Red Hat JBoss Web Server 5.5 Service pack 1 Release Notes

Red Hat JBoss Web Server 5.5

For Use with the Red Hat JBoss Web Server 5.5

Red Hat Customer Content Services

Abstract

These release notes contain important information related to the Red Hat JBoss Web Server 5.5 Service Pack 1.

Chapter 1. RedHat JBoss Web Server 5.5 Service Pack 1

Welcome to the Red Hat JBoss Web Server version 5.5 Service Pack 1 release.

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It consists of an application server (Apache Tomcat Servlet container) and the Tomcat Native Library. A short description of key components is given below:

  • Apache tomcat: A servlet container in accordance with the Java Servlet Specification. JBoss Web Server contains Apache Tomcat 9.
  • Apache tomcat native library: A Tomcat library that improves Tomcat scalability, performance, and integration with native server technologies.
  • tomcat-vault: An extension for the JBoss Web Server used for securely storing passwords and other sensitive information used by a JBoss Web Server.
  • mod_cluster library: A library that allows communication between Apache Tomcat and the Apache HTTP Server’s mod_proxy_cluster module. This allows the Apache HTTP Server to be used as a load balancer for JBoss Web Server. For information on the configuration of mod_cluster, or for information on the installation and configuration of the alternative load balancers mod_jk and mod_proxy, see the HTTP Connectors and Load Balancing Guide.
  • Apache portable runtime(APR): A runtime that provides superior scalability, performance, and improved integration with native server technologies. APR is a highly portable library that is at the heart of Apache HTTP Server 2.x. It enables access to advanced IO functionality (for example: sendfile, epoll and OpenSSL), Operating System level functionality (for example: random number generation and system status), and native process handling (shared memory, NT pipes and Unix sockets).
  • OpenSSL: A software library that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a basic cryptographic library.

This release of JBoss Web Server covers a major security update.

Red Hat JBoss Web Server 5.5 OpenShift images based on Red Hat Enterprise Linux 7 are no longer provided with this release. Red Hat JBoss Web Server 5.5 images based on Red Hat Enterprise Linux 8 are provided with this release.

Chapter 2. Installing the Red Hat JBoss Web Server 5.5

The JBoss Web Server 5.5 can be installed using one of the following sections of the installation guide:

Chapter 3. Upgrading Red Hat JBoss Web Server using this Service Pack

To install this service pack:

  1. Download the Red Hat JBoss Web Server 5.5 Service Pack 1 file (.zip format) appropriate to your platform using the download link here (subscription required).
  2. Extract the .zip file to the Red Hat JBoss Web Server installation directory.

If you have installed Red Hat JBoss Web Server from RPM packages on Red Hat Enterprise Linux, you can use the following yum command to upgrade to the latest service pack: 

# yum upgrade

Chapter 4. OS/JVM Certifications

Operating SystemChipset ArchitectureJava Virtual Machine

Red Hat Enterprise Linux 8

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, OracleJDK 11

Red Hat Enterprise Linux 7

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11, IBM JDK 1.8.x

Microsoft Windows 2019 Server

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11

Microsoft Windows 2016 Server

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11

Microsoft Windows 2012 Server R2

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11

Chapter 5. Security Fixes

This update includes fixes for the following security related issues:

IDImpactSummary

CVE-2021-41079

Important

tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine

Chapter 6. Resolved issues

There are no resolved issues for this release.

Chapter 7. Known issues

There are no known issues for this release.

Chapter 8. Components included in Red Hat JBoss Web Server 5.5

Red Hat JBoss Web Server 5.5 Service Pack 1 includes the following components:

ComponentVersion

Apache CXF

3.3.5

Apache Tomcat

9.0.43

ECJ

4.12.0

Hibernate

5.3.20.Final

JBoss logging

3.4.1.Final

libapr

1.6.3

mod_cluster

1.4.3.Final

OpenSSL

1.1.1g

Tomcat-Native

1.2.26

Tomcat-Vault

1.1.8.Final

Legal Notice

Copyright © 2021 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.