CR172370

When the Administration Console created an Application MBean, the associated WebAppComponent MBean incorrectly inherited the Application MBean name instead of the WebAppComponent's URI name. This caused the deployer tool to incorrectly create an additional deployment repository for this application when it was updated.

This defect was corrected by a code change.

CR105735

Navigation through the directories did not go through action servlet, so encoding was not set properly.

A change was made to set the encoding explicitly in the page, so the correct encoding is used to produce the response.

CR087598

Propagation from list page to realm deletion changed the MBean class name specific to the MBean to be deleted. Because of this MBean showed only the last deleted type MBeans in the list.

A attribute (original class name from list) has been introduced which will be propagated in the above described flow. This attribute provides a way to recover the original class name and listing remains undisturbed. This solution applies to all MBean types.

CR184891

The console jsp that was used to upload applications to remote servers was calling the ApplicationManager.update() method even when the server was not in development mode.

Removed the call to ApplicationManager.update() if ProductionMode is enabled. Uploaded applications are no longer automatically deployed when Production Mode is enabled.

CR097378

A NullPointerException sometimes appeared on the Administration Console while the WebApplication Deployment Descriptor was being edited.

WebLogic Server was not checking for the descriptor being null, which is the case when it can not be parsed. For this reason a NullPointerException was thrown.

If the descriptor is null, the proper error action will now be called to display the correct message.

CR097036

The correct icons were not being retrieved by the console pages due to changes in the getServletContext code to be in compliance with the Servlet 2.3 specification.

Code changes were made to buildIconList() to provide the path to the images subdirectory in the console.war.

Correct icons now appear in the navigation applet.

CR044503

Creating a new ACL with a blank Permission caused an unexpected error. This was due to names not being checked for null and blank values under some circumstances.

Appropriate checks have been added, and messages for null names have been corrected.

CR08296

The getParameter() method in GraphApplet is used to get the value of the min/max heap size. Although the return type is long, WebLogic Server was using Integer.parseInt to convert the string values. When the heap size was over 2G, there was an overflow in the integer value. Because of this, the current free memory was sometimes reported as a negative number.

WebLogic Server now uses Long.parseLong to avoid overflow and to get the correct value of the heap even if it is over 2G .

CR079771

WebLogic Server was sending a file link to the browser to report the results of start cluster and start/kill domain operations. That link worked only if the browser was running on the same machine as the administration server. This occurred on all platforms.

WebLogic Server now sends a action link which will process the file and send the output to the browser in an HTML format.

CR077058

When a JMSJDBCStore was created, the "None" option was eliminated from the Connection Pool drop down list.

Adding the ability to make JDBCConnectionPool null restored "None" to the list.

CR069130

When an application with an incorrect web.xml file was added to the applications directory, the Administration Console reported it as having been deployed even though it was not deployed at startup.

WebLogic Server now correctly reports such applications as undeployed.

CR075168

WebLogic Server was using the greater than symbol, '>', as the Token delimiter. Because of this, if a custom message contained a '>', it was being truncated while being displayed.

WebLogic Server no longer truncates the last token when writing to the log.

CR128510

readClassDescriptor() of MsgAbbrevInputStream was trying to resolve a class and throwing a ClassNotFoundException for unknown classes. Java serialization will skip this ClassNotFoundException if corresponding data is not being read.

readClassDescriptor() of MsgAbbrevInputStream no longer tries to resolve unknown classes and MsgAbbrevInputStream implemented resolveClass().

CR129234

CR189793

ReplicatedSessionContext has two hashtables, one of which stores the sessions for which the server is primary, and the other stores sessions for which the server is secondary. The hashtable with secondary sessions has sessionId as a key and ROID as value.

When a session was invalidated and the request to remove the session came to the secondary server, WebLogic Server passed the ROID to the ReplicatedSessionContext, iterated over the values in the hashtable in order to compare ROID with that value, and then removed the entry. WebLogic Server now avoids iterating over the hashtable by passing the sessionId instead of ROID.

CR135131

weblogic.cluster.MulticastObjectListener was locked on a call to objectAdded and waited to lock a HashMap while in a different thread MulticastReceiver locks the HashMap and attempted a lock on MulticastObjectListener. This caused a Java Level Deadlock.

Changing the lock order eliminated the deadlock.

CR127765

When a node in cluster was restarted, it first tried to synchronize with other cluster members resulting in one server adding the other to the cluster view.

Before that cluster node opened the listen port, if a request came in with this cluster node as a secondary, it resulted in an error and from that point on all requests to create secondaries on that cluster node failed.

Now during cluster synchronization, when a node is coming up, it first identifies all the running nodes in a cluster and then sends out a broadcast identifying itself. This ensures that the cluster node coming up is identified by other nodes after it opens a listen port.

CR127643

When a Dynamic Proxy that implemented interfaces declared inside the web application was put into the HttpSession and the session was replicatable, WebLogic Server was not able to load the interface classes on the secondary server.

Dynamic Proxies implementing interfaces stored in the application archive can now be put into HttpSession and be correctly replicated.

CR111029

The cluster members timed out if they did not receive a heartbeat within the default 30 second timeout period. Heartbeats were sent every 10 seconds and servers waited for 3 periods (total wait time was 30 seconds) to get a heartbeat before the cluster member was timed out and declared unavailable. For example, during session replication if the secondary server was unavailable at TCP level, the 30-second period was sometimes too long for a very busy web site. Before the secondary was removed from the cluster view, the primary tried to replicate many sessions to the secondary and thus caused the server to hang or made the server slower.

The timeout value IdlePeriodsUntilTimeout is now tunable. It is set on the <Server IdlePeriodsUntilTimeout="3"> tag in the config.xml file. In general customers should not tune this value and should leave it at the default (3). However, in certain cases depending on the load, available redundancy in the architecture and specific application problems and/or certain production scenarios, tuning this value carefully might alleviate the problem temporarily until the root cause is identified and fixed.

BEA WebLogic recommends that you use HIGH caution when changing this value and ensure sufficient testing of your application at peak load scenarios to ensure the expected behavior. There is no recommendation that fits all scenarios, so testing for load and stress is a must if this value needs to be changed.

CR190507

Fixed a problem with oneway calls for ReplicationManager..

