« January 2012 | Main | March 2012 »

6 posts from February 2012


JBoss Application Server 7.1 Released

The JBoss Community app server team released version 7.1 today. One of the many news-worthy features in this release is a JEE6-certified Full Profile (JBoss AS 7.0 was JEE6 certified for the Web profile only). Other interesting features for ops folks in this release include updates to the management API, CLI, and Admin Console as well as clustering and security improvements. See the Release Notes for more information.

Keeping in mind that JBoss.org downloads come with no vendor support and may not be suitable for production deployment, head over to the downloads page in order to grab yourself a copy. A lot of what's included in the community version could end up in the next JBoss EAP release.


Forever Alone? Check Out F5's Valentine's Day "iRule Love" Event!

If there is a better way to celebrate Valentine's Day than sitting at your desk watching a live, streaming webinar about F5 BigIP iRule development tips and tricks, I challenge you to place them in the comments below!

The event runs for 90 minutes starting at 10AM Pacific/1PM Eastern on February 14, 2012. 

If you want to fall in love with Tcl (a Top 50 programming language!) all over again, register for F5's iRule Love live stream. According to the invite, early registrants who attend the event are also eligible to win some DevCentral swag, so you may be able to tell your cats, "We got lucky on Valentine's Day! Thanks DevCentral!!"



Apache HTTP Server 2.2.22 Released

The Apache HTTP Server project released version 2.2.22 and it's an important release, addressing 6 "significant" security vulnerabilities:

  1. CVE-2011-3368 (cve.mitre.org)  -  Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations.
  2. CVE-2011-3607 (cve.mitre.org)  -  Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file.
  3. CVE-2011-4317 (cve.mitre.org)  -  Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations.
  4. CVE-2012-0021 (cve.mitre.org)  -  mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17.
  5. CVE-2012-0031 (cve.mitre.org)  -  Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly.
  6. CVE-2012-0053 (cve.mitre.org)  -  Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400.

There are also some bugs fixed in this release as well—see the changelog for the full list and, like always, you can download a copy from a mirror near you.