Copyright © 2009 Red Hat, Inc
1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588 Research Triangle Park, NC 27709 USA
JAVA_OPTS settings in the file JBOSS_DIST/jboss-as/server/production/run.conf with these recommended values:
-Xms1303m -Xmx1303m -XX:PermSize=256m -XX:MaxPermSize=256m
JBOSS_DIST/doc/seam/Seam_Reference_Guide.pdf) for important information regarding the deployment of Seam examples and detailed information on developing applications using Seam.
jboss-eap-docs-<version>.zip.
jboss-seam-docs-<version>.noarch.rpm, and rh-eap-docs-<version>.noarch.rpm. For help with installing rpm packages on Red Hat Enterprise Linux, please refer to the Red Hat Knowledge base article located at http://kbase.redhat.com/faq/FAQ_35_198.shtm
Installation Guide explains how to install and verify the installation of JBoss Enterprise Application Platform using different installation modes.
Getting Started details the directory structure of the platform and a quick tour of the Application Server and different configuration sets and services. Using a simple web application it illustrates the use of JSF-EJB3 components and how to use Seam to integrate the JSF and EJB3 components.
Server Configuration Guide explains all administrative and configuration functions in detail.
SimpleConnectionManager.java file has been updated to synchronize the AspectManager instances and create a new connection advisory before the connection close in order to capture the notifications when the close occurs.
MessagingXAResourceRecovery instance on the client machine would not reconnect correctly to the new server instance and instead display a warning to the user concerning a generated exception in the program. This issue has been corrected by modifying the MessagingXAResourceWrapper.java file to verify the connection, catch any generated JMSException and test if the connection is still valid following an exception.
bisocket-remoting-service.xml was updated in previous releases, the sslbisocket-remoting-service.xml missed being updated accordingly. The following parameters were missing and have now been added in order to ensure remoting configuration functions correctly:
<attribute name="validatorPingPeriod" isParam="true">10000</attribute> <attribute name="validatorPingTimeout" isParam="true">5000</attribute> <attribute name="registerCallbackListener">false</attribute>
ServerInvokerCallbackHandler, resulting in a memory leak. This bug has been corrected by modifying the ServerConnectionEndpoint.java file so that the callbackHandler.shutdown(); method is called in the try code instead of calling callbackHandler.getCallbackClient().disconnect();.
MessagingPostOfficeService.startService() method. Where the code was:
String channelName = (channelPartitionName == null)? channelPartitionName : groupName;
String channelName = (channelPartitionName != null)? channelPartitionName : groupName;
channelPartitionName is tested to not be null instead of being null. This alteration ensures that the channel name is resolved correctly.
Sucker was being stopped due to the remote queue leaving, while the corresponding localQueue was delivering messages and trying to pass messages to its Suckers. In order to ensure this deadlock can no longer occur, the MessageSucker.java file has been updated to move the localQueue.unregisterSucker(this) method call to the beginning of the stop() method in order to prevent the message Sucker from being accessed while it is shutting itself down.
Bridge.java to ensure that the StartupFailureHandler starts the checker thread even if the bridge connection fails so that it is ready to start on a successful reconnection.
MessagingPostOffice where users can now perform changes to the failoverOnNodeLeave property in order to give administrators improved flexibility with what should occur when a JBoss Messaging cluster node is shutdown under normal circumstances.
<attribute name="failureDisconnectTimeout" isParam="true">0</attribute> <attribute name="callbackErrorsAllowed">1</attribute> <attribute name="useClientConnectionIdentity" isParam="true">true</attribute>
RegionManager.createRegion method would allow duplicate region names and when this occurs all future cache operations would happen only on the second instance of the region, while the EvictionTimerTask will only watch the first instance, causing the eviction queue of the second instance to fill. To correct this bug, the RegionManager.checkConflict method now counts a duplicate as a conflict and causes the RegionManager.createRegion method to generate an exception.
findNode method of TreeCache generated a NullPointerException when the findInternal method returned a null value. The findNode method can now handle a null value returned from the findInternal method by checking within the TreeCache.java file if the toReturn value is null as well as the version
org.jboss.remoting.Lease is created a timestamp is associated with it and carried by an initial PING message. The contents of an updated PING message will now be discarded if its timestamp is older than the previously processed timestamp. In the occurrence that the initiating PING message does not have a time stamp, the lease will assume that the client is using an older version of JBoss Remoting and it will accept all updated PING messages.
LeasePinger and Lease pair has been added by setting the parameter org.jboss.remoting.Remoting.USE_CLIENT_CONNECTION_IDENTITY to true. JBoss Remoting then identifies a connection with a LeasePinger and Lease pair and a client participates in a connection when it is connected by way of the new method connect(ConnectionListener listener, Map metadata). This method serves to connect the client to the server by way of a new or existing client invoker, and it also registers the ConnectionListener with the client's new or exiting ConnectionValidator, while also registering the ConnectionValidator with the client invoker's LeasePinger. Subsequently, if any ConnectionValidator registered with that LeasePinger detects a connection failure, it will (if the stopLeaseOnFailure parameter is set to true) stop the LeasePinger, and the LeasePinger will cause each registered ConnectionValidator to notify each of its registered ConnectionListeners of the connection failure. If a client is reconnected by a call to the Client.connect() method, it will be associated with a new LeasePinger and be treated as a new connection.
