VMware tc Server 4.1 Release Notes

VMware tc Server 4.1.1 | 06 MAY 2020

VMware tc Server 4.1.0 | 13 APR 2020

Last Document Update: 06 May 2020

What’s in the Release Notes

These release notes cover the following topics:

What’s New in VMware tc Server 4.1.1

  • New tc Runtime Versions:

    • Bundled tc Runtime:
      • 9.0.34.B.RELEASE, equivalent to Apache Tomcat 8.5.54, including the following fixes:
        • Rework the fix for BZ 64021 for better custom class loader support (ASF commit: 47edccf)
        • Fix compilation of JSPs with inner classes with ECJ 4.14 onwards (ASF commit: 85e93fb)
        • Includes CVE-2020-9484
    • On-demand tc Runtimes:
      • 8.5.54.B.RELEASE, equivalent to Apache Tomcat 8.5.54, including the following fixes:
        • Rework the fix for BZ 64021 for better custom class loader support (ASF commit: 33074db)
        • Fix compilation of JSPs with inner classes with ECJ 4.14 onwards (ASF commit: 5bc5ed2)
        • Includes CVE-2020-9484
      • 7.0.103.B.RELEASE, equivalent to Apache Tomcat 7.0.103, including the following fixes:
        • Rework the fix for BZ 64021 for better custom class loader support (ASF commit: b732c45)
        • Fix compilation of JSPs with inner classes with ECJ 4.14 onwards (ASF commit: 94cbea7)
        • Includes CVE-2020-9484

What’s New in VMware tc Server 4.1.0

This VMware tc Server release includes the following new features and changes:

  • Features Highlights:

    • Kubernetes Friendly Features
      • YAML File Format supported for instance descriptor file
      • Deploy a .war file during instance creation
      • Run an instance after creation
      • Install templates automatically from the template repository
      • Install tc Runtime automatically version from tc Runtime Repository
    • Encoded Properties changes:
      • Removed support for tcEnc (support for s2enc was removed in previous release)
      • The encode command will use an instance’s catalina.properties for passphrase information and automatically encode the specified properties.
    • Java Support
      • The minimum supported Java version for the tcserver command is 8.
      • A tc Runtime Instance version 7.0.x may still be created and ran with Java 6+ by using the --java-home option.
      • A tc Runtime Instance version 8.5.x may still be created and ran with Java 7 by using the --java-home option.
    • Automatic download of runtimes
      • tc Server will automatically attempt to download the tc Runtime version specified to create if it isn’t found locally. This feature may be turned off by setting runtimes.ondemand=false in conf/tcserver.properties
  • tc Runtimes:

    • Our bundled tc Runtime version:
      • 9.0.33.A.RELEASE, equivalent to Apache Tomcat 9.0.33
    • On-demand tc Runtime versions:
      • 8.5.53.A.RELEASE, equivalent to Apache Tomcat 8.5.53
      • 7.0.103.A.RELEASE, equivalent to Apache Tomcat 7.0.103

Security and Vulnerability Information

All CVEs (Common Vulnerabilities and Exposures) are registered with cve.mitre.org. Once the CVE information is released to the public, it can take some time before this site is updated with all the details. If you do not see the updated CVE information, please visit Apache Tomcat’s Security pages for more detailed information about the CVE.

Here are the links to Apache Tomcat security and vulnerability details per release:

Known Issues

Issue Number Description
N/A The default OpenJDK build of Java 9 on Ubuntu is a non-GA version and will cause issues when running tc Server. Upgrade to a GA version of OpenJDK to resolve the issues.
N/A As of tc Runtime versions 7.0.100.A.RELEASE, 8.5.51.A.RELEASE, and 9.0.31.A.RELEASE the AJP connector attributes have changed. Unmodified server.xml files may result in the following message in the catalina.log Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid. Please see https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html for how to update the configuration. AJP Template documentation

Glossary

Term Definition
tc Runtime tc Runtime is the Apache Tomcat runtime binaries packaged for use by tc Server. See tc Server Versioning to understand the naming scheme.
Bundled tc Runtime This is a tc Runtime that is packaged with the tc Server installation. For example tc Server 4.0.0 has tc Runtime 9.0.6.B.RELEASE bundled in the distribution.
On-demand tc Runtime This is a tc Runtime that is available for download by using the tcserver get-runtime command or by manually downloading the tc Runtime from VMware Tanzu Network. You can see the available tc Runtimes by calling the tcserver list-runtimes command.

tc Server Versioning

The tc Runtime version refers to the corresponding Apache Tomcat release. A letter is added to indicate whether additional patches not yet released by the Apache Software Foundation are applied.

For example:

  • tc Runtime 9.0.33.A.RELEASE is equivalent to Apache Tomcat 9.0.33.
  • tc Runtime 9.0.33.B.RELEASE is equivalent to Apache Tomcat 9.0.33 plus important bug fixes, enhancements, or security fixes. The letter could also refer to a pre-release of Apache Tomcat 9.0.34.

    The letter is incremented (9.0.33.C.RELEASE, 9.0.33.D.RELEASE, and so on) if additional patches or security fixes are applied after a release is named and released.

See the Apache Tomcat changelogs for a list of improvements introduced by release: