Patch-ID# 118102-07 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security linux rhel2.1 Synopsis: Application Server 7.1 RHEL2.1: Load Balancer Plugin Patch Date: Feb/27/2006 Install Requirements: None Solaris Release: Note: Redhat SunOS Release: Note: RHEL2.1 Unbundled Product: Application Server Unbundled Release: 7.1 Xref: This patch available for Solaris sparc as 117873 and Solaris x86 as 117874. Topic: Application Server 7.1 RHEL2.1: Load Balancer Plugin Patch Relevant Architectures: i386 BugId's fixed with this patch: 4693581 4734337 4739569 4744128 4775955 4781119 4829164 4849368 4854984 4860218 4898075 4910667 4916390 4926581 4928556 4947756 4949245 4950512 4953606 4960069 4962418 4965815 4969425 4970418 4972796 4976401 4978048 4978068 4982525 4987274 4989269 4992519 4993607 4994363 4995984 4996762 4997113 4997269 4997770 4997803 5001994 5002254 5002941 5004406 5004547 5005653 5006654 5006992 5007030 5007607 5007691 5007720 5008199 5010026 5011612 5011711 5011751 5011969 5013767 5015561 5015994 5016656 5017695 5017895 5018162 5019310 5020224 5020610 5021054 5022904 5023064 5023073 5023088 5024923 5025063 5025894 5027250 5027497 5028803 5029014 5031203 5032338 5033159 5034880 5035861 5037283 5038229 5039545 5039674 5040859 5044388 5048072 5048147 5048226 5048234 5048279 5048805 5048948 5048951 5049159 5049568 5051100 5051821 5052594 5053828 5053854 5056695 5056917 5057723 5062948 5063290 5063481 5063854 5064747 5065302 6041261 6041351 6041352 6064928 6066060 6066061 6066133 6066221 6066222 6066223 6066224 6066225 6066323 6067070 6067192 6067196 6067213 6067367 6078271 6089099 6089112 6092491 6092496 6092499 6098528 6101523 6101639 6106644 6106645 6152639 6152644 6152645 6154947 6155029 6155030 6155031 6155038 6155134 6155236 6155239 6155446 6155539 6155540 6156699 6156702 6156706 6156737 6156796 6156842 6157054 6157058 6157153 6157310 6157326 6157465 6157477 6157599 6170685 6171762 6171994 6172138 6173355 6173362 6175824 6177502 6177522 6178431 6178742 6178969 6179712 6181948 6182861 6183117 6183278 6185520 6186811 6189919 6192715 6192955 6193156 6195716 6198752 6200386 6200592 6202159 6202883 6204184 6208875 6209453 6210327 6211709 6215977 6216970 6217112 6217658 6218086 6218460 6220602 6222700 6223083 6223279 6223367 6223368 6224453 6226096 6227718 6230908 6230921 6232577 6233088 6233123 6233628 6236311 6239408 6240422 6240424 6240771 6240774 6240960 6241348 6241404 6247856 6249872 6250556 6251775 6252444 6254469 6255219 6260764 6262291 6262746 6263690 6264944 6267905 6268720 6275091 6277733 6282210 6285724 6285772 6286783 6287813 6288472 6289742 6292124 6292128 6294169 6304706 6307510 Changes incorporated in this version: 4997269 4854984 5039674 5048279 6067213 6078271 6156699 6156706 6173362 6179712 6183117 6198752 6222700 6224453 6232577 6233628 6240424 6240960 6241404 6249872 6251775 6252444 6254469 6255219 6260764 6262291 6262746 6263690 6264944 6267905 6268720 6275091 6277733 6282210 6285724 6285772 6286783 6287813 6288472 6289742 6292124 6292128 6294169 6304706 6307510 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: Note: SUNWaslb-7.1.0-04.i386.rpm Problem Description: 4997269 getConnectionRetry might not try all exceptions 4854984 If admin server not running, http 500 error may occur 5039674 DOC 5048279 Docs: Security samples troubles 6067213 clsetup on Windows required HADB agents to be running on default port of 1862 6078271 71UR1Build1: Deployment of the .ear failed on Windows OS due to file length issue. 6156699 Wrong steps in docs - Configuring the Web Server Plug-in (Passthrough). 6156706 passthrough for IIS packaging in the installer is broken 6173362 AS71UR1 SE/EE: statefile is created without -savestate option when installed on X86. 6179712 Sample Application(JSTL): JSP's cannot be Pre-Compiled with precompile jsp set to TRUE 6183117 DOC: incorrect http-headers when using servlet filters for pdf/xls files 6198752 ServerRequestImpl.getServiceContextsForReply Generates Unnecessary Exceptions 6222700 AS71UR2: Default page of server1 instance is in English after upgrade. 