9. Issues fixed in this release

Microcontainer beans were being registered as MBeans on deployment. These MBeans are optional and provide some debugging information. This behavior has now been turned off by default. Microcontainer beans are no longer registered as MBeans on deployment by default.

The specific combination of JBoss Native, 64-bit hardware, and the -javaagent Java option caused systems to hang when executing the run.sh script. The script passed user supplied parameters to Java while making a call to check for the system architecture. The run.sh script is now modified to ignore user supplied parameters when making this call, and the script no longer hangs under this condition.

When a management tool used the ProfileService management interface (as the embedded console does) to update the ServiceBindingManager service, the mapping of the received information was incorrect. The received value for a binding's "fixedHostName" property was applied as "fixedPort" and vice versa. In most cases, both properties are "false" so this was harmless. However, if either property were true, this led to an incorrect binding upon server restart when the updated values were applied. This has been corrected and the mappings are now applied as expected.

When user-type-mapped types were used in ejbql aggregate functions like MIN and MAX, a CCE exception was thrown. This is now fixed and CMP fields of types mapped with user-type-mapping can appear in aggregate functions in the SELECT clause of an EJB-QL query.

The run.sh script now creates a file to track processes and make it easier to obtain process IDs, jboss.pidfile. See the JIRA for further details.

A status servlet error existed for <distributable> web apps. The Cache session manager had different attributes from the Web manager, but was perceived as the same JMX object because of a lack of case sensitivity. StandardManager used 'activeSessions' while the clustered version was 'ActiveSessions'. The code used by the servlet to render the status information can now detect and handle upper and lower case letters in the JMX attribute names for a session manager.

JBPAPP-544 fixed a security issue by removing the mapping for /status, leaving only the secure /web-console/status available. However, the unsecured /status was reincluded in JBPAPP-1146. This has been fixed by configuring the ROOT.war webapp's security. It solves the original problem of securing, and leaves the /status intact.

Running the Microsoft SQL server with Microsoft JDBC drivers 2.0 causes unstable builds in JBoss Messaging. This issue is created by the Adaptive Buffering being the default behavior for the driver as this only allows for large values ot be read once by using the get<Type>Stream method. The current workaround for this issue is to change the responseBuffering parameter of the JDBC connection URL from being adaptive, to being full (as it was for version 1.2 of the JDBC driver).

<url>jdbc:sqlserver://[host];database=[database];responseBuffering=full;</url>

Red Hat Enterprise Linux 5 users installing the JBoss Enterprise Application Platform rpm using yum must be subscribed to the Red Hat Enterprise Linux Extras channel in order to satisfy the Java requirement of JBoss Enterprise Application Platform with either the Sun or the IBM Java Development Kit.

Using session.createSQLQuery caused a memory leak because the equals and hashCode methods in NativeSQLQuerySpecification were incorrectly implemented, and concurrent use of LRUMap caused the map to grow larger than its maximum limit. These issues have been corrected and the memory leak no longer occurs.

The changes for JBPAPP-4471 caused an issue when users mapped non-JDK Serializable classes with SerializableType, and attempted to cache those values into a second level cache. SerializableType reported the classloader of java.io.Serializable as the classloader to use for deserialization. However, this classloader could not see into the classloader, or non-JDK classes.

The classloader from org.hibernate.util.SerializationHelper.deserialize(InputStream, ClassLoader) now attempts to resolve the classloader that needs to be deserialized. If it cannot do this successfully, it uses the context classloader from the current thread and the classloader that loads the Hibernate class.

The Query Cache required the session or entity manager to be closed and reopened before it will become effective because Hibernate compares the timestamp of a cached query with the timestamp of the current session when it retrieves a query from the cache. This has now been fixed, and Hibernate uses nextTimestamp() to fetch the current timestamp rather than the cached timestamp.

@CollectionId describes an identifier column for a bag (an idbag, for example). nullable should have been set to false explicitly. This has been corrected, and nullable is now set to false by default.

PostgreSQL failed to drop SchemaExport if constraint names changed. Hibernate now issues a cascade when it tries to drop a table, fixing the issue.

Hibernate uses StandardDialectResolver to guess the Hibernate dialect if the hibernate.dialect property is not found in the Hibernate properties file, hibernate.cfg.xml, or persistence.xml. StandardDialectResolver returned SybaseDialect if the database name it extracted from database metadata is Sybase SQL Server or Adaptive Server Enterprise. However, because SybaseDialect is deprecated, this caused some problems. The StandardDialectResolver now guesses the correct dialect to use if hibernate.dialect is not configured.

When scrolling a HQL query with join fetch on a collection, FetchingScrollableResultsImpl.last() did not move to the last result if the cursor was positioned after the last result. Instead, the cursor stayed in position after the last result. This could cause org.hibernate.exception.GenericJDBCException: could not perform sequential read of results. The fix for this issue ensures that the cursor moves to the last result, as expected.