CR190417

When a request landed on a server that was neither primary nor secondary, it got the session from the existing secondary by looking it up on the secondary server with the host port information from the session id.After it successfully got the session from existing secondary it removed the existing session and tried to create a new session.

When two such requests occurred at the same time a distributed deadlock could occur since these requests landed on the 'Replication' thread queue and the 'Replication' thread queue had only two threads and there was no other thread available for reading the response.

Code was added to WebLogic Server which fixed the problem so that it will not deadlock.

CR183210

In WebLogic Server 7.0 and higher, the javax.ejb.TransactionRolledbackLocalException's SVUID was changed and when WebLogic Server 7.0 or 8.1 experienced a javax.ejb.TransactionRolledbackLocalException when a WebLogic Server 6.1 client made a remote call to ejb hosting by a WebLogic Server 7.0 or 8.1 server instance, it experienced an InvalidClassException.

This problem is fixed in WebLogic Server 6.1 so that it now understands the incoming final-ejb20 ClassDescriptor for javax.ejb.TransactionRolledbackLocalException.

CR133631

Stopping a windows service configured with beasvc.exe sometimes caused a timeout when a stopclass was specified. The service was timing out because there was a race condition between the stop and main threads of beasvc.exe.

The race condition has been corrected and the windows service no longer times out.

CR121483

A ConcurrentModificationException was thrown when the monitoring subsystem was trying to read the values of the abbrev table and at the same time the abbrev table was being modified by the rjvm layer.

Cloning the key set before sending the data to the monitoring subsystem so that the HashMap is not modified simultaneously by two threads eliminates the ConcurrentModificationException.

CR188371

When an application cached a stateless session bean remote stub, and all the servers in the cluster were restarted, the stub was unable to refresh its lists of server nodes where the remote object was available and failover did not succeed. This was happening because the stub did not have the information needed to re-establish the initial context with the cluster nodes, hence the remote method invocation failed.

WebLogic Server code was not propagating the thread environment for the stateless session bean stubs in WebLogic Server 6.1 versions and it is required in WebLogic Server 7.0 and higher versions for unmarshalling to set the environment so failover works.

The runtime descriptors for the clusterable stateless session beans now have the propagate-environment attribute set to true by default.

The descriptor is now read and the propagateEnvironment is set so the environment is passed on during unmarshalling. This will allow the failover logic to reconnect to the cluster nodes to retrieve the new list of server nodes where the remote object is available and allow for proper failover.

CR182684

Every time the beasvc service handler was called, the beasvc log added a line indicating that it was called.

For example:

Tue Apr 27 11:52:17 2004] [I] [service_ctrl] 4

This caused the log to fill up when there was no real activity on the server.

The debug statement was removed, eliminating the log problem.

CR181986

WebLogic Server running as a service sometimes ran out of memory if it was using a large number of threads.

Reducing the reserve stack size used by beasvc.exe and beasvc64.exe from 1mb to 256kb eliminated the memory problem.

CR176614

Stateful Session Bean handles taken from the 70 (or 81) WebLogic Server servers to WebLogic Server 61 server/client were failing with a ClassNotFoundException in the serialization code.

Compared to the WebLogic Server 6.1 server, WebLogic Server 70 and 81 servers used a different PK mechanism for SFSB in the ejb container.

Adding the necessary classes to 6.1 line to support the inter-op requirement eliminated the ClassNotFoundException.

CR174605

According to the documentation in "Starting and Stopping Servers" if the CLASSPATH is too long, it can be added as a single line to a file and then accessed as -classpath @filename. However, when beasvc attempted to load the contents of CLASSPATH file, it truncated the last character when the file did not end with a new line.

Now beasvc determines whether the file terminates properly and then reads the file accordingly.

CR173958

Interoperability between 6.1 SP04 and 8.1 SP02 us t3 was failing when the protocol was changed from "secure" to "non-secure" between the front-end and back-end. The front-end QOS was being propagated to the back-end for the authentication call and it was failing.

The problem was resolved by using "anonymous" when doing the bootstrap authenticate call.

CR172366

Messages printed by beasvc.exe to the event log were not readable in Japanese locale.

A code fix ensures that English messages are printed for all non-English locales.

CR135225

A deadlock was occurring between RJVM and NTSocketMuxer.

Code was added to ensure that WebLogic Server does not hold a lock on IORecord during dispatch, thus ensuring that a deadlock will not occur.

CR134971

When <<no stack trace available>> was sent out as part of the exception message field (from the server side) rmi layer was recursively adding / appending the exception as server side stack trace. This was filling up the log files. This manifested when the server was running out of heap and there was a NullPointerException thrown by the application code (EJB + Servlets)

WebLogic Server now parses the exception message field, traps this specific exception and ensures that it is appended only once.

CR133880

Under heavy load, T3File client often threw an ArrayIndexOutOfBoundsException when closing OutputStream/InputStream.

WebLogic Server now acquires the lock on the Vector before starting the loop.

CR175607

Installing WebLogic Server as a Windows service immediately after uninstalling it sometimes created wrong registry keys, which could lead to startup problems.

A code fix ensure that the registry keys are flushed and properly closed.

CR130409

When setting the maximum length of an execute queue with the -Dweblogic.kernel.allowQueueThrottling flag to throttle "slow moving resource intensive" requests on a custom queue, clients did not receive a 503 response and therefore waited for the timeout.

This problem was resolved by a code fix to check for the dispatch return value on the caller and use the sendError() API to return the 503 response.

CR130376

According to the documentation at "Starting and Stopping Servers" if the CLASSPATH is too long, it could be added as a single line to a file and then accessed as -classpath @filename. However, this was not working because when beasvc attempted to load the contents of CLASSPATH file, it sometimes truncated the last character. This only happened when the file did not end with a new line.

A code change was made so beasvc figures out whether the file terminates properly and is then read accordingly."

CR129094

Performance issues that involved TCP window shrinkage in the t3 protocol on the AIX platform have been resolved.

CR122939

A distributed deadlock occurred due to a failure to maintain session stickiness with the primary server. When a request lands on the server which is neither primary nor secondary, it will try to remove the existing session from the primary as well as the secondary and create a new one on the current server and register a new secondary to it. In doing so, this server makes a remote request to the primary to remove the session on non-blocking queue, the primary server makes a remove call to the secondary server to remove itself on non-blocking queue. If there are more than one such requests, there will be no other thread to receive the response on the current server since there will be only two threads available in non-blocking queue and hence there is a distributed deadlock.

