Resin Download Archive

Resin 4.0.66



Bug fix release.

Change List

  • security: windows-specific URL file visibility issue.
  • ssl: add certificate-chain-file to sni-host (#6434, rep by Brygid)
  • misc: synchronize ScriptStackTrace (#6435, rep by M. Secrett)
  • config: add config for watchdog-jvm_args
  • database: in XA when a first getConnection() has a sql error, a second getConnection() wasn't properly returning the first (#6407, rep by Mitsuo Shimomura)
  • server: HttpRequest header/url expansion isn't correctly recalculating tail (#6391, rep by cyflhn)
  • server: LibraryLoader isModified needs synchronization because of shared _newPathList (#6395, rep by Mitsuo)
  • config: use access_log_format from in cluster-default (#6380, rep by mitsuo)
  • ssl: add null check for JNI free of string argument (#6378, rep by J. Blachon)
  • health: SendMail connection errors shouldn't force restart (#6374, rep by S. Sampgaonkar)
  • ssl: add ssl="true" to HttpProxy (#6343, rep by C.Fernandez)
  • ssl: use openssl_cipher_suite from (#6369, rep by Kok-Chai)
  • servlet: url map syncronization during startup
  • http: transfer-encoding chunked has priority over content-length (#6365, rep by shampster)
  • watchdog: remove -Xmx limitation on watchdog, instead launching with normal memory (#6329, #6330, rep by M. Shimomura, Gabriel Costea)
  • watchdog: update schema cache to use native path
  • windows: windows setup.exe fails when reading registry Services (#6400, rep by ahoroviy)

Resin 4.0.65



Bug fix release.

Change List

  • redirect: escape urls for resin:MovedPermanently (#6348, rep by stbu)
  • jsp: JspPrecompileListener can't use more than one thread because of shared tags (#6350, rep by Mitsuo)
  • websocket: flush() was called on output stream because normal servlet request flush wasn't disabled (#6339)
  • log: update access log to support long content length (#6355, rep by stbu)
  • form: update int/long to handle large uploads (#6349, rep by stbu)
  • cloud: improve debug message for connection failure (#6352)
  • anomaly: add auto thread dump for anomalous request time (#6318, rep by Mitsuo)
  • webapp: startup logging in webapp (#6346, rep by R. Mann)
  • admin: manage tag ids with special characters (#6341, rep by stbu)
  • thread: add timestamp for low-level ThreadPool (#6338)
  • openssl: add +/tlsv1.3 (#6314, rep by O. Aiken)
  • class-scan: catch and continue from .class parse exceptions
  • access-log: add %{param}p for parameter (#6305, rep by Yoo)
  • websocket: avoid wrapping IOException in IllegalStateException (#6326, rep by James Byatt)
  • jdk: EventManager need to use ConcurrentHashMap.putIfAbsent, not Map.putIfAbsent (#6331, rep by alis
  • config: openssl-protocol, openssl-cipher-suite, openssl-chain-file (#6316)
  • health: avoid reporting time outside window as downtime (#6300, rep by M. Shimomura)

Resin 4.0.64



Big fix release.

Change List

  • cluster: fix heartbeat close
  • deploy: fix duplicate remote deploy
  • config: add jvm_classpath to cluster-default.xml (#6311)
  • config: add access_log_format (#6302, rep by T. DeHaan)
  • jdk: TcpPort._activeConnectionSet.keySet() must use Map api (#6294, rep by Y. Guedj)
  • jdk: getAttribute should not wrap AttributeNotFound (#6297)
  • jdk-compat: dynamic Logging during initialization (#6293)

Resin 4.0.63



Bug fix release.

Change List

  • port: thread launchers were started before initialization (#6287, rep by A. Thai)
  • session: SessionImpl should not clear _isModified on no-change load (#6289, rep by alpor9)
  • jdk: use Map.keySet() instead of ConcurrentHashMap.keySet() for linking issues (#6288, rep by A. Thai)
  • server: on HMUX requests, wait for server start
  • server: keepalive timeout needs to killKeepalive not turn to active (#6268, rep by M. Shimomura)
  • http: HttpsEmbed missing jsse.init() (#6282, rep by mikeb01)
  • jdk-compat: jdk init with -javaagent cannot use logging from appendToClassPathForInstrumentation (#6279, rep by M. Shimomura)
  • http: HttpProxy encoding issue with ch>0x8000 (#6276)
  • admin: added resin.admin.heap-dump.file system property for heap-dump directory (#6242 rep by Oneshin)
  • hessian: close of Hessian proxy stream when result is inputstream (#3655, rep by Mattias Jiderhamn)
  • config: add health_log_expire_timeout (#6271, rep by K. Ng)
  • jsp-el: issues with bean getters and get() (#6269, rep by Mitsue Shimomura)
  • remote: allow JDK11 w/o WebService class (#6266, rep by Matt S)
  • jdk-compat: TcpPort.close() exception on JDK6/7 (#6254)
  • mod_caucho: handling of https forwarding
  • file: add default-content-type to FileServlet (#6237, rep by stbu)
  • config: add openssl_chain_file to cluster-default.xml (#6253)
  • dist: split out jpa-16.jar from javaee-16.jar

Resin 4.0.62



Bug fix release.

Change List

  • distribution: update .jar versions and remove jars with possible conflicts
  • cloud: distributed server update issue with .git/refs (#6238, rep by Andrew Thai)
  • elastic: cleanup of join server-id and server-address, and timeout (#6236, rep by Chris Daniel)
  • ssl: add trust-store-algorithm and trust-store-provider to jsse (#6235)
  • ssl: add key-manager-password and key-store-password to jsse (#6233)
  • ssl: add key-manager-algorithm and key-manager-provider to jsse (#6234)
  • spring: add ClasspathPath to MergePath.addClassPath (#6227)
  • websocket: add (#6228)
  • integration: WebApp.getMimeMapping (#6230)
  • integration: WebApp.getLocaleMapping (#6231)
  • security: setting setServerHeader to null will remove Server header (#6224, rep by Dharanidhar)
  • file: cache file updates when webapp-jar changes (#6223, rep by Steffan Busch)
  • debian: update debian release
  • elastic: add server-timeout to resin:ElasticCloudService (#6218, rep by Naohisa)
  • quercus: find interface method if available (#6221)
  • elastic: add --elastic-server-index (#6216, rep by Naohisa)
  • security: foo.;html produces 500 exception (#6217, rep by Steffan Busch)
  • security: j_security_check with no auth should issue warning and 404 instead of 500 (#6219, rep by Steffan Busch)
  • servlet: don't reuse form/invocation ByteToChar when very large (#6220, rep by Naohisa)
  • embed: add HttpsEmbed (#6193, rep by mikeb01)
  • jmx: add application-hash to WebAppMXBean (#6202, rep by Naohisa)

Resin 4.0.61



Bug fix release, including security fixes.

Change List

  • security: additional invalid-URL rejection for matrix parameters
  • file: redirect must not html convert the location (#6212, rep by stbu)

Resin 4.0.60



Bug fix release, including important security fixes related to invalid URL detection.

Change List

  • security: invalid-URL rejection for matrix parameters
  • file: redirect must not html convert the location (#6212, rep by stbu)
  • embed: force close of file descriptors (#6208)
  • webapp: add info log when WebApp does not start within active-wait-time starts (#6197)
  • hessian: added default blacklist classes
  • deploy: added alarm for deployment .git gc
  • deploy: .git changes to allow for git clone from resin-data

Resin 4.0.59



Bug fix release.

Change List

  • database: avoid loop when shared XA connection fails allocation (#6200, rep by Naohisa Ohshima)
  • http-proxy: escape utf-8 urls when used in rewrite (#6198, rep by Yoo)
  • config: updated for http examples
  • cluster: cluster .war deployment issues (#6188)
  • tcp: only force socket close on shutdown in test mode to avoid threading issues (#6190, rep by Babak Hefezi)
  • jsp/embed: jsp taglib detection issues with embedded resin (#6191, rep by Tyson Weihs)
  • access.log: truncation of long url in access.log needs matching truncation headers (#6168, rep by Steffen Busch)
  • file: redirect needs to encode with HTML encoding (#6184, rep by marc82ch)
  • embed: deadlock with ResinEmbed and type introspection (#6177, rep by mikeb01)
  • load-balance: cookies losing double quotes (#6181)
  • quercus: curl needs to use TLSv1.2 as default

Resin 4.0.58



Bug fix release.

Change List

  • servlet: AsyncContext timing issues due to back-compat (#6168)
  • servlet: add load-on-startup-allow-fail (#6171)
  • config: add openssl_protocol and openssl_cipher_suite to (#6169)
  • quercus: exception wrapping when stack trace is missing or empty
  • network: change SocketLinkThreadLauncher to permanent (#6166, rep by samlmax)
  • servlet: immutability of getParameterValues (#6172, rep by waiwong)
  • classloading: scanning of module-info should be skipped (#6170)
  • security: invalid URL detection with filters
  • quercus: QuercusContext array extension using wrong variable
  • session: added cookie-same-site for version=0 (#6167, rep by stbu)

Resin 4.0.57



Bug fix release.

Change List

  • rewrite: added IfProtocolVersion (#6162, rep by stbu)
  • session: added cookie-same-site config for JSESSIONID cookies (#6140)
  • security: critical security issue related to URL normalization and servlet mapping (#6164)
  • resin-admin: clarify that dynamic servers cannot contact other dynamic servers directly (#6128)
  • web-app: possible deadlock/delay in startup (#6159, rep by drsskelkar)
  • elastic: missing synchronization on cloud update (#6152)
  • dependency: dependency-check of 0 forces synchronous check (#6116)
  • elastic: elastic server issues with dist-cache pod (#6157)
  • logging: default to LogManager.addLogger when EnvironmentLogger creation fails (#6121)
  • quercus: use alarm for timeouts instead of spawning new thread (#6156)
  • jdk10: removed -d64 from watchdog start
  • configure: change openssl test to ssl2.h (#6154, rep by gattu)

Resin 4.0.56



Bug fix release, including fixes to distributed sessions/distributed database.

Change List

  • start: remove -d64 from watchdog launch for jdk10 (rep by Steffan Busch)
  • db: restore deletion timeout to avoid deleting session data prematurely (#6130, #6066)
  • db: add log warning when db init fails due to filesystem full (#6149)
  • ssl: javax.servlet.request.key_size was string (#6151, rep by Mathias Lagerwall)
  • db: always validate indexes on startup
  • ioc: @Named("red.lion" vs @Named("red.tiger") (#6150, rep by thorbjoern)
  • admin/restart: logging reasons for web-app restart
  • db/cache: timing related issues on start/stop
  • openssl: add sni support (#6124, %5574)
  • log: add %{ssl_protocol}V and %{ssl_cipher_suite}V to access log config (#6113, rep by Steffen Busch)
  • servlet: multiple url-pattern in web fragment (#6127)
  • gzip: add min-gzip-size based on content-length header (#6112, rep by stbu)
  • jdbc: add wrapper methods for JDBC 4.2 (#6082)
  • access.log: NPE with logging bad-request (#6123, rep by Steffen Busch)
  • pdf: report date and snapshot time need to match (#6114)
  • cli: Removed config-deploy because it is too brittle to deploy reliably

Resin 4.0.55



Bug fix release.

Change List

  • config: simplified resin.xml and to remove unused capabilities
  • win32: error messages related to permissions for win32 services (#6092)
  • LogService: configuration in health.xml with health_log_level (#6110)
  • jmx: MemoryUsage from MBeanServer returning unexpected type (#6106)
  • start: removed automatic setting of endorsed directory for Java 9 (#6107)
  • quercus: issues with not-reloading compiled .php pages (#6091)
  • webapp: web-app shutdown-wait-max needs to default to server-default value (#6096)
  • servlet: programmatic login with form-login (#6104, rep by nono)
  • http: HTTP read issue when TCP packet in URL (#6093, rep by zhaown)
  • db-pool: recover from non-matching PoolItem (#6099)
  • webapp: allow expand-preserve-fileset in web-app (#6102, rep by mnsh)
  • file: encoding of directory names (#6100, rep by stbu)
  • ssl: allow empty password for openssl (rep by Steffen Busch, #6103)
  • cli: "console" and "gui" were exiting immediately (rep by Naoki, #6101)

Resin 4.0.54



4.0.54 bug fixes

Change List

  • elastic: dynamic server timeouts not properly handled (#6088)
  • log: add archive-format to watchdog-log (#6081)
  • network: timing issue with thread launcher (#6089)
  • network: add 120s failsafe to thread launcher (#6089)
  • admin: hessian whitelist issue with ObjectName (#6043, rep by Shinomiya NObuaki)
  • admin: add web-app information to CLI status (#6056)
  • deploy: deploy issues from /resin-admin (#6050, rep by Shinomiya Nobuaki)
  • log: add getFormatter() support for SyslogHandler (#6087)
  • servlet: change access log NPE logging to see stack trace (rep by Steffen Busch)
  • servlet: error-page for 400 (#6076, rep by stbu)
  • servlet: session issues when using ScheduledTask (#6080, rep by kenjrwalker)
  • servlet: multipart form error attributes (#6077, rep by Steffen Busch)
  • log: log rotation timing issues on HP-UX (#6079)
  • cache: rename javax.cache to com.caucho.cache to avoid conflict with final spec (#6071)
  • admin: NPE in JavaClassDef.getField (#6074)
  • actor: backport actors actor from Baratine for HP-UX issues
  • dump_heap: hprof-path must use getNativePath() for windows (#6072)
  • mod_caucho: redirect issue with query parameters (#6054)
  • cache: kill keepalive when cache is invalid (#5982, rep by jfblachon)
  • cdi: timing issue with ApplicationScoped beans (#6639, rep by Jose Fernandez)
  • cluster: cleanup of heartbeat period and timeout (#5904, rep by Tom Pohl)
  • servlet: i18n issues with encodeRedirectURL over 0x8000 (#6069, rep by marc82ch)
  • servlet: handling of stale web-app while processing error page
  • jsse: default system properties moved to resin.xml (#6063, rep by Marc Wiest)
  • jsse: honor-cipher-order (#6067, rep by stbu)

Resin 4.0.53



Bug fix release.

Change List

  • install: issue with symlink and existing directory (#5951, rep by A. Hilliard)<\ /li>
  • webapp: sync issues with starting (#5979, rep by Mathias Lagerwall)
  • php: preload was switched to load (#6059, rep by kpokrovsky)
  • jsp: multiple free of BodyContext (#6061)
  • jsp: .smap issues with invokedynamic constant pool (#6060, rep by mnsh)
  • mod_caucho: updates to ;jsessionid stripping (#6057, rep by Shinomiya Nobuaki)<\ /li>
  • health: added configure to disable health checks and logging (\ #6055)
  • rewrite: NPE when web-app stopped and rewrite rules used (#6048, rep by stbu)
  • Resin 4.0.52



    Bug fixes centering on database stability and access.log.

    Change List

    • apache: reencode 0x0d for uri in mod_caucho
    • jsse: set default JSSE settings to higher levels (#6051, rep by VasumathiN)
    • jmx: issues with queries and wildcards (#6041, rep by kpokrovsky)
    • health: need finally, and catching of exception
    • jsp: analysis of InvokeDynamic (#6037, rep by alpor9)
    • database: validation of database file extension size (#6045, rep by Shinomiya Nobuaki)
    • rollover: multiple rollover configuration not properly update (#6033, rep by Shinomiya Nobuaki)
    • access.log: multiple <access-log> not properly handled (#5920)
    • getResource: return "file:" url for normal resource in getResource (#6049)
    • db-pool: min-idle-count registered with transaction
    • database: meta-allocation-table write issues (#6046)
    • database: free row allocation performance issues (#6044)
    • access.log: possible corruption by multithreading (#6038)
    • classloader: relative path validation for getResource (rep by Steffen Busch)
    • servlet: strip path parameters from getPathInfo CVE-2016-9879 (#6036, rep by mtryhoen2
    • rewrite: rewrite in host with resin:IfXXX adds extra log (#5943, rep by stbu)
    • session: session.refCount issues with forward and loaded session (#6039, rep by Shinomiya Nobuaki)

    Resin 4.0.51



    Bug fix release, primarily focused on database timing issues, and hessian whitelisting.

    Change List

    • database: timing fixes for block load and write
    • thread: task timing allows spurious LAUNCH error
    • hessian: add allow/deny/whitelist for the deserializer
    • request: NPE in finishRequest for callbacks and getLocale() (#6028)

    Resin 4.0.50



    Resin 4.0.50 bug fix release.

    Change List

    • range: range issue with out-of-range request
    • apache: missing 4th argument to apr_pool_cleanup_register
    • openssl: detect shutdown for SSL read
    • deploy: use full .war for internal .git

    Resin 4.0.49



    Bug fix release 4.0.49

    Change List

    • jsse: allow substrings (RC4) for cipher-suites-forbidden (#4987)
    • pdf: add -server support for CLI pdf-report (#5950, rep by Nobuaki)
    • HttpProxy: lower default idle time to 2s (#6001)
    • multipart: multipart headers need to be parsed with encoding (#5942, rep by bjornolsson)
    • dist: validator needs to be in webapp-jars for classloading (#6000, rep by msouthall)
    • iis: IndexOutOfRangeException in Caucho.IIS.LoadBalancer.OpenServer (#5990, rep by S. Szeto)
    • win: sendfile issues with URL length
    • CLI: deploy-ls and deploy-cat swapped (#5983)

    Resin 4.0.48



    Bug fixes related to database and session corruption.

    Change List

    • Database corruption/locking issues after deletion

    Resin 4.0.47



    • JDK 6 compability
    • Distributed session database synchronization issues

    Change List

    • session: fixes related to Java deserialization (#5947i)
    • distcache: locking overhead reduced (#5962)
    • distcache: update remove query and locking (#5952)
    • session: fixes related to session removal/timeout (#5952)
    • compile: jdk5 compile issues (#6940)
    • cache/mmap: jdk6 compatibility (#5959, #5960i)

    Resin 4.0.46



    bug fix release

    Change List

    • jsp: tag loading issue due to WEB-INF case (#5936)
    • table: improper early closing of file on shutdown (#5946)
    • servlet: drop instantiation check for instances of servlets and filters (#5934)
    • jsse-ssl: add support for honor-cipher-order (#5939)
    • jsp: reflection not properly scoped to class-loader context (#5944)

    Resin 4.0.45



    Resin 4.0.45 - bug fix release

    Change List

    • session: change shutdown state machine to allow getAttribute on invalidating session (#5919, rep by Shinomiya Nobuaki)\
    • build: remove LoadTimeWeaver (#5923, rep by M. Barker)
    • watchdog: change default -Xss to 1m (#5927, rep by anupmondal)
    • servlet: check for dual registration of ServletContextListener (#5893, rep by Matias Lagerwall)
    • jsp: share classloading of .tag files (#5914, rep by nfedorov)
    • dyn-server: on server restart, allow same address:port (#5903, rep by Tom Pohl)
    • dyn-server: added lock in resin-data to ensure multiple servers cannot use same data (#5902, rep by Tom Pohl)
    • ssl: allow OpenSSL ECC support for forward secrecy (#5906, rep by Nick Stephens)
    • db: add validation and restart for corrupted BTree index (#5912, rep by wesleywu)
    • build: allow for JDK 8 build (#5901, rep by dave)
    • health: removed perm gen checks (#5910)
    • ejb: ejbTimer.cancel() needs to remove timer from getTimers() (#5891, rep by bbik)
    • servlet: FileService character-encoding should exclude images (#5907, rep by Mathias Lagerwall)

    Resin 4.0.44



    Resin 4.0.44 - bug fix release

    Change List

    • class-loader: excessive reread of jar certificates (#5850, rep by konfetov)<\ /li>
    • log: add sanity check for log rollover (#5845, rep by Keith F.)
    • deploy (git): use utf-8 to store path names (#5874, rep by alpor9)
    • websocket: setTimeout was being overridden by Port keepaliveTimeout (#5841, \ rep by A. Durairaju)
    • jni: on windows, skip JNI for File metadata like length (#5865, rep by Mathi\ as Lagerwall)
    • db: isNull issues with left join (#5853, rep by Thomas Rogan)
    • websocket: check for socket close on startTextMessage (#5837, rep by samadam\ s)
    • log: when log rollover fails, log to stderr (#5855, rep by Rock)
    • filter: allow private instantiation (#5839, rep by V. Selvaggio)
    • rewrite: added SetRequestCharacterEncoding (#5862, rep by Yoon)
    • health: change health check timeout to critical instead of fatal to allow fo\ r development sleep (#5867)
    • alarm: timing issue with warnings and alarm extraction (#4854, rep by SHinom\ iya Nobuaki)
    • session: orphan deletion throttling needs faster retry time (rep by Thomas R\ ogan)
    • mod_caucho: slow PUT/POST uploads with Apache 2.4 (#5846, rep by Stegard)

    Resin 4.0.43



    Resin 4.0.43 is a bug fix release.

    Change List

    • openssl: use SSL_free in connection close
    • mod_caucho: slow PUT/POST uploads with Apache 2.4 (#5846, rep by Stegard)

    Resin 4.0.42



    Resin 4.0.42 bug fix release

    Change List

    • websocket: read loop needs to use getAvailableBuffer() (ep by Arun Durairaju)
    • bam: too much logging for queue full (rep by Dan Stilts)
    • bam: use smallest queue for remoting instead of round-robin to handle frozen connections (rep by Dan Stilts)
    • comet: cleanup of comet state machine (#5826, rep by S. Nobuaki)
    • cxf: missing servlet config for CXFProtocolServletFactory (#5825, rep by balaiitm)
    • servlet: setHeader("foo", null) now removes header value (#5824)
    • db: fixed expires and orphan queries to remove expired sessions (#5748, rep by Thomas Rogan)
    • ejb: added scan-persistence-xml to <ejb-server> to allow disabling of persistence-unit scanning (#4908)
    • ssl: update openssl option processing. Update SSL_free/SSL_new
    • health: add snapshot-jmx and snapshot-heap-dump to avoid issues on weekly reports (#5495, rep by ssbbartgroup)
    • chdir to $RESIN_HOME before starting (#5668, rep by balaiitm)
    • apache: NPE issues with Apache locking (#5747, #5744, rep by vicsanca, ssmax)
    • apache: configure/make issues with Apache 24
    • jni: add loading of classes/native/*.so (or native/*.so in a jar) (#5760, rep by William Damage)
    • openssl: SSL field (ssl_sock) value was being cleared by std.c (#5815, rep by Nick Stephens, Sarah Gillespie)
    • openssl: SSLv3 is now disabled by default (#5819)
    • health: StartProfiler was saving data in text, not json (#5736, rep by S Nobuaki)
    • admin: load-balance connection state could get stuck in "starting" on certain success cases (#5653)
    • async: on comet restart, allow the previous state to be completed (#5684, rep by KC Baltz)
    • async: send 500 on empty response with timeout (#5570, rep by Shinomiya Nobuaki)
    • async: issues with starting async in forward (#5544, rep by Shinomiya Nobuaki)
    • cache: update FileServlet to generate ETag including mime-type to support mime-type updates (#5761, rep by M. Lowe)
    • servlet: multipart parts were not supported for namedDispatcher forward (#5543, rep by Shinomiya Nobuaki)
    • dbpool: on manual init(), do not register JNDI, CDI, or JMX (#5595, rep by Shinomiya Nobuaki)
    • webapp: sort initializers by web-fragment (#5514, rep by beamerblvd)
    • ring-queue: offer with no wait and full requires a wake before blocking (#5599)
    • jsp: allow binary output stream with non text/ contentType (#5027)
    • async/gzip: issues with async combined with gzip (#5033)
    • rpm: added %postun to shutdown resin (#5635, rep by S. Gillespie)
    • i18n: classloading issues with utf-8 names (#5549, rep by konfetov)
    • database: use JDK's ReentrantReadWriteLock instead of custom Resin lock (#5624, rep by Shinomiya Nobuaki)
    • database: on close, fsync validation is does not allow for late writes (#5636, rep by Shinomiya Nobuaki)
    • servlet: relax checking of public for Filter constructor (#5701)
    • log: limit log message database (#5802, rep by R. Murayama)
    • database: force remove of old file when file is created (#5803, rep by R. Murayama)
    • jni: only epoll is supported as select-manager (#5811, rep by qjian)
    • jni: on windows use File.lastModified() instead of stat result to avoid windows DST bug (rep by Jason Barr)
    • health: add <mail> to PdfReport configuration (rep by Steffen Busch)

    Resin 4.0.41



    Resin 4.0.41 bug fix release

    Change List

    • health: update PdfReport on start to log warning messages for mail (#570, rep by \ D. Tapsell)
    • servlet: ServletContextListener was called twice when registered from ServletCont\ ainerInitializer (#5611, rep by Gerrit Janssen)
    • scheduled-task: check for early task call (#5709, rep by Daniel Jimenez)
    • gzip: gzip response needs to filter out content-length (#5777, rep by wxiaoguang)\
    • jni: update EINTR processing for poll/nonblocking read (#5627, rep by bean)
    • log: ensure rollover worker is called after flush (#5785, rep by mros2stf)
    • log: missing timestamp due to buffer fill condition (#5794, rep by Daniel Jimenez\ )
    • health: add "DISABLED" state to HealthStatus for disabled health checks (#5711, r\ ep by Shinomiya Nobuaki)
    • dbpool: reduce logging level for dbpool driver close, because exception are expected in Mysql (#5637, rep by Srikanth Pulikonda)
    • cli: added -timeout to deploy command (#5598, #5597)
    • openssl: add +tlsv1.1 and +tlsv1.2 (#5682, rep by Sarah Gillespie)
    • servlet: welcome-file processing with query string creates duplicate for getParam\ eterValues (#5642)
    • servlet: content-type and application/json (#5565, rep by 54chen)
    • health: add ping-port attribute to HttpStatusHealthCheck in health.xml (#5572)
    • async: allow dispatch() in onTimeout() (#5779, rep by azuo_lee)
    • ssl: jni ssl mmap support must go through OpenSSL API (#5790, rep by N. Kikhia)
    • jni: calculate_poll_result could return invalid value (#5632, rep by bean)
    • session: check for NPE on shutdown (#5633, #5681 rep by M. Jindal)
    • configure: change ln -sfT to ln -sf for Mac install (#5717, rep by wileysaw)
    • io: null source check on read (#5731)
    • config: jvm-arg not properly picking up dynamic (#5793, rep by daniel)<\ /li>
    • jni: use _filelengthi64 for windows JniRandomAccessFile.getLength (#5733, rep by \ Mattias Lagerwall)
    • config: ResinEnv exception declaration in init() (#5737, rep by matthiasblaesing)\
    • server: add NPE check for generateController (#5744, rep by Shinomiya Nobuaki)
    • file: added TransmitFile for windows (#5784)
    • servlet: error-page for 400-bad request NPE (#5749)
    • servlet: loadOnStartup was incorrectly enabled for @WebServlet even when unset (#\ 5778, rep by Marko Asplund)
    • load-balance: utf-8 encoding in urls (#5785, rep by R Cohen)
    • access-log: rollover-count was not property matching files with .gz extension (#5\ 789, rep by Uv Wildner)
    • jdbc: UserStatement.getWarnings() needs to work even after close (rep by Ole Dalg\ aard)
    • health: add critical/fatal messages to health shutdown message (#5762, rep by J. \ Meyer)
    • resin.xml: moved default cluster-default.xml to classpath and defaulted app-defau\ lt.xml to be dir-relative (#5762, rep by M. Lowe)
    • @WebSocket: interference between @WebSocket and CDI/JSP EL (#5776, rep by marko_a\ splund)
    • jsp-el: cookie.containsKey() fix: (#5683, rep. by Jason Wang)

    Resin 4.0.40



    This release is a maintenance release. It contains an XSS security bug fix for the ISO-8859-1 encoder where specially-crafted characters could pass through unescaped to the client.

    Change List

    • classLoader: getResource() should skip broken jars (#5706, rep by Constantinos Karantzas)
    • servlet-env: bind java:comp/BeanValidation (#5587, rep by Matthias Jiderhamn)
    • vfs: normalize windows drive letters to lower case to avoid dups (#5592, rep by Matthias Jiderhamn)
    • bam: increase default timeout for remote deploy (#5652, rep by Matthias Jiderhamn)
    • xa: clear _suspendState on transaction resume for memory issues (#5647, rep by Matthias Jiderhamn)
    • i18n: iso-8859-1 encoding issue with non-latin-1 characters needs to return error character (rep by Yoel Gluck)

    Resin 4.0.39



    This is a maintenance release.

    Change List

    • session: session-mode=before-header was disabling reloading on secondary servers (#5639, rep by Thomas Rogan)
    • resin: disable-soft command timeout error fix (#5656, rep by Sarah Gillespie)
    • resin: shutdown-wait-max not propagating to ShutdownSystem fix (#5660, rep by Shinomiya Nobuaki)
    • resin-admin: cross-site scripting vulnerability in /resin-admin (#5669, rep by G. Krstic)
    • jsp: taglib defined listeners should be called before Filter's init() (#5659, rep by Mattias Jiderhamn)
    • quercus: SimpleXMLElement->xpath() does not work for relative queries (#5622, rep by G. Krall)
    • quercus: SimpleXMLElement->children() returns null values (#5432, rep by ckir)
    • quercus: DOMDocument->schemaValidate() not implemented (#5613, rep by G. Krall)
    • quercus: empty() needs to call ArrayAccess->offsetExists() (#5620, rep by tssets)
    • quercus: spl_object_hash() not implemented (#5623, rep by G. Krall)
    • quercus: cannot execute multiple PDO statements on the same connection (#5625, rep by remaus)
    • quercus: nowdoc does not work (#5626, rep by remaus)
    • quercus: parent classes needs to call its version of private methods within its scope (#5631, rep by G. Krall)
    • quercus: ReflectionParameter::getClass() returns null (#4863, rep by ds82)
    • quercus: Parent keyword does not work inside a Trait (#5581, rep by tobia)
    • quercus: class_alias() is not implemented (#5443, rep by jsnoriegam)
    • quercus: quercus namespace issue in compiled mode (#5640, rep by R. Emaus)
    • quercus: simplexml children()->foo does not work for nodes with only text (#5655, rep by G. Krall)
    • quercus: rename META-INF/services/* so JBoss doesn't parse them (#5654, rep by G. Krall)
    • quercus: JsonSerializable class not implemented (#5504)
    • quercus: add FILTER_SANITIZE_STRIPPED as an alias of FILTER_SANITIZE_STRING (#5663, rep by M. McHugh)
    • quercus: implement filter_input(FILTER_UNSAFE_RAW) for phpMyFaq (#5661, rep by M. McHugh)
    • quercus: implement FILTER_SANITIZE_SPECIAL_CHARS (#5665, rep by M. McHugh)
    • quercus: force the java Mysql driver to use prepared statements (#5671, rep by R. Emaus)
    • quercus: quercus cannot start on Wildfly (#5674, rep by G. Krall)
    • quercus: unpack("H*") returns nothing (#5676, rep by M. Dykman)
    • quercus: clearstatcache() has 2 optional arguments (#5687, rep by G. Krall)
    • quercus: stream_is_local() is not implemented (#5685, rep by G. Krall)
    • quercus: curl_multi_init() suite of functions not implemented (#3516, rep by koreth)
    • quercus: SplObjectStorage class not implemented (#5696, rep by G. Krall)

    Resin 4.0.38



    This is a maintenance release.

    Change List

    • win32: windows returns incorrect mtime for stat() for DST (#5578, rep by Jason Barr)
    • deploy: NPE on undeploy (#5596)
    • session: update to session id generation to reduce reliance on SecureRandom to avoid duplication (#5602)
    • memcached: MemcachedClient in independent Resin's was improperly caching (rep by Scott Weatbrook)
    • jpa: EntityManager proxy needs to check isOpen before freeing EntityManager for reuse (#5541, rep by Riccardo Cohen)
    • ear: dependency-check could get stuck in the modified state (#5525, rep by Ryan Edwards)
    • rpm: %config updates for /etc/resin, and file mode on /usr/bin (#5562, rep by Christopher Powell, #5539, rep by Khalid Hosein)
    • cache: add memory-size-min to ClusterCache to configure minimum memory cache size (#5558, rep by J Tschida)
    • cluster: dynamic server must heartbeat address to recover from triad restarts (#5561, rep by T Pohl)
    • health: sort message times so PDF report of health dump will be most recent (#5358)
    • watchdog: increate idle thread on startup to avoid dependency on swap (#5500, rep by K. Hosein)
    • jms: transaction/ack issues with file and message driven bean (#5535, rep by Scott Weatbrook)
    • hessian: InetAddress serialization (#5540, rep by Michael Charnoky)
    • servlet: on shutdown, check facade._request for null (#5537)
    • deploy: redeploy delete issues with symlinks (#5536, rep by ssmax)
    • health: OpenFileDescriptorCount is not available on some JMVs (#5515, rep by Y. Zhao)
    • servlet: missing cookie-config in web.xml (#5521, rep by Arjan Tijms)
    • ioc: remove validatio of generic type on produces method (#5522, rep by A Tijms)
    • ioc: extends observers now auto-convert ProcessManagedBean<Foo> to ProcessManagedBean<? extends Foo> (#5531, rep by A Tijms)
    • quercus: empty() needs to call ArrayAccess->offsetExists() (#5612, rep by G. Krall)
    • quercus: session_status() not implemented (#5609, rep by G. Krall)
    • quercus: self doesn't work inside a namespace (#5608, G. Krall)
    • quercus: ReflectionParameter->getClass() not implemented (#5607, rep by G. Krall)
    • quercus: IllegalArgumentException vfs: not found on JBoss (#5606, rep by G. Krall)
    • quercus: ReflectionFunction does not work for closures (#5605, rep by G. Krall)
    • quercus: Xml reader is not working (#5603, rep by qumo)
    • quercus: call_user_func() needs to call __invoke (#5601, rep by G. Krall)
    • quercus: instanceof Closure returns false for closures (#5600, rep by G. Krall)
    • quercus: QuercusCompiledScript.eval() needs to return the Value object (#5589, rep by S. Guo)
    • quercus: ScriptEngineManager.getEngineByName("php") returns Quercus with unicode.semantics=off (#5588, rep by S. Guo)

    Resin 4.0.37



    This is a maintenance release.

    Change List

    • ejb: avoid double EJB timer call when timer is slow (#5518, rep by K. Hosein)
    • admin/rest: missing close on resource
    • windows: Added a global mutex to windows service wrapper to avoid starting multiple instances of Resin Watchdog
    • cloud: elastic server issues with dynamic remove/timeout (#5510, rep by T Pohl)
    • log: check for null logger name in LogRecord (#5499)
    • cdi: cdi vs jpa load order (#5493)
    • elastic: elastic servers use server-multi defaults (#5412)
    • jni: added check on nativeRead for buffer length (#5428, rep by Daniel Shearer)
    • deploy: start/fail must notify waiting threads (Hrushi Agrawal)
    • health: AnomalyAnalyzer now has min-deviation to avoid spurious messages (#5365)
    • cli: add password verification to password-generate (#5384)
    • access-log: add <access-log-buffer-size> in <cluster> (#5393, rep by A. Foong)
    • bam: force restart if BAM overflow continues (#5479, rep by J. Barr)
    • vfs: stat vs _stati64 issues on win64 (#5494, rep by Matias Lagerwall)
    • jsp: updated JSP page compile locking (#5460, rep by Nikolay Fedorov)
    • jsf: updated javax.faces to 2.1.24 (#5485, rep by cyttesen)
    • load-balance: cookie with max-age(0) not properly propagated (#5456, rep by H. Cleland)
    • shutdown: avoid spurious warnings on connection close during shutdown (#5463, rep by Stefanos Zachariadis)
    • cdi: multiple initializer classes in separate jars need to be unique (#5481, rep by Rick Mann)
    • bytecode: add constant-pool scanning for JDK 7 MethodHandle (#5466, rep by wxiaoguang)
    • session: add table-name to JDBC sessions (#5488, rep by B. Garber)
    • watchdog: add -Djava.web.headlesslib=true (# 5474, rep by Riccardo Cohen)
    • el: descriptor in BeanELResolver should be initialized lazily to work around JSF memory leak (rep by Mattias Jiderhamn)
    • servlet: ServletResponse.reset() should reset cookies (#5464)
    • fixed Resin.IIS.handler.dll intermittent slow connection to resin issue (#5455, rep by Shinomiya Nobuaki)
    • cli: heap-dump double-dash isn't recognized with -raw option(#5454)
    • socket: client-disconnect exception needs to construct exception before socket close (#5392)
    • openssl: added "compression" flag with a default false (#5435)
    • jsp: dependency detection issues with inner classes causing recompilation (#5408, rep by stefan_bieler2)
    • servlet/async: async support with hmux (#5420, rep by bhauer1)
    • el: issue with permissions on inner classes (#5447, rep by mate)
    • webapp: check state on controller init (#5406, rep by gattu)
    • servlet: allow @Observes on servlet (#5444)
    • cli: status command needs to accept -watchdog-port (#5442)
    • servlet: getServerName() with IPv6 and no port (#5399, rep by shiny)
    • servlet: servlets with @Inject were not calling servlet init() (#5427, rep by Bill Digman)
    • classloader: classload errors in system classloader should not be at warning (#5416)
    • ejb: @Schedule must be removed when context closes (#5434)
    • cli: --version option was treated as version command (#5415, rep by Tamas Perlaky)
    • jsp: array index exception from utf-8 encoding buffer issues (#5436)
    • jsp: utf-8 encoding buffer issues with surrogate pairs (#5437)
    • network: issue with socket-timeout an non-jni (#5426, rep by HS Im)
    • quercus: preg_replace($array[0]) array dereference fix for preg_replace
    • quercus: ReflectionProperty::isProtected() fix
    • quercus: method_exists("__invoke") does not work with closures (#5501)
    • quercus: static local variables must be unique to a particular closure instance (#5502)

    Resin 4.0.36




    Resin's HTTP Proxy module has been updated to support full load-balancing, failover, and network timeouts. A proxycache cluster was added to resin.xml and, including the new 'backend_servers' property used to supply a list of backend HTTP servers to proxy to. Resin's proxy-cache request caching capability is automatically applied on this layer, providing true HTTP caching proxy capability.

    BAM: clustered messaging

    The low-level queuing implementation for BAM's mailboxes has been updated to better handle high load spikes. The BAM queues have also been extended to handle larger load.


    Quercus encoding issues with MySQL databases have been resolved.

    Change List

    • bam: updated bam queue size to handle heavy load better
    • actor-queue: updated non-locking synchronization on ring queue
    • websocket: IllegalStateException when data size exceeds a single message (#5394, rep by S Zachariadis)
    • quercus: quercus_disable was misnamed (#5389, rep by J Craan)
    • access-log: added buffer-size to access log at cluster level (#5378, rep by Andrew Foong)
    • apache: added apache 2.4 support(#5241)
    • apache, iis: added support for disabled servers(#5364)
    • embed: add ResinEmbed.setServerId (#5350, rep by D. Shearer)
    • jmx: MBean/MXBean interface scanning was assuming class implementation matching (#5357, rep by Steve Francis)
    • jdbc: added jdbc 7 stub methods for compilation (#5370)
    • cdi: add NoClassDefError catches for optional classes (#5371)
    • session: jdbc session support for isolated server instances (#5374, rep by Keith Paulson)
    • jCache: removeAll support
    • jCache: isStoreValue=true (#5343)
    • jCache: spec changed to use Configuration instead of builders
    • apache: mod_caucho fix for failover issue(#5266, rep by Shinomiya Nobuaki)
    • iis: isapi_srun.dll fix for failover issue(#5360, rep by Jason Barr)
    • quercus: Overloading: __callStatic not implemented (#4247, rep by domdorn)
    • quercus: mysqli_get_charset, mysqli_set_charset not implemented (#5379)
    • quercus: error_get_last() not implemented (#5380, rep by kenfoo)
    • quercus: drupal utf-8 issue (#3772, rep by bago)
    • quercus: mysql utf-8 inserts are viewable in MySQL GUI browsers (#3849, Ocean)
    • quercus: mysql Character Encoding incompatibility with standard PHP (#3618, rep by tlandmann)
    • quercus: cannot find license in non-WEB-INF directories (#5397, rep by adam)
    • quercus: $_SERVER['HTTP_X_SSL_REQUEST'] is not set for SSL connections (#5402, rep by V. Spivak)
    • quercus: gethostname() not implemented (#5403, rep by V. Spivak)
    • quercus: wordpress plugin Contact Forms 7 does not work (#5407)
    • quercus: static::$foo needs to return child's field when inside parent:: methods (#5409, rep by V. Spivak)
    • quercus: Quercus PHP does not understand Java enums (#3898, rep by syndetic)
    • quercus: java Enum returned from method should be of Enum type (#5411, rep by zalmolksis)
    • quercus: NULL values is handled different in method arguments - java interface (#5413, rep by zalmolksis)
    • quercus: error_log not working correctly with files (#4178, rep by kmoore4now)
    • quercus: error_log() needs to print a newline after each log message (#5289, rep by chubbsondubs)

    Resin 4.0.35



    BAM/Actor Worker Thread Fixes

    Updated the thread launching for workers threads to avoid possible synchronization issues.


    Added min-threshold and max-threshold to AnomalyAnalyzer and min-value and max-value, to limit overzealous analyzer reports.

    Change List

    • install: ./configure fix don't set -m32 on Raspberry Pi
    • db: cleanup for index validation/restore
    • actor: updates for actor threading to avoid queue overflow (#5362)
    • access-log: %{Set-Cookie}o should also print addHeader values (#5352, rep by A. Foong)
    • access-log: %{Set-Cookie}o should print all cookies (#5353, rep by A. Foong)
    • health: add min-threshold and max-threshold to AnomalyAnalyzer
    • health: add min-value and max-value to AnomalyAnalyzer
    • admin: fixed rest.php?q=mod_status support (#5351)
    • servlet: encoding for et, lt, lv should be ISO-8859-4 (#5355)
    • servlet: .DS_store hidden from directory servlet (#5341, rep by Jason Walsh)
    • watchdog: removed repeated CLI properties (#5342)
    • cloud: server-multi needs to support cluster-port (#5345)
    • health: if health-system is disabled and an event occurs, log at a lower level (#5344)
    • servlet: changed default encoding for et, lv, lt locales to iso-8859-2
    • health: pdf-report thread-dump printing when missing file info (#5347)
    • health: add DumpThreads.setDepth to control the max thread depth (#5348)
    • cloud: CloudPod.findServer array bounds issue (#5346, rep by Jason Barr)
    • quercus: OutOfMemory with UserCake Captcha (#5354)

    Resin 4.0.34



    Gzip Filter Fix

    A GZipFilter bug introduced in 4.0.33 was causing slow or incomplete page loading. Users utilizing GZipFilter should upgrade to 4.0.34.

    OpenSSL honor-cipher-order

    The new SSL configuration matches the Apache HTTPD configuration. It enforces the cipher order specified by the server, overriding the client's preferences.

    <jvm-mode> and Early Raspberry Pi Support

    <jmv-mode> parameter was introduced to change the JVM mode, to allow alternatives to -server. This change and other bug fixes allows Resin to run on the Raspberry Pi platform.

    Quercus PHP 5.4 support

    Quercus now supports the core PHP 5.4 language features.

    ServletRegistration and servlet-mapping default

    Added a "default" attribute to Resin's default servlet-mapping and changed the ServletRegistration behavior to override servlet-mapping defaults. The standard behavior of ServletContext.addServlet is to ignore overrides of servlet mappings. The new "default" attribute lets applications override the Resin defaults.

    Change List

    • health: named predicates don't match HttpStatusHealthCheck properly(#5283)
    • db: NPE in BlockManager on Raspberry Pi (#5338)
    • watchdog: hangle missing java.lang:type=Runtime arguments on startup (#5299)
    • servlet: content-type encoding updates for .gif files (#5271, rep by Mathias Lagerwell)
    • watchdog: watchdog must read system-property (#5294, rep by chinaliwee)
    • jsp: validate ResponseStream on PageContextImpl (#5273, rep by B. Loy)
    • config: allow EL expressions in host-alias (#5300, rep by Andrew Foong)
    • config: static regexps can be deployed on start (#5275, rep by R. Mann)
    • load-balance: re-encoding of HTTP url requests (#5317, rep by Ethan Larson)
    • load-balance: add session-cookie to LoadBalance (#5332, rep by D. Shearer)
    • servlet: utf-8 buffer boundary writing (#5323)
    • jsp: static text splitting needs to be smaller for utf-8 characters (#5320)
    • install: Makefile add space after error-suppressing '-' for BSD compatibility (#5322, rep by jigzat)
    • cache: global-cache ping needs to by async (#5336, rep by D. Shearer)
    • config: added jvm-mode for -server, default none (#5331)
    • class-loader: synchronize on package creation (#5277, rep by S. Nobuaki)
    • health: C SEGV possible in JNI heap_dump (#5330)
    • websocket: websocket timeout too short (#5253, rep by hmz820)
    • log: for pro database logging, do not throw exception when name insert fails (#5302, rep by Andrew Foong)
    • cdi: init timing issue with xmlExtension/log-formatting (#5274, rep by R Mann)
    • jsp: .tld lookup needs to look for WEB-INF classloader context (#5243, rep by S. Nobuaki)
    • ssl: add honor-cipher-order to match Apache's SSLHonorCipherOrder (#5282)
    • servlet: gzip content-length was not properly filtered (#5326, rep by Keith Fetterman)
    • load-balance: update active-wait-time for better slow-initialization (#5321, rep by Ethan Larson)
    • servlet: add a default='true' attribute to servlet-mapping to allow programmatic overriding of default (#5314, rep by Rick Mann)
    • quercus: oci_execute() always returns true (#5311, rep by EricESCP)
    • quercus: Event endlessly repeated under Drupal Commons 6.x (#5290, rep by jordi)
    • quercus: wordpress-3.5.0 tested and runs on Quercus
    • quercus: drupal-commons-6.x-2.11 tested and runs on Quercus
    • quercus: mediawiki-1.20.2 tested and runs on Quercus
    • quercus: phpBB3-3.0.11 tested and runs on Quercus
    • quercus: dokuwiki-2012-10-13 tested and runs on Quercus
    • quercus: complete support for PHP 5.4 core language features
    • quercus: support for traits (PHP 5.4)
    • quercus: support for short array syntax (PHP 5.4)
    • quercus: support for function array dereferencing (PHP 5.4)
    • quercus: support for $this use in closures (PHP 5.4)
    • quercus: <?= short open tag is now always on (PHP 5.4)
    • quercus: support for class member access on instantiation (PHP 5.4)
    • quercus: support for Class::{expr}() syntax (PHP 5.4)
    • quercus: support for binary number format: 0b001001101 (PHP 5.4)
    • quercus: $_SERVER['REQUEST_TIME_FLOAT'] is populated (PHP 5.4)
    • quercus: can not save permission in drupal6.26 (#5278, rep by kevinw8801)
    • quercus: Not able to use PDO with postgres (#5325, rep by publicocean0)
    • quercus: Regexp Failure - group-level recursion (#3829, rep by alexander_hristov)
    • quercus: dokuwiki regexp illegal syntax - utf-16 surrogate pairs (#3955, rep by M. Pezzoli)
    • quercus: vBulletin 4.0.1 - invalid conditional regexp (#3879, rep by derickso)
    • quercus: sqlite PDO support (#3997, rep by Janos)
    • quercus: Regex PCRE recursion (balancing groups) isn't working as expected in Quercus (#4974, rep by nemostein)
    • quercus: object field foreach ordering does not match PHP (#5327, rep by K. Patel)
    • quercus: $a instanceof self/parent does not work (#5329)
    • quercus: QuercusScriptEngine now returns Quercus Value types
    • quercus: QuercusScriptEngine now defaults to unicode.semantics=on and utf-8 script encoding
    • quercus: Scripting utf-8 output vietnamese incorrect (#5328, rep by ngoc)
    • quercus: assignment to arrays is not evaluated in the correct order (#5333)
    • pdf: availability report was inaccurate for quick restarts (#5220)
    • pdf: added graph shading to highlight period of downtime

    Resin 4.0.33



    @HandlesTypes scanning

    The ServletContainerInitializer @HandlesTypes was not properly implemented in Resin 4.0. This has been fixed.

    Tiered Caching

    Resin's jCache implementation now supports tiered caching. The secondary tier can be used like memcache to support sharded, replicated, and persistent caching.

    JDBC Caching

    JDBC-style caching and session replication now supported again with Resin 4.0. With Resin 4.0, the JDBC cache serves as a backing store. Resin's main cache acts like a side-cache.

    Change List

    • http-proxy: header must end with /r/n(#5265, rep by mnsh)
    • servlet: file servlet content-length issues with > 2G files (#5265, rep by Amir Langer)
    • cdi: memory held by CDI as negative caching across web-app restarts (rep by Mattais Jiderhamn)
    • cli: remote management was not properly using -server in some cases (#5226)
    • cache: add jdbc cache as backing
    • cache: add tiered cache
    • jsp: add jsp-property-group default-content-type (#4232, rep by mattp)
    • jsp: let BeanELResolver auto-convert to Enum (#5230, rep by mate)
    • loader: added setDisableURLs to DynamicClassLoader to work around RMI bug (#5186)
    • jmx: needs to support @MXBean (#5212, rep by kay)
    • jamm/health: event firing needs to work from null classloader context (#4254, rep by Luke Bigum)
    • servlet: access-log of %u wasn't properly grabbing user (#5250, rep by W. Tao)
    • cli: -verbose needs to enable finer logging and display exceptions (#5237, rep by Steve Francis)
    • servlet: jersey compatibility (related to @HandlesTypes issue) (#5228, rep by Ryan T)
    • servlet: getCookies timing/NPE (#5252, rep by harsha)
    • ioc: check for Enum using isAssignableFrom to work around IBM JDK (#5240, rep by S Francis)
    • servlet: @HandlesTypes scanning for ServletContainerInitializer
    • hessian: IdentityIntMap needs Math.abs for System.identityHashCode (#5239, rep by S Francis)
    • jsp-el: improve serialization for JSF (#5231, rep by Mattias Jiderhamn)
    • quercus: cannot reference nested java classes (#5245, rep by ismak)
    • quercus: strtotime returns null value on DST when given an ISO-8601 timestamp as an argument (#5259, rep by gbruins)
    • quercus: session_set_cookie_params() does not support HttpOnly (#5249, rep by ottomatico)
    • quercus: drupal facebook activity stream doesn't work (#5264, rep by jordi)
    • quercus: Serialize() not supportes using curl in GAE (#5199, rep by ismak)
    • quercus: array_merge_recursive() modifies input array arguments (#5269, rep by jordi)
    • quercus: javax.script cannot call PHP library functions (#5270, rep by udvs)
    • quercus: eval() does work with large code with utf8 data (#5280, rep by tobias)
    • quercus: QuercusDataSource needs to implement getParentLogger() for JDK 1.7 (#5281, rep by ottomatico)
    • quercus: postgresql - pdo parameters need to be casted to actual column types (#5285, rep by tobias)
    • quercus: clone() doesn't work with DateTime (#5287, rep by jordi)
    • quercus: date_modify($date, "+37 month") does nothing (#5288, rep by jordi)
    • quercus: servlet should not close ServletOutputStream, for ServletFilters downstream (#5293, rep by jornvl90)
    • quercus: need to implement DateTime::diff() for PHP 5.3 (#5292, rep by LostInCloud)
    • quercus: postgres PDO prepare does not work with "::interval" (#5297, rep by tobias)
    • quercus: add Cloud Storage and Cloud SQL support for Google App Engine
    • quercus: ' ' is an unknown regexp flag (#5304, rep by K. Patel)
    • quercus: isset() complains about undefined variables in compiled mode (#5305, rep by K. Patel)
    • quercus: /index.php/about returns a 404
    • quercus: QuercusScriptEngine throws OOM if instantiated repeatedly (#5307, rep by woddle)
    • quercus: QuercusScriptEngine needs to output unicode correctly (#5308, rep by woddle)
    • quercus: php.ini disable_functions does not work (#4005, rep by hm2k)
    • quercus: Floating point formatting in locales that use comma as decimal separator (#5312)
    • cli: comand usage output reformatted to improve usability
    • install: --with-resin-init.d does not create directory (#5244, rep by K. Fetterman)
    • pdf: generated PDFs are corrupt in locales that use comma as decial separator (#5298, rep by F. Degen)

    Resin 4.0.32



    • Restart report no longer requires a JMX dump to produce data.
    • Heartbeat and cluster system function reliability under freeze conditions.
    • deploy with --host now properly uses directory.

    Change List

    • cli: unify deploy and config-deploy commands
    • deploy: with --host and host-deploy, use proper directory (#5215, rep by Gerrit Janssen)
    • heartbeat: added heartbeat timeout
    • cache: negative caching for null values on triad

    Resin 4.0.31



    dynamic server for Amazon EC2

    Resin App Server elastic deployments on EC2 have been simplified and improved. You can start a new Resin App Server instance, by launching a new instance from a saved image. Because of Resin's "Deploy Once" model, the deployed application will appear on the new server automatically.

    Change List

    • elastic: elastic server joining in EC2 configuration (#5177)
    • servlet: parent/child servlet instantiation could result in incorrect instantiation (#5208, rep by Keith Fetterman)
    • config: allow resin:import with path="http://..." and optional (#5206)
    • cookie: cookie with space generation issues (#5179, rep by kiilerich)
    • session: persistent session timing with on-shutdown and lru (#5170, rep by Mathias Lagerwall)
    • install: 'make install' target fails on solaris(#5207, rep by Leonid Kaminsky)
    • IIS: isapi_srun.dll fix for can't connect to resin issue (#5198, rep by Claudio H Braga)
    • mod_caucho: linux timeout issue millis vs sec in read timeout (#5203, rep by ssmax)
    • http: sendfile needs to open file using O_RDONLY (#5202, rep by ssmax)
    • health: log notify-heartbeat-start when heartbeat recovers (#5173)
    • session: save session on first request even if no data stored (#5196)
    • jsp: EL triggering back-compat issues with jsp-fragment (#4768, #5200, rep by evernat, cyttesen)
    • jsp: flushing issue with JSP/filter and buffer size (#5201, rep by evernat)
    • ejb: improved ejb-ee skipping for jira
    • cloud: added oracle jdbc-store (#4643, rep by Eric Kreiser)
    • server: web-app-deploy expand issues with expand-preserve-fileset & expand-cleanup-fileset (#5193, #5194)
    • cloud: --elastic-server warning messages improved (#5184)
    • health-check: changed health-check timeout and warning message
    • resin-admin: specific warning for missing <resin:AdminServices/>(#5183)
    • watchdog: memory leak issue with "status" command (#5178, rep by nmmn)
    • config: restore support for old <management> tag (#5176)
    • cdi: normal scope proxy issues with 'char' parameters (#5182)
    • cloud: added --elastic-server-port and --elastic-server-address
    • jsp: added integration with Jasper jsp engine (#4982)

    Resin 4.0.30



    CLI: dynamic server clarification

    Dynamic servers are started on the command line with an "--elastic-server" flag. The "--elastic-server" flag lets you configure dynamic servers on the same machine as your triad servers.

    CLI: --elastic-dns for cloud environments

    For cloud environments where a dynamic IP address is assigned and bound to a DNS value, Resin can start immediately with the --elastic-dns flag, and continue checking the addresses until one resolves to a local IP address.

    Performance and Scalability

    Resin 4.0.30 outperforms nginx 1.2 as a webserver. In our benchmarks, Resin is able to serve 100,000 requests per second.

    Change List

    • cloud: added --elastic-dns for Amazon-style local dns or elastic ip
    • cloud: elastic servers now require --elastic or <elastic-server>
    • websocket: build standalone resin-websocket-client.jar (#5142, rep by Judd Gaddie)
    • init.d: update status return code (#5166, rep by nmmn)
    • install: add --with-setuid and --with-setgid (#5105)
    • health: scheduled pdf reports as started asynchronously (#5164, rep by Keith Fetterman)
    • mod_caucho: updated load balance to better distribute backups (#5116)
    • ejb: skipped ejb.xml must not throw validation exceptions (#5165, rep by Anand Talari)
    • install: solaris build issues (#5098, rep by tokyoturnip)
    • db: transaction-isolation reset issues when double-set (#5150, rep by Ryan Johnson)
    • http-cache: check for valid before checking is-modified (#4865)
    • comet/async: keepalive close was not allowed with async written from separate thread (#5159, rep by Adrian Sutton)
    • embed: isModified class-loader-context issue (#5156, rep by M Barker)
    • debian: update to debian post install scripts (#5140, rep by Alex Sharaz)
    • jsf: upgrade mojarra distribution (#5137, rep by mate)
    • jsp: add start-timeout to thread spawning to quickly fail when threads full (#5153, rep by TheScrumMaster)
    • port/thread: add config warning when port-thread-max is greated than thread-max (#5138, rep by Mark Price)
    • debian: update debian postinst script to change the user (#5140)
    • quercus: NPE on curl_exec (#5145)
    • cli: deploy can now be used with a director instead of a .war (#5139, rep by S. Bjornebekk)
    • ejb: @Async uses LinkedBlockingQueue to avoid blocking on offer (#4994, rep by Yen-Fen Hsu)
    • servlet: Part.getInputStream() now uses request.getCharacterEncoding() (#4954, rep by Mattias Jiderhamn)
    • cli: add deploy-restart-cluster (#4812)
    • log: timestamp offset issues with min:sec (#5149, rep by Shinomiya Nobuaki)
    • network: bind to IPv6 when address="*" (#5147, #5151, #4825, rep by Alex Sharaz, S Nobuaki)
    • load-balance: issue with empty cookie values (#5144, rep by Scott Weatbrook)
    • jmx: updated session jmx debug (#5143)
    • jsp-el: add enum marshal for methods (#5131, rep by mate)
    • embed: setRootDirectory applied in incorrect order (#5132, rep by M. Barker)
    • jni: JNI compile warnings fixed (#5129)
    • server: check dependencies in separate thread to avoid delays (#5128, rep by Russ Pridemore)

    Resin 4.0.29



    CLI: dynamic server clarification

    Dynamic servers are started on the command line with an "--elastic" flag. The "--elastic" flag lets you configure dynamic servers on the same machine as your triad servers.

    As before, the "--cluster" option tells Resin which cluster to join.

    dynamic server start

    unix> resinctl start --elastic --cluster app

    Change List

    • config: watchdog needs to enable rvar variables (#5126, rep by Kirk Kirkconnell)
    • cloud: validate that no two servers have the same IP:address (#5122)
    • cdi: Serialization with bean with writeReplace in parent (#4992, rep by guus)
    • servlet: add JMX ServletManager.getStickySessionServer (#5072)
    • mod_caucho: update ./configure detection of mod_caucho (#5117)
    • cli: validate that watchdog resin.home matches CLI resin.home (#5099)
    • deploy: update repository failure message (#4051, rep by spance)
    • json: Double.NaN needs to print as 0.0 (#5111, rep by Alexey Abashev)
    • health: HttpStatusHealthCheck must configure a singleton (#5019)
    • cdi: BeforeBeanDiscovery must occur before any ProcessAnnotatedType (#5103)
    • openssl: on openssl read, need to check SSL_pending before poll (#5120, rep by Mattias Jiderhamn)
    • watchdog: OOM issue with startup of multiple servers (#5096, rep by chiefgeek)
    • init.d: add START_CMD to /etc/init.d/resin to allow changes to start-all (#5022)
    • config: cluster-socket-timeout is configurable (#5096)
    • client socket: modify client timeout to extend from ClientDisconnect (#4975, rep by Y. Hsu)
    • watchdog: shutdown was killing processes, not stopping them, skipping graceful shutdown (#4969, rep by aiman_a)
    • cgi: error codes above 400 did not allow custom bodies from cgi (#4953)
    • ext: upgrade to slf4j 1.6.6 (#4853)
    • config: ~/.resin not properly read by Resin (#4947)
    • resin-admin: lazy lookup of server id for dynamic server (#4790)
    • resin-admin: update server selection param (#4789)
    • jsp: scanning for ok:foo.tld issues (#4960, rep by Sean Moore)
    • servlet: add <env> to CgiServlet (#4915, rep by William Au)
    • mod_caucho: add TCP/OS SND/RCV timeouts to sockets (#4988)
    • cli: handle -server "" by renaming to -server "default" (#5005, rep by K. Ding)
    • admin: both health.xml and resin-admin use "Restart" as the PDF name (#4935)
    • load-balance: clear DNS lookup when connect fails (#4902, rep by B. Plump)
    • jsp: issues with pushBody(Writer) (#4964, rep by mcamca)
    • cli: watchdog-arg was not working properly with start-all (#4978)
    • deploy: undeploy needs to remove webapps directory (#4875, rep by jafr)
    • alarm: allow Alarm to be instantiated in maven context (#4796, #5112 rep by Alexey Abashev)
    • config: app-inf in cluster wasn't picked up properly (#5004)
    • cloud: EC2elastic server with "ext:" address and missing cluster-system-key (#5015)
    • servlet: add header-size-max and header-count-max (#4986, rep by Deepak Ramaprasad)
    • deploy: web-socket issue causing large deployment problems (#5113, rep by Alexey Abashev)
    • servlet: multipart-mime with forward parameters was double-parsing (#4896)
    • deploy: ear-deploy allows dependency-check-interval (#4901)
    • cli: "start" message with no -server and multiple ids (#4898)
    • cli: "restart" needs to re-read configuration file (#4788)
    • embed: add ResinEmbed.setIgnoreClientDisconnect (#4774)
    • jmx: add getClassPath to WebAppMXBean (#5007)

    Resin 4.0.28



    Thanks to everyone who reported bugs in 4.0.27. We encourage people to report 4.0.28 bugs at

    1. Significant work on the cache/session store to better handle garbage-collection of old data.
    2. Improved internal network/messaging to improve code readability.
    3. Cloud/deployment for cluster deploy and cross-pod updates.
    4. JSP/EL low-level fixes.

    Change List

    • install: --disable-ssl does not disable SSL (#5090, rep by R. Aughenbaugh)
    • install: --disable-jni causes make to fail (#5094, rep by R. Aughenbaugh)
    • load-balance: bounds check on hmux load-balance (#5058, rep by Travis Romney)
    • load-balance: improve error message when open source configures a cluster
    • logging: add formatting for entering/exiting (#5071)
    • logging: add actor queue for logging
    • servlet: add x-forwarded-host support for HTTP (#5092)
    • hessian: add deflate support to hessian proxy (#4151, rep by ebourg)
    • hessian: Iterator deserializer (#4164, rep by ebourg)
    • ioc: processInjectionTarget should only be called on scanning, not createInjectionTarget
    • cloud: cross-pod deployment (#4807)
    • servlet: isMultipartEnable() NPE (#4995)
    • class-loader: sort tree-loader before adding to classpath (#5006)
    • jsp-el: method calls (rep by mate, #5011, #5087)
    • http: header/url length limits for keepalive (rep by alex, #4999)
    • jsp-el: coerceToType handling Class (rep by mate, #5061)
    • jsp-el: BeanELResolver getType() for getValue w/o setValue (rep by mate, #5039)
    • hessian: NullFieldDeserializer must extend FieldSerializer (rep by Thomas Poppe)
    • db/distcache: fsync/timestamp on shutdown to avoid index revalidation when clean
    • distcache: reworked cache data management to simplify and stale data cleanup.
    • cloud: deploy timeout needs to adjust for long deployments that are progressing.
    • resin: fixed directory naming for dynamic server on windows.(#5023, #5026)
    • resin: fixed directory naming for dynamic server.(#5079)
    • resin: fixed WEB-INF/lib/*.jar not being released on application stop problem.(#5059)
    • servlet: fixed Resin schema constraint for async-supported servlet element.(#5044, rep by Naohisa Ohshima)
    • jsp: fixed ELParser to accept expressions as argument to method calls.(#5034, rep by mate)
    • jsp: fixed ResourceBundleELResolver handling of MissingResourceException (#5035, rep by mate)
    • cloud: fixes for .jar support in deploy-config
    • database: introduced new commit-on-timeout tag to manage expired connections.(#4926, rep by T. Fukuda)
    • resin: fixed start issue with -server "" arguments on windows.(#5005, rep by K. Ding)
    • servlet: fixed Part.getHeader case sensitivity issue.(#5018, rep by ralscha)
    • servlet: fixed doOptions and doTrace HttpSerlvet methods.(#5020, rep by Andy Paladino)
    • resin: fixed access-log@web-tier not reporting cookies problem.(#4965, rep by Chris Hart)
    • resin: home-server for EC2/cloud configuration
    • resin: license-add command fix for unlicensed pro server (#5008, rep by rickHigh)
    • resin: mac osx case insensitive servlet mapping fix (#4980, rep by Alex Rojkov)
    • resin: fixed Resin OS Proxy Servlet (5002, rep by lewellyn)
    • debian: dpkg shouldn't override /etc/resin/ (#5000, rep by lewellyn)
    • jsf: restored Mojarra12InjectionProvider (#4996, rep by igor)

    Resin 4.0.27




    Thanks to everyone who reported bugs in 4.0.26. We encourage people to report 4.0.27 bugs at

    Resin 4.0.27 is primarily a reliability and performance release.

    100,000 requests per second: performance improvements

    Resin's performance and threading scalability have been improved considerably in Resin 4.0.27.

    We've replaced locking has with non-locking atomic operations, cleared contention bottlenecks, improved the async/epoll performance, and reduced thread overhead.

    port-max thread throttling

    The maximum number of active threads for a port can be restricted with port-max thread throttling (port_thread_max in the

    The number of requests can be much larger, because async keepalives and comet/async threads and inactive websocket connections, are not counted as active threads. The throttling can improve performance by reducing thread contention. port_thread_max
    # throttle the number of active threads for a port
    port_thread_max   : 256

    http_ping_urls for watchdog reliability checks

    The now has a http_ping_urls for improved reliability. You can add a list of URLs to be checked periodically to ensure the site is responding properly at all times. If the HTTP response fails, the watchdog will restart Resin automatically, after retrying.
    http_ping_urls :

    Ping Time meters and anomaly detection

    The HTTP Ping Time is metered and checked as part of the health system. The PDF report and the /resin-admin meters will show the ping time. An anomaly analyzer is attached to the Ping Time, to detect if the response time cchanges.

    WebSocket messaging model improvements

    Since WebSockets is a messaging protocol, it's best to program using a messaging model, sending messages to queues to be sent to the client. Following this model, we've changed the WebSockets API to allow for custom marshalling and queue handling to the stream.

    WebSocket: creating an output queue
    public void service(WebSocketContext ws)
      WebSocketEncoder<MyMsg> myEncoder = new MyWebSocketEncoder();
      BlockingQueue<MyMsg> queue = ws.createOutputQueue(myEncoder);
      queue.offer(new MyMsg("my-data"));

    Change List

    • servlet: split CauchoWrapper from AbstractCauchoRequest (#4993, rep by Leonid Kaminsky)
    • health: add "Resin|Http|Ping|Ping Time" and anomaly analyzer
    • health: add http_ping_urls to
    • websocket: added createOutputQueue and encoder
    • security: custom authenticators were called too many times (#4976, rep by Alan Wright)
    • health: remove meters from /resin-admin summary page, in meters page
    • health: add meter for "Resin|Port|Throttle Disconnect Count"
    • port: throttle keepalives when port-thread-max is hit
    • port: fixed thread launcher housekeeping
    • port: added <port-thread-max> for throttling
    • threading: updated ring-queue for improved concurrency

    Resin 4.0.26




    Thanks to everyone who reported bugs in 4.0.24. We encourage people to report 4.0.26 bugs at

    Thread Pool improvements

    Resin's thread pool has been updated to improve the efficiency and reduce the number of threads spawned. Applications with spiky load should see better performance and lower overall thread use.

    Resin's thread pool is described in Resin Application Server: Thread Pool.

    Static File Performance

    Resin's static file serving is now faster and more efficient with the operating system sendfile() support. Large files are sent directly from the file system to the HTTP socket by the operating system, minimizing Java overhead.

    Resin's static file serving is described in Resin Web Server: Static Files.

    jCache annotations: @CacheResult, @CachePut

    Resin's jCache implementation has been updated, adding the new @CacheResult, and @CachePut Java Dependency Injection (CDI) annotations, which enable caching for any CDI-enabled bean.

    A short tutorial is available at Java Cache Tutorial with Dependency Injection Method Annotations.

    There is also a short tutorial on using the Java API for jCache at Java Cache Tutorial with Cache Dependency Injection (CDI).

    Command Line Interface

    Resin's command line interface introduces a new command that deletes deployed configuration

    Example: undeploying configuration
        # deploy configuration
        resinctl config-deploy conf.jar
        # undeploy configuraton
        resinctl config-undeploy

    Capability to save PDF report was added to pdf-report command.

    Example: writing PDF report to a local file
        # create pdf-report
        resinctl pdf-report -local -local-dir /tmp

    The PDF report is described in Resin Health System: PDF Report.

    The command-line interface is described in Resin Application Server: Command Line Interface.

    .deb package distribution

    Default resin user and group is changed to www-data for Resin Daemon.

    REST Administration Interface

    New Resin REST interface provides an http(s) integration point. By default the interface is disabled. To enable the interface edit to set rest_admin_enable property to true. Also configure admin_user and admin_password.

    Once the three prerequisites are met rest interface is available at its default url: http://locahost:8080/resin-rest

    Example: Listing MBeans via REST
        curl  --user admin:secret http://localhost:8080/resin-rest/jmx-list

    An overview of the REST interface is available at Resin Application Server: REST Interface.

    Change List

    • cli: added config-undeploy command
    • pdf-report: added option to save reports locally
    • debian: changed default Resin Daemon user and group to www-data
    • xa: change timeout message to include EXTRA_TIMEOUT (#4927, rep by Shinomiya Nobuaki)
    • config: tiered *.xml files belong in ${tier}-inf/*.xml and ${tier}-inf/*.jar (#4952)
    • watchdog: improve error message when <user-name> is an invalid user (#4942)
    • web-server: HttpProxy needs to query DNS on timeout to pick up changes (#4903, rep by B. Plump)
    • kernel: split CurrentTime from Alarm for embedded applications (#4889)
    • watchdog: add allow-non-reserved-ip as a <server> argument for private networks (#4941, rep by georgbuschbeck)
    • http: added sendfile() for large files
    • watchdog: Resin pwd is set to root-directory (#4928, rep by Trung Nguyen)
    • mod_caucho: send resolved IP address for cluster (#4945)
    • thread: update threading architecture
    • cli: password-generate issue with --user (#4938)
    • websocket/hessian: websocket frame must be read fully on hessian end (#4943)
    • jcache: cache annotations (@CacheResult, @CachePut)
    • websocket: debug threaddump not removed (#bhauer, #4940)

    Resin 4.0.25




    Thanks to everyone who reported bugs in 4.0.24. We encourage people to report 4.0.25 bugs at

    4.0.25 includes an update of the WebSocket support for the final RFC 6455 release.

    It includes several changes to improve the cloud support to make Resin PAAS ready without needing additional PAAS-provider support. The specific changes include dynamic server updates and cloud configuration.


    Snapshot and Watchdog PDF reports have been reformed and updated to include more information including Resin paths, ports, licenses, and health status.

    PDF reports can be generated on-demand from the Summary and Watchdog pages in resin-admin, automatically in health.xml, or from the command line as follows:

    Example: generating PDF reports from the command-line
    # report on the last restart
    bin/ pdf-report -user admin -password secret -watchdog 
    # report on the last 24 hours
    bin/ pdf-report -user admin -password secret -shapshot 

    POST parameter limit: DOS Protection

    The form-parameter-max element in the <web-app> restricts the maximum number of parameters in a form. The default value is 10,000.


    Resin's WebSocket implementations now passes the protocol tests for the final RFC version of WebSockets.

    Config Password

    Passwords for databases and custom configuration can now be scrambled using the <resin:Password> tag in the config file.

    database in resin-web.xml
    <web-app xmlns=""
      <database jndi-name="jdbc/mysql">
        <driver type="com.mysql.jdbc.Driver">
            <resin:Password value="{RESIN}zZEEvYw4uxuyJotZf39bBw=="/>

    The encrypted password can be generated on the command line with the password-encrypt command:

    resinctl password-encrypt
    unix> resinctl password-encrypt changeme
    password: {RESIN}zZEEvYw4uxuyJotZf39bBw==

    CLI: added $HOME/.resin and --mode

    The command-line resinctl will now look in $HOME/.resin for properties to launch the watchdog with. The --mode option selects groups of properties.

    The purpose of the $HOME/.resin is to allow remote CLI administration of Resin (by setting the server addresses) without needing to change the /etc/

    Config: /etc/resin/resin-inf

    Local configuration and jars can now be placed in /etc/resin/resin-inf without needing to change the resin.xml itself. A jar placed in /etc/resin/resin-inf/lib/mysql.jar will be available to the entire server.

    Config: EL/rvar merging

    EL variables in the resin.xml will now lookup properties without needing the "rvar" function. For a server id "app-0", ${http} will look for "app-0.http" in the and if that's missing, use "http".

    Config: sample resin.xml updated

    The sample resin.xml has been updated and split into a sample "cluster-default.xml" to better show the base configuration.

    Config: cloud configuration

    Cloud configuration support has been added to Resin. When a new Resin server spins up, it will ask the triad hub for the cloud configuration updates, which will include any shared database drivers and configuration.

    The cloud configuration is structured like the /etc/resin directory, and is imported by the resin.xml. (You can look at /etc/resin/resin.xml to see how this is done.)

    The command-line "config-deploy" will deploy the cloud configuration. "config-ls" and "config-cat" will show the configuration for debugging.

    cloud config example

    The configuration can be bundled into a .jar or deployed as a directory with the "config-deploy"

    resinctl config-deploy with directory
    unix> resinctl config-deploy my-cloud-conf
    resinctl config-deploy with jar
    unix> resinctl config-deploy my-cloud-conf.jar

    When the configuration is deployed, it is parsed just like any other resin configuration file or jar file.

    Cloud: dynamic servers and home-cluster

    When your configuration has more than the three servers in the triad hub, you can use the <home-cluster> configuration to automatically configure the additional spoke servers. The <home-cluster> tells Resin which cluster your new server should belong to. When you start the new server, it will contact the triad hub and connect itself, becoming a new cloud server.

    Once the cloud server is connected, it will download any cloud configuration changes like a new database driver, and any application deployments.

    Change List

    • cache: validate/remove corrupted blob rows (#4919, rep by Keith Fetterman)
    • cache: remove corrupted database on restart (#4919, rep by Keith Fetterman)
    • servlet: add form-parameter-max (default 10000) to limit form parameters (#4912, rep by georgbuschbeck)
    • install: make install target fails to compare directories on Solaris (#4917, rep by Leonid Kaminksy)
    • install: ./configure fails to link conftest on Solaris (#4916, rep by Leonid Kaminksy)
    • async: comet memory retention of HttpResponse needs unlink (#4907, rep by Richard Mccluskey)
    • config: rvar app-0.http when read in watchdog needs current server-id (#4900)
    • config: ${foo} now uses rvar search path automatically
    • cli: add $HOME/.resin and --mode
    • cli: add config-cat and config-ls for debugging
    • websocket: pass autobahn test suite
    • config: added $disable_compiling_loader to properties (#4787, rep by systhemes)
    • cli: made web-app-deploy, web-app-restart, etc. primary cli (#4885)
    • servlet: web-app root url /foo now automatically redirects to /foo/ (#4884)
    • config: add password-encrypt and <resin:Password> (#4810, Leonid Kaminsky)
    • health: stat gathering limited to 14 days for baseline (#4893)
    • config: server should start but not serve pages for certain config errors (#4891)
    • config: cluster merging, used by local.d (#4882)
    • http: add <tcp-keepalive> to enable TCP keepalive for a socket (#4886, rep by Hal Hildebrand)
    • cdi: interceptor and InterceptorBinding with enum array (#4883, rep by andreaskaltenbach)
    • health: add expire-timeout to LogService (#4848, rep by C. Moran)
    • health: HealthSystem event as a classloader context (#4861)
    • cache: timing in mmap file extension could truncate (#4854, rep by georgbuschbeck)
    • config: rvar should work like an EL var lookup (#4879)
    • debian: change /var/www ownership to 'resin' for rpm consistency
    • cli/deploy: deploy with --address when local machine has resinctl (#4868)
    • jsp: pageContext.errorData.throwable could grab the wrong exception attribute (#4874, rep by mate)
    • cli: update/normalization of usage messages
    • jstl: validation of JSTL fast-mode c:if, etc. (#4866)
    • vhosts: host-alias-regexp needs to have implicit anchors for the pattern (#4859, rep by Rick Mann)
    • server: NPE on getUserPrincipal() (#4862, rep by wtao)

    Resin 4.0.24




    4.0.24 introduces the and configuration simplification to make cloud deployments simpler. It also includes new memcache support.

    Thanks to everyone who reported bugs in 4.0.23. We encourage people to report 4.0.24 bugs at


    RPMs are now available for Resin-Pro

    installing RPM
    unix> sudo rpm --import
    unix> sudo yum install

    The configuration for common deployments has been simplified, moving the most often changed values into a separate file. While Resin's resin.xml is still the basis for the configuration, it now includes the with a <resin:properties> tag.

    Example: sample /etc/resin/
    log_level     : info
    dev_mode      : true
    resin_doc     : true
    app_tier      :
    web_tier      :
    http          : 8080
    app-0.http    : 8081
    setuid_user   : resin
    setuid_group  : resin
    jvm_args      : -Xmx2048m
    system_key    : changeme
    admin_enable  : true
    admin_user    : admin
    admin_password: {SSHA}xxxxxxx

    The variables are all defined and controlled by the /etc/resin/resin.xml file. If you are already modifying the resin.xml, you can use this technique for your own properties.


    Resin has a new <resin:properties> tag that works similarly to the <resin:import>, but populates the EL configuration variables. You can use this to implement /etc/resin/ and you can use it in systems like Amazon EC2 where per-instance user-data is available via an http URL.

    Example: local.d/amazon.xml EC2 properties import
    <resin xmlns=""
      <resin:properties path=""

    rvar(): EL config function for properties

    The new "rvar()" function in the resin.xml is used with to allow server-specific configuration to override general configuration. For example, "http : 8080" defines the default HTTP port as port 8080, and "app-0.http : 8081" sets the HTTP port to 8081 when the server is named "app-0".

    resin.xml Local Config files: /etc/resin/local.d/*.xml

    Resin's default /etc/resin/resin.xml now imports files from /etc/resin/local.d/*.xml as local additions to the resin configuration. It uses an existing capability of the <resin:import> to include a fileset of paths.

    The standard health.xml configuration has been moved to local.d.

    The local.d can be used for simple configuration extensions, like adding a cluster-wide mysql configuration, or importing EC2/cloud properties file as in the above example. The top-level tag for the *.xml will be <resin> because the <resin:import> occurs at the <resin> level.

    The resin.xml to implement the local.d looks as follows:

    Example: resin.xml configuration for local.d
    <resin xmlns="">
      <resin:import fileset="${__DIR__}/local.d/*.xml"/>
 openssl configuration

    The standard resin.xml now includes openssl configuration. To enable openssl, upload the certificate files and update the

    Example: with openssl
    openssl_file : keys/gryffindor.crt
    openssl_key : keys/gryffindor.key
    openssl_password : changeme

    server-multi: allowing cluster definition in

    The new <server-multi> tag is designed to work with the file to allow multiple servers to be defined with a single property. The address-list attribute allows a space delimited list of addresses. The server-multi will expand into multiple <server> tags, one for each address.

    For example, you can use this system to configure the triad in the without needing to modify the resin.xml file.

    The following example defines three servers named "app-0", "app-1", and "app-2" which are configured for internal IP addresses,, and The ":6801" overrides the default server port.

    Example: app_tier configuration in
    app_tier :
    http     : 8080

    The configuration for the app_tier is in the default resin.xml

    Example: app_tier configuration in resin.xml
    <resin xmlns="">
     <cluster id="app-tier">
       <server-multi id-prefix="app-" address_list="${app_tier}" port="6800">

    join-cluster: allowing dynamic servers

    The <join-cluster> tag in the resin.xml informs the watchdog which cluster the server instance should join. It is equivalent to the -join-cluster command line argument. The join-cluster tag allows dynamic servers to work with the same /etc/resin.d/resin, and allows EC2-cloud servers to be configured with just the cloud /user-data configuration.

    resinctl and bin/

    A new command-line script "resinctl" has been added as an alternative to bin/ "resinctl" differs from bin/ by including the OS paths in the script itself. In other words, on a linux system, resinctl knows that the default resin.xml is in /etc/resin and the default root-directory is /var/www.

    With the .rpm and .deb, resinctl is now installed in /usr/bin/resinctl, which makes it easily available from the command-line.

    CLI: license-add

    resinctl now has a "license-add" command which copies a license to the license directory, as a convenience.

    Example: uploading a license
    unix> resinctl license-add 1013009.license

    CLI: start-all

    The resinctl start-all command starts all servers on the local host by looking at the IP interfaces and matching them with the <server> and <server-multi> definitions. The start-all lets the /etc/init.d/resin start all servers without needing to be modified.

    Unix startup: /etc/init.d/resin

    The /etc/init.d/resin script has been changed so fewer sites will need to modify it. Since it also uses "start-all" to start all <server> configurations on the current machine, it no longer needs a -server configuration. The script now calls /usr/bin/resinctl to start and stop Resin.

    memcache client/server

    Resin's cache now supports a memcache interface for both the client and the server. When Resin is used as both the client and the server, adding and removing cache servers are automatically rescaled and updated in the client.

    The client API for Resin's memcache is jcache (javax.cache). The configured cache can be injected like any CDI object.

    Example: resin-web.xml memcache client config
    <web-app xmlns=""
      <memcache:MemcacheClient cluster="cache-tier" port="11212"/>
    Example: CDI memcache injection
    package example;
    import javax.inject.*;
    import javax.cache.*;
    public class MyBean {
      @Inject Cache _memcache;

    Resin can also be configured as a memcache server. The following <listen> configures it.

    Example: resin.xml memcache server
    <resin xmlns=""
      <cluster id="cache_tier">
        <server-multi id-prefix="cache-"
          <listen port="${rvar('memcache_port')?:11212}"
                  keepalive-timeout="600s" socket-timeout="600s">

    IIS .NET Plugin: added support for Windows Authentication

    User credentials established with Windows Authentication are made available in Resin's HttpServletRequest.getRemoteUser() and HttpServletRequest.getUserPrincipal()

    Change List

    • servlet: session creation with enable-cookies=false (#4775, rep by jkeays)
    • quercus: isset returning true for null values in compiled mode (Wordpress fix) (#4477, rep by mhixson)
    • health pdf: mailto config should be mail-to (rep by Keith Fetterman)
    • security: custom constraints could not be added to resin:security-constraint (#4835, rep by K. Ding)
    • cli: new "license-add" command
    • config: added rvar() method to properties-based config
    • access-log: use Alarm.getExactTime() for '%D' formatting in access log (#4842, rep by William Au)
    • servlet: transport constraint priority(#4843, rep by Keith Fetterman)
    • ssl: jsse self-signed certificates are only possible with Sun/Oracle JDK (#4829)
    • el: added "?:" operator ("x ?: 80" is "x != null ? x : 80")
    • iis: add suport for windows authentiation(#4826, rep by Urs Kehrli)
    • centos: update ./configure for centos (#4803)
    • servlet: fixed bug failing @MultipartConfig when used with resin:Forward(#4777)
    • config: add resin:properties
    • cli: "restart" command needs to handle dynamic servers (#4801)
    • jsp-el: CompositeELResolver wasn't implementing invoke properly (#4820, rep by Wesley Wu)
    • websocket:[]) was using iso-8859-1 instead of utf-8 (#4818, rep by ihristov)
    • hessian: add setUnshared and HessianUnshared for serialization performance
    • health: added LicenseHealthCheck
    • health pdf: added license info to PDF report
    • health pdf: add cluster summary section to PDF report
    • health pdf: add http error codes to PDF report
    • health pdf: add log warning counts to PDF report
    • jsp: errorPage with setStatus(200) not properly logged (#4804, rep by richardmoco)
    • solaris: solaris needs #define _POSIX_PTHREAD_SEMANTICS for proper ctime_r behavior (#4791, rep by Alan Wright)
    • health: added health events and anomaly events (#4724)
    • db-pool: reduced default max-create-connections back to 5 (#4734)
    • db-pool: add min-idle-count to <database> configuration (#4664)
    • log: log-handler config wasn't in proper class loader context (#4784, rep by chris214)
    • log: flush logs in separate thread so writers don't need to be bottlenecked (#4765, apleshi)
    • servlet: allow null to getRealPath(null) which returns null (#4761, rep by stbu)
    • db-pool: on close connection, if auto-commit is false, do not automatically call rollback() (#4663)
    • jsf: updated to mojarra-2.1.3 (#4746, rep by cyttesen)
    • servlet: character-encoding should not be defaulted for images (#4778, rep by fesse)
    • webapp: detailed web-app statistics gathering needs flush (#4750)

    Resin 4.0.23




    4.0.23 continues focus on bug fixes and stability

    Thanks to everyone who reported bugs in 4.0.22. We encourage people to report 4.0.23 bugs at

    Health: PdfReport

    The PdfReport now has a mail-to attribute which can be used to send the pdf report as an email attachment.

    Example PdfReport
    <resin ...>
      <cluster ...>

    Health: AnomalyAnalysis

    The health check system has some early anomaly analysis. The analyzer will look at a meter value, checking for deviations from the average value. So unusual changes like a spike in blocked threads can be detected.

    Health: Watchdog and Postmortem

    The Postmortem report has been renamed to be the watchdog restart report, primarily for translation purposes. We're now describing the watchdog as the entire check/restart/report system, where the watchdog process is only a part.

    Command Line Interface

    The "stop" and "kill" commands can be used without the -server option if the current watchdog has a single server active.


    The WebSocket implementation has been upgraded to draft 16.

    jCache and Performance

    The jCache API has been upgraded (although that's a moving target.) Performance has been improved, particularly for caches with a low locality rate. The user key to internal hash key cache has been merged into the global manager and its size increased.

    Experimental testing of Resin's cache used as a memcache server shows comparable performance with memcached on certain loads.

    Change List

    • hessian: ServiceContext.end wasn't clearing _response pointer (rep by Mattias Jiderhamn)
    • health: added mail-to to PdfReport
    • websocket: connection: upgrade may exist with other tokens (#4771, rep by RLM)
    • cloud: cross-cluster server topology updates (#4764, rep by Alan Wright)
    • embed: WebAppEmbed undeploy was not cleaning up fully (#4749, rep by A. Knutsen)
    • jni: mmap file loading issue in win32 - disabled but shouldn't be throwing exception (#4758, rep by Mathias Langerwall)
    • health: PdfReport in resin.xml needs to use resin.root, not resin.home for pdf-gen.php (#4760)
    • resin: fixed bug preventing setup.exe and resin.exe support -java-home (#4763, rep by Brian Deng)
    • cli/watchdog: stop and kill with no -server should stop the unique server (#4732)
    • logging: log-handler el resolution fix (#4753)
    • xa: use rollback instead of forget in XA recover (#4748)
    • resin: JMX issue with not reporting correct request time and request count (#4660, rep by Rick Hightower)
    • cdi: scanning issues with directories with '+' in name (#4739)
    • init.d: changed init.d/resin to use "java" as backup Resin, also added $JOIN_CLUSTER (#4738)
    • server: changed Alarm timing algorithm (#4730)
    • session: add cookie-http-only to session-config (#4737, rep by L. Kaminsky)

    Resin 4.0.22



    This is a maintenance release.

    Change List

    • cluster deploy: .war issue on non-triad servers (#4743, rep by James Meyer)
    • servlet/cache: added range limits (#4744, rep by R Madej)
    • webapp: add alias-url-regexp to match multiple context-paths to a web-app (#4720, rep by Sachidanand Shukla)
    • command-line: added uptime to "status" command"
    • alarm: Alarm's base classloader needs to be Alarm not system classloader (#4707, rep by M Schmidt)
    • snmp: added snmpwalk support (#3721, rep by D. Devota)
    • jndi: EnvironmentModel dynamic copy needs ConcurrentHashMap (#4721)
    • servlet: getAvailable() issue with POST (#4726, rep by Olaf Krische)
    • install: --disable-64bit changes to ./configure and CFLAGS (#4714, rep by S. Patil)
    • ejb: @Async needs to propagage security principal (#4710, rep by ddalessa)
    • jsp: jsp:include/jsp:param parameter order issues (#4719, rep by Brandon Kearby)
    • distribution: unbundled resin-eclipselink.jar from resin.jar (#4722, rep by Steffen Busch)
    • async: request end needs to clear AsyncContext link (#4723, rep by Mark Price)

    Resin 4.0.21




    4.0.21 continues focus on bug fixes and stability. 4.0.21 includes significant reworking of the networking state machine for keepalive timing issues.

    Thanks to everyone who reported bugs in 4.0.20. We encourage people to report 4.0.21 bugs at

    Command Line Interface

    Resin cli added error codes for specific failures e.g. authentication error, wrong argument, deployment error.

    Added a new command that makes resin boot process compatible with requirements of launchd (Mac OSX). 'start-with-foreground' command is an extension of 'start' command that keeps resin boot process running.

    Deprecated 'watchdog' command. 'watchdog' command will still work, however, we recommend that 'start-with-foreground' is used instead.

    Resin Eclipse Plugin

    Better error reporting was added to let users know of git deployment failures.

    Download and install functionality updated to install into version specific directory.

    Resin Admin

    Threads page was tweaked to sort threads by stack trace.

    Graphing enhancements continue, with improved scrolling control.


    New health actions and conditions:

    A Snapshot on OnAbnormalStop condition was added by default to health.xml. If upgrading we recommend you add this to your existing health.xml.

    Example: <health:Snapshot> in health.xml

    PDF Snapshot

    The PDF has been expanded to include heap, cpu profile, thread dump, and JMX data. This additional data gives a fuller snapshot of the JVM's state.

    command-line pdf-report

    Example: generating a pdf report
    unix> bin/ pdf-report
    generated /usr/local/home/ferg/test/resin-pro-4.0.21/log/default-Summary-20110819T1434.pdf
    Example: generating a pdf report with CPU profile
    unix> bin/ pdf-report -profile-time 60
    generated /usr/local/home/ferg/test/resin-pro-4.0.21/log/default-Summary-20110819T1434.pdf


    The WebSocket implementation has been updated to the latest draft specification.

    Resin's WebSocket implementation is stream based, meaning arbitrary-length messages are supported.

    Messages are read in an application callback implementing WebSocketListener. The listener reads the InputStream until end of file which is the end of message, and then returns to allow the next message to be read.
    package com.caucho.websocket;
    public interface WebSocketListener {
      public void onReadBinary(WebSocketContext, InputStream is)
        throws IOException;
      public void onReadText(WebSocketContext, Reader is)
        throws IOException;

    Messages are written using the WebSocketContext. The application starts new message with startBinaryMessage() or startTextMessage(), writes to the OutputStream and closes it on message end.
    package com.caucho.websocket;
    public interface WebSocketContext {
      public OutputStream startBinaryMessage()
        throws IOException;
      public PrintWriter startTextMessage()
        throws IOException;


    We've been tracking the jcache specification updates. Jcache will provide a standard caching API. The latest changes include compare-and-set operations

    Change List

    • env: data-source-definition ordering with JPA (#4712, rep by stoty)
    • ssl: extra debugging output for openssl with disconnecting client (#4709, rep by Keith Fetterman)
    • eclipse-plugin: install resin into version specific directory (#4693, rep by manishdevraj)
    • resin-cli: introduced new command start-with-foreground (see launchd restrictions)
    • resin-cli: unknown argument should fail resin start (#4689, rep alex)
    • log: log rotation alarm refactor (#4680, rep by Steve Francis)
    • rewrite: added <resin:NotFound> (#4705, rep by Aaron Freeman)
    • git: corrupted .git on startup (#4701, rep by Bill Au)
    • cloud: added deploy-config and cluster-config: scheme (#4604)
    • i18n: utf8writer issues with surrogate pairs (#4700, rep by SHinomiya Nobuaki)
    • install: ./configure changes for Solaris cc (#4678, rep by nits4resin)
    • logging: Resin logging was not working properly in IBM JDK (#4695, rep by Steve Francis)
    • async: complete() should not dispatch a following GET (#4697, rep by Adrian Sutton)
    • servlet: sendRedirect from filter needs to escape redirect URL (#4699, rep by jyung)
    • session: maxInactiveInterval issues with persistent sessions and includes (#4692, rep by mnsh)
    • jni: changed crc64/readdir code to user readdir_r (#4698, rep by Peter Mei)
    • jsp: tag compilation issues with @Inject (#4690, rep by mnsh)
    • cdi: @Disposes introspection needs to be lazy on binding (#4681, rep by Dirk Mahler)
    • debian: updated resin/lib and resin/libexec64 (#4548, rep by dicr)
    • health: change health.xml to dump snapshot (rep by Bill Au).
    • servlet: added CsrfFilter (#4497, rep by Myeung Kyu Jang)
    • cdi/ejb: DataSourceDefinition timing with JPA (#4488)
    • vhost: i18n/idna parsing issues (#4583, rep by gfranz)
    • cdi/servlet: add WebApp.runInSessionContext to support threads using session scope (#4049, rep by sweigersf)
    • network: timeout issues with keepalive (#4683, rep by Amir Langer)
    • jsp: incorrect jsp:param encoding of '&' (#4685, rep by dicr)
    • ejb/cdi: stateless decorators (#4630, rep by Chris)
    • install: check for /usr/libexec/java_home in ./configure (#4572)
    • servlet: request.getReader() mark/reset support (#3350, rep by karlgold)
    • loader: added ClassLoader.getResource and ClassLoader.getResourceAsStream cache (#4082)
    • logging: <log-handler> needs to check for missing 'name' attribute (#4682)
    • health: PdfReport needs to require the <path> parameter (#4679, rep by Bill Au)
    • jsf: jsf/resin integration when replacing jsf libraries in WEB-INF/lib (#4676, rep by cyttesen)
    • ScheduledTask: add validation of ScheduledThreadPool (#4668, rep by Wesley Wu)
    • servlet: add ThrottleFilter.getCurrent().addPoisonedIP(addr) (#4133, rep by Aaron Freeman)
    • install: add which will be filled in with configured location from ./configure (#4579)
    • jsp: JspCompiler should not start the web-app for compilation (#4397)
    • load-balance: add StickyHost for sticky load balancing (#2969, rep Daniel Bjuhr)
    • mod_caucho: restore 'backup' option for mod_caucho (#4673, rep by Halvor Utby)
    • resin-admin: profile needs better message when JNI not compiled (#4652)
    • install: ./configure changes for --disable-64bit to compile 32bit on a 64bit system (#4675, rep by nits4resin)
    • load-balance: add disable-soft to disable round-robin, but not session dispatching (#3365, rep by Cameron Stokes)
    • debian: resin-eclipselink was not added to debian files (#4547, rep by dicr)
    • cache/db: mmap synchronization updates

    Resin 4.0.20




    4.0.20 continues focus on bug fixes and stability. 4.0.20 includes significant reworking of the networking state machine for comet/async timing issues.

    Thanks to everyone who reported bugs in 4.0.19. We encourage people to report 4.0.20 bugs at

    Health PDF Reports

    PDF reports are now available from the /resin-admin summary page and the postmortem. The PDF gathers the summary graphs into a single document.

    Weekly PDF Reports

    PDF reports can now be generated on a timed basic (daily or weekly). The new PdfReport health action creates a summary pdf in the resin/log directory for an overview of the server operation.

    Example: resin.xml configuration for PdfReport
    <resin xmlns=""
      <resin:import path="${__DIR__}/health.xml" optional="true"/>
        <health:IfCron value="0 0 * * 0"/>

    Custom Graph Pages

    The graphs in the /resin-admin "meters" section can be configured by adding <health:MeterGraphPage> definitions to the health.xml or the resin.xml. The graph values are defined by <health:JmxMeter> and <health:JmxMeter> and allow any JMX value to be metered and displayed.

    The custom graph pages can also be used for the PDF reports.

    Example: Thread Graphs in resin.xml
    <resin ...>
        <graph name="Threads">
          <meter>JVM|Thread|JVM Thread Count</meter>
          <meter>Resin|Thread|Thread Count</meter>
          <meter>Resin|Thread|Thread Idle Count</meter>
          <meter>JVM|Thread|JVM Runnable Count</meter>
          <meter>JVM|Thread|JVM Blocked Count</meter>
          <meter>JVM|Thread|JVM Native Count</meter>
          <meter>JVM|Thread|JVM Waiting Count</meter>

    Change List

    • health: PdfReport added
    • session: always-load-session needs to set local-read timeout to 0 (rep by Eric Kreiser)
    • network: comet/network state maching/timing issues (#4669, rep by Adrian Sutton)
    • cloud: heartbeat needed across clusters for global cache (#4657, rep by William Kong)
    • cloud: heartbeat needs to retry every 5s on connection failure (#4601)
    • network: keepalive housekeeping simplified (#4613, rep by Mark Cleveland)
    • session: session timeout needs to be picked up on persistent load (#4473, rep by vicsanca)
    • network: issues with too many CLOSE_WAIT connections (#4639, rep by Mark Price)
    • jsf: conversation scope issues with classloading (#4656, marcin_gomulkiewicz)
    • jpa: data-source lookup needs to check JNDI return type (#4591, rep by paru)
    • cron: day-of-week calculation bug (#4560, rep by Tyson Weighs)
    • health: add ShutdownService configuration to not restart on OOM (#4075, rep by Martin Thompson)
    • cli: console libexec needs to use same is64Bit as watchdog (#4558)
    • stat: add read/write byte statistics for http request (#4126, rep by Martin Thompson)
    • jpa: check persistent-unit NPE for EntityManagerJtaProxy (#4564, rep by dicr)
    • xa: recover/forget needs to check xid against current server (#4645)
    • webapp: multipart-config needed in servlet tag (#4648)
    • webapp: multiple-init issue with versioned controllers (#4637, rep by W. Au)
    • cdi/ejb: issue with @Alternative working with EJBs (#4636, rep by ChrisC)
    • jsp: NPE with trimDirectiveWhitespaces and empty scriptlet (#4651, rep by mnsh)
    • resin-admin: added 60s ajax updates to summary graphs (#4577)
    • quercus: DateTime NPE (#4596, rep by rmann)
    • cdi: InjectionPoint on producer was overriding all other producers (#4649, rep by Max Bureck)
    • command-line: add -data-directory to change location of resin-data (#4646, rep by Keith Fetterman)
    • command-line: command-line now uses hmux servers when available (#4616)
    • db/cache: Table.validateIndexes wasn't freeing its Block/TableIterator (#4624, rep by Michael O'Dea)
    • ssl: ssl write needs poll/select on SSL_ERROR_WANT_WRITE (#4582, rep by Mike O'Dea)
    • xa: failure during forget should be at finer logging, not warning (#4644, rep by Takahiro Fukuda)
    • multipart-form: added parameter-length-max (#4638, rep by Daniel Kador)
    • system: <resin:LogService> needs to check for existing log system (rep by Adrian Sutton)
    • install: --with-resin-log should update init.d/ (#4640, rep by K Fetterman)
    • health: added graph page configuration to health.xml (#4577)
    • network: refactored networking to split thread-safe/and non-thread-safe state machines (#4633, by Danny Yates)
    • resin: options on the command should be global (#4605)
    • resin: command line user mgmt (#4603)
    • jsf: allow JSF in WEB-INF/lib (will disables CDI) (#4573, rep by cyttesen)
    • hessian: debug should not throw illegal state exceptions but should log
    • database: allow numeric transaction-isolation values (#4627, rep by mnsh)
    • jpa: javax.persistence.Persistence classloader leak (#4628, rep by Patric Rufflar)
    • rewrite: CanDI-style rewrite rules in cluster were ignored (#4618, rep by Aaron Freeman)
    • scheduled-task: scheduled task remove has stack overflow (#4523, rep by mnsh)
    • security: JaasAuthenticator add support for Group/roles (#4621, rep by dicr)
    • admin: summary/postmortem now show startup info from watchdog (#4595)
    • db: row allocation must check for table close (#4599, rep by Steve Francis)

    Resin 4.0.19




    4.0.19 is primarily a bug fix release, including several important fixes in the networking code for timeouts.

    Thanks to everyone who reported bugs in 4.0.18. We encourage people to report 4.0.19 bugs at

    Resin Eclipse Plugin

    Resin Eclipse Plugin is updated to publish and reload applications instantly. These settings can be overridden in the Properties dialog (press F3 on the selected server).
    Fixed bugs:

    Resin Eclispe Snapshot and Release update sites are:

    Resin Admin Web Console

    • All style and content was updated to pass W3C HTML validation and follow W3C accessibility guidelines.
    • The Web Applications page was updated to include an option to undeploy an application.
    • Graphs now allow pan and zoom.

    Health Check Updates

    In addition a few new health conditions and actions, all applicable command line actions are now also available as health actions.

    The new actions and predicates can be combined to initiate an intelligent diagnostic gathering restart sequence. In the following example, upon detecting a critical health condition, Resin registers a 10 minute delayed fail-safe restart, dumps diagnostic information, and then profiles the system for 5 minutes. Finally it attempts to restart cleanly, although if that is not possible due to system instability, the earlier fail-safe restart will trigger.

    Example: <health:FailSafeRestart> in health.xml
    <cluster xmlns=""
        <health:FailSafeRestart timeout="10m"/>
        <health:StartProfiler active-time="5m"/>
        <health:IfHealthCritical time="5m"/>
        <health:IfNotRecent time="10m"/>

    Change List

    • command-line: resin-system-auth-key wasn't properly managed (#4602)
    • deploy: git/war validation needs better error messages for the ant jar task duplicate file creation (#4606, rep by Jeff Schnitzer)
    • logging: logger in <resin> context needs to use system class loader to match command-line log-level (#4587, rep by William Au)
    • resin-admin: added undeploy action for repository managed webapps
    • command-line: authentication needs to understand {SSHA} configuration (#4593)
    • eclipse-plugin: added auto-restart for redeployed apps (req. by hwellmann, Caucho forums)
    • cache: lease changes for triad and cloud to reduce network traffic
    • deploy: add expand-preserve-fileset to web-app-deploy to improve development (#4592, rep by Harald Wellmann)
    • ejb: generic introspection/generation (#4590, rep by Harald Wellmann)
    • cache: leasing must apply to cloud servers (#4588, rep by William Kong)
    • cloud/bam: hmtp pool must be shared across server (#4588, rep by William Kong)
    • cloud/bam: remote send must return error messages (#4588, rep by William Kong)
    • eclipse-plugin: finishing server wizard early produces bad configuration (#4589, rep by hwellmann)
    • dist: add multiversion for debian packages (#4314, rep by jlangevin)
    • health: check MemUsage for max/committed to calculate free memory (#4507)
    • install: Makefile needs to create /var/log/resin event if /var/www exists (#4574)
    • cache: streaming cache update between clusters <replication-source-cluster> (#4569)
    • install: webapp-jars need to be copied to resin.home (#4575)
    • jsp: c:set validation issue (#4586, rep by thihy)
    • websocket: text buffer size issues with 8192 length values (#4584, rep by ihristov)
    • ejb: EJBException serialization id needs generation (#4578, rep by cyttesen)
    • watchdog: Unix systems should not have -Xrs on the command-line (#4585, rep by William Au)
    • servlet/async: dispatch sync issues causing dispatches to be ignored (#4570, rep by Danny Yates)
    • resin: moved app-default to resin.jar, changed resin.xml's resin:import to load from classpath
    • php: fix for DOMDocument::saveXML($node) (#4563, rep by Lisa Stillwell)
    • resin-cli: added disable and enable commands to Resin Pro (#3756, rep by Rob Lockstone, Jonas Kowall)
    • async/comet: with Resin comet API, check for complete on suspend (#4534, rep by Brent Plump)
    • ejb: with generics Class<T> as argument and return (#4551, rep by dicr)
    • servlet: finally handling for request needs to check for null (#4545)
    • access-log: add rollover-check-time configuration (#4533, rep by peng yao)
    • ./configure: removed OPENSSL_LIB search instead using standard library (rep by Michael O'Dea)
    • ejb: synthetic/bridge methods should not be reflected (#4555, rep by dicr)
    • ejb: static methods for session beans should not be overridden (#4552, rep by dicr)
    • config doc: clarified database init-param vs IoC-style configuration (#4550, rep by dicr)
    • ./configure: updated config.guess and config.sub (#4407, rep by GT500)
    • db-store: free block scanning needs to test for store close (#4562, rep by S Francis)
    • mod_caucho: allocation/free of locks needs to be locked (#4529, rep by remkodev)
    • network: read/write timeout needs handling in Java layer (#4506, #4524, rep by Matthew Schmidt, Prabhu)

    Resin 4.0.18




    4.0.18 is primarily a bug fix release.

    (CLI) Resin command line updates

    Resin 4.0.18 introduces commands to manage jmx objects. New set of JMX Commands consists of jmx-list, jmx-set and jmx-call commands. Documentation for an updated CLI interface can be viewed withjava -jar lib/resin.jar help. Documentation for a particular command can be viewed with java -jar lib/resin.jar help <command>

    Resin Ant Plugin

    Resin Ant Plugin has been moved to a new home at github:

    Health Check Updates

    Changes to the health system this release include improved stability, logging, documentation, and lifecycle conditions.

    • Parameter checking and error reporting - All health checks, actions, and conditions were updated to check for missing or invalid attributes and report clearer error logs.
    • Documentation - Full documentation of the health checking system is now present at /resin-doc/admin/health.xtp.
    • Lifecycle conditions - Resin can now be configured to execute health actions on startup, shutdown, and restart.
    Example: Sending an email on startup in health.xml
    <cluster xmlns=""

    maven/junit embedding/integration with JPA/data sources

    When embedded Resin is launched inside a maven/junit task, the default behavior is to disable Resin's Alarm, which manages timeouts. To re-enable the alarm, use a '-Dcaucho.alarm-enable' on the command-line when launching Java.

    The alarm is disabled in embedded cases to handle of embedded Quercus in a non-Resin container.

    WebSocket draft v7

    Resin's WebSocket support has been upgraded to the test v7 draft of the IETF specification.

    Change List

    • watchdog: set the LD_LIBRARY_PATH_64 variable on 64-bit systems (#4536)
    • access-log: rollover rescheduling of alarm was not reliable (#4540, rep by mros2stf)
    • ant-plugin: ant plugin has been moved to
    • resin-cli: added jmx-list, jmx-set, jmx-call commands
    • health: add OnStart, OnStop, OnRestart health predicates (#4257)
    • scheduled-task: forward with param was causing NPE (#4530, rep by kenjrwalker)
    • web-app: explicit web-app id="/" must override webapps/ROOT (#4531, rep by danielnuriyev)
    • session: distributed sessions now allows jdbc as a backup (#3929, rep by jkriesten)
    • servlet: fragment after/others ordering issues (#4523)
    • cdi: abstract decorators were not properly handled (#4406)
    • servlet: crlf escaping required for response headers because of rewrite-dispatch (#4525)
    • jpa: when jta-data-source is null and JPA fails to start, allow web-app to start w/o error (#4491)
    • watchdog: ResinMXBean now contains information about the last watchdog restart (#4257, rep by Tony Matson)
    • jsp/el: MethodExpr invocation was not applied property (#4515)
    • candi: @Produces on @Stateless with no interfaces (#4513)
    • config: add <data-source> element support (#4487)
    • jsp/el: BeanELResolver isValue/getValue mismatch (#4511, rep by Keith Fetterman)
    • servlet: web-fragment <name> can have an "id" attribute (#4484)
    • candi: ResinBeanContainer beans.xml @Alternatives issue (#4501)
    • candi: ResinBeanContainer JPA/beans.xml ordering issues (#4502)
    • session: add destroy-on-lru flag to session-config to call SessionListener.destroy on a LRU even when session is persisted (#4504)
    • servlet: CauchoRequestWrapper updates for MockHttpServletRequest compatibility (#4509)
    • jstl: c:set not properly returning XML for validation (#4492)
    • ejb: stateless generics on interface superclass (#4512, rep by andreaskaltenbach)
    • ejb: stateless generics on method argument (#4514)
    • config: <class-loader> has automatic priority (#4500)
    • watchdog: signal status reporting was showing exit 0 for signals (#4508)
    • hessian: send-collection-type should always send java.util types (#4489, rep by Keith Fetterman)
    • ioc: resin:message not properly initialized (#4496, rep by Keith Fetterman)
    • ioc: env-entry does not use EL - doc update (#4516, rep by mnsh)
    • ejb: ejb-ee jar with <entity> should be skipped w/o fatal error (#4503, rep by Rick Mann)

    Resin 4.0.17




    4.0.17 includes Web Profile TCK, JMS, cloud, health, eclipse plugin, and command-line work

    • Web Profile TCK - now passing all Web Profile TCK sections
    • JMS - now passing JMS TCK
    • cloud - dynamic -join-cluster added
    • health - configurable JMX meters for graphing, and many added health predicates.
    • command-line - added support for log-level, profile, heap-dump and thread-dump.

    Web Profile TCK

    • EL - pass
    • EJB - pass
    • JDBC - pass
    • JMS - pass
    • JPA - pass
    • JSF - pass
    • JSP - pass
    • JSR-299 (CDI) - pass
    • JSR-330 (javax.inject) - pass
    • JSTL - pass
    • JTA - pass
    • Servlet - pass

    Dynamic Server Cloud Support

    Resin 4.0.17 finishes up our dynamic cloud support, putting the final piece together. You can now add and remove a new dynamic server to the cluster, and Resin's cloud will update to support the new server automatically.

    • Resin load balancing automatically uses the new server.
    • The new server gets the latest application .war.
    • JMS Queue sender/receivers work with the new server.
    • JMX clustered management works with the new server.
    • Clustered caching data is shared with the new server.
    Example: starting new server
    unix> java -jar lib/resin.jar -join-cluster app-tier -server dyn1 start

    Health Check Updates

    Enhancements to the health check system continue with the following new command available.

    • <health:IfFlapping> - predicate that qualifies an action to match on frequent state changes.
    • <health:IfCron> - predicate that qualifies an action to match if the current time is in an active range configured using cron-style syntax.
    • <health:IfExpr> - predicate that qualifies an action to match on the evaluation of a JSP EL expression.
    • <health:ExprHealthCheck> - check that evaluates one or more JSP EL expressions to a health status.
    • <health:ExecCommand> - action that executes a shell command.

    <health:IfExpr> and <health:ExprHealthCheck> work well in combination with enhancements made to EL syntax that enables JMX access and regular expression evaluation.

    Example: JMX access and regular expressions in EL
    <cluster xmlns=""
          <health:IfExpr test="${mbean('java.lang:type=Runtime').BootClassPath =~ '.*resource-16.jar.*'}"/>

    In this example, the mbean('java.lang:type=Runtime') function looks up an MBean in JMX, and '.BootClassPath' retrieves the attribute value. The =~ operator matches the value to a regular expression. <health:Not> qualifies the predicate to match on a failure. This is a useful check to alert if a required jar is not present in the boot classpath.

    JMX Meter Updates

    A number of previously hard-coded JMX meters are now setup in health.xml. Meters provide graphing in /resin-admin. Any numeric MBean attribute can be graphed using the new <health:JmxMeter> or <health:JmxDeltaMeter> elements.

    Example: JMX meters in health.xml
    <cluster xmlns=""
        <name>JVM|Thread|JVM Thread Count</name>
        <name>JVM|Compilation|Compilation Time</name>

    JmxMeter graphs the current value, while JmxDelta meter graphs the different between the current and previous values. /resin-admin uses the pipe | character in the <name> attribute to enhance the UI by categorizing meters into drill-downs.

    (CLI) Resin command line updates

    Resin 4.0.17 introduces commands to produce thread and heap dumps, change log levels and profile applications. Documentation for an updated CLI interface can be viewed with java -jar lib/resin.jar help. Documentation for a particular command can be viewed with java -jar lib/resin.jar help <command>

    Commands added in release 4.0.17 are thread-dump, heap-dump, log-level, profile

    Eclipse plugin updates

    Eclipse plugin has undergone significant updates, with configuration, deployment and debugging reworked. Added option for remote deployment. Bugs #4417, #4418 are resolved.

    Removing the older version of plugin is necessary for a smooth update. Procedure for complete removal of the plugin is outlined at

    NetBeans plugin updates

    Updates to NetBeans plugin resolve bug #3936 and changes deployment option to exploded web-app directory deploy.

    Change List

    • candi: jar order dependency for ProcessManagedBean (#4493, rep by andreaskaltenbach)
    • security: order dependency between user-role and transport guarantee (#4495, rep by Keith Fetterman)
    • netbeans: fixed installation issues and change deployment options to deploy to an exploded web-apps directory
    • eclipse: fixed "Debugging does not work with 4.0.15 version of the Eclipse plugin" bug (#4417, rep by stoty)
    • eclipse: fixed "Eclipse plug-in won't install" bug (#4418, rep by adamzr)
    • resin: added thread-dump, heap-dump, log-level and profile commands.
    • el: add mbean function for JMX attribute access
    • el: add =~ for regular expression matching
    • resin-admin: include link to SSL on deploy page when accessing non-ssl (#4455)
    • resin-admin: hide user/password generation when user exists (#4486, rep by Keith Fetterman)
    • resin-admin: use {SSHA} for generated password
    • webapp: webapp restart/session close timing issues (#4471, rep by jiucal)
    • rewrite: Forward with target="/foo?q=2" caused duplicate query param (#4431, rep by mhixson)
    • install: make install updates (#4468, rep by silent)
    • openssl: connection must close if SSL_write fails (#4476, rep by Keith Paulson)
    • boot: ResinActor should not be started when Resin called directly (#4440)
    • proxy-cache: inappropriate warning on included cache (#4472, rep by Keith Fetterman)
    • jsp: special case jsp:fragments with single jsp:element (#4463, rep by imaniyar)
    • maven: EnvInit was improperly logged (#4481, rep by ccwf)
    • jsp-el: resolve introspection conflict between getFoo() and getFoo(i) (#4462, rep by jhartline)
    • dist: deprecated resin-ant tasks. The command-line should be used instead (#4447)
    • startup: resin.exe space issues with -conf (#4448, rep by pmorrow)
    • resin-admin: mod_status requires Resin Pro (#4454)
    • el: conversion issues from string '1.0' to long (#4482)
    • proxy-cache: issue with include, and filter and wrapped output (#4437, rep by Haley)
    • vfs: update http: normalization to use query-string verbatim (#4427, rep by Deepak Jadhav)
    • candi: ResinBeanContainer standalone (#4434)
    • log: add ${thread} to log formatting (#4459, rep by Keith Fetterman)
    • deploy: issues with merging versioned webapps with explicity <web-app> (#4444, rep by Keith Fetterman)
    • deploy: restart timing issue with .war alarm, request and slow start (#4474, rep by Mattias Jiderhamn)
    • ejb: stateless matching of varargs to API (#4466, rep by andreaskaltenbach)
    • repository: repository tag-map timing issue (#4450)
    • session: Java deserialization not using proper classloader (#4475, rep by Keith Fetterman)
    • install: config/health.xml location issues (#4443)
    • install: doc/resin-doc location fixed for make install (#4445, rep by Bill Au)
    • cloud: removed obsolete HmtpRequest logging (#4461, rep by TJ Wallace)
    • session: change default serialization to "java" instead of "hessian"
    • cluster: add -join-cluster for dynamic server support

    Resin 4.0.16




    4.0.16 has primarily been a bug-fix release.

    Web Profile TCK

    • EL - pass
    • EJB - pass
    • JDBC - pass
    • JPA - pass
    • JSF - pass
    • JSP - pass
    • JSR-299 (CDI) - pass
    • JSR-330 (javax.inject) - pass
    • JSTL - pass
    • JTA - pass
    • Servlet - pass

    Health Check Updates

    The health check system has been enhanced, allowing for more control of Resin restarts and logging. The configuration is still in progress, and can be seen in the conf/health.xml file.

    The health configuration follows the same pattern as the rewrite rules. Each action has a set of optional predicates that tell when the action should occur.

    Example: cpu-based ThreadDump in health.xml
    <cluster xmlns=""
        <health:IfCriticalRechecked time="2m" healthCheck="${cpuHealthCheck}"/>

    In the example, the <health:IfCriticalRechecked> predicate is true if the CpuHealthCheck returns a critical value for 2 minutes. This will avoid log a thread dump for a temporary CPU spike.

    WebSocket API

    Resin 4.0.16 has implemented draft-6 of the web socket protocol. A Resin WebSocket Tutorial is available.

    Resin's API is based on the stream model of the Servlet API, using OutputStream and PrintWriter to send messages and InputStream and Reader to receive messages.
    package com.caucho.servlet;
    public interface WebSocketContext
      public OutputStream startBinaryMessage() throws IOException;
      public PrintWriter startTextMessage() throws IOException;
      public void setTimeout(long timeout);
      public long getTimeout();
      public void close();
      public void disconnect();
    package com.caucho.servlet;
    public interface WebSocketListener
      public void onStart(WebSocketContext context)
        throws IOException;
      public void onReadBinary(WebSocketContext context, InputStream is)
        throws IOException;
      public void onReadText(WebSocketContext context, Reader is)
        throws IOException;
      public void onClose(WebSocketContext context)
        throws IOException;
      public void onDisconnect(WebSocketContext context)
        throws IOException;
      public void onTimeout(WebSocketContext context)
        throws IOException;

    HMTP/BAM API changes

    The HMTP/JMTP messaging APIs continue to change as we work on simplifying the model. Resin uses HMTP/BAM as its internal clustered messaging framework.

    We now have 5 base classes:

    • MessageStream - the underlying stream for the unidirectional and request/response messages
    • Actor - the actor/service interface for an application service.
    • Mailbox - the queue receiving messages for the actor.
    • Broker - the router to dispatch messages to other actors' mailboxes.
    • BamManager - manages adding and removing actors from a broker system.


    The rewrite-dispatch order has been normalized. This should be invisible for most users, Resin now has a better-defined order for dispatching.

    All requests now go through the following order (basically a servlet filter chain order.)

    rewrite-dispatch order
    security (checked first)

    Since dispatch actions like <resin:LoadBalance> and <resin:HttpProxy> are rewrite-dispatch rules, this means that security will be applied, but servlet filters will not be applied.

    proxy cache

    The proxy cache has been refactored internally to better handle exceptions and disconnects while filling the cache. The decision to make a request a cache-fill thread now happens at the top filter call, which allows the cleanup logic to be a simple "finally" block.

    {SSHA} authentication passwords

    Resin's authenticators now support LDAP-style {SSHA} passwords for all the built-in authenticators, or anyone extending from AbstractAuthenticator.

    Sample XmlAuthenticator with {SSHA}
    <web-app xmlns=""
         <user name='harry' password='{SSHA}Vug/pmSPPOTh/dCG2GpDE6BIE+1zYWx0'/>
         <user name='draco' password='{SSHA}H9STJXP1NwWBy1VIL+6cVQPEMtxzbmFrZQ=='/>

    load-balance/cluster pools split

    The load-balance and cluster TCP socket pools are now split and using different timeouts. The cluster socket pool is used for HMTP/BAM messages for heartbeat, dist-cache, repository, etc. The load balance pool is used for <resin:LoadBalance>, <resin:HttpProxy> and <resin:FastCgiProxy.

    Change List

    • rewrite-dispatch: normalization of rewrite order so rewrites always occur before filters
    • server: add server information to 404 error pages (#4433, rep by Alex Sharaz)
    • server: invocation-cache-size wasn't properly configurable (#4428, rep by R. Ranjan)
    • cluster: cluster/network timings split from load-balance configuration (#4429, rep by Dmitri Kolpakov)
    • cluster-cache: mismatched message/query replication for data actor (#4425, rep by Dmitri Kolpakov)
    • session: inconsistent setMaxInactiveInterval with timeouts (#4419, rep by vicsanca)
    • proxy-cache: check cache refill against invalidated cache (#4413, rep by shine)
    • cdi: @Stateless beans need to be treated as serializable for injection (#4405)
    • ioc/xml: update error messages for whitespace properties (#4385, rep by jkriesten)
    • watchdog: update error message on 500 exception to a watchdog (#4402, rep by Alex Sharaz)
    • mod_caucho: configuration etag wasn't including timeouts and therefore wasn't updating (#4259)
    • servlet: ServletContext.getResource("/foo/") was not returning URL when foo is a directory, needed for spring (#4411, rep by ccwf)
    • access-log: add '%S' for session tracking (#4422, rep by Steffen Busch)
    • include/forward: cross-context include/forward was not switching WebApps properly (#4362, rep by igor)
    • classloader: enabled jar caching to improve startup times (#4420, rep by Mattias Jiderhamn)
    • database: toLowerCase must use toLowerCase(Locale.ENGLISH) for Turkish encodings (#4414, rep by ozgurcakmak)
    • watchdog: Resin shutdown warning exceptions need to be caught on shutdown (#4400, #4402, rep by Daniel Lopez, Alex Sharaz)
    • servlet: addCookie should allow cookie with null value (#4410, rep by Brandon Kearby)
    • install: resin-doc copy issues (#4408, rep by copart)
    • install: validator/slf4j added to webapp-lib (#4386, rep by Jeff Schnitzer)
    • proxy-cache: corrupted data with client disconnects (#4398, rep by Luke Jobling)
    • watchdog: stdout-log inside <cluster> now configures the watchdog managed jvm-default.log (#4395, rep by Steve Francis)
    • openssl: timeout support for solaris (#4280, rep by nicolai)
    • configure: change solaris build to include -R/usr/sfw/lib/64 for -d64 and linking (#3045, rep by Eric Bowman)
    • ejb: MDB with JMS inflow (ActiveMQ) not properly handling XA (#4327, rep by danc)
    • ejb: MDB with JCA inflow and driver XA control not properly handled
    • security: add RFC2307 (ldap-style) support for {plain}, {sha}, {ssha}, {md5} (#3432, rep by Laurent Jaccard)
    • cdi: @MBean on class automatically registers bean in JMX (#3427, rep by Scott Hernandez)
    • webservices: add ${resin.home}/endorsed support for metro support (#3415, #4032, rep by Bartlomeij Kolodziejczyk, Reggie Vito)
    • rewrite: conflict between rewrite (welcome-file) and custom constraint (#4388, rep by K Ding MNP)
    • scheduled-task: CDI timing issue between scheduled-task and CDI bean (#4393, rep by Tero Ripattila)
    • ssl: JSSE client certificate should not automatically populate getUserPrincipal (#4044, rep by adamknight)
    • install: configure was not detecting plugins on x360 (#4383, rep by mros2stf)

    Resin 4.0.15




    4.0.15 has primarily been a bug-fix and Web Profile TCK release. It also encludes several extensions and enhancements to the HealthCheck system.

    Web Profile TCK

    • EL - pass
    • EJB - 1 fail (timing, possible TCK bug)
    • JDBC - pass
    • JPA - 8 fail (exception)
    • JSF - pass
    • JSP - pass
    • JSR-299 (CDI) - pass
    • JSR-330 (javax.inject) - pass
    • JSTL - pass
    • JTA - pass
    • Servlet - pass

    Resin Eclipse plugin update

    The Resin eclipse plugin has been updated at

    The plugin allows automatic download of Resin Professional.

    Health Check Updates

    The health check system has been enhanced, allowing for more control of Resin restarts and logging.

    Change List

    • eclipse-plugin: require automated eval. license request only for new download (#4379, rep by Daniel Lopez)
    • jsp: sendRedirect in JSP could cause IllegalStateException (#4290, rep by Mattias Jiderhamn)
    • cookie: ssl-session-cookie should not automatically set Secure for the non-SSL cookie (#4372)
    • /resin-admin: increased upload_max_filesize for web app deployment. New limit is 128Mb. (#4371 rep by Naoki Yano)
    • bam/cluster: HmtpQueue in ProDomainManager needs to be ConcurrentHashMap and not WeakReference (rep by Jamie Novak)
    • watchdog: "status" was returning the watchdog's user, not the Resin instance user (#4359, rep by mros2stf)
    • async/comet: request should not force flush on async (#4360, rep by Manoj Chennath)
    • cloud: server.ifSelf() changed to more reliable predicate (#4355, rep by Jamison Novak)
    • http: url-length-max wasn't allowing large URLs (#4358, rep by Daniel Kador)
    • cloud: messages during startup are queued if mailbox isn't registered yet (rep by Jamison Novak)
    • cdi: enable Conversation scope for JSP/servlets
    • database: add DatabaseManager.closeConnection (#3703, rep by Nobuaki Shinomiya)
    • servlet: request HashMapImpl fixes for inserts (#3726, rep by Fiaz Hossein)
    • install: ${resin.root}/resin-doc will be updated on a new install (#4350, rep by mros2stf)
    • resin-admin: use ${resin.root}/resin-doc location for resin-admin (#4350, rep by mros2stf)
    • configure: test for dev environment faulty, causing resinssl build issues (#4352, rep by mros2stf)
    • meter/sensor: add sensor callback to so failures can be acted on (#3731, rep by Martin Thompson)
    • resin-admin: if admin-users.xml.generated cannot be created in resin.conf, use resin-data (#3785)
    • network: add listener/port read/write statistics (#4150)
    • bam: separate queues for large messages (#4128, rep by Martin Thompson)
    • git: validate repository and reload from triad if corrupted (#4341, rep by Jamison Novak)
    • cdi: serialization of intercepted beans (#4083, rep by sweigersf)
    • cdi: enhanced CDI beans must use proxies (TCK)
    • jni: JniSelectManager should use toError() is removeNative fails (#4349, rep by Jens Christensen)
    • gzip: flush/error issue with JSP (#3893)
    • watchdog: add "watchdog" command for MacOS LaunchD (#3891, #4124, rep by Rob Lockstone)
    • session: if session is not valid due to timing issues, create new session (#3942, rep by bregnvig)
    • jpa: eclipselink was not properly closed on webapp restart (#4154, rep by Riccardo Cohen)
    • ssl: jsse-ssl add cipher-suites-forbidden (#3970, rep by Aaron Freeman)
    • jsp: @page contentType should not affect request.getCharacterEncoding() (#4007, rep by Shinomiya Nobuaki)
    • ssl: jsse-ssl add verify-client="optional" support (#4052, rep by adamknight)
    • ear: ear deployment problems when war context-url is "/" (#4348, rep by koge_pan)
    • security: allow FormLogin with selected authenticator (#4143)
    • cdi: allow inline injection <value><qa:MyQualifier></value>
    • session: add serialization-collection-type to allow disabling of Hibernate collection serialization (#4211, rep by Matthew Schmidt)
    • watchdog: on configuration error, delay Resin restart by 30s (#4202, rep by norlab)
    • load-balance: bind-ports-after-start and disable should cause failover during startup (#4129, rep by Wesley Wu)
    • date: setMonth(1) when setDay(31) previously was setting to march (#4094, rep by nam)
    • admin: add isJniEnabled() property to the Port MBean (#4088, rep by skippopotamus)
    • servlet: allow cookies with space values (#3897, rep by ykim)
    • cluster: triad warning when triad servers are on same machine (#4177)
    • webapp: web-app deployment with invalid root-directory needs warning (#4207)
    • database: logging adds ".d0", ".d1" to show round-robin (#4222, rep by Anthony Balandran)
    • init.d: change init.d/resin to log startup to /var/log/resin/console.log (#4223, rep by Raul Luna)
    • i18n: changed MacRoman file.encoding to default to utf-8 (#4180)
    • url: invalid utf-8 character parses to %xfffd (#4183, rep by cjohn)
    • comet: add suspend-reaper-timeout to port configuration (#4249, rep by baoqinye)
    • startup: Resin started message changed to log at INFO level (#4135, rep by briandeng)
    • database: check isClosed() on connection reuse to avoid dead connections (#4231)
    • log: rollover needs dedicated alarm for proper timeout (#4234, rep by mros2stf)
    • watchdog: relative -root-directory was applying the relative path twice (#4198)
    • servlet: getResource("/") was returning a URL for the directory incorrectly (#4301, rep by mate)
    • watchdog: Resin child needs -Xrs on windows (#4308, rep by robin dun)
    • deploy: web-app start needs to synchronize on getDeployInstance (#4342, rep by Jamison Novak)
    • session: session cache needs to use createIfAbsent to avoid timing issues (#4340, rep by Jamison Novak)
    • access-log: AbstractRolloverLog needs dedicated rollover alarm (#4321, rep by mros2stf)
    • access-log: content-length improperly calculated for chunked (#4317, rep by Martin Thompson)
    • rewrite: added AddHeader to add cookies (#4326, rep by C. Stokes)
    • jni: npe check for nativeWrite (#4323, rep by Prabhu)
    • watchdog: check that watchdog-manager.log can be written before starting (#4333)
    • cloud: errors for messages which cannot connect log the destination for debugging (#4315, rep by Cameron Stokes)
    • proxy-cache: 304 returned for proxy cache (#4239, rep by Jamison Novak)
    • proxy-cache: pdf/range using improper recursive call (#4334 rep by C. Fernandez)
    • embed: add setAsyncSupported to ServletEmbed (#4332, rep by Michael Barker)
    • resin: LoadBalance inside <web-app> needs to pass along context-path (#4304, rep by Kenneth Yeung)

    Resin 4.0.14



    Web Profile TCK

    • EL - pass
    • EJB - 1 fail (timing, possible TCK bug)
    • JPA - pass
    • JSF - pass
    • JSP - pass
    • JSR-299 (CDI) - 1 fail (disputed TCK test)
    • JSR-330 (javax.inject) - pass
    • JSTL - 1 fail (ordering issue with map, possible TCK bug)
    • JTA - pass* (*JTA TCK includes CORBA tests which aren't required by WebProfile)
    • Servlet - pass

    Resin Eclipse plugin update

    The Resin eclipse plugin has been updated at

    WebSocket API Update

    We've updated the WebSocket API based on changes to the draft IETF specification, available in com.caucho.websocket.*. Since the specification itself is moving very slowly (but in incompatible ways), Resin's WebSockets can only be used with its own WebSocket client.

    BAM Update

    BAM has been updated to a cleaner Broker-Actor-Mailbox model, more closely matching traditional Actor APIs.

    Comet/Async Updates

    The Comet/Async networking code has been reworked, fixing some callback timing behavior with complete() calls.

    Change List

    • resin: CLI added deploy, undeploy, list, start-webapp, stop-webapp, restar-webapp commands (#4316, rep by Patrick Brigger)
    • cache: use cursor to update data timeouts
    • heartbeat: server connections need to depend on heartbeat only
    • access-log: off-by-one issue with access log rollover causing missed 1D (rep by Steve Francis)
    • thread: if Thread cannot be instantiated, restart Resin (rep by B Hafezi)
    • quercus: SimpleXMLElement needs a __count function (#4318, rep by Homayoun Zariv)
    • quercus: list($a) = each($this->foo) was not compiled properly (#4319, rep by Akara Sucharitakul)
    • quercus: add array_replace, array_replace_recursive (#4312, rep by Homayoun Zariv)
    • quercus: simplexml_load_file not working properly with http: (#4311, rep by Akara Sucharitakul)
    • cdi: InjectManager.resolveAllBeans with incorrect synchronization (rep by Wesley Wu)
    • security: FormLogin persistence/session issues (#4299, rep by Jamison Novak)
    • jsp-el: parsing confusion with "0#${foo}" (#4190, rep by olaf2010)
    • rewrite: host-level rewrite issues with access-log (#4198)
    • distribution: slf4j.jar removed from resin/lib (#4271, rep by Nicolai Steven)
    • servlet: setHeader("Content-Length", "12;") was throwing an exception (#4210, rep by mkjang)
    • servlet: getOutputStream was not allowed after flushBuffer (#4289, rep by vbavin)
    • db-pool: increased default DB create count to 20 (#4252, rep by Wesley Wu)
    • hessian: change HessianServlet to extend HttpServlet (#4193, rep by voodude)
    • cookie: change <http-only> to apply only to the session cookie (#4217, rep by gzhu)
    • thread: priority thread queue fixes (#4228, #4291, rep by Jamison Novak)
    • thread: refactor ThreadLauncher to use AbstractTaskWorker
    • cdi: error with @Produces method with generic result and @Named (#4265, rep by jharting)
    • cdi: allow <resin:FileQueue> to be assigned to BlockingQueue<MyItem> (#4067, rep by Jeff Schnitzer)
    • jsp: cross-context forward classloader/.tld not updating (#4284, rep by Brian Deng)
    • ejb: generic interface issues MyBean implements Foo<String> (#4266, rep by jharting)
    • servlet: cross context forward classloader not properly updated (#4248, rep by jessicay)

    Resin 4.0.13



    Resin 4.0.13

    Resin 4.0.13 finishes the first pass over the EJB TCK. Because of regression work (particularly with CDI regressions related to the EJB TCK work), the complete Web Profile pass will be the main focus of 4.0.14.

    Change List

    • hessian: java.sql.Timestamp deserialization NPE (#4286, rep by Matt Poirier and Shawn Frederickson)
    • servlet: url-mapping="" was not handled properly (#4283, rep by Peter Yuill)
    • welcome-file: use 301 instead of 302 (#4212, rep by jkowall)
    • conf: sample resin.xml no longer uses www-data user-name (#4220, rep by Arthur Naylor)
    • ejb: EjbInjectionTarget ordering (#4057, rep by Jeff Schnitzer)
    • file servlet: 404 should take precedence over OPTIONS (#4218, rep by stbu)
    • conf: server-default not configured property (#4251, rep by snw)
    • jsp: fragment/attribute issues with jsp (#4258, rep by nfederov)
    • rewrite: convert recursion to iteration to handle many rewrite rules (#4272, rep by Nick Pilch)
    • cdi: @Alternatives processing ordering issues rep by (Wesley Wu)

    Resin 4.0.12



    Resin 4.0.12

    Resin 4.0.12 is a bug fix release.

    • Fixes to remote deployment and .git for performance and stability.
    • Database pool refactoring for monitoring and overflow conditions.
    • Database pool refactoring for ping updates
    • Persistent logging updated for administration
    • XA detach pooling from user transaction
    • HTTP Proxy Cache fixes for deployment and restart

    Change List

    • dist: cr-nl issue on windows for .git commit (#4241, rep by James Gittelson)
    • session: serialization issues with classloader and timeout (#4254, rep by Steven Nicholai)
    • dbpool: ping on connection/statement errors instead of discarding
    • health: add ConnectionPoolHealthCheck
    • watchdog: "stop" should shutdown the watchdog manager if the last server is stopped
    • health: log HealthCheck warnings and failures
    • host: allow id=":8081" for /resin-admin as virtual host
    • dbpool: ping now only occurs after an error
    • xa: detach JCA pooling from UserTransaction
    • xa: add meters, JMX and HealthCheck for transaction manager
    • resin: access.log rotation into zip archive fixes (#4216)
    • dist: war files with many entries cause recursive overflow (rep by Steve Francis, #4236)

    Resin 4.0.11



    Resin 4.0.11 Overview

    Remote deployment has been revised and improved to increase reliability and improve clustering performance.

    Deployment of .war files is now integrated with remote deployment so Resin now uses one unified mechanism. Checking of .war versions is now available across the cluster in the webapps tab.

    Remote deployment is now available in /resin-admin, from the command-line, and from ant. Remote deployment in /resin-admin is in the web-apps tab.

    The HealthCheck is now integrated with JMX and with the statistics generation. The HealthCheck is now displayed in /resin-admin in the health tab.

    The Heartbeat timings have been improved. The current heartbeat status is now available in /resin-admin in the health tab.

    The /resin-admin Thread dump has been revised, adding locking information from the JDK 6 thread dump.

    Locking groups of the thread dump are now displayed in the lock tab of the thread dump.

    The postmortem tab in the /resin-admin now includes statistics on the health services.

    The CPU profile and heap dump tabs now have pie charts to better display the total memory use.

    The Graphs tab of /resin-admin has been revised to dynamically update the graph based on the meter choices.

    The Graphs tab now included new display modes to improve cross-cluster graph displays.

    Change List

    • hessian: XSS protection against bogus message (rep by Dan Cornell)
    • servlet: CauchoResponseWrapper shouldn't assume wrapping CauchoResponse (#4206)
    • class-loader: getProtectionDomain() should return the file:... for the jar object, not the jar contents (#4194)
    • resin-admin: JMX display has been reorganized and domains split into tabs
    • resin-admin: graph generation has been updated
    • resin-admin: thread page now includes locking tab giving blocking threads and their lockers.
    • resin-admin: thread page includes locking information in stack trace.
    • resin-admin: webapp page now includes deployment version validation.
    • health: HealthCheck added to JMX
    • health: JvmDeadlock and Memory checks were not being added to the Health check.

    Resin 4.0.10



    Resin 4.0.10 Overview

    Resin 4.0.10 is a stability/bug fix release.

    There is an important Alarm fix where the Resin timers could be frozen, causing sessions to not expire and <ping> timers to not fire .

    WebServiceContext is now available for CXF as an @Inject or a @Resource, when deploying a CXF WebService through the servlet interface.

    The ping capabilities have been generalized and refactored into a general health service that checks the Resin health every 60 seconds.

    Resin exits and restarts are now logged with more information, giving the reason in both the watchdog and jvm logs.

    ResinEmbed how has a setRootDirectory and the WebAppEmbed has a setArchivePath to match the <root-directory> and <archive-path> tags in the resin.xml.

    JPA: eclipselink properties for Resin JTA were not properly set when eclipselink was discovered using scanning.

    Change List

    • candi: _namedBeanMap is active and needs to be a ConcurrentHashMap (rep by Wesley Wu)
    • hessian: for HessianServlet, do not attempt to find implicit API (#4168, rep by Riccardo Cohen)
    • remote: add cxt to artifacts (#4314, rep by Riccardo Cohen)
    • remote: cxt needs to have WebServiceContext (#4314, rep by Riccardo Cohen)
    • remote: @HessianRemote as servlet was instantiating two instances (#4175, rep by Jeff Schnitzer)
    • embed: ResinBeanContainer verified to work with XA and Database (#4160, rep by Michael Barker)
    • proxy-cache: proxy-cache requiring Pro warning was being shown even when proxy-cache was available (#4173)
    • admin: jmx-service, log-service in the old <management> allowed for open source (#4172)
    • database/xa: distinct <database> should be distinct Resource Managers (#4176, rep by Takahiro Fukuda)
    • cluster: removed <machine> tag as obsolete
    • load-balance: fixes to weight and warmup
    • load-balance: created LoadBalanceService for testability
    • watchdog: added logging of Resin exit codes on detected shutdown
    • system: added ShutdownService to centralize Resin shutdown
    • system: added WarningService to send Resin messages to the watchdog
    • embed: add ResinEmbed.setRootDirectory and WebAppEmbed.setArchivePath (rep by Danny Yates)
    • resin-admin: jmx hide & show acted on wrong detail boxes. (#4145, Rep by Jamison Novak)
    • jpa: eclipselink properties for Resin JTA not set when eclipselink found by scanning (#4167, rep by Riccardo Cohen)
    • thread: alarm locking issue (rep by Wesley Wu, Jan Kriesten)
    • win: fixed dll loading issue (#4159), rep hans
    • servlet: fixed cross context include issue (#4117), rep Brian Deng
    • servlet: fixed getInputStream issue for String params with Servlet3.0 Part (#4153), rep by Wesley Wu
    • servlet: remove <multipart-form> from app-default.xml (#4102, rep by Brian Deng)
    • file: range parsing issue with firefox and FileServlet (#4149, rep by Fred Howell)

    Resin 4.0.9



    Resin 4.0.9 Overview

    Resin 4.0.9 is a stability/bug fix release.

    The ThreadPool has been reworked to replace synchronization with atomic variables.

    The distributed cache/session backing-store has been revamped to replace its locking system and replace synchronization with atomic variables.

    Network startup has been broken into systems to simplify startup order and improve testability.

    Change List

    • remoting: add userName and password to HessianClient (#4130, rep by Jeff Schnitzer)
    • build: missing eclipselink in build (rep by Bill Au)
    • alarm: updates for atomic refactor causing cpu-spin (rep by Jeff Schnitzer)
    • watchdog: set log rollover size to 64m (rep by Scott Croco)
    • candi: ioc/timing issue with EL configuration and custom beans (#4131, rep by Jeff Schnitzer)
    • (2010-07-20) cloud: refactor triad messaging into BamTriadServer in cloud.bam for consistency across cloud services
    • cloud: refactor heartbeat into cloud.heartbeat and increase service priority
    • network: refactor hmtp/cloud client pool from cluster into cloud.bam
    • network: refactor network listener from Server into
    • network: refactor cluster listener from Server into
    • resin: refactor Resin/Server main to use ResinSystem
    • database: locking/sync rework to use atomic references when possible
    • database: locking/sync rework to use JDK's locking
    • candi: CDI session destroy must be after other session listeners (#4901, rep by sweigersf)
    • thread: Thread/ThreadWorker rework to use atomic references where possible
    • thread: Thread/ThreadWorker sync issues (#3960, rep by rmann)
    • LogService: add pooled connection (#4096, rep by Brian Deng)
    • watchdog: added <resin-system-auth-key> for watchdog authentication (#4113)
    • dist-session: performance/locking work for DB stability and perf (#4089, #4093, rep by Skippopotamus)
    • database: createSQLXML filter implemented (#4092, rep by alex)
    • server: utf-8 encoding issues in ServletResponse (#4101, #4106, rep by jkriesten, Kaj Hejer)

    Resin 4.0.8



    Resin 4.0.8 Overview

    Resin 4.0.8 has completed the CDI implementation for the JavaEE Web Profile

    The current list of completed Web Profile components is:

    • Servlet
    • JSP
    • CDI

    Change List

    • servlet: added support for MockHttpServletRequest and MockHttpServletResponse: (#4073)
    • configure: fix for bad libtool message: (#4048)
    • resin: fixed startup routine for directory with spaces issue: (#4021)
    • resin-admin: fixed IllegalStateExceptionwith with readonly conf/admin-users.xml.generated (#4055)
    • servlet: fixed NPE with MultipartConfig caching bug (#4051, rep by subwiz)

    Resin 4.0.7



    Resin 4.0.7 Overview

    Resin 4.0.7 is an interim CDI/EJB and bug fix release; the following release 4.0.8 is planned to be the full CDI TCK completion. People using CDI/EJB heavily may want to wait for the 4.0.8 release.

    Resin 4.0.7 adds resin:IfMBeanEnabled and resin:MovedPermanently to the rewrite rules.

    Change List

    • iis: fixed bug preventing iis from serving web-apps defined with web-app tag (#3890)
    • iis: allow IIS to choose when to use chunked encoding (#3871)
    • iis: 64 bit IIS Handler build provided (#3846)
    • iis: fixed aberrant behaviour of servlets with IIS7 (#2694, rep by mitch)
    • iis: fixed bug preventing iis plugin from sending data larger 20kb(#3178, rep gert)
    • iis: fixed bug preventing static content from being served by the plugin(#3889)
    • iis: fixed bug was preventing use of virtual hosts with ports in IIS + Resin setup(#3951)
    • init.d: added "status" to init.d/resin (#3841, rep by Matt Pangaro)
    • init.d: test for log_daemon_msg directly (#3932, #4012)
    • proxy-cache: no longer disable cache on exception (#3957, rep by Dave Hintemeyer)
    • rewrite: add <resin:IfMBeanEnabled> (#4042, rep by stbu)
    • rewrite: add <resin:MovedPermanently> (#4023)
    • ssl: jsse doesn't understand Socket.shutdownOutput (#4030, rep by Martin Morawetz)
    • jpa: Persistence.getPersistenceUtil() (#4038, rep by Kaj Hejer)
    • hmux: Thread.dumpStack() in HMUX with JSP data after sendRedirect (#4025, rep by vicsanca)
    • http: catch ClientDisconnectException during finish/skip (#4029, rep by iRideSnow)
    • network: keepalive-timeout was incorrectly applied to initial read (#4001, rep by Jamie Novak)
    • quercus: WWW-Authenticate does not work (#4000, rep by hm2k)
    • quercus: NullPointerException in Alarm (after Glassfish redeploy) (#3711, rep by ashamash)
    • quercus: quercus-4.0.6.war incorrect version reporting (#4033)
    • quercus: date_format() does not use user-set default time zone (#4034, rep by sblommers)
    • quercus: report as php 5.2.1 (#3916, rep by derickso)
    • quercus: parse_ini_file does not replace PHP Constants (#3878, rep by ice-breaker)
    • quercus: PHP clone object is ignored? (#3607, rep by sblommers)
    • quercus: error_display in php.ini (#4037, rep by wml)
    • quercus: java.lang.NullPointerException on drupal admin/user/permissions (#4020, #4035, rep by alberto, sblommers)
    • quercus: is_executable is broken (#3979, rep by domdorn)
    • quercus: Wordpress MU Settings link causes exception (#3918, rep by chiefgeek)

    Resin 4.0.6



    Resin 4.0.6 Overview

    • ipv6 support
    • <class-loader> config changes
    • documentation reorganization

    JavaEE 6 Web Profile TCK progress

    • passes Servlet TCK for JavaEE 6
    • passes JSP TCK for JavaEE 6

    class-loader config changes

    The <class-loader> configuration behavior was previously confusing, and has been updated. Now, class loaders add added in the order they are defined in the resin.xml, and their search order is the same as the resin.xml order.

    To change the priority, you can use the <prologue> tag to force evaluation in the <prologue> pass. This will cause your classloader to be defined before any classloader in the standard pass.

    documentation reorganization

    The documentation has been reorganized to split the reference (basically tags) from the explanatory section.

    Change List

    • openssl: crypto threading issues with CRYPTO_set_locking_callback (#3531, #3740, rep by Benjamin Loy, bryan)
    • jni: socket accept/close changes to avoid fd leak (#3960, rep by rmann)
    • jsp: jsp:param in jsp:include must encode '%' (#3976, rep by Aaron Freeman)
    • servlet: escape status message for default error page (#3781, rep by Bill Au)
    • class-loader: changed override order to match config order (#3773, rep by cyttesen)
    • servlet: add cookie-domain-regexp to <session-config> (#3865, rep by Matt Sporleder)
    • watchdog: add <jvm-arg-line> as shortcut for <jvm-arg> (#3940, rep by Bill Au)
    • log: print timestamp only for first item for multiline (#3229, rep by Jamison Novak)
    • log: remove excess synchronization for log period calculation (#3814, rep by zenant)
    • log: change date calculating to use TimeZone.getOffset(time) (#3853, rep by Jamison Novak)
    • cdi: allow circular XML/EL definition of beans (#3954, rep by Hontvari Jozsef)
    • classloader: avoid class loader deadlocks on ClassEntry (#3848, rep by zenant)
    • jni: LD_LIBRARY_PATH handling moved from Watchdog to SystemClassLoader
    • servlet: micro-second logging not properly matching start time (#3935, rep by mocospace)
    • jsp: jsp:forward issues with buffer="10k" (#3922, rep by Danny Mann)
    • jsp: SimpleTag parents not properly managed with fragments (#3953, rep by Jamison Novak)
    • jni: readNative was not properly handling SO_RCVTIMEO (#3941, rep by Vinod Mehra)
    • configure: --enable-64bit needs to enable both JNI and plugin (#3968, rep by Bill Au)
    • cdi: ProcessInjectionTarget.getAnnotatedType() was returning null (#3967, rep by jharting)
    • ejb: ejb-ref partial support added (rep by 3964, rep by Matthew Brew)
    • jsp: x:forEach was not properly setting isFirst and isLast (#3752, rep by biku)
    • rewrite: IfNetwork now supports IPv6 (#3903)
    • ejb: ejb-server should no longer be required (rep by smallufo)
    • network: IPv6 support (#3924, rep by webapps)

    Resin 4.0.5



    Resin 4.0.5 Overview

    • JSP for JavaEE 6 Web Profile passes TCK
    • Hibernate second level cache
    • @TransactionScoped
    • Windows setup.exe/resin.exe refactor
    • java.util.logging Handler integration with CDI
    • distributed session store bugs

    JavaEE 6 Web Profile TCK progress

    4.0.5 now passes the JSP TCK of the Web Profile, joining the Servlet TCK passed in 4.0.4.

    Hibernate Second Level Cache

    <persistence version="1.0" xmlns="">
      <persistence-unit name="test">
          <property name="hibernate.cache.use_second_level_cache"
          <property name="hibernate.cache.provider_class"


    Resin's CDI now supports @com.caucho.config.TransactionScoped, which gives your beans a lifecycle exactly matching a transaction.

    CDI and logging integration

    Custom java.util logging handlers can now be configured by CDI.

    <resin xmlns=""
      <logger name="" level="fine">
        <logging:SocketHandler host="my-host" port="8000"/>

    Change List

    • mod_caucho: read timeout needs to repeat only on EINTR
    • setup.exe: added GUI capability to install and remove Resin Services
    • resin.exe: moved service installation commands (-install, -install-as, -remove, -remove-as) to setup.exe
    • jsp: the implementation produced successful results with the latest JSP TCK V2.1b
    • servlet: check isSecure() for NPE on close (#3938, rep by mocospace)
    • jsp: check for *.jsf servlet causes NPE (#3937, rep by tangxj)
    • servlet: welcome-file-list changes with *.jsf
    • cloud: cluster single-signon no longer enabled automatically
    • cloud: cluster store database stress test fixes (#3895, rep by smallufo)
    • cloud: cluster store database was not properly handling QueryContext (#3850, rep by mocospace)
    • watchdog: permissions issues with ports and log files (rep by Jamison Novak)
    • admin: added HealthJvmDeadlock in (#3912, rep by Jamison Novak, #3912)
    • admin: refactored Sample and Probe to com.caucho.env.sample
    • hessian: writeReplace should be allowed to return itself (rep by Jamison Novak, #3911)

    Resin 4.0.4



    Resin 4.0.4 Overview

    • Pass Servlet 3.0 TCK for JavaEE 6 web profile
    • com.caucho.resin.ResinBeanContainer for embedded Resin use
    • com.caucho.junit.ResinJUnitRunner for embedded junit use
    • Quercus support for PHP 5.3 Namespaces
    • Quercus support for PHP 5.3 Closures

    Resin 4.0.x is the active development branch.

    Servlet 3.0 TCK for Web Profile

    Passing the Servlet 3.0 TCK in 4.0.4 is the first step for Resin to complete the JavaEE-6 Web Profile. The web profile is our primary focus for the next few months. It's the "good bits" of JavaEE-6: all the specifications aimed at developing web applications without the legacy enterprise requirements like CORBA that only specialized applications use.

    Our plan is to continue passing new TCKs for each of the next few 4.0.x releases until we are done with the web profile.

    Embedded ResinContext

    The new embedded ResinContext lets you use Resin's CanDI and EJB environment in a non-Resin context like a JUnit test or even in a standalone application.

    The simplest use of Resin context scans for *.jar files with CanDI beans.xml or EJB ejb-jar.xml files and lets you start a CanDI request scope.

    Embedded Requests

    Example: ResinBeanContainer
    import com.caucho.resin.*;
    public class MyMain {
      static void main(String []argv)
        ResinBeanContainer resinContext = new ResinBeanContainer();
        // scan classpath and initialize @Startup beans
        // start a new request
        RequestContext cxt = resinContext.beginRequest();
        try {
          MyBean bean = cxt.newInstance(MyBean.class);
        } finally {

    Configuring beans

    You can configure the beans XML using the same environment tags as are available to the resin.xml and resin-web.xml like <mypkg:MyBean> for CanDI, <database> for databases, and <resin:import> to include files.

    Example: beans.xml
    <beans xmlns=""
      <mypkg:MyBean xmlns="urn:java:com.mycom.mypkg">
      <database name="my-db">
        <driver type="..." url="..."/>


    The ResinBeanContainer has an associated JUnit @RunWith runner, letting you create JUnit tests for your model code in Resin's CDI environment.

    Example: test junit
    package qa;
    import org.junit.*;
    import org.junit.runner.RunWith;
    import static org.junit.Assert.*;
    import com.caucho.junit.ResinBeanContainerRunner;
    import javax.inject.*;
    public class MyTest {
      @Inject MyBean _myBean;
      @Test public void simpleTest()
        assertTrue(_myBean != null);

    PHP 5.3 Namespaces and Closures

    Quercus in 4.0.4 has implemented the namespaces and closures capabilities of PHP 5.3. Namespaces finally give PHP the ability to isolate functions and classes with unique names.

    Closures add functional programming capabilities to PHP, giving power to more powerful event-driven frameworks.

    In addition to the major language changes, Quercus has completed its support for variable class methods and late static binding, both features are used in new-generation PHP frameworks to improve templating power and clarity.

    Change List

    • jni: improved error messages
    • hessian: custom deserializer (#3632, rep by era)
    • configure: check for cp -u (#3888, rep by Kaminsky, Leonid)
    • configure: standardize default resin root, conf, and log directories
    • web-app: web-app deploy with archive-and root-directory was not propery set (#3887, #3873, rep by chiefgeen)
    • cdi: @ServiceType (@HessianService) was removing the bean from CDI (#3852, rep by Scott Hernandez)
    • javac: external javac was busy-looping on the output causing heavy load (#3847, rep by mocospace)
    • session: persistent sessions were not properly timed out (#3872, rep by chiefgeek)
    • jpa 2.0: add com.caucho.env.jpa.DisabledPersistenceProvider (#3760, rep by Georg Busch Bech)
    • jpa 2.0: api and CanDI integration
    • ioc: issues with circular references (#3886, rep by Hontvari Jozsef)
    • ioc: issues with CDI "diamond" creation (#3863, rep by Wesley Wu)
    • jsp: TeamCity JSP related fixes (#3115)
    • (2010-02-10) proxy-cache: missing write Lock on cache deallocation (#3885, rep by KovIS)
    • logging: Logger.getHandlers() must return empty array instead of null (#3882, rep by Knut Forkalsrud)
    • load-balance: setting of isSecure was not properly cleared (rep by Matt Pangaro)
    • boot: check for Java 1.6 or later before start (#3862, rep by Tom Howard)
    • ejb: MessageDriven updated to understand ConnectionFactoryJndiName
    • mod_caucho: backup needs to hash the entire cookie for the new clustering (#3877)
    • quercus: remove java_bean and java_lookup Resin dependencies (rep by domdom)
    • junit: add com.caucho.junit.ResinJUnitRunner for junit
    • embed: add com.caucho.resin.ResinContext for non-server embedding, e.g. testing.
    • javaee: refactor @PersistenceContext, @PersistenceUnit, @Resource (#3708, rep by Wesley)
    • deploy: git-expand needs to setLastModified of created files to consistent time (#3839, rep by Matt Pangaro)
    • watchdog: "status" returns watchdog-pid (#3768, rep by cyttesen)
    • watchdog: "status" queries Resin using HMTP/BAM for pid (#3768, rep by cyttesen)
    • watchdog: jvm-args are first in command-line to help 'ps' control (#3759, rep by Nathan Bardsley)
    • javac: use file.encoding as default encoding (#3719, rep by Shinomiya Nobuaki)
    • ejb: update EJBException serialization (#3779, rep by C Yttesen)
    • config: ${cluster} regression failure (#3842, rep by Jamie Novak)
    • database-pool: connection timing issues with multiple request (#3837, #3779, rep by Bryant Harris)

    Resin 4.0.3



    This is a maintenance release.

    Change List

    • mod_caucho: post/ack cleanup
    • hessian: allow custom URL connector with HessianProxy
    • hessian: avoid NPE on protocol corruption error (#3777, rep by Riccardo Cohen)
    • hessian: patch for GAE compatibility (rep by Jeff Schnitzer)
    • server: FileServlet handling of broken browser range requests (#3766, rep by Knut Forkalsrud)
    • cluster: hmux idle timeouts not properly handled (#3812, rep by Wesley Wu)
    • watchdog: race condition in log stream closing (#3807, rep by jnovak)
    • server: add logging to track down TempBuffer issues (#3807, rep by jnovak)
    • hessian: add UnsafeSerializer and deserializer
    • ejb: @SessionPool to configure maxIdle and maxConcurrent (#3739, rep by Jeff Schnitzer)
    • ejb: @PostConstruct not called on @Stateless (#3798, rep by voodude)
    • hessian: HessianProxyFactory needs to consistently use the ClassLoader instead of Thread.contextClassLoader() (#2860, rep by jghallen)
    • hessian: deserializer construct w/o calling constructors (#3357, rep by oehmiche)
    • hessian: reading of InputStream as object not properly dispatched (#3634, rep by mate)
    • hessian: string/binary encoding problems with 0x30-0x37 (#3690, rep by Adam Bryzak)
    • hessian: HessianSkeleton.createDebugPrintWriter created to allow debug override (#3646, rep by Peter Dettman)
    • hessian: add HessianProxyFactory.setConnectTimeout (#3658, rep by Patrik Stymne)
    • hessian: EnumSet deserialization (#3663, rep by danwatt)
    • server: hmux post/forward issues (#3793, rep by Jamison Novak and Wesley Wu)
    • server: hmux load balancer with incorrect protocol for short-response post (#3790, rep by Wesley Wu)

    Resin 4.0.2



    Resin 4.0.2 Overview

    The focus of Resin 4.0.2 development was the following:

    • CanDI updates to match changes to the JSR-299 and JSR-330 specifications.
    • Servlet 3.0 early access updates
    • Continued EJB Lite development
    • Clustered/Cloud .war deployment enhancements, including staging, versioning, and ant/maven tasks.
    • Regression (QA) cleanup and stress test work to bring Resin 4.0.2 up to a production level.
    • WebSocket, HMTP and JMTP support.
    • JMS clustered singleton queue and clustered topics
    • /resin-admin support for REST-based management tools such as nagios.
    • Enhanced /resin-admin monitoring to better illustrate the server status.
    • HTTP Proxy and FastCGI load balancing with failover.
    • Eclipse plugin enhancements.

    Resin 4.0.x is the active development branch.

    Servlet 3.0 Early Access

    Resin 4.0.2 continues work on the Servlet 3.0 draft specification as an early access release.

    Java Injection (JSR-299, JSR-330, CanDI)

    The Java Injection specification has changed significantly between 4.0.1 and 4.0.2. Resin now supports the JSR-330 annotations for Java Injection.

    The main changes are repackaging and renaming of the key injection annotations to match JSR-299. The Java Injection Tutorial has been updated for the new injections.

    Clustered JMS Queues and Topics

    Resin's clustering now includes support for clustered queues and topics. The primary clustered queue is a singleton queue with failover. The clustered topics notify all servers in a cluster pod.


    We've added /resin-admin features to improve visibility to the server, development and debugging, and adminstration.

    The "summary" tab now includes statistical gathered as the server is running including request counts, request times, CPU time, netstat reports, and database activity.

    A "postmortem" tab helps debugging of a server crash by displaying the server state at the time just before a restart.

    Customized statistics gathering based on JMX is now available through the <jmx> and <jmx-delta> tags of the <resin:StatManager> service.

    Customizable REST pages are now available through /resin-admin using PHP to script the gathered data. The REST capability is intended for integration with administration tools like Nagios.

    Distributed Deployment

    Distributed deployment has been enhanced with staging and versioning capabilities, and integrated with the development flow with ant and maven tasks.

    A new application version can be deployed with the following process:

    1. Upload the .war contents transactionally to the server (but not activated yet)
    2. Deploy and test a "staging" version on a single machine.
    3. Activate the .war for the production servers.

    Quercus: Availability on other Application Servers

    Quercus development in 4.0.2 has focused on bugs fixes and QA regression cleanup.

    WebSocket, HMTP, and JMTP support

    Resin 4.0.2 now includes support for the HTML 5 WebSocket protocol, which is a fully-bidirectional TCP connection established using HTTP handshaking, allowing for true interactive applications with HTML 5 browsers.

    On top of WebSockets, we've created JMTP and HMTP as a programmable messaging layer. JMTP (JSON Message Transport Prototocol) and HMTP (Hessian Message Transport Protocol) provide general messaging, RPC, and publish/subscribe capabilities in a clean, simple interface.

    Change List

    • resin-admin: fixed cluster page not loading graphs (#3805)
    • resin-admin: fixed pages does not respond to changing "Server:" error (#3806)
    • resin-admin: fixed jmx page exception on Mac OSX 10.6.2 (#3782)
    • resin.exe: fixed timeout issue when stopping resin(#3762)
    • resin: max-uri-length configuration tag introduced to set limit on URIs served by Resin. Default is 1024.
    • ubuntu: missing LSB information (#3720, rep by floating world)
    • jsp: findAncestorWithClass() fails with tags nested in a tag file(#3436, rep by paru)
    • security: add LoginList to allow both form and basic for /resin-admin REST (rep by Martin Thompson)
    • admin: add /resin-admin/rest.php?q=mod_status to duplicate Apache's REST interface (#3730, rep by Martin Thompson)
    • jsp: Faulty code generated for tag files with scriptlets (#3699, rep by daniel_larsson)
    • async: poll socket periodically to test for client exit (#3294, rep by Caleb Richardson)
    • (2009-10-28): BeanELResolver IllegalAccessException (#3727, rep on behalf of Kenneth Yeung)
    • (2009-10-22) encoding: JSP response character encoding can be specified at jsp group property level
    • (2009-10-12) encoding: default encoding is now set by file.encoding and defaults to utf-8 if no file.encoding exists
    • watchdog: add watchdog-log configuration (#3566, rep by Pedre Neves)
    • comet: wrapped request needs to work with comet (#3665, rep by Fiaz Hossain)
    • config: relaxng forbid duplicate rules (#3595, rep by hmh)
    • ssi: add basic SSI conditionals (#3534, rep by fly-away)
    • jpa: issue with @ManyToOne and MappedSuperclass (#3335, rep by rdhauwe)
    • vfs: paths with spaces in them caused trouble with class scanning and enhancement (#3574, rep by N. Shannon)
    • servlet: sendRedirect in filter with artifactory (#3416, rep by Jan Kriesten)
    • xml: XMLStream parsing for atlassian (#3651)
    • session: add cookie-use-context-path and cookie-path
    • loader: handle duplicate class definition errors (#3673, rep by Jamison Novak)
    • config: add ${server.address} and ${server.port} (#3671, rep by Ken Roach)
    • jsp: StaticMethodExpr needs serialization fix (#3677, rep by boris_kovalenko)
    • jsp: jsp:attribute in tag file (#3228, rep by jens)
    • log: update AbstractRolloverLog to eliminate long archive block (#3650, rep by Patrik Stymne)
    • candi: scope adapter left in debugging (#3675, rep by hontvari)
    • database: _idlePool and _pool must be synchronized together (#3660, rep by Shinomiya Nobuaki)
    • database: cleanup connection idle pooling (#3052)
    • admin: add database "Query Time" statistics (#3397, rep by Bryant Harris)
    • admin: add "database" tab to admin and improve configuration visibility (rep by Bill Au)
    • admin: add DatabaseMXBean and add getUrl() (#3664, rep by Bill Au)
    • configure: MacOS-X was not properly detecting JVMTI for profile (#3000, rep by Bryant Harris)
    • jsp: add CodeSigner for JSP class loader (#3657, rep by Kai Virkki)
    • http-proxy: enable load-balancing (#3068, rep by Zeke)
    • deploy: -preview now detaches server from load balancing (#3345)
    • ejb: session beans were not initialized in correct context (#3603, rep by Matthew Brew)
    • session: add "java" as a session serialization type (#3648, rep by Mattias Jiderhamn)
    • servlet: allow-forward-after-flush allows forward after response has been commited (feature) (#3580, rep by andrewm)
    • admin: add ping-url for server-independent ping testing (#3605, rep by John Bowen)
    • security: ClusterSingleSignon in cluster and host (#3467, rep by Scott Hernandez)
    • ejb: TimerService needs to be injectalbe (#3572)
    • ejb: ear scanning issues (#3583)
    • ejb: .ear manifest with class-path prevented detection of ejbs (#3601, rep by mbrew)
    • vfs: ReadStream.skip incorrectly updated index with negative skip (#3542, rep by Jamison Novak)
    • embed: add resetLogManager() and call it by default in ResinEmbed (#3530, rep by Daniel Lopez)
    • jpa: EntityManager.getDelegate() needs to create delegate if none exists (#3537, rep by voodude)
    • embed/maven: ResinEmbed.initializeEnvironment() must start JNDI (#3486, rep by Jan Kriesten)
    • admin: -agentlib:resin start cleanup (#3118 rep by bubek)
    • vfs: NotFoundPath (error:) needs to be able to lookup absolute paths (#3628, #3475, rep by kvirkki)
    • jsp: Jspc ant/maven task needs to disable resource-ref validation (#3577, rep by Boris Goykhman)
    • jpa: registration of EntityManagerFactory incorrect (#3429, rep by Scott Hernandez)
    • jpa: registration of PersistenceContext incorrect (#3622, rep by Jeff Schnitzer)
    • server: QDate isLeapYear using _year field instead of argument (#3512, rep by damaan)
    • amber: query maxResults issues (#3424, rep by Riccardo Cohen)
    • web-app: check error case where root-directory with .war expansion is same as root (#3535, rep by voodude)
    • security: request and SecurityContext isUserInRole share implementation (#3501, rep by skot)
    • cron: use getCurrentTime() consistently for Alarm (#3548, rep by mkenney)
    • ping: add freeze-timeout to PingThread configuration (#3592, rep by C. Karantzas)
    • mod_caucho: use load-balance-connect-timeout for mod_caucho (#3642)
    • xa: _transactionList rollback needs to be outside of synchronized (#3571, rep by jacky)
    • jni: user-name fix with 64-bit start (#3521, rep by norlab)
    • eclipse: server wizard cleanup and enhancement
    • eclipse: spaces in path (#3589, rep by Michael Ludwig)
    • eclipse: respect http port (#3502, rep by Michael Ludwig)
    • eclipse: invalid chars in hot deploy (#3503, rep by Michael Ludwig)
    • eclipse: deploy from temp directory (#3515, req by Yujin Kim)
    • eclipse: breakpoints (#3484, rep by Doug and sblommers)
    • embed: EmbedPort getLocalPort() returns ephemeral port (#3567, rep by zed)
    • xml: XMLStreamReaderImpl on bad input (#2989, rep by Bill Au)
    • servlet: footer/md5 HTTP handling (#3044, rep by Eric Bowman)
    • thread: ThreadPool cleanup (#3645, rep by Daniel Wigenfors)
    • jsp: BeanELResolver accessible issues (#3598, rep by rymsha)
    • deploy: staging and versioning capacilibies (#3514, rep by Yujin Kim)
    • cluster: add com.caucho.cluster.LockManager for distributed locking (#3464, rep by Martin Thompson)
    • build: jsf-api.jar needs to be in src distribution (#3633, rep by joey)
    • loader: sync/deadlock in EnvironmentClassLoader on startup (rep by Patrik Styme, #3641)
    • jms: ClusterQueue single consumer (#2766, rep by Eric Masson)
    • servlet: include/forward should not trigger request events (#3111, rep by tempestse)
    • http: refactor to eliminate buffer/session reuse for subsequent requests (#3557, rep by Kevin Kilmer-Choi)
    • servlet: forward attribute issues with wrappers (#3059, rep by masum)
    • server: content-length counting issues (#3619, rep by Matthew Schmidt)
    • jmx: IntrospectionMBean _attrGetMap needs to be synchronized (#3620, rep by ebarlas)
    • jsse: added jsse cipher-suite support (#3593, rep by vbavin)
    • jni: JNI detection of clientdisconnect issues (rep by Fiaz Hossain)
    • quercus: image fixes for vbulletin
    • quercus: ksort fixes for vbulletin
    • quercus: WordPress: Post revisions not shown (#3753)
    • quercus: Avoid recursive instropection of methods. (#3748, rep by PeterJ)
    • quercus: quercus request for support for $_SERVER["REQUEST_TIME"] (#3712, rep by ashamash)
    • quercus: Enable overridding of setting TYPE_SCROLL_INSENSITIVE (#3746, rep by PeterJ)
    • quercus: date_timezone_set does not update date correctly (#3737, rep by damien)
    • quercus: jetty: ClassNotFoundException for org.eclipse.jetty.server.AsyncContext (#3733, rep by andjarnic)
    • quercus: is_object and is_resource return wrong results in many cases (#3701, rep by PeterJ)
    • quercus: isset returns wrong answer with multiple variables (#3702, rep by PeterJ)
    • quercus: failure in simplexml_load_string() (#3476, rep by jredden)
    • quercus: quercus 4.0.1 is missing QuercusServlet (#3674, everflux)
    • quercus: phpBB3 - Links not displaying (#3637, rep by GT500)
    • quercus: java.lang.NullPointerException running Yii (#3541, rep by johnsavior)
    • quercus: Drupal and OpenID (#3609, rep by B. Wu)
    • quercus: QuercusParseException - missing semicolon within a scriptlet php tag. (#3668, rep by kenfoo)
    • quercus: StringBuilderValue.create() is not performing a "& 0xFF" on the character value (#3654, rep by kenfoo)
    • quercus: ErrorException is missing (#3667, rep by kenfoo)
    • quercus: substr_compare failed (#3662, rep by jindw)
    • quercus: Quercus allows to make non-abstract function abstract again (#3644, rep by tlandmann)
    • quercus: count() error with recursive (#3586, rep by Hoang)
    • quercus: PHP-style hash algorithm names not supported (#3513, rep by koreth)
    • quercus: Quercus $foo->getClass() method (#3555, rep by Herbert)
    • quercus: NumberFormatException when calling $result = file_get_contents($url) (#3587, rep by tomi_m)
    • quercus: instanceof parsing precedence (#3621, rep by H. Punt)
    • quercus: isset() returns FALSE for $_SESSION (#3636, rep by rabbitism)
    • quercus: static function variables not "really" static (#3610, rep by tlandmann)
    • quercus: wordpress 2.8.1 and resin load-balancing - can't login (#3624, rep by J. Novak)
    • quercus: mail() does not handle multi-line headers properly (#3616)

    Resin 4.0.1



    Resin 4.0.1 Overview

    The focus of Resin 4.0.1 development was the following:

    • CanDI major refactor to match major changes to the JSR-299 specification.
    • Servlet 3.0 early access implementation, including replacing Resin's experimental comet support with Servlet 3.0 async
    • Quercus Pro support for other application servers, and increased support for Google App Engine.
    • Stability and performance work for clustered caching and sessions

    Resin 4.0.x is the active development branch. Due to the addition of new features, it may be more unstable than the production branch.

    The 3.1.x branch is the stable branch.

    Servlet 3.0 Early Access

    Resin 4.0.1 has implemented the Servlet 3.0 draft specification as an early access release. Importantly, Resin's server push/comet support has changed to the Servlet AsyncContext model. Developers who have used Resin's experimental comet API should see the new comet using AsyncContext tutorial. Future Resin versions will concentrate on the AsyncContext API and will eventually drop the experimental API.

    Resin 10,000

    Resin's concurrent connections have been tested up to 10,000 simultaneous keepalive connections and 10,000 simultaneous Servlet 3.0 AsyncContext connections on Linux systems. Resin's direct support for Linux EPOLL enables this large-scale keepalive support.

    Java Injection (JSR-299, CanDI)

    The Java Injection specification has been updated considerably from Resin 4.0.0 to Resin 4.0.1. Most of the spec changes have been on the SPI side with a complete new SPI for custom configuration.

    The packaging has also changed, with the main package now being javax.enterprise.inject.

    The CanDI project page gives more information, including a link to a CanDI tutorial.


    We've added /resin-admin features to improve visibility to the server, development and debugging, and adminstration.

    A new "graphs" tab lets you view recent statistics from the servers. When viewed from the first triad server, statistics from all the servers in the cluster are available.

    A new "SQL" tab allows you to browse the schema and make queries to any configured database pool in the server.

    A new "Wizards" tab helps new users configure various parts of the server by showing XML syntax and options. Currently only database pool configuration is supported, with other wizards coming in future releases.


    The command-line to start Resin now requires an explicit "console" for console-mode, because some users were using unix background processing instead of using the "start" command.

    The watchdog-Resin socket now uses HMTP/BAM for communication. On shutdown, this lets the watchdog close Resin gracefully before forcing an exit.

    Distributed Deployment

    The distributed deployment reliability has been enhanced by adding automatic retry on restart. If a triad server is not yet available when a server starts, Resin will continue retry the server until the triad is up and available.

    Ubuntu/Debian 64-bit packages

    .deb packages are now provided for both Resin Open Source and Resin Professional for 32-bit and 64-bit x86 architectures.

    Quercus: Availability on other Application Servers

    Quercus Professional is now available on any JavaEE application server with the quercus-pro.war download.

    Change List

    • session: save-mode='before-header' should not serialize sessions after the request (rep by Gagan Chaudhari)
    • server: chunking issues with filled content (rep by Rick Mann)
    • gzip: empty gzip response should return 0 bytes (#3599, rep by martin thompson)
    • jsp: jsp recompilation detection for WEB-INF/tags (#3578, rep by rmann)
    • (2009-07-14) jsf: ViewExpiredException with JSF RI(#3517, on behalf of Matthew Schmidt)
    • server: host-default and web-app-default were included multiple times (#3554, rep by Jean Padilla)
    • candi: scope-adapter bytecode issues with more than 3 arguments (#3564, rep by wesley)
    • xa: allow synchronization added in beforeCompletion to also be called by beforeCompletion (#3559, rep by Peter Pastrnak)
    • cache: jsp/include/html was not properly cached (#3379, rep by Driss Louriagli)
    • servlet: error page file-not-found is reporting the original URL, not the missing error page (#3561, rep by Abhishek Neralla)
    • watchdog: start can create a new task if the old one is in the process of shutting down (#3527, rep by Rob Lockston)
    • watchdog: stop needs to wait for Resin to exit (#3528, #3418, rep by Rob Lockstone)
    • watchdog: require "console" option, and forbid command-line without command
    • hessian: hessian 1.0/2.0 debug conflict for date ('d' vs \x4a) (#3452, rep by Rick Mann)
    • candi: multiple registration issue with @ApplicationScoped HessianService (#3543, rep by skot)
    • dist-session: open source wasn't properly saving (#3545, rep by Mattias Jiderhamn)
    • candi: resin-web.xml needs to override scanned beans (#3546, rep by voodude0
    • hessian: issues with 2 vs 1 version detection (#3036, rep by skipper13)
    • candi: stack overflow with EL config (#3480, rep by Scott Hernandez)
    • ejb: @Current SessionContext injection for stateful/session (#3506, rep by skot)
    • candi: increase priority of XML over discovered beans (#3507, rep by Jeff Schnitzer)
    • embed: ResinEmbed support for non-empty cluster and server names (#3498, rep by skot)
    • server: isUserInRole NPE in AbstractHttpRequest (#3489, rep by voodude)
    • build: ant dist build.xml optional for (#3490, rep by skot)
    • hessian: java.lang.Object (#3448)
    • hessian: Byte/Short as handles
    • jni: RandomAccessFile JNI code missing mode (#3442, rep by koreth)
    • jsp: jsp:useBean with generic type and XML validation (#3455, rep by kir)
    • jsp: prelude with include NPE (#3508, rep by Shinomiya Nobuaki)
    • deploy: error messages and documentation for remote deploy not clear for BAM/HMTP (#3477, rep by Scott Hernandez)
    • quercus: Curl has issues with urls having @ in it (#3585, rep by anash)
    • quercus: Wordpress 2.8.1 parent constructor call (#3597, rep by csw)
    • server: UTF8Reader with byte-order-mark needs to read full next character (#3525, rep by Fiaz Hossain)
    • jca: max-active-time default needs to changed to Long.MAX_VALUE instead of Integer.MAX_VALUE (rep by KC Baltz)
    • log: SyslogHandler has improper initialization (rep by Michael Glenney)
    • class loader: remove potential classloadering deadlock based on ClassEntry lock (#3423, rep by stbu)
    • database: driver support for META-INF/services and url without type
    • database: DataSource now allowed as a driver type (#3318, rep by atifmk)
    • server: web-app versioning updates with /ROOT (#3466, rep by sibyj)
    • server: HTTP PrintWriter with i18n double-byte encoding overrun (#3434, rep by Fiaz Hossain)

    Resin 4.0.0



    • Resin 10,000
    • Java Injection (JSR-299, CanDI)
    • Distributed Deployment
    • Distributed Caching
    • Dynamic Server Deployment
    • Clustered Session Refactor
    • Distributed JMX
    • Eclipse plugin
    • Maven Jar Project Repository
    • Rewrite redesign
    • FastCGI support
    • Security Redesign
    • Management services
    • JMS
    • BAM updates and refactoring
    • Win32 OpenSSL
    • Quercus: PHP on the JVM
    • PHP on Google Application Engine

    Resin 4.0.x

    Resin 4.0.x is now the development branch. Due to the addition of new features, it may be more unstable than the production branch.

    The 3.1.x branch is the stable branch.

    Resin 10,000

    Resin's concurrent connections has been tested up to 10,000 simultaneous keepalive connections. Since the CPU usage of that test was only 1.0, the actual upper limit would be even larger than 10k.

    Java Injection (JSR-299, CanDI)

    Resin's configuration and dependency injection is based on the JSR-299 (CanDI) draft specification. Applications can use Java Injection to create and configure custom components, including configuration of third party libraries.

    Distributed Deployment

    New .war versions can be deployed to a distributed cluster. All servers in the cluster will receive the new .war updates. Updates are incremental, with only changed files requiring new uploads. Plugins for distributed .war are available for eclipse, ant, and maven.

    Resin's distributed deployment uses the git file format for transactional reliability, and uses BAM/HMTP for distributed communication.

    Distributed Caching

    Clustered caching is now available using the JCache API, which is a java.util.Map extension. All servers in a cluster will receive updates for cache updates.

    The clustered caching uses BAM/HMTP to communicate cache updates.

    Dynamic Server Deployment

    Resin 4.0 now lets you add and remove servers dynamically. You'll add the new server in the /resin-admin or through JMX, and start the server normally.

    Clustered Session Refactor

    Distributed sessions now use the new distributed caching capabilities to share changes across all servers in the cluster.

    Distributed JMX

    The internal, distributed JMX implementation now uses BAM/HMTP to communicate JMX attributes and actions.

    Eclipse Plugin

    The eclipse plugin has been rewritten to include remote distribution of .war files, and improve remote control of Resin instances..

    Maven Project jar Repository

    Project and library jar files may now be placed in a project-jars directory, and selected using a WEB-INF/pom.xml in Maven project syntax. Resin will resolve the jars in the project-jars directory based on the pom.xml, selecting appropriate versions, and avoiding duplicate jar deployment.

    rewrite redesign

    Resin's rewrite rules have been improved to allow easier customization and configuration based on CanDI style configuration.

    <web-app xmlns="">
      <resin:FastCgiProxy regexp="^/fcgi" address="localhost:9000"/>
      <resin:HttpProxy regexp="^/http" address="localhost:8080"/>
      <resin:Dispatch regexp="(\.php|\.js|\.gif|\.png)$"/>
      <resin:Dispatch regexp="^" target="/index.php"/>

    fastcgi support

    Resin now supports fast cgi as a front-end protocol, allowing it to be used with servers like nginx and IIS fastcgi support.

    Example: resin.xml
    <resin xmlns=""
        <cluster id="">
          <server id="">
            <resin:FastCgiPort port="9000"/>

    security redesign

    Resin's security rules have been improved to allow easier customization and configuration based on CanDI style configuration.

    Example: resin-web.xml
    <web-app xmlns="">
        <user name="harry" password="..."/>
      <resin:Allow url-pattern="/secure/*">
        <resin:IfUserInRole role="user"/>


    Resin's management services have been reconfigured to use CanDI style configuration.

    Example: resin.xml
    <resin xmlns=""
      <cluster id="app">


    JMS configuration now uses CanDI style configuration.

    Example: resin-web.xml
    <web-app xmlns=""
      <resin:MemoryQueue name="test"/>

    BAM updates and refactoring

    Resin now uses BAM/HMTP for all internal messaging, including the distributed caching, dynamic servers, and distributed deployment.

    Win32 OpenSSL

    Win32 openssl version is compiled against Shining Light's 0.9.8k

    Win64 openssl version is compiled against Shining Lights 0.9.8k

    Quercus: PHP on the JVM

    Quercus continues to improve, with significant performance improvements and many compatibility bug fixes.

    PHP on Google Application Engine

    An GoogleQuercusServlet has been created to support Quercus on the Google Application Engine.

    Change List

    • security: ClusterSingleSignon logging wrong class (rep by Scott Hernandez)
    • thread pool: improve detection of illegal internal thread state (rep by Takahiro Fukuda)
    • (2008-04-08) thread: ThreadPool initialization needs to be synchronized because of lazy-init (rep by Dannis Devota)
    • jsp: BeanInfo vs introspection for tags (#3066, rep by Mike McNally)
    • classloader: maven classloader replaces osgi
    • jsp: trimDirectiveWhitespaces was ignored for tag files (#3386, rep by kvirkki)
    • admin: PingMailer updated to Java Injection (#3257, rep by kenjrwalker)
    • session: timeout/listener updates (#3116, rep by Richard Grantham)
    • rewrite: <dispatch> needs to change Invocation (#3067, rep by Leonid Geller)
    • admin: sort_webapp duplicate error in /resin-admin (#3405, rep by c. whalley)
    • ioc: add @Produces foo(InjectionPoint ij)
    • jsp: UTF-8 BOM should not force text/html (#3062, rep by CnXiaowei)
    • proxy-cache: Authorization header should not disable proxy caching (#3065, rep by Daniel Wigenfors)
    • servlet: sendRedirect URL encoding to use iso-8859-1 when character encoding set (#3032, rep by bjopet)
    • hessian: timeout on http connection clear needs to be short (#3039, rep by Jeff Porter)
    • http: improve error message on chunked encoding (#3021, rep by e_rajasekar)
    • error: allow custom error page for 400 bad request errors (#3008, rep by Vinod Mehra)
    • jsp: error parsing should ignore encoding errors (#2967, rep by Takahiro Fukuda)
    • load balance: dynamic servers (#2867, rep by Dana P'Simer)
    • load balance: add green load balancing (#2831)
    • admin: added URL to thread dump when available (#3194, rep by Keith Paulson)
    • win32: O_BINARY required for configuation saving (#3337, rep by Takahiro Fukuda)
    • log: non-gz/zip archiving now uses rename instead of copy
    • log: added ${request}, ${session}, ${cookie} to log format (#3255, rep by Philippe Collard)
    • log: multiline logs like thread dumps should not have extra timestamps (#3229, rep by Jamison Novak)
    • rewrite: <dispatch> should not modify uri unless it has a target (#3295, rep by Ethan Larson)
    • distcache: distributed cache update times must be deltas because of clock skew (#3161, rep by Dushyanth Harinath)
    • jms: commit() NPE check (#3287, rep by tyson weihs)
    • rewrite: new rewrite rules allow custom dispatching (#3096, rep by Leonid Geller)
    • rewrite: <rewrite:SetHeader>,<rewrite: Location> (#3381, rep by Andrea Sodomaco)
    • rewrite: request-secure disabled access log (#3354, rep by Tamas Pinter)
    • security: <secure> interaction with auth-constraint (#3333, rep by stbu)
    • servlet: add <cron> syntax for servlet (#3188, rep by mate)
    • boot: update setuid/setgid code (#3330, rep by tlandmann)
    • quercus: charAt needs to check range (#3363, rep by gyvc)
    • boot: improve bind error messages for failed binding (#3193, #3204, rep by sibyj)
    • dist: init.d/ distribution changes (#3374, rep by jkriesten)
    • (2009-03-18) mod_caucho: only allow one thread to update config for worker model
    • win32: truncate applied incorrect file mode for new file (#3382, rep by Kair Virkki)
    • (2009-02-26) boot: windows machines can't add -server option automatically (#3331)
    • inject: findByName needs to work during shutdown (#3334, rep by stbu)
    • make: "make clean" not properly propagated in modules/c/src/Makefile (#3340, rep by copart)
    • boot: add system-class-loader configuration (#3339, rep by toomasr)
    • servlet: run-at race condition on web-app restart (rep by stbu, #3342)
    • boot: update messages for Quercus Personal (#3352)
    • quercus: $f($v) with foo(&$v) declaration (#3351, rep by koreth)
    • (2009-02-23) jms: btree split off-by-one issue (#3287, rep by tyson weihs)
    • jms: file missing primary declaration (#3287, rep by tyson weihs)
    • hessian: Annotation support
    • hessian: AbstractSerializer changes to improve usability
    • hessian: META-INF/hessian/serializers and deserializers
    • server: sync performance with Encoding (#3226, rep by lookis)
    • quercus: hmac performance (#3297, rep by koreth)
    • server: cron syntax not properly handling day of week (#3248, rep by mate)
    • mod_caucho: content-length not properly propagated (#2995, rep by uwe schaefer)
    • (2009-01-27) inject: update packaging to latest Java Injection draft
    • make: makefiles updated to use $(CC) instead of $(LD) (#3267, rep by dicr)
    • admin: add <resin-data-directory> to replace admin path
    • remote: <remote:BamService> replaces <bam-service>
    • quercus: batch compiled files (#3261, rep by koreth)
    • quercus: strtotime with date and not time needs to zero-out time (#3177, rep by dmaa)
    • quercus: FilterIterator (#3214, rep by koreth)
    • quercus: stub out CURLOPT_MAXREDIRS (#3126, rep by koreth)
    • quercus: double printing needs to match php (#3279, rep by koreth)
    • quercus: curl CURLOPT_POSTFIELDS needs to understand array (#3281, rep by koreth)
    • quercus: microtime() was using System.nanos() incorrectly (#3280, rep by koreth)
    • quercus: date() not using default timezone (#3273, rep by koreth)
    • quercus: pwd not working properly in passthru (#3247, rep by mikhailb)
    • quercus: get_object_vars must not use iterator (#3253, rep by haplo)
    • quercus: Java interfaces not properly populating instanceof (#3230, rep by haplo)
    • quercus: ArrayIterator constructor issues (#3239, #3253, rep by haplo)
    • quercus: instanceof not working with Java classes (#3242, rep by haplo)
    • quercus: static variables related to late static binding (#3225, rep by koreth)
    • osgi: getLocalResource needs to check for loader null (#3236, rep by koreth)
    • jsf: f:view not bound when using jsf:ri with xml syntax (#3102, rep by alex)
    • (2008-01-05) quercus: instanceof issues with Exceptions (#3209, rep by koreth)
    • quercus: regexp handling of /[\p{Arabic}]/ (#3131, rep by koreth)
    • quercus: classes scope to the dynamic class, not static class (#3213, rep by koreth)
    • quercus: abstract class not properly initialized in statement (#3216, rep by koreth)
    • quercus: i18n issues with "set names" (#3203, rep by M Schmidt)
    • quercus: array copyOnWrite issue with _var vs _value (#3210, rep by koreth)
    • quercus: array return value from external call (#347b, rep by koreth)
    • quercus: json_decode of '{}' not handled properly, cont (#3201, rep by koreth)
    • (2008-12-29) quercus: json_decode of '{}' not handled properly (#3197, rep by koreth)
    • quercus: add profile-probability="0.001" to QuercusServlet (#3200, rep by koreth)
    • quercus: NPE for preg_match and "/^x|^x/" (#3198, rep by koreth)
    • security: add WebBeans-style configuration, e.g. <sec:FormLogin>, <sec:XmlAuthenticator
    • session: convert to TriplicateCache
    • cluster: convert to ClusterTriad
    • watchdog: convert to BAM
    • quercus: regexp needs to handle anchor optim (#3195, rep by koreth)
    • install: Mac OS X flags for 64 bit
    • security: authentication generation of cookies should be optional (#3049, rep by Eric Bowman)
    • gzip: if application sets Vary, do not add extra Vary (#3043, rep by Eric Bowman)
    • config: Resin config vars like ${server} should not affect JSP EL (#3078, rep by Jan Kriesten)
    • jmx: remove admin-dummy-root for remote service (#3087, rep by dicr)
    • jstl: ${} with no cookies causes NPE (#3023, rep by vicsanca)
    • session: SessionManager.createSession check for initialization (#3074, rep by dicr)
    • boot: watchdog communication proxy not setting proper classloader (#3174, rep by koreth)
    • amber: @ManyToOne issue with @JoinColumn not specifying name (#3081, rep by dicr)
    • amber: @Version fixes for java.sql.Timestamp (#3080, rep by dicr)
    • config: webApp.url should default to http://localhost instead of http://default (#3035, rep by skipper13)
    • config: resin:import will throw config exception is include file exists bug is not readable (#3076, rep by dicr)
    • server: reduce default BlockManager size (#3054, rep by Daniel Vydra)
    • amber: @Entity wasn't allowing protected constructor (#3071, rep by dicr)
    • admin: log-service default changed to 'warning' (#3084, rep by Bryant Harris)
    • build: debian web user should be 'www-data' (#3124, rep by Geert Van Damme)
    • quercus: $GLOBALS array regression (#3176, rep by koreth)
    • quercus: compress.zlib parsing error (#3171, rep by koreth)
    • quercus: $_SERVER and $HTTP_SERVER_VARS not identical (#3168, rep by koreth)
    • quercus: stream_get_meta_data extra logging (#3170, rep by koreth)
    • quercus: class static fields must be handled as mangled globals (#3155, #3165, rep by koreth)
    • quercus: DoubleValue issues in assignments, e.g. for commas (#3163, rep by koreth)
    • quercus: array copy-on-write issues with latest optimizations (#3160, rep by koreth)
    • quercus: unset compilation issues with latest optimizations (#3157, rep by koreth)
    • jsf: invalid input is not redisplayed in JSF UI Input (#3057, rep by freemant)
    • quercus: resin_save_state()/resin_restore_state() (rep by koreth)
    • server: 304 was not properly ignoring content (#3089, rep by Andrew Phillips)
    • quercus: catch regexp stack overflow and log (rep by koreth)
    • quercus: array_shift regression (#3150, rep by koreth)
    • quercus: array($x = 3) compilation issue (#3139, rep by koreth)
    • quercus: experimental lazy function classloading (rep by koreth)
    • quercus: NPE with func_get_args (#3103, rep by koreth)
    • core: added StreamSource for hessian serialization
    • hessian: added AbstractStreamSerializer and AbstractStreamDeserializer
    • hessian: added *HessianSerializer and *HessianDeserializer pattern
    • jsf: Application MessageBundle fixes (#3056, rep by freemant)
    • jsf: JSF State with Serializable ActionListener (#3058, rep by freemant)
    • server: ThreadLocal removal/cleanup
    • admin: change profile default to 10ms
    • http: 304 should not return content-length (#3089, rep by Andrew Phillips)
    • admin: changed log-service default logging level to WARNING (rep by Bryant Harris)
    • memory: DispatchRequest._invocation needs to be cleared (rep by Mattias Jiderhamn)
    • session: clustering triplicate='true' with only one server (rep by Mark Morgan)
    • database: NPE in ConnectionPool.destroy() (#3070, rep by dicr)
    • thread: thread pool load smoothing (rep by Martin Thompson)
    • boot: watchdog kill NPE (#3009, rep by stbu)
    • persistent-store: sessions larger than 4M were not properly persisted (#3025, rep by mate)
    • memory: removed potential ThreadLocal leak with SecurityContext (#3031, rep by Mattias Jiderhamn)
    • admin: OSGi bundles now registered as OsgiBundleMXBean
    • admin: WebBeans now registered as WebBeanMXBean
    • Servlet: various fixes for Servlet TCK
    • JSP: various fixes for JSP TCK
    • WebBeans: javax.webbeans.manager.Manager and Bean are new SPI for WebBeans
    • WebBeans: @Current replaces @In as default @BindingType
    • WebBeans: <Deploy> enables @DeploymentType and establishes priority
    • WebBeans: @DeploymentType replaces old @ComponentType
    • WebBeans: @Named semantics changes for new draft - Named is no longer a @BindingType and no longer automatically names beans
    • WebBeans: move web-beans.xml to root from META_INF for new draft
    • WebBeans: new XML web-beans.xml syntax for new draft


    To help us better understand our users, please be kind enough to provide your information.