Skip to main content
Version: 1.7.x.x LTS

Release notes

nevisLogRend 1.7.24.1 LTS - 16.11.2022

Changes and new features

  • UPGRADED: SnakeYaml third party dependency is upgraded to version 1.31. (NEVISLOG-419)

nevisLogRend 1.7.23.1 LTS - 17.08.2022

Changes and new features

  • UPGRADED: Jetty third party dependencies are upgraded to version 9.4.48.v20220622 (NEVISLOG-410).

nevisLogRend 1.7.22.1 LTS - 18.05.2022

Changes and new features

  • UPGRADED: Jetty third party dependency is upgraded to version 9.4.45.v20220203 (NEVISLOG-385).
  • UPGRADED: Snakeyaml third party dependency is upgraded to version 1.29 (NEVISLOG-370).
  • UPGRADED: Guava third party dependency is upgraded to version 30.1.1-jre (NEVISLOG-371).
  • UPGRADED: Commons-beanutils third party dependency is upgraded to version 1.9.4 (NEVISLOG-373).
  • REMOVED: Unused jdom third party library is removed (NEVISLOG-369).

nevisLogRend 1.7.21.1 LTS - 16.02.2022

Changes and new features

  • REMOVED: The supplied log4j version 1.2.17 is patched to remove vulnerable classes org/apache/log4j/net/JMSAppender.class and org/apache/log4j/net/SocketServer.class. (NEVISLOG-375)

nevisLogRend 1.7.20.1 LTS - 05.08.2021

Changes and new features

  • FIXED: The hostname verification in a TLS server setting triggered misleading warning messages. Additionally, the description of the relevant hostname verification property server.tls.verify-hostname in the nevisLogRend Reference Guide was incorrect. These issues are now fixed.
  • FIXED: The following, non-blocking, error message popped up during instance creation: nevislogrend [FATAL]: Could not access '/opt/nevislogrend/lib'! This bug is fixed.

nevisLogRend 1.7.19.1 LTS - 05.05.2021

Changes and new features

  • NEW: There is a new property available for client authentication in TLS settings: server.tls.client-auth. The new property server.tls.client-authprovides the options "required", "requested", and "disabled". The old property server.tls.require-client-auth is deprecated but remains backwards compatible. If you use the new property server.tls.client-auth, the system ignores the old property server.tls.require-client-auth and logs a warning.
  • CHANGED: For security reasons, the standalone server now supports less TLS protocols and ciphers by default. See the chapter Server Configuration Properties in the nevisLogRend Reference Guide for the updated list of supported ciphers and protocols.

This change may break existing deployments, if you use default protocols and ciphers in your nevisLogRend server configuration and your nevisProxy configuration does not allow them. To verify this, check each web.xml file of nevisProxy for the HttpsConnectorServlet used to connect to nevisLogRend.

To rely on secure default values, do the following:

  • FIXED: On server startup, an invalid configuration caused the error java.lang.NoClassDefFoundError, and nevisLogRend ran in zombie mode. java.lang.NoClassDefFoundErrorwas also not very descriptive of the actual issue. Now in case an invalid configuration is provided, nevisLogRend prints a proper error message and does not start.
  • FIXED: When no client-auth was configured, nevisLogRend incorrectly threw a validation error and required a TLS truststore. This bug is fixed: The (one way) TLS truststore is now only required in case the client-auth is "required" or "requested".

nevisLogRend 1.7.18.1 LTS - 04.02.2021

This is a technical release only.

Changes and new features

There are no changes or new features.

nevisLogRend 1.7.17.52 LTS - 18.11.2020

This is a technical release.

Changes and new features

There are no changes or new features.

nevisLogRend 1.7.16.1 LTS - 14.09.2020

Changes and new features

  • FIXED: The bug where internal exception stack traces were shown on the error page when sending certain invalid requests.

nevisLogRend 1.7.15.34 LTS - 19.08.2020

Changes and new features

  • NEW: nevisLogRend now supports the enabling of hostname verification when client authentication is required in standalone deployment. For more information, see the description of the verify-hostname attribute in the "Deployment Types" chapter of the nevisLogRend Reference Guide.
  • FIXED: A bug where spaces inside JVM arguments in the JAVA_OPTS variable (env.conf file) for standalone deployments caused the following error to occur: "Could not find or load main class". This prevented nevisLogRend from starting. To fix this, a new definition syntax as array is now available for the JAVA_OPTS variable, which allows comments to be used between new lines. You can still use the old string type definition, but to fix the previously mentioned error you need to change to the array type definition. For more information, see the chapter "Deployment Types" in the nevisLogRend Reference Guide.

When directly using the server CLI to start nevisLogRend, manually sourcing the env.conf file is no longer necessary. For more information, see the section "Example usage of the standalone CLI" of the chapter "Deployment Types" in the nevisLogRend Reference Guide.

  • FIXED: A potential security vulnerability has been fixed, by upgrading jQuery 3.4.1 to 3.5.1.

Note that this fix only applies to newly created instances. Existing instances must be patched manually. This is because a version upgrade of nevisLogRend does not automatically change the (customizable) relevant jQuery files in the instance directory.

jQuery is typically found under: /var/opt/nevislogrend/<instance>/data/applications/<application>/webdata/js/

Do not forget to also update the source files in the instance directory, so that they refer to the new jQuery script.

It is possible that an application uses a very old version of jQuery, for example because the nevisLogRend instance was not revised for a while. In this case, the source files in the application directory using jQuery may not be compatible with the new jQuery version. To resolve this, patch the relevant source files according to the instructions described here: `http://jquery.com/upgrade-guide/.

nevisLogRend 1.7.14.19 LTS - 20.05.2020

Changes and new features

  • FIXED: The bug where the response type always was HTML, even if Accept: application/json was specified when using standalone deployments. Note that the fix is located in the Velocity template files, which means that it will only resolve the issue for newly created instances. Read the following note for instructions on how to fix the bug in existing instances.

Patch existing nevisLogRend instances manually, by editing the following default.vm file:

/var/opt/nevislogrend/<instance>/data/applications/<application>/webdata/template/default.vm

Replace the line:

##set( $acceptHeader = $login.requestHeaders.accept)

with:

##set( $acceptHeader = $login.requestHeaders.accept)
##if (!$acceptHeader)
 #set( $acceptHeader = $login.requestHeaders.Accept)
##end

This solution works for both adnjboss and standalone deployment types.

  • UPGRADED: jQuery, to version 3.4.1 in the template for new nevisLogRend instances. This means that newly created nevisLogRend instances are based on jQuery 3.4.1. Existing instances are not affected. However, due to security reasons it is recommended that you manually upgrade existing instances which use jQuery. For details, see CVE-2019-11358: `http://access.redhat.com/security/cve/CVE-2019-11358.

nevisLogRend 1.7.13.14 LTS - 19.02.2020

Changes and new features

  • NEW: Variable expression resolution is now available for the JAVA_OPTS variable in the [env.conf]( configuration of the standalone deployment.
  • NEW: The default Velocity template now includes the X-UA-Compatible meta tag to ensure better compatibility with the Internet Explorer (IE).
  • FIXED: The bug that caused the nevislogrend status command to write warning messages of type "lsof: WARNING: can't stat() ..." in the standard output (standalone deployment type).