Patch-ID# 119174-09 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: java_es solaris security Synopsis: Sun Java System App Server Platform Ed 8.1 2005Q1 _x86: File based patch Date: Aug/03/2006 Install Requirements: See Special Install Instructions Solaris Release: 9_x86 10_x86 SunOS Release: 5.9_x86 5.10_x86 Unbundled Product: Sun Java System App Server Platform Ed 8.1 Unbundled Release: 2005Q1 Xref: Topic: Sun Java System App Server Platform Ed 8.1 2005Q1 Solaris: File based patch Relevant Architectures: i386 BugId's fixed with this patch: 4916390 4942108 6170450 6171200 6193404 6204234 6207862 6209453 6210327 6211979 6227718 6241404 6245681 6249884 6251872 6255219 6258619 6264937 6269102 6270387 6272003 6272684 6273397 6273459 6275096 6275566 6276021 6276218 6276776 6276830 6277674 6278360 6278598 6284124 6285756 6286425 6286450 6286688 6286783 6287047 6288893 6289310 6289742 6292077 6294035 6294316 6295215 6296185 6298257 6300074 6304300 6304850 6304912 6307510 6310741 6310813 6312343 6314022 6316036 6316387 6316965 6317857 6318003 6320008 6320650 6321032 6324399 6324911 6325988 6326711 6328548 6328558 6328559 6328627 6330300 6330311 6330332 6331144 6331566 6333293 6333873 6334658 6336587 6336999 6338508 6338687 6339608 6346496 6346738 6347215 6347551 6347657 6349541 6349555 6350435 6352083 6352797 6353096 6353757 6356910 6357844 6358422 6359504 6360005 6360040 6360537 6360730 6363258 6365888 6366201 6369277 6369554 6370993 6372713 6375185 6375852 6376821 6377830 6380040 6380265 6381538 6382063 6383913 6387705 6387790 6388329 6388468 6397218 6399365 6399830 6406055 6407896 6412256 6419630 6419659 6421207 6422893 6428465 6431508 6437732 6438908 Changes incorporated in this version: 6241404 6349541 6375185 6388329 6399830 6412256 6419659 6421207 6428465 6431508 6437732 6438908 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: sjsas_pe-8_1_02_2005Q2-p10-solaris-i586.bin Problem Description: 6241404 recovery of in-doubt transactions from the Application Server 6349541 8.1 EE UR2 - SSL Listeners cannot be made to binding to a specific IP address 6375185 Browser asks for certificate pwd when accessing unprotected resource in a web application. 6388329 JSP compilation error in Application Server after Access Manager upgrade 6399830 IT 319 : password alias feature not working in domain.xml 6412256 Timeout from HA Store updateSessionNewBlob while performing dynamic reconfiguration under load 6419659 Requests not redirected correcly by the LB Plugin when transport-guarantee is CONFIDENTIAL 6421207 The result of Config MBeans setAttributes() depends of order of attributes in the list 6428465 High CPU in lbplugin (process_new and DaemonChannel::unchunk) 6431508 Memory leak when deploy/undeploy application repeatedly 6437732 Integrating MQ 3.6 SP4 with appserver 8.1 ee 6438908 Header location corruption when relativeRedirectAllowed=true (from 119174-08) 6387790 Cross Site Scripting Vulnerability in Application Server 7 Update 8 and 2004Q2 UR4 6383913 SJSAS 8.1UR2: Configuring Default-Web-Module throws RuntimeException looking for missing policy File 6316965 Customized application log files are removed after DAS-NodeAgent synchronization 6387705 load balancer health-check always fails 6347551 After setting sun-acc.xml to FINEST ClassCastException:com.sun.enterprise.resource.XAResourceWrapper 6406055 WARNING: "IOP00110205: (BAD_PARAM) Object reference came from foreign ORB" org.omg.CORBA.BAD_PARAM: 6407896 HttpServletRequestWrapper that overrides getUserPrincipal() causes ClassCastException 6380040 Automated cleanup of logfiles required 6204234 JVM crash with infinite recursion in symbolic links under http docroot 6338508 Admin user cannot authenticate against LDAP in both adminGUI and CLI. 6264937 RFE: --passwordfile /opt/SUNWappserver/password.txt should be encrypted 4942108 [RN] [FCS] Ejb timer service: get errors when saving default values 6377830 [ESCALATED]setAutoCommit to false gets propagated when the same connection is being the next user 6380265 Speed up Cluster deployment/sync 6397218 Servlet request.isSecure() value is not propagated when authPassthroughEnabled is set to true 6399365 InvokerServlet is not working in Enterprise Edition only 6419630 Update appserver 8.1 to pull latest ORB binaries (peorb81/b06) to incorporate CR #2136842 6422893 HTTPS routing dosent work (from 119174-07) 6347215 AS81 to support client-ip from loadbalancer as in AS71 using AuthPassThroughEnabled 6170450 request.getScheme() does not return the correct protocol when using passthrough plugin 6346738 getParameter() fails to return correct paramter when locale-charset used QueryString not considered 6269102 SSL termination is not working, Appserver replaces the https to http during redirection 6370993 Session Failover collapses when the Application Context Root is Modified to "/" in Cluster. 