Caplin Liberator 4.5 - Release Note =================================== Introduction ============ Overview ========= This document provides release notes for all minor releases based on version 4.5 of the Caplin Liberator. Related documents ================== * Caplin Liberator 4.5 Administrator's Guide * Caplin Platform 4.5 User Licensing Guide * Caplin DataSource Overview * Caplin RTML 4.0 User Guide * Caplin RTSL 4.0 User Guide * Caplin Authentication SDK Overview * C Authentication SDK APIdoc * Java Authentication SDK APIdoc * Caplin XML Authentication Module User's Guide * Caplin Monitoring And Management Overview * Monitoring Socket Interface Specification * JMX Monitoring Module APIdoc Product Information ==================== Product Name: Caplin Liberator Latest Version Number: 4.5.9-5 Latest Release Date: 09 Jul 2009 Components ========== * RTTP Server 4.5.9-5 * DataSource Libraries 4.5.6-5 * RTTP Applet 4.4.3-6 * RTML 4.0.6-1 * RTSL 4.0.6-1 * SL4B 4.5.4-131730 * XMLAuth __XMLAUTH_VERSION__ * JavaAuth __JAVAAUTH_VERSION__ * Socket Monitoring Module __SOCKMON_VERSION__ * JMX Monitoring Module __JMX_VERSION__ Known Issues ============ SL4B Compatibility: Versions of SL4B prior to 4.3.0 are only compatible with Liberator 4.3.0 upwards if session-id-len is configured to 6 (the default value). Versions of SL4B prior to 4.4.0 are incompatible with Liberator with respect to Autodirectory and Container objects. SL4J Compatibility: Previous versions of SL4J are compatible with Liberator 4.3.0 upwards regardless of the length of the session id. Similarly, SL4J 4.3.0 upwards maintains backwards compatibility with earlier Liberator versions. Versions of SL4J prior to 4.4.0 are incompatible with Liberator with respect to Autodirectory and Container objects. Auth Module Compatibility: Auth modules compiled to run with Liberator 4.2 and below are not compatible with Liberator 4.4 upwards. Failing to recompile the auth module may result in crashes and other undesirable behaviour. Enabling JMX Monitoring degrades performance: If JMX monitoring is enabled the performance of the Liberator is degraded if large numbers of objects are created and deleted in a short period of time. Recommended JVM Version: Liberator has been tested with Java 1.6.0_11. Configuration Options: image-filtering-off This option has been removed due to performance enhancements negating the need for this tuning option. signature-hashsize The default value has changed to 8192, the minimum size of this configuration option is now 1024. As a result caching of KeyMaster signatures cannot be disabled. Custom authentication results: The custom auth module authentication result codes AUTH_USER6 to AUTH_USER9 (inclusive) have been removed. Subject length limit and Auth Modules: C based Auth Modules need to be recompiled if upgrading to Liberator version 4.5.5 or later from a version prior to 4.5.5 Version History =============== Version 4.5.9 - 09 Jul 2009 =========================== New Features RTTP Server 4.5.9 StreamLink for Silverlight support: Liberator now supports connections from Silverlight applications built using StreamLink for Silverlight. As a result the following files are now present within the htdocs directory: crossdomain.xml and clientaccesspolicy.xml. Liberator start script: Liberator start script now returns the exit code if the Liberator binary exits for any reason (PPLAT-195). The start script now references mtmalloc for the Solaris binary instead of the default Solaris malloc (PLIBS-540). RTTP Logging: Liberator now logs which ports it is available on. (PLIBS-364). Container constituent status: Fixed a race condition introduced in 4.5.8 whereby a container constituent's status message could be not sent to a client (PLIBS-574). Bug Fixes RTTP Server 4.5.9 HTTP Timeouts: The change to HTTP timeout behaviour in 4.5.8 caused a scenario where under HTTPS errors a crash could occur. This has now been fixed (PLIBS-565). News status messages: News status messages are now sent after the initial response rather than before (PLIBS-566). Reconnection issue: Should an update be received for a session whilst the session is being reconnected then there is a possibility that the Liberator could have crashed (PLIBS-558). HTTP 0.9 Requests: The connection will be closed after an HTTP 0.9 request is made (PLIBS-570). Remapping permission objects: Fixed a crash that could occur if permission, directory, chat or news story objects are re-mapped using auth invalidate (PLIBS-571). RTTP Logging: The log description for session ejection has been corrected (PLIBS-389). Liberator directory creation: The Liberator now automatically creates the /SYSTEM/LICENSING/TRADINGGROUP directory even if no trading groups are defined in the license (PLIBS-458). Version 4.5.8 - 21 May 2009 =========================== New Features DataSource Libraries 4.5.5 Event log cycling: The top of an event log will now record license information for diagnostic purposes (PLIBS-496). Bug Fixes RTTP Server 4.5.8 Automatic creation of type2/type3 record data: The functionality that created type2 and type3 record updates from incoming type 1 record data has been restored. This functionality is used by DataSource for Reuters to supply intraday chart data to a StreamLink client (PLIBS-409). Handling of type2 index when requested-fields-only is enabled: The type2 index is now sent correctly for type2 recrods when requested-fields-only is enabled (PLIBS-488). Duplicate Updates: Closed a possible tight race condition which meant a client could receive an image and then receive an update which was in fact the same data when they first subscribe to an object (PLIBS-420). HTTP Timeouts: Added extra timeouts on HTTP connections to avoid possible denial of service attacks (PLIBS-556). HTTP Connection limits: An internal limit to the number of HTTP connections now checks the system max files setting incase it is higher than the 65536 default limit (PLIBS-556). DataSource Libraries 4.5.5 Required peers and service/object status: The status now correctly takes account of the status of all the required peers within a DataService, with the result that a service is marked as STALE until all required peers are connected. Previously only one required peer needed to connect for the service status to be regarded as OK (PDSDK-111). Socket Limits: All implementations of event modules now use the same 65536 limit to the number of file descriptors, this limit is also increased if the system limit is higher (PDSDK-112). Version 4.5.7 - 01 May 2009 =========================== New Features RTTP Server 4.5.7 StreamLink for Browsers examples: The examples included in the Liberator kit have been upgraded. These examples make use of a JavaDemoSource to provide suitable data. This can be found in the JavaDemoSource directory in the Liberator kit. Licensing changes: It's now possible for a user using a specific application to login more times than that specified by the license option max-logins-per-user. This mode is designed for use in public facing non-authenticated demos (PPLAT-183). KeyMaster authentication mode: KeyMaster authentication can now use SHA256 signatures in addition to the standard MD5 signatures. This option can be enabled by using the "signing-algorithm sha256" option within an "add-sigkey" stanza. OpenSSL version: Updated OpenSSL to version 0.9.8k. OpenSSL configuration initialisation: Updated OpenSSL configuration options to make them more flexible. OpenSSL is now initialised using a configuration file. This file should exist in the root directory of the installed kit and be called openssl.cnf. This is the OpenSSL standard file. This file may be overridden by defining the environment variable OPENSSL_CNF before starting the Liberator. The section of the OpenSSL configuration file used to initialise OpenSSL may now be configured using the "ssl-config-name" option. Logcat can read compressed packet logs: Logcat can now read compressed packet log files that have been compressed using the standard gzip tool (PDSDK-103). Process uptime statistic now emits notification: The monitoring property that represents the uptime of the system now emits update notifications and should update automatically in the EMC (PDSDK-100). Bug Fixes RTTP Server 4.5.7 File descriptor handling fix: Fixed an issue which occurs when a datasource is started with the std streams unallocated (PDSDK-105). HTTP connection fix: Can now connect to Liberator via HTTPS on Solaris when using Firefox (PLIBS-546). Reconnection Fix: Fixed an issue where a session could reconnect and the Liberator could crash due to incorrect handling of sequence numbers (PLIBS-535). Version 4.5.6 - 20 Feb 2009 =========================== New Features RTTP Server 4.5.6 RTTP Logging: Server side RTTP logs now contain log messages to indicate when they have been started and stopped (PLIBS-515). Bug Fixes RTTP Server 4.5.6 OpenSSL Upgrade: The version of OpenSSL used by Liberator is now 0.9.8j (PLIBS-499). Throttle Levels: Fixed an issue where a subscription that is remapped to a different object from a non record object could lose its throttle level if it was not 0 (PLIBS-509). Subject limit: Fixed various issues with the new subject limit when used with container constituents and when monitoring is enabled (PLIBS-498, PLIBS-507, PLIBS-508). Malloc libs: Solaris build no longer uses ptmalloc libraries since these caused some issues with the JVM. Standard system malloc library is now used (PLIBS-500). Linux is unchanged and uses the system malloc libraries. Session Reconnect Counts: Fixed a bug where the reconnect count for a session was not updating via the monitoring interface (PLIBS-511). Crash on Delayed Auth: Fixed a crash that occurred when the old session of a reconnect timed out during a delayed Auth Module call (PLIBS-512). RTTP Logging: Fixed an issue where server side RTTP logging did not close the file descriptor when the session closed (PLIBS-517). Cluster user counts: Change to prevent per node user reference counting going negative and increase logging in this area (PLIBS-518). JMX Monitoring Module 4.4.8 Logging fixes. Version Info: You can now find the version of the Java side of the module by running the command: java -jar jmx-default-classloader.jar JavaAuth 4.5.4 Version Info: You can now find the version of the Java side of the module by running the command: java -jar javaauth.jar Version 4.5.5 - 16 Jan 2009 =========================== New Features Logcat Logcat can now display fieldnames: If logcat is run with the -F flag and a fields.conf file is present in either the current directory or a child etc/ directory then known fields within datasource packets will be displayed (PDSDK-69). RTTP Server 4.5.5 Subject limit: The maximum length of a subject has been increased from 255 to 4096 (PLIBS-489). C based auth modules should be recompiled against the latest rttpd.h XMLAuth 4.5.1 Rebuild to accommodate new subject length limit. JavaAuth 4.5.3 Rebuild to accommodate new subject length limit. Bug Fixes RTTP Server 4.5.5 Broadcast object issue: Fixed a race condition that could occur when the same object is supplied by two broadcast sources (or the same source with two connections) (PLIBS-487). Version 4.5.4 - 12 Dec 2008 =========================== New Features RTTP Server 4.5.4 Support for webkit-based browsers Safari and Chrome: Added Liberator connection support for Webkit-based browsers Safari and Chrome using SL4B. Support for IE8: Added Liberator connection support for Microsoft Internet Explorer 8. Bug Fixes RTTP Server 4.5.4 Container fixes: Fixed container remapping and invalidation on a session (PPLAT-113). Release note fix: Erroneous claim to support cross-domain requests in IE8 in 4.5.2 removed from release note (PLIBS-473). Keymaster memory leak: A memory leak caused when validating KeyMaster signatures has been fixed (PLIBS-474). Reconnection to a never logged in session: The Liberator no longer permits reconnection to a session that has never logged in (PLIBS-403). System objects cannot be purged: System object can no longer be purged, purging of system objects resulted in unpredictable behaviour (PLIBS-471). Subject encoding: Any subject sent from the client to the Liberator in any message will be re-encoded before sent back to the client. This is to prevent any cross site scripting attacks or other protocol mangling issues (PLIBS-477). HTTP Caching: Additional cache control headers added to RTTP responses to prevent any kind of storing of response. This prevents client side virus scanners affecting performance (PLIBS-482). Large Directories: Fixed a crash that could sometimes occur when reconnecting to Liberator with a subscription to a large directory of objects (PLIBS-472). Container reconnects: Fixed a bug where on some reconnects a container image could be sent out with some invalid data (PLIBS-485). DataSource Libraries 4.5.2 Keymaster threading issues: Some Keymaster threading issues have been resolved. One of the fixes improved the way the SSL library is initialised, and the other improved thread safety of keymaster handling. (PLIBS-464, PLIBS-470). Version 4.5.3 - 26 Nov 2008 =========================== New Features None Bug Fixes RTTP Server 4.5.3 Cluster Error Handling: Better error handling for mis-configured clusters (PLIBS-461). Cluster Logging: Extra logging for some cluster messages (PLIBS-463). Reconnection and nodata messages: Fixed a crash which arose when a client reconnected just before a nodata response was due to be sent to the old session. This issue only arose should the previous session queue could not be flushed (PLIBS-457). Additional header on HTTP responses causes SL4B issues: The additional Access-Control-Allow-Origin header inserted into HTTP responses causes problems with certain browsers (PLIBS-466). Version 4.5.2 - 10 Nov 2008 =========================== New Features RTTP Server 4.5.2 Optimised requests and discards: Multiple requests and discards that share the same parameters are optimised into one request or discard message. Centralized Capability Management System: Connecting clients are able to specify a list of capabilities they support. The components within the server are able to register capabilities with the CCMS. Upon connection a compatible set of capabilities to use is negotiated. Session identifier length: The default session identifier length has been increased to 12 from the previous default of 6. Compatibility details regarding the StreamLink APIs is given in the Known Issues section above. Bug Fixes RTTP Server 4.5.2 Memory leak with contribution: A memory leak that occurred during contribution has been fixed (PLIBS-428). Subscription parameters over invalidation: Subscription parameters are now preserved over object invalidation, as a result, for example, any filters being applied before object invalidation will be re-applied to the new object (PLIBS-433). Page subscription parameters: Various bugs related to page parameters have been identified and fixed (PLIBS-442, PLIBS-443, PLIBS-444). Session ejection over a cluster: If no local sesions exist then an attempt is now made to eject a session on another cluster node if auth-eject-users configuration option is set and licensing session limits are exceeded (PLIBS-454). Reconnection: Fixed an issue which arose when a session's queue could not be flushed when it reconnected and an object request was outstanding at the time of the disconnect (PLIBS-441). Throttling / Auth Invalidate: Fixed an issue which occurred when an invalidated object had been previously throttled and the new mapped object was not in the cache (PLIBS-438). JavaAuth 4.5.2 Start up messages: The auth module no longer writes it's version to system out on startup. It continues to log it to var/auth-rttpd.log (PLIBS-445). Improved logging: The auth module now logs session invalidation, session ejection, checkUser, delayedCheckUser and globalPermissionUpdate at the INFO level allowing for more granular level of logging output. All other log messages remain at DEBUG (PLIBS-439). Version 4.5.1 - 04 Sep 2008 =========================== New Features RTTP Server 4.5.1 Global permission objects and auth module interaction: Auth modules are now informed as to whether a row within a permission object has been updated, added or removed. Enhanced trading failure codes: Should a trade fail due to a license breach, this condition is now reported to the client explicitly. Bug Fixes RTTP Server 4.5.1 Large directory fix: Liberator no longer crashes when large directories are requested (PLIBS-431). ReleaseObject calls not sent to Auth module in good time: ReleaseObject calls are no longer batched for 10 seconds, and are sent out straight away (PLIBS-413). Global permission objects: Liberator will no longer send out deletes for rows that were not present within a global permission object (PLIBS-416). Permission update packet fix: Fixed an issue which caused a crash when a permission update packet contained a field that wasn't defined within fields.conf (PLIBS-419). Race condition when sending a container image: Fixed an issue which could result in a client having two copies of container constituents if they requested a container at the same time as an update entered the Liberator's cache. This could also result in a server crash (PLIBS-420). Container subscriptions: Fixed an error in handling container subscriptions which could mean subscribing to 10 or more containers could result in undefined behaviour (PLIBS-424). Auth Invalidate: Fixed a race condition when a session is being revalidated at the same time as an object it is subscribed to is being removed (PLIBS-425). Billing Tool Reading database files with asset class licensing information: The billing tool can now read database files which contain asset class licensing information (PLIBS-417). Version 4.5.0 - 17 Jul 2008 =========================== New Features RTTP Server 4.5.0 Asynchronous releaseObject calls: Calls to releaseObject are now made as soon as the object has been deleted, and are not batched for 5 seconds, or delayed by further 5 seconds waiting for other things to stop using the object. checkPermissionUpdate callbacks: The checkPermissionUpdate callback is always invoked before any permission message is sent to the client, regardless of whether it was an active/broadcast message or whether it was in the liberator cache already. Licensing changes: Liberator now supports the concept of a license grace period which permits usage over the maximum licensed amount for a short period of time whilst a new license is obtained. Additionally, the Liberator now supports differential licensing of trading users based on an identifier such as asset type. Status Page changes: The status page has been rewritten and provides improved insight into the state of the license usage. Bug Fixes RTTP Server 4.5.0 Liberator crash fix: Auth module returning DELAYED could cause the Liberator to crash when an AutoDirectory was requested. This happened because an empty object was created as the result of the call, which was not handled properly by the calling function (PLIBS-415). Reconnection Fix: Fixed an issue where a session could reconnect and miss messages if the output queue did not hold enough messages to fulfill the reconnection. In this situation Liberator will now send images for all subscriptions (PLIBS-359, PLIBS-388). RTTP Logging: Fixed an issue where RTTP logging could be misordered if large amounts of data were being written at a time (PLIBS-377). RTTP Logging: Fixed an issue where RTTP logging didn't log outgoing messages if the client connected using HTTPS (PLIBS-385). RTTP Logging: Fixed an issue where multiple concurrent sessions with RTTP Logging enabled, when the configuration had threads-num > 1, could result in an immediate abort of the process or incorrect behaviour (PLIBS-397). Global Cache objects don't create parent directory: Objects that are requested via the global cache do not create the parent directory correctly if no parent directory exists (PLIBS-383). Cluster overflow when handling long usernames or applications: The buffer used for reading cluster messages into was incorrectly sized when handling long application name or usernames, depending on the system being used this could result in an immediate abort of the process or incorrect behaviour (PLIBS-384). Possible Security Hole: Removed the ability for the RTTP Type 5 javascript file to be set by the query string of the connection message by the client. This prevents a possible cross site attack and although Liberator data would be unaffected any domain level cookies would be open to the attack (PLIBS-391). HTTP Crash Fix: Fixed a crash caused by a reverse proxy sending requests from multiple clients in the same packet when one of them is an RTTP back channel (PLIBS-395). Invalid HTTP requests: Fixed a problem where an HTTP request on an existing RTTP back channel would cause the RTTP session to be closed. It now ignores the request and logs the error (PLIBS-396). SL4B 4.4.13 A number of fixes around reconnections and subscriptions. See the SL4B release note for more details. Version 4.4.16 - 29 Apr 2008 ============================ Bug Fixes RTTP Server 4.4.16 Removed uupp-reset-fixed-period: uupp-reset-fixed-period configuration option is no longer valid, and should not be used in configuration files (PLIBS-352). Crash on large contribs: Large contribs (over 8KiB) would cause the Liberator to crash. This was caused by a double free of the data structure used to store the contrib message (PLIBS-363). Version 4.4.15 - 31 Mar 2008 ============================ Bug Fixes RTTP Server 4.4.15 Licence Monitoring Template Generation: Under certain conditions, the monitoring template for the licence could be regenerated periodically resulting in a memory leak. This has now been resolved (PDSDK-70). Version 4.4.14 - 06 Mar 2008 ============================ New Features RTTP Server 4.4.14 Status Page: The Liberator status web page now includes 'Max Unique Users' in the license section (PLIBS-338). Active Discard Timeout: Active discard timeouts can now be configured in both the add-data-service and add-object configuration sections with the option discard-timeout. This allows different timeouts to be used for different data services or sets of objects (PLIBS-292). add-object types: The 'type' option in 'add-object' can now be specified using names rather than numbers. Eg: add-object name /TRADE type directory end-object Bug Fixes RTTP Server 4.4.14 OpenSSL Upgrade: The version of OpenSSL used by Liberator is now 0.9.8g (PLIBS-284). Multiple container subscriptions: Although multiple subscriptions to a single container could be established, discarding any one of the subscriptions caused all subscriptions to be cancelled (PLIBS-337). NoData handling: NoData messages will now be passed on to clients with the same flags as the DataSource sent. For