Sun Java System Web Server 6.1 SP12/SP13 Release Notes

Issues Resolved in 6.1 SP5

The following table lists the issues resolved in Web Server 6.1 SP5.

Table 25 Issues Resolved in Web Server 6.1 SP5

Issue ID 

Description 

6322443 

NSFC buffer size should be configurable (64-Bit). 

Additional Information: Use the new BufferSize nsfc.conf directive to configure the size of the buffer used to transmit file contents on cache misses. The following directive can be added to nsfc.conf to increase the buffer size from its default of 8192 bytes to 16384 bytes: BufferSize=16384

Larger buffer size might result in improved throughput at the cost of increased latency and memory utilization. 

6234284 

JES3 Web Server installation fails or core dumps if the Administration password contain shell meta characters such as ;, $, &, ^, *. (. ), |, <, >, ', `,”, \, and so on in the Administration password. 

6232465 

Include -N linker option for HP-UX web server builds.

6171389 

Input filter is called only for the first HTTP request when using Keep-Alive. All subsequent requests of the TCP connection are not being processed by the filter.

6195820 

Global resources are not available to load-on-startup Servlets. 

5042600 

Unable to migrate Web Server 6.0 SP7 instance to Web Server 6.1 SP2. 

6244615 

Web Server migration should correctly update RootCerts.

6219618 

JES Web Server 6.1 SP2 failed to index PDF version 1.5 (Acrobat 6.x) document for creating Search Collection.

6239342 

Cross-site scripting vulnerability in a default error page. 

4879994 

SSL: Data larger than 8k is huge when the request triggers new SSL handshake. 

Additional Information: By default, web server can upload files of sizes up to 1 MB (when client certificate authentication is optional). To upload files larger than 1 MB, increase SSLClientAuthDataLimit in the magnus.conf file. In case of simultaneous uploading of very large files, web server uses large amount of memory. To minimize memory utilization do any of the following actions:

  • If authentication is not required, turn off authentication.

  • If authentication is required, make it mandatory by setting require=1 in the obj.conf.

PathCheck fn="get-client-cert" dorequest="1" require="1"

6229472 

.htaccess directive is broken.

6170938 

acceptlanguage does not work for User Document Directories.

6180991 

Internal-Daemon Log Rotation does not work for files larger than 2 GB. 

6254121 

.htaccess fails to protect resources that do not have a corresponding file.

6185904 

New NSS error codes are not being handled properly. 

6262885 

Switching from HTTPS to HTTP causes generation of new session. 

Additional Information: Set the isSecure attribute of the session cookie for the web application under the cookie-properties to either true or false in the web application's sun-web.xml. The default value is true.

In the following example, isSecure is set to false for the web application by setting the parameter value to false.


<session-config>
    <cookie-properties>
      <property name="isSecure" value="false">
    </cookie-properties>
</session-config>

6222728 

SNMP services fail in Web Server 6.1 SP2/SP3 on the Windows 2000 platform. 

6273472 

Web Server 6.1 SP4 uninstall script displays an error message – `No such file or directory'. 

6259257 

Some PDF files fail to be indexed by the search engine. 

6253489 

Using JSP and several includes within the JSP throws ClassCastException in the ApplicationDispatcher.

6285847 

Requests with double Content-Length header should get rejected (HRS vulnerability).

Workaround: Add the StrictHttpHeaders directive in magnus.conf and set its value to on.

6275413 

Incorrectly configured home-page SAF crashes server. 

6313832 

Existing 32-bit plug-ins cannot be used with the 64-bit release. Attempting to load a 32-bit plug-in using the 64-bit Web Server release will result in an error message such as the following: 

Sun ONE Web Server 6.1SP5 (64-Bit) B10/28/2005 09:00

failure: CORE3170: Configuration initialization failed: Error running init function load-modules: dlopen of plugin.so failed (ld.so.1: webservd: fatal: plugin.so: wrong ELF class: ELFCLASS32)

The Web Server 6.1 SP5 (64-Bit) release introduces support for sparcv9.