Removed some of the included third-party libraries. Some of them were also affected by known vulnerabilities related to very specific use cases.

Fixed a few bugs introduced in version 7.4.4, whereby some correct accesses to the JMX Tree could be refused.
Also fixed an incompatibility with Firefox introduced in version 7.4.4 whereby the JMX Tree was not available on this browser.
The JMX Tree is a part of the Monitoring Dashboard, a diagnostic tool made available to system administrators.

Put a workaround for a rare race condition which could affect subscriptions in COMMAND mode and invalidate the involved Session.

Updated the included versions of some third-party libraries that were affected by known vulnerabilities related to very specific use cases. COMPATIBILITY NOTE: As the new libraries have different names, make sure you have removed the previous version of the libraries upon upgrade. Moreover, if using a custom launch script, ensure that the new libraries are now referred.

Revised error management and access restrictions on the JMX Tree pages, to improve security aspects. The JMX Tree is a part of the Monitoring Dashboard, a diagnostic tool made available to system administrators.

Fixed the previous entry in this changelog, as the build number was 3355, not 3352.

Fixed a bug in the handling of unsubscriptions forced from the Metadata Adapter through the TableInfo objects. Because of the bug, the notification to the client of the unsubscription, expected in the session update stream, was never sent.

Added configuration and proper logging for the new visionOS Clients SDK.
This includes an alignment of the included JMX service, the internal MONITOR Data Adapter, and the Monitoring Dashboard. The Server now exposes:

• SDK for JMX Extensions version 5.8.1

Updated the Web Client SDK Library used by the Monitoring Dashboard and the included demo page.

Added a "server.instance_id" parameter, which contains a random string assigned to the Server process upon startup, to the initialization parameters sent to Remote Data and Metadata adapters. This should simplify architectures in which implementations of different Remote Adapters connected to the same Server instance need to communicate with each other.

Updated the included versions of some third-party libraries. Some of the replaced libraries were affected by known vulnerabilities related to very specific use cases. COMPATIBILITY NOTE: As the new libraries have different names, make sure you have removed the previous version of the libraries upon upgrade. Moreover, if using a custom launch script, ensure that the new libraries are now referred. In particular:

• Updated the included version of the logback library from 1.2.12 to 1.2.13. This library governs the interpretation of the logging configuration file. COMPATIBILITY NOTE: no compatibility issues are expected, but see the logback changelog for any details.
• Updated the included version of the janino library from 3.1.9 to 3.1.11. This library handles the interpretation of the trigger expressions in the MPN Module. COMPATIBILITY NOTE: no compatibility issues are expected; but see the janino changelog for any details.

Updated the Web Client SDK Library used by the Monitoring Dashboard and the included demo page.

Restored the correct build number, as in the previous version it was 2326 instead of 3326 due to a typo.

Because of a fix in the SDK documentation, this Server now exposes:

• SDK for Generic Adapters (i.e. ARI Protocol) version 1.9.2

The protocol syntax has not changed.

Updated the SDKs internally implemented by the Server. This Server version now exposes:

• SDK for JMX Extensions version 5.8.0
• SDK for Java In-Process Adapters version 8.0.0
• SDK for Generic Clients (i.e. TLCP Protocol) version 2.5.0

COMPATIBILITY NOTE: Compatibility with existing Adapter binaries is guaranteed, but for a few corner cases. For any details about possible compatibility issues, refer to the changelog of Java In-Process Adapter SDK version 8.0.0.

As a consequence of the move to Java In-Process SDK version 8.0.0, now the Server uses an asynchronous interface for the invocation of the notifyUser and notifyUserMessage callbacks. As a further consequence, it is now enforced the creation of an AUTHENTICATION and a MSG thread pool for any In-Process Metadata Adapter, similarly to what already holds for Proxy Metadata Adapters. These pools were optional and configurable through <authentication_pool> and <messages_pool> in adapters.xml. If not configured, they will have one fixed thread; if configured, the <max_size> and <max_free> subelements are now optional.
Since these specific pools now send their tasks asynchronously, in order to configure a limit on the number of tasks currently active, a <max_pending_requests> subelement has been added. As a consequence, the contribution of these pools to the backpressure checks in <server_pool_max_queue> has been reduced and it does no longer depend on the <max_size> setting. Moreover, a <max_queue> subelement is now available to perform the same checks locally. COMPATIBILITY NOTE: If an existing configuration relies on the <max_size> setting to fine-tune the backpressure, now it should leverage <max_pending_requests>. As a memo, a <max_size> > 1 with no <max_pending_requests> will trigger a warning log on startup. See <authentication_pool> and <messages_pool> in the template adapters.xml under docs/inprocess_adapter_conf_template for details on these pools and their configuration. COMPATIBILITY NOTE: If existing binaries are used for a Metadata Adapter, then the handling of the AUTHENTICATION and MSG thread pools for this Adapter remains unchanged. As a consequence, the pools' configuration in adapters.xml can be left unchanged and it will remain bound to the specifications for Server version 7.3.x. However, the configuration can also be updated as though the Adapter had become asynchronous; in this case, the pool size would be determined by the <max_pending_requests> element. Note that the description and meaning of the pool metrics made available by the JMX service, the internal MONITOR Data Adapter, and the Monitoring Dashboard have also changed accordingly. COMPATIBILITY NOTE: If existing binaries are used for a Metadata Adapter, hence the handling of the AUTHENTICATION and MSG thread pools for this Adapter remains unchanged, their JMX metrics will remain those described by the SDK for JMX Extensions version 5.7.0.

Introduced a <async_processing_threshold_millis> property to configure warning log messages when asynchronous tasks sent to an AUTHENTICATION or MSG thread pool are not returning for long time. This regards both the new case of In-Process Adapters and the existing case of Remote Adapters. In the latter case, <max_task_wait_millis> was used before to configure this check.

As a consequence of the move to Java In-Process SDK version 8.0.0 and Generic Clients SDK version 2.5.0, now the Server supports response messages for client sendMessage requests. Note that if the client protocol or request type does not support the reception of responses, any response provided by the Metadata Adapter will be just discarded (and, for non-null responses, this will be notified via a DEBUG level log).

Revised the encoding used to convey texts in simple TLCP messages. Whereas non-ascii characters were sent through UTF8-based percent-encoding, now they are directly sent in UTF8. This applies to all TLCP versions supported. In particular, the change regards custom error messages (which, for instance, could be supplied by the Metadata Adapter in a CreditsException) reported by CONERR, MSGFAIL, END, and REQERR. This also regards any configured "control link" reported by CONOK. COMPATIBILITY NOTE: The use of UTF8 encoding is possible in all TLCP versions supported and the optional use of UTF8-based percent-encoding is allowed on all characters. Hence all clients are already expected to accept and read the messages in both forms.

Enforced the use of UTF-8 as the charset on various HTTP textual responses where previously ISO-8859-1 used to be declared. This includes the responses to streaming and control requests in the old text and javascript protocols. COMPATIBILITY NOTE: All HTTP user agents are expected to support UTF8, which is a recommended standard, hence no issue is expected. As for old clients based on the SDK for Generic Clients versions 3.x to 6.x (which use the old text protocol), they are also supposed to lean on a standard HTTP implementation; but even if they use a custom implementation, they were not instructed by the protocol specifications to restrict the range of declared charsets to accept, since the expected responses are pure ASCII. Note that this does not regard custom files that can be provided via configuration. Added notes in the configuration file to clarify that for these files ISO-8859-1 is still assumed.

Updated the included versions of some third-party libraries. COMPATIBILITY NOTE: As the new libraries have different names, make sure you have removed the previous version of the libraries upon upgrade. Moreover, if using a custom launch script, ensure that the new libraries are now referred. In particular:

• Updated the included version of the logback library from 1.2.11 to 1.2.12. This library governs the interpretation of the logging configuration file. COMPATIBILITY NOTE: no compatibility issues are expected, but see the logback changelog for any details.
• Updated the included version of the janino library from 3.1.7 to 3.1.9. This library handles the interpretation of the trigger expressions in the MPN Module. COMPATIBILITY NOTE: no compatibility issues are expected; but see the janino changelog for any details.

Removed unwanted checks on configured truststores, which were meant only for keystores.

Fixed a bug that caused the <notfound_page> setting in the <web_server> block to behave incorrectly.

Fixed a bug in the handling of <service_url_prefix> which caused some wrong prefixes to be partially accepted.

Updated the included third-party NSSM executable in the bin/windows folder. This tool allows for installation and deinstallation of the Server as a service under Windows. The provided installation and deinstallation scripts have been changed accordingly. COMPATIBILITY NOTE: If the Install_LS_as_Service-NT.bat script was modified to customize some properties, it should be aligned. As a consequence of the update, NSSM now handles the restart of the LS Server process directly (a feature that was discontinued since Server version 6.0). Hence, to have automatic restart upon Server crash it is no longer needed to enforce the policy by setting the 'Recovery' property of the service on Windows. See Install_LS_as_Service-NT.bat for more notes. COMPATIBILITY NOTE: If the Server is currently installed as a service, it can be updated without being affected by this change; the change will take place only on the next installation.

Added notes on how to launch the Server manually. See README.TXT in the "bin" folder.

Fixed a check in the <rmi_connection> block configuration, which could have issued a warning message stating that users are configured when they are not.

Modified the handling of null descriptions provided by the Metadata Adapters to CreditsExceptions, according to clarifications in Java In-Process SDK version 8.0.0. Now an empty string will be forwarded to the client instead of the "null" string. COMPATIBILITY NOTE: Existing Adapters, including Remote ones, relying on the clients receiving "null" upon a null description should be aligned. This is obviously an unexpected case.

Revised the included Clustering.pdf document to take into account the latest generation of client SDKs based on the "websocket-first" Stream-Sense policy.
Also simplified the document, by removing balancing scenarions not related to production (i.e. non-TLS scenarios).
Moreover, simplified the document by removing the coverage of very old Client SDK versions and legacy SDKs. COMPATIBILITY NOTE: Since deployments which include old clients are still allowed, for full coverage of the case it can be possible to stick to the previous version of the document included in Server version 7.3.3, which is still valid for 7.4.0.

Added a log line upon new sessions which relates it with the user. This could be useful to trace user activity.

Incremented the minor version number. COMPATIBILITY NOTE: If running the Server with a license file, an upgrade of the license file will be mandatory. Note that the license file encoding has changed; hence, license files suitable for 7.4 will not work for previous versions.

Improved the way in which a Proxy Data Adapter and a Remote Data Adapter communicate, as now a single TCP connection can be used to carry all the traffic previously carried by two connections. In practice, the "notify_port" property in the <data_provider> block of adapters.xml is now optional and, if not valued, all traffic will flow on the request/reply port.
Obviously, leveraging this option would require a corresponding behavior in the Remote Server. This means that the new single-connection behavior cannot be leveraged with existing Remote Servers, unless they are modified accordingly. If a Remote SDK library is used, this may or may not require also a library update. In particular, the Java, .NET Standard, and Node.js SDK libraries will work seamlessly if provided with the same stream for both the Replies and Notifications channels; just ensure, in Java and .NET Standard, that the Stream object passed is thread-safe.

Revised the Adapter Remoting Infrastructure documentation and the comments in the configuration templates to emphasize that now the single-connection behavior for Proxy/Remote Data Adapter communication is the normal one and the two-connections behavior is only a secondary option available for backward compatibility. In fact, Remote Servers based on most recent SDK versions may even no longer support the two-connections behavior.
Accordingly, in the factory configuration in the templates of adapters.xml, the "notify_port" property is now commented out.
Also revised some terminology to clarify that now the "replies channel" and the "notifications channel" are no longer separated, but rather the "replies channel" has the "notifications channel" and a "pure-replies channel" as its subparts. COMPATIBILITY NOTE: The new terminology may differ from the previous one on some points. A check of the documentation is advisable.

Extended the possibilities to authenticate the Remote Adapters, by enforcing the request of a client certficate for TLS connections through the new "tls.force_client_auth" configuration parameter for adapters.xml.
Moreover, introduced the possibility to configure a custom truststore, through the new tls.truststore.* configuration parameters for adapters.xml.

Introduced the possibility to configure a Proxy Adapter to open its connection to the Remote Adapter rather than vice-versa. See the new "remote_host" parameter for the <metadata_provider> and <data_provider> blocks of adapters.xml. A related parameter, "connection_retry_millis", has also been added.
Obviously, leveraging this option would require a corresponding behavior in the Remote Server. This means that the connection inversion behavior cannot be leveraged with existing Remote Servers, unless they are modified accordingly. If a Remote SDK library is used, this doesn't require a library update. However, if the Python SDK library is leveraged, then this option is currently not supported.

As a consequence of the aforementioned extensions, this Server now exposes:

• SDK for Generic Adapters (i.e. ARI Protocol) version 1.9.1

However, the protocol syntax has not changed, but only the documentation.

Revised the behavior when the old two-connections behavior is configured for a Remote Data Adapter and only one of the two connections is established and later fails, due to inactivity. Previously, the Proxy Adapter would keep waiting for the second connection; now it reopens both ports for reading, starting a new attempt, which yields better logs and diagnostics.

Fixed incorrect behavior when the Server is configured to acquire the client "principal" from a client TLS certificate on a listening port. If the client certificate is optional and not provided, the base version of the NotifyUser message (NUS) was issed, whereas, according with the documentation, the extended version (NUA) with a null third argument (i.e. principal) should have been issued.

Revised the behavior when a non-robust Proxy Adapter fails after initialization but before Server startup completion. The Server startup will now fail.

Added forgotten notes about the handling of subscriptions and unsubscriptions, which is slightly different and cannot be inferred from the in-process interface.

Fixed the port numbers reported in the "Must close any pending connection" log.

Clarified in the adapters.xml templates the implications of the <metadata_adapter_initialised_first> flag for Proxy Adapters.

Added the detection of an optional "SDK" parameter in "RAC" messages, available to Remote Servers to specify the involved SDK and have it logged at INFO level.

Updated the included versions of a few third-party libraries because of security advices which may affect the MPN Module (note that such libraries are not even loaded by the Server if the MPN Module is disabled). COMPATIBILITY NOTE: As the new libraries have different names, make sure you have removed the previous version of the libraries upon upgrade. Moreover, if using a custom launch script, ensure that the new libraries are now referred.

Fixed a bug affecting subscriptions in DISTNCT mode with request of the snapshot and unfiltered dispatching. In some cases, after receiving the snapshot, the whole update flow was blocked.

Fixed a bug in the recently introduced support for delta delivery based on diffs, whereby, if both JSON-Patch and TLCP-diff had been enabled for the same field, a JSON-Patch diff could have been followed by a TLCP-diff, which may yield the wrong result on the client. In fact, a value rebuilt on the client with JSON-Patch is equivalent to the Server-side value as a JSON structure, but it may not be the same as a text; hence a subsequent application of the TLCP-diff on the client side may be done from a wrong starting point.
Now, to simplify the operations, at most one of these two diff types will be chosen for use for each field, and this will be determined in advance, based on the diff preference order specified for the field and the client side support.
Note that the bug affected only the SDK for Generic Clients and the SDK for Python Clients, as no other client SDK compatible with Server version 7.3.0 supports both JSON-Patch and TLCP-diff.

Fixed a bug on the handling of the unsubscription from a COMMAND mode item, which, under rare conditions, could have caused an update event for the item to be sent to the client after the notification of the unsubscription. In fact, this race condition is forbidden by the protocol specifications; however, it is harmless for the SDK client libraries, so it might only have affected clients directly leveraging the protocol (i.e. based on the SDK for Generic Clients).

Updated the included versions of a few third-party libraries because of security advices that, anyway, did not affect LS Server. COMPATIBILITY NOTE: As the new libraries have different names, make sure you have removed the previous version of the libraries upon upgrade. Moreover, if using a custom launch script, ensure that the new libraries are now referred.

Revised the sample adapters.xml to comply with the improved LiteralBasedProvider class included in the latest 7.4.1 version of the SDK for In-Process Adapters. Note that, in order to take advantage of the extension, the SDK library version 7.4.1 should be deployed, by replacing library version 7.4.0 currently included in the lib/adapters folder.