WebLogic Server now makes no new remote requests while processing requests that come in on a non-blocking queue. This fixes the problem, as it ensures that there will always be a thread available in the non-blocking queue to receive a response.

CR Number

Description

CR134122

Please review the security advisory information at http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_57.00.jsp.

CR124991

When <validate-db-schema-with>MetaData</validate-db-schema-with> was used AND a cmp-field and a cmr-field were mapped to the same column, a java.lang.IndexOutOfBoundsException was being thrown.

WebLogic Server has been modified and this exception is no longer thrown under these circumstances.

CR055396

When a EJB QL syntax error occurred, WebLogic Server generated an error message with an incorrect xml file reference.

WebLogic Server now generates the message as follows if there are syntax errors in EJB QL.

[java] ERROR: Error from ejbc: Error while reading 'META-INF/ejb-jar.xml' or 'META-INF/weblogic-cmp-rdbms-jar.xml'. The error was:

CR185643

For BLOBs, in the generated code, WebLogic Server calls ObjectOutputStream.writeObject and ObjectInputStream.readObject to serialize/deserialize the object before writing/reading it to the database. These calls add extra header information. The writeObject method writes the class of the object, the signature of the class, the values of the non-transient and non-static fields of the class, and all of its supertypes are written. (This is the reason for the extra header seen in the database.) These calls do not cause a problem when customers are using only WebLogic Server to set and get BLOBs, because it uses readObject to convert the bytes into the appropriate object, which needs that extra header information. However, if the BLOB has been inserted directly into the database by some other vendor or programmer using:

OutputStream os = ((weblogic.jdbc.common.OracleBlob) lob).getBinaryOutputStream(); os.write(this.tiffImage); // byte[] tiffImage

then problems may occur because WebLogic Server uses readObject and the header information is missing. For the data inserted using WebLogic Server, the other programs that would read the bytes directly get the extra header information and fail.

A system property has been added which allows WebLogic Server to correctly report header information.

CR187121

A high value for idleTimeoutSecs, for instance, 60000000, in the Deployment Descriptor when multiplied by 1000 to convert it into msecs was overflowing into a negative value. This caused the trigger that cleans the passivated beans from the disk to constantly fire, causing high CPU usage.

The variables within the EJB container which held the timeout values in milliseconds, such as idleTimeoutMS, sessionTimeoutMS, and readTimeoutMS, have been changed from the int type to long. This prevents any numeric overflow.

CR135367

EJBStatelessHomeRuntimeMBean's implementation class did not provide correct details of pool statistics.

Code was changed to provide the correct pool statistics in the runtime mbean methods.MBean calls now show the correct data.

CR127097

The Stateful EJB monitoring page did not have the machine name prefixed to its output

so it was impossible to see to which machine the entry referred.

The machine name was added to the Stateful EJB monitoring page.

CR124026

The read-only concurrency strategy in 6.x used Exclusive concurrency. This guaranteed exclusive access to the bean, but not to the generated Set for the 1-N relationship. It was possible for two clients to get access to the same Set. In such a case, when some method was called on the relationship Set, it caused a NullPointerException.

Relevant code changes were made to guarantee exclusive access to the relationship Set to fix the issue.

CR104539

CR102308

In WebLogic Server 6.1 SP04, the Administration Console reported incorrect values for waiters for entity beans.

The problem was solved by adding a waiterCurrentCount attribute that is incremented when a client starts waiting for a lock and decremented when the lock is acquired or the client times out.

CR096398

EJBContext.getRollbackOnly() returned "true" if a transaction marked for rollback and had not yet been rolled back. After the transaction was rolled back, it returned "false".

EJBContext.getRollbackOnly() now returns "true" even if the transaction has already been rolled back.

CR060229

The Administration Console was not exposing the Transactions Committed Total Count, the Transactions Rolled Back Total Count or the Transactions Timed Out Total Count for Stateful and Entity EJBs.

The Administration Console now allows monitoring of these items.

CR087261

The EJBDeployer was writing an incorrect deployment message to the log for Message Driven Beans.

The correct message is now being logged when a Message Driven Bean is deployed.

CR079432

MessageLocalizer was not setting the l10n_package attribute in localized catalog files using the l10ngen utility.

MessageLocalizer now correctly sets the l10n_package attribute in a localized catalog file.

CR142730

After a long database outage, a JDBC connection pool that used the XA jDriver for Oracle with TestConnectionsOnReserve="true" could not recover and recreate connections to the database. The following error messages were thrown:

<Warning> <JDBC> <001096> <Refreshing this bad pool connection failed weblogic.common.ResourceException: java.sql.SQLException: open failed for XAResource 'oracleXAPool' with error XAER_RMERR: A resource manager error has occurred in the transaction branch.

and

<Warning> <JDBC> <001096> <Refreshing this bad pool connection failed weblogic.common.ResourceException: java.sql.SQLException: LDA pool exhausted - make sure you call Connection.close()

The problem was that during the outage, the JDBC connection pool attempted to recreate connections, but on failure, those connection attempts were not cleaned up and were depleting Oracle client resources (in the LDA).

The jDriver now cleans up connection creation attempts that fail.

CR134285

class weblogic.db.oci.OciLob defined two class level variables to hold the returned byteArray for either BLOB or CLOB data from database. As this byte array could be quite large each instance of OciLob filled up the heap quickly until a garbage collection occurred.

Further testing and a modified OciLob moving the class level variables retBArray[] and retCArray[] into the methods caused the variable to be allocated on the stack and reduced the size of the OciLob object instance and thus overall heap usage was reduced.

Code was added to move the global variables retBArray and retCArray to the method level in order to reduce the size of the memory heap usage.

CR172462

The WebLogic Server jDriver was not functioning properly with Oracle 9.2 when using the AL32UTF8 character set.

This problem was resolved with a code fix.

CR136168

WebLogic jDriver may cause the server to crash with Oracle error message ORA-02392 when using the long raw type under heavy loads.

A code fix was implemented to resolve this issue.

CR129220

WebLogic Server Oracle jDriver was not properly releasing Clob Objects for garbage collection.

WebLogic Server now releases Clob Objects correctly.

CR095876

In previous releases, methods in the weblogic.jdbc.common.Pool and weblogic.jdbc.common.JDBCServices interfaces were referenced in the Programming WebLogic JDBC guide, but the Javadocs for those interfaces were not published.

In WebLogic Server 6.1 SP7, the Javadocs for these interfaces are published at ../javadocs/weblogic/jdbc/common/package-summary.html. Note, however, that the methods in these interfaces have been deprecated and are not available in WebLogic Server 7.0 and 8.1.

CR128888

Please review the security advisory information at

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp.

CR127949

Statement.getResultSet() sometimes generated an unnecessary new ResultSet wrapper for the one underlying DBMS resultset, if a result set had already been returned to the user code. If the user code had run an executeQuery() call first, without retaining the result set it returned, garbage-collecting could close it immediately, with the underlying DBMS resultset, invalidating and prematurely closing any result set returned by a subsequent getResultSet() call.

WebLogic Server no longer generates unnecessary wrappers due to a code change.

CR184143

Please review the security advisory information at

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp.

CR182410

Under a high load condition, WebLogic Server slowed significantly.

Removing synchronization In weblogic.jdbc.common.internal.MultiPool.searchLoadBalance() method eliminated the slowdown under high load conditions.

CR133612

In Service Pack 7, the Oracle thin driver is modified with latest 9.2.0.4

drivers in classes12.zip in the 3rdparty/oracle/920 directory

CR131575

WebLogic Server sometimes threw an incorrect warning about a JDBC connection leak that began:

[SerialConnection]: Connection Leak detected!!!!!!java.lang.Throwable: StackTrace at creation of connection: /n

The leak detection code that sent this warning is obsolete. A code change resolved the problem.

CR130306, CR135909

In jta.DataSource, when doing refreshAndEnlist, WebLogic Server called tx.enlist(), but the connection was not returned to the pool if there was an exception in the refreshAndEnlist call.

A code change catches the exception and releases the connection to the pool.

CR129379

When an EJB transaction created many new entities or otherwise engaged many beans that all use JDBC, WebLogic Server risked running out of Oracle cursors, because in an attempt to avoid a suspected Oracle driver bug, WebLogic Server delayed closing JDBC statements until the end of a transaction, holding the cursors for the statement until then.

This behavior has been changed so that the session need not hold cursors until the transaction ends.

CR127720

New versions of JDBC drivers track the transactional state of connections. If a local transaction was active on a connection, XA operations could not be performed on it, resulting in an XAER_PROTO or XAER_RMERR when an xa_start() was called on the connection. As a result, applications had to go through the tedious process of narrowing down where in their code they had started but not ended a local transaction.

The problem was resolved by a code change in the recovery method that prevents special XA connections from being released to the pool twice.

CR188040

WebLogic JMS was not receiving notification when ServerDebugMBean() JMS attributes were changed.

The ServerDebugMBean() can now be used to dynamically enable and disable "DebugJMS" ServerDebugMBean attributes. This allows customers to dynamically enabled or disable JMS Debugging flags.

CR099554

Under certain circumstances when a server with JMS messages in a pending state was shut down or crashed, pending messages were not recovered when the server was restarted.

Pending messages are now recovered upon restarting the server.

CR123194

In previous WebLogic Server 6.1 service packs, when the server instance went down but its clients remained active, JMS threw a runtime exception weblogic.rmi.extensions.RemoteRuntimeException, instead of a JMSException as expected per the JMS specifications.

A code change has resolved the problem in this Service Pack.

CR126192

Long-lived JMS connections lacked a periodic heartbeat check.

Following a code change, when JMS is idle the connection pings the database every five minutes to keep connection fresh.

CR182338

A receiver stops processing messages when a RedeliveryLimit is configured and the number of times the RedeliveryLimit is reached is greater than the MessagesMaximum setting on the ConnectionFactory.

Example: RedeliveryLimit=0, MessagesMaximum=10. Receiver receives a message and calls sesssion.recover() 10 times. Receiver will stop processing messages and the console will show 10 messages pending.

Code was added to adjust the window counter when a message is removed from the queue because the RedeliveryLimit had been reached.

CR126183

An idle bridge was logging a message after the maximum idle time setting had been reached.

Code was added to suppress the repetitive log message "Bridge X start transferring messages" logged by an idle bridge.

If the bridge is stopped and restarted, or if it encounters an exception and is restarted you will see the "Bridge "bridgename" starts transferring messages" log message, but you will not see the repetitive message logged by an idle bridge.

CR133155

WebLogic Server took too long to recover JMS messages from the JDBC store at boot time. Including JMS in the getTables prefix resolved the problem.

CR136746

Enhancement request to allow explicit naming of JDBC driver being used in class VendorId.

This customer enhancement was made through a code change.

CR122556

HTTP tunneling requests were sometimes producing ProtocolExceptions.

Code was added to WebLogic Server to eliminate the ProtocolExceptions.

CR087857

When the character encoding was set by JSP pages or servlets, the ServletOutputStream.write(int) method, which takes int type as its argument, received the data encoded using the specified charset encoder.

WebLogic Server no longer encodes the binary data when ServletOutputStream.write(int) is called.

CR180425

WebLogic Server was sending wlsproxy specific headers even when the request did not originate with a proxy.

Code was added to check if the request is coming from a proxy and send the appropriate header.

CR077922

CR063304

The HttpSessionBindingListener were not getting fired correctly. In some cases they were invoked twice.

Re-implementing the callbacks strictly per the Servlet Specification fixed this problem.

CR123308

T3ServicesDef and LogServicesDef interfaces have been

deprecated beginning with the WebLogic Server 6.1 SP5 release.

CR101992

A web application that had a local EJBObject reference in its session, sometimes got an javax.ejb.EJBException after it was redeployed.

Code was added to catch the exception and log a message. An error message is now logged to indicate serialization failure and the getAttribute() of HttpSession, ServletRequest or ServletContext returns null under these circumstances.

CR085091

There was a problem that was preventing serving custom error pages, if the request was a conditional GET (Is-Modified-Since header set) for a protected resource.

The logic was fixed to serve the custom error page if one is defined.

CR127959

Code that used a response wrapper and called getOutputStream on the original response passed into a JSP resulted in NestedBodyResponse always throwing an IllegalStateException.

Mixed use of getWriter() and getOutputStream() from NestedBodyResponse are now allowed, so the exception will only be thrown when appropriate.

CR133291

A protocol exception, excjava.net.ProtocolException: Didn't meet stated Content-Length, was occurring when a client cancelled a request while the default fileServlet was sending a file.

This was resolved with a code change.

CR127708

WebLogic Server decoded the path /foo/bar%c0%baz/ to /foo/bar because sun.io.ByteToCharConverter stopped converting the remaining bytes if it encountered bytes that were not valid in UTF8 (for example, 0xc0). This problem does not occur on JDK 1.4.

The problem was resolved with a WebLogic Server UTF-8 converter that replaces invalid UTF-8 sequences with U+FFFD characters. As a result of this fix, the path /foo/bar%c0%baz/ is decoded to /foo/bar?%baz.

CR143448

The java.lang.IllegalStateException: HttpSession is invalid exception occurs in the servlet container's internal call. If other threads using the same session ID invalidate the session object during processing of ServletRequestImpl.syncSession(), an IllegalStateException may occur while calling SessionData.putValue() or SessionData.isNew().

Ignore the IllegalStateException if the session has been invalidated by other threads.

CR134414

When a Serializable Servlet request attribute was added, and then overwritten it with a non-Serializable value, the original value masks the new one.

A code change was made to try to remove the value from a HashMap table of serializable attributes if necessary, when replacing a Serializable value with a non-Serializable one.

CR132522

On a Web server without a default Web application, an HTTP request for a missing resource received a response that included an incorrect date header:

HTTP/1.1 404 Not Found Date: Thu, 01 Jan 1970 00:00:00 GMT

This header is not valid according to section 14.18 of RFC2616. A code change resolved the problem.

CR173042,

CR110910

HttpClusterServlet threw this exception, when KeepAliveEnabled was set to true after a large file download was canceled.

Analysis revealed that when a client canceled a file download, the remaining data was left in the inputstream. If the socket was recycled for a subsequent request, the servlet read the remaining data, resulting in the exception.The problem was solved with a code fix to drain the inputstream and if the download is canceled we will read this remaining data.

CR133558

ServletContext.setAttribute threw a NullPointerException when a null value was passed to it.

The problem was resolved by a code change that calls removeAttribute() when a null value is passed to the setAttribute().

CR129211

Using ServletOutputStream.write(byte) to write more than the buffer size caused infinite loop.

A code change resolved the problem by updating the check for boundary conditions when the buffer is full and autoflush is set to false.

CR128986

After a protocol exception, the server hung while trying to process a new license because of a problem with the ensureContentLength method.

A code change ensured that the server no longer hangs during this process.

CR128420

breakUpAndWriteItOutAsNecessary() tried to separate a manifest header to enforce a maximum of 72 bytes per line, and wrote one line to an outputstream at a time. The cause of this problem was that the start offset for the new line is wrong.

A code change resolved the problem.

CR127836

A JSP in a subcontext of the root context was precompiled when deployed as a Web application packaged in a WAR file, but not if it was deployed in exploded format.

JSPs now precompile when deployed in an exploded format.

CR127090

Jsp used several MBeans with attributes that had the same names, thus when they were displayed, it looked as though there were duplicates, when in fact, there were none.

The display labeling of the MBean attributes was changed for the mbeans that had the same attribute names. They are now distinguishable.

CR116209

When a Serializable ServletContext attribute was added and then overwritten with a non-Serializable value, the original value masked the new value.

When replacing a Serializable value with a non-Serializable one, WebLogic Server now removes the original value from the attributes hashtable.

CR121343

A race condition arose during the computation of a secondary JVMID when more than one frame was used. It appeared that the computation of the secondary JVMID was resetting the member variable value by one thread, causing the race condition.

Following a code change, the computation of the secondary JVMID no longer leads to the race condition.

CR120932

The HTML page served by the CertificateServlet displayed the wrong value for the radio button—it displayed 2048 for the radio button, but using the button resulted in a 1024 bit certificate.

The radio button now produces the correct 2048 bit certificate.

CR091831

The WebLogic Server implementation of HttpURLConnection did not check whether keep-alive connection had been timed out on the server side when using POST method, resulting in the error: Connection aborted by peer: socket write error on flush.

Checks were added to ensure that the HttpClient is non-null before updating the timestamp.

CR108034

Inappropriate error messages generated by a user breaking a connection have been suppressed.

CR132228

Harmless IOExceptions were not being suppressed on Japanese locales.

WebLogic Server now sets the locale to C by default when enabling nativeIO. Customers who do not want to set the locale to C can use the system property

-Dweblogic.nativeIO.useDefaultLocale=true

On non-english locales, the harmless exceptions are now suppressed.

CR122811

A change to support piping of passwords into weblogic.Admin. That change locked up the System.in stream, preventing automated scripts from working correctly.

The change that locked the System.in. stream has been corrected and scripts can now be automated.

CR097343

When a deployment was done where the targets were across two different platforms (such as unix and windows), the deployment files were not found.

The deployment location was not being localized for the local machine type. If one deployed a webapp from an administration server running on windows and targeted it to a unix based machine, the location of the deployment was malformed for that platform.

The deployment path has now been localized for each machine type.

CR190237

The WebLogic Server MBeanHome method getAllMBeans() threw an exception when running in a WebLogic Portal environment.

WebLogic Server MBeanHome Helper needed additional knowledge of WebLogic Portal mbean class locations and a correction to existing logic.

The ClassNotFound exception is no longer thrown in the WebLogic Portal environment.

CR190212

when an exception was thrown while retrieving attributes via MBeanServer.getAttributes(), any exceptions thrown by the JMXServer were handled and a null value was returned.

WebLogic Server now rethrows the exception instead of returning a null value.

CR188030

CounterMonitor.stop() was synchronized causing a deadlock.

Synchronization was removed, as called for in the documentation, eliminating the deadlocks.

CR187170

When the attributes of an array type changed(meaning certain elements of the array were added or deleted or both), AttributeAdd/Remove notifications were not being sent out. Thus certain deployments were not being carried out properly.

The WebLogic Server now sends AttributeAdd/Remove notifications, in addition

to the AttributeChange notification, when an array type attribute values change.

CR113085

When the value of SqlStmtProfilingEnabled was set through MBeans or manually in config.xml file and then you tried to retrieve that value through MBeans it did not show the value. Instead, it returned a message, "It appears that no attributes have been specified for this MBean".

