Sun Java System Web Server 6.1 SP8 Release Notes

Issues Resolved in 6.1 SP5

The following table lists the issues resolved in Sun Java System Web Server 6.1 SP5.

Table 7 Issues Resolved in Sun Java System Web Server 6.1 SP5

Problem ID 



NSFC buffer size should be configurable (64-Bit). 

Additional Information: Use the new BufferSize nsfc.conf directive to configure the size of the buffer used to transmit file contents on cache misses. The following directive can be added to nsfc.conf to increase the buffer size from its default of 8192 bytes to 16384 bytes: BufferSize=16384

Larger buffer size might result in improved throughput at the cost of increased latency and memory utilization. 


JES3 Web Server installation fails or core dumps if the Administration password contain shell meta characters such as ;, $, &, ^, *. (. ), |, <, >, ', `,”, \, and so on in the Administration password. 


Include -N linker option for HP-UX Web Server builds.


Input filter is called only for the first HTTP request when using Keep-Alive. All subsequent requests of the TCP connection are not being processed by the filter.


Global resources are not available to load-on-startup Servlets. 


Unable to migrate 6.0 SP7 Web Server instance to 6.1 SP2. 


Web Server migration should correctly update RootCerts.


JES Web Server 6.1 SP2 failed to index PDF version 1.5 (Acrobat 6.x) document for creating Search Collection.


Cross-site scripting vulnerability in a default error page. 


SSL: Data larger than 8k is huge when the request triggers new SSL handshake. 

Additional Information: By default, Web Server can upload files of sizes up to 1 MB (when client certificate authentication is optional). To upload files larger than 1 MB, increase SSLClientAuthDataLimit in the magnus.conf file. In case of simultaneous uploading of very large files, Web Server uses large amount of memory. To minimize memory utilization do any of the following actions:

  • If authentication is not required, turn off authentication.

  • If authentication is required, make it mandatory by setting require=1 in the obj.conf.

PathCheck fn="get-client-cert" dorequest="1" require="1"


.htaccess directive is broken.


acceptlanguage does not work for User Document Directories.


Internal-Daemon Log Rotation does not work for files larger than 2 GB. 


.htaccess fails to protect resources that do not have a corresponding file.


New NSS error codes are not being handled properly. 


Switching from HTTPS to HTTP causes generation of new session. 

Additional Information: Set the isSecure attribute of the session cookie for the web application under the cookie-properties to either true or false in the web application's sun-web.xml. The default value is true.

In the following example, isSecure is set to false for the web application by setting the parameter value to false.

      <property name="isSecure" value="false">


SNMP services fail in Web Server 6.1 SP2/SP3 on the Windows 2000 platform. 


Web Server 6.1 SP4 uninstall script displays an error message – `No such file or directory'. 


Some PDF files fail to be indexed by the search engine. 


Using JSP and several includes within the JSP throws ClassCastException in the ApplicationDispatcher.


Requests with double Content-Length header should get rejected (HRS vulnerability).

Workaround: Add the StrictHttpHeaders directive in magnus.conf and set its value to on.


Incorrectly configured home-page SAF crashes server.