6224453 Files have to be changed to display right version 6232577 Jdbc connection gets closed when a txn.delist happens 6233628 Package-based Installer upgrade does not work well with domains/instance that are non-root 6240424 cross-site scripting vulnerability in a default error page 6240960 Niles App for 7.1UR2 ER2 is throwing SEVERE errors 6241404 recovery of in-doubt transactions from the Application Server 6249872 If servlet service() method does not terminate, appserver cannot be shutdown 6251775 Session Timeout did not appear to be taking into account the last access time 6252444 IP-based ACL does not work on IAS7.x 6254469 Japanese character is corrupted when displaying error page 6255219 Quiescing not working as described 6260764 HADB problem when running SPEC2002 on Windows2000 6262291 RichAccess, out of memory, seen in Webserver 6262746 Loadbalancer plugin is crashing Apache 1.3. 6263690 LoadBalancer crash was observed during internal testing 6264944 RFID information server index shows question marks for zh-hk in AS SE 7 2004Q2 U2 6267905 appservd takes up CPU resources when primordial appservd is not present 6268720 Unable to retrieve X509 client cert using javax. servlet.request.X509Certificate which violates J2EE 6275091 S1AS7 Java Servlet: getServerPort() returns port 80 if the Host header does not contain port number 6277733 On RH3 Linux, appservd crashes intermittently and caused by LinuxKernelStats (when stats-init on) 6282210 On AS71UR3, it seems fix URL-Forwarding change in admin gui does not add to VS-obj.conf 6285724 HTTP request smuggling vulnerability ["GETorPOST / HTTP/1.x" with content-length and body] 6285772 Load balancer plugin is crashing Web server. 6286783 server has to reject requests with Double 'Content-Length' header 6287813 Load balancer plugin is crashing Web server. 6288472 Unable to change the smux port of subagent 6289742 Application Server load balancer plug-in loses requests under high loads 6292124 Upgrading HADB from 4.4.1.6 to 4.4.2.7 6292128 Upgrading jdk to 1.4.2_09 6294169 Can only retrieve X509 client cert using javax.servlet.request.X509Certificate attr on first access 6304706 Failed response by loadbalancer causes crash in App server 7.1UR2ER3 6307510 S1AS 7.0/SJAS7.1 : EJBC/RMIC generates STUB/Skel with NOT fully Qualified Package Name. (from 118102-06) 4928556 Add support to flush changes to a datastore in postInvoke 6192715 appserver 7.1UR2 installation fails on Solaris 10 OS 6208875 Upgrade installation Failed:java.io.FileNotFoundException:/sun/appserver7/./SUNWhadb/4-File Base 6185520 Installer doesn't upgrade load balancer plugin component 6211709 S1AS7 fails to persist relationship between CMP entity beans in n-to-m relationship 6200592 as8: the tag breaks basic authentication 6179712 Sample Application(JSTL): JSP's cannot be Pre-Compiled with precompile jsp set to TRUE 6217112 Incremental installation is not working on Windows 2000 professional. 4781119 ServletContext.log() content written as FINE rather than INFO 4916390 Can't pass command line options to javac during deployment of apps 5024923 AS7EE crashes if passed with illegal/unknown Request method (denial of service) 5027250 Silent installation fails for non-root user 5048226 Incorrect link in EJB Samples tutorials 5048234 Incorrect link in CMP Simple Application Tutorial 6157477 AS7 instance hangs when HADB database is down or hung. 6171762 Client JNDI lookups via S1ASCtxFactory fails when jndi-name contains a "." 