Sun Java System Web Server 6.1 2005Q4 SP5 Release Notes

Issues Resolved in 6.1 SP5

The following table lists the issues resolved in Sun Java System Web Server 6.1 SP5.

Table 4 Issues Resolved in Sun Java System Web Server 6.1 SP5

Problem ID 



NSFC buffer size should be configurable (64-Bit). 

Additional Information: Use the new BufferSize nsfc.conf directive to configure the size of the buffer used to transmit file contents on cache misses. The following directive can be added to nsfc.conf to increase the buffer size from its default of 8192 bytes to 16384 bytes: BufferSize=16384

Larger buffer sizes may result in improved throughput at the cost of increased latency and memory utilization. 


JES3 Web Server installation fails and/or core dumps if the Admin password contain shell meta-characters such as ;, $, &, ^, *. (. ), |, <, >, ', `,”, and \, etc in Admin password. 


Include -N linker option for HPUX Web Server builds. 


Input filter is called only for the first HTTP request when using Keep-Alive. All subsequent requests of the TCP connection are not being processed by the filter. 


Global resources are not available to load-on-startup servlets. 


Unable to migrate 6.0 SP7 Web Server instance to 6.1 SP2. 


Web Server migration should correctly update RootCerts. 


JES Web Server 6.1 SP2 failed to index PDF version 1.5 (Acrobat 6.x) doc for Search Collection Creation. 


Cross-site scripting vulnerability in a default error page. 


SSL: Data larger than 8k is lot when the request triggers new SSL handshake. 

Additional Information: By default Web Server can upload file of size up to 1MB (when client cert authentication is optional). To upload file larger than 1MB, increase the SSLClientAuthDataLimit limit in the magnus.conf file. In case of simultaneous uploading of very large files Web Server will use large chunk of memory. To minimize memory utilization do any of the followings:

  • If authentication is not required, turn off the authentication.

  • If authentication is required, make it mandatory by setting require=1 in the obj.conf.

PathCheck fn="get-client-cert" dorequest="1" require="1"


.htaccess Require directive broken. 


acceptlanguage does not work for User Document Directories. 


Internal-Daemon Log Rotation does not work for files greater than 2GB. 


.htaccess silently fails to protect resources which do not have a corresponding file. 


New NSS error codes are not being handled properly (unknown error – 8048). 


Switching from HTTPS to HTTP causes generation of new session. 

Additional Information: Set the isSecure attribute of the session cookie for the Web application under cookie-properties to either true or false in the webapp's sun-web.xml. The default value is true. In the following example, isSecure is set to false for the web-app by setting the parameter value to false. The sun-web.xml will look like:

           <property name="isSecure" value="false"/>


SNMP services fail in Web Server 6.1 SP2/SP3 on Windows 2000 platform. 


Web Server 6.1 SP4 uninstall script displays an error message – `No such file or directory'. 


Some PDF files fail to be indexed by the search engine. 


ClassCastException thrown when nested includes are present in JSPs. 


Requests with double `Content-Length' header should get rejected (HRS vulnerability). 

Workaround: Add the StrictHttpHeaders directive in magnus.conf and set its value to on.


Incorrectly configured home-page SAF crashes server.