1.1 Releases
1.1.6 - 27 Sep 2023
Problems Corrected
- --tls-cipher-list option does not accept TLS 1.3 specific cipher suites.
- Update OpenSSL to version 3.1.2 to mitigate security vulnerabilities.
- Update libxml2 to version 2.10.4 to mitigate security vulnerabilities.
- Swagger download does not work when service-ports and console-ports are not configured on the same TCPIP provide.
Improvements
- Added host name specification to the --service-ports startup option.
- Added the --service-sts-max-age option which allows configuring the Strict-Transport-Security HTTP header on service ports.
- All console download links now send session tokens as HTTP headers instead of query params.
1.1.5 - 27 Mar 2023
Problems Corrected
- Console exception is raised when an ACP is copied and then saved.
- Create dictionary shows an error when the subvolume node is not preceded with a backslash.
- Response properties are serialized as empty objects, when they are mapped individually in the response definition, from fields that are empty and have the hideIfEmpty attribute set.
- The API tester cannot be used, when the console ports and service ports use different TCPIP providers.
- SERVER/SWORKER may abend when message logging is configured and certain errors are returned from the collector serverclass.
Sensitive data is not masked, when the field marked as sensitive in an element in a structure, and the structure is an item in an array.
- Update OpenSSL to version 1.1.1t to mitigate security vulnerabilities.
- Update Apache APR to version 1.7.2 to mitigate security vulnerabilities.
- Update APR-UTIL to version 1.6.3 to mitigate security vulnerabilities.
New Features
- API tester now allows entering an arbitrary base URL,
1.1.4 - 28 Sep 2022
Problems Corrected
- LightwaveAttributes in DDL comments may be ignored when embedded in a multi-line DDL comment.
Improvements
- Update PCRE version to mitigate vulnerabilities
- Add LWSCOM feature to validate licenses
- Add find feature (CTRL-F) to the API Tester
1.1.3 - 17 May 2022
Problems Corrected
- Multiple query param, header, & element mappings with the same name are deserialized incorrectly
- Request with a BLOB response may return an API compiler error
- Request returns 404 when a path component value contains the '.' or '*' character
- API Tester displays "extra" fields when multiple same name parameters are mapped to a single field
- HTTP & Diagnostic logging show as disabled on Console Dashboard when enabled (TNS/E only)
- SERVER / SWORKER may loop when an application server returns an IPM shorter than the dictionary definition
- SERVER may abend if there isn't a filesystem in the default subvol and the --filesystem startup option is not supplied
- LWSCOM environment is invalid if the TACL _DEFAULTS define contains the system name
- Dictionary import/refresh fails if DDL comments cannot be converted to valid XML comments
Improvements
- Performance improvements in JSON de/serialization and internal memory management
- API tester now uses an improved JSON editor
- Update to OpenSSL 1.1.1n to mitigate CVE-2022-0778
- Update libxml2 to v2.9.14 to mitigate security vulnerabilities.
1.1.2 - 28 Sep 2021
Problems Corrected
- Messaging logging reports non-0 CONNECT_HS_TIME when CONNECT_TIME is 0
- API editor does not allow isArray, nillable, or isNull property on element
- Response is serialized incorrectly if multiple Response BODY definitions are defined
- BLOB request returns HTTP 415 when content-type isn't application/json, octet-stream, x-www-form-urlencoded, or text/plain
- Issue with dictionary caching causes excessive filesystem I/O
- Filesystem housekeeping process uses unnecessary read lock operations
- Setting isNull property to non-zero does not work on structures
- Multiple query param, header, & element mappings with the same name are deserialized incorrectly
- Request with BLOB response may return an an API compiler error
Improvements
- Update to OpenSSL 1.1.1l
1.1.1 - 27 Mar 2021
Problems Corrected
[LS-914] - API tester no longer works in Chromium 87+ based browsers
[LS-917] - API Tester will not launch in IE11
[LS-922] - Message Logging meta data is only included when content spec includes "all"
Improvements
[LS-921] - Message logging sets IPM & HTTP lengths on all events, regardless of content selection
Update to OpenSSL 1.1.1k
1.1.0 - 25 Jan 2021
Problems Corrected (since v1.0.10)
[LS-859] - LWSCOM INFO API command may report incorrect number of APIs
[LS-879] - Chunked encoded request returns HTTP 400 status when the chunk & chunk trailer are not received in the same socket recv buffer
[LS-898] - LWSCOM pagesize command may report valid input as invalid
[LS-905] - Process logger may leak memory when debug logging is enabled
[LS-912] - Setting isSet="1" does not work for JSON object serialization when the object is empty
New Features
Add support for TLS 1.3
Add support for Message Logging
Add support for BLOBs
Allow LWSCOM users with read access to the filesystem to execute commands that don't modify the filesystem. See the ALLOW-READ-ACCESS option under the LWSCOM CONTROL FILESYSTEM command.
SERVER process now supports process log configuration using configuration files. See Using Configuration Files.
Add additional Measure counters lw-diag-log, lw-msg-log, lw-pathsend-max, lw-process-max. See Using Measure Counters.