3. Changes and Resolved Issues
- 1182341 - httpd22 service is not enabling the right MPM
- Prior to JBoss Web Server 2.1.1, it was not possible to use the worker MPM. This is because the systemd unit explicitly called the httpd prefork binary. This is resolved by updating the systemd unit so that it uses the HTTPD variable defined in the sysconfig file, or prefork, by default.
- 1292824 - httpd22: rpm scripts act on httpd.service rather than httpd22.service
httpd22package for EL7 provides a service file named
httpd22.service. The rpm scripts are now updated to use that name and not to use
- 1342073 - Upgrade openssl from 0.9.8 to 1.0.2h
- Added support of TLSv1.2 and new ciphers. This is because openssl 0.9.8 is end of life and no longer supported. SSLv2 and SSLv3 and some unsafe ciphers have been removed.
- 1358118 CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [jbews-2.1.0]
- 1338646 CVE-2016-3110 CVE-2016-3110 mod_cluster: remotely Segfault Apache http server
- 1337151 CVE-2016-2105 CVE-2016-2105 openssl: EVP_EncodeUpdate overflow [jbews-2.1.0]
- 1337155 CVE-2016-2106 CVE-2016-2106 openssl: EVP_EncryptUpdate overflow [jbews-2.1.0]
- 1182872 CVE-2014-3570 CVE-2014-3570 CVE-2015-0204 openssl: various flaws [jbews-2.1.0]
- 1305629 CVE-2014-0226 httpd: changelog typo for previous release notes relative to CVE-2014-0226
- 1219591 - /var/run/httpd22 file is deleted after reboot
- Prior to EWS 2.1.1, when a rhel-7 server reboots the
/var/run/httpd22file was deleted and it was not possible to start the httpd22 service again. This was resolved by adding the directory to the system’s
tmpfiles.dconfiguration so that the system recreates the directory after every reboot.
- 1305580 - httpd supplied jb-ews-2-for-rhel-6-server-rpms deplist is missing apr-util-ldap
- Included a sub-package that contains the ldap dependency.
apr-util-ldapis in an optional RHEL7 channel, therefore the new sub-package is added, customers using ldap authentication need to install it with the dependency.
- 1251796 - Need 2048-bit DH support for JWS HTTPD
- OpenSSL is updated to version 1.0.2h allowing to append newly generated DH_PARAM key to default certification file localhost.crt.After installing httpd and running
.postinstallscript use few more commands to extend default certification file if needed. Run
opensslprovided by zip/rpm package with
/openssl dhparam -out dh_2048.pem 2048for generating
DH_PARAMwith 2048-bit key. Append the content of
httpd/conf.d/ssl.confshould show the destination of file. Now, start the httpd server.The server starts with extended Server Temp Key: DH, 2048 bits. You can verify it by running
/openssl s_client -connect localhost:443 -cipher DHE-RSA-AES256-GCM-SHA384.
- 1342071 - Upgrade mod_jk to 1.2.41
- Previously in JBoss Enterprise Web Server, an outdated version of mod_jk was included in the product. This is now fixed in JBoss Enterprise Web Server 2.1 by including mod_jk version 1.2.41, which incorporates the required miscellaneous bug fixes into the product.
- 1309598 - ProxyErrorOverride On disables workers when a 50x error code is returned by the backend server
- When a VirtualHost uses ProxyPass to proxy traffic, the backend uses ProxyErrorOverride to host custom error pages on the Apache httpd side. When the backend replies with a 50x error code mod_proxy/mod_cluster marks that worker as down, breaking the session stickiness. This issue is fixed.
- 1339966 - upgrade mod_cluster native to 1.2.13.Final
- Previously in JBoss Enterprise Web Server, an outdated version of mod_jk was included in the product. This is now fixed in JBoss Enterprise Web Server 2.1 by including mod_jk version 1.2.41 is included which incorporates the required miscellaneous bug fixes into the product.
- 1342074 - Upgrade mod_cluster from 1.2.12.Final to 1.2.13.Final
- Previously in JBoss Enterprise Web Server, an outdated version of mod_cluster was included in the product. This is now fixed in JBoss Enterprise Web Server 2.1 by including mod_cluster version 1.2.13 is included, which incorporates the required miscellaneous bug fixes into the product.
- 1328231 - mod_jk Segmentation fault when trying to resolve unknown host
- 1338642 - mod_cluster undersizes the connection pool
- The connection pool was undersized causing the ping to fail when all connections of the pool were used. Causing the following error message: [error] (70007)The timeout specified has expired: proxy: ajp: failed to acquire connection for …This is fixed to increase the connection to ThreadsPerChild+1.
- 1340958 - UpperCase Alias never matches any context
- The worker virtual host aliases were treated as case-sensitive. So, one FQDN used as an alias, typed once upper case and once lower case were treated as two different aliases. This issue is fixed in this release. All aliases are converted to lower case. For example, EXAMPLE.COM or example.com, alias is handled as the same alias.
- 1338644 - Add JVMRoute or node identifier to httpd/mod_cluster errors
- Mod_cluster error messages used to state merely the fact that an error occurred. With this patch, the offending worker’s JVMRoute is printed in the log so as it is easier for user to determine the cause of the problem.
- 1338641 - StickySessions does not work for ProxyPass from unenabled context
- The StickySessions works for ProxyPass from unenabled context. This has been fixed in this release.