VMware

vFabric tc Server 2.6 Release Notes

vFabric tc Server 2.6.6 SR1 | 18 FEB 2014
vFabric tc Server 2.6.5 | 26 APR 2012
vFabric tc Server 2.6.4 | 05 MAR 2012
vFabric tc Server 2.6.3 | 20 DEC 2011
vFabric tc Server 2.6.2 | 30 NOV 2011
vFabric tc Server 2.6.1 | 22 SEP 2011

Last Document Update: 21 JAN 2014

What's in the Release Notes

These release notes cover the following topics:

What's New in vFabric tc Server 2.6.6 SR1

The vFabric tc Server 2.6.6 SR1 release updates the version of the included tc Runtime. See Supported Specifications, Related Products, and Platforms.

What's New in vFabric tc Server 2.6.5

The vFabric tc Server 2.6.5 release updates the version of the included tc Runtime. See Supported Specifications, Related Products, and Platforms.

What's New in vFabric tc Server 2.6.4

The vFabric tc Server 2.6.4 release updates the version of the included tc Runtime. See Supported Specifications, Related Products, and Platforms.

Also included in this release is a backport of ASF Bugzilla Bug 52444 from Tomcat 7.0.26.A to address issues with @HandlesTypes processing. This bug caused long startup times or excessive memory consumption for some Spring 3.1 applications.

What's New in vFabric tc Server 2.6.3

The vFabric tc Server 2.6.3 release updates the version of the included tc Runtime. See Supported Specifications, Related Products, and Platforms.

What's New in vFabric tc Server 2.6.2

The vFabric tc Server 2.6.2 release includes a new Elastic Memory for Java plug-in for the vSphere Web Client. This plug-in adds the ability to monitor EM4J configuration and memory performance for EM4J-enabled Java workloads in the vSphere Web Client.

To learn more about using this feature, see Monitoring Memory with vSphere Web Client in Elastic Memory for Java.

The vFabric tc Server 2.6.2 release also updates the version of the included tc Runtime and fixes some issues. See Supported Specifications, Related Products, and Platforms and Known and Fixed Issues.

What's New in tc Server 2.6.1

The vFabric tc Server 2.6.1 release updates the version of the included tc Runtime and fixes a security vulnerability. See Supported Specifications, Related Products, and Platforms and Known and Fixed Issues.

What's New in vFabric tc Server 2.6.0

vFabric tc Server 2.6.0 includes the following new features:

Spring Insight Operations

Spring Insight Operations gives you real-time visibility into Web application and tc Server performance in production environments. Insight Operations graphs the health of an application over time for an entire cluster of tc Runtime instances and for each server in the cluster. You see application and server problems as they occur, with detailed information about contributing events.

Spring Insight Operations has a distributed architecture, with an agent component on each tc Runtime instance in a cluster and a centralized dashboard. The agent and dashboard components of Spring Insight Operations are tc Server templates, separately downloadable, and are available with tc Server Spring edition. Spring Insight Developer, which continues to be included in the tc Server Developer edition, works with one tc Runtime instance during the development phase for a Web application.

To learn more, see the Spring Insight Operations documentation.

Elastic Memory for Java (EM4J)

Elastic Memory for Java (EM4J) improves memory management for Java workloads in VMware® ESXi™. EM4J is part of VMware vFabric Cloud Application Platform 5.0 and is an add-on to vFabric tc Server. It is packaged as a template in the tc Server Standard Edition.

EM4J establishes a balloon by allocating objects in the Java heap, working with ESXi to reclaim available heap memory dynamically and allocate more memory to VMs that need more. It is a Java-savvy alternative to the VMware guest tools balloon driver. It allows you to overcommit memory on the ESXi host to improve consolidation ratios while avoiding the performance and reliability problems that Java's memory management has typically brought to the virtualization environment.

To learn more, see Elastic Memory for Java.

Unix Runtime User Support

The tc Server 2.6 release includes new features that enable running tc Server and the Hyperic Agent with specified Unix user accounts. Changes to the base template, boot-time startup support, and the tc Server Hyperic plug-in ensure that a tc Runtime instance runs as the desired Unix user, even when Hyperic Agent runs as root or another user.

In tc Server, a new base.runtime.user property in the base template specifies the Unix user that the tc Runtime instance will run as. The boot.rc.template file present in previous releases is gone. In its place, a newly created instance has a CATALINA_HOME/bin/init.d.sh script, which is designed to be linked into the /init/init.d directory and added to the Unix init scripts to start the tc Runtime instance at boot time. The script runs as root but uses su to execute the tc Runtime process as the specified user. You can use the base.runtime.user property to specify the user when you create an instance or edit the init.d.sh script to change the user. The default user is tc-server.

