Red Hat JBoss Web Server 5.4 Release Notes

Red Hat JBoss Web Server 5.4

For Use with the Red Hat JBoss Web Server 5.4

Red Hat Customer Content Services

Abstract

These release notes contain important information related to the Red Hat JBoss Web Server 5.4.

Chapter 1. RedHat JBoss Web Server 5.4

Welcome to the Red Hat JBoss Web Server version 5.4 release.

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It consists of an application server (Apache Tomcat Servlet container), and the Tomcat Native Library. A short description of key components is given below:

  • Apache tomcat: a servlet container in accordance with the Java Servlet Specification. JBoss Web Server contains Apache Tomcat 9.
  • Apache tomcat native library: a Tomcat library, which improves Tomcat scalability, performance, and integration with native server technologies.
  • tomcat-vault: an extension for the JBoss Web Server used for securely storing passwords and other sensitive information used by a JBoss Web Server.
  • mod_cluster library: a library that allows communication between Apache Tomcat and the Apache HTTP Server’s mod_proxy_cluster module. This allows the Apache HTTP Server to be used as a load balancer for JBoss Web Server. For information on the configuration of mod_cluster, or for information on the installation and configuration of the alternative load balancers mod_jk and mod_proxy, see the HTTP Connectors and Load Balancing Guide.
  • Apache portable runtime(APR): A runtime which provides superior scalability, performance, and improved integration with native server technologies. APR is a highly portable library that is at the heart of Apache HTTP Server 2.x. It enables access to advanced IO functionality (for example: sendfile, epoll and OpenSSL), Operating System level functionality (for example: random number generation and system status), and native process handling (shared memory, NT pipes and Unix sockets).
  • OpenSSL: A software library which implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a basic cryptographic library.

This release of JBoss Web Server focuses on syncing JWS with the latest Apache HTTPD JBoss Core Services, as well as fixing some security issues. In addition, it also provides new OpenShift images based on Red Hat Enterprise Linux 8.

Chapter 2. Installing the Red Hat JBoss Web Server 5.4

The JBoss Web Server 5.4 can be installed using one of the following sections of the installation guide:

Chapter 3. OS/JVM Certifications

Operating SystemChipset ArchitectureJava Virtual Machine

Red Hat Enterprise Linux 8

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, OracleJDK 11

Red Hat Enterprise Linux 7

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11, IBM JDK 1.8.x

Red Hat Enterpries Linux 6

x86_64, x86

Red Hat OpenJDK 1.8.x, Oracle JDK 1.8.x, Oracle JDK 11(x86_64 Only), IBM JDK 1.8.x

Microsoft Windows 2019 Server

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11

Microsoft Windows 2016 Server

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11

Microsoft Windows 2012 Server R2

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11

Chapter 4. Security Fixes

This update includes fixes for the following security related issues:

IDImpactSummary

CVE-2020-11996

Moderate

tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS [jws-5]

CVE-2020-13934

Important

tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS [jws-5]

CVE-2020-13935

Important

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS [jws-5]

Chapter 5. Resolved issues

IssueDescription

JWS-843

QE perl script causes IllegalArgumentException

JWS-1050

windows text files have linux-like lines ends

JWS-1148

Windows 2019 Server Support

JWS-1162

Update Maven Repository Zip to Standardized Maven Repository Specification

JWS-1445

[ASF BZ 63765] NIO2 connector with OpenSSL 1.1.1 hangs with TLSv1.3

JWS-1466

Upgrade mod_cluster to version 1.4.2.Final

JWS-1469

Upgrade Hibernate to version 5.3.16.Final from EAP 7.3

JWS-1471

Upgrade jboss-logging to version 3.4.1.Final from EAP 7.3

JWS-1494

Vault Keystore Management Validation

JWS-1600

Use https URLs in maven poms

JWS-1610

Rebase tomcat on version 9.0.36

JWS-1611

Upgrade Apache CXF to version 3.3.5 from EAP 7.3

JWS-1612

Update to the latest JBCS version

JWS-1623

Update JWS 5 base layer to UBI8 with OpenJDK8

JWS-1624

Update JWS 5 base layer to UBI8 with OpenJDK11

JWS-1631

Upgrade tomcat-native to 1.2.25

JWS-1636

Native APR connector behavior changing between 5.2 and 5.3

JWS-1712

Upgrade/Rebase components for the release 5.4

JWS-1713

Updating JWS Image Base Layer to UBI8 Image with flavours of OpenJDK

JWS-1739

unable to make tomcat9/jws5 FIPS-compliant with NSS

JWS-1825

OpenShift image docs refers to /opt/webserver/webapps/ when the path is /opt/jws-<version>/tomcat/

JWS-1826

OpenShift Image docs contains outdated examples.

JWS-1827

OpenShift Image docs should explain how to add stuff to our images using docker.

JWS-1828

o.a.c.valves.HealthCheckValve returns 404 incorrectly

JWS-1829

OpenShift Image contains /manager webapp and jmxproxy health checks [remove the manager webapp]

JWS-1854

JWS 5.4 will not provide database templates for UBI8 images

JWS-1856

Certify JBoss Web Server on OCP 4.6

JWS-1859

Update JWS OpenShift documentation

JWS-1884

Remove Supported Configs from documentation

Chapter 6. Known issues

IssueDescription

JWS-1740

Warning thrown after loading persisted configuration

JWS-1857

Documentation doesn’t match changed behaviour of HealthCheckValve

Chapter 7. Components included in Red Hat JBoss Web Server 5.4

ComponentVersion

Apache CXF

3.3.5

Apache Tomcat

9.0.36

ECJ

4.12.0

Hibernate

5.3.16.Final

JBoss logging

3.4.1.Final

libapr

1.6.3

mod_cluster

1.4.2.Final

OpenSSL

1.1.1c

Tomcat-Native

1.2.25

Tomcat-Vault

1.1.8.Final

Legal Notice

Copyright © 2020 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.