1.1 Releases
1.1.7.1 - 05 Apr 2024
Problems Corrected
Dictionary type view JSON & BINARY tabs show no content.
1.1.7 - 24 Mar 2024
Problems Corrected
Certificate chain building may fail if a self-signed certificate is installed.
PKCS12 import fails if the file was encrypted with legacy ciphers.
Change event number for message INFO Shutdown started from 1202 to 3240.
The service-sts-max-age-option is not recognized on startup.
Properties in JSON response are not serialized in the order defined in the API definition mappings.
Update console footer documentation link.
Update libxml2 to version 2.12.5.
Update openssl to version 3.1.5.
1.1.6 - 27 Sep 2023
Problems Corrected
--tls-cipher-list option does not accept TLS 1.3 specific cipher suites.
Update OpenSSL to version 3.1.2 to mitigate security vulnerabilities.
Update libxml2 to version 2.10.4 to mitigate security vulnerabilities.
Swagger download does not work when service-ports and console-ports are not configured on the same TCPIP provide.
Improvements
Added host name specification to the --service-ports startup option.
Added the --service-sts-max-age option which allows configuring the Strict-Transport-Security HTTP header on service ports.
All console download links now send session tokens as HTTP headers instead of query params.
1.1.5 - 27 Mar 2023
Problems Corrected
Console exception is raised when an ACP is copied and then saved.
Create dictionary shows an error when the subvolume node is not preceded with a backslash.
Response properties are serialized as empty objects, when they are mapped individually in the response definition, from fields that are empty and have the hideIfEmpty attribute set.
The API tester cannot be used, when the console ports and service ports use different TCPIP providers.
SERVER/SWORKER may abend when message logging is configured and certain errors are returned from the collector serverclass.
Sensitive data is not masked, when the field marked as sensitive in an element in a structure, and the structure is an item in an array.
Update OpenSSL to version 1.1.1t to mitigate security vulnerabilities.
Update Apache APR to version 1.7.2 to mitigate security vulnerabilities.
Update APR-UTIL to version 1.6.3 to mitigate security vulnerabilities.
New Features
API tester now allows entering an arbitrary base URL,
1.1.4 - 28 Sep 2022
Problems Corrected
LightwaveAttributes in DDL comments may be ignored when embedded in a multi-line DDL comment.
Improvements
Update PCRE version to mitigate vulnerabilities
Add LWSCOM feature to validate licenses
Add find feature (CTRL-F) to the API Tester
1.1.3 - 17 May 2022
Problems Corrected
Multiple query param, header, & element mappings with the same name are deserialized incorrectly
Request with a BLOB response may return an API compiler error
Request returns 404 when a path component value contains the '.' or '*' character
API Tester displays "extra" fields when multiple same name parameters are mapped to a single field
HTTP & Diagnostic logging show as disabled on Console Dashboard when enabled (TNS/E only)
SERVER / SWORKER may loop when an application server returns an IPM shorter than the dictionary definition
SERVER may abend if there isn't a filesystem in the default subvol and the --filesystem startup option is not supplied
LWSCOM environment is invalid if the TACL _DEFAULTS define contains the system name
Dictionary import/refresh fails if DDL comments cannot be converted to valid XML comments
Improvements
Performance improvements in JSON de/serialization and internal memory management
API tester now uses an improved JSON editor
Update to OpenSSL 1.1.1n to mitigate CVE-2022-0778
Update libxml2 to v2.9.14 to mitigate security vulnerabilities.
1.1.2 - 28 Sep 2021
Problems Corrected
Messaging logging reports non-0 CONNECT_HS_TIME when CONNECT_TIME is 0
API editor does not allow isArray, nillable, or isNull property on element
Response is serialized incorrectly if multiple Response BODY definitions are defined
BLOB request returns HTTP 415 when content-type isn't application/json, octet-stream, x-www-form-urlencoded, or text/plain
Issue with dictionary caching causes excessive filesystem I/O
Filesystem housekeeping process uses unnecessary read lock operations
Setting isNull property to non-zero does not work on structures
Multiple query param, header, & element mappings with the same name are deserialized incorrectly
Request with BLOB response may return an an API compiler error
Improvements
Update to OpenSSL 1.1.1l
1.1.1 - 27 Mar 2021
Problems Corrected
[LS-914] - API tester no longer works in Chromium 87+ based browsers
[LS-917] - API Tester will not launch in IE11
[LS-922] - Message Logging meta data is only included when content spec includes "all"
Improvements
[LS-921] - Message logging sets IPM & HTTP lengths on all events, regardless of content selection
Update to OpenSSL 1.1.1k
1.1.0 - 25 Jan 2021
Problems Corrected (since v1.0.10)
[LS-859] - LWSCOM INFO API command may report incorrect number of APIs
[LS-879] - Chunked encoded request returns HTTP 400 status when the chunk & chunk trailer are not received in the same socket recv buffer
[LS-898] - LWSCOM pagesize command may report valid input as invalid
[LS-905] - Process logger may leak memory when debug logging is enabled
[LS-912] - Setting isSet="1" does not work for JSON object serialization when the object is empty
New Features
Add support for TLS 1.3
Add support for Message Logging
Add support for BLOBs
Allow LWSCOM users with read access to the filesystem to execute commands that don't modify the filesystem. See the ALLOW-READ-ACCESS option under the LWSCOM CONTROL FILESYSTEM command.
SERVER process now supports process log configuration using configuration files. See Using Configuration Files.
Add additional Measure counters lw-diag-log, lw-msg-log, lw-pathsend-max, lw-process-max. See Using Measure Counters.