Release Notes

Release Notes

New Features and Enhancements

New Features and Enhancements

The 9.2.4.6 release of ActiveVOS includes the following new features and enhancements:
Security enhancements
The 9.2.4.6 release of ActiveVOS includes security enhancements to enforce tighter security for ActiveVOS. By default, all UI related HTTP requests will be automatically redirected to the equivalent HTTPS URLs. Redirection happens both on the server side and on the browser side (because ActiveVOS now uses the HTTP Strict Transport Security header).
The server side HTTPS redirect is enabled for port 443 by default. If you use a custom HTTPS port, you must configure it by using the
ae.web.filter.https.port
JVM property. If the configured port is incorrect, you might encounter issues with the UI.
For Tomcat, JBoss, and WebLogic, by default, the application enables the HTTPOnly flag and Secure flag for the JSESSIONID cookie. This means that by default, the session cookies are set to HTTPOnly to prevent cross-site scripting attacks and the cookies are restricted to HTTPS sessions.
For WebSphere, the HTTPOnly flag and Secure flag are not enabled by default for the JSESSIONID cookie because by default WebSphere does not allow an application to change any attribute of the JSESSIONID cookie. You must manually configure the flags in the WebSphere Admin Console.
Perform the following steps to enable the HTTPOnly flag and Secure flag for WebSphere:
  1. Open the WebSphere Admin Console.
  2. Click
    Application servers
    servername
    Session management
    Cookies
    .
  3. Enter the cookie name as
    JSESSIONID
    .
  4. To add the HTTPOnly flag to the JSESSIONID cookie, select the
    Set session cookies to HTTPOnly to help prevent cross-site scripting attacks
    option.
  5. To add the Secure flag to the JSESSIONID cookie, select the
    Restrict cookies to HTTPS sessions
    option.
For more information about the flags, see the WebSphere documentation.
JMS Messaging Service enhancements
When you configure a JMS Messaging Service, you can define the following properties:
  • Maximum Reconnect Attempts.
    Specifies the maximum number of reconnection attempts that the JMS Manager must make when it tries to connect to the JMS provider.
  • Reconnect Interval (ms).
    Specifies the number of milliseconds to wait between each connection retry attempt.
When you configure a queue listener or a topic listener, you can define the following property:
  • Rollback On Error.
    Select this option if you want to decline messages that encounter an exception, or failed messages, and move to the next message. If you select this option, you must configure how the message server must handle failed messages. For example, you can configure the message server to redeliver failed messages for a specified number of times or move failed messages to a dead letter queue.

0 COMMENTS

We’d like to hear from you!