6360040 AppServer LDAP Realm Bind User tends to access all groups and members 6350435 Application Server fails to handle the failure of a database during an XA operation to two databases 6366201 asadmin command does not have the option for rewrite-location in SJSAS 8.1 UR2 4916390 Can't pass command line options to javac during deployment of apps 6310813 ORB code does not handle passing objects that contains private transient well 6369554 connection pool need to validate a connection before giving it to application 6325988 SeeBeyond: interop problem on first incoming RMI-IIOP request with FVD/codeBase 6333873 [SeeBeyond]Configuration connection pool settings through sun-ra.xml 6365888 [SeeBeyond]Connections from the default connector connection pool are not enlisted in transactions 6353096 undeployment/resource pools 6316036 AS logging must be capable of setting log levels on any parent logging domain 6376821 Connection Pool should use its own timer or a timer which aids to purge cancelled timer-tasks 6328627 Run time performance improvements to transactions sub systems 6381538 Standalone Client fails with NPE 6382063 Memory leak in com.sun.enterprise.iiop.IORToSocketInfoImpl 6388468 Pull jaxrpc-ri tag with SeeBeyond fixes on to 8.1 6375852 ---Continuation of bug 6310813 above --- 6357844 No way to configure PE to listen only to localhost 6360537 A webmodule's WebSecurityManager is never destroyed due to name mismatch, may have other sideeffects 6360730 sun-loadbalancer_1_1.dtd does not contain information on 3 properties of loadbalancer.xml 6363258 Deployment Archivist fails to copy schema files into generated directory 6369277 PE out of memory after deploy 20-30 times Rave portlet projects 6372713 Merging HP-UX porting branch back to AS 8.1 ur2 main branch 6358422 Appserver 7.1/8.1 EE: web server LB proxy plug-in should properly support keep-alive connections 6360005 Code invoking getResourceAsStream can lock jar files on Windows (from 119174-06) 6193404 Incorrect 'error-url' in the 'loadbalancer.xml' file 6320650 load balancer plugin reusing freed space (may cause crash) when reconfiguring RNTM2024 6330332 AS8102 memory leaks on deploy/undeploy scenario 6339608 Differences in the behaviour of 8.1 PE ur1 and 8.1 EE ur2 using IE (HTTP GET Query with I18N) 6352083 JAXRPC tests regression failures with 8.2 build2 6352797 access log format customization in 8.1 Platform Edition does not work 6356910 Make AS8.x native launcher bourne shell friendly by disassociating from controlling tty 6359504 EJBMethodPermissions cache leaks memory 6363258 Deployment Archivist fails to copy schema files into generated directory (from 119174-05) 6295215 RFE:java.sql.statement.getConnection() doesn't meet javadoc specification for pooling connections 6296185 Upgrading JES2 ( 7.0.0_03c ) to JES3 ( 8.1 ) failed in a Japanese OS ( locale = ja ) 6304850 When admin-password for DAS is changed in adminGUI, its associated NodeAgent fails to synchronize 6307510 S1AS 7.0/SJAS7.1 : EJBC/RMIC generates STUB/Skel with NOT fully Qualified Package Name 6320008 Rich client RMI-IIOP failover testing fails 6328548 SJAS 8.1 doesn't provide graceful shutdown for EJB (RMI/IIOP) 6331144 Application Server: stand-alone Java EJB clients cannot reliably authenticate with ACC after restart 6331566 InitialContext JNDI lookup uses wrong listener port on recovery causing lookup failure (forever) 6336587 Cascading Problem: DAS/server instances should not abort startup if cascading fails 6336999 Use of relativeRedirectAllowed=true in a web application can result in a corrupted Location header 6338687 Doc:SJAS 7.1 UR4 EE & 8.1 UR2 EE : LoadBalancer Plugin CANNOT accept/handle URL/URI greater than 8K. 6346496 Loadbalancer.xml improperly generated for EAR (clusterjsp) that does not have alt-dd. 6347657 AppServer 8.1 patch doesn't remove files that indicated as deleted in the patch README 6349555 Update appserver 8.1 to pull promoted ORB binaries peorb81/b03 6353757 Support for Alteon HWLB with appserver8 (from 119174-03) 6251872 JSP compilation does not include classes in common classloader (domain1/lib) level 6258619 Undeployment does not release all files 6276021 Redeployment of war file (remote deployment for Creator) fails 6289310 The JSTL Standard import tag leaks file descriptors when using absolute URLs 6316387 Web server does not respond correctly when handling the "if-unmodified-since" header 6318003 webserver sends back the actual content with 412 code for request with if-unmodified-since and range 6321032 Message in deployment error dialog mentions Application name instead of context root 6324911 can not migrate all functions from 7.1 to 8.1 6326711 Using IPV6 address for HTTP listener address in AS8.1 will crash when HTTP listener is created 6328558 SJAS 8.1 asadmin --family inet6 doesn't work 6328559 SJAS 8.1 admin console doesn't let user to configure IPv6 related setting 6330300 URL forwarding feature as in AS7.x is gone from AS8.x 6330311 Multiple/Alternate docroot feature missing from AS7.x 6333293 Backport ORB Logger code from AS9 to AS8 so that ORBDebug works on AS8.1UR2EE for rich client 6334658 Invalid session returned