ClassCastExceptions would arise from the caching of Unmarsharller and Classloader in the MicroRemoteClientInvoker and performing classloading when accessing a remote bean from separate isolated EARs. In fixing this issue the MicroRemoteClientInvoker.java file has been updated to modify the use of useCurrentThreadClassLoader, the variable useCurrentThreadClassLoader has been added to RemotingClassLoader.java, and JavaSerializationManager.java has been modified to update the ObjectInputStream classloader if the useCurrentThreadClassLoader variable of RemotingClassLoader has a value of true.
java.util.Timer class no longer had TimerTasks in its queue, it would allow itself to shut down. This behavior caused subsequent calls to the Timer.schedule() method to generate a java.lang.IllegalStateException. The exception has been overcome by modifying the AbstractDetector.java file to test for an IllegalStateException when scheduling on the heartbeatTimer and Timer.
SocketFactory that allows it to be configurable by the InvokerLocator so that all the parameters from the InvokerLocator are available instead of only those in the configuration map.
org.jboss.remoting.Client.removeListener() method, then ServerInvoker would remove references to ServerInvokerCallbackHandler, and it would call the ServerInvocationHandler.removeListener() method, granting the application a chance to remove the reference it held. An issue arose if the connection from the client was to break as that would cause none of the above to be executed, leading to a memory leak in the program. To fix the problem, ConnectionNotifier now uses copies of lists in order to avoid a ConcurrentModificationException, a shutdown() method has been added to the ServerInvokerCallbackHandler, and within the ServerInvoker the removeCallbackHandler() method has been made public and a shutdownCallbackHandler() method has been added. These changes mean that the shutdown() method within the ServerInvokerCallbackHandler can be used by the application to remove the necessary references by utilizing the ServerInvoker and the applications ServerInvocationHandler.
ConnectionValidator and ConnectionListener as ConnectionValidator may be able to execute the Client.getDisconnectTImeout() method before a ConnectionListener executes Client.setDisconnectTimeout(), causing the program to behave unexpectedly. This issue has been fixed by introducing a new parameter called ConnectionValidator.FAILURE_DISCONNECT_TIMEOUT (with the actual value of failureDisconnectTimeout). If the org.jboss.remoting.Client.USE_ALL_PARAMS property (with the actual value of useAllParams) is set to true, this parameter can be set in the InvokerLocator, the client's configuration map, or the metadata map passed to the Client.addConnectionListener() method. If failureDisconnectTimeout is set to an integer value other than -1, then ConnectionValidator will use that value when it calls the ClientInvoker.terminateLease() method, otherwise the value returned by the Client.getDisconnectTimeout() method is used.
LeasePinger when all the TimerTasks that ran in java.util.TimerTask were shut down the Timer would also shut down and will not accept any further TimerTasks. If a new Timer was to be created and a TimerTask scheduled for it, an exception would occur. In order to successfully replace the Timer if it has shut down, the Wrapped timer.schedule() is now utilized.
org.jboss.remoting.InvokerLocator.getParameters() would return null if the URL had no parameters. In this updated release, the method returns an empty Map instead to ensure safer execution.
org.jboss.remoting.MicroRemoteClientInvoker.getDataType() method when the dataType variable was set to the value of the getDataType(getLocator()) method, the variable would temporarily be set to null if the InvokerLocator had no datatype parameter. This caused issues because another thread may use the dataType variable and return a value of null. Correcting this bug has lead to using a local variable called localDataType while a check occurs to see if InvokerLocator contains a datatype value. The number of threads has also been reduced to 1000 in order to avoid an OutOfMemoryError that may have occurred.
org.jboss.remoting.ident.Identity.get() method would fail in a call to InetAddress.getLocalHost(), the runtime exception java.lang.RuntimeException: Exception creating identity: myhost: myhost would be generated. The issue was that the exception message did not give any information to the user concerning the underlying problem relating to the host name. This output has been fixed to display to the user the correct information in relation to the main host name issue.
marshalFactory. In order to support this the new parameter org.jboss.remoting.Remoting.PASS_CONFIG_MAP_TO_MARSHAL_FACTORY has been added, which requires a setting of true in order to have the configuration map passed to the marshalFactory. If the parameter contains a value of false then the original behavior will be executed.