Exposing the SqlStmtProfilingEnabled attribute of JDBCConnectionPoolMBean eliminated the error.

CR104435

The KernelDebugMBean options, DebugDGCEnrollment and ForceGCEachDGCPeriod, could not be enabled. There was no way to "set" the enable attribute in weblogic.management.configuration.KernelDebugMBean.

The setter signature did not take boolean for these attributes, so the values for these flags could not be changed from the default.

These attribute setters now accept boolean.

CR081349

When printing the ExecuteQueueRuntimeMBean, the ExecuteThreads attribute was not being displayed correctly with the weblogic.Admin tool.

The entries in the ExecuteThreads attribute are now displayed as a readable string value.

CR094219

When Domain and Server logfile names were date and time based (SimpleDateFormat), the following features were not fully functional:

1. These type of logs were not being rotated.

2. The total number of log files were not restricted even when the FileCount was set.There was no code in place to delete the older log files because the FileFilter could not list these files because of their file name patterns.

File rotation has been implemented for these types of file names.After each rotation, WLS now checks to see whether the files exceed the limit, if restricted. It then deletes the older log files.

CR180724

The initial cookie was created through web server one and sent to cluster one. When ithit the application again it went through web server two and instead of being directed to cluster 1 it went to cluster 2 and created a new session.

The WLCrossOverEnabled functionality now works correctly in WebLogic Server.

CR132699

The Apache 2.0.x plugin for Redhat Linux AS 2.1 returned an incorrect status code. The problem was resolved with a code change, which sets the status code to 500 when the backend WebLogic Server instance is not available.

CR178792

Apache) HTTP requests can contain either one of the following headers: Content-Length or Transfer-Encoding

Requests with a Transfer-Encoding header set to "chunked" were failing with an IO error.

Code was added to support requests using the Transfer-Encoding header set to "chunked".

CR190562

Requests were not retried when the plug-in encountered a broken pipe error on Solaris while sending post data to WebLogic Server.

WebLogic Server now throws a HALF_OPEN_SOCKET_RETRY exception when sendPostData reports a broken pipe on Solaris

CR189251

Under load, Segmentation errors occurred while retrieving plugin Properties for a virtual host.

Replacing the strtok API with strchr, as the strtok API is not thread safe, eliminated the errors.

CR182971

ServerList was deleted after every DNSRefreshInterval which resulted in a core dump.

WebLogic Server now does a dns lookup of all the servers in the list and updates the ServerInfo structure if any server has changed from the last time it was checked.

CR187282

Because the plugin did not follow a part of the HTTP1.1 specification, which states that if a request/response contains both a Content-Length header as well as a Transfer-Encoding: Chunked header, the Content-Length header MUST be ignored, there was a unique scenario involving a recycled connection from the pool that sometimes caused an error.

WebLogic Server now returns contentLength as -1 if CTE is on.

CR095984

When the file size exceeded 30KB, a DNS error message of IE 6.0 was received instead of a 413 message when using the NSAPI plug-in.

The behavior of MaxPostSize configuration is now the same with or without a plug-in.

CR188811

CR188808

WLExcludePathOrMimeType did not work correctly when a request had a query string.

Requests such as http://webserver:port/weblogic/something.jsp?value=123 were not excluded and requests such as http://webserver:port/weblogic/something.do?name=test.jsp were not forwarded.

The plug-in now ignores query strings while checking for excludes.

CR187578

When KeepAliveEnabled ON was configured in httpd.conf, KeepAliveSecs defaulted to 20. This default setting could not be changed.

Code was added to ensure KeepAliveSecs is configurable.

CR187577

When using multiple Location tags in a VirtualHost tag, the Apache plug-in generated a strange URL if the requests matched two more Locations.

The Apache plug-in no longer uses regular expression match, unless specified.

CR186470

When using the IIS plug-in, the creation of a large number of new connections through a firewall resulted in an HTTP status 302, and the connection was closed.

WebLogic Server now recycles the connections if the HTTP status code is 302.

CR186148

When the Apache plug-in encountered a missing page, it was returning a 500 error, rather than the correct 503 error.

The plug-in now returns the correct error.

CR185668

When using the Apache plug-in to proxy to multiple clusters using MatchExpressions, the PathTrim attribute was failing to trim off the segment of the url used to direct the request.

Reimplementing MatchExpressions parsing without using the strtok API corrected the problem.

CR185089

The IIS plug-in was sending an Http status code of 500 (internal Server Error) when it encountered a WRITE_ERROR_TO_CLIENT exception due to a connection closed by the client.

The IIS plug-in no longer sends Http status code of 500 when a WRITE_ERROR_TO_CLIENT exception is caught.

CR180417

If a cookie was part of the POST data then plugin would corrupt the post data while extracting the cookie.

Code was added to fix the cookie extraction from Post Data.

CR136816

If the PRIMARY server could not be located, then the request was served by the next available server in the list. It ignored the Secondary server.

If the Primary server can not be located, but the Secondary server is present then the request will be forwarded to Secondary server rather than being served by another server on the list.

CR183390

WebLogic Server was throwing an exception from inside the catch block which sometimes caused iPlanet to fail.

WebLogic Server no longer throws an exception from the catch block.

CR183311

When Apache was stopped while using a single-thread multi-process module, it would try to stop the timer thread first. This timer thread never existed, thus a core dump occurred.

WebLogic Server no longer creates timer threads when Apache is being used with a single-thread multi-process module.

CR183188

The ISAPI plug-in was unable to handle requests with the Transfer-Encoding header set to chunked.

Functionality was added to enable ISAPI to handle such requests.

CR182434

Headings passed to rq->srvhdrs were not entirely in lower-case instead of mixed case.

Content-type, content-length and transfer-encoding headers are now passed to NSAPI entirely in lower case.

CR175787

WebLogic Server was throwing CONNECTION_REFUSED errors with the Iplanet plugin.

After polling a socket for WRITE operation, if the state of the socket is in any one of the following states, then the plug-in will not throw aCONNECTION_REFUSED exception.

Valid states are:

POLLOUT

POLLWRBAND

POLLWRNORM

CR173985

(Apache) The plug-in was dropping sessions after WebLogic Server was restarted.

