Release notes
nevisLogRend 8.2405.0.1 - 15.05.2024
Breaking changes
- REMOVED: RHEL8 Linux is no longer supported, it is superseded by RHEL9. RHEL8 is still supported on 7.2405.x (LTS24). (NEVISAUTH-4667)
Changes and new features
- UPGRADED: We upgraded the Jackson third-party dependencies to version 2.17.0. (NEVISLOG-523)
- UPGRADED: We upgraded the Jetty third-party dependencies to version 12.0.8. (NEVISLOG-525)
- UPGRADED: We upgraded the Jakarta servlet api third-party dependency to version 6.0 (NEVISLOG-525)
- UPGRADED: We upgraded the Guava third-party dependency to version 33.1.0-jre. (NEVISLOG-523)
- UPGRADED: We upgraded the Opentelemetry api third-party dependency to version 1.37.0 (NEVISAUTH-4546)
- UPGRADED: We upgraded the log4j third-party dependencies to version 2.23.1. (NEVISLOG-523)
- UPGRADED: We upgraded the slf4j third-party dependency to version 2.0.12. (NEVISLOG-523)
nevisLogRend 7.2402.0.2 - 21.02.2024
Breaking changes
Changes and new features
- UPGRADED: We upgraded the commons-cli third-party dependency to version 1.16.0. (NEVISLOG-518)
- UPGRADED: We upgraded the commons-lang3 third-party dependency to version 3.14.0. (NEVISLOG-518)
- UPGRADED: We upgraded the commons-text third-party dependency to version 1.11.0. (NEVISLOG-518)
- UPGRADED: We upgraded the commons-validator third-party dependency to version 1.8.0. (NEVISLOG-518)
- UPGRADED: We upgraded the jackson third-party dependencies to version 2.16.1. (NEVISLOG-518)
- UPGRADED: We upgraded the jetty third-party dependencies to version 11.0.19. (NEVISLOG-518)
- UPGRADED: We updated the Guava third-party dependency to version 33.0.0-jre. (NEVISLOG-518)
- NEW: Added OpenTelemetry metric number of login applications for product analytics. (NEVISLOG-516)
nevisLogRend 7.2311.0.3 - 15.11.2023
Breaking changes
- REMOVED: We removed the jcan-log and jcan-optrace third-party dependencies. OpTrace logging is replaced by OpenTelemetry. (NEVISLOG-389)
- REMOVED: We removed the deprecated configuration property
application.date.showTimeZoneWithDST
. Use the propertyapplication.date.format
to specify a desired date format. (NEVISLOG-482) - CHANGED: New Jetty version used in nevisLogRend performs more strict validation for TLS connections. The SNI will be checked for matching the hostname in the configured certificate. (NEVISLOG-389)
- CHANGED: In Java 17, the default encoding changed from
ISO-8559-1
toUTF-8
. This affects the default encoding inPropertyResourceBundle
. The litdict properties containing translations in nevisLogrend rely on this default value. (NEVISLOG-374)
Changes and new features
- FIXED: Not found templates now properly producing HTTP status code 404 instead of 500. (NEVISLOG-501)
- NEW: Added RHEL 9 support. (NEVISAUTH-4421)
- CHANGED: We now set the
java.io.tmpdir
system property by default to/var/opt/nevislogrend/<instance>/tmp
. When nevisLogrend is started, Jetty unpacks the nevislogrend .war file there and requires it at runtime. Originally the system /tmp folder was used for this purpose, however at some cases it can happen that a system cleanup job deletes the Jetty prefixed directories which causes nevisLogrend to return errors. (NEVISAUTH-4461) - UPGRADED: We upgraded the commons-lang3 third-party dependency to version 3.13.0 (NEVISLOG-389)
- UPGRADED: We upgraded the jackson third-party dependencies to version 2.15.3. (NEVISLOG-389)
- UPGRADED: We upgraded the guava third-party dependency to version 32.1.3-jre. (NEVISLOG-389)
- UPGRADED: We upgraded the jetty third-party dependencies to version 11.0.17. (NEVISLOG-389)
- UPGRADED: We upgraded the log4j third-party dependencies to version 2.20.0. (NEVISLOG-389)
