Sun Java System Web Server 6.1 SP12/SP13 Release Notes

Issues Resolved in Previous Web Server 6.1 Releases

This section lists the most important issues fixed in previous Web Server 6.1 releases:

Issues Resolved in 6.1 SP12

The following table lists the issues resolved in Web Server 6.1 SP12.

Table 18 Issues Resolved in Web Server 6.1 SP12

Issue ID 

Description 

6898371 

Severe TLS/SSL protocol vulnerability will require NSS upgrade. 

6916391 

Digest authentication buffer overflows. 

6916392 

If TRACE method contains request headers names with a single character and no value (like "A:"), then buffer overflows. 

6916390 

Web Server crashes due WebDav format string. 

6860680 

Appending "::$DATA" to the file extension discloses the contents of JSP page.

6869988 

Web Server 6.1 should bundle JDK6 rather than JDK5, wherever JDK is bundled.

6774064 

Web Server should use NSS 3.12.5.0. 

6882816 

Web Server 6.1 SP 11 Reverse Proxy Plugin retries POST requests without POST entity bodies. 

6917879 

TRACE request with empty header names causes malformed responses. 

6387189 

Java Logging issues in a deployed module 

6837931 


HTTP4352: zlib internal error. Return code from zlib is -5

Incomplete bug fix of 6358858 in Web Server 6.1 shows the above error. 

6214575 

Web Server should not show the dialog for authentication when all access right is denied. 

6372223 

Web Server 6.1SP5 Point Product can not open "Release Notes" from [Start]->[Sun ONE Web Server]->[Release Notes] 

6857848 

When a user tries to configure the ACL with Firefox, the submit button is not displayed. As a result, user cannot configure the ACL with Firefox. 

Issues Resolved in 6.1 SP11

The following table lists the issues resolved in Web Server 6.1 SP11.

Table 19 Issues Resolved in Web Server 6.1 SP11

Issue ID 

Description 

6748621 

Admin server's GUI index cgi file crashes, when an incorrect or nonexistent dtd file is referenced in the conf_bk/server.xml file.

4917844 

Admin server should allow selection of hashing algorithm while signing CSR. 

6795558 

Web Server 6.1 fails to start with a particular configuration.  

6754095 

Reverse Proxy Plugin runs querystring Javascript POPUP when 502 Gateway error occurs, leading to a potential XSS vulnerability.  

6571031 

Reverse Proxy Plugin should abort processing after the client write() fails with EPIPE.

6659522 

Search functionality returns unexpected results if the search string contains a hyphen. 

6633181 

Java Exception is observed in web error logs as SimpleDateFormat is not synchronized properly in web code.

6707244 

A 'race condition' occurs in the JVM while deploying a web application that contains a logger.  

6767285 

reuseSessionID does not work with IWSSessionManager, but works with StandardManager.

6815821 

Server throws the following error during startup.  

javax.naming.NamingException: WEB3886: Context is read only

6781962 

The Web Server 6.1 favicon appears distorted on Internet Explorer 7. 

Issues Resolved in 6.1 SP10

The following table lists the issues resolved in Web Server 6.1 SP10.

Table 20 Issues Resolved in Web Server 6.1 SP10

Issue ID 

Description 

6608135 

Search fails with an error, when html document has a title containing characters like A & B. 

6684388 

At present, Web Server 6.1 bundles JDK 1.4.2 on Solaris, Windows, and Linux platforms. Due to End of Licence (EOL) of JDK 1.4.2, the bundled JDK has to be upgraded to the latest JDK 1.5.x. 

6705396 

Admin security program will not work after you apply the latest patch 116648-21 for Web Server 6.1SP9, if you do not apply NSS patch 119209-17 first.  

6699747 

Searched string is not highlighted in the search result page, if indexed document does not have a title. 

6715380 

Integrate the latest NSS/NSPR version into Web Server 6.1 SP10. 

6673647 

The scheduler based cron log rotation of Web Server 6.1 stops on Saturday night. 

6714929 

SNMP is broken with default tcp_hiwat setting on Solaris 10. 

6702639 

When you disable .htaccess in one virtual class, the other virtual class with .htaccess will also fail. 

6679398 

When a browser requests gzip compressed result, and when the response is sent through servlet-cache-filter, the response header does not indicate that the data was compressed (although the data was compressed), causing browsers to fail.  

6537458 

ACL evaluation when using Client tags is different depending on the order of requests. 

6671965 

The filter 'http-compression' used to compress outgoing content lacks documentation in Web Server 6.1, Administrator's Configuration File Reference Guide.  

6606392 

filebuf_open_nostat () behaves different for Unix and Windows. On Windows, filebuf_open_nostat () is broken, if file size is zero, while it works on Unix.  

6729600 

Upgrading to Web Server 6.1 SP10 fails to update searchadmin script for nutch filter related details. 

Issues Resolved in 6.1 SP9

The following table lists the issues resolved in Web Server 6.1 SP9.

Table 21 Issues Resolved in Web Server 6.1 SP9

Issue ID 

Description 

6295325 

The Web server should implement a timeout parameter for it's LDAP connections pool. 

When using LDAP Authentication, the web server does not respond, if the LDAP server is unresponsive when performing ldapsession bind and ldap search. Setting the timeout value in seconds in server_root/userdb/dbswitch.conf file will stop the web server being unresponsive and also stops waiting for the LDAP server. By default there is no timeout.

Sample dbswitch.conf:

default:binddn cn=Directory Manager
default:encoded bindpw YWRtaW5hZG1pbg==
default:timeout 60

6370259 

FastCGI does not shutdown properly. 

6442778 

The setContentLength(0) in a servlet/JSP does not work when value is greater than 0.

6471213 

Improper error messages are displayed at time out. 

6504581 

Memory leak in LDAP Session due to ldap_result().

6509590 

Log level does not display the appropriate message. 

6510001 

The session-timeout value in web.xml is not getting precedence over sun-web.xml's timeout value.

6540788 

Unable to install SSL server certificate with 99 years of validity. 

6540817 

Web Server 6.1 is not supported for Windows 2003 SP2 and R2, 

6542731 

Unable to run Web Server 6.1 scheduler in Java ES 4.

6553963 

A particular PDF files are not recognized by the search engine. 

6563615 

Web server uses anonymous bind to a Secure LDAP Server when setting up distributed Admin.  

6579852 

Web server installation contains optimized and debug binaries of JDK. 

6581407 

The Restricting Access to a File Type feature does not change the appropriate obj.conf file.

6590893 

Web server stand alone bits should recognize if it is being used for an upgrade from a Java ES installed web server and should provide a warning message to the user. 

6591471 

Server shutdown message is missing in errorlog file when Java is disabled globally.

6592886 

Negative number is displayed in QueueSize of JDBC pool monitor.

6598092 

Forwarding through RequestDispatcher fails for the first time when using the invoker servlet.

6603070 

Incorrect handling of cookie value with single or double quote string. 

6603088 

Crash in LDAP search . 

6609457 

Post install script of web server does not handle the ABE case properly. 

6620677 

The start script does not calculate the right value for libmtmalloc to load in Solaris 9

6628376 

The scheduler.pid file should be removed when the scheduler is stopped.

6628914 

Removal of Sun Studio 10 from the /usr/dist/share directory causes build failure on Solaris Sparc 8,9 and 10.