Fixed the warnings about "very old" versions of the Android Client SDK, which could also apply to recent versions.

Updated the included versions of some third-party libraries; also added a few more libraries and removed some. COMPATIBILITY NOTE: As the new libraries have different names, make sure you have removed the previous version of the libraries upon upgrade. Moreover, if using a custom launch script, ensure that the new libraries are now referred. In particular:

• Updated the included version of the slf4j library from 1.7.25 to 1.7.36. This library can be accessed by custom code from Adapters configured for the "log-enabled" ClassLoader. COMPATIBILITY NOTE: no compatibility issues are expected, but see the slf4j changelog for any details.
• Updated the included version of the logback library from 1.2.9 to 1.2.11. This library governs the interpretation of the logging configuration file. COMPATIBILITY NOTE: no compatibility issues are expected, but see the logback changelog for any details.
• Updated the included version of the janino library from 3.1.2 to 3.1.7. This library handles the interpretation of the trigger expressions in the MPN Module. COMPATIBILITY NOTE: no compatibility issues are expected, but only improvements in the supported syntax; but see the janino changelog for any details.
• Updated the libraries used for the implementation of the JMX Tree.

Updated the SDKs internally implemented by the Server. This Server version now exposes:

• SDK for JMX Extensions version 5.7.0
• SDK for Java In-Process Adapters version 7.4.0
• SDK for Generic Clients (i.e. TLCP Protocol) version 2.4.0

COMPATIBILITY NOTE: Compatibility with existing Adapter binaries is guaranteed, but for a few corner cases. For any details about possible compatibility issues, refer to the changelog of Java In-Process Adapter SDK version 7.4.0.

Introduced the support for delta delivery based on sending to the client the difference between the previous and new value of a field, provided that the client supports the handling of the "diff" format (support that is being progressively added to the various client SDKs). Multiple "diff" formats are available and they are tried with an order of preference that can be specified by the Data Adapter or by the new <default_diff_order> configuration element. Whether or not to use a "diff" format also depends on efficiency reasons.
At the moment, two formats are supported:

• JSON Patch (and the <jsonpatch_min_length> configuration flag has been added to regulate its use). Note that this case is applicable only on values that are valid JSON representations.
• TLCP-diff, a custom encoding which is a compact and reduced variant of the "unified diff" format (see the SDK for Generic Clients for details). The computation of the differences to be represented in TLCP-diff is performed using Google's "diff-match-patch" algorithm.

The extension involves the addition of a few third-party libraries. COMPATIBILITY NOTE: If using a custom launch script, ensure that the new libraries are referred. See the lib/core folder.

Extended the <https_server> configuration block to allow for extended configuration of the TLS implementation for each listening port. In particular, added the <TLS_provider> element, to configure the security provider, overriding the default JVM configuration. Also added <TLS_session_cache_size>, <TLS_session_timeout>, and <enable_stateless_TLS_session_resumption>, to provide more control on the session resumption feature.

Added the binaries of the Conscrypt security provider. Hence it can now be used for any listening port instead of the JVM default provider by simply naming it in the new <TLS_provider> element in the <https_server> configuration block.
The Conscrypt provider is maintained by Google based on openssl code. Be aware that it includes native code and that it only targets the main platforms; see the Conscrypt documentation for these details.

Fixed a bug that could prevent a change of the expiry date of an online license occurring after Server startup from being reported in the Monitoring dashboard.

Fixed a bug that could have caused some thread pool queue wait statistics to yield the MAXINT value when the MPN Module was enabled. This affected the JMX Extension SDK (including the JMX Tree), the internal MONITOR Data Adapter and the Internal Monitor log.

Fixed an overflow bug on the handling of the <device_inactivity_timeout_minutes> configuration elements within the <mpn> block. The overflow occurred for values of about one month or longer and caused the configured timeout to become negative.
Fixed a similar bug also on <collector_period_minutes> within <mpn>. In this case a (quite unexpected) value of about one month or longer would have caused the MPN Module startup to fail.

Extended the support of the <service_url_prefix> setting to allow for the specification of multiple prefixes through multiple occurrences of the element.

Added support for reporting the licensing of the new Python Client SDK. This includes the JMX service, the internal MONITOR Data Adapter, the Monitoring Dashboard, and the licensing section of the preinstalled welcome page.
Also added suitable support for the Python Client SDK in lightstreamer_edition_conf.xml.

Revised MPN Module database transactions to reduce possible issues with optimistic locking.

Improved the MPN Module log, with statistics on database transactions.

Revised the "JMX Tree" tab of the provided Monitoring Dashboard:

• Fixed a bug in the rendering of some values.
• Improved the rendering of tabular values in the Edition MBean.
• Explicitly spotted possible null values in lists and maps.
• Removed from the MBean listing the Timer MBean, which was meant to be for internal use.

Changed the supplied logo, which is now /lightstreamer/logo.svg and updated the preconfigured error page, ErrorPage.html, accordingly. COMPATIBILITY NOTE: If you have configured a customized error page, which, nevertheless, still links Lightstreamer internal logo, it should be aligned as well.
Also updated the logo and, accordingly, revised the coloring of the supplied Monitoring Dashboard; moreover, updated the Web Client SDK used by the Dashboard to the latest 8.0.6 version.
Similarly, improved the preinstalled Welcome Page.

Incremented the minor version number. COMPATIBILITY NOTE: If running the Server with a license file, an upgrade of the license file may be needed.

Extended the embedded Proxy Adapters. This Server now exposes:

• SDK for Generic Adapters (i.e. ARI Protocol) version 1.9.0

In particular ARI Protocol version 1.9.0 has added the support for the remotization of all the features offered by Java In-Process SDK 7.3 API that were still missing in protocol version 1.8.3.
Another extension regards the support of the submission from Remote Data Adapters of information on the order of application of the available "diff" algorithms. This enables the newly introduced delta delivery improvement.
The support, by the Proxy Adapters, of all versions of the ARI protocol previously supported has been kept.

Fixed a possible race condition with the Robust Proxy Metadata Adapter, whereby, upon the initialization of the first or a recovered Remote Metadata Adapter, some requests could be sent to the Remote part before the initial MPI request had been fully processed.

Fixed a rare race condition that could occur upon the failure of a connection attempt of a Robust Remote Metadata Adapter. When triggered, it could have interrupted the connection attempts.

Added robustness against (pointless) null or empty Mode arrays received.

Fixed a typo in the log, as "Inner Proxy Data Adapter initialization failure" could be written also for the Metadata Adapter case.

Added in the ARI protocol documentation notes on the asynchronous pools introduced in previous releases, which had been forgotten.

Updated the included versions of some third-party libraries. This also applies all security fixes of the logging libraries available at the time of release. COMPATIBILITY NOTE: As the new libraries have different names, make sure you have removed the previous version of the libraries upon upgrade. Moreover, if using a custom launch script, ensure that the new libraries are now referred. In particular:

• Updated the included version of the logback library from 1.2.3 to 1.2.9. This library governs the interpretation of the logging configuration file. COMPATIBILITY NOTE: no compatibility issues are expected, but this library has introduced a few minor non-backward-compatible changes; if leveraging uncommon configuration settings, see the logback changelog for any details.
• Changed the Connection Pooling library used by the MPN Module, from c3p0 to HikariCP. As a consequence, the factory configuration of c3p0 embedded in the hibernate.cfg.xml file under conf/mpn has also been replaced with factory settings for HikariCP. COMPATIBILITY NOTE: if a custom configuration of c3p0 had been specified in hibernate.cfg.xml for any reason, then, for the same reason, it may be needed to also customize the new factory configuration for HikariCP, according with HikariCP documentation.

Fixed the disposal of a MPN Module, which happens in case of recovery or deactivation. Previously, the module's database connections were not forcibly closed, which could have caused a memory leak, significant in case of recurring recovery.

Clarified in the configuration file what configuration blocks are optional.

Introduced the LightstreamerLogger.mpn.lifecycle and LightstreamerLogger.mpn.operations loggers to produce all MPN Module log that was previously issued by the root LightstreamerLogger.mpn logger.
Also extended this log at DEBUG level to better trace internal operations.

Added item details to the log of illegal updates received from the Data Adapter for COMMAND mode items.

Revised error log upon connection attempts, to remove stack traces and fix a typo. Now, to see the stack traces, setting the LightstreamerProxyAdapters logger as DEBUG is needed.

Fixed a bug in the initialization of the MPN Module introduced in version 7.2.0, by which, in case of initialization failure, a NullPointerException could have been reported instead of the real cause of the initialization issue.

Removed the versioning of the Adapter Remoting Infrastructure. The latter is now an internal part of the Server and its changelog is now reported in the "Adapter Remoting Infrastructure" sections of the corresponding Server versions, also for the past history.
In fact, all the current versions of the Remote Adapter SDKs now express their compatibility requirements with respect to the Server version, not the Adapter Remoting Infrastructure. As a consequence, all the Remote Adapter SDKs that express their compatibility with respect to "Adapter Remoting Infrastructure" are now formally unsupported by this Server version. COMPATIBILITY NOTE: If an existing installation of Server 7.1.x uses compatible Remote Adapter SDKs, it is still guaranteed that it can be upgraded and all Remote Adapters will be supported unchanged.

Updated the JMX and Generic Client SDKs internally implemented by the Server. This Server version now exposes:

• SDK for JMX Extensions version 5.6.0
• SDK for Java In-Process Adapters version 7.3.0
• SDK for Generic Clients version 2.3.0
• SDK for Generic Adapters version 1.8.3 (through the embedded Adapter Remoting Infrastructure

Updated the included versions of some third-party libraries; also added a few more libraries and removed some. COMPATIBILITY NOTE: As the new libraries have different names, make sure you have removed the previous version of the libraries upon upgrade. Moreover, if using a custom launch script, ensure that the new libraries are now referred. Among the others, the updated libraries include:

• The libraries needed by the MPN Module to send push notification requests to the Apple™ and Google™ services.
• The janino library, from 3.0.7 to 3.1.2. This library handles the interpretation of the trigger expressions in the MPN Module. COMPATIBILITY NOTE: no compatibility issues are expected, but only improvements in the supported syntax; but see the janino changelog for any details.

Enforced the creation of an AUTHENTICATION and a MSG thread pool for any configured Proxy Metadata Adapter. These pools were optional and configurable through <authentication_pool> and <messages_pool> in adapters.xml. If not configured, they will have one fixed thread; if configured, the <max_size> and <max_free> subelements are now optional.
These specific pools send their tasks asynchronously, but, previously, there was no direct way to limit the number of tasks currently active. Now a <max_pending_remote_requests> subelement has been added to this purpose. As a consequence, the contribution of these pools to the backpressure checks in <server_pool_max_queue> has been reduced and it does no longer depend on the <max_size> setting. Moreover, a <max_queue> subelement is now available to perform the same checks locally. COMPATIBILITY NOTE: If an existing configuration relies on the <max_size> setting to fine-tune the backpressure, now it should leverage <max_pending_remote_requests>. As a memo, a <max_size> > 1 with no <max_pending_remote_requests> will trigger a warning log on startup. See <authentication_pool> and <messages_pool> in the template adapters.xml under docs/remote_adapter_conf_template for details on these pools.
For all other Metadata Adapters, nothing has changed related to these two pools.

Added robustness to malfunctioning of the MPN Module (possible, for instance, because of database connection issues). Now the Server can run with an inactive module. In particular:

• Introduced the <activate_on_startup> configuration element in the <mpn> block, to allow for configuration of Server startup with an inactive module.
• Introduced the "max_delay" attribute for <activate_on_startup>, to allow for configuration of background startup of the module (see the setting description for details).
• Added support for JMX operations to deactivate and restart the module.
• Introduced the <module_recovery_enabled> configuration element in the <mpn> block, to suppress the attempt to restart a module upon failure of diagnostic checks.
• Improved the "MPN internal Data Adapter" (see the General Concepts document) to better cope with module restart. Before, upon module restart, the existing subscriptions would yield no more updates.

Improved the implementation of the MPN Module with respect to database interaction. This has also requested a slight modification of the included Device.hbm.xml file. COMPATIBILITY NOTE: Existing installations enabling the MPN Module are not expected to modify this file, but the possibility was left, in case it was needed to support particular database installations. Only in such cases, the modification should be ported to the new version of the file.

Improved the implementation of the MPN Module by splitting a potentially long transaction used by a periodic housekeeping task. This should add robustness and prevent some observed issues with database operations from being magnified.

Slightly changed the way in which MPN subscription requests are submitted to the Metadata Adapter for authorization. The trigger expression and the notification format supplied to the "mpnSubscription" parameter of the "notifyMpnSubscriptionActivation" callback are now preliminarily converted by replacing any "named arguments" with the corresponding "indexed arguments". COMPATIBILITY NOTE: Existing Metadata Adapters that perform validation of the notification format and/or the trigger expression need to be aligned only if they expressly expect named arguments and forbid indexed arguments in some part of the format/trigger. Note that the validations of trigger expressions through the Metadata Adapter and through the configured regular expressions are now based on the same value.
Moved the validation of the trigger expression through the configured regular expressions before the validation of the whole MPN subscription request through the Metadata Adapter. This could save Adapter invocations in case of malformed triggers.

Revised the log, with several improvements. This involved new log messages, but also modification of log messages and even transferring some log messages to different loggers. To this purpose, a few new loggers have also been introduced. See lightstreamer_log_conf.xml for details.
In particular:

• The DEBUG log that, on startup, reports the TLS protocol and cipher suites made available by the JVM is now issued on the new LightstreamerLogger.io.ssl logger
• The operations associated to client connections and the other kinds of operations now log on separate loggers. In the former case, all log lines will report the IP address and port of the involved connection.
  This change is also reflected by the Internal "MONITOR" Data Adapter, which supplies the log messages with their CLIENT.IP and CLIENT.NAME attributes. The Monitoring Dashboard also provides this information.
• Improved and extended the log of session lifecycle events.
  A notable change regards the log of closed sessions and their "cause code", which is now issued on LightstreamerLogger.pump; however a log of the closure is still issued on LightstreamerLogger.requests and now it reports the IP address of the initiating request.
• Improved the INFO log of the MPN module to add details on served devices.
  Also revised the MPN module startup log and simplified the MPN error log messages.
• Revised the startup log and moved some license-related log from LightstreamerLogger.init to LightstreamerLogger.license.
• Improved the handling of the log produced by the included third-party libraries. Also included a few libraries previously not handled and fixed the inclusion of a few libraries that was lost in the 7.1 upgrade. A resume on third-party library log is at the end of lightstreamer_log_conf.xml.

Incremented the minor version number. COMPATIBILITY NOTE: If running the Server with a license file, an upgrade of the license file may be needed.

Fixed a rare race condition involving duplicated subscription requests (usually due to connectivity issues), which could cause notifyTablesClose to be invoked earlier than the real subscription termination, and a NullPointerException to be reported in the log.

Fixed a bug in the management of the recently introduced getSessionTimeToLive method of the Metadata Adapter interface. If the method invocation had thrown an exception, the session establishment would have failed, but after invoking notifyNewSession and without invoking the corresponding notifySessionClose.

Fixed a bug in the management of the LS_ttl_millis parameter of the create_session request recently introduced in TLCP 2.2.0. If the timeout check had caused the interruption of session establishment just after the invocation of notifyNewSession, the corresponding notifySessionClose would not have been invoked.

Fixed a bug that could have been triggered by large updates on WebSockets, which involved the splitting of message into frames. When occurring, some responses to control requests could have been delayed, usually slightly.

Fixed a bug in the algorithm which temporarily enlarges the TCP send buffer, which could have caused the send buffer to be reduced back too early. This cannot have caused malfunctionings, but only possible inefficiencies, also depending on the underlying TCP implementation.

Fixed the installation script for Debian Linux, by adding to the installed "stop" operation the final check for the closure of the Server process. In fact, without this check, the "restart" operation could fail to launch a new Server.

Replaced the obsolete "osx_client" keyword with "macos_client" for the <optional_features> configuration block of lightstreamer_edition_conf.xml. COMPATIBILITY NOTE: Current configuration files should be aligned, but this is really needed only if the keyword is actually leveraged (i.e. <restricted_feature_set> is set to Y).

