This Release Notes document contains important information about the 6.1 SP13 release of Sun Java System Web Server (Web Server). It includes information about features and enhancements, known problems, technical notes, and pointers to additional resources. Review this document prior to installing and configuring your server, and then periodically thereafter for the most up-to-date information.
Web Server 6.1 SP13 contains important security vulnerability fixes. All users of Web Server 6.1, especially those with sites that use Secure Sockets Layer (SSL) or Transport Layer Security (TLS), are strongly encouraged to upgrade to this version.
This document has been reorganized to better highlight the features, enhancements and issues resolved in the latest release of Web Server 6.1, and to provide clearer information about the platforms, software, technologies and protocols that the latest release supports. For information about additional documentation changes, see Product Documentation.
This document contains the following sections:
Date |
Description |
---|---|
September 2010 |
Updated to support the Web Server 6.1 SP13 release. |
April 2010 |
Initial publication for the Web Server 6.1 SP12 release. |
This section lists important features and enhancements provided in Web Server 6.1 SP13.
Web Server 6.1 SP12 included NSS 3.12.5, which provided relief, but not resolution, for the SSL/TLS renegotiation vulnerability CVE-2009-3555. Additionally, Web Server 6.1 SP12 disabled all use of SSL/TLS renegotiation in order to protect Web Server from attack. If either the client or Web Server attempted to trigger renegotiation on an existing SSL/TLS session, the connection would fail.
Web Server 6.1 SP13 includes NSS 3.12.7, which provides safe SSL/TLS renegotiation and so provides resolution of CVE-2009-3555. As a result, Web Server 6.1 SP13 re-enables use of SSL/TLS renegotiation. For more information about Web Server 6.1 SP13 support of NSS and NSPR, see NSS and NSPR Support.
As reported in issue 6957507, an HTTP response-splitting and XSS vulnerability was discovered in previous Web Server 6.1 versions. Web Server 6.1 SP13 corrects this vulnerability.
Web Server 6.1 SP13 includes JDK 1.6.0_21, as noted in J2SE and Java SE Support.
In response to issue 6951364, the Web Server 6.1 SP13 Admin GUI supports specifying a 2048–bit key size when generating a CSR (Certificate Signing Request) when using Security ⇒ Request a Certificate.
In response to issue 6922063, Web Server 6.1 SP13 sets the default value of Cryptographic Module in the Admin GUI Security ⇒ Request a Certificate to “internal”. Additionally, the “NSS Generic Crypto Services” option has been removed.
In response to issue 6972686, the “Request Verisign Certificate” and “Install Verisign Certificate” commands have been removed from the Security tab of the Admin GUI.
For Web Server 6.1 SP13, Corrections and Updates to 6.1 SP12 Manuals has been updated to address the following documentation issues.
Issue ID |
Description |
---|---|
6938886 |
Wrong information of supportable methods should be removed in the Setting Access Rights |
6940796 |
net_read can set EAGAIN in errno when it times out. |
6966631 |
Statement for PathCheck is not correct. |
6973013 |
web 6.1 doc bug - need to remove the "-" in schedulerd command line stop - "- rm $PID_FILE" |
6977268 |
web 6.1 and 7.0 doc RFE - all request header names are returned as lowercase |
The following table lists the issues resolved in Web Server 6.1 SP13.
Table 1 Issues Resolved in Web Server 6.1 SP13
Issue ID |
Description |
---|---|
6911800 |
flexanlg is not working for users (-t u flag and associated) -- WEB SERVER 6.1 SP11. |
6912766 |
Support new 'safe' TLS renegotiation protocol |
6922063 |
Web 6.1SP12 Admin GUI default security Cryptographic Module should not set to NSS Generic Crypto Services |
6934831 |
System Error: No certificate is popup when particular CAs are displayed through admin GUI |
6951364 |
generating CSR by 2048 bit key size should be supported on Web Server 6.1 officially |
6957507 |
Response Splitting and XSS in Sun Java System Web Server |
6962682 |
Solaris JES#4 patch: the checkinstall script erroneously only looks at the PATCHLIST |
6972686 |
Request Verisign Certificate functionality does not exist. Needs to be dropped from GUI. |
6973109 |
ws6.1sp13 bundle the latest JDK 1.6.0_21 |
6973383 |
Change product deliverables from .tar.gz to "zip" format. |
The Web Server 6.1 patches for version 6.1 SP13 are available on SunSolve Online. The following table lists these patches.
Platform |
Patch ID |
---|---|
AIX (32-bit) |
145536-01 (http://sunsolve.sun.com/search/document.do?assetkey=1-21-145536-01-1) |
HP-UX |
145537-01 (http://sunsolve.sun.com/search/document.do?assetkey=1-21-145537-01-1) |
Linux x86 |
145533-01 (http://sunsolve.sun.com/search/document.do?assetkey=1-21-145533-01-1) |
Solaris SPARC (32-bit) |
145531-01 (http://sunsolve.sun.com/search/document.do?assetkey=1-21-145531-01-1) |
Solaris SPARC (64-bit) |
145532-01 (http://sunsolve.sun.com/search/document.do?assetkey=1-21-145532-01-1) |
Solaris x86 (32-bit) |
145534-01 (http://sunsolve.sun.com/search/document.do?assetkey=1-21-145534-01-1) |
Windows (32-bit) |
145535-01 (http://sunsolve.sun.com/search/document.do?assetkey=1-21-145535-01-1) |
Web Server 6.1 SP13 can be installed on the Solaris, HP-UX, AIX, Linux, and Windows platforms. For more information about installation requirements, see Required Patches in these release notes and Sun Java System Web Server 6.1 SP12 Installation and Migration Guide. The following table summarizes the supported platforms.
HP-UX 11i is supported only on PA-RISC platforms.
* AIX 5.1 is dropped. It was deprecated since Web Server 6.1 SP5.
** As of iPlanet Web Server 6.0, older SPARC CPUs are not supported. Web Server 6.1 continues to support the UltraSPARC architecture.
*** Sun or Sun Partner Advantage professional services highly recommended.
For better performance and support, migrate your web server to a supported operating system.
For Solaris 10 installations, Web Server 6.1 SP5 and later support Global Zone with Sparse Root Zone and Whole Root Zone.
Make sure to update your operating system with the latest applicable patches:
To upgrade from Java ES 4 to Web Server 6.1 SP13, you should add the security patches along with the web server patches.
Base-level OS – AIX 5.2
Maintenance-level patches 5200-07 or above
JDK APAR – IY46668 must be applied
If you have deployed Java web applications on the web server, set the following environment variables to the values specified below (as per the IBM JDK documentation) before starting the server:
export AIXTHREAD_SCOPE=S
export AIXTHREAD_MUTEX_DEBUG=OFF
export AIXTHREAD_RWLOCK_DEBUG=OFF
export AIXTHREAD_COND_DEBUG=OFF
You can directly add the above code line to the web server start script.
Base-level OS – AIX 5.3
Maintenance-level patches 5300-03 or above
When you upgrade from AIX version 5.3 to AIX version 5.3 Technology Level 6 SP5, apply the following patch so that the control returns to the command-line prompt when you start the administration server/instance server.
bos.mp/bos.mp64 at 5.3.0.66
When you upgrade from AIX version 5.3 to AIX version 5.3 Technology Level 7 SP2, apply the following patch so that the control returns to the command-line prompt when you start the administration server/instance server.
bos.mp/bos.mp64 at 5.3.7.2
HPUX11i-OE B.11.11.0312 (HP-UX 11i Operating Environment Component)
HPUXBase64 B.11.11 (HP-UX 64-bit Base OS)
HPUXBaseAux B.11.11.0312 (HP-UX Base OS Auxiliary)
FEATURE11-11 B.11.11.0209.5 (Feature Enablement Patches for HP-UX 11i, Sept 2002)
HWEnable11i B.11.11.0412.5 (Hardware Enablement Patches for HP-UX 11i v1) BUNDLE B.11.11 (Patch Bundle)
BUNDLE11i B.11.11.0306.1 (Required Patch Bundle for HP-UX 11i, June 2003)
GOLDAPPS11i B.11.11.0506.4 (Applications Patches for HP-UX 11i v1, June 2005)
GOLDBASE11i B.11.11.0506.4 (Base Patches for HP-UX 11i v1, June 2005)
JAVAOOB 2.03.01 (Java2 Out-of-box for HP-UX )
PHCO_29109 1.0 (Pthread enhancement and fixes)
PHCO_30544 1.0 (Pthread.h fix and new enhancement)
PHCO_29495 1.0 (libc cumulative patch)
PHCO_31923 1.0 (libc cumulative header file patch)
PHKL_25842 Thread Abort (or its superseded patch)
Solaris release 8 2/02
Oracle recommended latest Security and Recommended patch cluster
Solaris release 9 8/03 or above
Sun recommended latest Security and Recommended patch cluster
The following sections provide information about some of the software, technologies and protocols that Web Server 6.1 supports:
Web Server 6.1 SP13 supports the Active Server Pages (ASP) specification through Sun Java System Active Server Pages version 4.0.1 (formerly Sun ChiliSoft ASP), version 4.0.2, and version 4.0.3. Active Server Pages software adds a secure and enterprise-grade ASP engine to the Web Server. Web Server 6.1 supports Sun Java System Active Server Pages 4.0.2 and 4.0.3 on the following platforms:
Solaris (SPARC®) versions 8, 9, and 10
Solaris (x86) 9, 10
Windows 2000 Professional Edition, Server, Advanced Server, XP and 2003 Enterprise Edition
AIX 5.2, 5.3
HP-UX 11.11
RedHat Enterprise Linux 3.0, 4.0
A license is not required for Sun Java System Active Server Pages if you are installing it to the Web Server. The Sun Java System Active Server Pages installer is available on the companion CD if you purchase the Web Server Media Kit, or you can download it from http://www.sun.com/download/products.xml?id=420a8e72.
Note the following:
The Sun Java System Active Server Pages plug-in requires an additional 50 Mbytes (approximately) of disk space after Web Server 6.1 is installed.
Before you begin installation, make sure you are logged in as root.
The following browsers are supported with Web Server 6.1 Administration Graphical User Interface (GUI):
Mozilla 1.7 or later |
Firefox 1.0.4 or 1.5 or later |
NetscapeNavigator 7.0 or later |
Microsoft Internet Explorer 6 and 7 |
This section discusses on how to disable the PUT and DELETE options.
Access the Administration Console.
Select a server from the list of servers and click the Manage button.
Click the Restrict Access link under the Preferences tab.
Select the Edit option from the drop-down list and click the OK button.
Select The entire server option from the method A table and click the Edit Access Control button.
Click the access rights (r-x--i) link under the Rights column.
Access Rights table appears at the bottom of the screen.
Deselect the WRITE and DELETE options.
Click the Update button.
Click the Submit button.
Click the Apply link present at the top right of the screen and click the Apply Changes button to make the changes permanent.
Restart the server for changes to take effect.
Web Server 6.1 SP13 provides hardware accelerator support for Sun Crypto Accelerator 500, 1000, 4000 and 6000 boards, which enhance the performance of SSL on web server.
Initialize the Sun Crypto Accelerator card when using with web server. For more information about Sun Crypto Accelerator, see Sun Crypto Accelerator 6000 Board Version 1.1 User's Guide at http://docs.sun.com/source/820-4144-11/1_overview.html.
Web Server 6.1 SP13 enables you to restrict access using flat file authentication through the Java Security Manager. Enabling the Security Manager feature can improve security by restricting the rights granted to your J2EE web applications. By default, the Security Manager feature is disabled when you install the product. To enable Security Manager, uncomment the following entries in the server.xml file:
<JVMOPTIONS>-Djava.security.manager</JVMOPTIONS>
<JVMOPTIONS>-Djava.security.policy=instance-dir/config/server.policy</JVMOPTIONS>
where instance-dir is the path to the installation directory of this server instance.
For more information about server.xml, see Sun Java System Web Server 6.1 SP12 Administrator’s Configuration File Reference.
Web Server 6.1 SP13 supports content compression. This compression enables you to increase the delivery speed to clients and serve higher content volumes without incurring a corresponding increase in hardware expenses. Content compression reduces content download time, a benefit most apparent to users of dial-up and high-traffic connections.
For more information, see Sun Java System Web Server 6.1 SP12 Administrator’s Guide.
Web Server 6.1 SP13 supports Java SE 1.6 and J2SE 1.5. It does not support J2SE 1.4, which has passed its EOSL (End Of Service Life).
For the Windows, Solaris and all Linux platforms, Web Server 6.1 SP13 includes Java SE 1.6.0_21. When you upgrade or install Web Server 6.1 SP13 on these platforms, the Java Development Kit (JDK) is upgraded or installed automatically. For the HP-UX and AIX platforms, you must download the JDK from the platform vendor's web site and install it before installing Web Server.
Web Server 6.1 SP13 has been certified with the following JDK versions:
Platform |
JDK 1.6 Version |
JDK 1.5 Version |
---|---|---|
Hewlett-Packard HP-UX |
1.6.0.01–jinteg_06_jun_2008_13_24–b00 |
1.5.0.16 |
IBM AIX |
1.6.0 pap3260sr1–20080416_01(SR1) |
1.5.0 pap32dev-20080315 (SR7) |
Microsoft Windows |
1.6.0_21 |
1.5.0.22 |
Oracle Solaris |
1.6.0_21 |
1.5.0.22 |
Red Hat Linux |
1.6.0_21 |
1.5.0.22 |
Sun Linux |
1.6.0_21 |
1.5.0.22 |
SUSE Linux |
1.6.0_21 |
1.5.0.22 |
A 32–bit JDK is required on all platforms except 64-bit Solaris SPARC, which requires a 64-bit JDK.
