPARC
ServletExec_Adapter.so.SUNONE_LINUX
ServletExec_Adapter.so.SUNONE_HP-UX
ServletExec_Adapter.so.SUNONE_AIX
mod_servletexec.c (for apache 1.3.x on Unix)
mod_servletexec2.c (for apache 2.x on Unix)
The IIS and iWS/SunONE adapters include fixes for bugs #886 & #929
The Apache adapters include fixes for bugs #886, #956, & #958
Here is more information about the bugs fixed in the native adapters:
- bug #886: A single SE AS adapter only allows up to 50 SE AS Java instances
- bug #929: Adapter may sometimes use an outdated alias cache more than once
- bug #956: Unable to Post more than 48k to a servlet running behind Apache 2
- bug #958: Protocol between Apache2 se-adapter & se-java may fail (NEVER reported or reproduced)
from p01
--------
- bug #813: Filters can't redirect or setStatus if requested resource does
not exist and 404 mapping exists
- bug #814: Response status code is not set correctly for Error Page mappings
- bug #815: Requests for /WEB-INF or /META-INF resources return 403 status code
- bug #822: If servlet set to load-on-startup throws error no subsequent app's
servlets are executed. (actually this bug had already been fixed
in the unpatched SE 5.0 final, and so should not have been
mentioned in this list).
- bug #823: Outdated XML parser in webapp prevents successful deployment
- bug #826: ejb-ref classes not found unless in the main SE classpath
- bug #850: Incorrect classloader used when invoking error pages mapped to
status codes
===============================================================================
How to apply any SE hotfix
--------------------------
Generally this involves:
1. Stopping SE and the webserver
2. Renaming the component to be hotfixed
3. Putting the hotfixed component in place of the un-hotfixed component
(giving it the original name of the un-hotfixed component)
The specifics of doing this can vary based on which component you are updating.
Consult the ServletExec 5.0 Installation Guide to learn which components were
installed with your configuration of ServletExec and where those components
reside, so that you will be able to hotfix them if hotfixed versions were
provided in this hotfix.
- ServletExecXX.jar can typically be found in the
<ServletExec Install Directory>/lib/ directory.
- Locations for native components (.so's) will vary with webserver brand.
How to apply a ServletExec_Adapter.dll or .so hotfix to an existing
SE 5.0 installation
------------------------------------------------------------------
1. Stop the web server (IIS, SunONE, or Apache).
NOTE: With IIS this involves stopping the IIS Admin Service
from the Services Control Panel.
2. Stop ServletExec.
3. Locate the existing adapter that your webserver is currently
using.
The location and name of your existing/unhotfixed SE adapter depends upon
which webserver you are using.
First look in the appropriate chapter of the SE 5.0 Installation Guide
under the "What was installed" section to learn the default location for
your adapter.
If using iWS/SunONE or Apache, then you may also learn this infomation by
looking in your webserver's config file (magnus.conf, obj.conf, or
httpd.conf)
Once you have located it, rename it to something else.
4. If your hotfixed adapter (from the SE hotfix ZIP file) has been provided in
prebuilt form (.dll, or .so) then place it where the original/unhotfixed
adapter resides, making sure to rename it accordingly.
Here are some examples:
a. If using SE 5.0 AS on Windows with Apache 2.x as your webserver, you could
look in your httpd.conf to learn the location of the unhotfixed SE Adapter DLL
file that's currently in use (typically this would be at:
<apache-home>\modules\ApacheModuleServletExec.dll
Then you would rename it to something else such as ApacheModuleServletExec.dll.orig
and then put ApacheModuleServletExec.dll.APACHE2.x (from the hotfix ZIP) in its
place, renaming it to remove the ending ".APACHE2.x" portion of its name.
b. If using iWS 4.x then look in obj.conf.
c. If using iWS 6.x or SunONE, look in magnus.conf.
d. If using SE 5.0 AS on Windows with IIS, the default location is:
C:\Inetpub\Scripts\ServletExec_Adapter.dll
5. If you are using Apache on Unix then your hotfixed adapter (from the SE
hotfix ZIP file) is delivered in source file form (.c file) and you will
need to build it yourself.
Here is how:
a. Copy the appropriate hotfixed adapter source file into an empty folder.
If using Apache 1.3.x on Unix... the file is mod_servletexec.c
If using Apache 2.x on Unix... the file is mod_servletexec2.c
b. If the adapter you need is mod_servletexec2.c, then once you have it
copied to an empty folder, rename it to mod_servletexec.c
(i.e. remove the '2' from it's name)
c. Build the adapter.
The exact command used to build the adapter for Apache on Unix may differ
depending upon the Apache version and the platform (Solaris, Linux, HP-UX, AIX, etc...).
Because of this, you should examine the /tmp/SEinstall.log file to locate the exact
command that was used to build the original/unhotfixed version.
The command involves the use of apxs. For example with Apache 1 on Solaris, the command
looks something like this:
<apache install dir>/bin/apxs -i -a -c -n servletexec mod_servletexec.c
And with Apache 2 on Linux, the command looks something like this:
<apache install dir>/bin/apxs -n servletexec -i -a -c -D XP_UNIX mod_servletexec.c
Note that if you are using a less common Unix variant such as HP-UX,
you'll need to invoke apxs a bit differently.
As an example, here is how the SE 5.0 installer invokes apxs for
Apache 2 on our HP-UX 11.11 box and it works fine:
<apache install dir>/bin/apxs -n servletexec -i -a -c -D XP_UNIX -D APR_WANT_BYTEFUNC mod_servletexec.c
And here is an example of how the SE 5.0 installer invokes apxs for
Apache 1 on our AIX 5.3 and it works find:
<apache install dir>/bin/apxs -n servletexec -i -a -Wl,-bE:mod_servletexec.exp -c -D XP_UNIX
mod_servletexec.c
If you get an Error saying that it could not find mod_servletexec.exp, then you just need
to create that file alongside the mod_servletexec.c file. Here is a command to do that:
echo servletexec_module > mod_servletexec.exp
Then try invoking apxs again.
Locate your platform's 1-line command in your SEinstall.log file, and issue it
against the hotfixed version manually from the command line.
Whether using Apache 1 or Apache 2, the final name of the module should be
"mod_servletexec.so", and you should see that file appear where the
original/unhotfixed version resides to confirm that you truly have the
newly built, hotfixed version in place.
|
