红帽全球峰会此内容没有您所选择的语言版本。
Chapter 2. New Features and Enhancements
2.1. Apache HTTP Server Separated from Tomcat
The Apache HTTP Server distribution is now shared between the JWS and JBoss Core Services entitlements. The shared distribution can be downloaded in ZIP from Apache HTTP Server download page on the support portal. The RPM distribution of HTTP must be consumed from the JBCS channel, while the Tomcat servers will continue to be delivered in the JWS3 channel.
Installation instructions for the Apache HTTP Server are provided in the Apache HTTP Server Installation Guide. You should refer to that guide for instructions for ZIP and RPM setup on the set of supported operating systems.
Maintenance for the Apache HTTP Server and the Tomcat servers will no longer be coordinated in JWS minor and micro releases. The HTTP server and the Tomcat servers will receive independent updates intended to provide more timely fixes for security and other high priority defect fixes.
To install httpd with JWS 3.1.0, you need to subscribe and enable the JBCS channel. The httpd package has moved from the JWS channel to the JBCS channel. If you are using httpd, then migrate from the httpd24 package in JWS to the JBCS software collections new jbcs-httpd24-httpd package.
The tomcat-native package requires the jbcs-httpd24-httpd-libs and jbcs-httpd24-openssl packages, which are available only in the JBCS channel. To access them, you have to subscribe and enable the JBCS channel.
2.4. Tomcat
- Inclusion of the latest available version of Tomcat 8.0.36.
- Inclusion of the latest available version of Tomcat 7.0.70.
-
Replaced the existing
initscripts for Tomcat 7 and Tomcat 8 withsystemdunits on Red Hat Enterprise Linux 7.
A password vault is used to mask passwords and other sensitive strings, and store them in an encrypted Java keystore. This allows you to eliminate storing clear-text passwords in your Tomcat configuration files, as Tomcat can lookup passwords and other sensitive strings from a keystore using the vault.
For more information about using password vault, see Using a Password Vault with Red Hat JBoss Web Server 3.1.
2.6. SELinux Policies in RHEL ZIP for Tomcat
In this release, SELinux policies are provided in the ZIP packages. The SELinux security model is enforced by the kernel and ensures applications have limited access to resources such as file system locations and ports. This helps ensure that the errant processes (either compromised or poorly configured) are restricted and in some cases prevented from running. The .postinstall.selinux file is included in each tomcat folder. If required, you can run the postinstall.selinux script.
To install the SELinux policies using ZIP:
Install the prerequisite packages:
-
selinux-policy-devel - Tomcat 7 or 8
-
- Download and unzip the JWS Tomcat distribution from the JWS channel.
Execute the following commands:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Start the Tomcat service.
bin/startup.sh
bin/startup.shCopy to Clipboard Copied! Toggle word wrap Toggle overflow Check the context of the running process expecting
tomcat7_t.ps -eZf | grep tomcat | head -n1
ps -eZf | grep tomcat | head -n1Copy to Clipboard Copied! Toggle word wrap Toggle overflow To verify the contexts of the Tomcat log directory and so on.
ls -lZ tomcat7/logs/
ls -lZ tomcat7/logs/Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.7. SELinux Policies in RHEL RPM for Tomcat
SELinux policies for each Tomcat are provided via their own Tomcat sub-packages: tomcat7-selinux and tomcat8-selinux. These packages are available in the JWS channel.
-
To enable SELinux policies on Tomcat 7, install the
tomcat7-selinuxpackage. -
To enable SELinux policies on Tomcat 8, install the
tomcat8-selinuxpackage.
2.8. Hibernate
- Upgraded to Hibernate version 4.2.23.
2.9. Microsoft Azure Testing and Certification
- JBoss Web Server 3.1 has been tested and certified for Microsoft Azure.
2.10. Updated CGIServlet to Resolve httpoxy Issue
In this release, a CGIServlet fix is provided for the httpoxy issue, see CVE-2016-5388. The envHttpHeaders parameter is included in the CGIServlet to solve the httpoxy issue.
You can also configure the filter and valve to resolve the httpoxy issue. For more information about using the filter and valve, see HTTPoxy - Is my JBoss/tomcat affected?.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}