ServerInvokerServlet instances could be linked to Connectors by MBean names rather than locator URLs. In order to achieve this the parameter org.jboss.remoting.transport.servlet.ServletServerInvoker.CREATE_UNIQUE_OBJECT_NAME has been added. When set to true, ServletServerInvoker.getMBeanObjectName() will call org.jboss.remoting.ServerInvoker.getMBeanObjectName() and return an ObjectName derived by the same algorithm that is used for all transports. To ensure the original default behavior remains, the default value is false.
org.jboss.remoting.detection.AbstractDetector.createDetection() method would create a detection message based on the number of server invokers registered locally. In the JBoss Enterprise Application Server this would cause an error as the message size would exceed the 4000 limit. A buffersize attribute has been created for org.jboss.remoting.detection.multicast.MulticastDetector and org.jboss.remoting.detection.multicast.MulticastDetectorMBean that defaults to a value of 10000.
org.jboss.remoting.Client.connect() call, the org.jboss.remoting.transport.socket.MicroSocketClientInvoker.setup() getAddressByName produces a java.net.UnknownHostException in relation to the hostname. However when the method MicroSocketClientInvoker(InvokerLocator locator, Map configuration) is called the exception is captured and then displayed using throw new RuntimeException(ex.getMessage()). By displaying the exception in this way, information important in understanding the cause of the exception, is lost. This has been rectified by changing throw new RuntimeException(ex.getMessage()); to throw new RuntimeException(ex.getMessage(), ex);, enabling the actual exception content to be displayed to the user.
ServerSocketWrapper.close() method log messages has been reduced in order to remove unwanted information. Instead of using the log.debug() call, the method now uses log.trace().
org.jboss.remoting.Client.addConnectionListener() created a CallbackPoller, a reference to itself and a metadata map would be passed. The issue arose from the CallbackPoller only accessing parameters in the metadata map. To rectify this issue the Client.USE_ALL_PARAMS parameter is checked within the InvokerLocator, the client's configuration map and the metadata map that is passed to the Client.addListener() method respectively. If the useALLParams property is found and set to a value of true, the InvokerLocator, the client's configuration map and the metadata map will be searched respectively for all parameters used by CallbackPoller, otherwise only the metadata map will be used, which is the default behavior.
org.jboss.remoting.Client.addConnectionListener() created a ConnectionValidator, a reference to itself would be passed and the ConnectionValidator would access the client's configuration map. The issue arose from the client's configuration map not including the InvokerLocator parameters. To rectify this issue the ConnectionValidator now searches for the Client.USE_ALL_PARAMS parameter in the InvokerLocator, the client's configuration map and the metadata map that is passed to the Client.addConnectionListener() method respectively. If the useALLParams property is found and set to a value of true, the ConnectionValidator will search for parameter values in the InvokerLocator, the client's configuration map and the metadata map respectively.
ServerInvokerCallbackHandler.destroy() shut down When org.jboss.remoting.callback.ServerInvokerCallback, the variables callBackClient and callbackStore were set to null. If the ServerInvokerCallbackHandler.handleCallback() is then called a NullPointerException arises because that variables callBackClient and callbackStore are set to null. This bug has been corrected in this latest release by the ServerInvokerCallbackHandler.destroy() method no longer assigning a value of null to the variables callBackClient and callbackStore.
RequestDispatcher method, which allowed remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. This update has been rated as having important security impact by the Red Hat Security Response Team.
web.xml, context.xml, or tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. This update has been rated as having low security impact by the Red Hat Security Response Team.
/j_security_check. This would be achieved with malformed URL encoding of passwords, related to improper error checking in the MemoryRealm, DataSourceRealm, and JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. This update has been rated as having low security impact by the Red Hat Security Response Team.
jcommon.jar library was not included within the ZIP version of the previous release. This library file is now included with this release and mbean graphs are now viewable through the web-console.
ApplicationContext.java to generate a MalformedURLException if a path starts with an encoded backslash and the modification of ServerCookie.java to escape double quote characters. (CVE-2007-5333)
HttpServletResponse.reset method was executed, any subsequent calls to response.setContentType or response.setCharacterEncoding had no effect on the content type. This latest release incorporates a fix that allows the response.setContentType and response.setCharacterEncoding methods to function correctly after a HttpServletResponse.reset call and modify the content type. To achieve this outcome the following method executions have been added to the reset() method of the Response class:
usingOutputStream = false; usingWriter = false; isCharacterEncodingSet = false;
LIMIT_BUFFER parameter was set to true an ArrayIndexOutOfBoundsException would occur. The BodyContentImpl.java file has been updated to correct this bug by removing the bufferSizeSave variable and removing the case where the writer variable isn't null. To replace these a case has been written to execute the clearBody method when the writer variable is equal to null. By implementing these changes the JspWriter buffer size and remaining bytes are calculated correctly, removing the ArrayIndexOutOfBoundsException.
JBossXSModel implementation for traversing a XML schema was insufficient, allowing for high deployment overhead when dealing with complex schemas. Correcting this has been a process of modifying the JBossXSModel.java file by adding calls to clear the HashSet periodically throughout the traversing process.
Denial of Service attacks on a server that accepts XML data from external sources. In order to fix this issue, secure XML processing has now been implemented in JBoss Web Services wherever the document builder factory is constructed within the code.
wscompile class would fail to create a valid package name when the namespace contained a capitalized reserved keyword. Rectifying this issue has seen the NameConverter.java file modified to include code that transforms all characters in the namespace to lower case. This fix also sees the upgrade of the JAXB component to 2.1.4.patch02; (see JBPAPP-1982 for reference).