6630037 

The Cron log rotation creates invalid log archives with an instance name and sub string of another instance name. 

6638185 

Cross-site scripting vulnerability in search. 

6643558 

Need to provide the correct description and example for the client-ip tag.

6647151 

Cross-site scripting vulnerability in advance search. 

6619655 

Reverse Proxy Plug-in documentation should state that Application Server is supported. 

6514004 

Steps to disable HTTP PUT and DELETE is not documented. 

6582644 

Description on to use the new timeout parameter for LDAP Authentication should be put into the release notes. 

6663921 

Web server start script does not return the prompt mode after starting the server on AIX. For more information, see AIX 5.3 Technology Level 6 SP5 Patches and AIX 5.3 Technology Level 7 SP2 Patches.

6667638 

Provide correct JDK version in the installation guide, which is bundled with the product. 

6435723 

High CPU usage in Reverse Proxy Plugin - DaemonChannel::unchunk() 

Issues Resolved in 6.1 SP8

The following table lists the issues resolved in Web Server 6.1 SP8.

Table 22 Issues Resolved in Web Server 6.1 SP8

Issue ID 

Description 

4737204 

The wdeploy delete command follows symbolic links and deletes directories and its contents pointed by the symbolic link.

6152655 

form-based authentication in a web application causes users to be logged out unexpectedly although the session should still be active.  

6235473 

Need the ability to change the permissions of a directory, which is created using WebDAV. 

6319312 

Fastcgistub dumps core when an instance is stopped after sending request for FastCGI Authorizer application.

6343584 

Web server hangs with threads in a deadlock condition waiting for a lock owned by a NSS thread.  

6379347 

If Access Manager is deployed on the web server, all versions of Web Server 6.1 crash on load.  

6497690 

Need an option to have full URL or relative URL/URI in web server search web application. 

6508015 

getParameterNames() does not return non-parameterized names in query string.

6509623 

(Windows XP and Windows 2003): Unable to open the Web Server 6.1 SP7 release notes by clicking the Start->Programs->Sun ONE Web Server->Release Notes link. 

6513358 

Web server Reverse Proxy Plug-in is not handling chunked data. 

6519021 

The obj.conf file of a new virtual server class generated by the Admin Server contain errors.

6519551 

Issue in the JDBC Connection Pool feature. 

6519839 

Vulnerability with web server redirect functionality. 

6520528 

response.sendRedirect() error if the redirect URL does not begin with a slash (/).

6526460 

LDAP connection failure errors with Web Server 6.1 SP7. 

6531111 

htaccess AuthGroupFile should support empty files as equivalent to not specifying the directive.

6532218 

Web Server 6.1 SP7 crashes in libxerces-c.so on T2000 systems.

6534216 

Update README, version string and license file for Web Server 6.1 SP8. 

6540248 

Web Server 6.1 SP8 to be integrated with NSS 3.11.6 and NSPR 4.6.6. 

6546233 

RPM specification and pkginfo file to be updated with the SP8 release and version number. 

6566204 

UTF-7 cross site scripting vulnerability. 

6567841 

Form authentication bypass and JSP source code disclosure vulnerability. 

6574379 

Web Server 6.1 browser support should include Internet Explorer 7. 

Issues Resolved in 6.1 SP7

The following table lists the issues resolved in Web Server 6.1 SP7.

Table 23 Issues Resolved in Web Server 6.1 SP7

Issue ID 

Description 

4856895 

On UNIX: The watch dog process crashes on multiple CPUs machine during server shut down.  

6158040 

While migrating from 4.1 to 6.1, the JAVA parameters are missing in the server.xml file.

6206179 

Internal log rotation rotates the files twice if the system time is changed between two scheduled rotations. 

6213097 

While migrating from 4.1 to 6.0, ktsearch.jar does not get migrated correctly on JES3.

6276594 

A PUT request sent with the Transfer-encoding:chunked header along with a request body fails.

6292582 

SNMP MIB's "Fraction of process memory in system memory" which is part of iws.mib, gives the wrong results when queried by the SNMP Manager.

6315783 

In the French locale, Online Help links on the Search page lead to English pages.

6348395 

When IWSSessionManager is used, invalidating a session does not call the sessionDestroyed() of HttpSessionListener.

6350502 

Pragma and cache-control headers cause interoperability problems. 

6358858 

zlib library throws an internal error.

6367672 

The restart script fails when MaxProcs is greater than 1(one).

6376035 

Unable to configure the Web Server to successfully run a JSP file that contains a jstl tag.

6376082 

Need to support JNDI simple names for lookup in web applications for compatibility with the Application Server product. 

6380777 

Cannot add pl file suffix for magnus-internal/cgi through the Administration GUI.

6381747 

If a session attribute implements HttpSessionBindingListener, the session expires after the session time-out period regardless of whether the session object is accessed.

6382704 

Administration server monitors the server statistics even if the Monitor Web Server Statistics option is disabled.

6384456 

When a web application attempts to use an object inappropriately, it crashes the web server. 

6384640 

Concurrent restart requests kill the web server processes.  

6388092 

Images stored in the /ns-icons directory are not displayed properly in Internet Explorer.

6388766  

On Windows: treatment of "\", the Japanese backslash mark (Yen) is different when a new CGI shell directory is created or edited. 

6392159 

The restart script fails to restart the web server intermittently, causing the web server to hang. 

6392644 

Incorrect URL in Web Server 6.0 SP10 and Web Server 6.1 SP5 Readme files.  

6400307 

The cluster control functionality of Admin GUI hangs when a variable is added.  

6418529 

The search page content has a mix of both English and other languages.  

6421617 

Problem having server-parsed HTML and .htaccess with the restricted group option.

6426382 

If the value of net_write SAF is three times more that the fragment size of the HTTP compression, a net_flush call does not flush all the data.

6428199 

Search filter fails if the userid of a member belonging to a user group contains "," (comma). 

6428403 

When a Servlet filter appends additional data to a response body generated by core, the server might crash if the size of the additional data is larger than the original response body. 

6429293 

Security vulnerability in Web Server 6.1 sample applications.  

6433752 

The ssl-check function does not work with NSAPI-based plug-in.

6436535 

Server hangs on stop or restart when a connection is in the connection queue.  

6437635 

Issues with revoked client certificates and CRL files under certain conditions. 

6438408 

SNMP process leaks memory with each connection request. 

6439519 

If the ObjectType fn="force-type" directive is removed from the obj.conf file, the server may crash when a request is made for multiple byte ranges.

6441402 

LDAP server configuration fails with Web Server 6.1 SP5 64–bit version. 

6442651 

If the URL to a web application contains URI parameters, it causes recursive redirection. 

6448255 

On Windows: File handle is not released by the webservd process under certain conditions.

6451182 

Web Server 6.1SP6 experiences high CPU in parseParameters().

6455812 

Thread safety problems in the handling of some magnus.conf directives cause certain configurations to crash on startup.

6458771 

watchdog can crash when ./start is executed before ./stop completes.

6465691 

Display error with HTML page in <jsp:include> with tiles.

6471388 

On Windows: Using hidden shared network drives as document directories results in Not Found error.

6473494 

Signature DigestInfo parsing problems in NSS.

