What's New in This Release

Sun Java System Web Proxy Server 4.0.13 supports the Microsoft Windows 2008 Enterprise Edition. This release contains fixes of important bugs, including the following ones related to security vulnerabilities:

Bug 6917212 describes the buffer overflow issues in the Digest Authentication methods in the Sun Java System Web Proxy Server, which may allow remote unprivileged users to crash the Web Proxy Server, thus leading to a Denial of Service (DoS) condition. These issues may also lead to execution of arbitrary code with elevated privileges.

Bug 6917211 describes the heap overflow issues in the HTTP TRACE functionality in the Sun Java System Web Proxy Server, which may allow remote unprivileged users to crash the Web Proxy Server, thus leading to a Denial of Service (DoS) condition. These issues may also be exploited to gain unauthorized access to sensitive information.

Bug 6897536 describes the "Proxy-support: Session-Based-Authentication" header sent out by the Sun Java System Web Proxy Server. A proxy that correctly honors client to server authentication integrity will supply the "Proxy-support: Session-Based-Authentication" HTTP header to the client in HTTP responses from the proxy. The client MUST NOT utilize the SPNEGO HTTP authentication mechanism through a proxy unless the proxy supplies this header with the "401 Unauthorized" response from the server.

Bug 6901079 describes the new functionality of Proxy's HTTP client where the Error stage can be optionally run for any error responses received from a backend server.

Bug 6862976 describes a new parameter "trailing-slash-redirect" under the "map" SAF. If this parameter is set to "true", then the "map" SAF will use the value of the "to" parameter as the new URI and will not append the value of the "from" parameter to it.

Bug 6906258 describes the newly added support for LDAP search filters.