MessageFactoryImpl.java and ServiceEndpointInvoker.java files have been updated to retrieve the message type and set the outbound context properties before calling the request handler chain respectively.
HandlerResolverImpl class would cause a ConcurrentModificationException. Though this would not cause the application to cease operation, it would result in the strange behavior of every request going only through the JAXWS handler twice and not go into service implementation. In order to correct this bug, the code responsible for initiating handler chains within the HandlerDelegateJAXWS.java and HandlerDelegateJAXRPC.java has been synchronized.
wsconsume tool does not support SOAP 1.2 bindings. To enable this tool to support SOAP 1.2, the files WSConsume.java and WSContractConsumer.java have been updated to recognize SOAP 1.2, while the files WSConsumeTask.java and SunRIConsumerImpl.java have been updated to set extensions.
WeakReferences handling within ConfigObservable was not handled correctly causing errors as the value of the WeakReferences became set to null. This has been corrected by adding a ReferenceQueue that identifies the references that require removal. These references are cleared only when a future registration or notification occurs.
text/xml when it should have been set to application/soap+xml. This bug was introduced through an upgrade from SOAP 1.1 to SOAP 1.2. The SOAP HTTP binding in the Content-type header has now been updated to the correct value.
wsprovide.bat file where there is no reference to jaxb-xjc.jar in the classpath. This issue has been corrected by adding the following line to the beginning of the wsprovide.bat file and thus adding jaxb-xjc.jar into the classpath:
set WSPROVIDE_CLASSPATH=%WSPROVIDE_CLASSPATH%;%JBOSS_HOME%/client/jaxb-xjc.jar
-Dcom.sun.management.jmxremote option, a NullPointerException would occur. The SubscriptionManager.java file was updated to allow for a break in the MBeanServer if the MBeanServer server class name starts with org.jboss.
WSDLFilePublisher.java file has been updated with the return code changed to continue within the infinity loop prevention when the file being published contains a location URL or a schema location value.
ArchiveDeployerHook.java file was updated so that even in the event of a deployment aspect failing to deploy, all endpoints will still be called on undeployment in order to ensure registration removal.
ReceiveUsernameOperation.java was updated with the removal of the operations for the Logger to acquire information about the username and password of the current user variable value.
WSSecurityOMFactory.java was updated with new methods for parsing characters and elements as well as the public method setValue which passes a value to the role.setName method and a test if authorization is necessary for the current localName.
Config.java has been updated to include a private Authorize class as well as the public methods getAuthorize() and setAuthorize().
AuthorizeOperation.java has been added to authenticate and check the authorization of the current user.
SecurityDecoder.java has been updated to also use the new classes Authorize and AuthorizeOperation.
ClientImpl.java has been updated to include a value of false as the last property of the new HandlerChainExecutor being created.
HandlerChainExecutor.java has been updated in order to determine specific client side conformance requirements.
Role.java has been added in order to provide a role in the program which is authorized to call an endpoint.
Authorize.java has been added in order to ensure that a user is authorized to call the endpoint.
WSSecurityDispatcher.java has been updated to remove the SecurityStore creator and now include private methods to decode the header and test authorization.
DispatchImpl.java has been updated to include a value of false as the last property of the new HandlerChainExecutor being created.
HandlerDelegateJAXWS.java has been updated to include a value of false as the last property of the new HandlerChainExecutor being created.
GossipRouter implementation. This meant that the IP address was fixed at 127.0.0.1 and the port was fixed at 12001. This update allows for the host and port properties to be configurable so that the system can be tested against other values other than only the defaults.
ServerSocketReceiver and ServerSocketSender classes, enabling use of the correct zone ID in each IPv6 address case.
log.warn(new StringBuffer("packet from ").append(client_addr).append(':').append(client_port).append(" has different version (").append(version).append(") from ours (").append(Version.version).append("). This may cause problems"));
log.warn(new StringBuffer("packet from ").append(client_addr).append(':').append(client_port).append(" has different version (").append(version).append(") from ours (").append(Version.print(Version.version)).append("). This may cause problems"));
Version.version to Version.pring(Version.version).
PersistenceException would be generated where an IllegalArgumentException should have been raised, and the current transaction would be rolled back. The AbstractEntityManagerImpl class has been updated to catch the MappingException and return an IllegalArgumentException to the user, as well as attempt to return a new named query using QueryImpl.
onLoad method was not invoked on an EJB3Interceptor, though it was in the basic Hibernate environment. This issue has been fixed by editing the EventListenerConfigurator class to include the default Hibernate Core PreLoadEventListener.
ExplodedJarVisitor, FileZippedJarVisitor and JarVisitorFactory classes have been updated to cater for a space in a java URL file name.
Ejb3Configuration had classes that contained @PostLoad callbacks and had been added with the addAnnotatedClass method, these would no longer work if the configure method was executed before the addition of @Entity-annotated classes, through the use of the addAnnotatedClass method. This bug has been fixed by delaying the call to the configure method in order to allow for the correct addition of all annotated classes.
.war file was not being correctly handled. This issues has been fixed by changing the way in which the EJB3 submits the persistence root URL to Hibernate.