- UPGRADED: We upgraded Servlet API to version 5. Migration from javax.servlet packages to jakarta.servlet. (NEVISLOG-389)
- UPGRADED: We upgraded the slf4j third-party dependency to version 2.0.9. (NEVISLOG-389)
- UPGRADED: We upgraded velocity-tools-view to a version 3.2-jakarta to support Servlet API to version 5. (NEVISLOG-389)
nevisLogRend 1.22.0.2 - 16.08.2023
Breaking changes
Changes and new features
- UPGRADED: We updated the Jackson third-party dependency to version 2.15.2. (NEVISLOG-494)
- UPGRADED: We updated the Guava third-party dependency to version 32.1.1-jre. (NEVISLOG-497)
nevisLogRend 1.21.0.2 - 17.05.2023
Breaking changes
- REMOVED: We removed the
vmargs
legacy command in administrative cli. Use thenevislogrend <instance> config env
to configure theJAVA_OPTS
. (NEVISAUTH-3134)
Changes and new features
- DEPRECATED: The configuration property
application.date.showTimeZoneWithDST
is deprecated and will be removed in one of the upcoming releases. Use the propertyapplication.date.format
to specify a desired date format. (NEVISLOG-482) - UPGRADED: We updated the Jackson third-party dependency to version 2.15.0. (NEVISLOG-458)
- UPGRADED: We updated the Jetty third-party dependency to version 9.4.51.v20230217. (NEVISLOG-485)
- UPGRADED: We updated the Log4j third-party dependency to version 2.20.0. (NEVISLOG-485)
- UPGRADED: We updated the Slf4j third-party dependency to version 2.0.7. (NEVISLOG-485)
- UPGRADED: We upgraded Snakeyaml third-party dependencies to version 2.0. (NEVISLOG-458)
- NEW: NevisLogRend now uses a graceful shutdown with a 30seconds timeout. Documentation incorrectly stated this so far. (NEVISLOG-491)
nevisLogRend 1.20.0.1 - 15.02.2023
Breaking changes
Changes and new features
- FIXED: Java Util Logging messages were incorrectly logged in
/var/log/messages
due to previous log4j2 upgrade causing the JUL bridging to not work correctly. The proper configuration is now added automatically at runtime. (NEVISLOG-449) - UPGRADED: We upgraded the google autovalue third-party dependency to version 1.10.1. (NEVISLOG-459)
- UPGRADED: We upgraded the Jackson third-party dependency to version 2.14.1. (NEVISLOG-459)
- UPGRADED: We upgraded the Jetty third-party dependency to version 9.4.50.v20221201. (NEVISLOG-459)
- UPGRADED: We upgraded the Slf4j third-party dependency to version 2.0.6. (NEVISLOG-459)
nevisLogRend 1.19.0.2 - 16.11.2022
Changes and new features
- UPGRADED: commons-text third party dependency is upgraded to version 1.10.0. (NEVISLOG-429)
- UPGRADED: google autovalue third party dependency is upgraded to version 1.10. (NEVISLOG-429)
- UPGRADED: jetty third party dependency is upgraded to version 9.4.49.v20220914. (NEVISLOG-424)
- UPGRADED: jackson third party dependency is upgraded to version 2.13.4. (NEVISLOG-424)
- UPGRADED: log4j2 third party dependency is upgraded to version 2.19.0. (NEVISLOG-424)
- UPGRADED: snakeyaml third party dependency is upgraded to version 1.33. (NEVISLOG-419)
nevisLogRend 1.18.0.2 - 17.08.2022
Changes and new features
- UPGRADED: Jackson third party dependencies are upgraded to version 2.13.3. (NEVISLOG-402)
- UPGRADED: Jetty third party dependencies are upgraded to version 9.4.48.v20220622. (NEVISLOG-410)
- UPGRADED: Log4j third party dependencies are upgraded to version 2.18.0. (NEVISLOG-410)
- FIXED: The admin CLI now correctly lists instances located in a symlink directory. (NEVISLOG-406).
- FIXED: We fixed the syntax change issue introduced with Velocity upgrade from version 1.7 to 2.3. (NEVISLOG-409) Velocity Template Syntax Issue - Existing LogRend Instances
It is required to manually patch the existing nevisLogRend instance Velocity templates to the new syntax.
