httpd

1182341 - httpd22 service is not enabling the right MPM

Prior to JBoss Web Server 2.1.1, it was not possible to use the worker MPM. This is because the systemd unit explicitly called the httpd prefork binary. This is resolved by updating the systemd unit so that it uses the HTTPD variable defined in the sysconfig file, or prefork, by default.

1292824 - httpd22: rpm scripts act on httpd.service rather than httpd22.service

httpd22 package for EL7 provides a service file named httpd22.service. The rpm scripts are now updated to use that name and not to use httpd.service

httpd,openssl,tomcat-native

1342073 - Upgrade openssl from 0.9.8 to 1.0.2h

Added support of TLSv1.2 and new ciphers. This is because openssl 0.9.8 is end of life and no longer supported. SSLv2 and SSLv3 and some unsafe ciphers have been removed.

1358118 CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [jbews-2.1.0]

1338646 CVE-2016-3110 CVE-2016-3110 mod_cluster: remotely Segfault Apache http server

1337151 CVE-2016-2105 CVE-2016-2105 openssl: EVP_EncodeUpdate overflow [jbews-2.1.0]

1337155 CVE-2016-2106 CVE-2016-2106 openssl: EVP_EncryptUpdate overflow [jbews-2.1.0]

1182872 CVE-2014-3570 CVE-2014-3570 CVE-2015-0204 openssl: various flaws [jbews-2.1.0]

1305629 CVE-2014-0226 httpd: changelog typo for previous release notes relative to CVE-2014-0226

1219591 - /var/run/httpd22 file is deleted after reboot

Prior to EWS 2.1.1, when a rhel-7 server reboots the /var/run/httpd22 file was deleted and it was not possible to start the httpd22 service again. This was resolved by adding the directory to the system’s tmpfiles.d configuration so that the system recreates the directory after every reboot.

1305580 - httpd supplied jb-ews-2-for-rhel-6-server-rpms deplist is missing apr-util-ldap

Included a sub-package that contains the ldap dependency. apr-util-ldap is in an optional RHEL7 channel, therefore the new sub-package is added, customers using ldap authentication need to install it with the dependency.

1251796 - Need 2048-bit DH support for JWS HTTPD

OpenSSL is updated to version 1.0.2h allowing to append newly generated DH_PARAM key to default certification file localhost.crt.

After installing httpd and running .postinstall script use few more commands to extend default certification file if needed. Run openssl provided by zip/rpm package with <path_to_provided_openssl_folder>/openssl dhparam -out dh_2048.pem 2048 for generating DH_PARAM with 2048-bit key. Append the content of dh_2048.pem to localhost.crt created by .postinstall script. httpd/conf.d/ssl.conf should show the destination of file. Now, start the httpd server.

The server starts with extended Server Temp Key: DH, 2048 bits. You can verify it by running <path_to_provided_openssl_folder>/openssl s_client -connect localhost:443 -cipher DHE-RSA-AES256-GCM-SHA384.

1342071 - Upgrade mod_jk to 1.2.41

Previously in JBoss Enterprise Web Server, an outdated version of mod_jk was included in the product. This is now fixed in JBoss Enterprise Web Server 2.1 by including mod_jk version 1.2.41, which incorporates the required miscellaneous bug fixes into the product.

httpd,mod_cluster

1309598 - ProxyErrorOverride On disables workers when a 50x error code is returned by the backend server

When a VirtualHost uses ProxyPass to proxy traffic, the backend uses ProxyErrorOverride to host custom error pages on the Apache httpd side. When the backend replies with a 50x error code mod_proxy/mod_cluster marks that worker as down, breaking the session stickiness. This issue is fixed.

1339966 - upgrade mod_cluster native to 1.2.13.Final

Previously in JBoss Enterprise Web Server, an outdated version of mod_jk was included in the product. This is now fixed in JBoss Enterprise Web Server 2.1 by including mod_jk version 1.2.41 is included which incorporates the required miscellaneous bug fixes into the product.

1342074 - Upgrade mod_cluster from 1.2.12.Final to 1.2.13.Final

Previously in JBoss Enterprise Web Server, an outdated version of mod_cluster was included in the product. This is now fixed in JBoss Enterprise Web Server 2.1 by including mod_cluster version 1.2.13 is included, which incorporates the required miscellaneous bug fixes into the product.

mod_jk

1328231 - mod_jk Segmentation fault when trying to resolve unknown host

mod_cluster

1338642 - mod_cluster undersizes the connection pool

The connection pool was undersized causing the ping to fail when all connections of the pool were used. Causing the following error message: [error] (70007)The timeout specified has expired: proxy: ajp: failed to acquire connection for …​

This is fixed to increase the connection to ThreadsPerChild+1.

1340958 - UpperCase Alias never matches any context

The worker virtual host aliases were treated as case-sensitive. So, one FQDN used as an alias, typed once upper case and once lower case were treated as two different aliases. This issue is fixed in this release. All aliases are converted to lower case. For example, EXAMPLE.COM or example.com, alias is handled as the same alias.

mod_cluster

1338644 - Add JVMRoute or node identifier to httpd/mod_cluster errors

Mod_cluster error messages used to state merely the fact that an error occurred. With this patch, the offending worker’s JVMRoute is printed in the log so as it is easier for user to determine the cause of the problem.

