-
Language:
English
-
Language:
English
Red Hat JBoss Web Server 5.2 Release Notes
For Use with the Red Hat JBoss Web Server 5.2
Abstract
Chapter 1. RedHat JBoss Web Server 5.2
Welcome to the Red Hat JBoss Web Server version 5.2 release.
JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It consists of:
- Apache Tomcat: a servlet container in accordance with the Java Servlet Specification. JBoss Web Server contains Apache Tomcat 9.
- The Apache Tomcat Native Library: a Tomcat library, which improves Tomcat scalability, performance, and integration with native server technologies.
- The tomcat-vault extension: an extension for the JBoss Web Server used for securely storing passwords and other sensitive information used by a JBoss Web Server.
- The mod_cluster library: a library that allows communication between Apache Tomcat and the Apache HTTP Server’s mod_proxy_cluster module. This allows the Apache HTTP Server to be used as a load balancer for JBoss Web Server.
This release of JBoss Web Server covers several quality of life updates. They are listed below:
New string values are used for Tomcat identification:
- 'Server version' → 'Server version name'
- 'Server number' → 'Server version number'
-
SSI Directives no longer work if one attempts to configure SSI via filter. To configure SSI Directives, you must uncomment the following block of code located in the
tomcat/conf/web.xml
folder:
<!-- <mime-mapping> <extension>shtml</extension> <mime-type>text/x-server-parsed-html</mime-type> </mime-mapping> -->
For full information on SSI Directives see The Apache Tomcat documentation on SSI Directives
- Support for JSVC was dropped
In place of JSVC it is recommended that users run the system daemon scripts provided in the installation guide. These scripts will cover the functionality provided by JSVC, with the exception of running ports on < 1024. A link to the installation guide containing the daemon scripts is provided in chapter 2 of these release notes.
Chapter 2. Installing the Red Hat JBoss Web Server 5.2
The JBoss Web Server 5.2 can be installed using one of the following sections of the installation guide:
Chapter 3. OS/JVM Certifications
Operating System | Chipset Architecture | Java Virtual Machine |
---|---|---|
Red Hat Enterprise Linux 8 | x86_64 | Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, OracleJDK 11 |
Red Hat Enterprise Linux 7 | x86_64 | Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11, IBM JDK 1.8.x |
Red Hat Enterpries Linux 6 | x86_64, x86 | Red Hat OpenJDK 1.8.x, Oracle JDK 1.8.x, Oracle JDK 11(x86_64 Only), IBM JDK 1.8.x |
Microsoft Windows 2016 Server | x86_64 | Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11 |
Microsoft Windows 2012 Server R2 | x86_64 | Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11 |
Chapter 4. Security Fixes
This update includes fixes for the following security related issues:
ID | Impact | Summary |
---|---|---|
Moderate | openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) | |
Important | tomcat: Apache Tomcat HTTP/2 DoS | |
Low | XSS in SSI printenv | |
Important | tomcat: Remote Code Execution on Windows | |
Moderate | openssl: 0-byte record padding oracle | |
Moderate | tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 |
Chapter 5. Resolved issues
Issue | Description |
---|---|
JWS-1019 | Enhance the SELinux postinstall script |
JWS-1021 | Systemd service unit can’t start due to SELinux denial |
JWS-1297 | [ASF BZ 62899] Async servlet over HTTP/2 on embedded server sporadically timeout forever when reading near end of request |
JWS-1298 | TLS 1.0 and OpenSSL 1.1.1 hangs in OpenSSLEngine |
JWS-1316 | "-Djava.library.path" can not be set manually due to hard coding as -Djava.library.path=$_NATIVE_LIBDIR" |
JWS-1355 | ALPN failure with JSSE on OpenJDK 11 |
JWS-1361 | [RFE] Asking for "tomcat_can_network_connect_db" boolean |
JWS-1363 | JWS5 Zip install runs with unconfined SELinux |
JWS-1373 | [ASF BZ 62263] NPE when using RemoteIpValve |
JWS-1401 | Tomcat frequently hangs at startup when Jolokia loads certificate [jws-5] |
JWS-1403 | Update all of the StringManager references back to the original class reference and add the call to getPackage().getName() so that the inits are able to find LocalStrings.properties in the correct packages |
JWS-1405 | JWS 5 docs mention Tomcat 7/8 instead of 9 |
JWS-1430 | RPM shutdown throws warnings with Java 11 |
JWS-1454 | SELinux denied errors on start up |
JWS-1457 | Windows package name fix (win6-x86_64.zip vs win6.x86_64.zip) |
Chapter 6. Known issues
Issue | Description |
---|---|
JWS-1459 | Tomcat Embedded with Apache CXF is not Java 11 ready |
Chapter 7. Components included in Red Hat JBoss Web Server 5.2
Component | Version |
---|---|
Apache CXF | 3.2.7 |
Apache Tomcat 9 | 9.0.21 |
ECJ | 4.12.0 |
Hibernate | 5.3.10 |
JBoss logging | 3.3.2 |
libapr | 1.6.3 |
mod_cluster | 1.4.1.Final |
OpenSSL | 1.1.1 |
Tomcat-Native | 1.2.21 |
Tomcat-Vault | 1.1.8.Final |