Change the json.vm
template to the new syntax by replacing line 26 to 28 with the following code:
`"label" : "$guiElem.label" #if ($guiElem['validation-failed'] || $guiElem.value || $guiElem.length || $guiElem.format), #end
## if ($guiElem['validation-failed']) "validation-failed" : "$guiGroup.validationFailed" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end
## end ## if ($guiElem['validation-failed'])`
- NEW: SELinux policy templates are now available at /opt/nevislogrend/selinux. (NEVISAPPLIANCE-568)
nevisLogRend 1.17.0.3 - 18.05.2022
Breaking changes
- CHANGED: The previous bc and jcan-log logging using log4j1 is replaced by slf4j using log4j2. jcan-log is now only used by the jcan-optrace, which relies on the slf4j implementation of jcan-log. (NEVISLOG-381).
Log4j2 uses different a configuration structure than log4j1, and they are not compatible. If you are not using nevisAdmin4, you have to migrate the logging configuration manually. Check the default template supplied in the RPM.
nevisLogRend requires a logging.yml file in the instance config directory. If it is missing, or the file is incorrectly formatted, a default configuration logs into the stdout which can be viewed in the systemd journal.
- REMOVED: Deprecated server TLS [configuration property] require-client-auth is removed. Use the successor client-auth. (NEVISLOG-390)
Changes and new features
- NEW: The automatic reload of logging configuration is supported by using the monitorInterval property of log4j2. (NEVISLOG-381).
- FIXED: We fixed the issue, where nvluser, nvbuser, and members of the nevisadmin group could not us the nevisAuth Admin CLI commands. (NEVISLOG-387)
- CHANGED: Number of third party dependencies are reduced in general.
- UPGRADED: Jetty third party dependency is upgraded to version 9.4.46.v20220331 (NEVISLOG-385).
- UPGRADED: Commons-cli third party dependency is upgraded to version 1.5.0 (NEVISLOG-385).
- UPGRADED: Guava third party dependency is upgraded to version 31.1-jre (NEVISLOG-385).
- UPGRADED: Jackson third party dependencies are upgraded to version 2.13.2 and jackson-dababind to 2.13.2.2 (NEVISLOG-385).
- UPGRADED: Auto-value third party dependency is upgraded to version 1.9 (NEVISLOG-385).
nevisLogRend 1.16.0.1 - 16.02.2022
Changes and new features
- REMOVED: The fallback mechanism is removed which redirected .jsp template paths to .vm template paths. This mechanism provided smoother transition to the new Velocity templates, however the old JSP template system was removed years ago. Migration: replace the ".jsp" string with ".vm" in the RenderingProvider parameter of the LoginRendererServlet in the web.xml file of nevisProxy. (NEVISLOG-297)
In case you receive HTTP 405 response status code from nevisLogRend to your requests then most probably you still have a ".jsp" reference somewhere in your configuration.
- REMOVED: The supplied log4j version 1.2.17 is patched to remove vulnerable classes org/apache/log4j/net/JMSAppender.class and org/apache/log4j/net/SocketServer.class. (NEVISLOG-375)
nevisLogRend 1.15.0.9 - 17.11.2021
Changes and new features
- REMOVED: Some Admin CLI commands are deprecated and therefore removed with the November Rolling Release. For more information, see Admin CLI and RPM Installation Changes in 11.2021 RR Release, and "Administrative command-line interface".
In case of using the update installation option of package managers, the installed files under /opt/nevislogrend are corrupted. To fix this, uninstall the nevisLogRend package, and install it again.
When the post-uninstall script in the old package runs afterthe installation of the new package, it assumes a different directory structure under /opt/nevislogrend from what the new package has. As a result. it also removes also from the new installation. When manually running uninstall first and install afterwards, this cannot happen.
nevisLogRend 1.14.0.2 - 05.08.2021
Changes and new features
- FIXED: The hostname verification in a TLS server setting triggered misleading warning messages. Additionally, the description of the relevant hostname verification property server.tls.verify-hostname in the nevisLogRend Reference Guide was incorrect. These issues are now fixed.
- FIXED: The following, non-blocking, error message popped up during instance creation: nevislogrend [FATAL]: Could not access '/opt/nevislogrend/lib'! This bug is fixed.
- DEPRECATED: Some Admin CLI commands are deprecated and will be removed with the November Rolling Release. For more information, see Admin CLI and RPM Installation Changes in 11.2021 RR Release on the NEVISDOC homepage.
- UPGRADED: From now on, the standalone container uses Jetty 9.4.43.v20210629.
- UPGRADED/FIXED: jQuery, from version 3.5.1 to version 3.6.0, to fix a potential security vulnerability.
This fix only applies to newly created instances. Patch existing instances manually. This is because a version upgrade of nevisLogRend does not automatically change the (customizable) relevant jQuery files in the instance directory.