6477953  

On Windows: Web Server (stand-alone) modifies the NSPR/NSS bits thereby breaking the FIPS mode.  

6477981 

FIPS140 mode is broken in Web Server (stand-alone) due to missing .chk files.

6478972  

The JDK shipped with Web Server 6.1SP6 is not compatible with 2007 Daylight Saving Time (DST) changes.  

6480026 

Some keep-alive connections do not get closed after the specified time. 

6482272  

SNMP master agent does not send traps when the web server instance's operational status changes. 

6482560  

On HP-UX: Web Server crashes with 1.4.2.09 + and 1.5.0.3+ JVMs. 

6488468 

On HP-UX: Remove the packaged JDK for Web Server. 

6489275 

Web Server 6.1 should be integrated with the latest NSS version for FIPS 140-2 compliancy. 

6494886  

Low-latency/high concurrency mode sometimes does not get switched dynamically. 

6496892  

On AIX: Remove the packaged JDK for Web Server. 

6507264 

When the default log level is set to info, finer log messages are still being printed at server startup.

6508092 

Server startup fails in Web Server 6.1 SP7 on the HP-UX platform when installed through express silent mode. 

6510957 

The pkginfo file in the Solaris and RPM specification files points to the old service pack(SP5).

Issues Resolved in 6.1 SP6

The following table lists the issues resolved in Web Server 6.1 SP6.

Table 24 Issues Resolved in Web Server 6.1 SP6

Issue ID 

Description 

5027774 

WW_umask in the configuration is NULL in Solaris.

6334248 

6397340 

Windows 2003 mapped network drive not readable as a document root directory. 

Additional Information: To use a document root in a shared network resource, a UNC path has to be used, for example, //machine-name/shared-folder-name. A mapped drive letter like X: will not work as document root. You can specify the document root either manually in server.xml or through the Administration GUI by accessing Virtual Server Class->Content Management->Primary Content Directory.

For using a shared directory on UNIX, do the following: 

  1. Install SFU (Windows Services for UNIX) on the Windows machine where Web Server is installed.

  2. Map the Windows users and groups to UNIX users and groups through the SFU user interface shortcut under the Start menu.


    Note –

    While running web server, User Name Mapping Service (which is part of SFU) has to run.


When using a shared directory from another Windows machine, ensure that the password of the Administrator account on both the machines is the same, otherwise the service will not be able to access the network resource. 

Whether the shared directory is on UNIX or Windows, the service representing the instance server has to run as a particular user of Administrators group like ./Administrator rather than running it on the default local system account. Go to Control Panel->Administrative Tools->Services and make the changes in the Properties dialog box.

6384651 

For HP-UX: Web Server sometimes returns the wrong last-modified header and date header. 

6404983 

Searching of Users and Groups through the LDAP server using the Administration GUI fails. 

6316387 

Web Server uses incorrect logic when processing the if-unmodified-since header.

6318003 

Web Server returns the actual content with 412 code for requests that contains if-unmodified-since and range.

6312702 

HttpServletResponse.reset() does not work as expected.

6360180 

Crash in webapps/qa_app/jsp/encodedurlforwarder.

6316881 

Multibyte characters in headers cannot be retrieved by req.getHeader().

Workaround:

By default, request headers are encoded using UTF-8 enc. You can customize request header encoding at the web application level by following these steps:

  1. Set the value of the configuration parameter use-requestenc-for-headers to any value such as yes, true, or on, in the web application's sun-web.xml.

    In the following example, request header encoding is enabled for the web application:

    <sun-web-app>
     <parameter-encoding form-hint-field="j_encoding">
     <property name="use-requestenc-for-headers" value="true" >
     <session-config>
       <session-manager>
     </session-config>
     <jsp-config>
    </sun-web-app>
  2. Set the name of the character encoding in the application (JSP/Servlet) using request.setCharacterEncoding().

6318406 

Redeploying the web application causes ownership changes on files.  

6294743 

Updating JSP search collection creates new tmp files in the converted directory and fills up the disk space.

6197731 

Internal error on accessing Administration Server.  

6316262 

Administration GUI does not reflect the changes made to the access log path. 

6378521 

makefiles need a cleanup in 6.1.

6318200 

Buffer overflows when formatting installer error messages. 

6343584 

Deadlock in keepalive subsystem caused by NSS blocking.

6326965 

Administration password in plain text in a file readable by anyone. 

Workaround: Use either of these two workaround:

  • Delete the file .adminpasswd manually.

  • Change the permissions of the .adminpasswd file to 400.

6356179 

The Administration Server of Web Server 6.1 does not change the id attribute in the USERDB tag.

Additional Information: To change the id attribute in the USERDB tag, use either of these two option:

  • Create one virtual server class file. Use this class file as template to create multiple virtual servers. In this case, most of the configuration defined by VS Class will be inherited by all virtual servers.

  • Create multiple virtual server class files within a server instance (https-localhost). Each of these virtual server class files can contain one or more virtual servers.

6333656 

The MIME type file in Web Server binaries must include the StarOffice/OpenOffice MIME types.  

6342394 

Cron log rotation on Windows can create invalid archive logs with a specific instance name. 

6358851 

SNMP Master and Sub Agent startup fails. 

6336309 

Problem with rewriting the special character `&' in server.xml.

6335483 

Create symbol enabled builds for HP-UX (non-stripped). 

6332442 

Web Server crashes on Linux when Init fn="stats-init" is present in magnus.conf.

4718466 

After importing the 6th key to crypto, Web Server 6.0 displays an error: server not avail.

6340799 

During a stress test on S1WS6.1SP5 SSL on SUSE Linux Enterprise Server 9 SP2, webservd has a memory leak.

6353988 

Cannot set client trust or server trust on some built-in Certificate Authorities (CAs) for Web Server 6.1SP4/SP5. 

6329109 

Web Server 6.1: Lock file conflict for multiple installations running on the same port but with different IP addresses.  

6378545 

While updating a JSP search collection, updating a JSP file fails re-indexing. 

6280778 

PDF files unable to be indexed with Web Server 6.1 search. This error occurs on HP-UX with OS patch PHSS_28871 installed. 

6302377 

Servlet container UTF-8 URI mapping vulnerability. 

6370089 

Integrate NSS 3.11.1 with Web Server 6.1 SP6. 

6285129 

Using % in the jsp:param value fails in some circumstances.

6324034 

Web Server has default limit for upload file size as 10 MB. 

6361485 

htaccess not working in Web Server 6.1 SP5 for User Document Directories.

6350122 

Web Server 6.1SP5 on Windows: Cron-based log rotation fails with garbage characters inside the scheduler.conf file.

6388243 

Installing a CRL on Web Server 6.1SP4 (Windows) adds it to the CKLs section in the Administration GUI. 

6377343 

With NSS 3.11.1, certificates with new critical extensions like PolicyConstraints mentioned in RFC3280 can be imported into the certificate database.

6376634 

The SSL session was not timing out as expected when SSL3SessionTimeout or SSLSessionTimeout was configured to the user-defined value in magnus.conf. NSS 3.11.1 fixed the magnus.conf directives SSL3SessionTimeout and SSLSessionTimeout.

Issues Resolved in 6.1 SP5

The following table lists the issues resolved in Web Server 6.1 SP5.

