VMware

vFabric Web Server 5.2 Release Notes

vFabric Web Server 5.2.1 | 24 JAN 2013
vFabric Web Server 5.2.0 | 16 OCT 2012

Last Document Update: 24 JAN 2013

What's in the Release Notes

The release notes cover the following topics:

What's New in vFabric Web Server 5.2.1

This vFabric Web Server release includes the following new features and changes:
  • Updated Apache Portable Runtime. The Apache Portable Runtime (APR) is upgraded from 1.4.5 to 1.4.6.
  • Disabled SSL/TLS Compression. OpenSSL compression is now disabled by default for protection against the CRIME exploit vector. The mod_ssl "SSLCompression on" configuration option is added to allow the administrator to re-enable compression. See Vulnerability Summary for CVE-2012-4929.
  • Proxy Balancer Enhancement. mod_proxy_balancer is enhanced with the drain worker status flag to set a proxy worker to accept only sticky session routes. See ASF Bug 51247.
  • FcgidWrapper Directive Fix. A bug in the FcgidWrapper directive's command line argument that caused incorrect parsing of quotation marks and escaped spaces is fixed. See ASF Bug 51194.
  • httpdctl Fix. Running the httpdctl script without specifying a command line option no longer causes an error.
  • Security Enhancement. The fix in APR 1.4.6 to randomize hash algorithms is incorporated in vFabric Web Server 5.2.1. This fix is responsive to oCert Advisory 2011-003. Although VMware is unaware of any exploitation of the potential risk described in the advisory, the fix is provided for the benefit of users who run version-sensitive compliance tools.

The VMware Solution Exchange has also been updated with a new version of the Hyperic plugin for vFabric Web Server. Click the Tech Specs tab for instructions on installing this plugin into an existing vFabric Hyperic 5.0 installation.

What's New in vFabric Web Server 5.2.0

This VMware® vFabric™ Web Server release includes the following new features:

  • Updated Apache HTTPD binaries and modules. vFabric Web Server 5.2 includes version 2.2.23 of the core Apache HTTPD binaries as well as other updated components, such as OpenSSL/FIPS 2.0 and Tomcat mod_jk 1.2.37. See Complete Packages and Modules in vFabric Web Server 5.2.
  • Windows scripts now UTF-8 compatible. The vFabric Web Server command scripts (fixrootpath, newserver, and httpdctl) on Windows are now UTF-8 compatible. As a result of this change, you must now use PowerShell to run Windows scripts; previously you could run them from a standard command prompt. The documentation now includes instructions for using PowerShell; see Windows: Install vFabric Web Server from a ZIP File for an example.
  • --set option of the newserver script. The newserver script has a new option, --set, that you can use to specify a custom value for certain instance properties, such as the user that Web Server processes run as. See newserver Prompts and Command Reference.
  • Install Web Server instance as a Unix service. You can now use the install command of the httpdctl script to install a Web Server instance as a Unix service; previously you could use the install command only on Windows. Under Unix: Start and Stop vFabric Web Server Instances, see "Installing vFabric Web Server Instances as Unix Services".
  • newserver behavior change. The newserver script no longer prompts you to enter a user and password. The resulting password file was never actually used by a 5.0 or 5.1 Web Server instance. This change was made to discourage the use of basic authentication; instead, you should choose the method (such as LDAP or digest) that is most suitable for your environment.
  • Additional documentation. The vFabric Web Server documentation includes the following new sections:

The following changes apply to vFabric Suite 5.2 products, including vFabric Web Server:

  • New vfabric repository RPM for RHEL.. As with each new release of vFabric Suite, if you use Red Hat Enterprise Linux (RHEL), you install a new VMware repository configuration RPM. This new installation enables you to easily browse and install the vFabric component RPMs associated with vFabric Suite 5.2, such as vFabric Web Server 5.2. In addition, the 5.2 repository RPM installation now asks you immediately to accept the End User License Agreement (EULA). In previous releases, you accepted the EULA the first time you installed a vFabric component associated with the Suite release. See RHEL: Install vFabric Web Server from an RPM.
  • vfabric-all repository deprecated. The VMware RPM repository vfabric-all is deprecated and will no longer be updated with new RPMs. In addition to vFabric Suite components, vfabric-all contained releases of vFabric components that were not associated with a vFabric Suite release. If you want to install a vFabric component that is not yet part of a vFabric Suite release, you must download the RPM from the VMware Download Center and install it using rpm -ivhf. Under RHEL: Install vFabric Web Server from an RPM, see "Install vFabric Web Server from a Downloaded RPM."

Known and Fixed Issues

The following issues have been identified in this release of vFabric Web Server. Where possible, a workaround is also provided.

The table indicates the version in which the problem was found and, where applicable, the version in which it was fixed. If the Fixed In column is blank, it means the problem still exists in the latest version of vFabric Web Server.

Issue Number Description Found In Fixed In
VWS-17 The Microsoft Windows package and self-extraction mechanism do not provide a capability to store and unpack the vfabric-web-server/httpd-2.2 symbolic link.

Workaround: Create the symbolic link yourself. See Windows: Install vFabric Web Server from a ZIP File for details.
5.0.0
VWS-171 On Unix platforms other than Linux, such as Solaris, the vfhttpd user and group account must be an unprivileged, normal user for accessing the server worker processes to access the content. Because listening ports, error logs and secured credentials such as the SSL key files are accessed during startup as root, the account needs the minimal access to open those files to be served by the worker runtime process after startup.

Workaround: Create the vfhttpd user and group as an unprivileged, normal user, then invoke the newserver tool.
5.1.0 5.2.1
VFP-470 In certain circumstances (described below), the vFabric License Client that is integrated in a vFabric Web Server instance fails to release its vFabric Suite license on shutdown of the Web Server instance. After about 4 hours, the vFabric License Server detects that the Web Server instance has stopped and will release the license.

This issues applies only to vFabric Web Server instances that use a vFabric Suite license (that is, not local licensing) and are configured with the default_mpm="prefork" option. The 5.1 version of the newserver script does not give you the option to set this flag, although in 5.0 it did.

Workaround: Edit the INSTANCE-DIR/conf/startup.properties file and change the value of the default_mpm variable to worker.
5.1.0 5.2.0