Skip to main content
Version: 1.19.x.x RR

Release notes

nevisLogRend 1.19.0.2 - 16.11.2022

Breaking changes

Changes and new features

  • UPGRADED: commons-text third party dependency is upgraded to version 1.10.0. (NEVISLOG-429)
  • UPGRADED: google autovalue third party dependency is upgraded to version 1.10. (NEVISLOG-429)
  • UPGRADED: jetty third party dependency is upgraded to version 9.4.49.v20220914. (NEVISLOG-424)
  • UPGRADED: jackson third party dependency is upgraded to version 2.13.4. (NEVISLOG-424)
  • UPGRADED: log4j2 third party dependency is upgraded to version 2.19.0. (NEVISLOG-424)
  • UPGRADED: snakeyaml third party dependency is upgraded to version 1.33. (NEVISLOG-419)

nevisLogRend 1.18.0.2 - 17.08.2022

Breaking changes

Changes and new features

  • UPGRADED: Jackson third party dependencies are upgraded to version 2.13.3. (NEVISLOG-402)
  • UPGRADED: Jetty third party dependencies are upgraded to version 9.4.48.v20220622. (NEVISLOG-410)
  • UPGRADED: Log4j third party dependencies are upgraded to version 2.18.0. (NEVISLOG-410)
  • FIXED: The admin CLI now correctly lists instances located in a symlink directory. (NEVISLOG-406).
  • FIXED: We fixed the syntax change issue introduced with Velocity upgrade from version 1.7 to 2.3. (NEVISLOG-409) Velocity Template Syntax Issue - Existing LogRend Instances

It is required to manually patch the existing nevisLogRend instance Velocity templates to the new syntax. Change the json.vm template to the new syntax by replacing line 26 to 28 with the following code:

`"label" : "$guiElem.label" #if ($guiElem['validation-failed'] || $guiElem.value || $guiElem.length || $guiElem.format), #end

## if ($guiElem['validation-failed']) "validation-failed" : "$guiGroup.validationFailed" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end

## end ## if ($guiElem['validation-failed'])`
  • NEW: SELinux policy templates are now available at /opt/nevislogrend/selinux. (NEVISAPPLIANCE-568)

nevisLogRend 1.17.0.3 - 18.05.2022

Breaking changes

  • CHANGED: The previous bc and jcan-log logging using log4j1 is replaced by slf4j using log4j2. jcan-log is now only used by the jcan-optrace, which relies on the slf4j implementation of jcan-log. (NEVISLOG-381).

Log4j2 uses different a configuration structure than log4j1, and they are not compatible. If you are not using nevisAdmin4, you have to migrate the logging configuration manually. Check the default template supplied in the RPM.

nevisLogRend requires a logging.yml file in the instance config directory. If it is missing, or the file is incorrectly formatted, a default configuration logs into the stdout which can be viewed in the systemd journal.

  • REMOVED: Deprecated server TLS [configuration property] require-client-auth is removed. Use the successor client-auth. (NEVISLOG-390)

Changes and new features

  • NEW: The automatic reload of logging configuration is supported by using the monitorInterval property of log4j2. (NEVISLOG-381).
  • FIXED: We fixed the issue, where nvluser, nvbuser, and members of the nevisadmin group could not us the nevisAuth Admin CLI commands. (NEVISLOG-387)
  • CHANGED: Number of third party dependencies are reduced in general.
  • UPGRADED: Jetty third party dependency is upgraded to version 9.4.46.v20220331 (NEVISLOG-385).
  • UPGRADED: Commons-cli third party dependency is upgraded to version 1.5.0 (NEVISLOG-385).
  • UPGRADED: Guava third party dependency is upgraded to version 31.1-jre (NEVISLOG-385).
  • UPGRADED: Jackson third party dependencies are upgraded to version 2.13.2 and jackson-dababind to 2.13.2.2 (NEVISLOG-385).
  • UPGRADED: Auto-value third party dependency is upgraded to version 1.9 (NEVISLOG-385).

