More complete notes are at http://caucho.com/resin/changes/resin-3.2.1.xtp and the changelog is at http://caucho.com/resin/changes/changes.xtp.
Resin 3.2.1 is the development branch and is subject to large changes for each revision, including a fairly high probability of introduced bugs. The Resin 3.2.x branch is the working branch for the upcoming JavaEE 6 specifications. Since those specifications are still in the early draft stage, even the APIs may change from revision to revision. Most deployments needing more stability will want to use the Resin 3.1.x branch. Resin 3.2.1 had three major changes: Quercus fixed a large number of accumulated bugs, the Hessian 2.0 draft and implementation had a major bytecode revision, and OSGi has been introduced as a mechanism for managing jars, libraries, and services. 1) Security - two potential security issues fixed in 3.2.1: *) a potential denial-of-service issue with mod_caucho and virtual hosts (main symptom is a very large /tmp/localhost_6800 file) *) a potential XSS issue with Resin's 404 involving UTF-7. We're also working on a 3.0 release for early next week including those fixes. 2) Quercus. *) We've added Moodle to our focus applications (Mediawiki, Wordpress and Drupal). Moodle is an academic courseware framework that has become very popular. *) Many, many bug fixes. 3) Hessian 2.0 *) We're revising the Hessian 2.0 draft so we can finally submit it to the IETF. The changes in the bytecode allocation are not compatible for earlier versions of the Hessian 2.0 draft, so you will need to update both clients and servers for Hessian 2.0. 4) OSGi support *) We're treating OSGi as a versioning manager for Resin's class loaders and jars, and as a service manager. Each web-app has its own OSGi manager serving jars and services. We'll be writing more details on how this works in the next few weeks. _______________________________________________ resin-interest mailing list [email protected] http://maillist.caucho.com/mailman/listinfo/resin-interest