after session.invalidate() in target application (from 119174-02) 6171200 Load balancer plugin crashes in URL encoded URLs (especially those with representing printf's escap) 6207862 asadmin create-domain --help produces some cvs merge characters and is garbled 6209453 Load balancer does not failover to other clusters when all instances are disabled on one cluster 6210327 Appserver reverse proxy plugin causes cache memory growth 6211979 Deploy command fails on file based non root installation 6227718 Enhance loadbalancer to alter context root 6245681 getDescription() call on NativeWebCoreThreadPoolStats.getPeakQueued() returns string with typo 6255219 Quiescing not working as described 6258619 Undeployment does not release all files 6270387 Redeploy sometimes fails, "Error while running ejbc -- Fatal Error from EJB Compiler" 6275566 Appserver 8.1 Virtual Server access log location not updating 6276021 Redeployment of war file (remote deployment for Creator) fails 6278360 AS 8.1 EE does not support web apps which are also CORBA clients 6285756 WebArchiveClassesLoadable reports wrong failures 6286425 Need a localized per-configuration folders that is synchronized across 6286688 Cannot save transaction support value when JMS connection factory was created for the first time 6289742 Application Server load balancer plug-in loses requests under high loads 6294035 Japanese character buttons in admin console are corrupted after processing 6298257 asant can't be run on Windows 2000 at all, a command too long error is returned 6300074 Upgrade from SJAS 7.1 ur3 SE (package based) to JES 3 result in faulty configuration 6304300 Fail over does not work if session contains references to remote objects 6304912 NullPointerException encountered during App Server upgrade from 7.x to 8.x 6310741 The incorrect WebArchiveClassesLoadable failure for bookstore, javax.servlet.UnavailableEx 6312343 Rave generated JSF app does not work in EE 6314022 Fail of Application Deplyemnt through Admin console deletes all the directries from /var/opt/sun 6317857 Undeploy: Error unregistering mbean 6324399 AS8102 memory leaks on deploy/undeploy scenario (from 119174-01) 6287047 The run of AS security samples was not able to start AS, the execution failed 6288893 Appserver restart using sun-appserv-admin causes LoginException 6298257 asant can't be run on windows 2000 at all, a command too long error is returned 6276776 The configuration of the Registry Server with AS failed: Could not create task macrodef 6294316 In BAT, Tomcat and GTest-Security tests are failing on both file and Package base 6292077 "SunPKCS11-__SUN_SJSAS_internal" provider causes NPE when storing or retrieving RSA keys from JKS KS 6278598 JWSDP 1.6 plugin fails to work with SJSAS 8.1 integrated into JES4 6249884 Session varriable not getting replicated in portlet application when deployed on AS 6272003 Error: Online help topic not found 6272684 Regression with CTS webservices test case: war Deployment get fatal EJB compile error/HTTP 500 error 6273397 Startup throws exception after completed AS 8.1 PE FCS filebase upgrade to 8.1 PE UR2 filebase 6273459 At the end of upgrading from as81ee fcs to as81ee ur2 the installer throw NullPointerException 6275096 The Admin GUI's online help display in english for ja and zh_CN 6276218 Deploytool does not work with spaces in the install path 6276830 Updated files with size unchanged was not included in AppServer patch generation 6277674 AS 8.1 UR2 installer does not detect AS 8.1 UR1 for in-place upgrade 6284124 Servlet container UTF-8 URI mapping issue 6286450 AS cannot determine request charset using form-hint-field if form action contains query parameters 6286783 Server has to reject requests with Double 'Content-Length' header Patch Installation Instructions: ---------------------------------------------- To install the patch, please follow the instructions in the Sun Java System Application Server Platform Edition 8.1 2005Q1 Installation Guide available from http://docs.sun.com/app/docs/doc/819-0080 Special Install Instructions: ---------------------------------------------- NONE Known Issues and Workarounds: 1. 6295215 java.sql.statement.getConnection() doesn't meet javadoc specification for pooling connections This bug has been fixed in 119174-05. This is the documentation part for that . When connection is obtained from Appserver connection pool and statement is obtained from the connection using any of the available methods like createStatement, prepareStatement etc.., by default native(physical) statement object is obtained. So when the statement.getConnection() is called you will get native(physical) connection which is not wrapped connection. In this context if close is called on this object then physical connection will be closed which will break the connection pool logic. To avoid this problem user can get the wrapped statements by setting the jvm property com.sun.appserv.jdbc.wrapJdbcObjects=true README -- Last modified date: Thursday, August 3, 2006