example, Unavailable and Read Denied rather than being mapped onto Not Found (PLIBS-344). This is also true when a nodata is sent for an existing object (PLIBS-346). Crash Fix: Fixed a crash that could occur after an auth_invalidate which results in a deny or not found (PLIBS-345). Object Log and auth_invalidate: Fixed a problem with the object log not logging discards when an auth_invalidate results in some kind of deny or object not found (PLIBS-347). Leap Year Bug: Fixed a bug that meant Liberator would consume large amounts of CPU and diskspace and possibly crash on February 29th. This is related to the users database file cycling at the end of the month (PLIBS-350). Version 4.4.13 - 01 Feb 2008 ============================ New Features JMX Module 4.4.3 The debug-level option is now deprecated: In line with other Caplin components, the debug-level option has now been deprecated and has been replaced with the option log-level. The debug-level option will continue to function, however a warning will be displayed if it used. Socket Monitoring Module 4.4.2 The debug-level option is now deprecated: In line with other Caplin components, the debug-level option has now been deprecated and has been replaced with the option log-level. The debug-level option will continue to Bug Fixes RTTP Server 4.4.13 Session chuckout: Fixed an issue with session chuckout for large containers where the container is a newly requested object, but the constituent objects are mainly in cache. Chuckout should not occur for data that is in response to a client request (PLIBS-331). Memory Leak related to Monitoring: A memory leak in the Liberator has been fixed. It affected instances of Liberator running with the JMX module enabled (PLIBS-312). Expired SSL certificates: Liberator used to ship with expired SSL certificates. New certificates have been generated that will not expire for 10 years (PLIBS-200). Active Contribution: Fixed a bug introduced in 4.4.12 where contributing to an object with no subscriptions would fail (PLIBS-333). Session cleanup with containers: Fixed a bug introduced in 4.4.12 where cleaning up a session following a disconnect could result in crash if a container object was requested (PLIBS-336). Startup Script LD_ASSUME_KERNEL and Linux 2.4 kernels: The startup script now sets LD_ASSUME_KERNEL when running on Linux distributions based on Kernel 2.4. This is required due to an issue with basic threading constructs in early versions of NPTL when running under load. Setting this parameter ensures that the LinuxThread model is used on these distributions (PLIBS-334). Version 4.4.12 - 21 Dec 2007 ============================ New Features Bug Fixes RTTP Server 4.4.12 Container Performance Issues: The performance of container objects has been improved, especially for large containers (PLIBS-306). Large subscriptions performance: The performance has been improved when dealing with clients with high numbers of subscriptions (PLIBS-306). Auth Delayed Issue: Fixed a bug where the asynchronous return from an auth module was processed after the login attempt was timed out by the Liberator (PLIBS-310). Reconnect Race Condition: A race condition on reconnection while active requests are being handled has been fixed (PLIBS-311, PLIBS-316, PLIBS-305). Autodirectory Discarding: Fixed a bug where the contents listeners were not removed if the parameters in the discard were wrong (PLIBS-307). Directory Race Condition: A race condition when adding objects to directories has been fixed (PLIBS-309). Auth Invalidate Crash: Fixed a bug where calling auth invalidate with the "don't map" flag caused a crash (PLIBS-308). Missing KeyMaster example: Added a Java auth SDK example which uses KeyMaster (PLIBS-222). Multiple MAP XML auth crash: Fixed a bug that caused Liberator to crash if more than one MAP in users.xml was added (PLIBS-319). Version 4.4.11 - 21 Nov 2007 ============================ New Features None Bug Fixes RTTP Server 4.4.11 CPU Spin Fix: Fixed a CPU spin caused by very unlikely circumstances where a malformed HTTP request for the RTTP Type 2/5 URL is received (PLIBS-296) CPU load under bandwidth limits: Improved performance in dealing with long queues of data to clients. This can happen under limited bandwidth (PLIBS-297) Permission object race condition: Fixed a race condition on permission objects when auth invalidate is used (PLIBS-300) Auth Delayed Issue: Fixed a bug where the asynchronous return value after an auth delayed could be changed allowing a user access when the module denied access (PLIBS-301) Monitoring Memory Leak: Change to the monitoring system to prevent leaks in the JMX monitoring module by explicitly deleting monitoring relationships (PJMOD-4) Version 4.4.10 - 08 Nov 2007 ============================ New Features None Bug Fixes RTTP Server 4.4.10 Large Container Performance: Changes to internal algorithms to improve the performance of initial requests for very large container objects (PLIBS-293). Session chuckout: Changed session chuckout so it does not kick in on the initial load of a large container (PLIBS-294). Auth Mapping to Invalid object: Mapping to an invalid object during an 'auth invalidate' will cause a 'Not Found' to be sent to the client (PLIBS-290). Status Messages on cached objects: Fixed a bug where only records would send out a status message on subscription when the object was already in cache (PLIBS-295). Version 4.4.9 - 30 Oct 2007 =========================== New Features None Bug Fixes RTTP Server 4.4.9 Container subscriptions: If a container was requested initially without a filter, and then requested with a filter, the Liberator would crash (PLIBS-287). DataSource Libraries 4.4.10 Intelligent Source Routing: Setting a request hint with an undefined peer could lead to memory corruption (PLIBS-285). Intelligent Source Routing: If a symbol with a request hint was requested with no available peers, if a supplying peer connected during the active-request- timeout period then a crash could occur (PLIBS-285). KeyMaster integration: Some erroneous logging has been removed (PDSDK-60). Version 4.4.8 - 31 Aug 2007 =========================== New Features RTTP Server 4.4.8 RTTP logging: It is now possible to log all RTTP input/output for a session. This can be switched on for a currently open session via the monitoring interface. Logging can also be enabled for all new sessions for a user either by the configuration option rttp-log-users or via the monitoring interface (PLIBS-206). DataSource Libraries 4.4.8 Dataservice monitoring: Information about dataservices (both static configuration and information about subscriptions through the dataservice) are now exposed to the monitoring interface (PDSDK-42). Monitoring interface: It is now possible to validate a monitoring user via Keymaster (PMANC-81). JMX monitoring: It is now possible to configure the interface address on which the JMX RMI server listens for connections as well as the port (PMANC-80). Bug Fixes RTTP Server 4.4.8 Event log level: Liberator now no longer overrides any setting of the event log debug level within an add-log section. The 'debug-level' option is now deprecated. 