To set up a tc Runtime instance to run as a specified Unix user, in the Getting Started with vFabric tc Server documentation, see "Starting tc Runtime Instances Automatically at System Boot Time."

The tc Server plug-in included in Hyperic 4.6 enables you to run tc Server and the Hyperic Agent with different Unix users. Hyperic Agent can run as root so that it has access to system information on the host computer for reporting in the Hyperic user interface. tc Server instances can run as regular Unix users, which is important for security. If the Hyperic Agent runs as a user other than root, that user and the tc Runtime instance user must be members of the same primary Unix group.

When Hyperic discovers a new tc Server instance, it records the Unix user running the tc Server and, in the future, starts the instance with the same user. The new plug-in also ensures that applications deployed through the Hyperic interface are executable by the tc Runtime instance user. The plug-in uses the su or sudo command, depending on whether the Hyperic Agent is running as root or a non-root user, to change identities before starting a server or deploying an application. To use this feature, you must ensure that these commands are available in the /usr/bin directory. If the Hyperic agent is not executing as root, you must also add permissions to /etc/sudoers to allow it to start the tc Server instance.

To enable this feature, in the vFabric tc Server Administration documentation, see "Setting Up Unix Users for tc Server and Hyperic."

Bash Completion for tc Server Scripts

If you use the bash shell on a Unix-like system and have installed and enabled the bash-completion package, you can enable completion for the tcruntime-instance.sh and tcruntime-ctl.sh tc Server scripts. With completion support, you can press the Tab key to complete command arguments or suggest possible alternatives while entering tc Server commands.

To set up command completion, in the Getting Started with vFabric tc Server documentation, see "Enabling Bash Completion for tc Server Scripts."

vFabric tc Server Editions

tc Server is available in three different editions. tc Server Developer is geared towards the enterprise application developer. tc Server Standard is designed for operators and administrators. tc Server Spring Edition, a part of vFabric Cloud Application Platform 5.0, is for operators and administrators deploying tc Server enterprise applications on VMware vSphere® and VMware® ESXi™ hosts. tc Server Standard and Spring Editions use the same installer and differ only in licensed features and support.

Feature Developer Edition Standard Edition Spring Edition
tc Runtime
Spring Insight Developer  
vFabric Hyperic with tc Server Plug-in  
Spring Insight Operations    
Elastic Memory for Java (EM4J)    
Commercial Spring Support    

Supported Specifications, Related Products, and Platforms

The following sections list the specifications, related product versions, and configurations supported with tc Server 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, and 2.6.6.

Supported Java EE Specifications

vFabric tc Server supports the following specifications:

tc Runtime Versions Included with tc Server 2.6.6 SR1

tc Server 2.6.6 SR1 includes the following tc Runtime versions:

  • tomcat-7.0.50.C.RELEASE
  • tomcat-6.0.39.A.RELEASE

Apache Tomcat security vulnerabilities fixed in tc Runtime 7.0.50.C.RELEASE.

Issue Number Description
CVE-2014-0050 Information Disclosure

Severity: Important

A vulnerability related to malformed requests potentially leading to a denial of service was fixed.

tc Runtime Versions Included with tc Server 2.6.5

tc Server 2.6.5 includes the following tc Runtime versions:

  • tomcat-6.0.35.A.RELEASE (same as in tc Server 2.6.4)
  • tomcat-7.0.26.A.RELEASE

tc Runtime Versions Included with tc Server 2.6.4

tc Server 2.6.4 includes the following tc Runtime versions:

  • tomcat-6.0.35.A.RELEASE (same as in tc Server 2.6.3)
  • tomcat-7.0.25.B.RELEASE

tc Runtime Versions Included with tc Server 2.6.3

tc Server 2.6.3 includes the following tc Runtime versions:

  • tomcat-6.0.35.A.RELEASE
  • tomcat-7.0.23.A.RELEASE

tc Runtime Versions Included with tc Server 2.6.2

tc Server 2.6.2 includes the following tc Runtime versions:

  • tomcat-6.0.33.B.RELEASE
  • tomcat-7.0.22.A.RELEASE

tc Runtime Versions Included with tc Server 2.6.1

tc Server 2.6.1 includes the following tc Runtime versions:

  • tomcat-6.0.33.A.RELEASE
  • tomcat-7.0.20.B.RELEASE

tc Runtime Versions Included with tc Server 2.6.0

tc Server 2.6.0 includes the following tc Runtime versions:

  • tomcat-6.0.32.C.RELEASE
  • tomcat-7.0.16.A.RELEASE

Supported Related Product Versions

The following related VMware product versions are supported with tc Server:

  • vFabric Hyperic Server version 4.6. Hyperic 4.6 includes Hyperic Plug-in for tc Server version 2.6.0.
  • Spring Insight Operations version 1.5.1. Download from the vFabric tc Server page on the VMware download page.
  • Spring Insight Developer version 1.5.1. Bundled with tc Server Developer Edition.
  • Elastic Memory for Java version 1.0. Bundled with tc Server Standard Edition.