6172138 Entries in statefulsessionbean table not clear when SJAS 7.0 2004Q2 EE crashes 6186811 RichAccess: HADB primary key constraint violation problem 6200386 Data format is not uniform in clresource.conf and clresource.conf.windows 6209453 Load balancer does not failover to other clusters when all instances are disabled on one cluster 6210327 *HOT* Appserver Reverse SSL Proxy plugin is vulnerable to MITM attacks 6215977 static file restriction failed for SJAS 7.1 6216970 Minor changes to documentation in logging 6217658 "Server-Parsed HTML" can lead to display jsp source with trailing '/' on URI 6218086 Invalid configuration: HTTP3205: Cannot postparse ACLs. In acl default, method = is undefined 6218460 Doc: Transactions can fail due to a transaction timeout even when the JTS timeout is large enough 6220602 Stateful session being passivated to disk as files are not removed LONG after removal timeout 6223083 Upgrading ONLY hadb via installer fails from 7.1UR1 6223279 ejb-ref-name jndi-name mapping generated wrongly for those that do not have jndi-name mapping 6223367 modification of acl does not add object into server1-obj.conf 6223368 Not able to see the ACL's in admin UI eg "B. Pick an existing ACL". 6224453 Files have to be changed to display right version (UR3) 6226096 Unable to build Application Server 7.1 outside of red.iplanet.com domain 6230908 change the sample loadbalancer.xml.example 6230921 loadbalancer crashes when reconfig is executed and loadbalancer.xml is not present. 6233088 Installer seems to indicate failure on upgrade, install ERROR - Error replacing tokens in file 6233123 XA transaction with Oracle and JMS can lose a msg when the Oracle side dies 6236311 HADB-E-11309: Too many statement handles allocated. 6239408 RMI-IIOP Appclient tests are failing. 6240422 cross-site scripting vulnerability in a default error page 6240771 SJS Application Server 7.x -- EJB classloader does not close JAR input streams -- memory leak 6240774 After uninstalling loadbalancer plugin, new telnet connections don't work. 6241348 Failed to redirect to https (http-https-http) 6247856 In index.html app server version is Update 2 instead of update 3 6250556 In README.txt under System Requirements On Solaris x86, section mentions about solaris 10. (from 118102-05) Revision skipped. (from 118102-04) 5032338 Memory leak when an EJB application is dynamically redeployed 6193156 AS7.x crash with CORE3148: failed to wait on signals. (Interrupted system call) 6195716 SJAS7: JNDI Cleanup NOT happening correctly while Undeploying/Re-deploying the EJB Module in AS 6227718 enhance loadbalancer to alter context root (from 118102-03) 6202159 Vignette, NPE in JasperLoader when trying to access Vignette application 6202883 Exception when running Trade2 application with 71UR2 B03 6204184 Richaccess: HADB related exceptions 6101639 Incremental installation for EE/File based enables HADB Admin client even after HADB installed 5053854 Require support for Sun-branded DataDirect JDBC driver. 6157310 Runtime reloads Collection field during relationship management 6155236 RHEL3.0: sometimes create-domain hangs and fails to create a domain in RHEL3.0 5006654 Request to deprecate sesssion id length configuration 4693581 RN: Exec to launch iMQ broker fails with IOException: Not Enough Space 6156737 Unable to start app server on HPUX with heap=1GB 6157465 HADB's full path is hard-coded asenv.conf file 6170685 Loadbalancer plugin does not detect an Appserver hang 6171994 Improper permissions in security.policy file causing startup hang 6173355 InvocationException when trying to get database connection when application server restarted 6175824 clsetup needs modification 6177502 REG: The About.html of SJAS 7.1 UR2 should be updated. 6177522 The CLSETUP assumptions should be updated 6178431 CLI: cannot programmatically delete jvm options from newly created instance with asadmin 6178742 s1as7.1_ur2-b01 failed to config: ssl3tlsciphers 6178969 RHEL3.0: sometimes create-instance hangs and fails to create an instance in RHEL3.0 6181948 alleged input validation error. 