Fixed the display of user names in the usernameList attribute of the Resource MBean in the JMX Tree: when a user name supplied as null had to be reported, $i was displayed in the list; now <null> will be displayed.

Added a trailing CRLF to the WSOK response messages, introduced in TLCP since 2.2.0, to align with the policy used for other response messages. COMPATIBILITY NOTE: This is not supposed to hurt existing clients, since, according to the TLCP protocol specifications, a trailing CRLF is optional for all WebSocket response messages; in fact, the new policy is compatible with existing client libraries. Only custom clients based on SDK for Generic Clients version 2.2.0 and relying on the Server sticking to the previous policy should be modified.

Removed the "-Dcom.sun.xml.bind.v2.bytecode.ClassTailor.noOptimize" JVM command line argument from the launch scripts, as no longer necessary.

Added a check on the SDK versions of the clients that connect to the Server. In case of SDKs too old, an informative warning is issued. Note that, anyway, all clients, no matter how old, are still supported.

Enforced unicity checks on the "name" attributes supplied to the <http_server> and <https_server> configuration elements. This condition was already needed for full functionality, but not enforced. COMPATIBILITY NOTE: Current configuration files that contain duplicate names have to be revised, otherwise the Server startup will fail.

Added the <disable_long_list_properties> setting in the <jmx> block. When set to Y, all properties provided by the JMX service that can return extremely long lists are disabled and only return a reminder.

Extended some boolean configuration elements with a "AUTO" value to allow for explicit specification of the default behavior when this default is different from both Y and N case.
Modified the default setting of the <use_enriched_content_type>, <use_http_11>, and <use_chunked_encoding> configuration elements to Y. The value Y has been their setting on the factory configuration file for long time; now the factory setting has been removed. COMPATIBILITY NOTE: In existing installations in which some of these elements is not set, we suggest accepting the new default. Otherwise, the previous default should be set explicitly; for <use_enriched_content_type> it is N, whereas for <use_http_11>, and <use_chunked_encoding> the newly added AUTO value should be used. Also discontinued the support of <use_chunked_encoding> inside the <content_length> block, introduced in very old versions. COMPATIBILITY NOTE: If an existing configuration file follows this old syntax, the Server startup will fail, hence the element will have to placed outside the block.

Removed a limitation on the configuration of the JMX RMI Connector, whereby the <listening_interface> setting was not always supported.
Also improved the runtime change of the keystore for the JMX RMI Connector by fixing a few corner cases.

Addressed an inefficiency in the handling of TLS renegotiation.

Improved the scalability of the implementation of the Data Adapter's "update" methods, by leveraging the EVENTS thread pool. Note that this does not regard the "smartUpdate" methods, that are still executed inline.

Extended the backpressure actions associated to the <prestarted_max_queue> setting to all those pertaining to <server_pool_max_queue>.

Improved robustness to unexpected errors in connection management.

Improved the checks on the liveness of the Client connection during the elaboration of create_session requests.

Improved the handling of errors in control requests.
In case of requests issued before a previous session creation request has established the session, a failure of the creation request will no longer be treated as a syntax error of the control request, but as a "sync" error.
Also added the identification of the failed requests in the error responses, in some cases in which it was missing.

Introduced an optional startup check that the JMX configuration and initialization enables the supplied "stop" script. Added the <ensure_stopping_service> configuration element to enable the check.

Enforced null values on DELETE events sent to the client in COMMAND mode for all fields different from "key" and "command". In fact, the semantic of the event is that such values should be ignored. Hence, setting non-null values for them by a Data Adapter is pointless, although it is not forbidden by the interface contract. Note that such values would still be visible to selectors and customizers, as well as to subscriptions in RAW mode.

Reorganized the ClientLibs list provided by the JMX service through the EditionDetailsMBean and, similarly, the list returned by the internal MONITOR Data Adapter through the monitor_client_libs item.

Revised the suggested settings of <allow_protocol> and <remove_protocols> in the <https_server> block, to include TLS 1.3 where available. This applies also to the <rmi_connector> block under <jmx>.
Also revised the suggested settings of <remove_cipher_suites> in the same blocks, to no longer include a rule for the _DHE_ pattern, as this rule was too broad, and also matched recent suites that are good, whereas the old undesirable suites to be removed due to this rule are actually no longer supported by the recent JVMs.

Revised the launch scripts LS.bat and LS.sh to look for a JAVA_HOME environment variable, unless a JAVA_HOME variable setting is manually added in the script. If none is available, an attempt to find the java executable in the current path will be performed. This increases the probability that a test run of the Server can be done successfully without any intervention on the scripts. COMPATIBILITY NOTE: If using a custom script, this change need not be ported; if ported, just keep the existing definition of JAVA_HOME uncommented.

Clarified in the General Concepts document the limitations related with the special Data Adapter supplied by the MPN Module to query the state of MPN requests.

Revised the included template of adapters.xml for the configuration of in-process Adapters, to remove any reference to demo adapters and only use placeholder names.

Extended the PRODUCTION_SECURITY_NOTES.TXT document to resume how to configure the information that is sent to the clients as part of the protocol.

Updated the client library included in the Monitoring Dashboard to SDK for Web Clients Version 8.0.3.

Removed the "adapter_remoting_infrastructure" folder; now its contents have been merged in the "docs" folder.

Revised the management of the internal caches by the Proxy Metadata Adapter. This addresses potential memory leaks caused by caching of item-related requests, that were possible when temporary item names are used and continuously replaced and were emphasized when many clients are allowed to share the same user name (possibly null).

Added the "clear_on_new_remote" parameter for Robust Proxy Metadata Adapters. See the sample adapters.xml file for robust proxies for details.

Discontinued the possibility to configure the "remote_params_prefix" parameter as an empty string to send all parameters to the remote counterpart. COMPATIBILITY NOTE: If an existing configuration leverages this possibility, it should be changed, otherwise the Server startup will fail. In order to send parameters, a prefix should be configured and any reserved (i.e. non-custom) parameter to be sent should be duplicated to a prefixed one.

Revised internal exceptions, with impacts on the log of connection issues, which has also been extended and refined.

Enforced the check that the Remote Adapter's authentication message can only be the first message on a request-reply channel.

Improved the log to notify the use by Robust Proxy Metadata Adapters of the configured <notify_user_on_disconnection> and <notify_user_disconnection_code> parameters.

Improved Proxy Adapter startup log and fix possible missing error log upon startup failure.

Changed the distribution package, by removing the "DOCS-SDKs" folder. Now the SDK resources, including their changelogs, can only be found by browsing the download page (or from their online repositories, where available). For the Server's own documentation resources, a new "docs" folder has been added.
The template of adapters.xml for the configuration of in-process Adapters is also available inside the "docs" folder.
Note that this Server version is internally based on:

• Adapter Remoting Infrastructure version 1.9.8
• SDK for JMX Extensions version 5.5.6
• SDK for Java In-Process Adapters version 7.3.0
• SDK for Generic Clients version 2.2.0

Moved and renamed the ls-adapter-interface jar in the internal Server deploy. COMPATIBILITY NOTE: Consider the change if trying to upgrade an existing installation. Moreover, if using a custom launch script, ensure that the new library location is now referred.

Upgraded a few included third-party libraries to address related security issues. COMPATIBILITY NOTE: As the updated libraries have different names, if upgrading an existing installation, make sure you have removed the previous version of the libraries first. Moreover, if using a custom launch script, ensure that the new libraries are now referred.

Extended the configuration of CORS permissions, by accepting any scheme as the "scheme" attribute of the <allow_access_from> element. This addresses a compatibility issue with ionic and possibly similar tools, which prevented the configuration of CORS restrictions when clients built with such tools were used. However, for backward compatibility, setting scheme="*" is still expanded with http and https only, although setting scheme="*" host="*" port="*" still accepts everything.
Also added a startup WARN log on inconsistent configuration.

Fixed the notes on MPN module enablement in the configuration file, to inform that this introduces a reserved URL path needed to support special requests related to the support of Web Push Notifications on Safari. In fact, the introduction dates back to version 7.1.0.
Also added the <apple_web_service_path> configuration element, which is needed to configure the reserved URL path. This was also available since version 7.1.0, but its documentation was forgotten.
Revised the handling of unrecognized requests based on the reserved URL path: the Server now returns a 400 rather than a 404 error.
Added in the General Concepts document the missing notes on how to refer to the reserved URLs.

Fixed the implementation of the getCurrClientVersions operation of the ResourceMBean supplied by the JMX service. Previously, the returned map triggered an error in external clients; the JMX Tree was unaffected.

Added startup WARN logs on inconsistent configurations of credentials where available.

Improved the JMX Tree, by adding robustness upon the invocation of operations by leaving empty fields for the parameter values.

Improved robustness upon communication issues that may occur during online license checks.

Clarified in the Clustering.pdf document the different consequences of the "Application Stickiness" options on the various kinds of client SDKs.

Revised the included welcome page resources, so as to use log4j 2 instead of log4j 1.2 for the adapter implementation.

Moved the "adapter_remoting_infrastructure" folder, which includes the provided resources, from inside the old "DOCS-SDKs" to the main "Lightstreamer" folder. Also renamed the subfolders used to contain the templates of adapters.xml for the configuration of remote Adapters.
The Adapter Remoting Infrastructure changelog has also been separated from the Server changelog and placed in the "adapter_remoting_infrastructure" folder.

Fixed a bug in the MPN Module which prevented clients based on the SDK for Web Clients and running on Safari from sending Web Push Notifications.

Fixed a protocol compliancy error in HTTP request parsing which could have caused the Server to be subject to request smuggling attacks when coupled with a vulnerable Load Balancer.

Fixed a bug in the logging subsystem triggered by TLCP clients, whereby some errors in request processing, reported to the clients with codes 67 or 68, were never logged on the Server.

Fixed the output of the LightstreamerMonitorTAB logger; in fact, in the initial line, the header of the recently added column for refused session count was missing, also causing a mismatch of all subsequent columns.

Fixed missing handling of some runtime exceptions that could occur in some thread pools. Such exceptions are now logged and won't invalidate the involved pooled thread.

Fixed a bug, introduced in version 7.0, in the handling of the <pac_files> block in lightstreamer_edition_conf.xml. When leveraging the block, the Server startup would fail. The fix involves the addition of two more third-party libraries. COMPATIBILITY NOTE: If using a custom launch script, in order to enable the fix, ensure that the new libraries are referred. Also fixed (with respect to version 6.1) the handling of relative paths in the <file_path> element inside the <pac_files> block, which was not compliant with the documentation.
Moreover, fixed (with respect to version 6.1) the handling of the <file_url> element inside the <pac_files> block, as the element was ignored.

Fixed a bug, introduced in version 7.0, in the handling of the <socks_proxy> block in lightstreamer_edition_conf.xml, which caused the connection attempts through the configured proxy to always fail.

Fixed bugs, introduced in version 7.0, affecting license handling for clients based on the macOS Client SDK.

• With the DEMO license in use, clients using version 3.0.0 or later were refused.
• For the ENTERPRISE edition in general, the provided "osx_client" keyword for the <optional_features> configuration block was ineffective for macOS Client SDK version 3.0.0 or later.
• For the COMMUNITY edition, the use of the provided "osx_client" keyword in the <enabled_client_api> configuration element was ineffective for macOS Client SDK version 3.0.0 or later. In this case, the "macos_client" keyword has been provided in replacement, with effect only on macOS Client SDK version 3.0.0 or later. COMPATIBILITY NOTE: an existing configuration which specifies "osx_client" is still supported, although with the aforementioned limitation.

As a consequence of the fix, the licensed version of the macOS Client SDK reported by the startup log, the JMX service, and the Special MONITOR Data Adapter may be different than before, also depending on the license in use.

Fixed a bug in the MPN Module that could have caused some malfunctionings only in the unlikely case of two MPN subscriptions by the same device on different Data Adapters but same group and schema names.

Fixed an error in the description of the <file_path> element in lightstreamer_edition_conf.xml: the reference to <license_path> is obsolete and should refer to the <file_path> element itself.

Fixed a bug in the handling of the setting of the "AllocatedMaxBandwidthKbps" property from the SessionMBean provided by the JMX Extension SDK. Upon the setting via JMX, the latest requests for bandwidth limit changes done by the client could have been reverted and discarded.

Improved the detection of changes of the keystore files, in support to runtime replacement. This should address some cases of undetected changes, possible when mapped paths are used.

Revised the response HTTP headers sent upon HTTP polling requests, to reduce the overall response size on this rare but heavy case. No other impact is expected, as most headers that were sent were redundant.

Clarified in the General Concepts document the current browser support for Web Push Notifications.

Fixed a NPE that could occur in the Robust Metadata Adapter Proxy when failing to connect due to unexpected interruption of the underlying server socket. As a consequence, the Proxy would give up retrying.

Improved the handling of changes in the keystore, when configured to enforce TLS encryption on the connections with the Remote counterpart. Changes are now immediately detected also when the Proxy is currently waiting for connections.

Fixed an unwanted restriction that could have been posed on some particular kinds of licenses.

Removed unwanted occurrences of the "Failed to handle hijacked messages in this connection: must close the socket" WARN log, introduced in build 1949 with the extended support of the <max_delay_millis> setting. In fact, upon most of the occurrences of this log, the reported condition was harmless.

Fixed a bug introduced in build 1949 with the extended support of the <max_delay_millis> setting. Under particular conditions, the bug could have caused a significant delay in the delivery of updates upon session startup.

Replaced internal libraries for delivery of mobile push notifications (MPN) for both Apple™ and Google™ platforms, with the objective of improving performance and introducing the support for web push notifications (i.e. MPN delivered to a web application running on a desktop web browser) to be exploited by the SDK for Web Clients. In particular, the new Apple™ APNs libraries take advantage of the HTTP/2 transport. On the Google™ side, the GCM libraries have been replaced with the newer FCM libraries, which also support web push notifications.
This change has several side effects:

• On the apple_notifier_conf.xml configuration file:
  • the <feedback_check_period_minutes> parameter has been removed, since the new library checks the delivery feedback immediately;
  • new global parameters named <max_concurrent_connections> and <connection_timeout> have been introduced, to customize the way the new library connects to Apple's APNs services;
  • a new app parameter named <push_package_file> has been introduced, to specify the push package needed by Safari during the web push notifications setup process. See the updated General Concepts document for information on how to prepare the push package file.
• On the google_notifier_conf.xml configuration file:
  • a new global parameter named <messaging_pool_size> has been added, to specify the size of the thread pool devolved to sending notifications to Google's Firebase services;
  • app parameters <api_key> and <max_retries> have been removed;
  • a new app parameter named <service_json_file> has been introduced, to specify the path of a JSON file to be obtained from Google's FCM console that includes all the details about the web application configuration. COMPATIBILITY NOTE: if you haven't migrated your GCM app to FCM yet, now it's mandatory to do so. See the updated General Concepts document for information on how to obtain the service JSON file.

COMPATIBILITY NOTE: If an existing installation supports clients based on a version of the Android Client SDK before 4.2 and MPN features are used, they may not work properly. In this case, an update to Android Client SDK version 4.2 is needed. See paragraph "Special Considerations on the GCM to FCM Transition" in the General Concepts document for more information and how to update.

Also revised the thread usage involved in MPN Module operations. The "COMPOSER" and the various "NOTIFIER" thread pools have been collapsed in a single "NOTIFIER" pool. As a consequence, the <notifier_pools> block and the <composer_pool_size> element in the configuration file have been replaced by the optional <notifier_pool_size> element. COMPATIBILITY NOTE: If keeping a configuration file in which the pool configuration was leveraged, it should be revised. Obviously, the changes in the thread pools are also reflected by the instances of ThreadPoolMBean returned by the JMX Extension SDK.