Web Server 6.1 SP13 includes a Java 2 Platform, Enterprise Edition (J2EE) compliant implementation of the Java Servlet 2.3 and JavaServer Pages (JSP) 1.2 technology specifications. A J2EE compliant web container provides the flexibility and reliability needed to design and deploy web applications that comply with Java technology standards. Web applications can be deployed on a per virtual server basis.
For information about these technologies, see the following resources:
Java Servlets at http://www.oracle.com/technetwork/java/index-jsp-135475.html
JavaServer Pages at http://java.sun.com/products/jsp/index.jsp
For information about developing Servlets and JavaServer Pages, see Sun Java System Web Server 6.1 SP12 Programmer’s Guide to Web Applications.
Web Server 6.1 SP13 includes the Java DataBase Connectivity (JDBC) software, and supports a wide range of industry-standard and customized JDBC drivers.
Web Server 6.1 SP13 supports the Java Naming and Directory Interface (JNDI) API. JNDI provides seamless connectivity to heterogeneous enterprise naming and directory services.
If you are using a localized version of Web Server 6.1x, you can take advantage of the existing localization features by installing Web Server 6.1 SP13 over the existing server. Web Server 6.1 SP13 is available in Japanese, Simplified and Traditional Chinese, French, Spanish, German, and Korean.
Web Server 6.1 SP13 extends the Netscape Server Application Programmer's Interface (NSAPI) to support NSAPI filters.
NSAPI filters enable the custom processing of HTTP request and response streams. This processing enabled a function to intercept and potentially modify the content presented to or generated by another function. For example, a plug-in could install a NSAPI filter to intercept a XML page generated by another plug-in's Server Application Function (SAF) and then transform that XML page into a HTML, XHTML, or WAP page appropriate for the client. Alternatively, a NSAPI filter could decompress data received from a client before presenting it to another plug-in.
For more information about NSAPI filters, see Sun Java System Web Server 6.1 SP12 NSAPI Programmer’s Guide.
Web Server 6.1 SP13 supports NSS, a set of libraries that support cross-platform development of security-enabled server applications. Web Server 6.1 SP13 includes version 3.12.7 of NSS (for both 32–bit and 64-bit) and version 4.8.6 of NSPR.
JES shared component patches and NSS patches should be installed first, before installing the web server patch.
While upgrading JES version of web server, for example, from 6.1 SP5 to SP13, installing only SP13 patch of web server is sufficient, as web server patches are cumulative.
If you are upgrading from a previous package-based version of Java Enterprise System (Java ES) to Web Server 6.1 SP13, install the following NSS patches:
Solaris 8 SPARC: 119209-24 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119209-24-1 or higher
Solaris 9 SPARC: 119211-24 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119211-24-1 or higher
Solaris 9 x86: 119212-24 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119212-24-1 or higher
Solaris 10 SPARC: 119213-24 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119213-24-1 or higher
Solaris 10 x86: 119214-24 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119214-24-1 or higher
Linux: 121656-23 http://sunsolve.sun.com/search/document.do?assetkey=1-21-121656-23-1 or higher
HP-UX pa-risc: 124379-14http://sunsolve.sun.com/search/document.do?assetkey=1-21-124379-14-1 or higher
Windows: 124392-13 http://sunsolve.sun.com/search/document.do?assetkey=1-21-124392-13-1 or higher
NSS patch 125358-xx for Solaris 8, 9 and 10 SPARC should not be applied in this case because it is not applicable for Java Enterprise System (Java ES), which bundles Web Server 6.1 Service Packs.
PHP: Hypertext Preprocessor (PHP) can be used with the Web Server using one of the three supported APIs; CGI, NSAPI, and FastCGI. PHP is a page scripting language available from the PHP group. The PHP group provides instructions on its Web site (http://www.php.net) for configuring the PHP software to use any of these APIs:
CGI API is the most stable interface that can be used but will suffer from performance limitations inherent in CGI.
NSAPI uses the Web Server's native API to run the PHP software within the web server's memory. This configuration will provide the best performance, but risks crashing the server if non thread safe PHP modules are used.
FastCGI interface provides a compromise between performance and stability. FastCGI enables the PHP software to remain running after serving requests while continuing to run outside of the web server's memory. If an unstable PHP module is used, it will not crash the web server. For this reason use the FastCGI interface with the PHP software.
The FastCGI interface is supported with web server through the installation of the FastCGI add-on available at http://www.sun.com/download/products.xml?id=42d693c3.
When run as a FastCGI process, the PHP software uses the following environment variables to control the life cycle of PHP processes:
PHP_FCGI_CHILDREN determines the number of PHP processes that will be created to respond to requests.
PHP_FCGI_MAX_REQUESTS determines the number of requests a PHP process can respond to before terminating itself and being replaced with a new PHP process.
Instead of using PHP_FCGI_CHILDREN, use the FastCGI add-on configuration parameter min-procs to control the minimum number of PHP processes.
Web Server 6.1 SP13 supports a Java search engine that provides full-text search indexing and retrieval. The search feature enables you to search documents on the server and display results on a web page. Server administrators can create the indexes of documents and customize the search interface to meet user specific needs.
The default URL to access the search functionality is http://server-instance:port number/search
For example:
http://plaza:8080/search
When the user goes to this URL, the Search page, a Java web application, is launched.
For detailed information about basic and advanced search feature, see the Online Help provided with the search engine. To access Online Help, click the Help link on the Search page. For more information, see Sun Java System Web Server 6.1 SP12 Administrator’s Guide.
For the Web Server SSL subsystem (NSS) to use external PKCS#11 tokens, you have to configure NSS with the modutil command to make it aware of the tokens. The Solaris libpkcs11 softtoken is a PKCS#11 compliant token which can be used with NSS. As an additional benefit on UltraSPARC-T1, systems using the Solaris 10 libpkcs11 task will make use of the platform crypto acceleration support.
Run the modutil command without any arguments for usage information. For example, to add the Solaris 10 libpkcs11 task as a PKCS11 token in NSS.
Ensure that SSL support has been initialized for the web server instances.
Run the following command:
% modutil -dbdir $ALIASDIR -dbprefix $PREFIX -add libpkcs -libfile /usr/lib/libpkcs11.so -mechanisms RSA
where
$ALIASDIR is the path to the alias directory in the install root where the NSS database files are located.
$PREFIX is the prefix used by the key3 and cer8 database files in the alias directory and is of the form https-$INSTANCENAME-.
The -mechanisms flag makes this token the preferred initial provider for the given algorithms.
Run the modutil command without any arguments for a list of all possible mechanisms.
Initialize the libpkcs11 provider's password with pktool.
% pktool setpin
For further details on configuring NSS, see the libpkcs11(3LIB), pkcs11_softtoken(5), and pktool(1) man pages. For more information about modutil, see http://www.mozilla.org/projects/security/pki/nss/tools/modutil.html.
Web Server 6.1 SP13 supports Sun Java Studio Enterprise 8. Sun Java Studio technology is Sun's powerful and extensible integrated development environment (IDE) for Java technology developers. Sun Java Studio is based on the NetBeans software and is integrated with the Sun Java platform.
Sun Java Studio support is available on all platforms supported by Web Server 6.1. The plug-in for the web server can be obtained in the following ways:
From the companion CD in the Web Server Media Kit
By using the companion AutoUpdate feature of Sun Java Studio
From the download center for Web Server
Sun Java Studio 8 plug-in for Web Server 6.1 SP13 works only with a local web server, that is, the IDE and the web server must be installed on the same machine.
For more information about Sun Java Studio 8, see http://developers.sun.com/jsenterprise/overview/previous/jse8.jsp.
Sun Java Studio Enterprise 8 can be used for remote debugging if you want to manually attach the IDE to a remote web server started in debug mode.
Restart the server instance in the debug mode by using the Web Server Administration interface (Server Manager->JVM General->Debug Enabled).
Note the JPDA port number.
Start the IDE.
Choose Debug->Start.
Select the dt_socket method.
Type the remote machine name and JPDA port number.
Any breakpoint created in the IDE on Servlet source code of a deployed application becomes active.
To complement the existing support to 32-bit Solaris SPARC, Web Server 6.1 SP13 also supports 64-bit Solaris SPARC.
The 64-bit release may be of use in certain memory-intensive deployments as it enables administrators to configure a larger file cache and Java heap than the 32-bit release. However, existing plug-ins are not compatible with the 64-bit release. These plug-ins have to be recompiled for the 64-bit release by the plug-in vendor. Java web applications that use native, and non-Java libraries should also be recompiled. Therefore, you might prefer to deploy the 32-bit release of Web Server.
Web Server 6.1 SP13 also provides 64-bit support for FastCGI, Reverse Proxy, and Java Web Services Developer Pack (JWSDP) plug-ins.
The 64-bit release is compatible with 64-bit Solaris kernels on UltraSPARC® processors. The 64-bit release cannot be used on x86 processors or with 32-bit Solaris kernels. The 32-bit release continues to be compatible with both 32-bit and 64-bit Solaris kernels.
The 64-bit and 32-bit releases of Web Server are packaged and distributed separately. You cannot upgrade an existing 32-bit Web Server installation to a 64-bit installation. You can distinguish the 32-bit and 64-bit releases by the version string that is displayed in the installer, at server startup, and in the server errors log as follows:
Release |
Version String |
32–bit |
Sun ONE Web Server 6.1SP13 |
64-bit |
Sun ONE Web Server 6.1SP13 (64-Bit) |
Web Server 6.1 SP13 supports the Web-based Distributed Authoring and Versioning (WebDAV) protocol. WebDAV enables collaborative web publishing and has the following features:
Compliance with RFC 2518 and interoperability with RFC 2518 clients
Security and access control for web publishing
Basic publishing operations on file-system-based WebDAV collections and resources
WebDAV provides integrated support for content metadata, namespace management, and overwrite protection. These technologies combined with the many authoring tools that support WebDAV provide an ideal development platform for collaborative environments.
The following public interfaces in Web Server 6.1 may be deprecated or modified in non-compatible ways in a future web server release. These interfaces remains unchanged within the Web Server 6.1 product. Scripts that rely on these interfaces may have to be updated to function with future web server releases.
Table 3 Deprecated or Modified Public Interfaces
Configuration File or Utility |
Description |
---|---|
magnus.conf |
Modified. Some functionality might be moved to other files. |
server.xml |
Modified. Schema and functionality might be modified. |
nsfc.conf |
Deprecated. Functionality might be moved to other files. |
dbswitch.conf |
Deprecated. This file may be eliminated and functionality might be moved to other files. |
password.conf |
Deprecated. This file may be eliminated; functionality might be moved to other files. |
file layout |
Modified. The configuration file structure might be modified. |
start, stop, restart, and rotate scripts |
Modified. The names and/or locations of these utilities might change. |
wdeploy application |
Deprecated. This utility may be eliminated and functionality might be integrated with other management utilities. |
This section includes notes about installing, upgrading, and migrating your Web Server. For detailed information about these topics, refer the Sun Java System Web Server 6.1 SP12 Installation and Migration Guide. For known issues in this release of Web Server, see Known Issues.
Note the following cautions:
Do not install web server into a directory with spaces in the name.
Web server will not start if it is installed into a directory with spaces in the name, for instance, Program Files. You will not receive an error message about this problem during installation, but following installation the server will not start.
Web server cannot be set up on Red Hat Linux Advanced Server 3.0 without compat-libstdc++.
When you install Web Server 6.1 SP13 over an existing installation of Web Server, the installer automatically carries out the upgrade.
If you have Sun ONE Web Server 6.1 SP1 installed, point the Web Server 6.1 SP13 installer to the location of the 6.1 SP1 installation and then upgrade.
If you have the Sun Java Enterprise System 1 installed on your system and you want to upgrade the Sun ONE Web Server 6.1 that is part of Sun Java Enterprise System 1 to Web Server 6.1 SP13, refer the Sun Java Enterprise System 2004Q2 Installation Guide.
Direct migration from a version of iPlanet Web Server earlier than 4.1 to Web Server 6.1 SP13 is not supported. You must first migrate your legacy server to iPlanet Web Server 4.1, and then to Web Server 6.1 SP13.
For detailed migration information, see Sun Java System Web Server 6.1 SP12 Installation and Migration Guide. This guide contains information about migrating from version 4.1 to 6.1 and from version 6.0 to 6.1.
Web Server 6.1 SP12 is the last release at which the entire documentation set for Web Server 6.1 was updated. Subsequent to the 6.1 SP12 release, updates and corrections to Web Server 6.1 documentation are provided in this Release Notes document; see Corrections and Updates to 6.1 SP12 Manuals.
The Web Server 6.1 SP12 manuals are available online in PDF and HTML formats at http://docs.sun.com/coll/1308.9. The following table lists the tasks and concepts described in these manuals.
