[ANN] Pax Web 8.0.8 released
83 views
Skip to first unread message
Grzegorz Grzybek
Sep 13, 2022, 12:42:24 PM9/13/22
to OPS4J, ops4j-ann...@googlegroups.com, Karaf Dev
Hello
I'd like to announce the release of Pax Web 8.0.8 with two fixes:The changelog can be found here[3].
kind regards
Grzegorz Grzybek
===
I'd like to announce the release of Pax Web 8.0.8 with two fixes:
- proper TCCL configuration when starting servlets and filters added to started context[1]
- fixed Provide-Capability header for pax-web-{jetty,tomcat,undertow}-bundle[2]
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Sep 14, 2022, 7:55:33 AM9/14/22
to OPS4J, ops4j-ann...@googlegroups.com, Karaf Dev
Hello
Just one day after 8.0.8, I'd like to announce the release of Pax Web 8.0.9 with a fix to a problem found by Qian Weichun (thanks!) - TCCL in service methods of servlets/filters/websockets should be able to find classes of the bundle which registered given web element.
The fix for https://github.com/ops4j/org.ops4j.pax.web/issues/1759 is the only fix in Pax Web 8.0.9.
For completeness, the changelog is available here[1].
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Sep 14, 2022, 7:57:54 AM9/14/22
to OPS4J, ops4j-ann...@googlegroups.com, Karaf Dev
Hello
I'd like to announce the release of new major version of Pax Web - version 9!
It's supposed to be a long term release being maintained in parallel with Pax Web 8.0.x, the ONLY difference is:
- Pax Web 9 is JDK 11+ only
- Jetty 10.x is used instead of Jetty 9.4.x
All other fixes will always go to Pax Web 8 and Pax Web 9 at the same time.
The changelog is available here[1].
kind regards
Grzegorz Grzybek
===
Dave Smith
Sep 14, 2022, 8:33:07 AM9/14/22
to op...@googlegroups.com
Awesome. How long does it take for it to be available in Maven central ?
Dave
--
--
------------------
OPS4J - http://www.ops4j.org - op...@googlegroups.com
---
You received this message because you are subscribed to the Google Groups "OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ops4j+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/CAAdXmhqPge%3DVVm_-YrcnbOAmkF8AgUamtYzb4u3WD8mSdNA5bQ%40mail.gmail.com.
Grzegorz Grzybek
Sep 14, 2022, 8:37:59 AM9/14/22
to op...@googlegroups.com
Hello
śr., 14 wrz 2022 o 14:33 Dave Smith <dave....@candata.com> napisał(a):
Awesome. How long does it take for it to be available in Maven central ?
I expected to see it already, but there's still no 8.0.9 and 9.0.0 - please give the process ~1 hour.
regards
Grzegorz Grzybek
To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/CA%2BFCLu1O3B8KAaAY0kdwL72AL1%2Bj9K2Qze0q2vVeEjo6omrBiA%40mail.gmail.com.
Matt Pavlovich
Sep 14, 2022, 10:57:03 AM9/14/22
to op...@googlegroups.com, ops4j-ann...@googlegroups.com, Karaf Dev
Awesome!
--
Grzegorz Grzybek
Sep 27, 2022, 6:49:51 AM9/27/22
to OPS4J, ops4j-ann...@googlegroups.com, Karaf Dev
Hello
I'd like to announce new minor releases of Pax Web: 8.0.10 and 9.0.1.
There were quite a few actual bug fixes related to how TCCL is configured and how default context can be overriden.
Jetty and Tomcat runtimes are upgraded and the current versions are:
- Jetty 9.4.49.v20220914
- Tomcat 9.0.67
- Undertow 2.2.19.Final
- "servlet" (which is the default) - TCCL inside service methods (like servlet.doGet()) is set to an OsgiServletContextClassLoader which delegates to all the bundles that are reachable for the context - this is perfect setting for a WAB scenario, however in Whiteboard scenario, TCCL doesn't delegate to bundles of the dynamically registered servlets! The problem is that each time a servlet is whiteboard-registered into a context, servlet's bundle would have to be added to the underlying list of bundles, but it causes classloader leaks due to the very JVM specification
- "whiteboard" - TCCL is set for each service method (separately for each filter and target servlet in invocation chain) to a bundle classloader of the actual filter/servlet
The problem with TCCL is that no OSGi CMPN specification mentions TCCL at all and I simply followed the "principle of least surprise"[2].
For completeness, the changelogs is available for 8.0.10[3] and 9.0.1[4].
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Nov 7, 2022, 6:57:02 AM11/7/22
to Karaf Dev, ops4j-ann...@googlegroups.com, OPS4J, Martin Zukal
Hello
I'd like to announce new minor releases of Pax Web: 8.0.12 and 9.0.2.