6182861 Exceptions with WSI Sample App running against SJSWS 6.1 with SJSAS 7.1UR1 EE loadbalancer plugin 6183278 cladmin is not working on AS7.1EE (2004Q2UR1-ee) WINDOWS Platform 6189919 cladmin is not working on 7.1UR2 WINDOWS Platform when instancefile or passwordfile options are used 6192955 Couldn't upgrade from 71UR1 to 71UR1ER1 or 71UR1ER1 to 71UR1ER2 (from 118102-02) 5053854 Require support for Sun-branded DataDirect JDBC driver. (from 118102-01) 5011612 RN: create-jmsobj, delete-jmsobj, list-jmsobj commands still present in asadmin 4744128 EJB compiler failed to generate valid java code for inner classes 4775955 findByPrimaryKey returns broken bean for char primary key with Sybase 4860218 Array IndexOutOfBoundsException if cmp pk class has non-persistent public fields 6067367 AppServer 7.0 UR3 RPMs fail sun_patchchk 6092499 REG:GAT resulting LDAP Server crash 6155446 Corrupted transaction log files hang appserver 5056917 Neither the CNCtxFactory or S1ASCtxFactory can be used to programatically reconnect 5049159 app svr should reconnect to directory svr if directory svr goes down 4734337 IWS: Listing of groups/users in ACL UI is broken. 4739569 virtual server with state of "on" or "disabled" should not allow access 4744128 EJB compiler failed to generate valid java code for inner classes 4775955 findByPrimaryKey returns broken bean for char primary key with Sybase 4781119 ServletContext.log() content written as FINE rather than INFO 4829164 Error while deploying to Sun ONE AS server. 4849368 "Use Existing JDK" text field accepts blank space 4860218 Array IndexOutOfBoundsException if cmp pk class has non-persistent public fields 4898075 When statement execute failed, session persistence fails 4910667 JDOUnsupportedOptionException running SPECjAppServer 4926581 Appserver asadmin utility always requests a password for SSL startup 4928556 Add support to flush changes to a datastore in postInvoke 4947756 Reg: Not able to setup Log Rotation - A blank page is loaded 4949245 App Server crashes during deployment of a WAR file 4950512 Could not deploy the app on Windows 4953606 s1as7 passthrough plugin split POST request in two when working with IIS 4960069 clsetup: logs displaying CONSTANTS instead of actual value 4962418 a typo in JMS SessionWrapperWeb.rollback prevents the method from working 4965815 DOC::Logging/simple sample doesn't work 4969425 SNMP doesn't work when the instance is stopped and started (restart). 4970418 RN: Mistake in asadmin help during create-ssl --help 4972796 Changes in j2ee application role mappings are lost during deployment 4976401 iwsInstanceDeathCount is not being updated. 4978048 (Regression)JDOUnsupportedExceptions thrown for SpecjAPPServer 4978068 No information displayed about the errors that occurred while running ejbc. 4982525 Admin Tool works improperly in AS7.0UR1 Japanese version 4987274 S1AS7: Deployment fails if remote interface for the bean is named Util 4989269 LDAP security realm authentication fails if '/' appears in User DN 4992519 Only allow the user who installed the product to perform uninstallation. 4993607 Misleading error message in admin GUI 4994363 Security role mapping not updated properly 4995984 [PERF:] Logging in authenticator module, sso needs to be fixed 4996762 [PERF:] Remove dead code, this will affect the code coverage metrics 4997113 appservd.exe crashed when application is accessed using passthrough plug-in 4997770 404 Error message still indicating "Sun One Application Server" 4997803 start-instance --help synopsis needs correction 5001994 RN javax.servlet.http.HttpServletRequest.getRequestURI returns the decoded request 5002254 asadmin command options are listed properly and correctly when using --help option 5002941 Help message in "ready to install" panel is wrong 5004406 --passwordfile does not work with mix of upper/lowercase characters 5004547 Upgrade help does not have any message 5005653 There is a warning message when deploying jdbc/simple sample 5006992 Windows upgrade has unsupported 'select new' option 5007030 Showing "Installation failure" 5007607 java.io.IOException: Error from HA Store: HADB-E-00208: The transaction was 5007691 Showing different jdk version in uninstall script usage 5007720 Log message not proper for invalid value for error-url in web-module 5008199 error for documentation/info on man pages for asadmin delete-jvm-options 5010026 Appserver deadlock with time-based, modified-session session persistence 5011612 RN: create-jmsobj, delete-jmsobj, list-jmsobj commands still present in asadmin 5011711 Uninstaller of File base is not cleaning all files, affecting next installation. 