vFabric tc Server 2.8 Release Notes

vFabric tc Server 2.8.3 SR1 | 18 FEB 2014
vFabric tc Server 2.8.2 | 31 JAN 2013
vFabric tc Server 2.8.1 | 8 NOV 2012
vFabric tc Server 2.8.0 | 16 OCT 2012

Last Document Update: 21 JAN 2014

What's in the Release Notes

These release notes cover the following topics:

What's New in vFabric tc Server 2.8.3 SR1

  • New tc Runtime Changes
    • tomcat-7.0.50.C.RELEASE
    • tomcat-6.0.39.A.RELEASE
  • Apache Tomcat security vulnerabilities fixed in tc Runtime 7.0.50.C.RELEASE.
    Issue Number Description
    CVE-2014-0050 Information Disclosure

    Severity: Important

    A vulnerability related to malformed requests potentially leading to a denial of service was fixed.
  • tc Server Hyperic plugin: The tcsadmin client now includes the updated list of XSD (XML Schema Definition) files to resolve role issues when completing certain actions.
  • What's New in vFabric tc Server 2.8.2

    This VMware® vFabric™ tc Server release includes the following versions of tc Runtime:

    • tomcat-7.0.35.B.RELEASE
    • tomcat-6.0.36.B.RELEASE

    In addition to fixes in Apache Tomcat 7.0.35, tc Runtime 7.0.35.B.RELEASE contains a fix for JSP compilation. For more information see ASF Bug 54440.

    The VMware Solution Exchange has also been updated with a new version of the Hyperic plugin for vFabric tc Server. Click the Tech Specs tab for instructions on installing this plugin into an existing vFabric Hyperic 5.0 installation.

    What's New in vFabric tc Server 2.8.1

    This VMware® vFabric™ tc Server release includes the following versions of tc Runtime:

    • tomcat-7.0.32.B.RELEASE
    • tomcat-6.0.36.A.RELEASE

    The new tc Runtime 6 version fixes the Apache Tomcat security vulnerabilities listed in the following table.

    CVE Number Description
    CVE-2012-2733 Apache Tomcat Denial of Service

    Severity: Important

    The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers.
    CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses

    Severity: Moderate

    Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved:
    • Tomcat tracked client rather than server nonces and nonce count.
    • When a session ID was present, authentication was bypassed.
    • The user name and password were not checked before when indicating that a nonce was stale.
    These issues reduced the security of DIGEST authentication making replay attacks possible in some circumstances.

    What's New in vFabric tc Server 2.8.0

    This VMware vFabric tc Server release includes the following new features:

    • tc Runtime Versions: The vFabric tc Server 2.8.0 release updates the version of the included tc Runtime versions to:
      • tomcat-7.0.30.A
      • tomcat-6.0.35.B
    • apply-template Command of tcruntime-instance. The tcruntime-instance command script has a new command, apply-template, that you can use to apply a new template to an existing tc Runtime instance. Under Create and Modify a tc Runtime Instance, see "tcruntime-instance.sh Reference."
    • License File Packaging. You can now store vFabric license files in the instance directory, together with the other instance configuration files, as well as in the standard common location. See Activate a Local vFabric tc Server License.
    • Documentation on Managing Outages. The tc Server documentation includes a new section that describes basic steps for managing planned and unplanned outages. See Managing Planned and Unplanned Outages.
    • tcruntime-instance reference documentation. The online reference documentation and examples for tcruntime-instance are now aligned with the command-line usage output. Previously the online documentation and examples showed a different order of options and arguments.

    The following changes apply to vFabric Suite 5.2 products, including vFabric tc Server and Spring Insight Operations:

    • New vfabric repository RPM for RHEL.. As with each new release of vFabric Suite, if you use Red Hat Enterprise Linux (RHEL), you install a new VMware repository configuration RPM. This new installation enables you to easily browse and install the vFabric component RPMs associated with vFabric Suite 5.2, such as vFabric tc Server 2.8 and Spring Insight Operations 1.8. In addition, the 5.2 repository RPM installation now asks you immediately to accept the End User License Agreement (EULA). In previous releases, you accepted the EULA the first time you installed a vFabric component associated with the Suite release. See RHEL: Install vFabric tc Server Standard Edition from an RPM. Under Install and Configure Dashboard, see "RHEL Only: Install Dashboard Template from RPM" and under Install and Configure Insight Agent, see "RHEL Only: Install Agent RPM."
    • vfabric-all repository deprecated. The VMware RPM repository vfabric-all is deprecated and will no longer be updated with new RPMs. In addition to vFabric Suite components, vfabric-all contained releases of vFabric components that were not associated with a vFabric Suite release. If you want to install a vFabric component that is not yet part of a vFabric Suite release, you must download the RPM from the VMware Download Center and install it using rpm -ivhf. Under RHEL: Install vFabric tc Server Standard Edition from an RPM, see "Install vFabric tc Server from a Downloaded RPM."

    Known Issues

    The following problems have been identified in this release of vFabric tc Server. Where possible, a workaround is provided.

    The table indicates the version in which the problem was found and, where applicable, the version in which it was fixed. If the Fixed In column is blank, it means the problem still exists in the latest version of tc Server.

    Issue Number Description Found In Fixed In
    TCS-2673 When you upgrade vFabric tc Server on RHEL using an RPM, the ownership of the existing tc Runtime directories changes to root:root from root:vfabric.

    Workaround: As the root user, change the group ownership of the tomcat-XX directories back to vfabric using the chgrp Unix command.
    2.8.0 2.8.1
    TCS-2672 When you uninstall vFabric tc Server on RHEL using yum uninstall, some tc Runtime directories(that is, tomcat-XX) are not removed.

    Workaround: As the root user, remove them using the Unix rm command.
    2.8.0 2.8.1