Table 25 Issues Resolved in Web Server 6.1 SP5

Issue ID 

Description 

6322443 

NSFC buffer size should be configurable (64-Bit). 

Additional Information: Use the new BufferSize nsfc.conf directive to configure the size of the buffer used to transmit file contents on cache misses. The following directive can be added to nsfc.conf to increase the buffer size from its default of 8192 bytes to 16384 bytes: BufferSize=16384

Larger buffer size might result in improved throughput at the cost of increased latency and memory utilization. 

6234284 

JES3 Web Server installation fails or core dumps if the Administration password contain shell meta characters such as ;, $, &, ^, *. (. ), |, <, >, ', `,”, \, and so on in the Administration password. 

6232465 

Include -N linker option for HP-UX web server builds.

6171389 

Input filter is called only for the first HTTP request when using Keep-Alive. All subsequent requests of the TCP connection are not being processed by the filter.

6195820 

Global resources are not available to load-on-startup Servlets. 

5042600 

Unable to migrate Web Server 6.0 SP7 instance to Web Server 6.1 SP2. 

6244615 

Web Server migration should correctly update RootCerts.

6219618 

JES Web Server 6.1 SP2 failed to index PDF version 1.5 (Acrobat 6.x) document for creating Search Collection.

6239342 

Cross-site scripting vulnerability in a default error page. 

4879994 

SSL: Data larger than 8k is huge when the request triggers new SSL handshake. 

Additional Information: By default, web server can upload files of sizes up to 1 MB (when client certificate authentication is optional). To upload files larger than 1 MB, increase SSLClientAuthDataLimit in the magnus.conf file. In case of simultaneous uploading of very large files, web server uses large amount of memory. To minimize memory utilization do any of the following actions:

  • If authentication is not required, turn off authentication.

  • If authentication is required, make it mandatory by setting require=1 in the obj.conf.

PathCheck fn="get-client-cert" dorequest="1" require="1"

6229472 

.htaccess directive is broken.

6170938 

acceptlanguage does not work for User Document Directories.

6180991 

Internal-Daemon Log Rotation does not work for files larger than 2 GB. 

6254121 

.htaccess fails to protect resources that do not have a corresponding file.

6185904 

New NSS error codes are not being handled properly. 

6262885 

Switching from HTTPS to HTTP causes generation of new session. 

Additional Information: Set the isSecure attribute of the session cookie for the web application under the cookie-properties to either true or false in the web application's sun-web.xml. The default value is true.

In the following example, isSecure is set to false for the web application by setting the parameter value to false.


<session-config>
    <cookie-properties>
      <property name="isSecure" value="false">
    </cookie-properties>
</session-config>

6222728 

SNMP services fail in Web Server 6.1 SP2/SP3 on the Windows 2000 platform. 

6273472 

Web Server 6.1 SP4 uninstall script displays an error message – `No such file or directory'. 

6259257 

Some PDF files fail to be indexed by the search engine. 

6253489 

Using JSP and several includes within the JSP throws ClassCastException in the ApplicationDispatcher.

6285847 

Requests with double Content-Length header should get rejected (HRS vulnerability).

Workaround: Add the StrictHttpHeaders directive in magnus.conf and set its value to on.

6275413 

Incorrectly configured home-page SAF crashes server. 

6313832 

Existing 32-bit plug-ins cannot be used with the 64-bit release. Attempting to load a 32-bit plug-in using the 64-bit Web Server release will result in an error message such as the following: 

Sun ONE Web Server 6.1SP5 (64-Bit) B10/28/2005 09:00

failure: CORE3170: Configuration initialization failed: Error running init function load-modules: dlopen of plugin.so failed (ld.so.1: webservd: fatal: plugin.so: wrong ELF class: ELFCLASS32)

The Web Server 6.1 SP5 (64-Bit) release introduces support for sparcv9. 

Issues Resolved in 6.1 SP4

The following table lists the issues resolved in Web Server 6.1 SP4.

Table 26 Issues Resolved in Web Server 6.1 SP4

Issue ID 

Description 

6021153 

Required patch ID 112396-03 does not exist. 

The patch #112396-03 listed as required in earlier release notes was incorrect.  

The correct patch number is 112396-02. 

Solaris users must have the Sun recommended patch cluster installed, available in the Recommended and Security Patches section at http://sunsolve.sun.com.

Solaris 8 (SPARC)

  • Solaris 8 Update 7

  • Sun recommended latest Security and Recommended patch cluster

Solaris 9 (SPARC and x86)

  • Solaris 9 Update 4 or above.

  • Sun recommended latest Security and Recommended patch cluster

6066252 

Client certificates with AKI extension causes SEC_ERROR_UNKNOWN_ISSUER error.

6092498 

Web Server 6.1 fails to validate a client certificate with LDAP if the certificate contains Czech characters. 

6171311 

Frequent errors encountered when running Web Server with JDK 1.5. 

6171784 

Web server performance issue with certain error logging configuration. 

4925875 

For Korean HTML collection, Korean word search with asterisk does not return any result. 

6171950 

Precompiled JSP files do not work as expected with reload-interval parameter in sun-web.xml.

Workaround: Use the property use-precompiled (set to true under jsp-config in sun-web.xml) to specify that the JSP files are precompiled and should never need to be compiled at runtime.

A sample sun-web.xml is as follows:

<sun-web-app>
   <session-config>
     <session-manager>
   </session-config>
   <jsp-config>
  <property name="use-precompiled" value="true" >
   </jsp-config>
</sun-web-app>

5048940 

Superuser Access Control page in Administration GUI not accessible after upgrade from SP1. 

6177544 

libpassthrough.so not present after RPM installation of plug-in.

6176231 

Web Server 6.1 SP4 — Using the Delete certificate Administration GUI (bin/https/admin/security) core dumps with NSS 3.9.3 beta.

6173365 

Multiple package installers for the same build of web server of the Solaris SPARC/x86 platform. 

5039633 

Update NSS to 3.9 series. 

5063134 

Java Enterprise System symbolic link not used for J2SE location. 

6067407 

Problems using ACL_LDAPSessionFree().

6173293 

Web server always sets content type to text/html when Servlet filter is set. 

6176264 

Web Server 6.1 SP4 Solaris x86 unable to start the SSL instance through the Administration GUI. 

6180677 

Web Server SP4 for JES3 is unable to upgrade on top of Web Server SP2 for JES2. 

6066139 

Tests fail while running web server with JDK1.5_beta2 release. 

6088595 

Administration console throws exception with JDK 1.5.0_beta2 while creating and editing classes. 

4904913 

I18N search: `?' wildcard search in Japanese causes wrong match.

Issues Resolved in 6.1 SP3

The following table lists the issues resolved in Web Server 6.1 SP3.

Table 27 Issues Resolved in Web Server 6.1 SP3

Issue ID 

Description 

4798461 

GUI does not correctly reflect when `Transmit File' is turned off.

4904896 

I18N search: Sort encoding list of Default Encoding on search Administration GUI. 

4905412 

GUI does not permit to manage users in the keyfile database.

4991338 

Web server Administration console does not show all the tabs (in Mozilla browser). 

5001819 

Web Server 6.1: Nova Search Engine sometimes does not pick up document. 