Ejb3Configuration class has been updated to ensure that PersistenceExceptions state the persistenceUnit that is generating the exception.
Persistence class has been updated for this release to include the PERSISTENCE_PROVIDER string as a final string type.
JarVisitor.addElement method would fail and generate a StringIndexOutOfBoundsException. Updating the AbstractJarVisitor class so that if the name length of the entry is set it the length of the package-info.class attribute, the name is left blank, otherwise the name property is the length of the entries specified name.
ArchiveBrowser where it would not abstract a file path for orm.xml correctly when Hibernate was run on the Windows operating system. In this new version of Hibernate EntityManager, the ArchiveBrowser has been replaced with the JarVisitor. This process has caused this issue to be fixed.
ORM.xml file was being ignored when the excludeUnlistedClass property was set to true in the container mode. This bug has been rectified by modifying the Ejb3Configuration class to ensure that the ORM.xml file is searched even when the excludeUnlistedClass property is set to true.
ConfigurationHelper class to accept string values and the QueryImpl class to utilize these changes.
cl.getResources method, the JarVisitor would fail due to white space errors. The JarVisitor class has now been updated to ensure that URLs returned by IBM WebSphere is striped of any white space that may cause the program to produce an error.
EJB3OverridenAnnotationReader class has been improved by raising a warning when deployment descriptors refer to an unknown property. This has been achieved by checking for orphan properties.
.jar file for archive browser handling for the Weblogic Server.
persist operation. This release sees the Hibernate EntityManager avoid collection loading during a cascaded persist, allowing for increased performance on heavily cascaded object graphs.
QueryImpl class, elements were not being made unique before getSingleResult method exceptions were being raised. This allowed for a NonUniqueResultException to be generated incorrectly. For this release, elements within the QueryImpl class are now made unique before any getSingleResult method exceptions are raised.
Ejb3Configuration class that provides the XML file name when a parsing error occurs. In completing this task the new class NamedInputStream has been created.
ORM.xml files that appear in any referenced .jar files were not evaluated by Hibernate EntityManager. In order to be in line with the EJB3 specifications, the Ejb3Configuration class has been updated to make sure all ORM.xml files are evaluated.
EJB3Configuration class should be able to work successfully without needing to use any configure methods. This update allows for the EJB3Configuration class to work correctly without the need for any configure methods by copying the programmatically defined properties and using them with the new AnnotationConfiguration.
InputStreamZippedJarVisitor class has been updated to produce an exception instead of an IO exception so that Eclipse does not produce a NullPointerException but instead just logs a warning message. This allows for Hibernate and Eclipse to function easier together.
PrePersist callback method was not being utilized if the primary key of the entity was set to null. The way in which the Hibernate EntityManager would operate when a primary key of the entity was set to null has been changed so that the PrePersist callback method can be correctly utilized.
@CreditCardNumber interface created. The Luhn algorithm implementation requires a valid credit card number and checks for user error. This class does not check for credit card validity.
@Digits interface has been added to Hibernate Validator. This interface allows for digits to be expressed as integers and fractions. This new interface resides within the Digits.java file.
EntityListeners, parameters such as interpolator are not supported due to the listener lifecycle not being defined and no avenue exists to pass the PU properties.
NullPointerException would be generated when initialization occurred in the ClassValidator. This bug has since been fixed by initializing the reflectionManager within the ClassValidator constructor.
EmailValidator class has been modified to include checking for a null value and to handle this case correctly so that the validation does not fail.
ClassValidator as being independent of Hibernate Annotations. This ensures that if a users wishes, Hibernate Validator does not have to be used with Hibernate Annotations.
NullPointerException would occur when a native SQL query coupled eager fetching with a many-to-many relationship. Correcting this has meant that the if ( collectionPersister.isOneToMany() ) { line of code in the SQLQueryReturnProcessor file has been changed to if ( collectionPersister.isOneToMany() || collectionPersister.isManyToMany()) {, removing the generation of a NullPointerException. To note though is that the fix only works with the hbm.xml file SQL mapping feature and a named query.
EntityModeToTuplizerMapping.java file when a high number of threads attempted to initialize sets and had to wait for the same monitor. In correcting this issue, the EntityModeToTuplizerMapping.java file has been modified to remove the private final Map tuplizers = Collections.synchronizedMap( new SequencedHashMap() ); line of code and replace it with only private final Map tuplizers; and two new public methods to assist in the mapping.
DefaultMergeEventListener.java file has been updated to use the new CopyCache class. Within the DefaultMergeEventListener.java file, logic has been added to retrieve transient entities and retry a merge once if an error is encountered. Following this, if the merge continues unsuccessfully a TransientObjectException will be generated. The CopyCache class has been created to be the Map implementation used by DefaultMergeEventListener in order to keep track of entities and the copies that are being merged into the session. This implementation also tracks whether a an entity in the CopyCache is included in the merge.
