Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 1. RedHat JBoss Web Server 5.3
Welcome to the Red Hat JBoss Web Server version 5.3 release.
As a result of a security vulnerability (CVE-2020-1938), changes were made to the AJP Connector. By default the AJP connector will not be enabled. If it is required that you use the AJP connector with your build, ensure that you set the secret attribute as well as set your the bind address for your server.
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It consists of a web server (Apache HTTP Server), an application server (Apache Tomcat Servlet container), load balancers (mod_jk and mod_cluster), and the Tomcat Native Library. A short description of key components is given below:
- Apache tomcat: a servlet container in accordance with the Java Servlet Specification. JBoss Web Server contains Apache Tomcat 9.
- Apache tomcat native library: a Tomcat library, which improves Tomcat scalability, performance, and integration with native server technologies.
- tomcat-vault: an extension for the JBoss Web Server used for securely storing passwords and other sensitive information used by a JBoss Web Server.
- mod_cluster library: a library that allows communication between Apache Tomcat and the Apache HTTP Server’s mod_proxy_cluster module. This allows the Apache HTTP Server to be used as a load balancer for JBoss Web Server. For information on the configuration of mod_cluster, or for information on the installation and configuration of the alternative load balancers mod_jk and mod_proxy, see the HTTP Connectors and Load Balancing Guide.
- Apache portable runtime(APR): A runtime which provides superior scalability, performance, and improved integration with native server technologies. APR is a highly portable library that is at the heart of Apache HTTP Server 2.x. It enables access to advanced IO functionality (for example: sendfile, epoll and OpenSSL), Operating System level functionality (for example: random number generation and system status), and native process handling (shared memory, NT pipes and Unix sockets).
- OpenSSL: A software library which implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a basic cryptographic library.
This release of JBoss Web Server covers several quality of life updates, some key component rebased to newer versions and a few major security updates. Tomcat, tomcat-native, and Apache CXF were all rebased to newer versions.
One major change directly of note was the addition of the catalina-ssi.jar file. Previously, these classes were included as part of catalina.jar and tomcat-embed-core.jar. These changes do no impact unaltered Red Hat JBoss Web Server configurations. However, it is recommended that you check any dependencies your system has on these files after updating to JBoss Web Server 5.3. The catalina-ssi.jar file contains code used by the SsiInvoker and effects the following ssi commands:
- SsiConfig
- SsiEcho
- SsiExec
- SsiFlastMod
- SsiFsize
- SsiInclude