When a column name was defined in backticks (`), @JoinTable and @JoinColumn mappings failed with AnnotationException when the column name with backticks was referenced. Hibernate now compares the referencedColumnName with the column's quote name rather than the table column's name.

getColumnSpan returned 0 when comparing entities with OneToOne mappings, even when comparing the same entity, which resulted in TypeMismatchExceptions. The algorithm of getColumnSpan has changed so that the column span can be identified by its identifier or unique key type.

LikeExpression did not handle the ignoreCase flag properly when ignoreCase was set to false. The correct SQL property like ? was built, but the flag inside getTypedValues was not used, and a lowercase value was always produced. This issue has been fixed, and lowercase or the original case is used when ignoreCase is set to false.

In a stateless session, queries load objects in a two-phase process: in the first phase, a temporary persistence context is populated with empty objects; in the second phase, the objects' member data is read from the database. If an object contains an association or a collection, the query performs a recursive call to the session's get() method. This clears the temporary persistence context.

If the parent object contained any other associations to be read as part of the second phase, Hibernate threw an assertion because the associations cannot be found in the persistence context.

This has been fixed by introducing a new method: org.hibernate.engine.PersistenceContext.isLoadFinished(). This method tells StatelessSession when to clean the temporary persistence context.

A bug in org.hibernate.cfg.OneToOneSecondPass code sometimes caused an org.hibernate.PropertyValueException when processing a one-to-one mapping. The exception occurred because when JOINs did not contain otherSideProperty, otherSideJoin retained old data instead of being null. The org.hibernate.cfg.OneToOneSecondPass code has been corrected.

Hibernate generated the wrong alias in the table-pre-class inheritance strategy in some situations. (See the JIRA for examples.) AbstractCollectionPersister now uses the key column aliases generated by Column.getAlias(Dialect,Table), so the table-pre-class inheritance strategy mapping is correct.

When a cache provider could not be found, a NoClassDefFoundError was thrown with the message:

net/sf/ehcache/CacheException

When a connection provider could not be found, a HibernateException was thrown with the following message:

Could not instantiate connection provider: " + providerClass

More informative messages are now thrown when these errors occur.

The iteration order of HashMaps and HashSets for JDK 6 caused the order of columns in union clauses or union subclasses to differ depending on whether JDK 5 or 6 was used. Since the change in column order is consistent across union clauses, the resulting queries were valid; however, this change could affect performance. The implementation of HashSet has been changed to LinkedHashSet, for identical performance between the different JDKs.

Hibernate could not previously be compiled under JDK 6 because the following classes did not fully implement JDK 6 interfaces:

A NoSuchMethodError occurred when an application required a method that was missing from these classes. The missing methods have now been implemented and this error no longer occurs.

When org.jboss.remoting.marshal.MarshallerLoaderHandler got a request for a class, it returned an instance of org.jboss.remoting.loading.ClassBytes. If MarshallerLoaderHandler was unable to find the desired class, then the returned ClassBytes object had a null value for the class byte array. However, org.jboss.remoting.loading.ClassByteClassLoader does not check for the possibility of a null byte array, so a NullPointerException resulted. JBREM-1184, which caused this issue, has been fixed.

On injection of a jBPM ProcessInstance to a Seam component, the process instance returned was registered for auto-save. This caused a performance issue, as the jBPM ManagedContext saves all instances in the autoSaveProcessesList when it closes. The code for returning a ProcessInstance on injection has been changed, and the process instance is no longer registered for auto-save.

An input sanitization flaw was found in the way JBoss Seam processed certain parametrized JBoss Expression Language (EL) expressions. A remote attacker could use this flaw to execute arbitrary code via a URL, containing appended, specially-crafted expression language parameters, provided to certain applications based on the JBoss Seam framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw. (CVE-2010-1871)

Red Hat would like to thank Meder Kydyraliev of the Google Security Team for responsibly reporting this issue.

A change to Seam's getInstanceFromFactory method to fix a concurrency issue caused some applications to enter a deadlock situation in a very specific combination of circumstances. The original fix to getInstanceFromFactory was revised, and the issue has not been observed since.

Seam was distributed with a copy of activation.jar in its /lib directory. This file is also supplied by JDK 6. The copy in Seam has been removed.

Rich:comboBox components in Seam apps created with seam-gen were missing the drop-down arrow graphic. This was fixed by modifying the cascading style sheet used to control the display of the component in a web browser. The arrow graphic is now displayed correctly.