Table 4 Web Server Documentation Roadmap
For Information About |
See |
---|---|
Late-breaking information about the software and documentation | |
Information about Web Server 6.1 FastCGI plug-in, including information about server application functions (SAFs), installation, configuration, technical notes, and pointers to additional resources. | |
Information about Web Server 6.1 Reverse Proxy plug-in, including information about server application functions (SAFs), installation, configuration, technical notes, and pointers to additional resources. | |
Getting started with Web Server, including hands-on exercises that introduce server basics and features (recommended for first-time users) | |
Performing installation and migration tasks:
|
Installation and Migration Guide Note: If you have the Sun Java Enterprise System 1 installed on your system and you want to upgrade the Web Server 6.1 that is part of Sun Java Enterprise System 1 to Web Server 6.1 SP13, you must use the Java Enterprise System (JES) installer to perform the upgrade. Do not use the separate component installer included with Web Server 6.1 SP13. |
Performing the following administration tasks:
| |
Using programming technologies and APIs to do the following:
| |
Creating custom Netscape Server Application Programmer’s Interface (NSAPI) plugins | |
Implementing servlets and JavaServer Pages (JSP) technology in Web Server | |
Editing configuration files | |
Tuning Web Server to optimize performance |
The following sections describe corrections and updates to Web Server 6.1 SP12 manuals:
Section 4.2 of the HTTP/1.1 standard (http://www.ietf.org/rfc/rfc2616.txt) states that HTTP header names are case-insensitive. When processing header names, Web Server 6.1 converts the names to all-lowercase.
The section Setting Access Rights in Sun Java System Web Server 6.1 SP12 Administrator’s Guide contains the following note. This note is inaccurate should be ignored.
Although the following methods are present in the code, they are not included in the document above, revlog, getattribute, getattributename, getproperties, startrev, stoprev, edit, unedit, save, setattribute, revadd, revlabel and destroy.
The section net_read in Sun Java System Web Server 6.1 SP12 NSAPI Programmer’s Guide contains incorrect information about the return value for the net_read() function. The correct information is:
Returns
The number of bytes read, which will not exceed the maximum size, sz. A negative value is returned if an error has occurred, in which case errno is set to the constant ETIMEDOUT if the operation did not complete before timeout seconds elapsed.
The number of bytes read, which will not exceed the maximum size, sz. A negative value is returned if an error has occurred, in which case errno is set to one of the following constants:
ETIMEDOUT if the read operation did not complete before timeout seconds elapsed.
EAGAIN if non-blocking I/O is enabled on the socket descriptor and the socket was temporarily unavailable.
EWOULDBLOCK if non-blocking I/O is enabled on the socket descriptor and the read operation would have blocked.
The section PathCheck in Sun Java System Web Server 6.1 SP12 NSAPI Programmer’s Guide contains incorrect information.
If the NameTrans directive assigned a name or generated a physical path name that matches the name or ppath attribute of another object, the server first applies the PathCheck directives in the matching object before applying the directives in the default object.
If the NameTrans directive assigned a name or generated a physical path name that matches the name or ppath attribute of another object, the server first applies the PathCheck directives in the default object before applying the directives in the matching object.
The section Using Schedulerd Control-based Log Rotation (UNIX/Linux) in Sun Java System Web Server 6.1 SP12 Administrator’s Guide contains incorrect information about stopping the schedulerd control daemon
export PID_FILE=/opt/SUNWwbsvr/https-admserv/logs/scheduler.pid kill -9 -`cat $PID_FILE` - rm $PID_FILE |
export PID_FILE=/opt/SUNWwbsvr/https-admserv/logs/scheduler.pid kill -9 `cat $PID_FILE` rm $PID_FILE |
The Oracle web site provides information about the following additional resources:
Documentation (http://docs.sun.com/)
Support (http://www.sun.com/support/)
Training (http://www.oracle.com/global/us/education/sun_select_country.html)
Besides searching product documentation from the docs.sun.com web site, you can use a search engine by typing the following syntax in the search field:
search-term site:docs.sun.com |
For example, to search for “proxy,” type the following:
proxy site:docs.sun.com |
To include other Oracle web sites in your search (for example, java.sun.com, www.sun.com and developers.sun.com), use sun.com in place of docs.sun.com in the search field.
Third-party URLs are referenced in this document and provide additional, related information.
Oracle is not responsible for the availability of third-party web sites mentioned in this document. Oracle does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Oracle will not be responsible or liable for any actual or alleged damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through such sites or resources.
This section lists the more important known issues and limitations at the time of the Web Server 6.1 SP13 release. The issues are listed as follows:
The following table lists General known issues.
Table 5 General Known Issues
Issue ID |
Description |
---|---|
6496339 |
(Windows 2003 only) Report generation fails with lganalyz.exe application error in Web Server 6.1 SP6. Workaround:
Note –
|
6553259 |
Web Server 6.1 SP8, when run with JDK 6 shows the search collection names (checkbox) in a different order in the search pages, as compared to when it is run with older JDK versions. |
6198559 |
JES3: Patch upgrade of web server on Linux displays false uninstall notification. |
4988370 6413819 |
Contents do not get updated under a particular situation on HP-UX 11.0 platforms. The HP-UX operating system has two cache spaces, Page Cache and Buffer Cache, for accessing files. Normally, when the application performs the mmap function, the file is mapped to Page Cache. However, currently the operating system has no responsibility to synchronize the data between the Page Cache and Buffer Cache if the mmap is performed as PRIVATE option. Even if you copy the file, the operating system refreshes the cached data only in the Buffer Cache. Workaround: Use a text editor to update the contents each time. |
6404983 |
Searching of Users and Groups through LDAP server using Administration Graphical User Interface fails. Workaround: For this feature to work, install Red Hat AS 3.0 update 1–uname -r: 2.4.21-9.ELsmp. |
5060906 |
Authorization dialog appears for an unprotected directory without an index file. Additional information: If a directory does not have an index file such as index.html, index.jsp, or home.html, then while turning on ACL authentication anyone with read and write permission is denied the list access even though this directory is unprotected. Workaround: To revert back to the previous behavior of 6.1, change the default ACL so that anonymous users are allowed list privileges. Make the change as follows: allow (read, execute, info, list) user = "anyone" |
6590899 |
Web server fails to startup with JDK 1.5 initialization. Workaround Set the following in the start script: LDR_CNTRL=MAXDATA=0xB0000000@DSA; export LDR_CNTRL |
The following table lists the known issues in Administration.
Table 6 Known Issues in Administration
Issue ID |
Description |
|||
---|---|---|---|---|
6922055 |
6.1 SP12 and later — Admin GUI unable to uncheck Enabled in search When using JDK 1.6 with Web Server 6.1 SP12 and later, you cannot disable the Enabled option in the Virtual Server Search tab. It remains enabled even after you uncheck it, click OK to save changes and are notified that the configuration was updated successfully. Workaround: Instead of disabling search using the Admin GUI, edit the instance/config/server.xml file, modifying enabled="true" to enabled="false" for the search web-app. |
|||
6543821 6531819 |
If you remove a listen socket or change its port number and restart or reconfigure the server, the server fails to close the old listen socket. The operating system continues to accept connections on that port, but the server will not respond to requests on that port. Work around: Close the old listen socket, stop the server and restart it. |
|||
6301761 |
ACL applet might fail to load with Mozilla 1.4 and Firefox 1.0.6. |
|||
6021151 |
Problem using HttpServerAdmin to create a JNDI resource containing an LDAP domain name containing commas. Workaround: For HttpServerAdmin to escape the `,' in the property, use `\\' as the escape character. Use `\' on the Windows platforms. In the property java.naming.provider.url=ldap://localhost:389/ou=loggingQueues,ou=tms,ou=services,ou=abc the `,' are escaped as shown here: -property java.naming.provider.url=ldap://localhost:389/ou=loggingQueues\\,ou=tms\\,ou=services\\,ou=abc |
|||
5035129 |
Unable to manage Directory Server user/group/ou using Web Server 6.1 SP2 Administration on RedHat Linux Advance Server 3.0. |
|||
4650456 |
View Access and View Error does not work properly with multibyte characters. |
|||
4652585 |
When Distributed Administration is enabled, the local Administration user is disabled. Workaround: Create a user with the default Administration user name within the distributed Administration group. The newly created LDAP Administration user must have the same password as the web server Administration user. |
|||
4725683 |
The log file date stamp does not take the local time zone into account and shows the incorrect date. Workaround: If the date in the log file filename extension should match the date of the log entries, configure the server to rotate the log files at 23:59. |
|||
4761960 |
Web Server 6.0 SP4: Cannot enable Distributed Administration when using SASL and anonymous bind. Workaround: Do not use anonymous bind to an SSL-enabled directory server. |
|||
4841310 |
Can't get REMOTE_USER variable when authenticated by .htaccess. Workaround: If you enable .htaccess files, the server checks for .htaccess files before serving resources. The server looks for .htaccess files in the same directory as the resource and in that directory's parent directories, up to and including the document root. For example, if the Primary Document Directory is set to /sun/server/docs and a client requests /sun/server/docs/reports/index.html, the server will check for .htaccess files at /sun/server/docs/reports/.htaccess and /sun/server/docs/.htaccess. Note that the server's Additional Document Directories and CGI Directory functionality allows an administrator to define alternate document roots. The existence of alternate document roots affects .htaccess file processing. For example, consider a server with the Primary Document Directory set to /sun/server/docs and a CGI program at /sun/server/docs/cgi-bin/program.cgi. If you enable CGI as a File Type, the server will evaluate the contents of both /sun/server/docs/.htaccess and /sun/server/docs/cgi-bin/.htaccess when a client issues a request for the CGI program. However, if you configure a CGI Directory at /sun/server/docs/cgi-bin, the server will inspect /sun/server/docs/cgi-bin/.htaccess but not /sun/server/docs/.htaccess. This occurs because specifying /sun/server/docs/cgi-bin as a CGI Directory marks it as an alternate document root. |
|||
4865295 |
The End User Administration feature (under Distributed Administration in the Administration interface) is no longer supported. |
|||
4882999 |
Inconsistent look and feel of the Administration GUI. |
|||
4888696 |
The Add Server page in the Administration GUI disappears in Netscape Navigator 7.0 when insufficient information is provided. Workaround: Provide complete information on the Add Server page before clicking OK. If necessary, reload the page to restore the Add Server GUI, or click another page or another tab and then navigate back to the Add Server page. This problem occurs only in Netscape Navigator 7.0. |
|||
4910309 |
The word `null' is incorrectly displayed on an alert message. This word displays when editing directory services in the Pick Directory for Virtual Server page in the Virtual Server Manager. |
|||
4905808 |
Superusers cannot access the Administration interface after enabling distributed administration. Workaround: After enabling distributed administration, create a user in LDAP with the same administration user name and password as that of superuser. |
|||
4908694 |
Default link not working for Logging Settings. The default link on the Logging Settings for Virtual Server page does not set the default path, but rather acts as a reset button. |
|||
4911552 |
.shtml files are parsed even if you configure them to be un-parsed. |
|||
No ID |
The sun-web.xml file bundled with the web server points to the wrong DTD location. Correction: The correct location is http://www.sun.com/software/dtd/appserver/sun-web-app_2_3-1.dtd. |
|||
6284698 |
Web server is not operational when installed as non-root user. Workaround: Start the web server instance from the command line instead of using the Web Administration console. |
|||
6078104 |
JSP applications are not accessible from Web Server 6.1 when the passthrough plug-in is configured. Workaround: Change the line from the service directive of passthrough from Service type="magnus-internal/passthrough" fn="service-passthrough"servers="http://server:port" to Service fn="service-passthrough" servers="http://server:port" |
|||
4991278 |
No Administration GUI feature is available to delete JSP ClassCache files. |
|||
6316265 |
The Administration GUI says Click Apply for the changes to take affect but no Apply button exists in the Administration Server. |
|||
6720218 |
The SNMP web server subagent doesn't answer to snmpwalk command on Solaris 10. The SNMP master agent bundled with Web Server 6.1 hangs on Solaris 10 U2 (and higher) due to the TCP fusion feature added in Solaris 10 U2. Workaround: Use either of these two workaround:
|
|||
6708852 |
ACL did not update USERDB in server.xml , then [NSACL6000] HTTP5239 errors when access page When you use a non-default authdb for ACL, ensure that the authdb detail has been added to server.xml. Else, the server will throw an error later when you access the page protected by ACL as : [NSACL6000] HTTP5239: digestrealm is not a registered database Workaround: The error is because, the server.xml still has USERDB as “default” and cannot find the “digest1” for ACL as shown below:.
Add manually the below information into server.xml, after default USERDB declaration under the required virtual server, and restart the server. <USERDB id="digestrealm" database="digestrealm"/> You also need to ensure that authdb has been rightly mentioned in the dbswitch.conf and ACL file. In dbswitch.conf file:
In ACL file:
|
The following table lists the known issues in Core.
Table 7 Known Issues in Core
Issue ID |
Description |
|
---|---|---|
6363944 |
webservd child process orphaned when Solaris crypto softtoken (libpkcs11.so) is used in Web Server 6.1SP5 64-bit. Workaround: This problem occurs only when the server is explicitly configured to use the Solaris softtoken. If you have to use fork(), Runtime.exec(), or <!--#exec cmd="..."-->, do not configure the server to use the Solaris softtoken. |
|
6641109 |
Web server crashing configured with an NFS-mounted docroot directory Web server crashes if NFS file is removed or replaced, while using NFS and MediumFileSizeLimit >0. Therefore, you should not use MediumFileSizeLimit>0, if the document root is mounted over NFS. Workaround When Web server documents are residing on an NFS mount, as in NFS client, set MediumFileSizeLimit to 0 in nsfc.conf. |
|
6766108 |
The index file is displayed from the web server config directory. When Directory Indexing is set to 'None', web server throws a 500 error instead of a 404 error. The index file is also displayed from the config directory, exposing critical information. Workaround The below modification to the obj.conf file rectifies the response; returning a 404 error without displaying the index file.
|
The following table lists the known issues in Documentation and Online Help.
For a list of known issues in the localized versions of 6.1 documentation, see Issues Resolved in 6.1 Documentation.
