Red Hat JBoss Web Server 3.1 Service Pack 4 release notes

Red Hat JBoss Web Server 3.1

For Use with the Red Hat JBoss Web Server 3.1

Red Hat Customer Content Services

Abstract

These release notes contain important information related to the Red Hat JBoss Web Server 3.1 Service Pack 4.

Welcome to the Red Hat JBoss Web Server version 3.1 Service Pack 4 release.

The JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It consists of:

  • Apache Tomcat: a servlet container in accordance with the Java Servlet Specification. JBoss Web Server contains Apache Tomcat 7 and Apache Tomcat 8.
  • The Apache Tomcat Native Library: a Tomcat library, which improves Tomcat scalability, performance, and integration with native server technologies.
  • The tomcat-vault: an extension for the JBoss Web Server used for securely storing passwords and other sensitive information used by a JBoss Web Server.
  • The mod_cluster library: a library that allows communication between Apache Tomcat and the Apache HTTP Server’s mod_proxy_cluster module. This allows the Apache HTTP Server to be used as a load balancer for JBoss Web Server.

Red Hat JBoss Web Server Service Pack 4

Service packs for Red Hat JBoss Web Server are produced when a set of critical bug fixes and/or security patches are required before a new full release.

These service pack releases reduce the number of individual patches that we produce and enable customers to keep up to date.

This update includes all fixes and changes from Red Hat JBoss Web Server 3.1 Service Pack 3.

Note

From Red Hat JBoss Web Server 3.1 Service Pack 2, all the configuration files that were changed in the patch are appended by the suffix .zipnew to avoid overwriting existing configuration files.

If the new or changed properties or configuration options are applicable to you, you will need to manually add or define them in their respective property or configuration file.

Installing the Red Hat JBoss Web Server 3.1

The JBoss Web Server 3.1 can be installed using one of the following sections of the installation guide:

Upgrading Red Hat JBoss Web Server using this Service Pack

To install this service pack:

  1. Download the Red Hat JBoss Web Server 3.1 Service Pack 4 file (.zip format) appropriate to your platform using the download link here (subscription required).
  2. Extract the .zip file to the Red Hat JBoss Web Server installation directory.

For Red Hat Enterprise Linux users who have installed Red Hat JBoss Web Server from RPM packages, can upgrade to the latest service pack using yum:

# yum upgrade

Security Fixes

This update includes fixes for the following security related issues:

IDImpactSummary

CVE-2018-8014

Moderate

tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins

CVE-2018-8019

Moderate

tomcat-native: Mishandled OCSP invalid response

CVE-2018-8020

Important

tomcat-native: Mishandled OCSP responses can allow clients to authenticate with revoked certificates

Resolved issues

See the JBoss Developer bug tracking software for a list of the resolved issues for Red Hat JBoss Web Server 3.1 Service Pack 4.

Known issues

See the JBoss Developer bug tracking software for a list of the known issues for Red Hat JBoss Web Server 3.1 Service Pack 4.

Upgraded components

This service pack includes upgraded versions of the following packages:

ComponentVersionComment

Apache Tomcat 7

7.0.70

Servlet container

Apache Tomcat 8

8.0.36

Servlet container

libapr

1.6.3

Apache Portable Runtime

OpenSSL

1.0.2n

Crypto libraries and openssl executable tool

tomcat-native

1.2.17

native implementation of Tomcat connectors