There was one bug fixed related to non-default HttpContext and resource servlet registered in Tomcat runtime by felix.webconsole. Thanks +Martin Zukal for the report!
Non runtime updates are ASM 9.4 and BouncyCastle 1.72 (test only).
Jetty and Tomcat runtimes are upgraded and the current versions are:
- Jetty 9.4.49.v20220914 (8.0.x) and 10.0.12 (9.0.x)
- Tomcat 9.0.68
- Undertow 2.2.21.Final
For completeness, the changelogs is available for 8.0.12[1] and 9.0.2[2].
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Nov 17, 2022, 4:56:22 AM11/17/22
to Karaf Dev, ops4j-ann...@googlegroups.com, OPS4J
Hello
I'd like to announce new minor releases of Pax Web: 8.0.12 and 9.0.2.
There are three problems resolved:
- there was a little timing issue if a web element targeting default whiteboard context was processed before the actual context was processed by target runtime
- there was a problem getting named dispatcher for "default" name, when a custom servlet from web.xml was using "/" mapping (thanks Prashanth Ettaboina for the report!)
- ${karaf.etc}/jetty-web.xml was actually not processed even if declared in ${karaf.etc}/org.ops4j.pax.web.cfg (thanks Oliver F. for the report!)
Tomcat runtime is upgraded and the current versions are:
- Jetty 9.4.49.v20220914 (8.0.x) and 10.0.12 (9.0.x)
- Tomcat 9.0.69
- Undertow 2.2.21.Final
For completeness, the changelogs is available for 8.0.13[1] and 9.0.3[2].
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Nov 25, 2022, 12:40:58 PM11/25/22
to Karaf Dev, ops4j-ann...@googlegroups.com, OPS4J
Hello
I'd like to announce new minor releases of Pax Web: 8.0.14 and 9.0.4.
There's one, quite tricky problem resolved (thanks Oliver F. for your great analysis!):
- there was an issue when WAB was wired to a service (backend) bundle and this bundle was updated. This bundle had to register (Whiteboard or HttpService) servlets into the same context as the WAB.
It was possible to detect it, because the WAB used "/" context path and CXF (cxf-rt-transports-http) registers "/cxf" servlet into "/" path.
Current versions of runtimes are:
- Jetty 9.4.49.v20220914 (8.0.x) and 10.0.12 (9.0.x)
- Tomcat 9.0.69
- Undertow 2.2.21.Final
For completeness, the changelogs is available for 8.0.14[1] and 9.0.4[2].
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Jan 6, 2023, 2:15:53 AM1/6/23
to Karaf Dev, OPS4J, ops4j-ann...@googlegroups.com
Hello
I'd like to announce new minor release of Pax Web: 8.0.15. It will be part of Karaf 4.4.3.
- Kevin Schmidt helped to fix pax-web-jetty - org.eclipse.jetty.rewrite import package was missing
- Kevan Jahanshahi found a problem with missing org.apache.xpath import package for pax-web-jsp
All runtimes are updated:
- Jetty 9.4.50.v20221201
- Tomcat 9.0.70
- Undertow 2.2.22.Final
For completeness, the changelog is available for 8.0.15[1].
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Feb 24, 2023, 11:26:18 AM2/24/23
to OPS4J, ops4j-ann...@googlegroups.com, Karaf Dev
Hello
For completeness, the changelogs is available for 8.0.16[1] and 9.0.5[2].
I'd like to announce new minor releases of Pax Web: 8.0.16 and 9.0.5.
Current runtime versions are:
- Jetty 9.4.50.v20221201 (8.0.x) and 10.0.13 (9.0.x)
- Tomcat 9.0.72
- Undertow 2.2.23.Final
Another corner case was solved when WAB, Whiteboard and HttpService registered web elements were registered into the same target context (a case originally called "Where is JSF Support?").
A feature from Pax Web 7 is back - now both WebContainer (an extension to standard HttpService) and Whiteboard (this is new - there was no such option in Pax Web 7) can be used to register security configuration:
- login config
- security constraints
- security roles
A new whiteboard-security sample was added here: https://github.com/ops4j/org.ops4j.pax.web/tree/web-8.0.16/samples/samples-whiteboard/whiteboard-security
And finally I've reviewed Pax Web 7 support for Keycloak. In Pax Web 7 it worked only in Undertow runtime (mostly due to problems on Keycloak side).