nevisLogRend 1.16.0.1 - 16.02.2022

Changes and new features

  • REMOVED: The fallback mechanism is removed which redirected .jsp template paths to .vm template paths. This mechanism provided smoother transition to the new Velocity templates, however the old JSP template system was removed years ago. Migration: replace the ".jsp" string with ".vm" in the RenderingProvider parameter of the LoginRendererServlet in the web.xml file of nevisProxy. (NEVISLOG-297)

In case you receive HTTP 405 response status code from nevisLogRend to your requests then most probably you still have a ".jsp" reference somewhere in your configuration.

  • REMOVED: The supplied log4j version 1.2.17 is patched to remove vulnerable classes org/apache/log4j/net/JMSAppender.class and org/apache/log4j/net/SocketServer.class. (NEVISLOG-375)

nevisLogRend 1.15.0.9 - 17.11.2021

Changes and new features

  • REMOVED: Some Admin CLI commands are deprecated and therefore removed with the November Rolling Release. For more information, see Admin CLI and RPM Installation Changes in 11.2021 RR Release, and "Administrative command-line interface".

In case of using the update installation option of package managers, the installed files under /opt/nevislogrend are corrupted. To fix this, uninstall the nevisLogRend package, and install it again.

When the post-uninstall script in the old package runs afterthe installation of the new package, it assumes a different directory structure under /opt/nevislogrend from what the new package has. As a result. it also removes also from the new installation. When manually running uninstall first and install afterwards, this cannot happen.

nevisLogRend 1.14.0.2 - 05.08.2021

Changes and new features

  • FIXED: The hostname verification in a TLS server setting triggered misleading warning messages. Additionally, the description of the relevant hostname verification property server.tls.verify-hostname in the nevisLogRend Reference Guide was incorrect. These issues are now fixed.
  • FIXED: The following, non-blocking, error message popped up during instance creation: nevislogrend [FATAL]: Could not access '/opt/nevislogrend/lib'! This bug is fixed.
  • DEPRECATED: Some Admin CLI commands are deprecated and will be removed with the November Rolling Release. For more information, see Admin CLI and RPM Installation Changes in 11.2021 RR Release on the NEVISDOC homepage.
  • UPGRADED: From now on, the standalone container uses Jetty 9.4.43.v20210629.
  • UPGRADED/FIXED: jQuery, from version 3.5.1 to version 3.6.0, to fix a potential security vulnerability.

This fix only applies to newly created instances. Patch existing instances manually. This is because a version upgrade of nevisLogRend does not automatically change the (customizable) relevant jQuery files in the instance directory.

You can find the jQuery files here: /var/opt/nevislogrend/<instance>/data/applications/<application>/webdata/js/

  • UPGRADED: Velocity, from version 1.7 to version 2.3.

This upgrade can lead to incompatibilities with old Velocity templates (depending on the variables and syntax you use in your templates).

In the new version, some of the Velocity configurations have been renamed. To find the affected configurations, check the nevisLogRend log files after the upgrade, for WARN log lines in the category org.apache.velocity.deprecation (for an example, see the following code snippet). To rename an affected configuration, follow the instructions in the log line. Keep in mind that in the nevisLogRend application configurations, Velocity properties have a velocity. prefix to distinguish them from the regular nevisLogRend application configurations.

Example log line

2021-07-08 15:37:30,943 main org.apache.velocity.deprecation WARN configuration key 'velocimacro.permissions.allow.inline.local.scope' has been deprecated in favor of 'velocimacro.inline.local_scope'

The chapter "Rendering Engines" in the nevisLogRend reference guide includes an overview of the available third-party Velocity tools. If you use any of these tools, you most likely have to adapt your Velocity templates to change to the new syntax. The following list summarizes the changes:

  • browser: Changed The previous class BrowserSnifferToolis replaced with the class BrowserTool. The old class is deprecated and removed.