Seam would fail if two components with the same class name were found on the classpath, with an error: "java.lang.IllegalStateException: Two components with the same name and precedence -", followed by the component and class names. Seam has been updated, and will now ignore any duplicate classes. When duplicate components are encountered with the same classname, the first one encountered will be loaded, and any subsequent components on the classpath with the same classname will be ignored.

MockServletContext was unaware that JBoss Enterprise Application Platform 5 used the Virtual File System. It therefore attempted to access URIs as files. MockServletContext now recognizes the web application root and fetches the path of the URL class, ensuring that the protocol does not form part of the java.io.File constructor parameter.

Seam-gen templates used resource:// for objects that were not on the classpath. This resulted in an error when trying to transform a RichFaces template (XCSS) into a CSS file. Seam-gen no longer uses resource://, fixing the issue.

When hot deployment was used for EARs that contained multiple WAR files, the first web application accessed worked correctly, but web requests to subsequent web applications caused a NullPointerException. This occurred because the application context was not set up when the hot deployment filter ran. Each operation related to web application context now checks for the current javax.servlet.ServletContext, resolving the issue.

When using the web services page of the Seambay example in Internet Explorer 8, values entered in the username and password fields do not propagate to the request area because of an undefined JavaScript object. This has been corrected.

The Tasks example did not work correctly in Internet Explorer 8. When "Undo this Task" is selected on the Resolved Tasks page, the task returns to the Tasks page, but does not disappear from the Resolved Tasks page. This issue has been fixed by turning off Ajax request caching.

Resources from the resource servlet, such as CAPTCHA images, were cached by the browser and did not re-render correctly because of incorrect response headers in org.jboss.seam.captcha.CaptchaImage. The response headers have been corrected so that this no longer occurs.

In Seam mail, attachments were not always included inline, so attachments were not visible in some mail clients. The patch for this issue was backported from JBSEAM-4630, and attachments should now be visible.

If ELSupport.coerceToType was called with an BigDecimal instance as the first Parameter 'obj' and BigDecimal.class as type, the BigDecimal would be converted into a double and back into a BigDecimal which would lead to a different value being returned.

This was addressed upstream, and was fixed in JBoss Enterprise Application Platform 5.1.0 by changing the Seam dependency on JBoss-EL to 1.0_02.CR5.

ELSupport.coerceToType now returns an input value when it is assignable to the given type.

org.jboss.seam.transaction.EjbSynchronizations did not comply with Java specifications. As stated in http://java.sun.com/blueprints/guidelines/designing_enterprise_applications/transaction_management/qanda/index.html, classes that implement SessionSynchronization may not have TransactionsAttribute TransactionAttributeType.SUPPORTS. TransactionsAttributeType.SUPPORTS has been replaced with TransactionsAttributeType.REQUIRED.

org.jboss.seam.core.Interpolator did not report exceptions and printed warnings with limited information. Exceptions are now reported, and warnings are more informative.

Seam JMS support did not work after failover to a slave node because the topicConnection field in the SubscriptionRegistry object became invalid when the connection to the master node failed. Subsequent calls to SubscriptionRegistry.subscribe() failed with SpyJMSException, and JMS subscriptions no longer worked even if the master node revived. This issue has been fixed.

A typographical error existed in the message logged by the org.jboss.seam.async.AsynchronousExceptionHandler when handling "Exeception thrown while executing asynchronous call". "Exeception" should be "Exception". This has been fixed.

Requirements have changed between JBoss Enterprise Application Platform 4.x and JBoss Enterprise Application Platform 5.x such that page-level messages.properties in the ResourceLoader must be stored in META-INF/classes or they will not work. The documentation is not explicit about this. This issue has been fixed.

Initialization.redeploy included code that created a new lock and then locked it immediately. This did not provide any level of protection, and could cause problems in debug mode. This has been fixed by removing the lock completely.

The SeamSpace testCreateBlog failed with a NullPointerException on IBM JDK 1.6. The getIdentifier method now behaves correctly on JDK 1.6.

In profiles other than production, MockResponseStateManager did not override ResponseStateManager#isPostback. This meant that both Faces and non-Faces requests were evaluated as postbacks. A isPostback(FacesContext context) method has been added into org.jboss.seam.mock.MockResponseStateManager, which overrides the old method and allows NonFacesRequest to recognize postback.

JAX-RS web services executed within an EJB transaction cannot use Seam HTTP authentication. HTTP requests to a web service protected by AuthenticationFilter split into two seperate ContextualHttpRequests. In the second one, it is not possible to look up EjbSynchronization beans, so Component.getInstance("org.jboss.seam.transaction.synchronizations", ScopeType.EVENT) fails with NoSuchEjbException.

This issue has been fixed.

s.tld in jboss-seam.ui.jar/MANIFEST.MF contained attribute entries that were defined incorrectly according to the XML Schema for the JSP Taglibrary descriptor. This has been fixed with the upgrade to Richfaces 3.3.1.SP1.