Issue ID |
Description |
---|---|
6506960 |
Online Help indicates that the maximum characters for an authentication password is eight characters. Additional Information: The authentication characters for an authentication password can be more that eight characters. |
4964908 |
No documentation available regarding feature upgrades. Additional Information: See Installation, Upgrade, and Migration Notes. |
4928287 |
Need to doc the non-existance of <instance>/lib All documents do not inform user the nonexistence of <instance>/lib directory. Additional Information:This directory is not created by the installer. Users have to create the directory if it does not exist. |
6237303 |
Release Notes for SUN ONE Web Server 6.1 does not list all patches that are required for the Solaris SPARC platform. Additional Information: 109326-09 is a required patch for Web Server 6.1 on Solaris release 8. |
The following table lists the known issues in Installation.
Table 9 Known Issues in Installation
Issue ID |
Description |
---|---|
6590899 |
AIX Web server fails to start with JDK 1.5. Workaround Set the following in the start script. LDR_CNTRL=MAXDATA=0xB0000000@DSA; export LDR_CNTRL |
5020317 |
JDK only upgrade results in disabling search. The user receives an exception, and the search page is not accessible from the GUI. Workaround: This exception does not happen if Web Server 6.1 SP2 core is installed along with or prior to installing JDK alone. In addition, if Web Server 6.1 SP2 core is installed on top of a JDK-upgraded Web Server 6.1 SP1, the exception does not show up. |
4855263 |
Web Server will not start if it is installed into a directory with spaces in the name, for instance, Program Files. You will not receive an error message about this during installation, but following installation the server will not start. Workaround: Do not install the web server into a directory with spaces in the name. |
4869238 |
On the Windows platform, the Web Server installer does not accept a long name as server-root. Workaround: Specify a path name for the Web Server installation directory that is no longer than 128 characters even though the field allows you to type up to 256 characters. |
4901205 |
On the Solaris platform, Control-B does not work on screens that follow the Fully Qualified Domain Name screen in the installer, starting with the User and Group Name screen. Workaround: If you need to return to previous screens during the installation, quit the installer and start again. |
4937915 |
On the AIX platform, Control-C makes the terminal screen hang during installation. This problem occurs on the screen used to specify the name of the computer on which the web server will be installed. |
4960048 |
Some SNMP related files are overwritten when upgrading to Web Server 6.1 SP1. Workaround: Back up the following files before the upgrade: server-root/plugins/snmp/magt/CONFIG server-root/plugins/snmp/sagt/CONFIG |
The following table lists the known issues in the localization.
Table 10 Known Issues in the Localization
Issue ID |
Description |
---|---|
4937055 |
The Administration online help of web server is not localized. The Administration online help has been localized only up to the first level. The initial help pages are localized but clicking the links on a page, for example, Removing a Server displays help content in the English language. |
6441984 |
The Administration online help is displayed in English even if the locale is set to zh-cn. For zh-cn locale, the Administration GUI online help is in English. If the browser locale is zh-cn, then the complete Administration GUI online help is displayed in the English language. Workaround: Set the browser's prefer locale to zh to view the online help in the Chinese language. |
6583870 |
Web server 6.1 SP8: In Internet Explorer 7, you can select the locale as ja or ja-JP. If you select the locale as ja, online help is displayed in Japanese. But when you select the locale as ja-JP, online help is displayed in the English language. |
The following table lists the known issues in Migration.
Table 11 Known Issues in Migration
The following table lists the known issues in the sample applications. Note that none of these issues prevent the sample applications from functioning correctly.
Table 12 Known Issues in Samples
Issue ID |
Description |
---|---|
5014039 |
Simple JSP files throw an exception due to the distributable tag in web.xml. Workaround:
|
No ID |
rmi-iiop sample is missing a step. In the “Deploying the Sample Application” section, after executing the command ant deploy (step 2), restart the web server instance. Note – ant is a Java build tool and must be downloaded from Apache at http://ant.apache.org. Also see the information provided in install-root/plugins/java/samples/docs/ant.html. |
No ID |
jdbcrealm sample has the wrong Oracle driver name. In the “Compiling and Assembling the Sample Application” section, step 2b, change the following line from: <PROPERTY name="dbdrivername" value="oracle.jdbc.pool.OracleDataSource"> to <PROPERTY name="dbdrivername" value="oracle.jdbc.driver.OracleDriver"> |
The following table lists the known issues in Search.
Table 13 Known Issues in Search
Issue ID |
Description |
---|---|
4977315 5038203 |
AIX-Search Engine of 6.1 should have the ability to change the sort order. Workaround: To change the default order, add `+' as a first character of the sort string. Because `+' in URI is escaped, use `%2B' to change the order. In this case, change the URL to http://host/search/index.jsp?si=1&ns;=10&c;=test&qt;=*&sb;=%2Bwriter. |
4684124 |
If the document root of an already indexed collection is changed, the document returned by the search throws a Document Not Found error. Workaround: Rebuild the entire collection by performing one of the following actions:
|
4911725 |
Search does not work when you search for a word using a different case pattern. Search results are not displayed on the the search page if you search using a word of mixed case. For example, typing sAmpLe instead of sample or SAMPLE. |
4963236 |
On HP-UX: PDF files are not converted to HTML for inclusion in search collections. This problem occurs if the following patch is installed on the HP-UX 11i system: PHSS_28871 — ld/linker cumulative patch |
6701532 |
Search engine fails to index password protected PDF document If a PDF document is password protected and encrypted, the search engine fails to index the document's metadata. As a result, the requested search fails. |
6731491 |
Web Server 6.1 SP10 64-bit solaris sparc, few search tests fails when JDK 1.6.0_07 used. While running search tests, a few test cases fail with stack overflow error when JDK 1.6.0_07 is used. Whereas, the same test passes with bundled JDK 1.5.0_16. Workaround: Increase the StackSize value from 131072 to a value, for example, 262144 in the magnus.conf file. |
The following table lists the known issues in Security.
Table 14 Known Issues in Security
Issue ID |
Description |
---|---|
4671445 |
Web Server cannot connect to an LDAP server over SSL if LDAP client authentication is required. If Web Server contacts an LDAP server that requires client authentication (in this case, the web server is the client), the web server’s certificate cannot be sent and access will fail. |
4863599 |
Cannot use the same group name under different organizational units. If the same group name is used and you try to restrict access with the group name, Web Server returns an error when clients try to access the site. Workaround: Use a different group name for each organizational unit. |
4963468 |
In some circumstances, the “list” right has no effect on directory listing. According to Chapter 9, Controlling Access to Your Server, in Sun Java System Web Server 6.1 SP12 Administrator’s Guide, the “list” right is required to obtain directory listings from directories that do not contain an index file. However, in certain circumstances you can obtain a directory listing even if the applicable ACLs deny the list right. If you need to restrict directory indexing, disable indexing, as discussed in Chapter 16, Content Management, in Sun Java System Web Server 6.1 SP12 Administrator’s Guide, instead of or in addition to denying the list right. |
6310956 6298215 |
When LDAP drops the connection because of inactivity, for example, timeout set on the LDAP, web server is unable to re-initialize the connection to LDAP. This problem only occurs when web server is installed as part of the JES3/JES4 install. The problem does not exist in stand-alone (file-based) installation. Workaround:
|
The following table lists the known issues in Tools.
Table 15 Known Issues in Tools
Issue ID |
Description |
---|---|
4905696 |
On Windows, deployment fails if the class file depth along with the file name exceeds 255 characters. |
4912181 |
On Linux, a null pointer exception is thrown when deploying an application using the wdeploy command-line utility. This problem happens at the end of deployment, and only if it succeeds. Workaround: The error occurs when wdeploy reads the stdout/stderr after executing reconfigure script following deployment. Check whether the server did reconfigure by looking in the errors log for the reconfigure message. If the message is not there, then run the reconfigure script manually. |
The following table lists the known issues in the Web Container.
Table 16 Known Issues in the Web Container
Issue ID |
Description |
---|---|
6387189 |
Java logging issues in a deployed module. |
4903162 |
Issue on Windows related to the case of url-patterns. As per the Servlet specification, the url-pattern elements in web.xml are case sensitive. This condition might lead to unexpected behavior for Windows users, for example, if a client makes a request for index.HTML expecting this string to match index.html. |
The following table lists the known issues in WebDAV.
Table 17 Known Issues in WebDAV
Issue ID |
Description |
---|---|
4892017 |
Unable to rename or move a resource if the parent directory is locked exclusively. This problem occurs when DAV clients send the incorrect If : header. For example, if you connect to the web server using Macromedia Dreamweaver or DAV Explorer, create a collection, and then lock the collection with depth infinity, which locks all of its resources as well, you will not be able to rename or move a resource. Adobe GoLive sends the correct If : header only if the lock’s owner href matches auth_user. In all other cases with GoLive, the wrong header will also be sent. |
4902651 |
Lock Management screen in the Virtual Server Manager does not display the lock information properly for hard links. Symbolic links, hard and soft, are not supported by the WebDAV implementation in Web Server. |
If you have problems with Web Server 6.1 SP13, contact Sun customer support by using the telephone dispatch number associated with your maintenance contract.
Please have the following information available prior to contacting support. This helps to ensure that our support staff can best assist you in resolving problems.
Description of the problem, including the situation where the problem occurs and its impact on your operation
Machine type, operating system version, and product version, including any patches and other software that might be affecting the problem
Detailed steps on the methods you have used to reproduce the problem
Any error logs or core dumps
The features and enhancements in Web Server 6.1 service pack releases prior to Web Server 6.1 SP12 are described in the individual Release Notes documents specific to those releases, available on docs.sun.com at http://docs.sun.com/prod/sjs.websvr61#hic. This section lists the important features and enhancements provided in Web Server 6.1 service pack releases between 6.1 SP11 and the current release:
Web Server 6.1 SP12 now bundles JDK 1.6.0_17 on Solaris, Linux and Windows platforms. Web Server 6.1 SP12 still supports JDK 5 for backward compatibility. For more information on the supported versions for individual platforms, see J2SE and Java SE Support.
This release contains fixes of important bugs, including the following ones related to security vulnerabilities:
Bug 6916390 describes the format string vulnerabilities in the WebDAV extensions to the Web Server. These issues may allow remote clients to trigger a Web Server crash, thus resulting in a Denial of Service (DoS) condition. These issues may also allow remote unauthorized users to gain elevated privileges, enabling them to access and modify sensitive files.
Bug 6916391 describes the buffer overflow issues in the Digest Authentication methods in the Web Server, which may allow remote unprivileged users to crash the Web Server, thus leading to a Denial of Service (DoS) condition. These issues may also lead to execution of arbitrary code with elevated privileges.
Bug 6916392 describes the heap overflow issue in the HTTP TRACE functionality in the Web Server, which may allow remote unprivileged users to crash the Web Server, thus leading to a Denial of Service (DoS) condition. These issues may also be exploited to gain unauthorized access to sensitive information.
Web Server 6.1 SP12 is upgraded to include NSS 3.12.5 which provides relief for the SSL/TLS renegotiation vulnerability: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
This vulnerability is a flaw in the current SSL/TLS renegotiation protocol definition. It is not a bug in the Web Server implementation. Due to this reason, there is no implementation-level fix for this vulnerability. The only workaround is to disable renegotiation entirely in order to protect the Web Server from attack.
Therefore, Web Server 6.1 SP12 disables all use of SSL/TLS renegotiation. If either the client or the Web Server attempt to trigger renegotiation on an existing SSL/TLS session, the connection will fail.
Typically renegotiation was used to obtain a client certificate sometime after the SSL/TLS connection was first established. Web applications which attempt to obtain a client certificate in this fashion will now fail.
Obtaining a client certificate during the initial connection handshake will continue to work correctly. This mode can be configured by setting the client-auth element to 'required' in server.xml:
<http-listener> <ssl> <client-auth>required</client-auth> </ssl> </http-listener> |
A future update of Web Server 6.1 will implement a safe renegotiation protocol as soon as the IETF finalizes the design of the new protocol enhancement. It is possible to re-enable the vulnerable SSL/TLS renegotiation capability by setting the environment variable: NSS_SSL_ENABLE_RENEGOTIATION=1. This mode is known to be vulnerable to attack as described in CVE-2009-3555.
This section lists the most important issues fixed in previous Web Server 6.1 releases:
The following table lists the issues resolved in Web Server 6.1 SP12.
Table 18 Issues Resolved in Web Server 6.1 SP12
Issue ID |
Description |
|
---|---|---|
6898371 |
Severe TLS/SSL protocol vulnerability will require NSS upgrade. |
|
6916391 |
Digest authentication buffer overflows. |
|
6916392 |
If TRACE method contains request headers names with a single character and no value (like "A:"), then buffer overflows. |
|
6916390 |
Web Server crashes due WebDav format string. |
|
6860680 |
Appending "::$DATA" to the file extension discloses the contents of JSP page. |
|
6869988 |
Web Server 6.1 should bundle JDK6 rather than JDK5, wherever JDK is bundled. |
|
6774064 |
Web Server should use NSS 3.12.5.0. |
|
6882816 |
Web Server 6.1 SP 11 Reverse Proxy Plugin retries POST requests without POST entity bodies. |
|
6917879 |
TRACE request with empty header names causes malformed responses. |
|
6387189 |
Java Logging issues in a deployed module |
|
6837931 |
Incomplete bug fix of 6358858 in Web Server 6.1 shows the above error. |
|
6214575 |
Web Server should not show the dialog for authentication when all access right is denied. |
|
6372223 |
Web Server 6.1SP5 Point Product can not open "Release Notes" from [Start]->[Sun ONE Web Server]->[Release Notes] |
|
6857848 |
When a user tries to configure the ACL with Firefox, the submit button is not displayed. As a result, user cannot configure the ACL with Firefox. |
The following table lists the issues resolved in Web Server 6.1 SP11.