1338641 - StickySessions does not work for ProxyPass from unenabled context

The StickySessions works for ProxyPass from unenabled context. This has been fixed in this release.

httpd

978978 - Unexpected differences in httpd/include/ap_config_layout.h in ZIP and RPM

In JBoss Enterprise Web Server 2.1.1, the following C macros are available in the ZIP distribution but are not present in the RPM distribution in httpd/include/ap_config_layout.h:

#define DEFAULT_EXP_LIBEXECDIR "/usr/lib/httpd/modules" 
#define DEFAULT_REL_LIBEXECDIR "/usr/lib/httpd/modules" 
#define DEFAULT_EXP_INSTALLBUILDDIR "/usr/lib/httpd/build" 
#define DEFAULT_REL_INSTALLBUILDDIR "/usr/lib/httpd/build"

1362188 - EWS 2.1.1 CR1: snmp module doesn't response at solaris sparc

SNMP does not respond on the defined port in the snmpd.conf file in solaris sparc.

1025057 - SSLProxyMachineCertificateFile doesn't support PKCS#8 key format

In JBoss Web Server, when a PKCS#8 key generated by OpenSSL is used, JBoss Web Server displays the following error and then terminates:

incomplete client cert configured for SSL proxy (missing or encrypted private key?)

The PKCS#8 format is not supported by mod_ssl, as mod_ssl uses different functions when loading the proxy key pair.

This is a known issue in JBoss Web Server 3.0. As a workaround, convert from PKCS#8 to the raw PEM encoding of the RSA key and use "openssl pkcs8".

1362029 - EWS 2.1.1 CR1: snmp module ignore conf setup

The SNMP module does not start on the defined port specified in the snmpd.confand uses the default port. In order to make the httpd read the snmpd.conf correctly, the solution is to place it under httpd's conf/ directory, the directory in which httpd.conf resides.

1358422 - LD_LIBRARY_PATH entries exported in Unix session are overridden in apachectl script

When LD_LIBRARY_PATH content was overwritten by apachectl, you cannot set it before starting apachectl. The workaround is to add $LD_LIBRARY_PATH after : on the line: export LD_LIBRARY_PATH="$currentDir/lib: in the apachectl script.

1133129 - Request to resolve upstream bug 39737

On Windows, the access log format "%{tid}P" logs invalid thread IDs.

1360822 - EWS 2.1.1 CR1: snmp module contains discrepency in snpm.conf.sample at windows

The Httpd does not start due to missing "modules/" prefix before declaring .so files in conf.d/mod_snmpd.conf.sample.

The workaround is to add "modules/" prefix to libsnmpcommon.so and libsnmpmonagt.so.

The conf.d/mod_snmp.conf should contain LoadModule snmpcommon_module modules/libsnmpcommon.so LoadModule snmpagt_module modules/libsnmpmonagt.so.

httpd,tomcat6,tomcat7

1364453 - Socked bind failed on link-local [IPV6]

Attempting to use a link-local scoped ipv6 address yields an exception and prevents httpd from binding to the address. Regarding httpd and since the upstream bug https://bz.apache.org/bugzilla/show_bug.cgi?id=59396 is not fixed, the only way is to use a link-local scoped IPv6 address. Define the address along with scope ID or the link-local scoped interface, and followed by the port number without using brackets. For example, Listen fe80::4eeb:42ff:fedb:9dbd%3:80.

On Tomcat, to use a link-local scoped IPv6 address, the workaround is to specify the scope ID along with the address in the address section. For example, address="fe80::124a:7dff:fea1:22be%3".

1363653 - Tomcat security manager Error [EWS-2.1.1]

While using Tomcat 7 and jdk 1.6 with security manager, the Tomcat catalina log includes the java.security.AccessControlException: access denied after it is started. You can ignore this error message.

mod_jk

900273 - mod_jk is unable to handle space after equal '=' sign in uriworkermap.properties where worker name includes a hyphen '-'

In JBoss Enterprise Web Server, when a worker name includes the - character and a space is added after the = character in the uriworkermaps.properties file, the following error appears in the mod_jk logs:

[25736:139832971024352] [error] uri_worker_map_ext::jk_uri_worker_map.c (506): Could not find worker with name jk-stauus in uri map post processing. [25736:139832971024352] [error] uri_worker_map_ext::jk_uri_worker_map.c (506): Could not find worker with name jk-stauus in uri map post processing.

This is a known issue in JBoss Enterprise Web Server 3.0. A workaround for this issue is to remove the space after the = sign. Therefore, /jk-status|/* = jk-status is changed to /jk-status|/* =jk-status.

mod_cluster

1340955 - A VirtualHost's ProxyTimeout or Timeout does not always properly override global Timeout

With a shorter global Timeout and a longer ProxyTimeout specified in the VirtualHost, the VirtualHost's ProxyTimeout does not always take precedence.

1338645 - MODCLUSTER000022: Failed to drain n remaining pending requests