This is because Apache 1.3.x creates multiple child processes to handle incoming requests. Each process maintains its own serverlist where each server entry is uniquely identified by the JVMID (provided by WebLogic Server, and which is updated when a request is successfully processed). Whenever a server instance is restarted, it generates a new JVMID. So a request whose cookie contains a new JVMID will fail to locate the corresponding primary server plug-in if the JVMID is not refreshed in the plug-in.

A code fix ensures that if the JVMIDs extracted from cookie do not match with the ones stored in the serverlist, then WebLogic Server will try to refresh the JVMIDs once again.

CR136968

Weblogic Server was not accepting more than one header when the response.addHeader method was used.

The plug-in now allows WWW-Authenticate to have multiple values.

CR135002

In an Apache configuration with multiple virtual hosts, if only one of the virtual hosts was configured with SecureProxy=ON for the WebLogic Server plug-in, and the other virtual hosts did not use SecureProxy or WLProxySSL, the virtual hosts with no SSL configured saw that the plug-in attempted an SSL connection with the backend WebLogic Server. This caused a performance problem.

A new argument was added to an internal method to determine if a SSL connection needs to be initiated.

CR134413

Apache plugin caused a duplicated http header and body for the 302 response. There was no problem between the plugin and backend servers, but the Apache server added an additional 302 response.

Code was added which reverted the return value of the request_handler method to OK.

CR132840

Apache access logs improperly recorded a 200 code rather than a 500 error when application servers were down. A code change resolved the problem.

CR132426

When the plug-in parameter "QueryFromRequest" was used in the httpd.conf file

it gave the following syntax error during Apache Server startup

Syntax error on line 971 of C:/Program Files/Apache

Group/Apache2/conf/httpd.conf:Invalid command 'QueryFromRequest', perhaps misspelled or defined by a module not included in the server configuration.

The Apache 2.0 plug-in now supports the "QueryFromRequest" parameter.

CR131640

WebLogic Server was requested to provide a plug-in for the Sun One 6.1 web server.

The SUN ONE 6.1 Web Server is now fully supported.

CR180236

The release 8.1 SP02 plug-in with client certificates reported the following error:

Failed to parse the client certificate in header: WL-Proxy-Client-Cert. Ignoring this certificate. java.security.cert.CertificateException: Could not parse certificate: java.io.EOFException.

The error occurred because the plug-in truncated the WL-Proxy-Client-Cert header when sending it to the WebLogic Server instance.

The problem was resolved with a code fix.

CR179537

(ISAPI) The IIS proxy plug-in caused heap corruption on the Microsoft Windows platform.

The problem was resolved with an internal code fix.

CR177707

When using the release 7.0 SP02 plug-in with client certificates, WebLogic Server worked correctly. However, after an upgrade to release 8.1 SP02, the server log reported the following error:

Failed to parse the client certificate in header: WL-Proxy-Client-Cert. Ignoring this certificate. java.security.cert.CertificateException: Could not parse certificate: java.io.EOFException

The error occurred because the 8.1 SP02 plug-in truncated the WL-Proxy-Client-Cert header when it sent it to the server instance.

The code was changed so that WL-Proxy-Client-Cert is lazily added to the request sent to WebLogic Server.

CR175989

(Apache) The Apache server generated core dumps when using the worker (multi-threaded) option instead of the prefork (only multi-process) option.

This was resolved by fixing the Locking and Unlocking logic.

CR175672

(Apache) The Apache server was hanging when the WebLogic plug-in tried to open the wlproxy log file, even though Debug was OFF.

The code has been fixed so that the log file is not set if debugging is turned off.

CR174777

[iPlanet] POST_TIMEOUT errors occurred in the iPlanet log file due to a broken pipe.

Code was added to throw a HALF_OPEN_SOCKET_RETRY exception if an EPIPE error is encountered while sending POST data to WebLogic Server.

CR174431

(NSAPI) The Iplanet plug-in now gracefully handles an EINTR OS error.

CR173653

When the WLExcludePathOrMimeType property was defined within a Location tag, it should not have had a global scope. (However, when the property was defined outside a Location tag, then it should have had a global scope.)

This was resolved by a code change to ensure that the WLExcludePathOrMimeType property is applied only to the requests that match the appropriate Location path for the defined property.

CR173581

CR173878

(Apache) The plug-in was logging a confusing "error page is unavailable" log message to the apache error.log, even when the client had closed the connection.

This was resolved by a code change that commented out the erroneous log message.

CR172497

(NSAPI) The "pluginparams.ErrorPageTest" failed when attempting a proxy by extension.

The workaround for the ErrorPage to be loaded locally is to use the WLExcludePathOrMimeType property if proxying by MIME type.

For the SUN One Web Server, version 6.1, some additional configuration steps are required:

1. Remove NameTrans fn="ntrans-j2ee" name="j2ee" from the default object in the obj.conf file.

2. Remove Init fn="load-modules" shlib="C:/Sun/WebServer6.1/bin/https/bin/j2eeplugin.dll" shlib_flags="(global|now)" from the magnus.conf file.

For more information, refer to Sun's documentation, at http://docs.sun.com/source/817-1831-10/agjava.html#wp1084 323

CR172072

Provided an enhancement to the WLExcludePathOrMimeType parameter allowing it to be used at the Location tag level.

WLExcludePathOrMimeType parameter can now be defined locally at the Location tag level as wells as globally. When the property is defined locally, it does not override the global property but defines a union of the two parameters.

CR171978

When the FilterPriorityLevel was set in the iisforward.ini file, the forwarding path was broken.

A code fix was implemented to ensure that when a virtual host was not defined in the iisforward.ini file, the iisproxy.ini file from the same location as where the iisforward.dll file was loaded is used.

CR133641

iPlanet users experienced a problem with host name verification and received the following:

INFO: Host () doesn't match (), validation failed

ERROR: SSLWrite failed

A code fix resolved this issue.

CR130060

A performance problem in the IIS plug-in has been resolved in Service Pack 5 by a code change that causes the plug-in to check whether data equivalent to a specified content length has already been read.

CR129471

In previous service packs, the Apache plug-in did not recognize the WLTempDir parameter. This has been corrected.

CR129342

The ISAPI plug-in sent the WL-PATH-TRIM HTTP Header value to a WebLogic Server in place of the WL-PATH-TRIM value.

WebLogic Server now receives the correct value.