5014693 

Java filters, HTTP compression, and SHTML fail to interoperate. 

5021077 

A java.lang.NullPointerException is thrown if you click on the OK button without selecting the Directory Server.

5025617 

Web server's JNDI needs to map resource-env-reffrom sun-web.xml.

5042676 

Request flow problem with Client tag code=302. 

5056989 

Enable prefixing of hostname in session ID. 

You can enable prefixing hostname in session ID for the web application by setting the value of the property prefixSessionIDWithHostname under manager-properties to yes, true, or on, in the web application sun-web.xml.

In the following example, prefixing host name in session ID is enabled for the web application by setting the parameter value to true.

<session-config>
  <session-manager>
   <manager-properties>
    <property name="prefixSessionIDWithHostname" value="true">
   </manager-properties>
  </session-manager>
</session-config>

5057749 

Web Server 6.1 SP2: Plug-in defined in certmap.conf does not load.

6041356 

Memory leaks when AdminLanguage and/or DefaultLanguage is specified in magnus.conf.

6057426 

The load balancer plug-in (formerly Resonate plug-in) loadbal.so does not work on the Solaris SPARC platform.

The location of the loadbal.so plug-in is server-root/plugins/loadbal.so.

5065017 

Servlet session data problem. 

5048051 

Create collection fails on Linux with RPM install. 

5029954 

Stack size is ignored when ConnQueueSize/RqThrottle is 0.

4898077 

Inconsistent behavior between HttpServerAdmin and iWS console.

5013100 

Two ports (for example, 2500 and 02500) are added in server.xml as different ports.

5046634 

2–byte character in HTTP header and plug-in programs. 

You can enable response header encoding at the web application level by setting the value of the configuration parameter use-responseCT-for-headers to yes, true, or on, in the web application's sun-web.xml.

In the following example, response header encoding is enabled for the web application setting the parameter value to true. A sample sun-web.xml is as follows:

<sun-web-app> 
  <parameter-encoding form-hint-field="j_encoding"> 
  <property name="use-responseCT-for-headers" value="true" > 
  <session-config> 
    <session-manager> 
  </session-config> 
 <jsp-config> 
</sun-web-app>

Issues Resolved in 6.1 SP2

The following table lists the issues resolved in Web Server 6.1 SP2.

Table 28 Issues Resolved in Web Server 6.1 SP2

Issue ID 

Description 

4536102 

I18N: SNMP community name does not show up on Solaris Netscape. 

4536194 

CGI subsystem makes blocking calls from NSPR user threads. 

4536739 

Administration ACL and Superuser AC: The `Allow only from host' option does not work. 

4615933 

CORE SHTML: Cannot set Content-encoding for .shtml files.

4629796 

French Thread pool name displaying garbage characters on JA-NT (Internet Explorer and Netscape). 

4651056 

Web server returns 404 for files starting with `..'.

4651206 

After adding a new mime type file, there is no way of verifying addition from the GUI. 

4651207 

Document preference web page should provide a file to use for error responses. 

4652009 

Customized access log file is not reflected in the GUI in the View Access Log tab. 

4657465 

Need to disable cookie-encoding. 

By default, the Web Server URL encodes the cookies before sending them to the client. If you do not want the cookies to be encoded, add the following line to sun-web.xml:

<property name="encodeCookies" value="false">

For the above example, add the line directly under the sun-web-app tag. Do not embed this line in any other tag.

4664945 

Internal Error from URL forwarding form. 

4666409 

Clearing the ErrorResponse CGI file name.

4676934 

Distributed -Administration: Overrides default ACI in Web Server 6.0 SP2. 

4676946 

No validation of virtual server settings form. 

4676950 

Internal error on removing http:// from URL forwarding form.

4682434 

CGI that has scripts to grab environment variables fails to execute. 

4682894 

Cluster management - Selection of source server deselects target servers. 

4684775 

Asynchronous DNS is disabled by default. 

4707989 

Web-application/JSP: load-on-startup not working on JSP files. 

4704385 

Cluster: Null message in modify cluster when OK is clicked soon after reset. 

4705181 

User and group is not validating for the users and accepting blank spaces in CGI. 

4705204 

Newly added ACL files are not getting deleted after selecting delete. 

4706063 

chroot and directory are not validating correctly.

4711353 

Administration: Global|SNMP Master Trap Warning displays Form Element Missing:manager?.

4718914 

Turn the security ON for any instance server without installing a certificate. 

4724503 

After enabling IPv6 on GUI Edit listen socket, server will not start. 

4727597 

Administration GUI gets cluttered when a new server is added with a duplicate port. 

4721021 

Unable to access absolute URI on SSL enabled server. 

4727444 

Access Log reports incorrect data. 

4732877 

Urlhosts field does not accept more than one hostname.

4745314 

$id variable in VSCLASS docroot is not working on Windows.

4749239 

ACLI: Incorrect processing of ACL. 

4753601 

MaxRqHeader directive in magnus.conf is not working as desired.

4754934 

Vignette NSAPI plug-in on Web Server 6.0 not functioning correctly when HTTP1.1 is used. 

4761188 

LDAP: Improve LDAP dynamic group performance for ACLs. 

For performance reason, a new LDAP configuration parameter, dyngroups fast is introduced for SP2. With this parameter, web server will make an assertion about group membership bypassing nested individuals among dynamic groups.

For example, assuming that user alpha belongs to group A, group A is a member of group B by group B memberURL definition (dynamic group), and your ACL only grants group B access. In such case, web server will deny access from alpha because alpha is not regarded as member of group B.

If you want to support a nested group, do not define this new config for LDAP authentication service. You will not get performance gain consequently. A sample configuration directory is as follows: 

ldapregular ldap://localhost:389/o=TestCentral

ldapregular: dyngroups fast

4763653 

Validation required for the form elements in document preferences page. 

4764307 

Magnus.conf: Performance setting: accepting negative numbers.

4765709 

Administration: Configure Directory Service not validating binddn/password.

4770294 

Web Server 6.1 on Windows should add CR character to the end of the line in the access log. 

4786612 

Web server treats `:' (colon) as a separator between hostname/IP and port in several places. This code needs to be updated to recognize when the `:' is actually part of an IPv6 address. 

4787310 

Eviction fails in NSFC when SmallFileSpace is set to a low value.

4788075 

Setting the PATH variable in magnus.conf for Web Server 6.0 SP5 does not work.

4800173 

Performance issue with large ACL file in conjunction with many virtual servers. 

4808402 

Native authenticator support. 

4814097 

Unable to select none as a program item under the program groups in GUI.

4822720 

Keep-alive subsystem should be dynamically tuned. 

The keep-alive subsystem requires tuning for optimal performance. In Web Server 6.0 this subsystem was tuned for heavy load and performs poorly when only a handful of concurrent keep-alive connections exist. The keep-alive subsystem was modified for Web Server 6.1 SP2 so it performs some dynamic tuning to accommodate the actual load. 

4849907 

shtml is parsed when execute permission is not set and configured.

4855807 

AIX: Web server hangs after being restarted by watchdog. 

4858152 

Access log entries in the server.xml file of the migrated instance point to an invalid path.

4869527 

SNMP: Test fails for RH Linux 6.2/7.2/Adv Server 2.1, and Sun Linux 5. 

