What’s new
What’s new in Java Agent 5.10.2
Java Agent 5.10.2 is the latest maintenance release for Java Agent 5.10 deployments. Install this release for an initial deployment or to update an existing Java Agent deployment.
What’s new in Java Agent 5.10.1
Invalidation of sessions on logout
Always invalidate sessions is a new property to invoke the AM REST logout endpoint.
If
Conditional Logout URL List
is set to a URL that does not perform a REST logout to AM, set
Always invalidate sessions
to true
so that the agent additionally invokes the AM REST logout endpoint to
invalidate the session.
What’s new in Java Agent 5.10
Support for Jakarta EE standard
Java Agent now supports the Jakarta EE 9+ standard, with JDK 11. For information about supported operating systems Jakarta, see Jakarta EE platform requirements.
Matching FQDNs to URL patterns
A file globbing pattern (containing *
and ?
) can now be used to match a
hostname, in
FQDN Map. Use this feature
to map requests with virtual, invalid, or partial hostnames to URLs that contain
a correct FQDN.
Detect the path of a resource loaded by classloader
To help with troubleshooting, a new property
-Ddisplay.classpath.mode.enabled=true
is available to help locate .jar files
that contain outdated classes. For more information and an example, see
Detect the path of a resource loaded by classloader.
Logback
Log messages in Java Agent and third-party dependencies are now recorded using the Logback implementation of the Simple Logging Facade for Java (SLF4J) API. For more information, see Logging.
POST data can be preserved in files
The following new properties are available to configure the storage of POST data to files instead of to the in-memory cache:
For more information, see POST data preservation.
Encoding for extended characters in not-enforced rules
By default, Java Agent uses UTF-8 to encode extended characters in the resource paths of not-enforced rules.
The following new properties are available to change the character encoding in the resource paths and HTTP query parameters of not-enforced rules:
For more information, see Not-enforced rules.
Limitation on the size to which a JWT can be decompressed
Maximum Decompression Size is a new property to limit the maximum size to which a compressed JWT can be decompressed. This property reduces the risk of memory exhaustion DOS attacks by reducing the risk of a decompressed JWT consuming too much available memory.
Signing of pre-authentication cookies
To improve protection against tampering, pre-authentication and POST data preservation cookies can now be signed. When the value of Pre-Authn and Post Data Preservation Cookie Signing Value is a non-zero length, its value is used to generate a signing key.
During installation, the path to a file that contains the signing value can be provided interactively or in the installation response file. Cookies are not signed if:
-
The path is not provided
-
The path to an empty file is provided
-
The value found in the file is too short
The signing value is stored in the AgentKey.properties file.
Retrieval of agent password
A new option is available in agentadmin to reveal the agent profile password.