@Immutable annotation included the following failure would occur:
org.hibernate.AssertionFailure: Merged entity does not have status set to MANAGED; EntityEntry[com.tll.model.impl.AccountHistory#71794688](READ_ONLY) status=READ_ONLY
DefaultMergeEventListener.java file has been updated by editing the following test statement:
if ( entry.getStatus() != Status.MANAGED ) {
throw new AssertionFailure( "Merged entity does not have status set to MANAGED; "+entry+" status="+entry.getStatus() );
}
Status could be READ_ONLY:
if ( entry.getStatus() != Status.MANAGED && entry.getStatus() != Status.READ_ONLY ) {
throw new AssertionFailure( "Merged entity does not have status set to MANAGED or READ_ONLY; "+entry+" status="+entry.getStatus() );
}
trim function and support for mod and bit_length were not present in the Sybase Dialect. This release sees these available for use within the SybaseASE15Dialect.
mod, bit_length and trim caused failures in the ASTParserLoadingTest because they were not implemented in the Sybase Dialect. The Sybase Dialect has now been updated to import the org.hibernate.dialect.function.AnsiTrimEmulationFunction function and implement the mod, bit_length and trim functions.
CollectionBinder.java file has been updated to generate an exception with all relevant information given the improper use of the @CollectionId property for individual cases.
NamedQuery class of Hibernate had the flushMode attribute set to AUTO by default. This caused inconsistencies throughout the program and the flushMode attribute to never contain the correct value. To correct this the default value of the flushMode attribute is now set to a newly introduced PERSISTENCE_CONTEXT. This new value makes sure that the flushMode is consistent with the persistence context at the time the query is executed, alleviating inconsistency issues.
AnnotationBinder.mustBeSkipped contains a hardcoded reference to the org.hibernate.tool.instrument.javassist.FieldHandler class. The issue that arises from this is that the class is actually contained within a different package and by having the incorrect reference it caused all javassist-instrumented classes to not function correctly. In order to rectify this issue the reference to the FieldHandler class has been changed within the AnnotationBinder.mustBeSkipped method to be org.hibernate.bytecode.javassist.FieldHandler.
AnnotationException. The generated exception is now caught by the program and a more meaningful AnnotationException is generated and displayed to the user instead. These changes have been made to the AnnotationBinder class.
MapBinder.java and MapKey.java files have been updated to include and use a MapKey @Type.
CollectionSearchConfiguration and SearchConfiguration, and the amendment of the AnnotationConfiguration class to use the new SearchConfiguration class instead of embedding the search functionality within the AnnotationConfiguration.
ToOneFkSecondPass.java file to make the ToOneFkSecondPass method a public method.
AnnotationConfiguration class. This functionality has now been added by overriding all relevant configuration methods that reside within the AnnotationConfiguration class.
AnnotationConfiguration, random binding failures would occur. To fix this issue, the FkSecondPass.java file has been updated to use a unique counter in order to differentiate between two instances of FkSecondPass so that they can be compared as the IBM VM would sometimes return the same hashCode for two different objects. The AnnotationConfiguration.java file has also been updated to utilize the changes made to FkSecondPass.java.
AnnotationConfiguration did not define stable ordering for foreign key columns, allowing them to appear in any order within a generated SQL schema. Also of issue was when the hbm2ddl tool was being used to see a generated schema. The ordering of a foreign key column within a table could change if an unrelated modification was made inside the mapping of a different table. This issue was fixed by the solution for ANN-683 that is specified within these release notes.
Validator was not present, a message describing this would be logged, however this would occur twice. In this update the AnnotationConfiguration class has been modified to only log the occurrence of this once for each time.
@Version class could be set within an @Embedded class without any checking and generate a java.lang.ArrayIndexOutOfBoundsException that would not display enough detail about the error for a user to understand the cause. This has since be altered to check for this occurrence and generate an AnnotationException with useful information so that a user can correct any issues.
o.h.a.Table.comment and o.h.a.Table.indexes methods would fail when used on secondary tables. To correct this issue the SecondaryTableSecondPass class has been updated to use the XAnnotatedElement class and the EntityBinder class now sets the secondary table as the first for when a join needs to occur.
Table.appliesTo method would incorrectly select the last table when no matching table to the user query exists. This bug has been fixed by allowing the hibTable variable within the EntityBinder class to contain a value of null when the correct table cannot be found.
CollectionBinder class. The class has now been updated to test for the instance of a SimpleValue in the @CollectionOfElements property, correcting the issue.
MANIFEST.MF file in the hibernate-annotation JAR file has been improved to contain vendor and versioning information using the default attributes defined in the JAR file specification.
ManyToOne associates containing only transient member variables. This was corrected by adding getter and setter accessors for the respective ID fields and setting both insertable and updatable properties to false.
@OneToOne was placed within a composite key, the Hibernate application would generate an ExceptionInInitializerError. This has been fixed by recoding how a user application that does not use a true OneToOne relationships tested.
NullPointerException would occur when a property of a composite ID would be used for ordering. This bug has been fixed by modifying the CollectionBinder class to check if the PersistentClass is null before checking if it is not an associatedClass.