Applied various improvements to the backpressure mechanisms to better cope with the case of massive connection or reconnection of clients:

• Introduced the <port_type> setting in the <http_server> and <https_server> blocks, which allows for the specification of meta-information on port usage which can help tuning the backpressure in the best way. This only works if <control_link_address> is also set. The Clustering.pdf document has been extended to show how to take advantage of the setting.
  Also provided a <port_type> that allows for the setup of privileged ports, in which all backpressure is skipped, for local access.
• Introduced the ACCEPT internal thread pool, to be used to perform the initial parsing and identification of the Client requests. Before, these operations were performed in the SERVER pool and could have been delayed by overload issues in the Adapters. The pool is preconfigured as other pools for CPU-bound tasks, but an <accept_pool_max_size> setting is also available.
  The new pool will be visible in the log and on the JMX service. This may also slightly affect the thread count and the task queue statistics. and related limit checks.
• To the latter purpose, added a separated <accept_pool_max_queue> setting to enable queue limit checks for the new ACCEPT pool. The behavior when the limit is exceeded is similar to the previous behavior of <server_pool_max_queue> (i.e. suspending the accept loop), but it is now milder, based on the new <port_type> setting. See the setting description for details.
• Modified the action related with the <server_pool_max_queue> setting. When the limit is exceeded, any request to create a new session will be refused. The requests refused in this way will be included in the refused count reported by the JMX service. The previous action (i.e. suspending the accept loop) has been kept, but it is now milder, exactly like <accept_pool_max_queue>. As a consequence, clients with active sessions will be now unaffected.
  The setting default has also changed, to 100, which enables the check when <server_pool_max_queue> is not configured. COMPATIBILITY NOTE: if upgrading an existing installation and <server_pool_max_queue> is not defined, ensure that the Server is not refusing too many requests by "Server overloaded" and it is not logging "New accept pauses" too much. Otherwise, try setting a larger <server_pool_max_queue> or set -1 to disable it. If using Remote Adapters, please also see the comments to <authentication_pool> and <messages_pool> in the new adapters.xml template.
• Modified the actions related with the <handshake_pool_max_queue> and <https_auth_pool_max_queue> settings. When the limit is exceeded, the behavior (i.e. suspending the accept loop) is now milder, based on the new <port_type> setting. See the setting descriptions for details.
  The setting default has also changed, for both settings, to 100, which enables the check when the queue is not configured. COMPATIBILITY NOTE: if upgrading an existing installation and <handshake_pool_max_queue> and/or <https_auth_pool_max_queue> is not defined, ensure that the Server is not refusing too many requests by "Server overloaded" and it is not logging "New accept pauses" too much. Otherwise, try introducing the setting and specifying a larger queue, or set -1 to disable the check. Also extended the use of the related pools, relieving the "HANDSHAKE SELECTOR" threads of some heavy operations.
• Added a <prestarted_max_queue> setting, which makes it possible to refuse requests for new sessions (similarly to <server_pool_max_queue>) when the number of sessions waiting for the first bind or control operation exceeds the limit. See the setting description for details.
• Added a <pump_pool_max_queue> setting, which makes it possible to refuse requests for new sessions (behaving exactly like <server_pool_max_queue>) when the queue on the PUMP pool exceeds the limit, which may indicate a CPU shortage. See the setting description for details.
• Added checks on the liveness of the Client connection during the elaboration of create_session requests. This will save useless invocations to the Metadata Adapter when the Client gives up waiting for the response due to slow processing.
• Prepared the support for future client extensions which will enable improved client-server collaboration in backpressure handling.

Revised internal handling of logging to improve separation between the logback libraries and kernel code. This allows you to configure custom appenders, or filters or other extensions with no risk of conflict with other libraries. Look for the new notes in lightstreamer_log_conf.xml.
To achieve this, the following further changes were needed:

• Extended factory log setting for third-party libraries.
• In order to send the log produced by some third-party libraries to logback, such log is now also sent to the JDK's java.util.logging system. This makes it visible to all classes. See the related notes in lightstreamer_log_conf.xml.
• Kept the possibility of having slf4j/logback shared by all Adapters by acting on the JVM command line (as explained in the launch script), but now the way is different. COMPATIBILITY NOTE: In the unlikely case that you are leveraging this possibility, the launch script should be aligned.

Introduced a separate kernel library, ls-mpn.jar, to host the MPN module code. Also added various third-party libraries and removed some. COMPATIBILITY NOTE: if trying to upgrade an existing installation, make sure you have removed the libraries no longer used. Moreover, if using a custom launch script, ensure that the new libraries are now referred. Aligned the factory log configuration file to allow for configuration of the error log from the new third-party libraries. COMPATIBILITY NOTE: if keeping an existing log configuration file, the error log from the new third-party libraries will not be received, unless the configuration is extended.

Introduced a heuristic mechanism to temporarily enlarge the TCP send buffer when a big amount of data is ready to be sent. This removes the negative effect of the use of small TCP send buffers (needed for congestion detection) on throughput when a high roundtrip time is involved. The problem affected, in particular, long snapshots and big updates.

Introduced various improvements on the support for client https connections (see the <https_server> configuration block).

• Added the <allow_cipher_suite> configuration element, as an alternative to <remove_cipher_suites>, which allows for the manual specification of all the enabled cipher suites.
  Also added the "order" attribute to <enforce_server_cipher_suite_preference>, which allows for the specification of a custom preference order for cipher suites, by leveraging the new <allow_cipher_suite>.
  These settings are also available in the <rmi_connector> block under <jmx>.
• Revised the suggested settings of <remove_cipher_suites> and removed obsolete settings.
  Also revised the suggested settings of <allow_protocol> and <remove_protocols> to only allow TLS 1.2.
  These changes also apply to the <rmi_connector> block under <jmx>.
• Revised the handling of runtime replacement of the keystore file, to add robustness
  Also introduced the checks for runtime replacement of the keystore file to the JMX service RMI connector ports configured with TLS/SSL.
• Added robustness in the TLS handshake management with respect to unexpected behavior by the low-level NIO support, which, in principle, could have led to strict loops.
• Clarified the log upon TLS handshakes failed because of client socket closure.
• Clarified in the Clustering.pdf document when TLS configuration on the Server and on a SSL accelerator should be consistent.

Discontinued the support for java 7 SDK and runtime environment. Java 8 or later is now required. COMPATIBILITY NOTE: installations of the Server still based on a java 7 JVM have to be upgraded. Existing Adapters that were compiled for a java 7 or earlier JVM don't need to be upgraded.

Incremented the minor version number. COMPATIBILITY NOTE: If running the Server with a license file, an upgrade of the license file may be needed.

Fixed the "stop" script, which was ineffective when the JMX service RMI connector port was configured with TLS/SSL. The bug also affected the startup test of the connector.
On the startup test, also fixed the log message about the test outcome, which always reported "successful".

Fixed a bug which could have caused wrong interpretation of non-ascii characters in client requests when longer than single TCP packets. The bug affected Java, Android, iOS, macOS, tvOS, watchOS, and Generic Client SDKs. It could affect create_session requests with long user/password. It could also affect long or aggregated subscription requests and long send_message requests, but only for HTTP (i.e. non-WebSocket) Sessions.

Fixed a bug which could have caused session recovery attempts to fail when the Client had specified a maximum bandwidth limit. This affected, for instance, the Monitoring Dashboard.

Fixed a wrong statement in the Clustering.pdf document regarding the invocation of setEarlyWSOpenEnabled(false) (available on clients based on a Unified API Client SDK) when cookie-based persistency is leveraged. Actually, this invocation is not just related to performance, but it is mandatory, as needed to ensure the correct behavior.
Also revised some configuration examples in the Clustering.pdf document, with a uniform policy on port numbers and listening interface settings.

Fixed a bug in the JMX Tree of the Monitoring Dashboard, which caused the setting of the "AllocatedMaxBandwidthKbps" property of the SessionMBean to fail.

Revised the conditions under which a suspended MPN device is reactivated: now it is sufficient for the Client to register its device again, even with the previous device token. A token change, while still working as before, is no more necessary.

Removed a wrong (though harmless) warning log that was issued in case a dual RSA/ECDSA certificate were stored in a PKCS12 keystore.

Removed a possible unneeded pause of several seconds during the shutdown operation, only related with online license validation.

Modified the way internal library paths have to be specified on the JVM command line and modified the launch scripts accordingly. However, the whole handling of library paths by the launch scripts has been revised. COMPATIBILITY NOTE: if using a custom launch script, any customization should be ported to the new script structure. You may contact Lightstreamer support for help.

Removed a memory allocation inefficiency in the management of "delta delivey" which could have doubled the memory footprint related with the caching of last values sent to the clients for each subscribed item and field.

Improved the handling of sessions abandoned by the Client before receiving any response. Now they are immediately discarded, rather than kept for the recovery timeout.

Introduced the <service_url_prefix> configuration flag. See the factory configuration file for details. It may also be used as a partial replacement of the already deprecated <base_url_path>.

Extended the variable-expansion feature, available in the main and edition configuration file and in the various adapters.xml files, by

• supporting environment variables in addition to JVM properties,
• providing the possibility to disable variable expansion for single elements and attributes.

See the details by looking for the description of the variable-expansion feature for each file, starting from the file's head comment.
Also clarified in the head comments the case-sensitivity policies.

Added checks to prevent duplicated configuration of port and listening interface in the <http_server> and <https_server> blocks. COMPATIBILITY NOTE: Existing configurations are not expected to fail on the new checks; otherwise, the Server startup would have failed during the socket bind operation. Moreover, added a check to refuse configuration of port 0. COMPATIBILITY NOTE: Existing configurations were never supposed to specify port 0, which caused the Server to open a system-determined port.

Extended the Internal MONITOR Data Adapter with the CLIENTS.REFUSED_SESSIONS field for the "monitor_statistics" item, which reflects the "CumulRequestsRefused" property provided by the JMX service (ResourceMBean).
Likewise, extended the Internal Monitor log. COMPATIBILITY NOTE: If a custom automatic elaboration process of the Internal Monitor log is in place, it may have to be aligned.

Removed an annoying startup log message about the JDK's javax.management.mbeanserver logger not being configured.
Slightly revised the startup sequence.
Slightly revised the startup log regarding Adapter loading.
Improved log messages upon startup failure during JMX service startup.

Slightly revised the log of web requests (the ones on loggers LightstreamerLogger.webServer and descendants).
Improved the log of unsuccessful polling requests.
Improved the log messages upon "sync errors".
Extended the log upon sessions closed by missing rebind (i.e. cause code 39), to identify the scenario.

Added the "requests" sublogger of the "LightstreamerLogger.mpn" logger and migrated the log of client requests to the MPN module there. In the recommended, factory configuration, the "LightstreamerLogger.mpn" logger has been extended to INFO level.

Improved internal request processing.
Slightly revised the request parsing and the error notifications in case of low-level syntax errors.

Extended the support of the <max_delay_millis> setting, which is meant for data updates but only partially applied to other messages. This should slightly reduce the overall outbound bandwidth usage with recent Client SDKs on WebSocket.

Extended the Clustering.pdf document with notes on the new support for session draining added to the JMX service (ServerMBean).

Aligned the documentation of the Internal Monitoring Data Adapter in the General Concepts document, by adding the field related to the new .NET Standard Client SDK in the "monitor_details" item. The alignment was forgotten in the 7.0.3 release.

Documented that the configured <session_timeout_millis> is also involved in client inactivity checks.

Updated the client library included in the Monitoring Dashboard to SDK for Web Clients (Unified API) Version 8.0.2. COMPATIBILITY NOTE: If the current licensing doesn't support Web SDK Version 8.0.x, still no upgrade is needed in order to use the Monitoring Dashboard.

Fixed this changelog, as the build number of the previous 7.0.2 version was mistakenly reported as 1855.3 instead of 1885.3.

Discontinued the support for old Remote Adapters targeted to Server versions earlier than 6.0. The backward compatibility mode was triggered by setting the "init_remote" parameter to false. Now this setting will cause the Proxy Adapter startup to fail. COMPATIBILITY NOTE: Existing installations using very old Remote Adapter SDKs, that is, those which specify compatibility with "Adapter Remoting Infrastructure version 1.4.3" or earlier, cannot be upgraded, until the Remote Adapter SDK is also upgraded to a more recent version.

Revised the support for custom configuration parameters defined in adapters.xml and forwarded to the Remote Adapter upon initialization. All parameter names without a ':' character are now reserved. To enforce this, the prefix specified in the "remote_params_prefix" parameter must also contain a ':' character, although the indication of an empty prefix is still supported. COMPATIBILITY NOTE: If custom parameters are used and they don't contain a ':', they should be renamed, and the specified "remote_params_prefix" should be changed accordingly. As a consequence, the Remote Adapter should also be modified. However, by specifying an empty prefix in "remote_params_prefix" the names can be kept, but name conflicts with new reserved parameters, with unpredictable consequences, will become possible.

Introduced the support for TLS encrypted connections from the Remote Adapters. This is enabled by the new "tls" parameter, available independently for each Remote Adapter in the corresponding <metadata_provider> or <data_provider> block in adapters.xml. Further parameters are available for the configuration of the certificate and the handshake preferences; see the sample adapters.xml files for details.

Introduced the support for authentication of the Remote Adapters based on user/password credentials. This is enabled by the new "auth" parameter, available independently for each Remote Adapter in the corresponding <metadata_provider> or <data_provider> block in adapters.xml. Further parameters are available for the configuration of the credentials; see the sample adapters.xml files for details.

Allowed the <install_dir> configuration element for all Proxy Adapters, to better support the new configuration options. Previously it was refused with an error when <classloader> was set to "log-enabled".

Revised the initialization phase, in which the connections from the Remote Adapters are expected. Now multiple connections may be accepted and evaluated concurrently on the same listening port, although only one per port will eventually be elected and the others will be closed. If authentication is configured, a connection will be elected only after successful authentication. However, after electing a connection, the listening port will be closed, as before.
Modified the meaning of the "connection_recovery_timeout_millis" setting for Robust Proxy Adapters accordingly.
Note that the log of the initialization phase may be quite different than before.

Enabled the support for multiple protocol versions, to allow for backward compatibility with the Remote Servers upon future extensions. To achieve this, a proper initialization parameter is sent to the remote counterpart. COMPATIBILITY NOTE: Existing Remote Servers based on previous Remote Adapter SDKs are still supported. They will just forward the additional "ARI.version" parameter to the Remote Adapter upon initialization, which is not supposed to hurt the Adapter (BTW, in the unlikely case that the same parameter were supplied to a Remote Adapter by the Remote Application, as possible with some SDKs, the supplied value would be preserved and no changes at all would occur).

Introduced the indication to the remote counterpart of the suggested time for keepalive messages (when needed), through a proper initialization parameter. Recent Remote Adapter SDKs can obey the suggestion instead of using a custom time. COMPATIBILITY NOTE: Existing Remote Servers based on previous Remote Adapter SDKs will (if received) forward the additional "keepalive_hint.millis" parameter to the Remote Adapter upon initialization, which is not supposed to hurt the Adapter (BTW, in the unlikely case that the same parameter were supplied to a Remote Adapter by the Remote Application, as possible with some SDKs, the supplied value would be preserved and no changes at all would occur). Added the "keepalive_hint_millis" parameter in both the <metadata_provider> and <data_provider> block in adapters.xml, to customize the suggested keepalive time instead of using a library-determined default.

Added the "notify_user_on_disconnection" parameter for the Robust Proxy Metadata Adapter and, when set, enforced the consistency with "notify_user_disconnection_code". Added, in particular, the possibility to have Lightstreamer Server instruct the Client to retry when the Remote Metadata Adapter is disconnected.

Extended the client context provided to the remote counterpart upon the notifyNewSession invocations, by adding the CLIENT_TYPE and CLIENT_VERSION keys, with information on the Client SDK in use.

Fixed the implementation of the activity (or keepalive) check, which could have been heavy in case of very frequent request or update rates. This only affected the cases in which the "keepalive_timeout_millis" setting was leveraged.

Improved logging of the connection phase, with information on the remote side, which was missing.
Improved activity and error logging.

Changed the suggested settings for some of the dedicated thread pools in the adapters.xml templates, and revised the count of queued tasks, according to ARI specificities.
Fixed the documentation of <authentication_pool> and <messages_pool> to account for changes introduced in ARI version 1.8.0.

