doobries domain

A new security issue has been reported in Apache Tomcat versions 7 through 7.0.20, 6 through 6.0.33 and 5.5.0 through 5.5.33. According to the Tomcat mailing lists: "Apache Tomcat supports the AJP protocol which is used with reverse proxies to pass requests and associated data about the request from the reverse proxy to Tomcat. The AJP protocol is designed so that when a request includes a request body, an unsolicited AJP message is sent to Tomcat that includes the first part (or possibly all) of the request body. In certain circumstances, Tomcat did not process this message as a request body but as a new request. This permitted an attacker to have full control over the AJP message which allowed an attacker to (amongst other things): - insert the name of an authenticated user - insert any client IP address (potentially bypassing any client IP address filtering) - trigger the mixing of responses between users The following AJP connector implementations are not affected: org.apache....

Prime Technology has announced the latest milestone release of PrimeFaces .  PrimeFaces 3.0.M3 is the final milestone release with the release candiate scheduled for release in November 2011. PrimeFaces is a JSF 2 component suite featuring over 100 JSF components such as calendars, CAPTCHA, and Google Maps components.  A full showcase of components can be viewed online here . This latest milestone release adds several new components to the suite (timeline, feed reader, sheet and subtable) as well as including many other improvements.  The complete list of changes can be read in the release announcement . For more details about PrimeFaces, check out primefaces.org

We've just posted a new article on how to Deploy a Java EE Web Application to Open Shift Express using JBoss AS 7.  You can read the entire article here . According to jboss.org: "Express offers the fastest on-ramp to the cloud. Simply install the command-line tools, create your application and deploy to the cloud with Git. It's that easy! Express is a service that leverages a shared-hosting model with SELinux to ensure security at multiple levels."

The JBoss team have just released 2 new versions of the JBoss Application Server. JBoss 7.0.1, RedHat's latest Java EE 6 Web Profile certified application server includes nearly 140 resolved issues over the initial release of the product. The list of resolved issues in 7.0.1 can be found here . JBoss 6.1.0, includes almost 100 resolved issues over the initial release.  The list of resolved issues in JBoss AS 6.1.0 can be found here . Both products can be downloaded from the JBoss Community Downloads page . JBoss AS 7 is described by RedHat as " Lightning Fast " providing " efficient development as a result of fast, concurrent deployment and the ability to edit static resources without redeployment in a flexible deployment structure ".  Have you used JBoss AS 7?  What are your thoughts about it?  Log on now and leave your comments.

The latest release of Apache Tomcat, v7.0.20 has been released and is available for immediate download. In the release notification, Mark Thomas notes: " Apache Tomcat 7.0.20 includes bug fixes and the following new features and fixes compared to version 7.0.19: JSP files with dependencies in JARs are no longer recompiled on every access thereby improving performance. Update to version 1.1.22 of the native component of the AJP and HTTP APR/native connectors. Update to Commons Daemon 1.0.7. Converted unit tests to JUnit 4. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html Note that this version has 4 zip binaries: a generic one and three bundled with Tomcat native binaries for Windows operating systems running on different CPU architectures."

The Tomcat team has announced that as of 30th September 2012 Tomcat 5.5 will be unsupported. Mark Thomas states in the Tomcat mailing lists: " This means that after 30 September 2012: - releases from the 5.5.x branch are highly unlikely - bugs affecting only the 5.5.x branch will not be addressed - security vulnerability reports will not be checked against the 5.5.x branch Three months later (i.e. after 31 December 2012) - the 5.5.x download pages will be removed - the latest 5.5.x release will be removed from the mirror system - the 5.5.x branch in svn will move from /tomcat/tc5.5.x to /tomcat/archive/tc5.5.x - the links to the 5.5.x documentation will be removed from  tomcat.apache.org - The bugzilla project for 5.5.x will be made read-only Note that all 5.5.x releases will always be available from the archive. "