Table 19 Issues Resolved in Web Server 6.1 SP11
Issue ID |
Description |
---|---|
6748621 |
Admin server's GUI index cgi file crashes, when an incorrect or nonexistent dtd file is referenced in the conf_bk/server.xml file. |
4917844 |
Admin server should allow selection of hashing algorithm while signing CSR. |
6795558 |
Web Server 6.1 fails to start with a particular configuration. |
6754095 |
Reverse Proxy Plugin runs querystring Javascript POPUP when 502 Gateway error occurs, leading to a potential XSS vulnerability. |
6571031 |
Reverse Proxy Plugin should abort processing after the client write() fails with EPIPE. |
6659522 |
Search functionality returns unexpected results if the search string contains a hyphen. |
6633181 |
Java Exception is observed in web error logs as SimpleDateFormat is not synchronized properly in web code. |
6707244 |
A 'race condition' occurs in the JVM while deploying a web application that contains a logger. |
6767285 |
reuseSessionID does not work with IWSSessionManager, but works with StandardManager. |
6815821 |
Server throws the following error during startup. javax.naming.NamingException: WEB3886: Context is read only |
6781962 |
The Web Server 6.1 favicon appears distorted on Internet Explorer 7. |
The following table lists the issues resolved in Web Server 6.1 SP10.
Table 20 Issues Resolved in Web Server 6.1 SP10
Issue ID |
Description |
---|---|
6608135 |
Search fails with an error, when html document has a title containing characters like A & B. |
6684388 |
At present, Web Server 6.1 bundles JDK 1.4.2 on Solaris, Windows, and Linux platforms. Due to End of Licence (EOL) of JDK 1.4.2, the bundled JDK has to be upgraded to the latest JDK 1.5.x. |
6705396 |
Admin security program will not work after you apply the latest patch 116648-21 for Web Server 6.1SP9, if you do not apply NSS patch 119209-17 first. |
6699747 |
Searched string is not highlighted in the search result page, if indexed document does not have a title. |
6715380 |
Integrate the latest NSS/NSPR version into Web Server 6.1 SP10. |
6673647 |
The scheduler based cron log rotation of Web Server 6.1 stops on Saturday night. |
6714929 |
SNMP is broken with default tcp_hiwat setting on Solaris 10. |
6702639 |
When you disable .htaccess in one virtual class, the other virtual class with .htaccess will also fail. |
6679398 |
When a browser requests gzip compressed result, and when the response is sent through servlet-cache-filter, the response header does not indicate that the data was compressed (although the data was compressed), causing browsers to fail. |
6537458 |
ACL evaluation when using Client tags is different depending on the order of requests. |
6671965 |
The filter 'http-compression' used to compress outgoing content lacks documentation in Web Server 6.1, Administrator's Configuration File Reference Guide. |
6606392 |
filebuf_open_nostat () behaves different for Unix and Windows. On Windows, filebuf_open_nostat () is broken, if file size is zero, while it works on Unix. |
6729600 |
Upgrading to Web Server 6.1 SP10 fails to update searchadmin script for nutch filter related details. |
The following table lists the issues resolved in Web Server 6.1 SP9.
Table 21 Issues Resolved in Web Server 6.1 SP9
Issue ID |
Description |
---|---|
6295325 |
The Web server should implement a timeout parameter for it's LDAP connections pool. When using LDAP Authentication, the web server does not respond, if the LDAP server is unresponsive when performing ldapsession bind and ldap search. Setting the timeout value in seconds in server_root/userdb/dbswitch.conf file will stop the web server being unresponsive and also stops waiting for the LDAP server. By default there is no timeout. Sample dbswitch.conf: default:binddn cn=Directory Manager default:encoded bindpw YWRtaW5hZG1pbg== default:timeout 60 |
6370259 |
FastCGI does not shutdown properly. |
6442778 |
The setContentLength(0) in a servlet/JSP does not work when value is greater than 0. |
6471213 |
Improper error messages are displayed at time out. |
6504581 |
Memory leak in LDAP Session due to ldap_result(). |
6509590 |
Log level does not display the appropriate message. |
6510001 |
The session-timeout value in web.xml is not getting precedence over sun-web.xml's timeout value. |
6540788 |
Unable to install SSL server certificate with 99 years of validity. |
6540817 |
Web Server 6.1 is not supported for Windows 2003 SP2 and R2, |
6542731 |
Unable to run Web Server 6.1 scheduler in Java ES 4. |
6553963 |
A particular PDF files are not recognized by the search engine. |
6563615 |
Web server uses anonymous bind to a Secure LDAP Server when setting up distributed Admin. |
6579852 |
Web server installation contains optimized and debug binaries of JDK. |
6581407 |
The Restricting Access to a File Type feature does not change the appropriate obj.conf file. |
6590893 |
Web server stand alone bits should recognize if it is being used for an upgrade from a Java ES installed web server and should provide a warning message to the user. |
6591471 |
Server shutdown message is missing in errorlog file when Java is disabled globally. |
6592886 |
Negative number is displayed in QueueSize of JDBC pool monitor. |
6598092 |
Forwarding through RequestDispatcher fails for the first time when using the invoker servlet. |
6603070 |
Incorrect handling of cookie value with single or double quote string. |
6603088 |
Crash in LDAP search . |
6609457 |
Post install script of web server does not handle the ABE case properly. |
6620677 |
The start script does not calculate the right value for libmtmalloc to load in Solaris 9 |
6628376 |
The scheduler.pid file should be removed when the scheduler is stopped. |
6628914 |
Removal of Sun Studio 10 from the /usr/dist/share directory causes build failure on Solaris Sparc 8,9 and 10. |
6630037 |
The Cron log rotation creates invalid log archives with an instance name and sub string of another instance name. |
6638185 |
Cross-site scripting vulnerability in search. |
6643558 |
Need to provide the correct description and example for the client-ip tag. |
6647151 |
Cross-site scripting vulnerability in advance search. |
6619655 |
Reverse Proxy Plug-in documentation should state that Application Server is supported. |
6514004 |
Steps to disable HTTP PUT and DELETE is not documented. |
6582644 |
Description on to use the new timeout parameter for LDAP Authentication should be put into the release notes. |
6663921 |
Web server start script does not return the prompt mode after starting the server on AIX. For more information, see AIX 5.3 Technology Level 6 SP5 Patches and AIX 5.3 Technology Level 7 SP2 Patches. |
6667638 |
Provide correct JDK version in the installation guide, which is bundled with the product. |
6435723 |
High CPU usage in Reverse Proxy Plugin - DaemonChannel::unchunk() |
The following table lists the issues resolved in Web Server 6.1 SP8.
Table 22 Issues Resolved in Web Server 6.1 SP8
Issue ID |
Description |
---|---|
4737204 |
The wdeploy delete command follows symbolic links and deletes directories and its contents pointed by the symbolic link. |
6152655 |
form-based authentication in a web application causes users to be logged out unexpectedly although the session should still be active. |
6235473 |
Need the ability to change the permissions of a directory, which is created using WebDAV. |
6319312 |
Fastcgistub dumps core when an instance is stopped after sending request for FastCGI Authorizer application. |
6343584 |
Web server hangs with threads in a deadlock condition waiting for a lock owned by a NSS thread. |
6379347 |
If Access Manager is deployed on the web server, all versions of Web Server 6.1 crash on load. |
6497690 |
Need an option to have full URL or relative URL/URI in web server search web application. |
6508015 |
getParameterNames() does not return non-parameterized names in query string. |
6509623 |
(Windows XP and Windows 2003): Unable to open the Web Server 6.1 SP7 release notes by clicking the Start->Programs->Sun ONE Web Server->Release Notes link. |
6513358 |
Web server Reverse Proxy Plug-in is not handling chunked data. |
6519021 |
The obj.conf file of a new virtual server class generated by the Admin Server contain errors. |
6519551 |
Issue in the JDBC Connection Pool feature. |
6519839 |
Vulnerability with web server redirect functionality. |
6520528 |
response.sendRedirect() error if the redirect URL does not begin with a slash (/). |
6526460 |
LDAP connection failure errors with Web Server 6.1 SP7. |
6531111 |
htaccess AuthGroupFile should support empty files as equivalent to not specifying the directive. |
6532218 |
Web Server 6.1 SP7 crashes in libxerces-c.so on T2000 systems. |
6534216 |
Update README, version string and license file for Web Server 6.1 SP8. |
6540248 |
Web Server 6.1 SP8 to be integrated with NSS 3.11.6 and NSPR 4.6.6. |
6546233 |
RPM specification and pkginfo file to be updated with the SP8 release and version number. |
6566204 |
UTF-7 cross site scripting vulnerability. |
6567841 |
Form authentication bypass and JSP source code disclosure vulnerability. |
6574379 |
Web Server 6.1 browser support should include Internet Explorer 7. |
The following table lists the issues resolved in Web Server 6.1 SP7.
Table 23 Issues Resolved in Web Server 6.1 SP7
Issue ID |
Description |
---|---|
4856895 |
On UNIX: The watch dog process crashes on multiple CPUs machine during server shut down. |
6158040 |
While migrating from 4.1 to 6.1, the JAVA parameters are missing in the server.xml file. |
6206179 |
Internal log rotation rotates the files twice if the system time is changed between two scheduled rotations. |
6213097 |
While migrating from 4.1 to 6.0, ktsearch.jar does not get migrated correctly on JES3. |
6276594 |
A PUT request sent with the Transfer-encoding:chunked header along with a request body fails. |
6292582 |
SNMP MIB's "Fraction of process memory in system memory" which is part of iws.mib, gives the wrong results when queried by the SNMP Manager. |
6315783 |
In the French locale, Online Help links on the Search page lead to English pages. |
6348395 |
When IWSSessionManager is used, invalidating a session does not call the sessionDestroyed() of HttpSessionListener. |
6350502 |
Pragma and cache-control headers cause interoperability problems. |
6358858 |
zlib library throws an internal error. |
6367672 |
The restart script fails when MaxProcs is greater than 1(one). |
6376035 |
Unable to configure the Web Server to successfully run a JSP file that contains a jstl tag. |
6376082 |
Need to support JNDI simple names for lookup in web applications for compatibility with the Application Server product. |
6380777 |
Cannot add pl file suffix for magnus-internal/cgi through the Administration GUI. |
6381747 |
If a session attribute implements HttpSessionBindingListener, the session expires after the session time-out period regardless of whether the session object is accessed. |
6382704 |
Administration server monitors the server statistics even if the Monitor Web Server Statistics option is disabled. |
6384456 |
When a web application attempts to use an object inappropriately, it crashes the web server. |
6384640 |
Concurrent restart requests kill the web server processes. |
6388092 |
Images stored in the /ns-icons directory are not displayed properly in Internet Explorer. |
6388766 |
On Windows: treatment of "\", the Japanese backslash mark (Yen) is different when a new CGI shell directory is created or edited. |
6392159 |
The restart script fails to restart the web server intermittently, causing the web server to hang. |
6392644 |
Incorrect URL in Web Server 6.0 SP10 and Web Server 6.1 SP5 Readme files. |
6400307 |
The cluster control functionality of Admin GUI hangs when a variable is added. |
6418529 |
The search page content has a mix of both English and other languages. |
6421617 |
Problem having server-parsed HTML and .htaccess with the restricted group option. |
6426382 |
If the value of net_write SAF is three times more that the fragment size of the HTTP compression, a net_flush call does not flush all the data. |
6428199 |
Search filter fails if the userid of a member belonging to a user group contains "," (comma). |
6428403 |
When a Servlet filter appends additional data to a response body generated by core, the server might crash if the size of the additional data is larger than the original response body. |
6429293 |
Security vulnerability in Web Server 6.1 sample applications. |
6433752 |
The ssl-check function does not work with NSAPI-based plug-in. |
6436535 |
Server hangs on stop or restart when a connection is in the connection queue. |
6437635 |
Issues with revoked client certificates and CRL files under certain conditions. |
6438408 |
SNMP process leaks memory with each connection request. |
6439519 |
If the ObjectType fn="force-type" directive is removed from the obj.conf file, the server may crash when a request is made for multiple byte ranges. |
6441402 |
LDAP server configuration fails with Web Server 6.1 SP5 64–bit version. |
6442651 |
If the URL to a web application contains URI parameters, it causes recursive redirection. |
6448255 |
On Windows: File handle is not released by the webservd process under certain conditions. |
6451182 |
Web Server 6.1SP6 experiences high CPU in parseParameters(). |
6455812 |
Thread safety problems in the handling of some magnus.conf directives cause certain configurations to crash on startup. |
6458771 |
watchdog can crash when ./start is executed before ./stop completes. |
6465691 |
Display error with HTML page in <jsp:include> with tiles. |
6471388 |
On Windows: Using hidden shared network drives as document directories results in Not Found error. |
6473494 |
Signature DigestInfo parsing problems in NSS. |
6477953 |
On Windows: Web Server (stand-alone) modifies the NSPR/NSS bits thereby breaking the FIPS mode. |
6477981 |
FIPS140 mode is broken in Web Server (stand-alone) due to missing .chk files. |
6478972 |
The JDK shipped with Web Server 6.1SP6 is not compatible with 2007 Daylight Saving Time (DST) changes. |
6480026 |
Some keep-alive connections do not get closed after the specified time. |
6482272 |
SNMP master agent does not send traps when the web server instance's operational status changes. |
6482560 |
On HP-UX: Web Server crashes with 1.4.2.09 + and 1.5.0.3+ JVMs. |
6488468 |
On HP-UX: Remove the packaged JDK for Web Server. |
6489275 |
Web Server 6.1 should be integrated with the latest NSS version for FIPS 140-2 compliancy. |
6494886 |
Low-latency/high concurrency mode sometimes does not get switched dynamically. |
6496892 |
On AIX: Remove the packaged JDK for Web Server. |
6507264 |
When the default log level is set to info, finer log messages are still being printed at server startup. |
6508092 |
Server startup fails in Web Server 6.1 SP7 on the HP-UX platform when installed through express silent mode. |
6510957 |
The pkginfo file in the Solaris and RPM specification files points to the old service pack(SP5). |
The following table lists the issues resolved in Web Server 6.1 SP6.