Fixed an annoying bug introduced in version 7.0.1 and affecting the "relative appenders" provided with the Server and preconfigured in the factory log configuration file as LSRolling and LSDailyRolling. Upon the first modification (of any kind) of the file while the Server was running, the position of the generated log files would have changed and become relative to the launch directory instead of the configuration file directory, until the next restart.

Fixed a bug which could have caused a ClassCastException during update forwarding. As a consequence, this would have caused a streaming session to be suddenly closed with error code 43. The bug was triggered by a rare race condition, only possible with items subscribed to in both RAW and MERGE mode.

Fixed the check that at least one custom Adapter Set is defined. A warning log saying "No custom Adapter Set defined." might have been issued (or not issued) wrongly.

Completed the support for .NET Standard Client SDK, recently published on NuGet, which was partial in the preexisting versions of the Server. Added, in particular, handling of Session recovery, support in edition configuration file, and dedicated fields in the "monitor_details" item of the Monitoring Data Adapter.

Ensured runtime compatibility with Java 11; this involves changes and additions of third party libraries, as well as changes in the launch script. COMPATIBILITY NOTE: As the updated libraries have different names, if upgrading an existing installation, make sure you have removed the previous version of the libraries first. Moreover, if using a custom launch script, ensure that the new libraries are now referred. COMPATIBILITY NOTE: If an existing installation uses a custom launch script, the changes should be ported.

Fixed a bug introduced in version 6.0.2 which prevented the handling of JVM variable expansion in the main configuration file, when such variables were used to define tag attributes.

Fixed a bug in the reporting of unexpected exceptions on some Websocket requests, which caused a NullPointerException to be reported instead.

Removed spurious startup log messages, possible when starting with the factory configuration file, mentioning duplicated <remove_protocols> settings.

Fixed the preconfigured error page, ErrorPage.html, which was not aligned after renaming the internal logo in version 7.0.1. This renaming was in turn missed in 7.0.1 changelog. COMPATIBILITY NOTE: If you have configured a customized error page, which, nevertheless, still links Lightstreamer internal logo, it should be aligned as well. Also improved the logo.

Introduced various improvements on the support for client https connections (see the <https_server> configuration block).

• Improved the support for TLS session resumption (see the <use_client_hints_for_TLS_session_resumption> configuration element).
• Added support for server-side choice of the cipher suite to be used (see the <enforce_server_cipher_suite_preference> configuration element); the server-side choice is now also the suggested setting.
  This setting is also available in the <rmi_connector> block under <jmx>.
• Introduced the <disable_TLS_renegotiation> configuration element.
• Extended the suggested settings of <remove_cipher_suites>. and the suggested settings of <remove_protocols>. Note that this may be too restrictive for some old user agents.
  This also applies to the <rmi_connector> block under <jmx>.
• Introduced the support for keystore passwords written on a file (see the <keystore> block).
  The extension is also available for the <truststore> block and also applies to the <rmi_connector> block under <jmx>.
• Added checks for runtime replacement of the keystore file (see the <keystore> block).

Discontinued the support for java 6 SDK and runtime environment. Java 7 or later is now required. COMPATIBILITY NOTE: installations of the Server still based on a java 6 JVM have to be upgraded. Existing Adapters compiled for a java 6 SDK don't need to be upgraded.

Fixed a bug that, under conditions of huge activity and high parallelism, could have caused one or more threads to enter a strict loop and the whole Server to hang.

Fixed a bug introduced in 7.0.0 which caused the configuration of TLS/SSL on the RMI Connector for the JMX service to be refused as not licensed in case the DEMO license type was configured.

Fixed a bug introduced in 7.0.0 which caused the <truststore> configuration block in the <https_server> block to be ignored. This only affected the case in which either <use_client_auth> or <force_client_auth> (or both) was set to Y.

Fixed bug in MPN module that could have caused an error when a new Server instance was taking over devices from a previous instance. This would have caused delays in the takeover operation.

Improved handling of control requests targeted to closed sessions on WebSockets. Such requests might have been reported as "Bad request"; now a proper error notification will always be issued.

Clarifying some logging messages and improved logging in various ways:

• Fixed some error messages in the MPN module reporting "Apple service" where, actually, "Google service" was meant.
• Removed some harmless occurrences the "Unexpected context ClassLoader found" warning.
• Removing the harmless "could not fulfill" warning message upon successful session recovery.
• Removed some error level log upon normal interruptions of https connections.
• Extended the internal cause codes on connection interruptions for timeouts.

Added to the included Monitoring Dashboard (License tab) a section, only available when the online license validation is leveraged, which reports the number of Server instances currently active and validated for the same contract ID.

Improved the reporting of client IPs in the internal Monitoring Data Adapter and Monitoring Dashboard.

Added a check to refuse session recovery requests specifying an event not yet sent; in fact, in principle, such request could be fulfilled, but they are implicitly forbidden by the specifications.

Aligned the Clustering.pdf document (paragraph 4) to account for the extension recently introduced in some Client SDKs to notify the Client of the Server's detection of wrong affinity.

Clarified the SSL Certificate.pdf document with respect to keytool limitations and acquisition of the certificate chain.

Fixed a bug in the included welcome page which caused malfunctioning in case of network issues. However, the welcome page is for internal use only.

Fixed a serious bug in the recently introduced session recovery mechanism, which could have caused update event duplication upon a successful recovery on clients based on the Web and Node.js Client SDKs (of versions suitable for session recovery support). The bug was triggered by previous subscription requests that were refused, because illegal or disallowed by the Metadata Adapter (such errors are notified to the client application through onSubscriptionError or onCommandSecondLevelSubscriptionError).

Fixed a compatibility issue which affected the validation of ONLINE licenses. With some custom configurations of the JVM security settings, a valid license could have been refused.

Fixed a bug on the handling of suspension of MPN devices returned by Apple's feedback service. This prevented the removal of the devices.

Improved logging upon session recovery, by adding a missing log of the related bind_session request.

Slightly revised the log of online license checks.

Introduced two different editions: "COMMUNITY" for FREE license (replacing the old "Moderato" edition) and "ENTERPRISE" for all other types of license (replacing the old "Allegro/Presto/Vivace" editions).
For this purpose, revised the licensing configuration, with the introduction of the new "lightstreamer_edition_conf.xml" configuration file, which replaces the old "lightstreamer_version_conf.xml". In particular, the <license> section has been heavily modified. See <edition> in the new "lightstreamer_edition_conf.xml" configuration file for details; and the specific section of each edition depending on your choice:
- <community_edition_details>
- <enterprise_edition_details>
Also a new mandatory <edition_conf> configuration element in the main configuration file "lightstreamer_conf.xml" has been introduced, replacing the old <version_conf>. See the inline comments in the factory configuration file for details. COMPATIBILITY NOTE: In existing installations, the new <edition_conf> element and "lightstreamer_edition_conf.xml" file must be added (and the old <version_conf> element must be removed).
If previously using the "Moderato" package, configure the "COMMUNITY" edition; otherwise, configure the "ENTERPRISE" edition. In the latter case:

• If using a "DEMO" license with "Vivace" edition configured, just keep the factory settings.
• If using a "DEMO" license with other editions configured, start from the factory settings, but restrict the feature set accordingly (see below).
• If using a "LICENSE_SERVER" or "LICENSE_FILE", ask for a license upgrade, with instructions on how to configure it.

The currently used "lightstreamer_version_conf.xml" file should be abandoned, and any changes to the <proxy> block and the <audit_log_path>, <automatic_update_check>, and <automatic_audit_upload> elements should be ported to the new "lightstreamer_edition_conf.xml" configuration file.

For DEMO licenses, introduced the possibility to only activate the optional features you want to use, instead of choosing only among the three old available editions. See the <optional_features> section in the "lightstreamer_edition_conf.xml" configuration file.
For online-validated licenses (previously the LICENSE_SERVER type), the optional features are now provided by your license, instead of choosing among the three old available editions. Yet, it is still possible to furtherly restrict the optional features you want to use through the <optional_features> section.
Also for file-based licenses (previously the LICENSE_FILE type) it is now possible to furtherly restrict the optional features you want to use through the <optional_features> section.

The COMMUNITY edition allows to choose one of the available Client SDKs to use with the Lightstreamer Server; instead, the old "Moderato" edition forced Web, Node.js, and Flash Client SDKs. COMPATIBILITY NOTE: If upgrading from "Moderato" to "COMMUNITY" edition, whereas Web, Node.js, and Flash Client SDKs were all enabled at the same time, now only one of them can be enabled at the same time.

Wholly revised the support for Mobile Push Notifications offered through the internal MPN Module. The support is now available through the recently introduced TLCP client protocol. This makes it part of the SDK for Generic Clients and enables support on more Client SDKs.
See the MPN chapter on the General Concepts document for all the details. But in particular, the revision brings the following consequences:

• Reserved the Adapter Set name "MPN_INTERNAL_ADAPTER_SET" (only when the MPN Module is enabled). COMPATIBILITY NOTE: in the very unlikely case of a name conflict with a custom Adapter Set, the Server will refuse to start and the custom Adapter Set will have to be renamed.
• Added an internal Data Adapter in all Adapter Sets (only when the MPN Module is enabled). It is available for queries related with MPN state by the various Client SDKs. Note that client subscription requests for the new Adapter will not be submitted to the custom Metadata Adapter and will be handled in the SERVER thread pool.
  The Adapter is hidden from the Adapter Set configuration and its name is now reserved (again, only when the MPN Module is enabled); the name can be configured through the new <internal_data_adapter> flag in the <mpn> block. COMPATIBILITY NOTE: in the very unlikely case of a name conflict with a custom Data Adapter, the Server will refuse to start; anyway, the name can be reconfigured properly.
• Changed the names used to identify the platforms, according to the changes in the SDK for Java In-Process Adapters. This affects platform-specific:
  1. Logger names.
  2. Log messages and error messages.
  3. Thread pool names.
  4. Configuration elements provided in the <mpn> block to specify the notifier configuration files.
  5. Names of the top-level elements of the notifier configuration files.
  6. Factory names and paths of the notifier configuration files.
  COMPATIBILITY NOTE: In any existing installation in which the MPN Module is enabled, the use of platform names should be verified. Points 4 and 5 above are certainly involved and have to be addressed. Point 6 changes the deployment structure and should be addressed for clarity, but does not pose compatibility issues.
• Reduced the default value of the <min_send_delay_millis> configuration flag, to request more frequent notifications to the third-party Push Notification Service. Moreover, for notifications related to triggers, this restriction is no longer applied.
• Discontinued the application of the <reaction_on_database_failure> configuration flag in the specific case of badge management. The "abort_operation" policy will always be adopted.
• Added the <notifier_pools> and <composer_pool_size> configuration flags to the <mpn> block of the main configuration file, to replace the same flags available in the platform-specific configuration files. COMPATIBILITY NOTE: If the flags are used in an existing installation, the new one should be leveraged. However, if the flag has different values for different services, the differentiation cannot be kept. In any case, it is recommended to remove the old flags, to avoid confusion.
• Renamed the <subscription_timeout_minutes> configuration flag to <device_inactivity_timeout_minutes>. COMPATIBILITY NOTE: Existing configuration files should be aligned.
• Introduced a garbage collection of devices that remain too long with no subscriptions. The timeout is enforced by the existing (but newly renamed) <device_inactivity_timeout_minutes> configuration flag. Added the related <collector_period_minutes> configuration flag in the <mpn> block.
• Improved the detection, logging, and recovery of failed attemps to send APNS Notifications.
• Changed in various parts the schema of the database used by the MPN Module. This also affects the factory hibernate configuration files under conf/mpn. COMPATIBILITY NOTE: In any existing installation in which the MPN Module is enabled, the database should be migrated before running the new Server. To achieve that, please contact Lightstreamer support for instructions.
• Changed the factory configuration of the database, to suggest HSQLDB for the first tests.

Discontinued the support for Mobile Push Notifications for clients based on the previous version of the MPN Module. This affects the old non-Unified-API versions of the Android, iOS, and macOS Client SDKs. The Server will remain formally compatible with these clients, but any request for Mobile Push Notification services will be actively refused. COMPATIBILITY NOTE: Existing clients leveraging the Mobile Push Notifications support should be upgraded by porting them to the corresponding Unified-API versions of the old SDKs, which have now been extended with Mobile Push Notification support based on the new MPN Module.

Introduced the support for the recovery of a session upon an interruption of a streaming or long polling connection. If the interruption is due to network issues, a client can request a rebind starting from the last event it received. See the new <session_recovery_millis>, <max_recovery_length>, and <max_recovery_poll_length> configuration elements for details.

Modified the default for the <server_pool_max_size> to become 1000. This should reduce the delays caused by slow adapters on those installations in which the settings for the SERVER thread pool and its optional subpools are not leveraged. COMPATIBILITY NOTE: For installations leaning on the default pool size, in case of slow adapters, the memory footprint could increase by about 1GB. If an installation cannot afford this memory increase, <server_pool_max_size> should be manually redefined. The previous default was the maximum between 10 and the number of cores. Only if <server_pool_max_size> is missing and left at its default, the default of <server_pool_max_free> also changes and becomes 10.

Added a check on client's activity and heartbeats as a way to detect streaming connections kept open by some intermediate node while the Client is stuck or already detached. The check has to be requested by the clients.

Introduced an experimental support for external implementations of the PKCS#11 standard to be used as keystores. Contact Lightstreamer Support for details. Introduced the explicit support of keystores of type PKCS12, which, however, may not be available with old JDKs. The extension involves the <keystore> and <truststore> blocks under <https_server> and the <keystore> block under <rmi_connector>. Updated the included SSL Certificates.pdf document accordingly.
Enforced the syntax checks on the mandatory subelements of the abovementioned blocks. COMPATIBILITY NOTE: Only in case of illegal missing subelements, an existing configuration that used to be tolerated (by assuming an empty block) may now be refused on startup.

Limited the responses of the form "License not valid for this Client version", which were issued also in cases in which the Client SDK version was not correctly specified in the request (which, actually, could also be due to request corruption). These cases are now treated as normal syntax errors (which are notified in different ways depending on the Client SDK type).
Relieved the above license notifications for all clients based on the Web and Node.js Client SDKs, also for old versions. Instead of issuing an alert (Web) or a console log (Node.js), a suitable error code is now reported; where not available, the issue is notified as a syntax error.

Updated the included versions of some third-party libraries; also added a few more libraries and removed some. COMPATIBILITY NOTE: As the new libraries have different names, make sure you have removed the previous version of the libraries upon upgrade. Moreover, if using a custom launch script, ensure that the new libraries are now referred. In particular:

• Updated the included version of the slf4j library from 1.7.21 to 1.7.25. This library can be accessed by custom code from Adapters configured for the "log-enabled" ClassLoader. COMPATIBILITY NOTE: no compatibility issues are expected, but see the slf4j changelog for any details.
• Updated the included version of the logback library from 1.1.7 to 1.2.3. This library governs the interpretation of the logging configuration file. COMPATIBILITY NOTE: no compatibility issues are expected, but this library has introduced a few minor non-backward-compatible changes; see the logback changelog for any details.
• Updated the included version of the janino library from 3.0.0 to 3.0.7. This library handles the interpretation of the trigger expressions in the MPN Module. COMPATIBILITY NOTE: no compatibility issues are expected, but only improvements in the supported syntax; but see the janino changelog for any details.

Added a heuristic detection of client requests that may be targeted to a different Server instance of a cluster and routed to the wrong instance. The information is made available in the log and to the most recent clients.

Introduced a preliminary test of the reachability of the RMI Connector for the JMX service. In fact, without the test, the Server could start by leaving the RMI Connector not reachable even by the "stop" script when lanched from the same environment as the Server. COMPATIBILITY NOTE: if the RMI Connector were not reachable from the Server environment with the configured hostname, an existing working installation will now fail to start. To disable the test, see the new <test_ports> configuration flag under <rmi_connector>. Added a configurable timeout to cope with cases in which the establishment or the test of the RMI Connector could block and delay the Server startup. See the new <test_timeout_millis> configuration flag under <rmi_connector>.
Improved the log of setup and connection to the RMI Connector.