4862498 

New directory Service Screen not connected to interface. 

4870613 

Back button not working for frames in Netscape Navigator 7. 

4873766 

The upload-file SAF does not work correctly with chunked requests.

4882838 

Unable to specify protocol for URL in generated redirects. 

The server generates a self-referencing URL whenever it sends a redirect to a client. As of Web Server 6.1 SP1, the servername attribute of the LS element in server.xml can be used to configure the scheme used in server-generated self-referencing URLs.

For example, if an SSL offloader sits between the Internet and the web server instance, decrypting SSL-encrypted traffic for http://www.sun.com and relaying it to the web server on port 8080, an LS element such as the following could appear in server.xml:

<LS remap="ls1" port="8080" security="disabled"...servername="https://www.sun.com">

The https:// prefix in the servername value instructs the server to use the HTTPS scheme in self-referencing URLs even though the LS is not configured to handle SSL traffic.

4889081 

Internal log rotation creates empty logs. 

4894033 

Distributed-administration: Functioning of Administration ACL `Allow only from host/IP' is not as per documentation. 

4896881 

While using untar to expand the web server bits, the ownership and group information is not correct. 

4897074 

On Linux only: When you create a collection, PDF files will not be indexed and added to the collection. 

4899105 

The highlighting of the connection value in the Edit Virtual Server page is not correct. 

4905175 

WebDAV ACL settings are inherited into new Virtual Servers. 

4909378 

The Help button in the Edit WebDAV page is not pointing to the correct help page. 

4903449 

Performance affected with multiprocess mode and one thread. 

4905681 

The AsyncDNS setting is ignored in Web Server 6.1 SP1. The web server never performs asynchronous DNS lookups.

Note that even when the magnus.conf has AsyncDNS on, Asynchronous DNS is still turned off.

4908631 

An error message status is returned when you try to stop the server when it is not running. 

4907288 

Cluster Management file transfer not working on Windows. 

4909678 

Web Server 6.1 Digest authentication is not working for flat files. 

4910266 

Web Server 6.1: Creating Digest file users through the GUI duplicates users in exponential order. 

4904088 

Migration final page needs to encode the `<' and `>' characters HTML. 

4908986 

JDBC: Servlet code UploadServlet mishandles SQL exceptions.

4904896 

I18N search: sort encoding list of Default Encoding on search Administration GUI. 

4908010 

Unable to remove search collection for a newly created virtual server. 

4908401 

I18N: Un-localized timestamp for each search-returned documents. 

4910222 

Error on Windows when trying to create a collection with a document root that has back slashes. 

Workaround:  This behavior occurs when you specify a document root that has back slashes or mixed slashes. Use forward slashes.

4911548 

Server returns ConfigException while creating the duplicate search collection.

4911656 

I18N: Can not go to `sort by date' link while searching multibyte characters. 

4913909 

i18n: error adding file with Korean filename - skipping since no read permission. 

4913228 

Missing quote in Oracle script for jdbcRealm sample application.

4910869 

NSFC enhancement needed. 

Add the ReplaceFiles nsfc.conf directive.

When ReplaceFiles=true (default), the existing file cache behavior is preserved.

ReplaceFiles=false indicates that once a file is cached, its file cache entry should never be discarded to make room for another file. This setting is useful in benchmark scenarios because eliminates contention on the hit list lock.

4910272 

Server should not accept mixed slashes for the doc root while adding a new server. 

4912254 

Web server installation fails due to set -o noclobber in .env.

4911070 

Web Server 6.1: Add listen socket protocol family field is missing for IPv6 address. 

4911630 

Many of the fields in the magnus editor do not have validations because they are accepting negative integer values. 

4911550 

Getting ServletException while trying to access the server with additional doc.

4911633 

Change Password for the user is not working. 

4913566 

The URL Forwarding Editing Page is not consistent. 

4919473 

Updating Security Realm properties from Administration GUI is not reflected in server.xml.

4913289 

Help on `Edit Virtual Class' does not give complete criteria for VS class deletion.

4916331 

Keep-alive connections can hang under light load. 

4925475 

The server.xml createconsole attribute is ignored.

4925938 

Null Pointer exception thrown if the user mistakenly edits the VS Administration URL.

4929848 

Performance: Web server polls kstat once per second.

4926414 

I18N-korean: Re-indexing collection hangs when missing one or more existing docs. 

4935797 

certmap.conf file location misrepresented.

4930327 

Destination headers are not URL decoded in MOVE/COPY requests. 

4933483 

SIGCHLD signals are reported on startup.

4935582 

TCP_NODELAY need not be set for AF_NCA.

4930642 

Source returned when the file's mime.types entry does not end with a carriage return.

4930329 

Default values of maxpropdepth is poorly chosen.

4932995 

The leading `/' is being removed when deleting web application through Administration GUI. 

4935420 

Resource picker for restrict access fails for migrated instance of 6.1. 

4944850 

Address directive not properly migrated when migrating from Web Server 4.1 to 6.1. 

4946829 

Administration: Creating a new virtual server after migration causes $user: unable to find value.

4941027 

Cross-site scripting in web server administration interface. 

4948397 

Web Server 6.1 SP1 SNMP is not working. 

4946187 

Distributed-Administration: After enabling distributed administration, if an ACL is set to allow authenticated users only, the server still allows access to other users in the Administration group. 

4947005 

Add server instance is not working on the Solaris x86 platform. 

4940040 

Administrator's Configuration File Reference defines non-existent TYPE element.

4942750 

Search example is incorrect. 

4943631 

Wrong documentation on the thread pool configuration file. 

4941741 

Web Server 6.1 SP1 server on Solaris 8 SPARC fails to start due to libCld.so.

4945994 

fc_net_write should result in a single system call.

4940418 

Third-party profiler support for bytecode instrumentation. 

4943329 

IWSSessionManager does not work as expected with Web Server 6.1.

4947065 

The search web application shows only a maximum of 11 collections. 

4947624 

Ineffective alert message displayed while re-indexing on Windows. 

4950552 

Wrong number of results for particular output results (11, 21, 31...). 

4954789 

Web server deployment fails with ClassCastException.

4956415 

Web Server 6.1 Search: Requesting an ability to display the meta tag description. 

4950644 

Ineffective alert message displayed while creating a duplicate collection on Linux. 

4951860 

httpagt depends on NETSITE_ROOT variable.

4957158 

fc_open fails when running specweb99 on x86 build.

4952492 

MOVE method should rename files when possible.

4958571 

PR_NetAddrToString performance is less than expected.

4951264 

Web server crashes during Java-triggered reconfiguration and server shutdown. 

4958755 

ServletContext.getContext(String) does not return other contexts when called from root context. It returns the root context.

4950653 

`Null' is displayed for QoS vsclass values.

4951982 

Invalid error message is displayed while configuring LDAP with wrong credentials. 

4953147 

Cron-based log rotation fails when Administration user is root, and instance is non-root. 

Workaround: Change the user to match the Administration server user in the scheduler.conf file.

4961864 

Web server hangs when using rotate-callback. 

4962059 

Administration password stored as plain text in file setup.inf.

4969637 

Minor coding error in send-error SAF. 

4961999 

After adding a virtual server, the top frame does not show the virtual server in the dropdown box. 

4962624 

Administration: No Validation for protocol value in Edit Listen socket. 