NullPointerException would be generated when the mappedBy property was incorrect in a @OneToOne mapping. In order to make sure a NullPointerException does not occur, when the otherSideProperty parameter contains a null vale within the OneToOneSecondPass class, an AnnotationException is generated detailing that the mappedBy property is incorrect and where.
EJB3OverridenAnnotationReader class where the annotationsMap would not be correctly initialized, causing a NullPointerException in the AnnotationConfiguration class. The issue has been fixed by modifying the EJB3OverridenAnnotationReader.java file to remove an internal Annotation for loop and replace it with the code annotationsMap = new HashMap<Class, Annotation>( annotations.length + 5 ); instead. This change now allows for the annotationsMap to be correctly initialized.
SecondaryTable with an EmbeddedId or IdClass containing a ManyToOne attribute would error. In order to fix this a new SecondaryTableSecondPass class has been created and the AnnotationConfiguration and AnnotationBinder classes have been updated to make use of the new class since associations can be built on joins. Implementing these changes causes the SecondaryTable class to behave as a user would expect.
PrimaryKey. To correct this the ToOneFkSecondPass.java file was updated to try using an embedded property for a persistentClass.
Collection via Annotations. The functionality to be able to achieve this has now been added for this release.
NamingStrategy interface. In order to rectify this, the Ejb3JoinColumn.java and TableBinder.java files have been updated to quote the result and unquote the source before any other action is taken if the source is quoted.
NullPointerException instead of generating a meaningful exception. This has been changed for the release so that this circumstance does not arise, instead a default filter definition is applied if one is undefined.
AnnotationBinder and AnnotationConfiguration classes have been updated to make sure that the OneToManySecondPass is processed in order.
Tables class whereby the interface declaration contained Table[] values(); instead of Table[] value();. This small bug has been fixed for this release, allowing the Tables.value method to function correctly.
NullPointerException would be generated when the @Id property was used on a @OneToOne relationship. Correction of this bug has been handled by modifying the OneToOneSecondPass class to avoid a NullPointerException in this case and instead generate a meaningful AnnotationException.
hibernate-validator.jar) file between Hibernate Annotations and Hibernate Validator has been removed and the ejb3-persistence.jar file has become a required dependency.
AnnotationBinder class so that the parameters of a query are ordered internally to the order that Hibernate supports.
MapBinder class to test if the collection is anything but a OneToMany relationship then the key column should not be null.
CollectionBinder class used the setCustomSQLDelete method when testing if the sqlDeleteAll method was not null. This would prevent the execution of the col.clear method on the collection in the case that all the elements are removed. The functionality of CollectionBinder has been updated to now use the setCustomSQLDeleteAll method to ensure correct operation.
CollectionBinder and EntityBinder classes, as well as the addition of the new Immutable class.
PropertyBinder class.
AnnotationConfiguration and Mappings classes.
MapBinder class. This behavior caused Hibernate Annotations to not be compatible with Oracle 10g. The optional keyword is now removed from the from clause and Hibernate Annotations is successfully compatible with Oracle 10g.
o.h.a.Table for secondary tables.
EntityMode.DOM4J value would only work when a .hbm.xml mapping file is create and could not be used when only Hibernate Annotations was being used in business entities. The EntityBinder, PropertyBinder and CollectionBinder classes have been updated so that they call the setNodeName method. The error was that this was not being done by the AnnotationBinder, causing the Dom4j tuplizer to not be instantiated when only Hibernate Annotations was being used.
CollectionBinder class, ensuring that if the tables PersistentClass does not contain a value of associatedClass, the tables quoted name is retrieved; otherwise the table is assumed to be empty.
SQLGrammarException. The Ejb3JoinColumn.java file has been amended to use the method column.getQuotedName in the linkValueUsingAColumnCopy method, instead of column.getName.
MappingException to occur. The reason for this issue has stemmed through the need for correct ordering of steps and to fix this a RecoverableException class has been created which is used to catch the exception and allow the program to perform passes to assist in correcting the issue. If however this is unsuccessful then the loop is exited and the original exception is displayed to the user.
<join> tag in .hbm.xml files contain an attribute called optional that allows for configuration of Hibernate to either use inner joins or outer joins, however this same functionality was not included in Hibernate Annotations. This feature has now been added to Hibernate Annotations through the modification of the EntityBinder and Table classes.
package-info.java file has been added by adding the new GenericGenerators interface, and updating the AnnotationBinder to incorporate the use of the new interface.
EmbeddedId and automatically generated IDs did not give useful information to a user. This has been corrected by modifying the AnnotationBinder class to generate an AnnotationException that outputs the class name of the component with information explaining that this class must not have ID properties when used as an EmbeddedID.
AnnotationConfiguration class would ignore classes that were annotated with an incorrect Entity or contained no annotation. The AnnotationBinder class has been updated to log a warning message if any of the mentioned circumstances occurs.
SchemaExport in production. The following instances are circumstances where an issue may arise:
hbm2ddl component of Hibernate Annotations must now check their manually created indexes as there is a high possibility that the order of these will have to change to avoid a performance penalty. An example of this would be that if the index was B, A and Hibernate Annotations now queries based on A, B then the index will not be used.