5011751 Unable to deploy CMP when EJBQL with finders using Long datatype input param 5011969 REG: Http listener and IIOP-listener page throw exception (eval build only) on x 5013767 Plugin truncating XML stream 5015561 JCA will leak physical connections if getMetaData() throws ResourceException 5015994 Configuration changes to improve out-of-the-box performance 5016656 RN: The directory for Pointbase server startup is incorrect in http://host:port 5017695 AS7 - cannot deploy .rar without . 5017895 NPE when running NileApp in x86 platform 5018162 RN: Two imq packages are installed if a qualified imq pre-installed 5019310 Upgrade doesn't modify the server instance if created locally 5020224 Appserver request processing stops on badly-formed header 5020610 Get Fatal Error "File source doesn't exist" on redeployment 5021054 7 SE : The EJB Classloader doesn't adhere to EJB Spec in terms of loading Java 5022904 RN: DB2 Server has connection growing after idle timeout with DB2 Type II Drive 5023064 re-bundle standalone distro of appserver with official nss/nspr RPMs 5023073 re-bundle standalone distro of appserver with official javahelp RPM 5023088 re-bundle standalone distro of appserver with official icu RPM 5025063 Starting of LB on S1WS6.0 on Linux for file based installation requires comments 5025894 partial JCA 1.5 functionality requested 5027497 CMS Collector needs to be the default for 7.1UR1 EE 5028803 RFE: loadbalancer plugin support for IIS on Windows 5029014 package-appclient script needs updating to be compatible with new NSS path(s) 5031203 There is no mention about the coexistence in the installation guide. 5033159 HttpServletRequest.getCookies() method returns cookies from a totally different 5034880 Standalone AppServer UR3 Svr4 patch doesn't install properly 5035861 Makefile changes to have 7.1UR1 EE build on all platforms. 5037283 Not possible to upgrade from 7.1 to 7.1 update release 1 5038229 ISAPI loadbalancer plugin does not have file based logging facility 5039545 RN: AppServer-WebContainer sends ABSOLUTE redirects causing problems 5039674 DOC: create-jdbc-connection-pool does not return error with incompat restype/class 5040859 7.1UR1 docs for Release Notes for bug 5015994 5044388 7.1 Update Releases may be shipped with JDK other than the JDK used for building 5048072 Duplicate iiop-cluster element added during upgrade: prevents startup 5048147 s1as71EE/zh_CN has wrong encoded messages in server.log of instance server1. 5048805 File based installer tries to upgrade package based installation and corrupts 5048948 REG:AS71_SE, ja: 'About application server 7 2004Q2' can't open 'docs/ja/about.h 5048951 AS71_SE, ja: All appserver menus on windows are English 5049159 app svr should reconnect to directory svr if directory svr goes down 5049568 Not possible to upgrade: says core and samples installation directory differ 5051100 HADB documents need updates for Windows 5051821 AS71_EE/SE, i18n: the popup dialog for less passwd character isn't I18n 5052594 CMR application with multiple keys cannot deployed to S1AS7.0x 5053828 clpassword.conf in file based installation is accessible to other users 5056695 App Server Trust Database is not populated with default root CA's 5057723 templates of asenv.conf and server.xml have hardcoded location specific to Solaris 5062948 typo in setting ORB jvm-options when upgrading