6183117

Incorrect http-headers when using servlet filters for pdf/ xls files.

There is no default mime-type mapping in default-web.xml. Add the desired mime-types to default-web.xml.

Solution

Add the following mime-type definition in the default-web.xml of the instance that will server xls:

<mime-mapping>

<extension>xls</extension>

<mime-type>application/vnd.ms-excel</mime-type>

</mime-mapping>

Similarly, add the specific mime-type definitions for other file types to the default-web.xml file.

6308777, 6324326

Servlet container UTF-8 URI mapping vulnerability.

ACL-based protection for JSPs can be bypassed by presenting characters in the URI in UTF-8 format. 

Solution

Ensure to modify ACLs to not accept wildcards in the URI. 

5089201, 5001994

getRequestURI() returns unencoded values when it should not.

The fix for this issue will break clients of older NSAPI, such as Portal Server 6.3, which call getRequestURI() and expect the URI to be automatically decoded when the data is returned.

Therefore, to maintain backward compatibility for older NSAPI clients, a new JVM option has been added to revert to the old NSAPI behavior and allow Portal Server to function correctly. 

Solution

Enable the JVM option, -DJ2EEDecodeURI, on computers running Portal Server to allow cookie-less mode (and all other functionality) on the getRequestURI() call.

4951476

javax.ejb.EJBException: org/dom4j/Element error is thrown with JWSDP 1.2(1.3) installed.

Solution

Add dom4j-full.jar to server-classpath in server.xml file. It can be downloaded from http://dom4j.organd should precede appserv-jstl.jar entry in server-classpath.

4997770

HTTP 404 error message still indicating "Sun ONE Application Server"

Read "Sun ONE Application Server" as Sun Java System Application Server.