ManyToOneJoinTest distributed with Hibernate would fail because a primary key would be set on a nullable column. The OneToOneSecondPass.java file has been modified to use the buildJoinFromMappedBySide method instead of the buildJoin method. Enacting this change has meant that the calls to the join.createPrimaryKey() and join.createForeignKey() methods within this file have also been removed.
update clauses, however using table alias' in an update query causes a program failure. In order to correct this the QueryTest.java file has been updated with the removal for the allowance of table alias'.
BaseTransaction class because entries in the hash table were never removed, even if a thread was no longer in use. This meant that client transactions could have leaked approximately 600 bytes. To correct this bug, the BaseTransaction.java file has been updated to replace the hash table with a ThreadLocal implementation which takes an integer as input. In order to allow for the timeout values to work correctly, they now only call the required methods of _timeouts.set and _timeouts.get. With these improvements made, the memory leak no longer occurs.
Java AJP connector and mod_jk load balancing were used it would allow for remote attackers to cause a denial of service (application outage) attack via a crafted request with invalid headers. This would occur in relation to the temporary blocking of connectors that had encountered errors, as demonstrated by an error involving a malformed HTTP Host header. This update has been rated as having important security impact by the Red Hat Security Response Team.
RequestDispatcher method, which allowed remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. This update has been rated as having important security impact by the Red Hat Security Response Team.
web.xml, context.xml, or tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. This update has been rated as having low security impact by the Red Hat Security Response Team.
jsp/cal/cal2.jsp calendar examples web application for Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18. This vulnerability would allow remote attackers to inject arbitrary web script or HTML via the time parameter, related to invalid HTML. This update has been rated as having low security impact by the Red Hat Security Response Team.
/j_security_check. This would be achieved with malformed URL encoding of passwords, related to improper error checking in the MemoryRealm, DataSourceRealm, and JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. This update has been rated as having low security impact by the Red Hat Security Response Team.
ApplicationContext.java to generate a MalformedURLException if a path starts with an encoded backslash and the modification of ServerCookie.java to escape double quote characters. (CVE-2007-5333)
Denial of Service attacks on a server that accepts XML data from external sources. In order to fix this issue, secure XML processing has now been implemented in JBoss Web Services wherever the document builder factory is constructed within the code.
Server Configuration Guide. This information can be found in section 10.13. POJO Endpoint Authentication and Authorization.
Installation Guide, stated that a user should modify the run.conf file in order to increase the available memory to the program. This however is incorrect when running the JBoss Enterprise Application Platform on a Windows operating system. In this case the run.bat file should be modified and the documentation now reflects this difference.
Server Configuration Guide, section 16.5 contained an error regarding the name of the directory where JBoss Web is deployed. Instead of the path to the jboss-service.xml file being JBOSS_HOME/server/all/deploy/jbossweb-tomcat50.sar/META-INF/jboss-service.xml it should be JBOSS_HOME/server/all/deploy/jboss-web.deployer/META-INF/jboss-service.xml. For this CP release, the file path has been corrected.
LdapExtLoginModule was missing from the documentation on login modules within the Server Configuration Guide. The information about this module has now been added to the Using JBoss Login Modules section of the guide.
HASingletonElectionPolicySimple class of the Clustering component retrieved the current view from the HAPartition and formulated a decision based on that information that ignored the possibility that the service being managed may not be running on all cluster members. To fix this issue the ExtendedElectionPolicySimple class has been created and when used it fixes not only the above issue but also an issue where using the kill -9 command was necessary to start singletons on other nodes. This new class extends the election policy and provides helper methods for stable implementations.
iiop/build.xml file has been updated with the removal of:
<javac destdir="${build.classes}/main"
optimize="${javac.optimize}"
target="${javac.target}"
source="${javac.source}"
<javac destdir="${build.classes}/main"
optimize="${javac.optimize}"
target="1.4"
source="1.4"
build.xml file to use Java 1.4.
jakarta-slide-webdavlib.jar to webdavlib.jar and the commons-httpclient.jar has been removed from the distribution because it was dependant on an excluded commons-codec.jar. Removal of the commons-httpclient.jar file does not impact correct functioning of the JBoss Enterprise Application Platform.
hsqldb has been upgraded to version 1.8.0.8.patch02-brew. In this change is a change to the MANIFEST.MF file. In previous releases the version information was displayed as a timestamp, an example would be:
private-2007/12/18-11:59:06
hsqldb correctly within the MANIFEST.MF file as:
1.8.0.8.patch02
javax.persistence.Persistence.PERSISTENCE_PROVIDER = "javax.persistence.spi.PeristenceProvider"
ejb3-persistence.jar released in EAP is non-compliant with the JPA spec because it sets the correct classname (without the typo) for this constant.
javax.persistence.Query.getSingleResult() says that the EntityNotFoundException will be generated if there is no result. The Javadoc should have mentioned the NoResultException instead.
short.MAX_VALUE), and those messages are all stored in the database at the time, this leads to a circumstance where two messages may have identical ID numbers.
| Revision History | |||
|---|---|---|---|
| Revision 1.0 | |||
|
| |||