'log-level' should be used instead for global setting of log levels (PLIBS-235). Permission objects: The initial update for a permission update is now correctly sent to the client as an image (PLIBS-242). Permission objects: Both keys and values for permission objects can now contain spaces and other characters that require encoding (PLIBS-243). Session login: It is no longer valid for a client to log in to Liberator with an empty username. The login will fail with reason USER+UNKNOWN (PLIBS-244). Session logging: Session log messages have been improved. All messages now use a textual reason code rather than numeric codes and also report the username and application id (PLIBS-184). Socket monitoring link on documentation page: The link now points to the correct version of the document (PLIBS-232). Reconnect on a session before login: Reconnecting on a session which had not previously received a login could cause a crash (PLIBS-250). Correct not found message sent after an invalidate: The message sent to the client when an object was not found following an invalidate of permissions was incorrect, this has now been corrected (PLIBS-241). Reconnect now enforces the same username: Reconnections now enforce the use of the same username, failing to supply the same username will result in a failure to reconnect (PLIBS-237). Memory leak in contributions resolved: A memory leak could result if a contribution was attempted to an object supplied by a datasource that didn't support contribution (PLIBS-246). Object Name Mapping: Fixed a bug in object name mapping causing the wrong names to be used in monitoring (PLIBS-236). Auth Invalidate: Fixed a bug that meant configured object mappings where not applied when a subscription was invalidated by the auth module (PLIBS-251). DataSource Libraries 4.4.8 Packet logs: Packet logs are no longer corrupted when large amounts of data are received on multiple peers (PDSDK-48, PDSDK-49). Potential race when rejecting peers: If a peer connection were to be rejected, there was a potential race condition which could result in random memory being overwritten (PDSDK-48). Request/discard messages sent when peer down: Request/discard messages could be sent when a peer was disconnected, this could, under certain circumstances, result in a crash of the component built using DSDK (PDSDK-39). Peer messages flushed when peer disconnected: Occasionally, queued peer messages could be sent when a peer had disconnected shortly after a connect, this could result in memory being overwritten (PDSDK-52). Enabling heartbeats could cause deadlock: If heartbeats were enabled on a peer connection that accepted a connection then a deadlock would occur (PDSDK-55). Version 4.4.7 - 30 Jul 2007 =========================== New Features None Bug Fixes RTTP Server 4.4.7 User subscription monitoring: The user object name and cached object name are now correctly displayed through the monitoring interface (PLIBS-236). Shutdown crash: Liberator now no longer crashes on shutdown when both JMX and Javaauth are configured (PLIBS-212). Container Mapping: Container constituent mapping now respects the object-map configuration option (PLIBS-231). DataSource Libraries 4.4.6 Peer remote name monitoring: A peers remote name is no longer cleared in the monitoring interface when the peer disconnects (PDSDK-43). JMX 4.4.1 Native logging: JMX now correctly logs to its own log file (PLIBS-212). Javaauth 4.4.2 Native logging: Javaauth now correctly logs to its own log file (PLIBS-212). Version 4.4.6 - 27 July 2007 ============================ New Features None Bug Fixes RTTP Server 4.4.6 Requesting of container contents: The contents of a container are now only requested when a user request the container as opposed to the previous behaviour which requested the contents when the initial container image was received (PLIBS-204) Container Mapping: The contents of a container are now correctly mapped to objects as directed by the auth module (PLIBS-203). The contents of a container are also now correctly mapped as specified by an object-map entry in the configuration file (PLIBS-231). Container Images: A fix to the handling of container updates with the image flag set. Previously this flag could be ignored (PLIBS-216). Contribution reference counting: Under certain circumstances, a subscription could be silently cancelled if a contribution was performed around about the same time (PLIBS-218). News Story handling over type 5 connections: News stories can now be served over type 5 connections (PLIBS-219). DataSource Libraries 4.4.5 Discard messages sent when peer down: Discard messages could be sent when a peer was disconnect, this could, under certain circumstances, result in a crash of the component built using DSDK (PDSDK-39). Handling of isolated apostrophes in configuration options: An issue regarding the handling of single apostrophes has been resolved (PDSDK-40). SL4B 4.4.6 Please refer to the SL4B releasenote for bug fix details. Version 4.4.5 - 18 May 2007 =========================== New Features Documentation DataSource Overview: A new document, Caplin DataSource Overview, has been added to the kit. RTTP Server 4.4.5 RTTP type 5 end update marker: An end marker is now placed at the end of each group of type 5 updates. This permits performance optimisations to be made in SL4B (PLIBS-183). Bug Fixes RTTP Server 4.4.5 KeyMaster token storage: Due to a hashing collision, tokens could be reported as being previously used even though they weren't (PLIBS-188). Containers: Containers now behave correctly when constituent objects are subject to auth mapping.(PLIBS-192 PLIBS-195) Records from active Datasources: Updates for records sent from an active datasource as an image are now also sent to the client as an image. Previously they would be sent as an update (PLIBS-196). Delayed mapping: A bug was fixed whereby delayed mapping of object names did not work correctly in some cases (PLIBS-203). Billing Tool 4.4.5 KeyMaster tokens: The billing tool didn't use to recognise cached KeyMaster tokens, this resulted in a "size mismatch" error message (PLIBS-190). DataSource Libraries 4.4.4 Peer status: Occasionally on startup a peer could end up in a down state even though it was actually connected (PDSDK-34). Socket Errors: Fixed a bug where the event loop could use up all the CPU when a particular socket error occurs (PDSDK-33). Version 4.4.4 - 02 May 2007 =========================== New Features RTTP Server 4.4.4 Invalidate object: Auth modules now have the ability to invalidate specific objects, in addition to existing ability to invalidate by session, by user and to invalidate all objects. (CBR-6) Load balancing: DataSource keeps track of how many requests have been made to each connected DataSource, and directs new requests to the DataSource with least load. Previously, a round robin algorithm was used to decide which DataSource to make requests from. (CBR-11) Bug Fixes RTTP Server 4.4.4 RTTP Type 3 Connection Handling: Fixed a bug where a type 3 connection which is timed out, and therefore marked as lost, would prevent the next type 3 request from correctly returning the error. This could result in sockets staying open until the client times out. (PLIBS-178) Version 4.4.3 - 01 May 2007 =========================== Bug Fixes RTTP Server 4.4.3 Decimal place formatting: Use of decimal place formatting caused a crash whenever an update for a field to be formatted was received (PLIBS-174). Request handling: Handling requests from a cluster connection could lead to a buffer overflow and cause a crash (PLIBS-147). Version 4.4.2 - 26 Apr 2007 =========================== New Features SL4B 4.4.2 Please refer to the SL4B releasenote for new features. Bug Fixes SL4B 4.4.2 Please refer to the SL4B releasenote for bug fix details. DataSource Libraries 4.4.2 Peer ejection: Ejection of peers could cause a crash/deadlock under certain circumstances (PDSDK-31). Setting the status of a peer using the EMC: Under certain circumstances, using the EMC to shutdown a peer could cause a crash (PDSDK-27). Licence checking: Under circumstances, starting up with an invalid