Now there are new Karaf features that ensure that Pax Web 8/9 can integrate with Keycloak 18 (which contains something called "Fuse Adapters") and Keycloak 20 (where "Fuse Adapters" were removed). These features are:
- pax-web-jetty-keycloak18
- pax-web-tomcat-keycloak18
- pax-web-undertow-keycloak18
- pax-web-jetty-keycloak20
- pax-web-tomcat-keycloak20
- pax-web-undertow-keycloak20
The "keycloak18" features are designed to work with Keycloak 18.0.x and require this feature repository: "mvn:org.keycloak/keycloak-osgi-features/18.0.3/xml/features"
The "keycloak20" features do NOT require Keycloak features (because Keycloak 19 has them removed) and Pax Web itself repackages proper Keycloak libraries (because not all of them are proper OSGi bundles).
If you want to know more about how I tested Pax Web with Keycloak, please look at the readme files:
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Feb 27, 2023, 12:47:35 PM2/27/23
to OPS4J, ops4j-ann...@googlegroups.com, Karaf Dev
Hello
I'd like to announce new minor releases of Pax Web: 8.0.17 and 9.0.6. These versions are tiny improvements over previous 8.0.16 and 9.0.5 releases.
Thanks to Maurice Betzel we've repackaged Keycloak 21 which has just been released too. So Pax Web will support / package:
- Keycloak 18.0.x which still contains something called "Fuse Adapters" (a.k.a. Pax Web Adapters)
- Current major upstream Keycloak upgrade which is now 21.0.0
Current runtime versions are still:
- Jetty 9.4.50.v20221201 (8.0.x) and 10.0.13 (9.0.x)
- Tomcat 9.0.72
- Undertow 2.2.23.Final
For completeness, the changelogs is available for 8.0.17[1] and 9.0.6[2].
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Mar 23, 2023, 1:43:06 PM3/23/23
to OPS4J, ops4j-ann...@googlegroups.com, Karaf Dev
Hello
Current runtime versions are:
For completeness, the changelogs is available for 8.0.18[1] and 9.0.7[2].
I'd like to announce new minor releases of Pax Web: 8.0.18 and 9.0.7.
- Jetty 9.4.51.v20230217 (8.0.x) and 10.0.14 (9.0.x)
- Tomcat 9.0.73
- Undertow 2.2.23.Final
There's new Karaf feature called "pax-web-jetty-http2-extras" which includes additional, client-side http2 Jetty bundles. And existing "pax-web-jetty-extras" feature contains two additional Jetty bundles.
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Apr 6, 2023, 1:37:43 PM4/6/23
to Karaf Dev, OPS4J, ops4j-ann...@googlegroups.com
Hello
Current runtime versions are:
I'd like to announce new minor releases of Pax Web: 8.0.19 and 9.0.8.
- Jetty 9.4.51.v20230217 (8.0.x) and 10.0.14 (9.0.x)
- Tomcat 9.0.73
- Undertow 2.2.23.Final
Besides single improvement (allow custom Tomcat Server implementation - thanks Mathias Schwaninger!), this release is a step toward OSGi CMPN TCK compliance.
I was experimenting with public TCK tests from https://github.com/osgi/osgi/ project (only CPMN Web Applications specification for now) and 136 tests pass out of 138 (I've created osgi/osgi issues for the two remaining tests).
I'm going to check Whiteboard and HttpService TCK tests soon.
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Apr 19, 2023, 2:00:05 AM4/19/23
to Karaf Dev, OPS4J, ops4j-ann...@googlegroups.com
Hello
Current runtime versions are:
Also, this release, together with Pax URL 2.6.14 fully passes official OSGi CMPN TCK for Web Applications specification! (OSGi CMPN chapter 128).
For completeness, the changelogs is available for 8.0.20[1] and 9.0.9[2].
I'd like to announce new minor releases of Pax Web: 8.0.20 and 9.0.9.
- Jetty 9.4.51.v20230217 (8.0.x) and 10.0.15 (9.0.x)
- Tomcat 9.0.74
- Undertow 2.2.24.Final
There's one important change. Johannes Utzig reported slow deployment times in real-world, complex Karaf installation. He found that WAB deployment involved "scanning" of all transitive bundles, while in fact the proper way to scan a WAB is to scan:
- /WEB-INF/classes and /WEB-INF/*.jar of the WAB - or generally - all WAB's entries from Bundle-ClassPath manifest
- all attached WAB OSGi bundle fragments
- all bundles "wired" to the WAB (and its fragments) using Import-Package, Require-Bundle and "osgi.extender" namespace
The scanning however should NOT be transitive (because otherwise we can reach thousands of bundles).
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Jul 26, 2023, 10:48:21 AM7/26/23
to OPS4J, ops4j-ann...@googlegroups.com, Karaf Dev
Hello
Current runtime versions are:
I'd like to announce new minor releases of Pax Web: 8.0.21 and 9.0.10.