to 7.1 EE 5063290 AS71: can't upgrade to EE from SE on redhat 5063481 RN: TRACE METHOD cannot be disabled 5063854 Able to access the last session of SJAS 7.0/7.1 5064747 Need to add server.xml.template.HPUX and remove -XX:+AggressiveHeap for HPUX 5065302 HP-UX porting of SJAS71 UR1 SE 6041261 DOC: AS7.1 UR1 with the June23rd Build and if /usr/bin/perl is not found 6041351 REG: Windows-SE - Windows EE not upgraded properly 6041352 Windows EE: After upgrade , "Component Selection Screen" still allows to select 6064928 7.1UR1: Version needs to be corrected from 7.1 to 7.1UR1 in appropriate places 6066060 Installer is not upgrading the jdk from 1.4.2_04 to 1.4.2_05 6066061 REG : Unable to install S1WS Plugin on Linux 6066133 LoadBalancing for Sun One WebServer is not working on Windows 6066221 IIS LB Plugin requires AppServer to be installed for proper functioning 6066222 IIS Default webpage doesn't come up after installing LB plugin 6066223 Windows Installer gives wrong Message on first screen 6066224 20040705.1: Invoking the installer on Win2003 Ent Ed gives Unsupported Platform 6066225 REG: 20040705.1: Invoking the installer on Win2003 Ent Ed gives resource string 6066323 Clsetup not working on Windows 6067070 cladmin.bat is not copied 6067192 Incremental Installation shows wrong behaviour 6067196 apache plugin on Windows requires setting NSPR_NATIVE_THREADS_ONLY=1 6089099 Unable to install Apache LoadBalancing Plugin 6089112 Unable to configure server instances using clsetup on Windows 6092491 Apache LoadBalancing doesn't function 6092496 Apache2 lb plugin on Windows - installation hangs while installing the plugin 6098528 about.html needs to be updated for 7.1UR1 6101523 clresource.conf has wrong package version of HADB on Windows 6101639 Incremental installation for EE/File based enables HADB Admin client 6106644 Appl Server Administration Client should be disabled if Appl Server is selected 6106645 lb plugin - routing of https requests not proper 6152639 failover does not happen properly on Windows 6152644 7.1UR1/HP-UX: Installation Failed 6152645 7.1UR1/HP-UX: Incremental installation of File Base behaving as an upgrade. 6154947 Clsetup and cladmin on Windows need i18n enabled 6155029 7.1UR1: "./setup -silent " option is not documented in the README file 6155030 7.1UR1: "Windows 2003" is not mentioned in the README file under System Requirements 6155031 duplicate keys in clsetup.po 6155038 update HADB to 4.4.0.12 on Windows 6155134 DOC: manual setting of path is required for webservers to start 6155239 Loadbalancer installation configures wrong path for loadbalancer.xml 6155539 sec_db-files required for Apache plugin are not bundled with Windows EE Build 6155540 AdminGUI: Help Not Found for certain features 6156699 Wrong steps in docs - Configuring the Web Server Plug-in (Passthrough). 6156702 asadmin-set.1as and set.1as are shipped in 2 packages 6156796 Upgrade from AS 7.1 pe to 7.1UR1 pe doesn't work on Windows 6156842 Windows-EE:Unable to create HADB database on a remote host using HADBM Admin C 6157054 Unable to upgrade 7.1 UR1 SE to 7.1 UR1 EE 6157058 update HADB to 4.4.0.14 on Windows 6157153 REG: Upgrade 7.1 UR1 SE to 7.1 UR1 EE doesn't start the Application Server - Upg 6157326 HTTP basic authentication when request is sent through webserver plugin 6157599 REG: Unable to upgrade 7.0 SE UR3 to 7.1 UR1 - Upg Patch Installation Instructions: -------------------------------- To install this patch, run the command: rpm -F 'rpmname' This will freshen your existing RPM installation. Note that if this is a relocatable binary RPM and you have installed into a non-default location using the --prefix switch, you must specify the --prefix switch with the non-default location when you install this patch. Consult the rpm(1) man page for more details. Special Install Instructions: ----------------------------- None. README -- Last modified date: Monday, February 27, 2006