licence could cause the process to crash on exit (PDSDK-28). Accepting peer connections could sometimes cause a crash: Dependent upon configuration and speed of the machine, accepting peer connections on startup could cause a crash (PDSDK-32). Version 4.4.1 - 16 Apr 2007 =========================== New Features RTTP Server 4.4.1 User ejection: When licencing limits are reached, previous sessions for that user are ejected to allow the user to log in. This behaviour can be enabled by use of the auth-eject-users boolean configuration option (PLIBS-83). Solaris SSL Rebuilt: Solaris SSL libraries have been rebuilt with gcc for better compatibility. Version 4.4.0 - 30 Mar 2007 =========================== New Features RTTP Server 4.4.0 Session id length is configurable: Using the configuration option session-id-len the length of the unique identifier for a session is configurable. The default value of 6 (characters) maintains backwards compatibility. For details regarding compatibility of client libraries, please see the Known Issues section within this releasenote. KeyMaster token persistence: KeyMaster tokens are now persisted in the users database, this ensures that even after a restart a token cannot be reused. KeyMaster tokens within a Liberator Cluster: KeyMaster tokens are now shared between members of a Liberator cluster, this ensures that tokens cannot be reused on different members of the cluster. Monitoring Authentication: Authentication through to the monitoring system can now be controlled on a network and subnet level. Permission object: Added permissions object (object type 10). This is an object much like a type 2 record that supports integration with the JavaAuth system, and is designed for providing real-time permission changes that should be sent both to the client and also to the auth system. Container object: Container objects now support paging (the ability to request a subset of the container), and provide the size and ordering of constituent objects as part of rttp updates. (ICNOI-2,3,5) Request-timeout behaviour in add-data-service: The behaviour of this configuration option has been changed so that requests are now tried up to the request-timeout time should peers have not responded within the retry-time parameter for each source group. Optimised Thread Messaging: Re-implemented internal thread messaging to improve performance and stability. Liberator will refuse connections until services are available: Data services can be configured so that the Liberator will not accept any client connections until data services are in the correct state. Check Write Changes: Field values within contribs are now provided to the Auth Module API to allow such information to be used as a basis for authentication. Object Purging: Directories configured for object purging will now have sub-directories deleted and not just the objects within them. (PLIBS-149). Refusing Connections: The log message informing that the Liberator has stopped accepting connections due to too many sockets being open has been changed to log level CRIT. DataSource Libraries 4.4.0 Multithreaded Peers: Peer connections are now handled in separate threads for each peer connection. Configurable event manager: The underlying event manager can now be configured to use any of the following event managers - poll (default) epoll (Linux) devpoll (Solaris) select Epoll event manager now available (Linux): This event manager can be much faster when high numbers of socket connections are used. Devpoll event manager now available (Solaris): This event manager can be much faster when high numbers of socket connections are used. Request-timeout behaviour in add-data-service: The behaviour of this configuration option has been changed so that requests are now tried up to the request-timeout time should peers have not responded within the retry-time parameter for each source group. Authentication of monitoring logins is now logged: The authentication parameters as well as the result is now logged to the main datasource log file. DataSource protocol heartbeats re-implemented: DataSource heartbeats implementation has now been simplified and should perform better. Configuration files can now be pre-processed: Using the --preprocessor-binary= option, configuration files can be pre-processed automatically by datasources, this should assist in nay configuration management processes. Monitoring authentication: Monitoring connections can now be authenticated using a network and netmask combination. Miscellaneous Performance: Various internal changes to increase performance. Java Liberator Authentication 4.4.0a Check Write Changes: Field values within contribs are now provided to the Auth Module API to allow such information to be used as a basis for authentication. (CIT-328) Version 4.2.10 - 09 Mar 2007 ============================ Bug Fixes RTTP Server 4.2.10 Modifying properties of the root directory: The root directory could not be specified in an add-object configuration option without crashing the Liberator on startup (PLIBS-132). Global cache: The behaviour of the global cache has been corrected so that objects aren't discarded if another node requires the data. (PLIBS-126) Autodirectory object: The behaviour of autodirectory objects when the autodirectory symbol has been mapped via an auth module has been corrected so that structure add events are now correctly received by the client API when new records appear that match the autodirectory. (PLIBS-129) DataSource Libraries 4.2.10 Log File Wrapping: Log file wrapping could occur immediately on startup, potentially losing the log files from the previous cycle-period. (PLIBS-136) Version 4.2.9 - 20 Feb 2007 =========================== Bug Fixes RTTP Server 4.2.9 Web Modules: Fix to web module interface to handle POST requests lengths correctly. Clustered Contribution: Fixed a crash when a user contributes data to a non data-service owned object when clustering is enabled and either cluster-cache-request-objects or cluster-cache-source-routing are set. Story Objects: Fixed a couple of crashes related to receiving news stories. DataSource Libraries 4.2.9 Application Root: Fix to setting application-root (-r option) to a relative path. This was preventing log files being opened in some cases. DataSource Libraries 4.2.8 Timezone Offsets: Fix to calculating timezone offsets for zones such as New Zealand which may have an offset of greater than 12 hours. New Features DataSource Libraries 4.2.7 Data Services: Data Services can now explicitly set what kind of data they allow. The default is unchanged which allows active or broadcast data. The new option inside the 'add-data-service' section is 'service-type', eg: add-data-service service-name AAA service-type active (or) service-type broadcast (or) service-type active|broadcast (the default) Version 4.2.8 - 03 Jan 2007 =========================== Bug Fixes RTTP Server 4.2.8 Mapping to same object: Auth module mapping multiple requests from a client to the same object cause incorrect messages to be sent back to the client. This has now been fixed. (PLIBS-112) Version 4.2.7 - 08 Dec 2006 =========================== New Features RTTP Server 4.2.7 Image Filtering: Introduced the option "image-filtering-off" which disables support for image filtering, improving performance by about 25%. Version 4.2.6 - 08 Dec 2006 =========================== Bugs Fixed RTTP Server 4.2.6 Container Images: Fixed a bug where container images updates were causing the existing contents to be removed, but not all references were cleaned up. (PLIBS-69) Object Delete Race Condition: Fixed a bug where an active object