-
Notifications
You must be signed in to change notification settings - Fork 72
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2818 from OpenLiberty/staging
22.0.0.13 blog post
- Loading branch information
Showing
3 changed files
with
199 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,192 @@ | ||
| --- | ||
| layout: post | ||
| title: "Configurable maximum FFDC age along with CVE and other notable bug fixes in Open Liberty 22.0.0.13" | ||
| # Do NOT change the categories section | ||
| categories: blog | ||
| author_picture: https://avatars3.githubusercontent.com/mbroz2 | ||
| author_github: https://github.com/mbroz2 | ||
| seo-title: Configurable maximum FFDC age along with CVE and other notable bug fixes in Open Liberty 22.0.0.13 - OpenLiberty.io | ||
| seo-description: Open Liberty 22.0.0.13 provides the ability to automatically purge FFDC log files after they reach a configured age. This release also provides many significant bug fixes, including two that address CVEs in gRPC and gRPC Client. | ||
| blog_description: Open Liberty 22.0.0.13 provides the ability to automatically purge FFDC log files after they reach a configured age. This release also provides many significant bug fixes, including two that address CVEs in gRPC and gRPC Client. | ||
| open-graph-image: https://openliberty.io/img/twitter_card.jpg | ||
| open-graph-image-alt: Open Liberty Logo | ||
| --- | ||
| = Configurable maximum FFDC age along with CVE and other notable bug fixes in Open Liberty 22.0.0.13 | ||
| Michal Broz <https://github.com/mbroz2> | ||
| :imagesdir: / | ||
| :url-prefix: | ||
| :url-about: / | ||
| //Blank line here is necessary before starting the body of the post. | ||
|
|
||
| Open Liberty 22.0.0.13 provides the ability to automatically purge FFDC log files after they reach a configured age. This release also provides many significant bug fixes, including two that address CVEs in gRPC and gRPC Client. Two new guides, covering the topics of gRPC and WebSocket, also join our extensive list of guides. | ||
| If you're interested in features and functionality that we have in progress, like Jakarta EE 10, MicroProfile 6, and InstantOn, take a look at the recent link:https://openliberty.io/blog/?search=beta&key=tag[beta blog posts]. | ||
|
|
||
|
|
||
| In link:{url-about}[Open Liberty] 22.0.0.13: | ||
|
|
||
| * <<maxFfdcAge, Configurable maximum FFDC age>> | ||
| * <<CVEs, Security Vulnerability (CVE) Fixes>> | ||
| * <<bugs, Notable bug fixes>> | ||
|
|
||
| Along with the new features and functions added to the runtime, we’ve also made <<guides, updates to our guides>>. | ||
|
|
||
| View the list of fixed bugs in link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A220013+label%3A%22release+bug%22[22.0.0.13]. | ||
|
|
||
| Check out link:{url-prefix}/blog/?search=release&search!=beta[previous Open Liberty GA release blog posts]. | ||
|
|
||
|
|
||
| [#run] | ||
|
|
||
| == Run your apps using 22.0.0.13 | ||
|
|
||
| If you're using link:{url-prefix}/guides/maven-intro.html[Maven], here are the coordinates: | ||
|
|
||
| [source,xml] | ||
| ---- | ||
| <dependency> | ||
| <groupId>io.openliberty</groupId> | ||
| <artifactId>openliberty-runtime</artifactId> | ||
| <version>22.0.0.13</version> | ||
| <type>zip</type> | ||
| </dependency> | ||
| ---- | ||
|
|
||
| Or for link:{url-prefix}/guides/gradle-intro.html[Gradle]: | ||
|
|
||
| [source,gradle] | ||
| ---- | ||
| dependencies { | ||
| libertyRuntime group: 'io.openliberty', name: 'openliberty-runtime', version: '[22.0.0.13,)' | ||
| } | ||
| ---- | ||
|
|
||
| Or if you're using Docker: | ||
|
|
||
| [source] | ||
| ---- | ||
| FROM open-liberty | ||
| ---- | ||
|
|
||
| Or take a look at our link:{url-prefix}/downloads/[Downloads page]. | ||
|
|
||
| [link=https://stackoverflow.com/tags/open-liberty] | ||
| image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="center"] | ||
|
|
||
|
|
||
| // // // // DO NOT MODIFY THIS COMMENT BLOCK <GHA-BLOG-TOPIC> // // // // | ||
| // Blog issue: https://github.com/OpenLiberty/open-liberty/issues/23614 | ||
| // Contact/Reviewer: ReeceNana,tonyreigns | ||