CR129138

When the NSAPI plug-in performed name resolution on backend WebLogic Server instances, name resolution used sysGetHostByName, which called getHostByName, which called internal methods that had maximum limits for open file descriptors, causing name resolution sometimes to fail.

A fix to cookie parsing and the substitution of JVMIDs to locate primary and secondary servers resolved the problem.

CR129026, CR129323

A memory leak in the ISAPI plug-in was fixed by a code change.

CR127973

The ISAPI plug-in sometimes failed after adding a persistent cookie to a servlet session.

A correction to the cookie parsing code resolved the problem.

CR127658

[ISAPI] When a connection was retrieved from the pool, but the WebLogic Server had already closed the connection, then the HALF_OPEN_SOCKET_RETRY exception was raised.

Requests will be now be retried after receiving the HALF_OPEN_SOCKET_RETRY exception.

CR084303

WebLogic Server proxy plug-ins restrict the HTTP commands that can be submitted from the client to the server. The validation rules in the plug-in code now allow the following HTTP commands that are needed for WebDAV implementations:

DELETE

GET

HEAD

OPTIONS

POST

PUT

*COPY

LOCK

MKCOL

MOVE

PROPFIND

PROPPATCH

SEARCH

UNLOCK

CR127231

A request did not fail over to the next available server in the cluster after receiving 503 HTTP status. The same server was tried repeatedly until a READ_ERROR_FROM_SERVER or a CONNECTION_REFUSED exception was raised.

Code now marks the server as failed on getting a 503 HTTP status error, gets the next available server and re-sends the request. All requests now successfully fail over to next available server.

CR188748

CR180749

During the repository id generation of getter and setter operations, sometimes an extra '_' was added if the getter or setter contained a reserved keyword. This sometimes resulted in the failure of a remote call.

WebLogic Server now ensures it truncates extra underscores.

CR175112

The method used to send IIOP messages was unsynchronized leading to corruption of the underlying data if multiple threads tried to send and receive data at the same time.

The method was made synchronized and the product now works correctly in multi-threaded environments.

CR177353

When a application client code cached the remote stub and invoked a remote method on a SLSB deployed to a cluster, the behavior was that each call refreshed the list which tracked the cluster nodes where the remote object is available. This list was used to failover the calls if any of the node failed with a recoverable exception. The issue here was that failover did not work when the entire cluster was restarted while the application client had cached the stub from a previous invocation.

The retry logic in the failover algorithm was incorrect. This logic originally allowed n-1 number of retries in a cluster with n nodes. When the entire cluster restarted, the cached stub would have stale list. And the retry logic scanned though the stale list and exhausted all the retry attempts. In the last attempt it would have potentially refreshed the list. Even though the client side stub now had a new copy of the list it did not attempt to failover as it has already reached n-1 attempts limit.

The remote stub cached in the application client now ensures it refreshes the list only when remote method invocation fails on all the nodes in the existing list. Then stub is given one last chance for failover if the list got refreshed. If this last chance does not succeed the stub will throw an exception to the application otherwise failover will continue to work as advertised transparently.

CR183199

Building the examples on Windows XP resulted in a StringIndexOutOfBoundsException.

Upgrading to Ant 1.6.1 eliminated the build problem.

CR183527

In WebLogic Server 6.1 SP06, the examples.ejb 1.1 package, examples/ejb/building.html provides incorrect instructions for building samples, and incorrectly describes how the samples build script works. The instructions and description refer to previous version of the build script which used build.cmd or build.sh. The current version of the build script (build.xml) uses ant. To run build.xml, type ant in the directory for the sample you wish to build. To understand how the build script works, refer to the comments in build.xml

CR132509

When using the .NET C# example included with the MedRec application (%WEBLOGIC_HOME%\samples\server\medrec\src\clients\CSharpClient\bin\ReleaseCSharpClient.exe), the client successfully retrieves a patient record, but when attempting to "Save Changes" from the client application, a date field error was flagged.

A code change fixed the date validation.

CR045135

Some internal WebLogic Server objects that are bound into the JNDI tree were insufficiently protected. Some of these objects control key functions of the server. Simply unbinding the appropriate objects renders the server unreachable. It was possible to leave the server operational but to have some confidential data transmitted to a foreign object rather than the internal WebLogic Server object.

The patches available in this release control access to the JNDI tree.

See Security Advisory BEA04-65.00.

CR103309

Whenever an HTTP or HTTPS request was made of the server, information about the WebLogic Server version was supplied.

The default setting for returning a Web Server version upon HTTP or HTTPS request has been changed from true to false.

See Security Advisory BEA04-70.00.

CR125520

A deadlock occurred between two threads when using Netscape LDAP classes - LDAPConnection and LDAPConnThread. This deadlock grew until all the default execution threads were deadlocked with LDAPConnThreads.

After updating to the new Netscape SDK, deadlocks no longer occur.

CR128940

A protection problem occurred when WebLogic Server was running on an operating system that required case-sensitive filenames and cross-mount directories containing Web applications from an operating system that did not support case-sensitive filenames. For example, this problem occurred when mounting Windows-based Web applications onto a Linux-based WebLogic Server.

This resulted in some URL patterns in the web.xml file being incorrectly evaluated so that access control was compromised.The associated patch adds configuration options to specify that Web application files should be treated as case-insensitive even though the operating system may be running in case-sensitive mode.

See Security Advisory BEA04-67.00.

CR123860

The constructor method for a flat group used by a custom realm expected a case-sensitive value. When a case-sensitive value was not found, a NullPointer exception was thrown.

WebLogic Server no longer throws a NullPointer exception when the value for the CachingRealm MBean value is null.

CR136544

A set of enhancements have been added to the WebLogic Server command-line utilities and Administrative ant tasks to eliminate the need for a system administrator to enter a clear-text password. With these fixes, the WebLogic Server command-line utilities and Administrative ant tasks now create and read user-managed configuration files. Like the boot.properties files, this new capability relies on strong encryption and file system protections for security.

See Security Advisory BEA04-68.00.

CR179663

CR188110

A NullPointer exception occurred when using the WebLogic Server Administration Console to list LDAP users.

Code was added to eliminate the NullPointer exception.

CR174299

The Use Java attribute on the SSL tab in the WebLogic Server Administration Console was not working properly.

The behavior of the attribute has been fixed.