4963483 

The GUI gets cluttered if an ACL file path contains a forward slash. 

4968422 

Showing up invalid ACL file on the browser in the WebDAV screen. 

4966497 

Perf Dump data for Average Queueing Delay is not correct. 

4970955 

Cross-site security issue with Apache sample (\plugins\java\samples\webapps\simple).

4972573 

Incorrect behavior in web-apps-sample sample application in Web Server 6.1 SP1.

4972587 

Incorrect instructions in index.html of the internationalization sample application.

4976454 

Samples shipped with Web Server 6.1. 

4970273 

FastCGI beta libraries are in RTM web server packages. 

4976953 

AIX 6.0 SP6: forbidden error to a GET for a file with correct group permissions. 

4976490 

Log messages are truncated. 

4975675 

Dynamic reconfiguration fails when server is under load. 

4976910 

NSFC_GetEntryPrivateData() calls NSFC_ExitCacheMonitor() when no entry exists.

4973079 

The GUI retains dismissed invalid port entries and populates it when servername field validation fails.

4975788 

classpath edited using Internet Explorer is broken; server JVM can't start.

4975798 

Cannot add path to classpath suffix using web-admin.

4975782 

Cannot delete external JNDI reference. 

4970188 

RPM can't locate system umask. 

4971298 

pkgchk -n fails for web server package in Java ES.

4986761 

Web Server 6.0 migration fails. 

4989231 

Server fails to start up on Linux platform. Wrong JDK path during build. 

4988104 

Edit Virtual Servers page should update the connections value correctly. 

4986700 

Last-modified and Etag are suppressed when Servlet filters are used. 

4991888 

The wrong file name is stored for key file configuration. 

4992739 

Cannot start web server instance, after modifying its classpath suffix.

4995447 

Web Server 6.1 SP2 RH Linux unable to access Administration GUI; throws error message after login. 

4995489 

Solaris x86: Distributed Administration cannot be enabled. 

4991775 

Validation of cookie name in cookie example Servlet. 

5002905 

Superuser Access Control cannot be set even when Distributed Administration is not enabled. 

5012107 

POST request body consumed twice when using bad plug-in. 

4962659 

Search criteria is truncated to 100 characters. 

4967580 

Search displays wrong links for the SSL enabled instance. 

4970181 

Stellent filters need to be added to the Linux and Solaris x86 builds. 

4975327 

indexMetatags of the nova search should be set automatically.

4975367 

Indexing for the meta tag should be case-insensitive. 

4997149 

Removing documents with a *.* pattern is not removing all the files when the excludeExtensions property is set.

4997178 

Server returns null pointer exception while indexing .sxg file when excludeExtensions is set.

4997697 

Page numbers are not displayed properly on the search results page. 

4844616 

Misconfiguration of bswitch causes crash.

4854698 

Plug-in crashes with malformed request. 

4866965 

ACLI: Failed authentication is logged twice in the server errors log file. 

4880864 

ACL: Web server returns “404 Not found” errors when ACLs deny access. 

4915326 

WEBC: granting signedBy permissions to Jar files does not work.

4918754 

Web Server 6.1 cannot process HTTP URL GET parameter that is in 8-bit charset. 

4924921 

Cannot set 800 MB of JVM maximum heap size on Windows 2000 using JDK 1.3.1. 

4926336 

Using % in the value of the JSP parameter corrupts the query string. 

4927770 

Server aborts with SIGABRT from within libjvm.

4928358 

JSP errors are wrongly reported as “Not Found” errors. 

4930374 

extra-class-path attribute in class-loader element in sun-web.xml does not work as expected.

4932893 

Dynamic reloading does not work for web application descriptor files, for example, web.xml.

4939370 

Web container thread names are not unique. 

4934083 

LDAP: Crash during LDAP authentication. 

4934562 

WEBC: getRemoteUser() does not work for stand-alone JSP files.

4935669 

WEBC: Request may not always contain client certificate data. 

4935570 

Certificate data not always present even when available. 

4932547 

Tomcat AuthenticatorBase returns 500 instead of 403.

4946762 

Out–of-box default realm should be native. 

4948123 

Web Server 6.1 incorrectly reports client key size in certain situations. 

4949842 

WEBC: isUserInRole() does not match when using core authentication.

4957829 

LDAP: User can enter wildcard `*' for UID in basic authentication. 

4960013 

Cannot have more than one LDAP realm. 

4968857 

htconvert not converting .nsconfig wildcard patterns correctly.

4968882 

htconvert does not work on 6.1 style server.xml.

4960873 

NPE encountered when a session is expired simultaneously by two (2) threads. 

4973927 

EPIPE signal not caught as an IOException from OutputStream.write().

4976277 

Using JDK 1.4.1 provided JNDI connection pool for LDAP pooling. 

4983707 

Changing the log level to Security causes NullPointerException upon start.

4981028 

Distributable semantics in web.xml is not honored by the web container.

4993468 

getResourcePaths returns paths that contain `//'.

4996219 

webservd leaks memory on RedHat Linux Advance Server 3.0.

4997593 

Poor integration between NSAPI srvhdrs and HttpServletResponse headers.

4997756 

LOCK-UNLOCK is not working properly and the GUI does not show lock information properly. 

4997838 

Web server does not start on RedHat Linux AS 3.0 with Security turned On.

5003531 

500 error when accessing a web application with transport-guarantee=CONFIDENTIAL from a non-SSL port.

5004542 

ASN.1 parsing bugs/brute forcer program can cause web server crash. 

5016494 

NSS: Crash in DER_UTCTimeToTime with corrupt certificate.

Issues Resolved in 6.1 SP1

The following table lists the issues resolved in Web Server 6.1 SP1.

Table 29 Issues Resolved in Web Server 6.1 SP1

Issue ID 

Description 

4642650 

Option needed to disable appending of absolute URL in a Servlet or JSP container. 

Fix details: New property added to sun-web.xml: relativeRedirectAllowed

Default value: false

Description: If true, allows the web application to send a relative URL to the client using the HttpServletResponse.sendRedirect() API. That is, it suppresses the container from translating a relative URL to a fully qualified URL.

4793938 

Enabling Remote File Manipulation from the Server Manager GUI allows any remote user to obtain a listing of any directory in the server's URI space. 

4904201 

javahome path wrongly set when adding a server with no bundled JDK.

4911580 

Adding a new server instance might fail with a Server Error message. 

4928794 

Server restarts when trying to create null resource by PUT. 

4929913 

Search engine does not extract and index FTS information from PDF files. 

Fix details: This fix applies to all supported platforms except Linux.

The Author, Subject, and Keywords meta tags are always indexed. Functionality has been added that now enable arbitrary meta tags to be indexed, including those tags produced when converting the FTS_* attributes from PDF files. Manual configuration of a new setting in server.xml is required, as described below.

  • In the SEARCH section of server.xml, add a PROPERTY with name="indexMetatags". The value should be a comma-delimited list of meta tag names. Note that the Author , Subject, and Keywords meta tags are always indexed, regardless of this setting.

  • To index the meta tags resulting from the conversion of PDFs and other types of documents, this configuration must use the name of the meta tag rather than the name of the field in the particular document type. For example, to index the FTS_Title contents from PDF files, "Title" must be a component of the "indexMetatags" setting:

    <PROPERTY name="indexMetatags" value="Title">


Note –

See issue 4956415 for details about displaying custom meta tag information in search results.