Modified the handling of the HTTP headers configured through the <response_http_headers> block. If the same header is reported multiple times, multiple header lines will be now produced, instead of a single line with comma-separated values.
This fixes the handling of multiple occurrences of the Set-Cookie header, for which multiple occurrences are indeed legal, but a comma-separated format, overriding the general HTTP rule, is not. COMPATIBILITY NOTE: For any other HTTP header currently configured, no change is expected in the behavior of the user-agents, as the multiple-lines and the comma-separated forms are supposed to be equivalent. At the most, for some other non-standard HTTP header, we can expect an improvement.

Improved the robustness of the Internal Web Server and the Monitoring Dashboard.
Fixed missing escaping in the Internal Web Server, which might have caused some requests on directories with unusual names to fail.

Fixed a bug affecting update dispatching, which could have been triggered by the combination of a very fast unsubscription-resubscription sequence and significant delays in internal update processing, possibly due to high load. The bug could have caused one or more updates for the previous subscription to be used in place of an equal number of updates for the new subscription.

Fixed a bug in the handling of session termination which, in case of a concurrent unsubscription, could have caused the corresponding notifyTablesClose invocation to be missed. As said, this could only occur upon session close, hence just before the final notifySessionClose notification.
Fixed other harmless bugs in the handling of session termination which, in rare cases, could have caused an exception to be logged.

Fixed a bug which caused the Server response to be empty upon requests made with the recently introduced TLCP protocol and containing syntax errors. The response should have reported error code 65, 67, or 68. This could only affect clients based on the SDK for Generic Clients.

Fixed the handling of empty requests, which caused an exception to be thrown.

Ensured compatibility with Javascript strict mode for clients based on the Node.js Client SDK.

Fixed a bug triggered by reuse, by the Data Adapter, of an update event of HashMap type in multiple update/smartUpdate calls for different items, when the modes of the two items were different. In this case, some field values could have been treated as null and a WARN message could have been issued.

Fixed a bug that, in rare and isolated cases, could have caused the average wait on a thread pool queue to be computed as a negative number. This affected the JMX Extension SDK (including the JMX Tree) and the internal MONITOR Data Adapter and log.

Ensured runtime compatibility with Java 9; this also required a change in the launch script, to use Java 9's JDK_JAVA_OPTIONS environment variable. COMPATIBILITY NOTE: If an existing installation uses a custom launch script, it can be left unmodified; however, in order to take advantage of the improvement, the change should be ported.

Fixed the documentation comment of the <server_tokens> configuration element, as the Server identifies itself as "Lightstreamer Server" instead of "Lightstreamer" since version 6.0.

Improved the communication with the embedded version of the Proxy Adapters. This will impact on the count of "active threads" involved in the invocations of notifyUser and notifyUserMessage, which should become much smaller. Nevertheless, the related "queued tasks" and "pool queue wait" statistics should remain similar, to still take into account the wait for the answers from the Remote Adapter. As a consequence, the behavior of the various "max_queue" configuration flags should also remain similar.

Added preliminary checks on the completeness of the configured keystores. If a keystore doesn't define a private key, the startup will fail. COMPATIBILITY NOTE: Existing installations are not expected to configure an empty keystore, since, in this case, the port wouldn't accept any connection; however, the Server would start and other ports would still work. Now, to achieve the same, that port should be removed from the configuration.

Moved to case-sensitive checks for the recognition of the values set for the "classloader" parameters in adapters.xml. COMPATIBILITY NOTE: Only existing configuration using non-lowercase values would be refused, but this case is not expected, as never explicitly allowed.

Introduced the <handshake_timeout_millis> configuration element to replace <read_timeout_millis> when TLS/SSL handshakes are involved. This also modifies the applied timeout, which is now 4000 ms, unless reconfigured. COMPATIBILITY NOTE: If an existing installation needs to keep the TLS/SSL handshake timeout unchanged, a new <handshake_timeout_millis> element with the same value specified for <read_timeout_millis> has to be added. Clarified when the various I/O timeout checks can be suppressed.

Modified the HTTP 404 response issued to WebSocket opening requests that specify a wrong URI. The page configured through <error_page> is now returned as the body.

Revised and improved the Monitoring Dashboard.
Added the new tab "License" summarizing the details of your edition and the specific license features active in the Server running.
Optimized the subscriptions handling for "Logs" tab in case of get/lost focus events.

Extended the internal MONITOR Data Adapter with new items, "monitor_details" and "monitor_client_libs", which provide details of your edition and the specific license features active in the Server running. Look for the new items in the General Concepts document for details.

Brought various efficiency improvements, to increase the scalability with respect, in particular, to the overall frequency of client control requests.
The scenario of massive client disconnections has also been addressed.
Reduced the allocation of short-lived memory for various tasks, which should save some Garbage Collection work.

Improved the checks associated to the <unexpected_wait_threshold_millis> setting, to embrace all invocations to the adapters.

Revised the handling and improved logging of http parsing issues.
Improved the log of connection issues by adding socket information where missing.

Changed the suggested setting for the <write_timeout_millis> configuration element to enable the check, though with a long timeout, to cope with half-open connections.

Extended the <disable_session_mbeans> configuration element; with the new "sampled_statistics_only" setting, these MBeans will still be available from the SDK for JMX Extensions, but the properties based on periodic sampling (which can cause scalability issues in some scenarios) will not be computed.

Introduced a size limit on the internal buffers that can be kept allocated for reuse. Only in particular cases, the overall allocation of these buffers could have grown too much and caused memory shortage.
Introduced the <max_common_pump_buffer_allocation> and <max_common_nio_buffer_allocation> configuration elements to manage the limit.

Addressed a compatibility issue with Safari which, when leveraging the newly introduced session recovery feature, could have caused unexpected exceptions in pages based on the Web Client SDK.

Revised the internal approximation in item frequency management. This avoids that, with very high requested frequencies, the "real" frequency may be higher.

Increased the length of the generated session IDs by a few bytes.

Improved the log of WebSocket requests, by adding the involved session id when it is omitted from the request.
Introduced the "upd" sublogger to the LightstreamerLogger.subscriptions logger, to distinguish the part of log related with the events coming from the Data Adapter. By setting it to ERROR, the warnings issued upon updates for items currently not subscribed to can be suppressed.

Slightly revised the log on startup.

Improved the "stop" script to act faster.

Aligned the included SSL Certificates.pdf document to recent standards. In particular, suggested the inclusion of the "subject alternative name" field in the certificate, which may be required by some user agents.

Revised the Clustering.pdf document and aligned it to the current state of the Client SDKs with regard to cookie handling requirements. Also reformulated the HTTPS section to consider acquisition of multi-domain certificates as the normal practice.

Revised naming convention and format of Audit logs. See files header in the "audit" folder for details.

Slightly revised the preinstalled welcome page. Added a new section with "Edition" details.

Added a new configuration parameter, "keepalive_timeout_millis", for both Proxy Metadata and Data Adapters. The new configuration allows to set a timeout for received data and keepalives from the Remote Adapters to detect unresponsive connections (that will be handled differently by the "robust" and "non robust" versions. See the sample adapters.xml files for details.

Aligned the protocol documentation to comply with current licensing policies.

Modified the communication protocol for the Remote Metadata Adapters in the part related to the MPN Module, after its full revision. COMPATIBILITY NOTE: Only if the MPN Module is enabled, existing Remote Metadata Adapters based on the current SDKs have to be ported to the new versions of the SDKs.

Changed the default of the <sequentialize_table_notifications> flag available in adapters.xml from Y to N, to better cope with cases in which many subscriptions are performed at once. COMPATIBILITY NOTE: If any existing Remote Metadata Adapter relies on the invocations of notifyNewTables and notifyTablesClose for the same session to never overlap, ensure that the flag is explicitly configured as Y for this Adapter.

Improved some error messages.

Changed the preconfigured settings for the dedicated thread pools in the adapters.xml templates, to leverage the new defaults for the SERVER pool.

Introduced the support for a new client protocol, named TLCP, with various improvements, that can be leveraged by Client SDKs and by custom clients. See the SDK for Generic Clients for details.

Fixed a bug related with the content-length configuration. When a value higher than 2^31 was configured for <content_length> or specified on the client side, it would be read wrongly and an internally determined lower bound of 10000 would be used instead.
The same bug affected the <max_streaming_millis> setting; in that case, high values were interpreted as not limiting at all.

Fixed the documentation for the "name" attribute of the <http_server> and <https_server> blocks, where the allowed character range was missing. The use of non ASCII or ASCII control characters could, in particular cases, have caused errors in the communication with the clients.
Added a check on the configured names which now refuses disallowed characters. COMPATIBILITY NOTE: If disallowed characters have been used, the configuration may have to be modified.

Fixed the documentation and the management of the <control_link_address> and <control_link_machine_name> configuration elements, where the use of non standard characters could, in particular cases, have caused errors in the communication with the clients.
Unicode names are currently supported by the Web, Node.js, Java, and Android (Unified API) Client SDKs and by the Generic Client SDK. More will come.

Introduced a limited support for JVM property expansion in the interpretation of the adapters.xml files. It has to be enabled through a new configuration flag, <enable_expansion_for_adapters_config> in the main configuration file. The new factory configuration enables the feature. COMPATIBILITY NOTE: In existing installations the interpretation will not change, as the feature is disabled by default.

Improved the factory settings of the log configuration file, with regard to the display of the logger name by the preconfigured "LSDailyRolling" appender. The new "%-19.19c{19}" setting is recommended, because it causes Logback to shorten the "LightstreamerLogger" part of the names to "L", allowing for a reduced field, while preserving the other parts of the names. The previous setting was "%-33.33c"

Added the "private" property to the <client_identification> configuration element, to prevent sending the determined client address to the Client, which is done by some of the Unified API Client SDKs.

Clarified the description of the <cross_domain_policy> configuration block, for what concerns the origin checks on WebSockets.
Clarified the description of the <max_buffer_size> configuration element, to cite the case of the snapshot for DISTINCT items.

Revised the error messages sent to the Client. Improved the messages upon request syntax errors, for the benefit of tests with the Generic Client SDK. Used less specific messages on subscription errors, to avoid specifying item names.

Slightly modified the behavior upon unexpected request URLs. The configured error page will no longer be sent upon URLs related to features that are currently not supported or not enabled, but a HTTP 400 error will be issued instead.
Modified the behavior upon syntactically wrong requests. A HTTP 400 error instead of a HTTP 500 error will now be issued.
Revised the low-level WebSocket close code used, so as to report a non-successful close only when really needed.

Added a suggested configuration setting in the <response_http_headers> block, which may help to enable streaming support when proxies of several types are involved.

Revised internal optimizations on field value processing to focus on the most recent Client SDK libraries.

Improved logging by LightstreamerLogger.requests.messages by adding message forwarding details at DEBUG level.
Improved logging by LightstreamerLogger.subscriptions at DEBUG level, by handling the case of byte array values.

Incremented the minor version number. COMPATIBILITY NOTE: If running the Server with a license file, an upgrade of the license file may be needed.

Introduced a "first_connection_timeout_millis" configuration parameter for the Robust Proxy Data Adapter, similarly to what is available for the Robust Metadata case (but with a 0 default, which is consistent with the previous behavior).

Introduced a new strategy for the "events_recovery" configuration parameter of the Robust Proxy Data Adapter. See "enforce_snapshot" in the sample configuration file under "adapter_robust_conf_template".

Extended the configuration templates to advertise the newly introduced variable-expansion feature.

MPN Module: fixed handling of cases where a device tries to subscribe multiple times in a short period of time, possibly causing device duplication.
Note: duplication is still possible if multiple subscriptions are sent on different client sessions connected to different Server instances at the same time. In this scenario the MPN Module tries to detect the spurious devices and deletes them automatically.

MPN Module: fixed handling of "InvalidPackageName" error code from the GCM (now Firebase Cloud Messaging) service. The device is now suspended, similarly to a "NotRegistered" error code.

Updated the included versions of some third-party libraries used by the MPN Module. COMPATIBILITY NOTE: As the new libraries have different names, make sure you have removed the previous version of the libraries upon upgrade. Moreover, if using a custom launch script, ensure that the new libraries are now referred.

Aligned the install scripts to current naming of macOS system.

Fixed a bug in Mobile Push Notification module that resulted in payloads for APNs being rejected if longer than 256 bytes. Now payloads up to 2048 bytes are accepted, as expected.

Fixed a bug introduced in version 6.0, which could have caused incorrect, hence refused, responses to session requests by very old versions of Web Client SDK library. However, the malfunctioning was only associated with the use of uncommon transports, usually needed only as fallbacks for old browsers.

Fixed a bug introduced with version 6.0, which caused the "pool queue wait" statistics to be always reported as 0. This affected managers based on JMX Extension SDK (including the JMX Tree) and the Special MONITOR Data Adapter; the latter, in turn, affected the Monitoring log.

Fixed a bug in the implementation of the JMX Extension SDK, which caused the values for the AvgQueueWaitMillis and CurrQueueWaitMillis properties in the ThreadPoolMBean to be switched.

Updated the included versions of some third-party libraries. COMPATIBILITY NOTE: As the new libraries have different names, make sure you have removed the previous version of the libraries upon upgrade. Moreover, if using a custom launch script, ensure that the new libraries are now referred. Updated the included version of the slf4j library from 1.7.8 to 1.7.21. This library can be accessed by custom code from Adapters configured for the "log-enabled" ClassLoader. COMPATIBILITY NOTE: no compatibility issues are expected, but see the slf4j changelog for any details. Updated the included version of the logback library from 1.1.2 to 1.1.7. This library governs the interpretation of the logging configuration file. COMPATIBILITY NOTE: this library has added some consistency checks and may behave differently with existing log configuration files that are not fully compliant. See the logback changelog for any details.

Performed several improvements to the preinstalled welcome page.

Fixed a bug in the management of clearSnapshot for items subscribed to in DISTINCT mode. The bug affected the first update after clearSnapshot and could cause some fields to be dispatched with wrong values. Specifically, let [B2,B1,CS,A1] be a sequence of events sent to a client (where CS is the ClearSnapshot): any field in A1 that was identical in B2 but different in B1 would have been reported with the value it had in B1, hence wrongly.

Fixed a syntax error in the installation script for Linux, that was introduced in version 6.0.1 build 1778.

Fixed a bug introduced in version 4.0 and regarding encoding of custom error messages when sending them to clients based on Web and Node.js (Unified API) Client SDKs; such messages can be supplied through the exceptions thrown by notifyUser and notifyNewSession. The bug only affected messages which included double quotes and would cause the onServerError callback not to be invoked at all on the client JavaScript code.

Fixed an inefficiency in the processing of COMMAND mode snapshot introduced in version 6.0 build 1737. The issue was noticeable only with snapshots of many thousands of keys.
Removed the same kind of inefficiency also with regard to real-time updates.

Improved the handling of cross-origin requests (used by the Web (Unified API) Client SDK), by returning the appropriate headers also upon most error responses.

Revised the parsing of the various configuration files (including adapters.xml) to improve diagnostics. Some space characters are now ignored. COMPATIBILITY NOTE: No change is to be expected in the interpretation of correct configuration files.

Slightly revised the page supplied by the internal Web Server upon a 404 error, to also have IE and Edge display it rather than a custom page.

Enforced upload of audit logs by default when LICENSE_SERVER is configured in lightstreamer_version_conf.xml. COMPATIBILITY NOTE: If the upload is undesirable or problematic for any reason, it can be suppressed with the subsequent <automatic_audit_upload> element.

Extended the factory settings for the <remove_cipher_suites> elements, to comply with the current common recommendations.

Clarified in the configuration file that the names chosen for the <http_server> and <https_server> blocks are available to the clients.

Realigned the launch script to suggest the use of java 8.

Put a reminder about JMX service RMI connector credential setting in PRODUCTION_SECURITY_NOTES.TXT.

Updated the client library included in the Monitoring Dashboard to SDK for Web Clients (Unified API) Version 7.0.2. COMPATIBILITY NOTE: If LICENSE_FILE is configured in lightstreamer_version_conf.xml and the supplied license file doesn't support Web Client SDK Version 7.0.2, still no upgrade is needed in order to use the Monitoring Dashboard.

Improved a log message, which was unclear, related with Remote Adapter unavailability.