The Seam Chatroom example threw an EJBTransactionRolledbackException when a user attempted to log in. This exception did not influence the application's functionality, and has been fixed with an update to JBoss Cache.

The /status servlet was accessible from http://localhost:8080/status?full=true without authentication. (CVE-2008-3273)

This issue has been fixed and the servlet now requires authentication.

The parsing and deploying mechanism for hibernate.cfg.xml was unstable. This resulted in an inability to use regular Hibernate property names, because properties had to be mapped to the org.jboss.hibernate.jmx.Hibernate class. The original set of parsed key/value pairs is now inserted into the o.j.h.hmx.Hibernate objects via a new setProperties(Set<BaseNamedElement>) method. The start() method then builds the configuration from that set of properties.

Several typographical errors in the Seam Reference Guide have been corrected.

The section on Running as a Service on Windows in the Installation Guide listed incorrect long and short service names, and an incorrect location for the service.bat script. This has been corrected.

The RuleBasedPermissionResolver requirements for Drools 5 were out of date. This resulted in incorrect information being presented in the documentation. The out of date information has been replaced with up-to-date, accurate content.

The Seam Reference Guide contained some duplicate information, which has been removed.

The 'Charting' section in the Seam Reference Guide was missing information on <p:chart> tags. This has been corrected with a description; 'displays a chart already created in Java by a Seam component.'

Seam reference documentation source code blocks did not have syntax highlighting, which made the source code difficult to read. This code has all been updated with the correct highlighting.

The Seam Reference Guide was missing callout numbers in example code blocks. This made it difficult to connect the code and the accompanying explanatory notes. This has been fixed by introducing callouts.

"Using Seam with JBoss Tools" in the Seam Reference Guide has not been revised for use with JBoss Enterprise Application Platform and should be considered obsolete.

The documentation how now been fixed and updated.

ServerConsumerEndpoint.localClose() threw a NullPointerException during shutdown. This has been corrected with an updated version of JBoss Messaging.

When unicode multibyte characters are used in a message Selector, JBoss Messaging throws a TokenMgrError.

This issue has been fixed, and multibyte characters are now allowed.

When JBoss Transactions is upgraded from version 4.4.0 to version 4.6.1, the JBoss Messaging XAResourceRecoveryTest fails. The test is meant to simulate a failure during the commit process to prompt the Recovery Manager to recover the transaction, but with JBoss Transactions 4.6.1, the transaction is not recovered.

This issue has been fixed and a new test has been created to work with the change in transactions behaviour.

Testing has revealed issues with the way Enterprise Application Platform 5.1.0 handles the transfer of many large files without MTOM enabled. Customers should note that MTOM should be enabled to transfer large files, and this kind of service consumes a high amount of memory. However, if you choose not to use MTOM, you can implement the following to stop your Application Server crashing:

The web services context example did not work, and threw a ClassCastException. The example has been patched and now works as expected.

When a method with an additional namespace for a header parameter was invoked after a method that did not have this additional namespace, the wrong namespace was used in the SOAP operation when the method was serialized. The issue has been fixed by correcting the way transitions are made between Java Objects and XML, so that the final SOAP Message is generated with correct namespaces.

The doc/examples/jboss-web-services-examples context caused a number of exceptions to occur. This context error meant that the JBoss Web Services examples would not work correctly. The example code was modified as per JBPAPP-2995, and the examples now run correctly.

Sun JAXB silently accepts messages with non-fatal errors where they should be rejected. The fix for JBPAPP-2114 corrects this, so that badly-formed messages are rejected.

An IndexOutOfBoundsException occurred in the POJOResourceFactory because the interface was annotated instead of the implementation. Support has been added for annotated interfaces.

When an application that uses JPA or Hibernate is configured to use a clustered Hibernate second-level cache, it introduces an explicit dependency on the application server's CacheManager Service. This dependency is not recorded in the application server's service dependency system, so when the Platform is stopped, the CacheManager may shut down before the application. This causes a WARN message in the log when the application shuts down. This issue leads only to warnings in the error log and has been fixed with a HA Server Cache upgrade.

ha-server-cache-jbc has been upgraded to 2.0.3.Final.

When using SystemMemoryUsageLoadMetric, mod_cluster prioritizes dispatching requests to a machine that is using system memory higher than other machines. The metric returned its 'load' as 'free memory' instead of the expected 'used memory'. This has been corrected and the error no longer occurs.

org.jboss.modcluster.demo.servlet.ThreadCountLoadServlet has been removed from mod_cluster but is still specified in the web.xml file belonging to load-demo.war. This results in deployment errors. This issue has been fixed and the non-existent servlet has been removed.