Oracle iPlanet Web Server 7.0.9 is an update release to Sun Java System Web Server 7.0. In addition to the features and enhancements in Web Server 7.0 and Updates 1 through 8, Web Server 7.0.9 brings the following additional features and enhancements to the product.
Web Server 7.0 Update 7 included NSS 3.12.5, which provided relief, but not resolution, for the SSL/TLS renegotiation vulnerability CVE-2009-3555. Additionally, Web Server 7.0 Update 7 disabled all use of SSL/TLS renegotiation in order to protect Web Server from attack. If either the client or Web Server attempted to trigger renegotiation on an existing SSL/TLS session, the connection would fail.
Web Server 7.0.9 includes NSS 3.12.6, which provides safe SSL/TLS renegotiation and so provides resolution of CVE-2009-3555. As a result, Web Server 7.0.9 re-enables use of SSL/TLS renegotiation.
You can now configure Web Server to use the Eclipse JDT Java compiler instead of Ant and another Java compiler. For more information, see Using the Eclipse JDT Java Compiler in Oracle iPlanet Web Server 7.0.9 Developer’s Guide to Java Web Applications.
Web Server now supports the Oracle JRockit JDK on the 32–bit platforms it supports. For the 7.0.9 release, the minimum required JRockit JDK version is R27.6.5, which is certified to be compatible with Java SE 6 Update 14 (1.6.0_14).
Web Server 7.0.9 adds the changeSessionIdOnAuthentication property to the sun-web-app element of the sun-web.xml file. This property enables web applications to change session IDs upon authentication in order to avoid session fixation attacks. For more information, see sun-web-app Element in Oracle iPlanet Web Server 7.0.9 Developer’s Guide to Java Web Applications.
For large applications, you should use the --file-on-server option of the add-webapp command to provide a path to an exploded war file outside the Web Server root directory. Note, however, that the Administration server does not manage web applications deployed outside the Web Server root directory. For more information, see add-webapp(1) and Deploying a Web Application Directory in Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.