4933935 

On Solaris 9 release: reconfig does not work in package-based installs.

4945089 

ASN.1 parsing issue in SSL. 

A problem has been identified in the implementation of the SSL protocols used by the web server that may be exploited as a Denial of Service attack. Web Server 6.1 SP1 fixes this problem. If you use the web server to host sites that utilize SSL version 3 or TLS, you are strongly encouraged to install this service pack. 

4950388 

The reconfig command does not work on Windows XP.

4964069 

The commit.exe utility crashes on Windows platforms.

Issues Resolved in 6.1

The following table lists the issues resolved in Web Server 6.1.

Issue ID 

Description 

   

Table 30 Issues Resolved in Web Server 6.1

Issue ID 

Description 

4869693 

On Windows, the web server installation overwrites SunONE Directory Server .dll files due to cohabitation issues with Directory Server 5.x.

4540254 

Rotating log files shouldn't require server restart on UNIX. 

4727146 

Logs filling with `connection reset' entries. 

4786735 

Installer does not set proper JDK CLASSPATH/LIBPATH when the external JDK is used. 

4792721 

Incorrect error messages when LDAP server is offline. 

4799452 

sun.tools.javac.Main has been deprecated. Its exception stops valid JSP files.

4801874 

ACL_LDAPSessionAllocate always returns LAS_EVAL_FAIL.

4811418 

Digest authentication crashes. 

4819405 

Memory leak of the slapd process with the digestauth plug-in.

4820513 

digestauth plug-in code is not thread safe.

4839875 

When using cachefs or nfs as ClassCache and document-root, Web Server does not always pick up the new JSP. 

4842190 

Web server crashes when receiving Accept-Language header larger than 15 languages.

4842574 

Server crash with malformed request. 

4842601 

Accept-Language header security issue.

4846832 

CRL corrupts database. 

4848896 

digestauth plug-in crashes for a particular type of request.

4849914 

Memory leak in digestauth plug-in for a particular type of request.

4855546 

Log analyzer vulnerability. 

4858026 

JSP: crash in getParameter when posting large amounts of data.

4867887 

Basic authentication fails for users with user IDs that have spaces. 

4903319 

When you create a collection, not all documents will be indexed and added to the collection. 

Issues Resolved in 6.1 Documentation

The following table lists the issues resolved in the English language version of Web Server 6.1 SP6 and later documentation.


Note –

The following issues exist in the localized version of Web Server 6.1 documentation.


Table 31 Issues Resolved in Web Server 6.1 Documentation

Issue ID 

Description 

6507454 

Current documentation gives incorrect instructions on how to log cookie information. 

6528670 

Administrator's Guide should document the steps to restart, start, or stop the schedulerd control daemon from command line.

6528678 

Release Notes and Installation and Migration Guide have different Support Platform description for Web Server 6.1 SP7.

6528682 

Two Server Instances Bind to Same Port on Windows. 

6543821 

Server does not close the old listen sockets on restart or reconfigure. 

6559753 

The release notes for the reverse proxy plug-in should include a Resolved Issues section. 

6570039 

Administrator's Guide needs correction: the -P option in the Exporting with pk12util section should contain a hyphen (-) after https-test-host.

6367812 

Online help does not document steps to restart the schedulerd.

4957123 

Administrator's Guide does not document the Search Query operators.

6493741 

Provide steps on "How to Stop the schedulerd from a command line".

6384436 

Reverse proxy plug-in is missing some important documents. 

6401395 

6.1 Passthrough/Fastcgi plug-ins startup messages create confusion. 

6170766 

Upgrade procedure of Java ES does not use the JES installer. 

6418693 

Description about netbuf_getbytes() is not available in the 6.1 NSAPI guide.

6472668 

Web Server 6.1 Windows installation should use -Xrs JVM option by default. 

6503463 

Web Server 6.1 release notes has Sun internal URL. 

6378473 

Release Notes for Sun Java System Web Server 6.1 Add-Ons Reverse Proxy Plugin has an incorrect default value for the validate-server-cert SAF.

6391505 

Installation and Migration Guide should document configuration file writability, root security risks, and Solaris net_privaddr privilege.

6359385 

Administrator's Configuration File Reference should document the magnus.conf variable MaxKeepAliveConnections value range for 64–bit server.

6358849 

Administrator's Configuration File Reference should document the MaxOpenFiles attribute in the nsfc.conf configuration file.

5065188 

6173274 

Administrator's Guide incorrectly describes a Find menu Passage Search option in the Advanced Search section. This menu option is not available.

6155266 

Administrator's Guide describes the configuration log level incorrectly.

6206074 

Administrator's Configuration File Reference describes an incorrect default value for the ChildRestartCallback directive.

6170766 

Installation and Migration Guide describes an incorrect method of upgrading a new version of web server in the Before You Install Sun ONE Web Server section.

6170769 

Administrator's Configuration File Reference has incorrect information about the AdminLanguage directive.

6173273 

Administrator's Guide has a typographical error under section Choosing MIME Types.

6173133 

NSAPI Programmer's Guide describes an incorrect example of a NSAPI Function Reference.

6173272 

Administrator's Guide incorrectly documents the supported version of Java as `1.4.1_03'.

5029460 

Administrator's Guide documents an incorrect certmap.conf configuration.

4975161 

Administrator's Configuration File Reference does not document the optional parameter `block-size' for pool-init.

5002190 

Administrator's Guide does not contain information about the htpasswd command utility.

5002192 

Administrator's Configuration File Reference has incorrect information about the loglevel attribute.

5038534 

Administrator's Configuration File Reference has incorrect default value for the LogFlushInterval directive.

4781137 

Administrator's Guide has the following incorrect information:

  • The path where libdigest-plugin.ldif exist is not defined in the guide.

    Additional Information: libdigest-plugin.ldif is available at server-root/plugins/digest/libdigest-plugin.ldif.

  • Information to configure the web server to process digest authentication (set the digestauth property of the database definition in dbswitch.conf) is given without describing the procedure to do it.

  • libdigest-plugin.so is incorrectly mentioned as libdigest-plugin.lib.

  • Description of iplanetReversiblePassword is missing.

4823362 

Administrator's Guide needs to be updated with additional information regarding ACL.

5046588 

Installation and Migration Guide incorrectly documents the supported version of Sun accelerator hardware.

5052605 

NSAPI Programmer's Guide does not clearly specify that content-type needs to be in lower case.

5062560 

Installation and Migration Guide does not document the method of disabling the start-on-boot option.

6285234 

Administrator's Configuration File Reference incorrectly describes the default value of the StrictHttpHeaders directive as on.

6067318 

Administrator's Configuration File Reference has insufficient information about the set-variable error parameter.

6230379 

Administrator's Configuration File Reference incorrectly describes a remove-file() SAF.

6208955 

NSAPI Programmer's Guide incorrectly documents the description of SERVER_SOFTWARE as MAGNUS_VERSION_STRING.

6320016 

Administrator's Configuration File Reference does not clearly define the default value of listenQ on Windows.

6354681 

Administrator's Configuration File Reference needs more information about DNS.