Table 24 Issues Resolved in Web Server 6.1 SP6
Issue ID |
Description |
---|---|
5027774 |
WW_umask in the configuration is NULL in Solaris. |
6334248 6397340 |
Windows 2003 mapped network drive not readable as a document root directory. Additional Information: To use a document root in a shared network resource, a UNC path has to be used, for example, //machine-name/shared-folder-name. A mapped drive letter like X: will not work as document root. You can specify the document root either manually in server.xml or through the Administration GUI by accessing Virtual Server Class->Content Management->Primary Content Directory. For using a shared directory on UNIX, do the following:
When using a shared directory from another Windows machine, ensure that the password of the Administrator account on both the machines is the same, otherwise the service will not be able to access the network resource. Whether the shared directory is on UNIX or Windows, the service representing the instance server has to run as a particular user of Administrators group like ./Administrator rather than running it on the default local system account. Go to Control Panel->Administrative Tools->Services and make the changes in the Properties dialog box. |
6384651 |
For HP-UX: Web Server sometimes returns the wrong last-modified header and date header. |
6404983 |
Searching of Users and Groups through the LDAP server using the Administration GUI fails. |
6316387 |
Web Server uses incorrect logic when processing the if-unmodified-since header. |
6318003 |
Web Server returns the actual content with 412 code for requests that contains if-unmodified-since and range. |
6312702 |
HttpServletResponse.reset() does not work as expected. |
6360180 |
Crash in webapps/qa_app/jsp/encodedurlforwarder. |
6316881 |
Multibyte characters in headers cannot be retrieved by req.getHeader(). Workaround: By default, request headers are encoded using UTF-8 enc. You can customize request header encoding at the web application level by following these steps:
|
6318406 |
Redeploying the web application causes ownership changes on files. |
6294743 |
Updating JSP search collection creates new tmp files in the converted directory and fills up the disk space. |
6197731 |
Internal error on accessing Administration Server. |
6316262 |
Administration GUI does not reflect the changes made to the access log path. |
6378521 |
makefiles need a cleanup in 6.1. |
6318200 |
Buffer overflows when formatting installer error messages. |
6343584 |
Deadlock in keepalive subsystem caused by NSS blocking. |
6326965 |
Administration password in plain text in a file readable by anyone. Workaround: Use either of these two workaround:
|
6356179 |
The Administration Server of Web Server 6.1 does not change the id attribute in the USERDB tag. Additional Information: To change the id attribute in the USERDB tag, use either of these two option:
|
6333656 |
The MIME type file in Web Server binaries must include the StarOffice/OpenOffice MIME types. |
6342394 |
Cron log rotation on Windows can create invalid archive logs with a specific instance name. |
6358851 |
SNMP Master and Sub Agent startup fails. |
6336309 |
Problem with rewriting the special character `&' in server.xml. |
6335483 |
Create symbol enabled builds for HP-UX (non-stripped). |
6332442 |
Web Server crashes on Linux when Init fn="stats-init" is present in magnus.conf. |
4718466 |
After importing the 6th key to crypto, Web Server 6.0 displays an error: server not avail. |
6340799 |
During a stress test on S1WS6.1SP5 SSL on SUSE Linux Enterprise Server 9 SP2, webservd has a memory leak. |
6353988 |
Cannot set client trust or server trust on some built-in Certificate Authorities (CAs) for Web Server 6.1SP4/SP5. |
6329109 |
Web Server 6.1: Lock file conflict for multiple installations running on the same port but with different IP addresses. |
6378545 |
While updating a JSP search collection, updating a JSP file fails re-indexing. |
6280778 |
PDF files unable to be indexed with Web Server 6.1 search. This error occurs on HP-UX with OS patch PHSS_28871 installed. |
6302377 |
Servlet container UTF-8 URI mapping vulnerability. |
6370089 |
Integrate NSS 3.11.1 with Web Server 6.1 SP6. |
6285129 |
Using % in the jsp:param value fails in some circumstances. |
6324034 |
Web Server has default limit for upload file size as 10 MB. |
6361485 |
htaccess not working in Web Server 6.1 SP5 for User Document Directories. |
6350122 |
Web Server 6.1SP5 on Windows: Cron-based log rotation fails with garbage characters inside the scheduler.conf file. |
6388243 |
Installing a CRL on Web Server 6.1SP4 (Windows) adds it to the CKLs section in the Administration GUI. |
6377343 |
With NSS 3.11.1, certificates with new critical extensions like PolicyConstraints mentioned in RFC3280 can be imported into the certificate database. |
6376634 |
The SSL session was not timing out as expected when SSL3SessionTimeout or SSLSessionTimeout was configured to the user-defined value in magnus.conf. NSS 3.11.1 fixed the magnus.conf directives SSL3SessionTimeout and SSLSessionTimeout. |
The following table lists the issues resolved in Web Server 6.1 SP5.
Table 25 Issues Resolved in Web Server 6.1 SP5
Issue ID |
Description |
|
---|---|---|
6322443 |
NSFC buffer size should be configurable (64-Bit). Additional Information: Use the new BufferSize nsfc.conf directive to configure the size of the buffer used to transmit file contents on cache misses. The following directive can be added to nsfc.conf to increase the buffer size from its default of 8192 bytes to 16384 bytes: BufferSize=16384 Larger buffer size might result in improved throughput at the cost of increased latency and memory utilization. |
|
6234284 |
JES3 Web Server installation fails or core dumps if the Administration password contain shell meta characters such as ;, $, &, ^, *. (. ), |, <, >, ', `,”, \, and so on in the Administration password. |
|
6232465 |
Include -N linker option for HP-UX web server builds. |
|
6171389 |
Input filter is called only for the first HTTP request when using Keep-Alive. All subsequent requests of the TCP connection are not being processed by the filter. |
|
6195820 |
Global resources are not available to load-on-startup Servlets. |
|
5042600 |
Unable to migrate Web Server 6.0 SP7 instance to Web Server 6.1 SP2. |
|
6244615 |
Web Server migration should correctly update RootCerts. |
|
6219618 |
JES Web Server 6.1 SP2 failed to index PDF version 1.5 (Acrobat 6.x) document for creating Search Collection. |
|
6239342 |
Cross-site scripting vulnerability in a default error page. |
|
4879994 |
SSL: Data larger than 8k is huge when the request triggers new SSL handshake. Additional Information: By default, web server can upload files of sizes up to 1 MB (when client certificate authentication is optional). To upload files larger than 1 MB, increase SSLClientAuthDataLimit in the magnus.conf file. In case of simultaneous uploading of very large files, web server uses large amount of memory. To minimize memory utilization do any of the following actions:
PathCheck fn="get-client-cert" dorequest="1" require="1" |
|
6229472 |
.htaccess directive is broken. |
|
6170938 |
acceptlanguage does not work for User Document Directories. |
|
6180991 |
Internal-Daemon Log Rotation does not work for files larger than 2 GB. |
|
6254121 |
.htaccess fails to protect resources that do not have a corresponding file. |
|
6185904 |
New NSS error codes are not being handled properly. |
|
6262885 |
Switching from HTTPS to HTTP causes generation of new session. Additional Information: Set the isSecure attribute of the session cookie for the web application under the cookie-properties to either true or false in the web application's sun-web.xml. The default value is true. In the following example, isSecure is set to false for the web application by setting the parameter value to false.
|
|
6222728 |
SNMP services fail in Web Server 6.1 SP2/SP3 on the Windows 2000 platform. |
|
6273472 |
Web Server 6.1 SP4 uninstall script displays an error message – `No such file or directory'. |
|
6259257 |
Some PDF files fail to be indexed by the search engine. |
|
6253489 |
Using JSP and several includes within the JSP throws ClassCastException in the ApplicationDispatcher. |
|
6285847 |
Requests with double Content-Length header should get rejected (HRS vulnerability). Workaround: Add the StrictHttpHeaders directive in magnus.conf and set its value to on. |
|
6275413 |
Incorrectly configured home-page SAF crashes server. |
|
6313832 |
Existing 32-bit plug-ins cannot be used with the 64-bit release. Attempting to load a 32-bit plug-in using the 64-bit Web Server release will result in an error message such as the following: Sun ONE Web Server 6.1SP5 (64-Bit) B10/28/2005 09:00 failure: CORE3170: Configuration initialization failed: Error running init function load-modules: dlopen of plugin.so failed (ld.so.1: webservd: fatal: plugin.so: wrong ELF class: ELFCLASS32) The Web Server 6.1 SP5 (64-Bit) release introduces support for sparcv9. |
The following table lists the issues resolved in Web Server 6.1 SP4.
Table 26 Issues Resolved in Web Server 6.1 SP4
Issue ID |
Description |
---|---|
6021153 |
Required patch ID 112396-03 does not exist. The patch #112396-03 listed as required in earlier release notes was incorrect. The correct patch number is 112396-02. Solaris users must have the Sun recommended patch cluster installed, available in the Recommended and Security Patches section at http://sunsolve.sun.com. Solaris 8 (SPARC)
Solaris 9 (SPARC and x86)
|
6066252 |
Client certificates with AKI extension causes SEC_ERROR_UNKNOWN_ISSUER error. |
6092498 |
Web Server 6.1 fails to validate a client certificate with LDAP if the certificate contains Czech characters. |
6171311 |
Frequent errors encountered when running Web Server with JDK 1.5. |
6171784 |
Web server performance issue with certain error logging configuration. |
4925875 |
For Korean HTML collection, Korean word search with asterisk does not return any result. |
6171950 |
Precompiled JSP files do not work as expected with reload-interval parameter in sun-web.xml. Workaround: Use the property use-precompiled (set to true under jsp-config in sun-web.xml) to specify that the JSP files are precompiled and should never need to be compiled at runtime. A sample sun-web.xml is as follows: <sun-web-app> <session-config> <session-manager> </session-config> <jsp-config> <property name="use-precompiled" value="true" > </jsp-config> </sun-web-app> |
5048940 |
Superuser Access Control page in Administration GUI not accessible after upgrade from SP1. |
6177544 |
libpassthrough.so not present after RPM installation of plug-in. |
6176231 |
Web Server 6.1 SP4 — Using the Delete certificate Administration GUI (bin/https/admin/security) core dumps with NSS 3.9.3 beta. |
6173365 |
Multiple package installers for the same build of web server of the Solaris SPARC/x86 platform. |
5039633 |
Update NSS to 3.9 series. |
5063134 |
Java Enterprise System symbolic link not used for J2SE location. |
6067407 |
Problems using ACL_LDAPSessionFree(). |
6173293 |
Web server always sets content type to text/html when Servlet filter is set. |
6176264 |
Web Server 6.1 SP4 Solaris x86 unable to start the SSL instance through the Administration GUI. |
6180677 |
Web Server SP4 for JES3 is unable to upgrade on top of Web Server SP2 for JES2. |
6066139 |
Tests fail while running web server with JDK1.5_beta2 release. |
6088595 |
Administration console throws exception with JDK 1.5.0_beta2 while creating and editing classes. |
4904913 |
I18N search: `?' wildcard search in Japanese causes wrong match. |
The following table lists the issues resolved in Web Server 6.1 SP3.
Table 27 Issues Resolved in Web Server 6.1 SP3
Issue ID |
Description |
---|---|
4798461 |
GUI does not correctly reflect when `Transmit File' is turned off. |
4904896 |
I18N search: Sort encoding list of Default Encoding on search Administration GUI. |
4905412 |
GUI does not permit to manage users in the keyfile database. |
4991338 |
Web server Administration console does not show all the tabs (in Mozilla browser). |
5001819 |
Web Server 6.1: Nova Search Engine sometimes does not pick up document. |
5014693 |
Java filters, HTTP compression, and SHTML fail to interoperate. |
5021077 |
A java.lang.NullPointerException is thrown if you click on the OK button without selecting the Directory Server. |
5025617 |
Web server's JNDI needs to map resource-env-reffrom sun-web.xml. |
5042676 |
Request flow problem with Client tag code=302. |
5056989 |
Enable prefixing of hostname in session ID. You can enable prefixing hostname in session ID for the web application by setting the value of the property prefixSessionIDWithHostname under manager-properties to yes, true, or on, in the web application sun-web.xml. In the following example, prefixing host name in session ID is enabled for the web application by setting the parameter value to true. <session-config> <session-manager> <manager-properties> <property name="prefixSessionIDWithHostname" value="true"> </manager-properties> </session-manager> </session-config> |
5057749 |
Web Server 6.1 SP2: Plug-in defined in certmap.conf does not load. |
6041356 |
Memory leaks when AdminLanguage and/or DefaultLanguage is specified in magnus.conf. |
6057426 |
The load balancer plug-in (formerly Resonate plug-in) loadbal.so does not work on the Solaris SPARC platform. The location of the loadbal.so plug-in is server-root/plugins/loadbal.so. |
5065017 |
Servlet session data problem. |
5048051 |
Create collection fails on Linux with RPM install. |
5029954 |
Stack size is ignored when ConnQueueSize/RqThrottle is 0. |
4898077 |
Inconsistent behavior between HttpServerAdmin and iWS console. |
5013100 |
Two ports (for example, 2500 and 02500) are added in server.xml as different ports. |
5046634 |
2–byte character in HTTP header and plug-in programs. You can enable response header encoding at the web application level by setting the value of the configuration parameter use-responseCT-for-headers to yes, true, or on, in the web application's sun-web.xml. In the following example, response header encoding is enabled for the web application setting the parameter value to true. A sample sun-web.xml is as follows: <sun-web-app> <parameter-encoding form-hint-field="j_encoding"> <property name="use-responseCT-for-headers" value="true" > <session-config> <session-manager> </session-config> <jsp-config> </sun-web-app> |
The following table lists the issues resolved in Web Server 6.1 SP2.