being explicitly deleted and then created again could cause a discard to be sent to the datasource after the new request. (PLIBS-80) Monitoring Integration: Removed an issue where multiple monitoring objects for RTTP objects could exist at the same time. Object log: The object log should now contain matched pairs for user requests. (PLIBS-51) was (BTS3217) Timezone offsets: GMT offset now calculated correctly. (PLIBS-65) The offset from GMT is now calculated correctly in many places within the Liberator. (PLIBS-65) Better behaviour under load: The behaviour of the Liberator under load has been improved. (PLIBS-93) OpenSSL Upgrade: The version of OpenSSL used by Liberator is now 0.9.8d (PLIBS-75) Container requests: Requesting container objects with a list of parameters now correctly works. (PLIBS-63) Type 3 connections: An obscure bug has been fixed that could cause a crash when a type 3 connection is receiving very large amounts of data. (PLIBS-86) Startup issue: Fixed an issue with starting up after a license change or another issue with the users database file. (PLIBS-94) SockMon 4.2.4 Command parsing: The socket monitoring module can now accept command parameters containing spaces if the parameter is enclosed within quotes. (PSKMN-1) was (BTS3196) SL4B 4.2.2 Spaces and escaped characters not displayed correctly: Fixed issues with the display of spaces and escaped characters in object names, container names, directory names etc... (PSL4B-10) Master/Slave frames not working in popup window: Fixed issue where a slave popup window could not communicate with its master window. Note: There is still the need to specify the correct document.domain in the popup window. Fixed issue where closing a slave frame would not stop the master trying to connect to it and hence causing a javascript error. (PSL4B-20) Version 4.2.5 - 05 Oct 2006 =========================== New Features None. Bugs Fixed RTTP Server 4.2.5 Requesting Containers with Parameters: When requesting a container object with parameters only the first object in the container would receive the parameters correctly. (PLIBS-63) Disabled batching on initial rttpd connection: Batching on the initial connection caused problems for certain RTTP clients (such as Sentinel) (BTS3249) Object name Encoding: Auto directory requests now encode object names correctly in all circumstances. (BTS3247) Discard of type 200 objects: The discard of type 200 objects incorrectly raised a NOT FOUND message in Liberator 4.2.4. This has now been corrected and a DISCARD OK message is now returned. (PLIBS-55) QDBM 1.8.12: Rolled back to version 1.8.12 of this third party library (was using 1.8.62) to avoid a crash which seems to have been introduced in this version. (PLIBS-53) Invalid Container Fields: Fixed a bug where receiving invalid container fields would cause the Liberator to shutdown. (PLIBS-67) Mapping Auto-directories: When using object-map or mapping by the auth module for a request for an auto-directory the contents would come back with the real name rather than the requested name. This has been fixed. (PLIBS-72) Remapping on auth invalidate: When an auth module invalidates a session and a subscription is mapped to a different object to it's previous mapping the client would only receive the subsequent updates to the new object. This has been changed so the current image of the new object is sent to the client at the time of the mapping. (PLIBS-73) Unmapping on auth invalidate: When an auth module invalidates a session and a subscription is not mapped when it was previous mapped the original mapping remained. This has been changed so the object is unmapped and the session is subscribed to the unmapped object. (PLIBS-74) Version 4.2.4 - 17 Aug 2006 =========================== New Features DataSource Libraries 4.2.3 Connection timeouts: The libraries will now time out DataSource connections if the handshake message hasn't been received within 10 seconds. SL4B 4.2.1 ConnectionListener.credentialsRetrieved callback method: A new callback method, credentialsRetrieved, has been added to the ConnectionListener interface to allow an SL4B enabled page to know when the credentials that will be used to login to the Liberator have been obtained. This is especially useful where a Caplin KeyMaster is used. Bugs Fixed RTTP Server 4.2.4 TCP no delay on https: The TCP no delay option was not set on https socket. This could cause latency on inbound messages following a NOOP. (BTS3204) Race condition could cause crash: A race condition existed that caused a crash should a client logout and an object they requested receive its first update. (BTS3182) Memory leak when unsubscribing to auto directories and containers: A small memory leak was present was unsubscribing to the above object types. Discard then request could cause loss of data: If a client were to request a symbol in the time interval after the active-discard-timeout, but before the DataSource has been told to discard the symbol then clients may not receive the entire fieldset. (BTS3193) Removing a subscription via monitoring generated invalid message: An invalid RTTP message was generated if a subscription was removed using the monitoring system. (BTS3190) Reconnection could cause a crash: If object names weren't mapped then reconnected could cause a crash as a result of some memory optimisation techniques. (BTS3188) Monitoring information not kept updated over restart: Subscription information wasn't updated when a session reconnected. (BTS3187) Reconnection could stop updates: If a user reconnected to a different session thread, updates for any object subscribed by the disconnected session would not be received. (BTS3186) Users database library could corrupt heap Heap corruption in previously supplied QDBM library could destabilise Liberator. The updated QDBM has no known heap corruption issues. Delayed cleanup of listeners malformed Under load client threads may not get processor time to cleanup their subscriptions so they are is done by the removed by the main thread. Previously, the main thread action did not completely remove the subscription. (BTS3140) DataSource Libraries 4.2.3 Off by one allocation with malformed UDP messages: If a UDP message was sent with a starting " or ', but no terminating one, then the argument buffer was allocated one argument too small resulting in a memory access issue and a potential crash. (BTS3134) Minimum bounds for peer heartbeat configurations: Minimum bounds have been placed on the options "heartbeat-time" and "heartbeat-slack-time". (BTS3198, 3201) Peer connections now time out: Incoming and outgoing peer connections now time out should the peer info message have not been received with 10 seconds. Race condition eliminated: Peers reconnecting to and sending data from a different thread from their original one could crash multi-threaded DataSource applications under heavy load. (BTS3087) Never enter user code holding a resource lock: A mutex was held on entering client code. This could cause deadlocks. (BTS3122) SL4B 4.2.1 RTTP message encoding/decoding fixed: Fixed issues with the encoding and decoding of RTTP messages. These issues only manifested themselves if a message included a character that needed to be encoded or decoded, which is typically occurs infrequently. Infinite loop occurs when exception is thrown: Fixed issue where the library entered an infinite loop whilst generating the stack trace for an exception that was thrown during connection or reconnection. KeyMaster use over https: Fixed issue with the request for user credentials from a KeyMaster using https. If the username passed up to the Liberator