Changed the default for the <handshake_pool_size> setting, from 1 to half the number of available cores, to better cope with intense client reconnection activity.

Updated the "file tag" of the launch scripts. The update was due, but forgotten, in the previous release, to reflect the applied changes.

Put a reminder of the <server_tokens> setting in PRODUCTION_SECURITY_NOTES.TXT.

Fixed a bug triggered by thread pool settings of a 0 "max_size" (which means unlimited in this case) and a 0 "max_free", for pools which support these settings. The bug would cause a progressive and unlimited growth of the pool.

Fixed a bug introduced with version 6.0, which caused the count of the total number of internal selectors to be always reported as 0. This affected managers based on JMX Extension SDK (including the JMX Tree) and the Special MONITOR Data Adapter; the latter, in turn, affected the Monitoring log and the Monitoring Dashboard.

Fixed a bug which, in case of a massive disconnection of clients, could have caused some harmless error conditions on single connections to be reported and handled as serious errors affecting the whole NIO selector.

Extended the check of the <read_timeout_millis> setting in the case of TLS/SSL handshake operations. Now this delay limit is applied not only to read, as well as write, operations related to the handshake, but also to any queueing of elaboration tasks on the "TLS-SSL AUTHENTICATION" or "TLS-SSL HANDSHAKE" thread pool.
Clarified in the log when a connection is closed due to the <read_timeout_millis> setting.

Updated the included versions of some third-party libraries. COMPATIBILITY NOTE: As the new libraries have different names, make sure you have removed the previous version of the libraries upon upgrade. Moreover, if using a custom launch script, ensure that the new libraries are now referred.

Extended the launch scripts to allow for the customization of the path of the main configuration file through an environment variable; before, a custom modification of the script was the only way to achieve that. COMPATIBILITY NOTE: The script now checks a variable named LS_CONFIG; in case the same name were currently used for a custom variable in the launching environment, this would rise a conflict.

Extended the launch script for unix/linux to clarify how to handle the case in which the file descriptor limit has to be manually supplied.

Extended the installation script for Redhat, so that the installed System V init script now supports the "status" option to determine the current status of Lightstreamer server. This enables the "status" command for the "service" utility.

Revised the internal handling of field values to improve the most common usage scenarios. This also extends the cases of early conversions of field values, hence extending the scope of the <force_early_conversions> configuration element.

Applied some performance improvements to cope with a huge number of concurrent requests for new sessions.

Reorganized the initial configuration phase; some log messages related to adapters and JMX service initialization may have changed.

Slightly refactored the launch scripts, to simplify custom changes.

Applied some improvements to the Monitoring Dashboard layout. Changed the layout of the "JVM Memory Heap" chart.

Added some clarifications to the General Concepts document.

Added an early check of the correctness of any trigger expressions configured, whose failure will prevent startup; before, all related notification deliveries would just fail.

Clarified in the Clustering document how to handle the case in which a Load Balancer discontinues the stickiness during a session and improved the internal handling of this case.
Also clarified how a rebalancing can be enforced. Introduced, to this purpose, the <max_session_duration_minutes> configuration flag, to set a maximum duration for client sessions, after which a client has the opportunity to recover with a new session, and the Balancer has the opportunity to migrate the Client to a different Server instance.

Fixed a wrong startup check which caused the startup to fail upon a missing <reaction_on_database_failure< flag also when the MPN Module was not enabled.

Fixed a bug in the computation of statistics on the MPN Module activity. This affected managers based on JMX Extension SDK (including the JMX Tree) and the internal MONITOR Data Adapter and log. The values that represent averages over an interval were reported delayed, among the data for the subsequent interval.

Revised and improved the Monitoring Dashboard.
Fixed a bug which caused wrong decimal parts to be displayed for the "total bytes" fields when more than 1GB was reported.
Fixed a bug which caused a wrong value to be displayed in the "total heap" donut when more than 1GB was reported.
Fixed the general behavior related to the case in which the Server was not reachable. In particular, when reconnecting after a temporary disconnection, the charts are now cleared to avoid confusion.
Improved the usability in several other small aspects.

Improved the functionality of the preinstalled welcome page in several small aspects and fixed some browser compatibility issues. This also removes some possible harmless warning messages from the Server console.

Fixed a bug introduced in build 1737 which caused loss of compatibility with very old Metadata Adapter binaries (as IllegalArgumentException was thrown upon the invocation of methods with an old signature).

Fixed the determination of the SDK versions used by the clients, which was ignoring the subminor version number. This affected managers based on JMX Extension SDK (including the JMX Tree).

Extended the install script for MACOSX (now macOS) with suitable variables to customize the IDs if a new user and/or group has to be created.

Added a default configuration for loggers used by the included third-party "Apache Velocity" library.

Added identification tags at the beginning of various configuration files and launch scripts. By keeping them, future upgrades of these files may be automated.

Removed the main README file, but kept directives on how to upgrade in the new HOW_TO_UPGRADE.TXT file.

Introduced a Push Notification Service (or MPN Module), which can be leveraged by the clients to have notifications sent to their devices, through an available third-party Push Notification Service, upon updates for subscribed items. Currently, only sending notifications through Apple's APNS and Google's GCM is supported and requesting subscriptions for such notifications is only supported by the iOS / OS X (now macOS) and the Android Client SDKs, respectively. See the new chapter 5 in the General Concepts document for an introduction to the feature.
Introduced several new thread pools for the MPN Module operations. The module also leans on an external database, which, in case of a cluster of Server instances, can be shared among all instances. See the new optional <mpn> configuration block for configuration details. The new optional <max_mpn_devices> element is also available, to set activity limits for protection.
Introduced a suitable logger, "LightstreamerLogger.mpn", with several subloggers, for the MPN Module log (see the factory logging configuration file for details). When enabled, the MPN Module will also produce its own Audit Logs. Note that the feature may not be available, depending on the license terms. It is always available in the LICENSE_SERVER and DEMO cases, in the latter case with a limit of 20 devices served. New libraries have also been added under the "lib" directory for this extension. COMPATIBILITY NOTE: If using a custom launch script, ensure that the new libraries are referred.
Conflicts between the new libraries and existing Adapter code are no longer possible, because of the newly introduced ClassLoader separation.

Extended the provided MONITOR Data Adapter with statistics related with the newly introduced MPN Module. See the last paragraph of the General Concepts document and Look for the PUSH_NOTIFICATIONS.* fields for details.
Extended the Internal Monitor log to include some of the new MPN Module statistics, but only when the module is enabled.
The extension is also leveraged by the new Monitoring Dashboard.

Introduced the Monitoring Dashboard, which extends and replaces the Monitor Console. The new page has multiple tabs, which show the information available in the previous Monitor Console with significant visual improvements; moreover, the last tab shows the newly introduced JMX Tree, which exposes the JMX service interface in web form. COMPATIBILITY NOTE: *** IMPORTANT *** The security level previously adopted for the access to the Monitor Console may no longer be adequate for the full Monitoring Dashboard, which enables data view and management, including the Server shutdown operation (note that the JMX Tree is enabled by factory settings). We recommend configuring the credentials and protecting them by making the Monitoring Dashboard only available on https server sockets, by leveraging the settings in the <dashboard> configuration block. See PRODUCTION_SECURITY_NOTES.TXT for a full check-list. The Monitoring Dashboard can be reached through a different URL path, whose default is /dashboard. The path can be changed through the <dashboard_url_path> element under the <dashboard> block. COMPATIBILITY NOTE: If keeping an existing installation where the Internal Web Server is leveraged, ensure that there are no conflicts with the new reserved path. The extension is associated to several changes with respect to the previous configuration rules:

• The <monitor_provider> block has been discontinued, as replaced by the new mandatory <dashboard> block, which features a similar but extended content (see the configuration file for all details). COMPATIBILITY NOTE: Existing configuration files have to be ported. If the <monitor_provider> block element is present, the Server will refuse to start, in order to avoid confusion. Note that, by just renaming an existing <monitor_provider> block to <dashboard>, the accessibility of the Monitoring Dashboard will be configured in the same way as the old Monitor Console, with the new JMX Tree disabled.
• The <monitor_enabled> element under <web_server> has been dismissed; actually, it was available only to prevent (when "N") the Internal Web Server from considering the Monitor Console URL path as reserved; this is no longer allowed with the Monitoring Dashboard URL path. COMPATIBILITY NOTE: If keeping an existing configuration file, the <monitor_enabled> element, if present, must be removed; otherwise the Server will refuse to start, in order to avoid confusion. Note that if the element had been set to "N", this was only hiding the Monitor Console page, not protecting the data: external access to monitoring data was supposed to be prevented through the <monitor_provider> block; the same protection should now be ensured through the <dashboard> block.
• The <monitor_url_path> element under <web_server> has been dismissed, as replaced by the aforementioned <dashboard_url_path>. COMPATIBILITY NOTE: If keeping an existing configuration file, the <monitor_url_path> element, if present, must be removed; otherwise the Server will refuse to start, in order to avoid confusion.
• The dedicated "LightstreamerLogger.webServer.jmxTree" logger has been added.

New libraries have also been added under the "lib" directory for this extension. COMPATIBILITY NOTE: If using a custom launch script, ensure that the new libraries are referred.
Conflicts between the new libraries and existing Adapter code are no longer possible, because of the newly introduced ClassLoader separation.

Removed the proprietary Sun/Oracle HTML adaptor to the JMX service; now, web access to the JMX service can be performed through the new Monitoring Dashboard, with the included JMX Tree. As a consequence, web access to JMX service can now be performed through the normal listening ports, with no need for a dedicated port. This also allows for access through https, which was not available with the old HTML adaptor. COMPATIBILITY NOTE: If there is a requirement to still rely on a dedicated port, perhaps with restricted firewall rules, for web access to the JMX service, then it is possible to setup a new server port through <http_server> or <https_server> and restrict the visibility of the JMX Tree to only this server port, through the settings in the <dashboard> block. COMPATIBILITY NOTE: Any credentials set to ensure restricted access to the HTML adaptor can be transferred to the Monitoring Dashboard, through the settings in the <dashboard> block. Note that the involved users will have access to the full Monitoring Dashboard features. Removed the <html_adaptor> configuration section from the <jmx> block. COMPATIBILITY NOTE: If keeping an existing configuration file, the <html_adaptor> block, if present, must be removed; otherwise the Server will refuse to start, in order to avoid confusion.

Introduced separate ClassLoaders for the loading of the external libraries used by the Server internally. This means that all these libraries are no longer visible from Adapter code and this should prevent the rise of any conflicts. COMPATIBILITY NOTE: No issues are expected, but see the SDK for Java In-Process Adapters changelog for the details. Should any problem arise, the previous behavior can also be restored, by changing the classpath setting in the Server launch script (see the inline comment for details). As a consequence, added separate libraries in the "lib" directory, containing the custom helper classes needed for the log configuration and the minimal server startup code. Also moved most external libraries in dedicated subdirectories. The above has also required a thorough modification of the launch scripts. COMPATIBILITY NOTE: It is not possible to reuse a current installation of the previous 5.1.2 version and just overwrite the libraries; a fresh installation is needed and the new launch script has to be used. Any custom launch script should be revised.

Extended the log configuration to handle some of the included third-party libraries (see the factory logging configuration file for details). COMPATIBILITY NOTE: Conflicts with any configuration for the same libraries in existing Adapter code are no longer possible, because of the newly introduced ClassLoader separation. COMPATIBILITY NOTE: If reusing an existing configuration, the new loggers should be added; otherwise, some undesired log may be received from the newly included libraries.

Introduced the management of the Proxy Protocol, which allows a local reverse proxy or load balancer to provide information on the remote endpoint in a direct way. See the new configuration elements in the <client_identification> blocks for details, also about how the existing elements interact with the new ones. A dedicated logger, LightstreamerLogger.connections.proxy, has also been added.

Introduced the <allow_protocol> and <remove_protocols> configuration elements in the <https_server> to make it possible to restrict the protocol versions to be used in the TLS/SSL interactions.
Introduced the same elements also in the <rmi_connector> block, to configure the JMX service communication channel.

Changed the factory and recommended settings for TLS/SSL sockets, to remove weak protocols, by leveraging the new <remove_protocols> configuration elements. This may cause some clients to no longer be able to connect; in this case, the added configuration can be modified. COMPATIBILITY NOTE: As the change only involves the factory configuration file, if an existing configuration is kept, it will not be affected by the restriction. However, we recommend manually applying the same restriction to these installations as well.

Incremented the major version number. COMPATIBILITY NOTE: If running the Server with a license file, an upgrade may be needed.

Fixed a bug on the management of sendMessage requests for which a sequence is specified; the bug could have caused some messages to be wrongly considered as duplicated, hence discarded, due to a race condition.

Fixed a bug in the internal detection of connection close causes, which could give rise to cause code notifications of 43 (failure) upon some cases of normal close.

Fixed the "stop" scripts, to take either the <hostname> specified for the RMI connector to the JMX service, or the "java.rmi.server.hostname" property into account, as the Server does.

Fixed a bug which caused the "stop" scripts to fail when the Server was still blocked in the startup phase, typically while waiting for the initialization of some Adapter.

Improved the launch scripts to enforce, by default, a maximum pause setting for the GC. This fixes cases in which the default settings could allow for pauses incompatible with the default timeouts used by the various Client SDKs in socket inactivity checks.

Fixed a memory leak triggered by exceptions thrown by the Metadata Adapter upon notifyNewTables, which also caused the subscription attempt to never be retried until reissued by the client application.

Fixed a bug in the initialization phase, which could have caused the generation of more threads and NIO selectors than configured. These spurious resources wouldn't have been used by the Server, so they would have been just redundant.

Fixed a missing case in which the error page (customizable through the <error_page> configuration element) should have been issued instead of a generic response.

Fixed the install script provided in bin\unix-like\install for the Redhat case, which wouldn't have run correctly if the default installation user had been left.
Changed the install script for the openSUSE case, to also force run-at-startup, as for all other scripts.
Fixed the install script for the MACOSX (now macOS) case, which would have generated a wrong launch script; also revised the way it creates the dedicated user.

Improved the policy for the speculative sizing of the TCP buffers. Fixed cases in which the resizing was inappropriate.
Improved the management of internal buffers; this should reduce the use of short-lived memory for high numbers of sessions, particularly when <reuse_pump_buffers> is set to N.
Fixed missing cases of buffer optimization when <reuse_pump_buffers> is set to N; this significantly improves the scalability in terms of concurrent TLS/SSL connections.

Improved parsing of HTTP requests for the internal Web Server, to limit the cases of unrecognized requests.

Extended the scope of the <server_tokens> configuration element to all aspects of the interaction with the clients. This fixes a few rare cases in which further identification information could be sent also when "MINIMAL" was specified.

Fixed a harmless bug which could have caused redundant logs of lost updates.

Improved the support for request pipelining upon responses in HTTP 1.1, to deal with the case of pipelined requests occurring during streaming or long polling responses.

Improved the management of items requested in COMMAND mode with unfiltered dispatching: unless <preserve_unfiltered_command_ordering> is Y, a round-robin policy is enforced among the keys on updates waiting to be sent. This should prove to be beneficial when no license-related frequency restrictions are in place.

Changed from N to Y the default of the <disable_session_mbeans> configuration flag, so that the related, potentially high, overhead will not affect managers based on the JMX Extension SDK (including the JMX Tree) and the Server itself, unless explicitly requested. COMPATIBILITY NOTE: If keeping an existing configuration file with this element not defined and taking advantage of the JMX service interface and the SessionMBean's, <disable_session_mbeans> should be explicitly set to N.

Improved the check related with the <server_pool_max_queue> setting. Now, if optional pools are configured in adapters.xml to absorb specific subsets of tasks from the SERVER pool, their task queues are included in the count under check.