Table 28 Issues Resolved in Web Server 6.1 SP2
Issue ID |
Description |
---|---|
4536102 |
I18N: SNMP community name does not show up on Solaris Netscape. |
4536194 |
CGI subsystem makes blocking calls from NSPR user threads. |
4536739 |
Administration ACL and Superuser AC: The `Allow only from host' option does not work. |
4615933 |
CORE SHTML: Cannot set Content-encoding for .shtml files. |
4629796 |
French Thread pool name displaying garbage characters on JA-NT (Internet Explorer and Netscape). |
4651056 |
Web server returns 404 for files starting with `..'. |
4651206 |
After adding a new mime type file, there is no way of verifying addition from the GUI. |
4651207 |
Document preference web page should provide a file to use for error responses. |
4652009 |
Customized access log file is not reflected in the GUI in the View Access Log tab. |
4657465 |
Need to disable cookie-encoding. By default, the Web Server URL encodes the cookies before sending them to the client. If you do not want the cookies to be encoded, add the following line to sun-web.xml: <property name="encodeCookies" value="false"> For the above example, add the line directly under the sun-web-app tag. Do not embed this line in any other tag. |
4664945 |
Internal Error from URL forwarding form. |
4666409 |
Clearing the ErrorResponse CGI file name. |
4676934 |
Distributed -Administration: Overrides default ACI in Web Server 6.0 SP2. |
4676946 |
No validation of virtual server settings form. |
4676950 |
Internal error on removing http:// from URL forwarding form. |
4682434 |
CGI that has scripts to grab environment variables fails to execute. |
4682894 |
Cluster management - Selection of source server deselects target servers. |
4684775 |
Asynchronous DNS is disabled by default. |
4707989 |
Web-application/JSP: load-on-startup not working on JSP files. |
4704385 |
Cluster: Null message in modify cluster when OK is clicked soon after reset. |
4705181 |
User and group is not validating for the users and accepting blank spaces in CGI. |
4705204 |
Newly added ACL files are not getting deleted after selecting delete. |
4706063 |
chroot and directory are not validating correctly. |
4711353 |
Administration: Global|SNMP Master Trap Warning displays Form Element Missing:manager?. |
4718914 |
Turn the security ON for any instance server without installing a certificate. |
4724503 |
After enabling IPv6 on GUI Edit listen socket, server will not start. |
4727597 |
Administration GUI gets cluttered when a new server is added with a duplicate port. |
4721021 |
Unable to access absolute URI on SSL enabled server. |
4727444 |
Access Log reports incorrect data. |
4732877 |
Urlhosts field does not accept more than one hostname. |
4745314 |
$id variable in VSCLASS docroot is not working on Windows. |
4749239 |
ACLI: Incorrect processing of ACL. |
4753601 |
MaxRqHeader directive in magnus.conf is not working as desired. |
4754934 |
Vignette NSAPI plug-in on Web Server 6.0 not functioning correctly when HTTP1.1 is used. |
4761188 |
LDAP: Improve LDAP dynamic group performance for ACLs. For performance reason, a new LDAP configuration parameter, dyngroups fast is introduced for SP2. With this parameter, web server will make an assertion about group membership bypassing nested individuals among dynamic groups. For example, assuming that user alpha belongs to group A, group A is a member of group B by group B memberURL definition (dynamic group), and your ACL only grants group B access. In such case, web server will deny access from alpha because alpha is not regarded as member of group B. If you want to support a nested group, do not define this new config for LDAP authentication service. You will not get performance gain consequently. A sample configuration directory is as follows: ldapregular ldap://localhost:389/o=TestCentral ldapregular: dyngroups fast |
4763653 |
Validation required for the form elements in document preferences page. |
4764307 |
Magnus.conf: Performance setting: accepting negative numbers. |
4765709 |
Administration: Configure Directory Service not validating binddn/password. |
4770294 |
Web Server 6.1 on Windows should add CR character to the end of the line in the access log. |
4786612 |
Web server treats `:' (colon) as a separator between hostname/IP and port in several places. This code needs to be updated to recognize when the `:' is actually part of an IPv6 address. |
4787310 |
Eviction fails in NSFC when SmallFileSpace is set to a low value. |
4788075 |
Setting the PATH variable in magnus.conf for Web Server 6.0 SP5 does not work. |
4800173 |
Performance issue with large ACL file in conjunction with many virtual servers. |
4808402 |
Native authenticator support. |
4814097 |
Unable to select none as a program item under the program groups in GUI. |
4822720 |
Keep-alive subsystem should be dynamically tuned. The keep-alive subsystem requires tuning for optimal performance. In Web Server 6.0 this subsystem was tuned for heavy load and performs poorly when only a handful of concurrent keep-alive connections exist. The keep-alive subsystem was modified for Web Server 6.1 SP2 so it performs some dynamic tuning to accommodate the actual load. |
4849907 |
shtml is parsed when execute permission is not set and configured. |
4855807 |
AIX: Web server hangs after being restarted by watchdog. |
4858152 |
Access log entries in the server.xml file of the migrated instance point to an invalid path. |
4869527 |
SNMP: Test fails for RH Linux 6.2/7.2/Adv Server 2.1, and Sun Linux 5. |
4862498 |
New directory Service Screen not connected to interface. |
4870613 |
Back button not working for frames in Netscape Navigator 7. |
4873766 |
The upload-file SAF does not work correctly with chunked requests. |
4882838 |
Unable to specify protocol for URL in generated redirects. The server generates a self-referencing URL whenever it sends a redirect to a client. As of Web Server 6.1 SP1, the servername attribute of the LS element in server.xml can be used to configure the scheme used in server-generated self-referencing URLs. For example, if an SSL offloader sits between the Internet and the web server instance, decrypting SSL-encrypted traffic for http://www.sun.com and relaying it to the web server on port 8080, an LS element such as the following could appear in server.xml: <LS remap="ls1" port="8080" security="disabled"...servername="https://www.sun.com"> The https:// prefix in the servername value instructs the server to use the HTTPS scheme in self-referencing URLs even though the LS is not configured to handle SSL traffic. |
4889081 |
Internal log rotation creates empty logs. |
4894033 |
Distributed-administration: Functioning of Administration ACL `Allow only from host/IP' is not as per documentation. |
4896881 |
While using untar to expand the web server bits, the ownership and group information is not correct. |
4897074 |
On Linux only: When you create a collection, PDF files will not be indexed and added to the collection. |
4899105 |
The highlighting of the connection value in the Edit Virtual Server page is not correct. |
4905175 |
WebDAV ACL settings are inherited into new Virtual Servers. |
4909378 |
The Help button in the Edit WebDAV page is not pointing to the correct help page. |
4903449 |
Performance affected with multiprocess mode and one thread. |
4905681 |
The AsyncDNS setting is ignored in Web Server 6.1 SP1. The web server never performs asynchronous DNS lookups. Note that even when the magnus.conf has AsyncDNS on, Asynchronous DNS is still turned off. |
4908631 |
An error message status is returned when you try to stop the server when it is not running. |
4907288 |
Cluster Management file transfer not working on Windows. |
4909678 |
Web Server 6.1 Digest authentication is not working for flat files. |
4910266 |
Web Server 6.1: Creating Digest file users through the GUI duplicates users in exponential order. |
4904088 |
Migration final page needs to encode the `<' and `>' characters HTML. |
4908986 |
JDBC: Servlet code UploadServlet mishandles SQL exceptions. |
4904896 |
I18N search: sort encoding list of Default Encoding on search Administration GUI. |
4908010 |
Unable to remove search collection for a newly created virtual server. |
4908401 |
I18N: Un-localized timestamp for each search-returned documents. |
4910222 |
Error on Windows when trying to create a collection with a document root that has back slashes. Workaround: This behavior occurs when you specify a document root that has back slashes or mixed slashes. Use forward slashes. |
4911548 |
Server returns ConfigException while creating the duplicate search collection. |
4911656 |
I18N: Can not go to `sort by date' link while searching multibyte characters. |
4913909 |
i18n: error adding file with Korean filename - skipping since no read permission. |
4913228 |
Missing quote in Oracle script for jdbcRealm sample application. |
4910869 |
NSFC enhancement needed. Add the ReplaceFiles nsfc.conf directive. When ReplaceFiles=true (default), the existing file cache behavior is preserved. ReplaceFiles=false indicates that once a file is cached, its file cache entry should never be discarded to make room for another file. This setting is useful in benchmark scenarios because eliminates contention on the hit list lock. |
4910272 |
Server should not accept mixed slashes for the doc root while adding a new server. |
4912254 |
Web server installation fails due to set -o noclobber in .env. |
4911070 |
Web Server 6.1: Add listen socket protocol family field is missing for IPv6 address. |
4911630 |
Many of the fields in the magnus editor do not have validations because they are accepting negative integer values. |
4911550 |
Getting ServletException while trying to access the server with additional doc. |
4911633 |
Change Password for the user is not working. |
4913566 |
The URL Forwarding Editing Page is not consistent. |
4919473 |
Updating Security Realm properties from Administration GUI is not reflected in server.xml. |
4913289 |
Help on `Edit Virtual Class' does not give complete criteria for VS class deletion. |
4916331 |
Keep-alive connections can hang under light load. |
4925475 |
The server.xml createconsole attribute is ignored. |
4925938 |
Null Pointer exception thrown if the user mistakenly edits the VS Administration URL. |
4929848 |
Performance: Web server polls kstat once per second. |
4926414 |
I18N-korean: Re-indexing collection hangs when missing one or more existing docs. |
4935797 |
certmap.conf file location misrepresented. |
4930327 |
Destination headers are not URL decoded in MOVE/COPY requests. |
4933483 |
SIGCHLD signals are reported on startup. |
4935582 |
TCP_NODELAY need not be set for AF_NCA. |
4930642 |
Source returned when the file's mime.types entry does not end with a carriage return. |
4930329 |
Default values of maxpropdepth is poorly chosen. |
4932995 |
The leading `/' is being removed when deleting web application through Administration GUI. |
4935420 |
Resource picker for restrict access fails for migrated instance of 6.1. |
4944850 |
Address directive not properly migrated when migrating from Web Server 4.1 to 6.1. |
4946829 |
Administration: Creating a new virtual server after migration causes $user: unable to find value. |
4941027 |
Cross-site scripting in web server administration interface. |
4948397 |
Web Server 6.1 SP1 SNMP is not working. |
4946187 |
Distributed-Administration: After enabling distributed administration, if an ACL is set to allow authenticated users only, the server still allows access to other users in the Administration group. |
4947005 |
Add server instance is not working on the Solaris x86 platform. |
4940040 |
Administrator's Configuration File Reference defines non-existent TYPE element. |
4942750 |
Search example is incorrect. |
4943631 |
Wrong documentation on the thread pool configuration file. |
4941741 |
Web Server 6.1 SP1 server on Solaris 8 SPARC fails to start due to libCld.so. |
4945994 |
fc_net_write should result in a single system call. |
4940418 |
Third-party profiler support for bytecode instrumentation. |
4943329 |
IWSSessionManager does not work as expected with Web Server 6.1. |
4947065 |
The search web application shows only a maximum of 11 collections. |
4947624 |
Ineffective alert message displayed while re-indexing on Windows. |
4950552 |
Wrong number of results for particular output results (11, 21, 31...). |
4954789 |
Web server deployment fails with ClassCastException. |
4956415 |
Web Server 6.1 Search: Requesting an ability to display the meta tag description. |
4950644 |
Ineffective alert message displayed while creating a duplicate collection on Linux. |
4951860 |
httpagt depends on NETSITE_ROOT variable. |
4957158 |
fc_open fails when running specweb99 on x86 build. |
4952492 |
MOVE method should rename files when possible. |
4958571 |
PR_NetAddrToString performance is less than expected. |
4951264 |
Web server crashes during Java-triggered reconfiguration and server shutdown. |
4958755 |
ServletContext.getContext(String) does not return other contexts when called from root context. It returns the root context. |
4950653 |
`Null' is displayed for QoS vsclass values. |
4951982 |
Invalid error message is displayed while configuring LDAP with wrong credentials. |
4953147 |
Cron-based log rotation fails when Administration user is root, and instance is non-root. Workaround: Change the user to match the Administration server user in the scheduler.conf file. |
4961864 |
Web server hangs when using rotate-callback. |
4962059 |
Administration password stored as plain text in file setup.inf. |
4969637 |
Minor coding error in send-error SAF. |
4961999 |
After adding a virtual server, the top frame does not show the virtual server in the dropdown box. |
4962624 |
Administration: No Validation for protocol value in Edit Listen socket. |
4963483 |
The GUI gets cluttered if an ACL file path contains a forward slash. |
4968422 |
Showing up invalid ACL file on the browser in the WebDAV screen. |
4966497 |
Perf Dump data for Average Queueing Delay is not correct. |
4970955 |
Cross-site security issue with Apache sample (\plugins\java\samples\webapps\simple). |
4972573 |
Incorrect behavior in web-apps-sample sample application in Web Server 6.1 SP1. |
