1.1 Releases

1.1.8 - 24 Sep 2024

Problems Corrected

• ERROR event 1216 is logged at INFO level.

• ERROR event 1202 is logged at INFO level.

• SWORKER process intermittently fails to register with error 201, when the SERVER process primary is abended.

• Update to OpenSSL 3.1.7 to mitigate security vulnerabilities.

Improvements

• Added support for binding console and service ports to a specific IP address when the TCP/IP provider is configured with multiple addresses. See the SERVER --console-ports and --service-ports options.

1.1.7.1 - 05 Apr 2024

Problems Corrected

• Dictionary type view JSON & BINARY tabs show no content.

1.1.7 - 24 Mar 2024

Problems Corrected

• Certificate chain building may fail if a self-signed certificate is installed.

• PKCS12 import fails if the file was encrypted with legacy ciphers.

• Change event number for message INFO Shutdown started from 1202 to 3240.

• The service-sts-max-age-option is not recognized on startup.

• Properties in JSON response are not serialized in the order defined in the API definition mappings.

• Update console footer documentation link.

• Update libxml2 to version 2.12.5.

• Update openssl to version 3.1.5.

1.1.6 - 27 Sep 2023

Problems Corrected

• --tls-cipher-list option does not accept TLS 1.3 specific cipher suites.

• Update OpenSSL to version 3.1.2 to mitigate security vulnerabilities.

• Update libxml2 to version 2.10.4 to mitigate security vulnerabilities.

• Swagger download does not work when service-ports and console-ports are not configured on the same TCPIP provide. 

Improvements

• Added host name specification to the --service-ports startup option.

• Added the --service-sts-max-age option which allows configuring the Strict-Transport-Security HTTP header on service ports.

• All console download links now send session tokens as HTTP headers instead of query params.

1.1.5 - 27 Mar 2023

Problems Corrected

• Console exception is raised when an ACP is copied and then saved.

• Create dictionary shows an error when the subvolume node is not preceded with a backslash.

• Response properties are serialized as empty objects, when they are mapped individually in the response definition, from fields that are empty and have the hideIfEmpty attribute set.

• The API tester cannot be used, when the console ports and service ports use different TCPIP providers.

• SERVER/SWORKER may abend when message logging is configured and certain errors are returned from the collector serverclass.

• Sensitive data is not masked, when the field marked as sensitive in an element in a structure, and the structure is an item in an array.

• Update OpenSSL to version 1.1.1t to mitigate security vulnerabilities.

• Update Apache APR to version 1.7.2 to mitigate security vulnerabilities.

• Update APR-UTIL to version 1.6.3 to mitigate security vulnerabilities.

New Features

• API tester now allows entering an arbitrary base URL, 

1.1.4 - 28 Sep 2022

Problems Corrected

• LightwaveAttributes in DDL comments may be ignored when embedded in a multi-line DDL comment.

Improvements

• Update PCRE version to mitigate vulnerabilities

• Add LWSCOM feature to validate licenses

• Add find feature (CTRL-F) to the API Tester

1.1.3 - 17 May 2022

Problems Corrected

• Multiple query param, header, & element mappings with the same name are deserialized incorrectly

• Request with a BLOB response may return an API compiler error

• Request returns 404 when a path component value contains the '.' or '*' character

• API Tester displays "extra" fields when multiple same name parameters are mapped to a single field

• HTTP & Diagnostic logging show as disabled on Console Dashboard when enabled (TNS/E only)

• SERVER / SWORKER may loop when an application server returns an IPM shorter than the dictionary definition

• SERVER may abend if there isn't a filesystem in the default subvol and the --filesystem startup option is not supplied

• LWSCOM environment is invalid if the TACL _DEFAULTS define contains the system name

• Dictionary import/refresh fails if DDL comments cannot be converted to valid XML comments

Improvements

• Performance improvements in JSON de/serialization and internal memory management

• API tester now uses an improved JSON editor

• Update to OpenSSL 1.1.1n to mitigate CVE-2022-0778

• Update libxml2 to v2.9.14 to mitigate security vulnerabilities.

1.1.2 - 28 Sep 2021

Problems Corrected

• Messaging logging reports non-0 CONNECT_HS_TIME when CONNECT_TIME is 0

• API editor does not allow isArray, nillable, or isNull property on element

• Response is serialized incorrectly if multiple Response BODY definitions are defined

• BLOB request returns HTTP 415 when content-type isn't application/json, octet-stream, x-www-form-urlencoded, or text/plain

• Issue with dictionary caching causes excessive filesystem I/O

• Filesystem housekeeping process uses unnecessary read lock operations

• Setting isNull property to non-zero does not work on structures

• Multiple query param, header, & element mappings with the same name are deserialized incorrectly

• Request with BLOB response may return an an API compiler error

Improvements

• Update to OpenSSL 1.1.1l

1.1.1 - 27 Mar 2021

Problems Corrected

[LS-914] - API tester no longer works in Chromium 87+ based browsers
[LS-917] - API Tester will not launch in IE11
[LS-922] - Message Logging meta data is only included when content spec includes "all"

Improvements

[LS-921] - Message logging sets IPM & HTTP lengths on all events, regardless of content selection
Update to OpenSSL 1.1.1k

1.1.0 - 25 Jan 2021

Problems Corrected (since v1.0.10)

[LS-859] - LWSCOM INFO API command may report incorrect number of APIs
[LS-879] - Chunked encoded request returns HTTP 400 status when the chunk & chunk trailer are not received in the same socket recv buffer
[LS-898] - LWSCOM pagesize command may report valid input as invalid
[LS-905] - Process logger may leak memory when debug logging is enabled
[LS-912] - Setting isSet="1" does not work for JSON object serialization when the object is empty

New Features

Add support for TLS 1.3
Add support for Message Logging
Add support for BLOBs
Allow LWSCOM users with read access to the filesystem to execute commands that don't modify the filesystem. See the ALLOW-READ-ACCESS option under the LWSCOM CONTROL FILESYSTEM command.
SERVER process now supports process log configuration using configuration files. See Using Configuration Files.
Add additional Measure counters lw-diag-log, lw-msg-log, lw-pathsend-max, lw-process-max. See Using Measure Counters.