| // // // // // // // // | ||
| [#maxFfdcAge] | ||
| == Configurable maximum FFDC age | ||
|
|
||
| Open Liberty provides First Failure Data Capture(FFDC) capability, which instantly collects information about events and conditions that might lead up to a failure. In certain scenarios, the number of files in the FFDC directory can grow to a very large amount. Previously, Open Liberty automatically purged FFDC files in excess of 500 and this value was not configurable. This release introduces new functionality that automatically purges FFDC log files after they reach a configured age. You can specify this age with a new configuration attribute, `maxFfdcAge`. | ||
|
|
||
|
|
||
| `maxFfdcAge` is the maximum desired age before an FFDC file is deleted. At midnight everyday, any FFDC file that has reached the maximum configured age will be deleted. Specify a positive integer followed by a unit of time, which can be days (`d`), hours (`h`), or minutes (`m`). For example, specify 2 days as `2d`. You can include multiple values in a single entry. For example, `2d6h` is equivalent to 2 days and 6 hours. | ||
|
|
||
| Example server.xml configuration: | ||
| [source,xml] | ||
| ---- | ||
| <server> | ||
| <logging maxFfdcAge="2d"/> | ||
| </server> | ||
| ---- | ||
|
|
||
|
|
||
| [#CVEs] | ||
| == Security vulnerability (CVE) fixes in this release | ||
| [cols="5*"] | ||
| |=== | ||
| |CVE |CVSS Score |Vulnerability Assessment |Versions Affected |Notes | ||
|
|
||
| |http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509[CVE-2022-3509] | ||
| |5.7 | ||
| |Denial of service | ||
| |21.0.0.2 - 22.0.0.12 | ||
| |Affects the link:{url-prefix}/docs/latest/reference/feature/grpc-1.0.html[grpc-1.0] and link:{url-prefix}/docs/latest/reference/feature/grpcClient-1.0.html[grpcClient-1.0] features | ||
|
|
||
| |http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171[CVE-2022-3171] | ||
| |5.7 | ||
| |Denial of service | ||
| |21.0.0.2 - 22.0.0.12 | ||
| |Affects the link:{url-prefix}/docs/latest/reference/feature/grpc-1.0.html[grpc-1.0] and link:{url-prefix}/docs/latest/reference/feature/grpcClient-1.0.html[grpcClient-1.0] features | ||
| |=== | ||
|
|
||
| For a list of past security vulnerability fixes, reference the link:{url-prefix}/docs/latest/security-vulnerabilities.html[Security vulnerability (CVE) list]. | ||
|
|
||
|
|
||
| [#bugs] | ||
| == Notable bugs fixed in this release | ||
|
|
||
| We’ve spent some time fixing bugs. The following sections describe just some of the issues resolved in this release. If you’re interested, here’s the link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A220013+label%3A%22release+bug%22[full list of bugs fixed in 22.0.0.13]. | ||
|
|
||
| * link:https://github.com/OpenLiberty/open-liberty/issues/23478[NullPointerException in InstallFeatureAction for .esa files] | ||
| + | ||
| A bug introduced in the featureUtility command caused a `NullPointerException` to occur when trying to install a feature with using the Enterprise Subsystem Archive (ESA) packaging denoted by an `.esa` extension. | ||
| + | ||
| [source] | ||
| ---- | ||
| java.lang.NullPointerException | ||
| at com.ibm.ws.install.internal.InstallUtils.getFeatureName(InstallUtils.java:794) | ||
| at com.ibm.ws.install.featureUtility.cli.InstallFeatureAction.esaInstallInit(InstallFeatureAction.java:188) | ||
| .... | ||
| ---- | ||
| + | ||
| This is has been resolved, and invoking `./featureUtility installFeature x.esa` to install ESA features no longer throws an NPE. | ||
|
|
||
|
|
||
| * link:https://github.com/OpenLiberty/open-liberty/issues/23403[HTTP/2 Intermittent server quiesce failure when stream is closed with an exception] | ||
| + | ||
| An intermittent issue can occur causing threads to hang when an exception occurs on an HTTP/2 connection. This results in a quiesce warning being issued during a server stop. | ||
| + | ||
| The issue has been resolved and the HTTP/2 streams and connections and the threads managing now stop without error, even in exception conditions. | ||
|
|
||