4972587 |
Incorrect instructions in index.html of the internationalization sample application. |
4976454 |
Samples shipped with Web Server 6.1. |
4970273 |
FastCGI beta libraries are in RTM web server packages. |
4976953 |
AIX 6.0 SP6: forbidden error to a GET for a file with correct group permissions. |
4976490 |
Log messages are truncated. |
4975675 |
Dynamic reconfiguration fails when server is under load. |
4976910 |
NSFC_GetEntryPrivateData() calls NSFC_ExitCacheMonitor() when no entry exists. |
4973079 |
The GUI retains dismissed invalid port entries and populates it when servername field validation fails. |
4975788 |
classpath edited using Internet Explorer is broken; server JVM can't start. |
4975798 |
Cannot add path to classpath suffix using web-admin. |
4975782 |
Cannot delete external JNDI reference. |
4970188 |
RPM can't locate system umask. |
4971298 |
pkgchk -n fails for web server package in Java ES. |
4986761 |
Web Server 6.0 migration fails. |
4989231 |
Server fails to start up on Linux platform. Wrong JDK path during build. |
4988104 |
Edit Virtual Servers page should update the connections value correctly. |
4986700 |
Last-modified and Etag are suppressed when Servlet filters are used. |
4991888 |
The wrong file name is stored for key file configuration. |
4992739 |
Cannot start web server instance, after modifying its classpath suffix. |
4995447 |
Web Server 6.1 SP2 RH Linux unable to access Administration GUI; throws error message after login. |
4995489 |
Solaris x86: Distributed Administration cannot be enabled. |
4991775 |
Validation of cookie name in cookie example Servlet. |
5002905 |
Superuser Access Control cannot be set even when Distributed Administration is not enabled. |
5012107 |
POST request body consumed twice when using bad plug-in. |
4962659 |
Search criteria is truncated to 100 characters. |
4967580 |
Search displays wrong links for the SSL enabled instance. |
4970181 |
Stellent filters need to be added to the Linux and Solaris x86 builds. |
4975327 |
indexMetatags of the nova search should be set automatically. |
4975367 |
Indexing for the meta tag should be case-insensitive. |
4997149 |
Removing documents with a *.* pattern is not removing all the files when the excludeExtensions property is set. |
4997178 |
Server returns null pointer exception while indexing .sxg file when excludeExtensions is set. |
4997697 |
Page numbers are not displayed properly on the search results page. |
4844616 |
Misconfiguration of bswitch causes crash. |
4854698 |
Plug-in crashes with malformed request. |
4866965 |
ACLI: Failed authentication is logged twice in the server errors log file. |
4880864 |
ACL: Web server returns “404 Not found” errors when ACLs deny access. |
4915326 |
WEBC: granting signedBy permissions to Jar files does not work. |
4918754 |
Web Server 6.1 cannot process HTTP URL GET parameter that is in 8-bit charset. |
4924921 |
Cannot set 800 MB of JVM maximum heap size on Windows 2000 using JDK 1.3.1. |
4926336 |
Using % in the value of the JSP parameter corrupts the query string. |
4927770 |
Server aborts with SIGABRT from within libjvm. |
4928358 |
JSP errors are wrongly reported as “Not Found” errors. |
4930374 |
extra-class-path attribute in class-loader element in sun-web.xml does not work as expected. |
4932893 |
Dynamic reloading does not work for web application descriptor files, for example, web.xml. |
4939370 |
Web container thread names are not unique. |
4934083 |
LDAP: Crash during LDAP authentication. |
4934562 |
WEBC: getRemoteUser() does not work for stand-alone JSP files. |
4935669 |
WEBC: Request may not always contain client certificate data. |
4935570 |
Certificate data not always present even when available. |
4932547 |
Tomcat AuthenticatorBase returns 500 instead of 403. |
4946762 |
Out–of-box default realm should be native. |
4948123 |
Web Server 6.1 incorrectly reports client key size in certain situations. |
4949842 |
WEBC: isUserInRole() does not match when using core authentication. |
4957829 |
LDAP: User can enter wildcard `*' for UID in basic authentication. |
4960013 |
Cannot have more than one LDAP realm. |
4968857 |
htconvert not converting .nsconfig wildcard patterns correctly. |
4968882 |
htconvert does not work on 6.1 style server.xml. |
4960873 |
NPE encountered when a session is expired simultaneously by two (2) threads. |
4973927 |
EPIPE signal not caught as an IOException from OutputStream.write(). |
4976277 |
Using JDK 1.4.1 provided JNDI connection pool for LDAP pooling. |
4983707 |
Changing the log level to Security causes NullPointerException upon start. |
4981028 |
Distributable semantics in web.xml is not honored by the web container. |
4993468 |
getResourcePaths returns paths that contain `//'. |
4996219 |
webservd leaks memory on RedHat Linux Advance Server 3.0. |
4997593 |
Poor integration between NSAPI srvhdrs and HttpServletResponse headers. |
4997756 |
LOCK-UNLOCK is not working properly and the GUI does not show lock information properly. |
4997838 |
Web server does not start on RedHat Linux AS 3.0 with Security turned On. |
5003531 |
500 error when accessing a web application with transport-guarantee=CONFIDENTIAL from a non-SSL port. |
5004542 |
ASN.1 parsing bugs/brute forcer program can cause web server crash. |
5016494 |
NSS: Crash in DER_UTCTimeToTime with corrupt certificate. |
The following table lists the issues resolved in Web Server 6.1 SP1.
Table 29 Issues Resolved in Web Server 6.1 SP1
Issue ID |
Description |
---|---|
4642650 |
Option needed to disable appending of absolute URL in a Servlet or JSP container. Fix details: New property added to sun-web.xml: relativeRedirectAllowed Default value: false Description: If true, allows the web application to send a relative URL to the client using the HttpServletResponse.sendRedirect() API. That is, it suppresses the container from translating a relative URL to a fully qualified URL. |
4793938 |
Enabling Remote File Manipulation from the Server Manager GUI allows any remote user to obtain a listing of any directory in the server's URI space. |
4904201 |
javahome path wrongly set when adding a server with no bundled JDK. |
4911580 |
Adding a new server instance might fail with a Server Error message. |
4928794 |
Server restarts when trying to create null resource by PUT. |
4929913 |
Search engine does not extract and index FTS information from PDF files. Fix details: This fix applies to all supported platforms except Linux. The Author, Subject, and Keywords meta tags are always indexed. Functionality has been added that now enable arbitrary meta tags to be indexed, including those tags produced when converting the FTS_* attributes from PDF files. Manual configuration of a new setting in server.xml is required, as described below.
Note – See issue 4956415 for details about displaying custom meta tag information in search results. |
4933935 |
On Solaris 9 release: reconfig does not work in package-based installs. |
4945089 |
ASN.1 parsing issue in SSL. A problem has been identified in the implementation of the SSL protocols used by the web server that may be exploited as a Denial of Service attack. Web Server 6.1 SP1 fixes this problem. If you use the web server to host sites that utilize SSL version 3 or TLS, you are strongly encouraged to install this service pack. |
4950388 |
The reconfig command does not work on Windows XP. |
4964069 |
The commit.exe utility crashes on Windows platforms. |
The following table lists the issues resolved in Web Server 6.1.
Issue ID |
Description |
---|---|
Table 30 Issues Resolved in Web Server 6.1
Issue ID |
Description |
---|---|
4869693 |
On Windows, the web server installation overwrites SunONE Directory Server .dll files due to cohabitation issues with Directory Server 5.x. |
4540254 |
Rotating log files shouldn't require server restart on UNIX. |
4727146 |
Logs filling with `connection reset' entries. |
4786735 |
Installer does not set proper JDK CLASSPATH/LIBPATH when the external JDK is used. |
4792721 |
Incorrect error messages when LDAP server is offline. |
4799452 |
sun.tools.javac.Main has been deprecated. Its exception stops valid JSP files. |
4801874 |
ACL_LDAPSessionAllocate always returns LAS_EVAL_FAIL. |
4811418 |
Digest authentication crashes. |
4819405 |
Memory leak of the slapd process with the digestauth plug-in. |
4820513 |
digestauth plug-in code is not thread safe. |
4839875 |
When using cachefs or nfs as ClassCache and document-root, Web Server does not always pick up the new JSP. |
4842190 |
Web server crashes when receiving Accept-Language header larger than 15 languages. |
4842574 |
Server crash with malformed request. |
4842601 |
Accept-Language header security issue. |
4846832 |
CRL corrupts database. |
4848896 |
digestauth plug-in crashes for a particular type of request. |
4849914 |
Memory leak in digestauth plug-in for a particular type of request. |
4855546 |
Log analyzer vulnerability. |
4858026 |
JSP: crash in getParameter when posting large amounts of data. |
4867887 |
Basic authentication fails for users with user IDs that have spaces. |
4903319 |
When you create a collection, not all documents will be indexed and added to the collection. |
The following table lists the issues resolved in the English language version of Web Server 6.1 SP6 and later documentation.
The following issues exist in the localized version of Web Server 6.1 documentation.
Issue ID |
Description |
---|---|
6507454 |
Current documentation gives incorrect instructions on how to log cookie information. |
6528670 |
Administrator's Guide should document the steps to restart, start, or stop the schedulerd control daemon from command line. |
6528678 |
Release Notes and Installation and Migration Guide have different Support Platform description for Web Server 6.1 SP7. |
6528682 |
Two Server Instances Bind to Same Port on Windows. |
6543821 |
Server does not close the old listen sockets on restart or reconfigure. |
6559753 |
The release notes for the reverse proxy plug-in should include a Resolved Issues section. |
6570039 |
Administrator's Guide needs correction: the -P option in the Exporting with pk12util section should contain a hyphen (-) after https-test-host. |
6367812 |
Online help does not document steps to restart the schedulerd. |
4957123 |
Administrator's Guide does not document the Search Query operators. |
6493741 |
Provide steps on "How to Stop the schedulerd from a command line". |
6384436 |
Reverse proxy plug-in is missing some important documents. |
6401395 |
6.1 Passthrough/Fastcgi plug-ins startup messages create confusion. |
6170766 |
Upgrade procedure of Java ES does not use the JES installer. |
6418693 |
Description about netbuf_getbytes() is not available in the 6.1 NSAPI guide. |
6472668 |
Web Server 6.1 Windows installation should use -Xrs JVM option by default. |
6503463 |
Web Server 6.1 release notes has Sun internal URL. |
6378473 |
Release Notes for Sun Java System Web Server 6.1 Add-Ons Reverse Proxy Plugin has an incorrect default value for the validate-server-cert SAF. |
6391505 |
Installation and Migration Guide should document configuration file writability, root security risks, and Solaris net_privaddr privilege. |
6359385 |
Administrator's Configuration File Reference should document the magnus.conf variable MaxKeepAliveConnections value range for 64–bit server. |
6358849 |
Administrator's Configuration File Reference should document the MaxOpenFiles attribute in the nsfc.conf configuration file. |
5065188 6173274 |
Administrator's Guide incorrectly describes a Find menu Passage Search option in the Advanced Search section. This menu option is not available. |
6155266 |
Administrator's Guide describes the configuration log level incorrectly. |
6206074 |
Administrator's Configuration File Reference describes an incorrect default value for the ChildRestartCallback directive. |
6170766 |
Installation and Migration Guide describes an incorrect method of upgrading a new version of web server in the Before You Install Sun ONE Web Server section. |
6170769 |
Administrator's Configuration File Reference has incorrect information about the AdminLanguage directive. |
6173273 |
Administrator's Guide has a typographical error under section Choosing MIME Types. |
6173133 |
NSAPI Programmer's Guide describes an incorrect example of a NSAPI Function Reference. |
6173272 |
Administrator's Guide incorrectly documents the supported version of Java as `1.4.1_03'. |
5029460 |
Administrator's Guide documents an incorrect certmap.conf configuration. |
4975161 |
Administrator's Configuration File Reference does not document the optional parameter `block-size' for pool-init. |
5002190 |
Administrator's Guide does not contain information about the htpasswd command utility. |
5002192 |
Administrator's Configuration File Reference has incorrect information about the loglevel attribute. |
5038534 |
Administrator's Configuration File Reference has incorrect default value for the LogFlushInterval directive. |
4781137 |
Administrator's Guide has the following incorrect information:
|
4823362 |
Administrator's Guide needs to be updated with additional information regarding ACL. |
5046588 |
Installation and Migration Guide incorrectly documents the supported version of Sun accelerator hardware. |
5052605 |
NSAPI Programmer's Guide does not clearly specify that content-type needs to be in lower case. |
5062560 |
Installation and Migration Guide does not document the method of disabling the start-on-boot option. |
6285234 |
Administrator's Configuration File Reference incorrectly describes the default value of the StrictHttpHeaders directive as on. |
6067318 |
Administrator's Configuration File Reference has insufficient information about the set-variable error parameter. |
6230379 |
Administrator's Configuration File Reference incorrectly describes a remove-file() SAF. |
6208955 |
NSAPI Programmer's Guide incorrectly documents the description of SERVER_SOFTWARE as MAGNUS_VERSION_STRING. |
6320016 |
Administrator's Configuration File Reference does not clearly define the default value of listenQ on Windows. |
6354681 |
Administrator's Configuration File Reference needs more information about DNS. |