  • iterator: Changed The previous class IteratorTool is replaced with the class LoopTool.

  • list: Removed The class ListTool is deprecated and removed. The list tool contained list functions that were not available directly on the list. You can now use list functions directly available on list objects.

  • alternator: Removed Instead of the AlternatorTool it is suggested using CSS3 nth-child(even/odd) selectors or #if($foreach.index % 2).

  • link: Changed The previous class LinkTool (tools.LinkTool) is replaced with the class LinkTool (without "tools.").

  • params: Changed The previous class ParameterParser is replaced with the class ParameterTool.

  • sort: Changed The previous class SortTool is replaced with the class CollectionTool.

    # No automatic conversion of methods arguments
    velocity.introspector.conversion_handler.class=none

    # Use backward compatible space gobbling
    velocity.parser.space_gobbling=bc

    # Have #if($foo) only returns false if $foo is false or null
    velocity.directive.if.empty_check=false

    # Allow '-' in identifiers (since 2.1)
    velocity.parser.allow_hyphen_in_identifiers=true

    # Enable backward compatibility mode for Velocimacros
    velocity.velocimacro.enable_bc_mode=true

    # When using an invalid reference handler, also include quiet references (since 2.2)
    velocity.event_handler.invalid_references.quiet=true

    # When using an invalid reference handler, also include null references (since 2.2)
    velocity.event_handler.invalid_references.null=true

    # When using an invalid reference handler, also include tested references (since 2.2)
    velocity.event_handler.invalid_references.tested=true

    General Velocity migration guides from Apache are available here:

  • http://velocity.apache.org/engine/2.3/upgrading.html/

  • http://velocity.apache.org/tools/devel/upgrading.html/

nevisLogRend 1.13.0.1 - 05.05.2021

Changes and new features

  • NEW: There is a new property available for client authentication in TLS settings: server.tls.client-auth. The new property server.tls.client-auth provides the options "required", "requested", and "disabled". The old property server.tls.require-client-auth is deprecated but remains backwards compatible. If you use the new property server.tls.client-auth, the system ignores the old property server.tls.require-client-auth and logs a warning.
  • CHANGE: From now on, the standalone container uses Jetty 9.4.31.v20200723.
  • FIXED: On server startup, an invalid configuration caused the error java.lang.NoClassDefFoundError, and nevisLogRend ran in zombie mode. java.lang.NoClassDefFoundError was also not very descriptive of the actual issue. Now in case an invalid configuration is provided, nevisLogRend prints a proper error message and does not start.
  • FIXED: When no client-auth was configured, nevisLogRend incorrectly threw a validation error and required a TLS truststore. This bug is fixed: The (one way) TLS truststore is now only required in case the client-auth is "required" or "requested".

nevisLogRend 1.12.0.1 - 04.02.2021

This is a technical release only.

Changes and new features

There are no changes or new features.

nevisLogRend 1.11.0.120 - 30.10.2020

Support for non-standalone deployment

From this release on, only standalone deployment is supported, as mentioned in the NEVIS Product Lifetime and Platform Support Matrix.Changes and new features

  • FIXED: The bug where internal exception stack traces were shown on the error page when you sent certain invalid requests.

nevisLogRend 1.10.1.3 - 14.09.2020

Changes and new features

  • FIXED: The bug where internal exception stack traces were shown on the error page when sending certain invalid requests.

nevisLogRend 1.10.0.101 - 19.08.2020

Changes and new features

  • CHANGED: For security reasons, the standalone server now supports less TLS protocols and ciphers by default. See the chapter "Server Configuration Properties" in the nevisLogRend Reference Guide for the updated list of supported ciphers and protocols.

This change may break existing deployments. If you use protocols and ciphers that are supported by default and your clients do not support them, it is recommended that you update your HTTP clients. If this is not possible:

  • Open the logrend.propertiesconfiguration file.