| * link:https://github.com/OpenLiberty/open-liberty/issues/23326[Liberty default HttpAuthenticationMechanisms do not call HttpMessageContext.responseUnauthorized] | ||
| + | ||
| `HttpMessageContextWrapper` must override the `responseUnauthorized` method. Due to a bug, Liberty's `HttpAuthenticationMechanisms` did not call `HttpMessageContext.responseUnauthorized`, which prevented users from enriching the response, for example, by adding headers. | ||
| + | ||
| This issue has been resolved and the default `HttpAuthenticationMechanisms` now properly calls `HttpMessageContext.responseUnauthorized` for unauthorized requests. | ||
|
|
||
| * link:https://github.com/OpenLiberty/open-liberty/issues/23146[JspFactory.getDefaultFactory().getEngineInfo().getSpecificationVersion() return incorrect version] | ||
| + | ||
| If a Pages, formerly known as JSP, application calls `JspFactory.getDefaultFactory().getEngineInfo().getSpecificationVersion()`, the wrong version is returned. The value is coded to return `2.1` rather than the correct specification version. | ||
| + | ||
| The issue has been resolved, and the correct version is now returned. For example, `jsp-2.2` returns `2.2` and `pages-3.0` returns `3.0`. | ||
|
|
||
| * link:https://github.com/OpenLiberty/open-liberty/issues/22405[OidcClientImpl does not properly declare a dependency on SecurityService] | ||
| + | ||
| When invoking `request.logout()` from a `ServletFilter` that intercepts traffic to the `ibm_security_logout` form-based logout URL , the following NPE might occur: | ||
| [source] | ||
| ---- | ||
| java.lang.NullPointerException | ||
| Stack Dump = java.lang.NullPointerException | ||
| at com.ibm.ws.security.openidconnect.client.internal.OidcClientImpl.authenticateSubject(OidcClientImpl.java:749) | ||
| at com.ibm.ws.security.openidconnect.client.internal.OidcClientImpl.handleOidcCookie(OidcClientImpl.java:722) | ||
| at com.ibm.ws.security.openidconnect.client.internal.OidcClientImpl.logout(OidcClientImpl.java:663) | ||
| at com.ibm.ws.webcontainer.security.AuthenticateApi.logoutUnprotectedResourceServiceRef(AuthenticateApi.java:244) | ||
| at com.ibm.ws.webcontainer.security.AuthenticateApi.logout(AuthenticateApi.java:189) | ||
| at com.ibm.ws.webcontainer.security.AuthenticateApi.logoutServlet30(AuthenticateApi.java:627) | ||
| at com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.logout(WebAppSecurityCollaboratorImpl.java:1212) | ||
| at com.ibm.ws.webcontainer.srt.SRTServletRequest.logout(SRTServletRequest.java:3956) | ||
| at javax.servlet.http.HttpServletRequestWrapper.logout(HttpServletRequestWrapper.java:376) | ||
| at com.ibm.bpm.servlet.filters.GenericSecurityServletFilter.doFilter(GenericSecurityServletFilter.java:327) | ||
| at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201) | ||
| ---- | ||
| + | ||
| The issue has been resolved by declaring `OidcClientImpl` dependent on `SecurityService` and the NPE no longer occurs. | ||
|
|
||
|
|
||
| [#guides] | ||
| == New and updated guides since the previous release | ||
| As Open Liberty features and functionality continue to grow, we continue to add link:https://openliberty.io/guides/?search=new&key=tag[new guides to openliberty.io] on those topics to make their adoption as easy as possible. Existing guides also receive updates to address any reported bugs/issues, keep their content current, and expand what their topic covers. | ||
|
|
||
| * link:{url-prefix}/guides/jakarta-websocket.html[Bidirectional communication between services using Jakarta WebSocket] | ||
| ** Learn how to use Jakarta WebSocket to send and receive messages between services without closing the connection. | ||
| * link:{url-prefix}/guides/grpc-intro.html[Streaming messages between client and server services using gRPC] | ||
| ** Learn how to use gRPC unary calls, server streaming, client streaming, and bidirectional streaming to communicate between Java client and server services with Open Liberty. | ||
|
|
||
|
|
||
| == Get Open Liberty 22.0.0.13 now | ||
|
|
||
| Available through <<run,Maven, Gradle, Docker, and as a downloadable archive>>. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters