1 Release notes for OpenSRF 2.5.0-alpha2
2 ======================================
6 The following Linux distributions are supported:
8 * Debian 7 (Wheezy) and 8 (Jessie)
10 * Ubuntu 14.04 (Trusty Tahr) and 16.04 LTS (Xenial Xerus)
12 Changes in 2.5.0-alpha2
13 -----------------------
14 OpenSRF 2.5.0-alpha2 is a security release; testers of OpenSRF 2.5.x
15 are strongly urged to upgrade as soon as possible.
17 The second alpha release of OpenSRF 2.5 includes the following changes:
19 * LP#1652382: improve normalization of memcache keys to avoid potential
20 denial of service and privilege escalation attacks.
21 * LP#1652122: fix an infinite recursion bug in opensrf.system.method.all.
22 * LP#1655449: propagate bundling/chunking limits to subrequests.
24 New features in 2.5.0-alpha
25 ---------------------------
27 Chunking and bundling (LP#1612771)
28 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
30 Message Bundling and Chunking
31 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
33 OpenSRF now supports message chunking, i.e., breaking up large OpenSRF
34 messages across multiple XMPP envelopes. This is implemented with a
35 new OpenSRF message type.
37 C, Perl, and Javascript libraries are taught how to reconstruct chunked
38 messages. The default chunking threshold is 50Kb, just a bit below the
39 default ejabberd max stanza size of 64Kb.
41 What was previously called chunking is now referred to as bundling:
42 packing multiple OpenSRF messages together in a single XMPP envelope,
43 as long as we believe more messages will be sent in the future and we
44 are below some threshold of combined message size. The default for
45 that threshold is 25Kb.
47 With this change, it is no longer necessary to change the `max_stanza_size`
48 setting for ejabberd when installing OpenSRF.
50 Pass client timezone to server (LP#1485371)
51 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
53 OpenSRF has long inspected the envelope of incoming requests for information
54 about the client's locale and made this information available to business
55 logic. This is used, among other things, to drive transparent translation of
56 in-database strings within Evergreen. In addition to locale, OpenSRF will
57 now respect client-supplied adjustment to the effective time zone in which it
58 operates, and provide that information to the business logic layer of
59 applications built on the framework.
64 As most clients that have time zones which differ from that of the server on
65 which the OpenSRF processes run are, in fact, web browsers, it is necessary
66 to include time zone detection directly within the browser. This will be
67 stored in a cookie to be sent with all subsequent HTTP requests, and used in
68 all OpenSRF-over-HTTP calls made using the JavaScript bindings for OpenSRF,
69 including those for WebSockets communication.
71 For non-browser clients, such as support scripts written in Perl or other
72 scripting languages, the local system's mechanisms for detecting time zone
73 is relied upon. For instance, Perl scripts can directly read the TZ
76 Additionally, the srfsh client now reads its local time zone from the
77 environment and passes that to the server.
82 Within OpenSRF services implemented in Perl, this information is now passed up
83 to the business logic layer via the TZ environment variable, and is reverted
84 to the server's value at the end of each request. This allows automatic,
85 transparent use of the client's time zone in almost all cases, and provides a
86 system-normal access mechanism when direct access is required.
88 For OpenSRF services implemented in C, the time zone information is provided
89 as part of the request context object that is passed to implementation
90 functions. In particular, this allows services that interact with a database
91 to set the time zone in which the database interprets timestamps to that of
94 Dispatch mode for method_lookup subrequests (LP#1631522)
95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
97 There is a pattern in the wild of using OpenSRF's `method_lookup()` facility
98 to decide between one of several local methods when delegating to pre-existing
99 logic. Often times, we want to simply hand control over to another method,
100 but the output of a subrequest's `run()` is an array of results. The caller has
101 to know if, and how, to restructure the result for the client.
103 Instead, we can now call `dispatch()` instead of `run()` and have OpenSRF session
104 control completely passed to the delegate code. This way, the delegate code
105 need not know anything about its caller, and vice versa.
107 Example proxy server configurations (LP#1638651 and LP#1648188)
108 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
110 OpenSRF 2.5 comes with example configurations for using HAProxy or
111 NGINX as a reverse proxy for HTTP, HTTPS, and WebSockets traffic. This
112 can be useful for Evergreen systems that wish to use port 443 for both
113 HTTPS and secure WebSockets traffic.
115 Allow admin to specify where perl modules will be installed (LP#1631520)
116 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
117 Add `--with-perlbase` option to the `configure` to specify
118 an alternative location for installing the Perl modules. This
119 can be useful for setups that want to run the Perl modules
120 from a shared filesystem or environments that need to run
121 multiple versions of OpenSRF simultaneously.
123 Users of `--with-perlbase` are responsible for ensuring that
124 `PERL5LIB` is set appropriately.
129 * Drop support for Debian Squeeze (LP#1559121)
130 * Drop support for Ubuntu Precise (LP#1603708)
131 * Add support for Ubuntu Xenial (LP#1551090)
132 * Fix a bug with syslog configuration (LP#1473479)
133 * Fix OpenSRF debian_sys_config order for Debian (LP#1585041)
134 * Improvements to the installation documentation (LP#1382038)
139 We would like to thank the following people who contributed to OpenSRF 2.5:
projects / OpenSRF.git / blob