You can find the jQuery files here: /var/opt/nevislogrend/<instance>/data/applications/<application>/webdata/js/
- UPGRADED: Velocity, from version 1.7 to version 2.3.
This upgrade can lead to incompatibilities with old Velocity templates (depending on the variables and syntax you use in your templates).
In the new version, some of the Velocity configurations have been renamed. To find the affected configurations, check the nevisLogRend log files after the upgrade, for WARN log lines in the category org.apache.velocity.deprecation (for an example, see the following code snippet). To rename an affected configuration, follow the instructions in the log line. Keep in mind that in the nevisLogRend application configurations, Velocity properties have a velocity. prefix to distinguish them from the regular nevisLogRend application configurations.
Example log line
2021-07-08 15:37:30,943 main org.apache.velocity.deprecation WARN configuration key 'velocimacro.permissions.allow.inline.local.scope' has been deprecated in favor of 'velocimacro.inline.local_scope'
The chapter "Rendering Engines" in the nevisLogRend reference guide includes an overview of the available third-party Velocity tools. If you use any of these tools, you most likely have to adapt your Velocity templates to change to the new syntax. The following list summarizes the changes:
browser: Changed The previous class BrowserSnifferToolis replaced with the class BrowserTool. The old class is deprecated and removed.
iterator: Changed The previous class IteratorTool is replaced with the class LoopTool.
list: Removed The class ListTool is deprecated and removed. The list tool contained list functions that were not available directly on the list. You can now use list functions directly available on list objects.
alternator: Removed Instead of the AlternatorTool it is suggested using CSS3 nth-child(even/odd) selectors or #if($foreach.index % 2).
link: Changed The previous class LinkTool (tools.LinkTool) is replaced with the class LinkTool (without "tools.").
params: Changed The previous class ParameterParser is replaced with the class ParameterTool.
sort: Changed The previous class SortTool is replaced with the class CollectionTool.
# No automatic conversion of methods arguments
velocity.introspector.conversion_handler.class=none
# Use backward compatible space gobbling
velocity.parser.space_gobbling=bc
# Have #if($foo) only returns false if $foo is false or null
velocity.directive.if.empty_check=false
# Allow '-' in identifiers (since 2.1)
velocity.parser.allow_hyphen_in_identifiers=true
# Enable backward compatibility mode for Velocimacros
velocity.velocimacro.enable_bc_mode=true
# When using an invalid reference handler, also include quiet references (since 2.2)
velocity.event_handler.invalid_references.quiet=true
# When using an invalid reference handler, also include null references (since 2.2)
velocity.event_handler.invalid_references.null=true
# When using an invalid reference handler, also include tested references (since 2.2)
velocity.event_handler.invalid_references.tested=trueGeneral Velocity migration guides from Apache are available here:
http://velocity.apache.org/engine/2.3/upgrading.html/
http://velocity.apache.org/tools/devel/upgrading.html/
nevisLogRend 1.13.0.1 - 05.05.2021
Changes and new features
- NEW: There is a new property available for client authentication in TLS settings: server.tls.client-auth. The new property server.tls.client-auth provides the options "required", "requested", and "disabled". The old property server.tls.require-client-auth is deprecated but remains backwards compatible. If you use the new property server.tls.client-auth, the system ignores the old property server.tls.require-client-auth and logs a warning.
- CHANGE: From now on, the standalone container uses Jetty 9.4.31.v20200723.
- FIXED: On server startup, an invalid configuration caused the error java.lang.NoClassDefFoundError, and nevisLogRend ran in zombie mode. java.lang.NoClassDefFoundError was also not very descriptive of the actual issue. Now in case an invalid configuration is provided, nevisLogRend prints a proper error message and does not start.
- FIXED: When no client-auth was configured, nevisLogRend incorrectly threw a validation error and required a TLS truststore. This bug is fixed: The (one way) TLS truststore is now only required in case the client-auth is "required" or "requested".
nevisLogRend 1.12.0.1 - 04.02.2021
This is a technical release only.
