3.1.2 Release Notes

Java 7 support is introduced in JBoss ON 3.1.2. This means that both the server and the agent can be run using the Java 7 JDK or JRE. Both Oracle Java and OpenJDK Java are supported.

Microsoft Internet Informatin Services (IIS) 6 is currently supported as a resource which can be discovered and managed by JBoss ON. However, support for this resource type is deprecated in JBoss ON 3.1.2, meaning that its use is not recommended. The IIS agent plug-in will be removed in a future release of JBoss ON.

While the IIS plug-in is deprecated in JBoss ON 3.1.2, support for the IIS plug-in will remain in effect for the support lifetime of JBoss ON 3.x.

The "Connection Available?" trait for connection factories and datasources shows whether the managed resource could connect to the underlying data provider successfully. This metric was previously enabled by default and listed as a summary trait for JBoss Enterprise Application Platform 5 resources.

However, with most EAP 5 configuration, the test connection would cause security errors to be recorded in the EAP 5 logs. The test attempted to authenticate to a security object which had no user or role properties file defined and security context validation checks failed.

This trait is now disabled by default to prevent spurious security object errors from being listed in the EAP 5 log. This metric can be re-enabled if required for alerting or other monitoring tasks.

This change to the "Connection Available?" trait only affects EAP 5 resources.

Password obfuscation was introduced in JBoss Operations Network 3.1 for stored credentials used to access content providers, including the credentials used to access the Red Hat Customer Portal (a default repository in JBoss ON). However, there was a problem with the way that passwords were decoded when accessing the content repository. In some cases, a valid password was not properly decoded, so connecting to the patch repository or another content repository failed.

This issue was partially addressed in JBoss ON 3.1.1, and was fixed in JBoss ON 3.1.2.

Any stored credentials for an existing content repository — including the JBoss feeds on the Customer Portal — must be updated. The fix for this issue implements a new way to hash, store, and retrieve the obfuscated password. Existing passwords must be reset in order to apply the new obfuscation method.

In previous versions of JBoss ON, binaries were included for SNMP monitoring (mod_snmp) and response time monitoring (mod_rt) for Apache 1.3, 2.0, and 2.2.

Beginning with JBoss ON 3.1.2, SNMP binaries will only be included for Apache 2.2 for Red Hat Enterprise Linux and Windows platforms.

A potential cross-site scripting (XSS) vulnerability was detected in the Google Web Toolkit 2.4, which was used in the JBoss ON web UI. JBoss ON 3.1.2 upgrades to GWT 2.5.0, which redresses that security vulnerability.

This update addresses CVE-2012-5920.