Platform Support

The following table lists the supported platform configurations for executing tc Runtime. Other configurations may be supported on request; contact your sales representative for details.

Because you typically install and run the Hyperic Agent on the same computer as tc Runtime, you should also consult HQ Agent Requirements.

Follow the guidance of your operating system or JVM vendor when deciding which patch levels should be applied to your computer. In general, the latest patch update levels are recommended.

tc Server Supported Configurations
Operating System Major Version Chip Architecture JVM
RedHat Enterprise Linux (RHEL) V5 x86 32 bit Sun HotSpot 1.6
x86 64 bit
V6 x86 32 bit
x86 64 bit
Ubuntu 10.04 LTS x86 64 bit Sun HotSpot 1.6
Microsoft Windows Server 2008 SP2 x86 32 bit Sun HotSpot 1.6
x86 64 bit
Server 2003 SP2 and newer x86 32 bit

The following table lists specifically tested patch update levels for the latest 2.6.x version of tc Runtime. The table is updated as new configurations are tested.

Tested Configurations
Operating System Major Version Chip Architecture OS Patch Level JVM
RedHat Enterprise Linux (RHEL) V5 x86_64 2.6.18-164.28.1.el5 Sun 1.6.0_20
RedHat Enterprise Linux (RHEL) V5 x86_32 2.6.18-164.28.1.el5PAE sun 1.6.0_20
RedHat Enterprise Linux (RHEL) V6 x86_64 2.6.18-164.28.1.el5 Sun 1.6.0_20
RedHat Enterprise Linux (RHEL) V6 x86_32 2.6.18-164.28.1.el5 Sun 1.6.0_20
Ubuntu 10.4 LTS x86_64
Microsoft Windows Server 2003 x86_32 SP2 Sun 1.6.0_18
Microsoft Windows Server 2008 x86_32 SP2 Sun 1.6.0_18

Known and Fixed Issues

The following problems have been identified in this release of vFabric tc Server. Where possible, a workaround is provided.

The table indicates the version in which the problem was found and, where applicable, the version in which it was fixed. If the Fixed In column is blank, it means the problem still exists in the latest version of tc Server.

Issue Number Description Found In Fixed In
CVE-2011-4858

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafterd parameters.

2.6.2 2.6.3
CVE-2011-3190

vFabric tc Server 2.6.0 AJP request forgery. vFabric tc Server 2.6.0 is vulnerable to an AJP request forgery as described in CVE-2011-3190. Full details on this vulnerability can be found at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190.

This vulnerability does not affect the org.apache.jk.server.JkCoyoteHandler AJP connector for Apache Tomcat 6-based runtimes. Note that this connector is not available for Tomcat 7-based runtimes. All other AJP connectors (org.apache.coyote.ajp.AjpProtocol, org.apache.coyote.ajp.AjpNioProtocol and org.apache.coyote.ajp.AjpAprProtocol) are affected. The tc Runtime ajp template configures the org.apache.coyote.ajp.AjpProtocol connector for both Apache Tomcat 6- and Apache Tomcat 7-based runtimes.

2.6.0 2.6.1
METRICS-2089 The Help link in the Spring Insight User Interface goes to the tc Server 2.1 documentation home page instead of the vFabric 5.0 Documentation Center. The correct link is http://pubs.vmware.com/vfabric5/topic/com.vmware.vfabric.tc-server.2.6/index.html. 2.6.0
TCS-2378 Deploying a WAR file using the "deploy from local machine" method fails when HQ Server 4.5.1.2 is running on Windows and tc Server is running on Linux. 2.1.3 2.6.2
TCS-2379

The Hyperic plug-in for tc Server is missing the following services:

  • SpringSource tc Runtime 7.0 Cache
  • SpringSource tc Runtime 7.0 Data Source Context
  • SpringSource tc Runtime 7.0 Tomcat JDBC Connection Pool Context
2.5.2 2.6.2
TCS-2382 Links in the README.txt file point to password-protected documentation pages on the incorrect server. 2.6.1 2.6.2
TCS-2384 When using the HQ interface to add an HTTPS connector, the SSLEnabled="true" is omitted. 2.5.2 2.6.2
Bugzilla #51872 Ensure access log always logs the correct remote IP. Ensure requests with multiple errors do not result in multiple access log entries. 2.6.1 2.6.2