Changes and new features
There are no changes or new features.
nevisLogRend 1.11.0.120 - 30.10.2020
Support for non-standalone deployment
From this release on, only standalone deployment is supported, as mentioned in the Nevis Product Lifetime and Platform Support Matrix.Changes and new features
- FIXED: The bug where internal exception stack traces were shown on the error page when you sent certain invalid requests.
nevisLogRend 1.10.1.3 - 14.09.2020
Changes and new features
- FIXED: The bug where internal exception stack traces were shown on the error page when sending certain invalid requests.
nevisLogRend 1.10.0.101 - 19.08.2020
Changes and new features
- CHANGED: For security reasons, the standalone server now supports less TLS protocols and ciphers by default. See the chapter "Server Configuration Properties" in the nevisLogRend Reference Guide for the updated list of supported ciphers and protocols.
This change may break existing deployments. If you use protocols and ciphers that are supported by default and your clients do not support them, it is recommended that you update your HTTP clients. If this is not possible:
Open the logrend.propertiesconfiguration file.
Specify the protocols and ciphers supported by your clients in the attributes server.tls.supported-protocols and server.tls.cipher-suites.
FIXED: A potential security vulnerability has been fixed, by upgrading jQuery 3.4.1 to 3.5.1.
Note that this fix only applies to newly created instances. Existing instances must be patched manually. This is because a version upgrade of nevisLogRend does not automatically change the (customizable) relevant jQuery files in the instance directory.
jQuery is typically found under: /var/opt/nevislogrend/<instance>/data/applications/<application>/webdata/js/
Do not forget to also update the source files in the instance directory, so that they refer to the new jQuery script.
It is possible that an application is using a very old version of jQuery, for example because the nevisLogRend instance was not revised for a while. In this case, the source files in the application directory using jQuery may not be compatible with the new jQuery version. To resolve this, patch the relevant source files according to the instructions described here: `http://jquery.com/upgrade-guide/.
- FIXED: A bug where spaces inside JVM arguments in the JAVA_OPTS variable (env.conf file) for standalone deployments caused the following error to occur: "Could not find or load main class". This prevented nevisLogRend from starting. To fix this, a new definition syntax as array is now available for the JAVA_OPTS variable, which allows comments to be used between new lines. You can still use the old string type definition, but to fix the previously mentioned error you need to change to the array type definition. For more information, see the chapter "Deployment Types" in the nevisLogRend Reference Guide.
When directly using the server CLI to start nevisLogRend, manually sourcing the env.conf file is no longer necessary. For more information, see the section "Example usage of the standalone CLI" of the chapter "Deployment Types" in the nevisLogRend Reference Guide.
nevisLogRend 1.9.0.93 - 20.05.2020
Changes and new features
- NEW: nevisLogRend now supports enabling hostname verification when client authentication is required in standalone deployment. See the newverify-hostnameattribute in the [Deployment Types]( section of the reference guide for additional information.
- FIXED: A bug causing the response type to be always Html even if "Accept: application/json" was specified when using standalone deployments has been fixed. The fix is located in the velocity template files so it only resolves the issue for newly created instances.
Existing nevisLogrend instances have to be patched manually by editing:
/var/opt/nevislogrend/<instance>/data/applications/<application>/webdata/template/default.vm
Replace the line:
##set( $acceptHeader = $login.requestHeaders.accept)
with:
##set( $acceptHeader = $login.requestHeaders.accept)
##if (!$acceptHeader)
#set( $acceptHeader = $login.requestHeaders.Accept)
##end
This solution works for both adnjboss and standalone deployment types.
- UPGRADED: jQuery has been upgraded to version 3.4.1 in the template for new nevisLogRend instances. Newly created nevisLogRend instances will be based on jQuery 3.4.1. Existing instances are not affected. However, for security reasons, it is recommended that you manually upgrade existing instances that use jQuery. For details, see CVE-2019-11358: `http://access.redhat.com/security/cve/CVE-2019-11358
- REMOVED: Support of "Structured Box Rendering" and "Custom JSP Rendering" is removed completely. If any production environment is affected, migrate to Velocity templates, otherwise contact the Nevis support.
nevisLogRend 1.8.0.88 - 19.02.2020
Changes and new features
- NEW: Variable expression resolution is now available for the JAVA_OPTS variable in the [env.conf]( configuration of the standalone deployment.
- NEW: The default Velocity template now includes the X-UA-Compatible meta tag to ensure better compatibility with the Internet Explorer (IE).
- FIXED: The bug that caused the nevislogrend status command to write warning messages of type "lsof: WARNING: can't stat() ..." in the standard output (standalone deployment type) .
- DEPRECATED: The JBoss and Wildfly deployments have been deprecated. They will be removed in the planned November 2020 release. Use the standalone deployment instead.