contained characters such as @ and . the request failed in IE. Version 4.2.3 - 07 Jul 2006 =========================== New Features None. Bugs Fixed RTTP Server 4.2.3 Immediately disconnecting clients may destabilise Liberator: Clients that disconnected while yet awaiting a session initiation response could cause a double delete of write events for the socket during cleanup. (BTS3180) Discard of record subscriptions not paired correctly: Any subscription parameters (such as a filter) were not checked prior to removing fields from a subscription. This could result in subscriptions being incorrectly altered or removed completely. (BTS3179) Java Auth 4.2.1 JavaAuth failed to load due to incorrect native method signature: There was an incorrect method signature on the invalidateSessions method in the JavaAuth native implementation. This is now fixed and Java Auth modules will load successfully. (BTS3084) DataSource Libraries 4.2.2 Monitoring license date incorrect: The license date reported via monitoring was garbage. This is now reported correctly. Multi-threaded DataSources sending data on different threads: DataSources that send data on multiple threads could cause a crash. This is now resolved. (BTS3080). N.B. This issue did not affect Liberator. Socket Monitoring Module 4.2.2 Small memory leak when removing relationships: When using socket monitoring, there was a small memory leak that occurred when a user session logged out of the Liberator or an object was unsubscribed. Memory used after deallocation Under high load in a multi-threaded system, it was possible that the socket monitoring module would use memory after it had been deallocated. This could result in a crash if the monitoring information was subscribed to. (BTS3121) JMX Monitoring Module 4.2.1 Memory used after deallocation Under high load in a multi-threaded system, it was possible that the socket monitoring module would use memory after it had been deallocated. This would result in seemingly random crashes. (BTS3121) Version 4.2.2 - 16 Jun 2006 =========================== New Features RTTP Server 4.2.2 Auto Directory object type: A new auto-subscribing directory object type (229) has been added. An auto directory automatically subscribes its clients to any objects it contains. It also provides forwarding for filter parameters to the contained objects and monitoring of the filter matching state. Sending Only Changed Fields: This feature makes the Liberator compare each update received from its DataSources with the previous update for a given symbol. If any of the fields are the same as previously received, those are not sent out to the client. If no fields have changed in an update, no message will be sent to the client. This feature applies to record types only. OpenSSL: Now compiled against the latest release of OpenSSL - 0.9.8b. See www.openssl.org for details. Simplified Java Configuration: Java related config options have been separated out into their own file. To disable Java simply comment out the java-file config option. Image Filtering: Previous releases have allowed the filtering of updates based on a variety of criteria. Now using the "ifilter=" request parameter it is possible to decide whether the Liberator sends updates based on the aggregated value of the cached image. Diagnostics and Examples Enhanced: Rich-featured SL4B examples have been added to the Liberator served pages. The Object Browsing Tool has been moved to the diagnostics section, which is more in keeping with its use. DataSource Libraries 4.2.1 Stale object cleanup: Stale updates from a data service can now be configured to be deleted after a timeout. This is to prevent build up of cached stale objects in situations where objects available on a service change while the service is limited or down. Modular Event Manager: The main event loop is now modular so different methods can be used for different systems. This is currently only using the same system as previous releases though. Message Batching: DataSource message batching can now be bypassed by setting datasrc-batch-time to 0. SL4B 4.2.0 Reduced number of deployed files: The SL4B deployment release now consists of the minimal number of files. This improves initial startup speed. New object type support: Auto directories, Containers, News headline and News story objects are now supported. Bugs Fixed RTTP Server 4.2.2 Object browsing tool was not effectively secured and provided unauthenticated access to data via the object browser. (BTS3059) Object browser did not correctly reference SL4B. (BTS3073) RTTP Server 4.2.1 Objects requested with parameters should be deleted: Objects requested with additional parameters should be deleted once no longer required. (BTS2745) Misconfiguration of UUPP database no longer causes a lock ups: Prior to opening the UUPP database, a test is made to ensure that we can obtain a lock on the database. Failure to acquire a lock will result in the Liberator exiting rather than waiting to acquire the lock. (BTS2879) Long RTTP Object Names: Prior to this release long object names could crash the Liberator. They are now truncated at the maximum length and the server continues to run. (BTS2935) Negative Session Counts for Type 5 Connections: Status page now correctly reports session counts for each type of RTTP connection. (BTS2946) Containers are not Directories: Attempting to invalidly add objects to Containers as though they were Directories used to crash the Liberator. This has been fixed. (BTS2960) Removing non-contained objects from Containers: Attempting to invalidly remove an object from a Container it was not in crashed Liberator. This has been fixed. (BTS2961) Empty news stories: Previously, news stories that were empty could cause a crash when requested. (BTS3002) Malformed Chat updates: Chat updates messages were unparsable. (BTS3003) Disallow object name collisions: Previously it was possible for a client to create an object with a name that could be supplied by a peer. (BTS3004) News Headline Image: News headlines messages were not always flushed to the client, appearing at some point after they were meant to when another command is issued. (BTS3007) Memory leaks on contribution: Contribution to DataSource peers resulted in a memory leak. (BTS3019) Session count on cluster nodes incorrect: The session count of the number of sessions on other nodes in the cluster was occasionally incorrect. (BTS3022) Broadcast peers could send malformed messages: When reconnecting to a broadcast peer, only as many queued messages as would fit in the socket buffer were sent. This resulted in the Liberator receiving garbled messages. (BTS3034) Containers Validate Objects by number: Items within containers were not checked for their objnum identifier. They are now. (BTS3036) Container parameters not propagated correctly: Container parameters were not being passed correctly to their contents on removal. (BTS3039) Additional locking on queue: Two threads could access the session queue during a reconnect. This led to a race condition which could cause infrequent crashes of the Liberator. A synchronisation method has now been implemented to ensure that this cannot happen. (BTS3041) Sync or no-op prior to login safety: Clients connected but not logged in could sometimes induce undefined Liberator behaviour by sending sync or no-op commands. (BTS3048) SL4B 4.2.0 JavaScript RTTP provider issue fixed: If a subscriber requests an object that has previously been requested by another subscriber, both subscribers received an "image" update, even if the first subscriber had previously been sent the update. This is now fixed. (BTS2984)