- Jetty 9.4.51.v20230217 (8.0.x) and 10.0.15 (9.0.x)
- Tomcat 9.0.78
- Undertow 2.2.25.Final
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Jul 26, 2023, 10:49:55 AM7/26/23
to OPS4J, ops4j-ann...@googlegroups.com, Karaf Dev
Sorry for wrong subject line (forward of previous ANN email...)
Grzegorz Grzybek
Sep 1, 2023, 9:42:58 AM9/1/23
to ops4j-ann...@googlegroups.com, OPS4J, Karaf Dev
Hello
Current runtime versions are:
I'd like to announce new minor releases of Pax Web: 8.0.22 and 9.0.11.
- Jetty 9.4.52.v20230823 (8.0.x) and 10.0.16 (9.0.x)
- Tomcat 9.0.80
- Undertow 2.2.26.Final
For completeness, the changelogs are available for 8.0.22[1] and 9.0.11[2].
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Oct 19, 2023, 12:46:43 PM10/19/23
to Karaf Dev, OPS4J, ops4j-ann...@googlegroups.com
Hello
Current runtime versions are:
There's also a minor QoL improvements/fixes:
I'd like to announce new minor releases of Pax Web: 8.0.23 and 9.0.12.
- Jetty 9.4.53.v20231009 (8.0.x) and 10.0.17 (9.0.x)
- Tomcat 9.0.82
- Undertow 2.2.28.Final
These are important fixes related to recent CVE-2023-44487: HTTP/2 Rapid Reset Attack.
- OSGi security (ServletContextHelper.handleSecurity()) - user was not visible in access log (thanks François de Parscau!)
- Keycloak 19+ (up to 22) integration was not complete
- Additional Tomcat valves (from context.xml) were removed on restart (thanks Stephan Siano!)
- ServletContext.getServletContextName() returned wrong value for WABs (thanks Amichai Rothman!)
For completeness, the changelogs are available for 8.0.23[1] and 9.0.12[2].
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Oct 27, 2023, 9:26:02 AM10/27/23
to OPS4J, ops4j-ann...@googlegroups.com, Karaf Dev
Hello
I'd like to announce new bugfix releases of Pax Web: 8.0.24 and 9.0.13.
- Jetty 9.4.53.v20231009 (8.0.x) and 10.0.17 (9.0.x)
- Tomcat 9.0.82
- Undertow 2.2.28.Final
There's one fix for a problem reported by Amichai Rothman as https://issues.apache.org/jira/browse/KARAF-7773. It is a case where
- dynamic filters registered by ServletContextListeners are not destroyed by Jetty
- ServletContextListeners are not removed during WAB undeployment
For completeness, the changelogs are available for 8.0.24[1] and 9.0.13[2].
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Jan 12, 2024, 3:42:27 AMJan 12
to Karaf Dev, OPS4J, ops4j-ann...@googlegroups.com
Hello
Current runtime versions are:
There's one fix for a problem reported by @liao-qing-hua that "org.ops4j.pax.web.session.timeout" option was ignored.
I'd like to announce new bugfix releases of Pax Web: 8.0.25 and 9.0.14.
- Jetty 9.4.53.v20231009 (8.0.x) and 10.0.19 (9.0.x)
- Tomcat 9.0.85
- Undertow 2.2.28.Final
For completeness, the changelogs are available for 8.0.25[1] and 9.0.14[2].
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Feb 27, 2024, 10:14:29 AMFeb 27
to Karaf Dev, OPS4J, ops4j-ann...@googlegroups.com
Hello
Current runtime versions are:
There's also one fix for a problem reported by Ivaylo Milev about non-working "org.ops4j.pax.web.session.cookie.secure" option.
I'd like to announce new bugfix releases of Pax Web: 8.0.26 and 9.0.15.
- Jetty 9.4.54.v20240208 (8.0.x) and 10.0.20 (9.0.x)
- Tomcat 9.0.86
- Undertow 2.2.30.Final
For completeness, the changelogs are available for 8.0.26[1] and 9.0.15[2].
kind regards
Grzegorz Grzybek
===
Grzegorz Grzybek
Mar 25, 2024, 5:13:37 AMMar 25
to OPS4J, ops4j-ann...@googlegroups.com, Karaf Dev
Hello
Current runtime versions are:
I'd like to announce new releases of Pax Web: 8.0.27 and 9.0.16. Only runtimes are upgraded (Tomcat and Undertow)
- Jetty 9.4.54.v20240208 (8.0.x) and 10.0.20 (9.0.x)
- Tomcat 9.0.87
- Undertow 2.2.31.Final
For completeness, the changelogs are available for 8.0.27[1] and 9.0.16[2].
kind regards
Grzegorz Grzybek
===
Reply all
Reply to author
Forward
0 new messages