  • Specify the protocols and ciphers supported by your clients in the attributes server.tls.supported-protocols and server.tls.cipher-suites.

  • FIXED: A potential security vulnerability has been fixed, by upgrading jQuery 3.4.1 to 3.5.1.

Note that this fix only applies to newly created instances. Existing instances must be patched manually. This is because a version upgrade of nevisLogRend does not automatically change the (customizable) relevant jQuery files in the instance directory.

jQuery is typically found under: /var/opt/nevislogrend/<instance>/data/applications/<application>/webdata/js/

Do not forget to also update the source files in the instance directory, so that they refer to the new jQuery script.

It is possible that an application is using a very old version of jQuery, for example because the nevisLogRend instance was not revised for a while. In this case, the source files in the application directory using jQuery may not be compatible with the new jQuery version. To resolve this, patch the relevant source files according to the instructions described here: `http://jquery.com/upgrade-guide/.

  • FIXED: A bug where spaces inside JVM arguments in the JAVA_OPTS variable (env.conf file) for standalone deployments caused the following error to occur: "Could not find or load main class". This prevented nevisLogRend from starting. To fix this, a new definition syntax as array is now available for the JAVA_OPTS variable, which allows comments to be used between new lines. You can still use the old string type definition, but to fix the previously mentioned error you need to change to the array type definition. For more information, see the chapter "Deployment Types" in the nevisLogRend Reference Guide.

When directly using the server CLI to start nevisLogRend, manually sourcing the env.conf file is no longer necessary. For more information, see the section "Example usage of the standalone CLI" of the chapter "Deployment Types" in the nevisLogRend Reference Guide.

nevisLogRend 1.9.0.93 - 20.05.2020

Changes and new features

  • NEW: nevisLogRend now supports enabling hostname verification when client authentication is required in standalone deployment. See the newverify-hostnameattribute in the [Deployment Types]( section of the reference guide for additional information.
  • FIXED: A bug causing the response type to be always Html even if "Accept: application/json" was specified when using standalone deployments has been fixed. The fix is located in the velocity template files so it only resolves the issue for newly created instances.

Existing nevisLogrend instances have to be patched manually by editing:

/var/opt/nevislogrend/<instance>/data/applications/<application>/webdata/template/default.vm

Replace the line:

##set( $acceptHeader = $login.requestHeaders.accept)

with:

##set( $acceptHeader = $login.requestHeaders.accept)
##if (!$acceptHeader)
#set( $acceptHeader = $login.requestHeaders.Accept)
##end

This solution works for both adnjboss and standalone deployment types.

  • UPGRADED: jQuery has been upgraded to version 3.4.1 in the template for new nevisLogRend instances. Newly created nevisLogRend instances will be based on jQuery 3.4.1. Existing instances are not affected. However, for security reasons, it is recommended that you manually upgrade existing instances that use jQuery. For details, see CVE-2019-11358: `http://access.redhat.com/security/cve/CVE-2019-11358
  • REMOVED: Support of "Structured Box Rendering" and "Custom JSP Rendering" is removed completely. If any production environment is affected, migrate to Velocity templates, otherwise contact the NEVIS support.

nevisLogRend 1.8.0.88 - 19.02.2020

Changes and new features

  • NEW: Variable expression resolution is now available for the JAVA_OPTS variable in the [env.conf]( configuration of the standalone deployment.
  • NEW: The default Velocity template now includes the X-UA-Compatible meta tag to ensure better compatibility with the Internet Explorer (IE).
  • FIXED: The bug that caused the nevislogrend status command to write warning messages of type "lsof: WARNING: can't stat() ..." in the standard output (standalone deployment type) .
  • DEPRECATED: The JBoss and Wildfly deployments have been deprecated. They will be removed in the planned November 2020 release. Use the standalone deployment instead.