Changed the default configuration when installing the Server as a service on Windows: NSSM is now configured not to relaunch the Server in case of failure. If needed, you may configure the service to restart in case of failure by changing the 'Recovery' property of the service. COMPATIBILITY NOTE: Obviously, if the Server is currently installed as a service, it can be updated without being affected by this change; the change will take place only on the next installation. Improved the support for the installation of the Server as a service under Windows; now it is possible to configure the display name, the description and the startup type. See "README.TXT" under "bin/windows" for details.
Improved the LS.bat script by returning, in turn, the exit code returned by Lightstreamer server; the error code is useful if Lightstreamer Server is installed as a service and NSSM is configured not to relaunch the Server, to let Windows correctly manage the service restart.

Removed the log4j jar from the "shared" folder. It was there only for the benefit of the preinstalled demos. COMPATIBILITY NOTE: If there were custom Adapters relying on the predeployed log4j jar, they could be ported in the new structure only by copying the log4j jar too; preferably, the jar should be put in the Adapters own folders.

Updated the included versions of some third-party libraries. COMPATIBILITY NOTE: As the new libraries have different names, ensure that the previous version of the libraries is removed. Moreover, if using a custom launch script, ensure that the new libraries are now referred.
Conflicts between the new libraries and existing Adapter code are no longer possible, because of the newly introduced ClassLoader separation.

Improved the implementation of internal timers; this may reduce memory footprint when strong update merging/filtering is involved.

Modified the default setting of the <selector_max_load> configuration element for the Windows case; previously, it had a dedicated value of 1000 to overcome a known JDK 5 NIO bug; however, the currently supported JDK versions are unaffected. COMPATIBILITY NOTE: If leaning on the default setting, the change should just cause a visible reduction in thread usage. Note that very old versions of JDK 6 for Windows are affected by another NIO bug (2177606) and a higher load on the selectors might, in principle, trigger it.

Added the <snapshot_pool_size> configuration element; now there is full control on the number of threads allocated for all the various internal pools.
Added the <selector_pool_size> configuration element, which allows some control on the overall number of NIO selectors and related threads used by the Server.
Added the <timer_pool_size> configuration element, which allows for parallelization of internal timer activity.

Extended the supplied "MONITOR" Data Adapter by adding a "TIME_MS" field, carrying a UTC timestamp, in all monitor_log_* items.
Extended the supplied "MONITOR" Data Adapter with new statistics on the overall number of item subscriptions performed by the clients. Look for CLIENT.ITEM_SUBSCR and CLIENT.MAX_ITEM_SUBSCR on the General Concepts document for details.
Extended the Internal Monitor log to include the actual number of item subscriptions. The new statistics is also reported by the new Monitoring Dashboard.

Improved the handling of unexpected empty elements in the "adapters.xml" files.

Moved the activity log of the send_message requests to a suitable sublogger (namely LightstreamerLogger.requests.messages), which allows for easy removal of this log, if overwhelming.

Adjusted the Server's self-identification in answers to clients.
Revised the format of error pages.

Revised the names of some internal thread pools.

Improved logging of closed connection and sessions with details on the connection close cause.

Improved logging of new sessions with information on the type and version of the involved Client SDK, when available.

Introduced the "accept_extra_headers" and "accept_credentials" properties to the <cross_domain_policy> configuration element: if specified, they allow clients based on the JavaScript Client SDK to send, respectively, extra headers and credentials on CORS requests. See description in the configuration file for details.

Optimized memory usage related to item and field names.

Introduced support for the WebPositive web browser (for clients based on JavaScript Client SDK).

Clarified in the "SSL Certificates" document how to cope with incomplete certificate chains received.

Revised the Clustering.pdf document, to clarify the conditions for the support of WebSockets by the Load Balancer.
Simplified the document by removing notes pertaining to the support of old browsers (for clients based on JavaScript Client SDK); added references into the JavaScript Client SDK documentation for notes on special cases.

Revised and improved the "General Concepts" document, also with the addition of a thorough introductory section.

Added clarifications on when the <enabled> configuration element within <websocket> can be leveraged to cope with a Load Balancer not handling WebSockets correctly.

Wholly revised the preinstalled welcome page and the related demos. Now, the preinstalled resources are no longer meant as a deployment example that can be used as a starting point for creating your own POC. See the new "demos" site at demos.lightstreamer.com for all the available examples.

Embedded the Proxy Adapter binaries, which make up the implementation of the Adapter Remoting Infrastructure. Previously, the ls-proxy-adapters.jar file supplied among the ARI resources had to be added to the Adapter Set libraries. As a consequence, the ls-proxy-adapters.jar binaries are no longer provided directly. COMPATIBILITY NOTE: Existing Adapter Set deployments based on the old Proxy Adapters supplied in ls-proxy-adapters.jar are supported seamlessly.

Introduced the "PROXY_FOR_REMOTE_ADAPTER" and "ROBUST_PROXY_FOR_REMOTE_ADAPTER" reserved names to be used in place of the class names for the inclusion of the new embededd Proxy Adapters in adapters.xml. COMPATIBILITY NOTE: The new reserved names are not expected to conflict with custom class names in an existing adapters.xml. COMPATIBILITY NOTE: In order to port an existing Adapter Set configured for Remote Adapters to the new Proxy Adapters, the adapters.xml configuration file has to be changed to comply with the new naming (and ls-proxy-adapters.jar can be discarded).

Introduced an explicit initialization request sent by the Proxy Adapters to the Remote Adapters upon connection. This now allows for:

• Defining parameters for the Remote Adapter directly in the configuration block of the Proxy Adapter.
• Having the Proxy Adapter send its own identification information to the Remote Adapter. With a "Robust" version of a Proxy Adapter, this also means notifying the Remote Adapter of the instance identity of the Proxy Adapter (hence Lightstreamer Server), so that if a previous detached instance of Remote Adapter has persisted any context information, this information can be identified and retrieved by the new instance.
• Having the Remote Adapter inform the Proxy Adapter in case of any initialization issue, instead of just having the Remote Server refrain from connecting.

See "remote_params_prefix" in the sample "adapters.xml" files for details on how the initialization parameters can be specified. COMPATIBILITY NOTE: Existing Remote Servers based on the .NET and Generic Adapter SDKs have to be upgraded to the new SDK version. However, backward compatibility can be restored by disabling the new request through the new "init_remote" configuration parameter.

Discontinued the support for the "Piped" versions of the Proxy Adapters. Only the "Networked" versions and their "Robust" extensions are now available. COMPATIBILITY NOTE: Existing installations based on the "Piped" versions should be ported to the "Networked" versions. But we don't expect this case to occur for production deployments, as the use of the "Piped" versions was not recommended for production. Removed the "eos_count_limit" and "eos_sleep_time" configuration parameters, which were only used by the "Piped" versions of the Proxy Adapters.

Introduced the "remote_address_whitelist" parameter, to be used to specify a list of IP addresses, from where Remote Adapter connections are accepted by a Proxy Adapter. If missing, connections are still accepted from any host.

Changed the logger names used by the Proxy Adapters for their own logging and replaced the old logger configuration with the new one in Lightstreamer Server's factory log configuration file (see the supplied file for details). COMPATIBILITY NOTE: To keep using an existing log configuration file, the logger should be manually replaced too. Obviously, as long as existing Adapter Set deployments based on the old Proxy Adapters are in use, the old logger should also be kept.

Removed the description of the ARI Protocol (made available to custom Remote Servers for implementing Lightstreamer Server Adapter interface via TCP) from the scope of this component. Now, the "Adapter Remoting Infrastructure" component only covers Lightstreamer-Server-side support (based on the Proxy Adapters) for all Remote Adapter SDKs. See the new "SDK for Generic Adapters" for the ARI Protocol topic.

As a consequence of the introduction, in Lightstreamer Server version 6.0, of separate ClassLoaders for the loading of the external libraries used by the Server internally, specifed the suggested settings in the factory Proxy Adapter configuration (through the new <classloader> setting), to enforce sharing of the slf4j/logback logging libraries with the Server. This confirms the previous behavior, hence the log configuration of the Proxy Adapters is still included in the Server log configuration file.

Revised the factory configuration of the optional thread pools in adapters.xml; with the new suggested configuration, some adapter-related pools are enabled and will take on some tasks previously falling in the "SERVER" pool.

Revised the default naming of connections (for logging purposes) and related threads, by leaning on the configured proxy names instead of progressive numbers.
Introduced name suffixes to distinguish subsequent streams that may be created by the Robust Proxy Metadata Adapter.

Moved the configuration examples (which include parameter descriptions) under "doc".
Provided a new introductory document.

Modified the policy for the active session count to be reported in the generated audit logs: sessions will no longer be considered as long as they are in "prestarted" state (see CLIENTS.SESSIONS in paragraph 4.2.1 of the General Concepts document for details). This may give rise to lower averages in the audits, which may actually be seen as a relief of contractual terms. In fact, prestarted sessions may include sessions that have not been completely established because of communication issues, but (perhaps for the same cause) are being kept open for some time.

Improved the internal dispatching of NIO tasks; this may remove bottlenecks in extreme cases.
Improved the internal mechanism of I/O buffer reusal; this may remove bottlenecks in extreme cases.

Introduced the possibility of customizing the page to be returned upon a "404 Not Found" response, through the <notfound_page> configuration element in <web_server>. Note that the 404 response is not used normally, but only when the Internal Web Server is enabled.

Fixed a bug introduced with version 5.0, by which the <delta_delivery> configuration setting was ignored and delta delivery was always applied. Note that applying delta delivery is the normal case.

Introduced the <use_enriched_content_type> configuration element; now it possible to choose between two options, text/plain and text/enriched, the content-type to be specified in the response headers when handling requests issued using the text output protocol.
By default, text/plain is still used, but the factory configuration supplied specifies the text/enriched content-type. This has some consequences on the Generic Client SDK; see the related changelog.

Fixed a bug on the internal statistics, which, under high load, might have caused spurious logs of the form "Current delay for tasks..." with very high delay.

Fixed a race condition that, in rare cases, could have caused a session not to be removed from the statistics when closed.

Fixed a bug that could have caused a startup error if the "max_free" setting of some thread pool had been configured as 0.

Improved the internal implementation of some thread pools.
Revised the internal timers to reduce thread contentions; this should reduce potential bottlenecks under very high load.

Tested the compatibility with the new Java 8 release.

Changed the factory and recommended settings for TLS/SSL sockets, to remove weak cipher suites. This may cause some clients to no longer be able to connect; in this case, the <remove_cipher_suites> configuration elements should be modified. COMPATIBILITY NOTE: The change only involves the configuration file; if an existing configuration is kept, the Server upgrade will have no effect, although we recommend checking if the restriction can be manually applied to these installations as well.

Fixed the restart.sh launch script, which could have failed to stop the running Server for particular choices of the custom JVM arguments. Also clarified the script use case.

Improved the launch scripts and the installation scripts for the unix/linux environments in order to support the use of unusual names for the installation directory, such as names including spaces.
Revised the installation scripts for the unix/linux environments to better handle the case in which the standard DESTDIR environment variable is not supplied (see the details in bin/unix-like/install/README.TXT). COMPATIBILITY NOTE: If using the supplied scripts in order to reinstall the Server, just make sure again that the scripts are compliant with your environment. Addressed a possible incompatibility issue on the installation script for MacOSX (now macOS).

Extended the "Clustering.pdf" document, to clarify the conditions for the availability of WebSocket connections when a Load Balancer is in place.

Fixed a bug affecting the configuration of the DEMO license. The <edition> element was ignored, so that the Server would always run in Vivace edition.

Fixed a bug on unfiltered subscriptions in COMMAND mode, whereby an ADD immediately following a DELETE on the same key could have been delayed until the next event on that key.

Fixed a bug which affected the log of "create_session" requests, by stripping the first and the last character; the bug was introduced in version 5.1.

Fixed a bug that could have caused data inconsistency or system vulnerability issues in particular client environments and under particular conditions.

Improved and optimized the allocation and parsing of client requests. Particularly improved the efficiency in the handling of SendMessage requests over WebSocket.

Extended the provided MONITOR Data Adapter with new statistics on the elaboration of Client Messages, sent through the SendMessage requests. Look for MESSAGE.* on the General Concepts document for details.
Extended the Internal Monitor log to include some of the aforementioned message-related statistics.
Extended the Monitor Console to display some of the aforementioned message-related statistics.

Introduced the automatic audit log upload service, to be leveraged based on the current license terms; for details, see also the newly added <automatic_audit_upload> configuration element in lightstreamer_version_conf.xml. To this purpose, the pubkey.cer file has been added to the "lib" directory.

Fixed a bug on the HTTP header parsing, that could have caused particular cases of headers lying on multiple lines to be parsed incorrectly.

Fixed a bug on the WebSocket handshake that could have caused the websocket establishment to be delayed on some browsers (for clients based on JavaScript Client SDK).
Fixed a bug on WebSocket closure that might have caused a closure handshake to fail.

Fixed the notification of trial license expiration, corrupted in build 1513.1.11.

Fixed the reporting of syntax errors in the configuration file, which caused further errors.

Fixed the installation script for Redhat, which caused the Server to always run as root, regardless of the user configured.
Fixed a typo in the console output of the launch script.

Improved the compatibility with the Android browser for Android version 4.x (for clients based on the Android Client SDK); this may also fix connection issues on some devices.

Deprecated the <base_url_path> configuration flag, which was only leveraged by the SDK for HTML Clients, but it is no longer leveraged by the new SDK for JavaScript Clients. COMPATIBILITY NOTE: If the existing configuration uses this flag, it can be left unchanged and the flag will be still obeyed. However, the support may be discontinued in future releases.

Finally removed the support for the old-style configuration of the listening ports, not based on the <http_server> and <https_server> blocks. Also removed the support for the obsolete configuration element <redundant_delivery>. COMPATIBILITY NOTE: Existing configurations still using the old elements have to be updated.

Made the <server_pool_max_free> configuration flag to be mandatory when <server_pool_max_size> is set to 0, since the previous default as also 0 was not suitable. COMPATIBILITY NOTE: Existing configurations leaning on the mentioned default have to be completed, otherwise the Server startup will fail.

Revised the format of the log messages. Revised the log messages upon syntax errors in client requests (only possible with clients based on the SDK for Generic Clients). Slightly revised the format of the lines produced by the Internal Monitor log, to improve readability.

Added in the Clustering.pdf document notes on how to enable cookie-based stickiness for non-browser clients.

Put minor changes to the sample StockListDemo Adapter.

Revised and relieved the Notes on Method Sequence for the Notify New Tables and Notify Tables Close methods, according with the locking policy change and the new <sequentialize_table_notifications> parameter introduced in SDK for Java In-Process Adapters version 5.1.

Introduced support for requests through the WebSocket protocol; the supported versions of the WebSocket specifications are 8 and 13. The clients can now open a single WebSocket to send all requests and messages and to receive all data pertaining to a session. At the moment, this feature has been exploited by the JavaScript Client SDK.
The support is enabled by default; see the new <websocket> element in the configuration file.
A public specification of a network protocol based on WebSockets for clients based on Generic Client SDK is not available yet.

Introduced support to cross-origin requests (for clients based on JavaScript Client SDK). See the new mandatory <cross_domain_policy> element in the Server configuration file for further details. COMPATIBILITY NOTE: Current configuration files must be extended with the <cross_domain_policy> element; as long as an old HTML Client SDK is used, the element can be left empty. Note that the new JavaScript Client SDK library, on most browsers, uses cross-origin XHR or WebSocket requests to ask for streaming data; hence, the new <cross_domain_policy> element should be set properly and allow your site origin, in order to ensure that web pages supplied from your site can access the Server. COMPATIBILITY NOTE: The above also holds for the Internal Monitor Console, though the page origin, in that case, is the Server itself, so that a same-origin access is performed; though most browsers don't need that, the Server origin should be explicitly allowed in <cross_domain_policy> in order to ensure that the Monitor Console keeps working on all browsers; see the Client Guide in the JavaScript Client SDK for details. The factory setting of <cross_domain_policy> allows any kind of cross-origin access to the Server; note that this kind of access was not even possible with the previous HTML Client SDK.

Disabled the forwarding of request cookies to some Metadata Adapter methods. As a consequence, the new factory setting of <use_protected_js> is now N, which is recommended in order to enable cross-origin access for some browsers which don't support cross-origin XHR (for clients based on JavaScript Client SDK - see the Client Guide in this SDK for details).
Introduced the <forward_cookies> configuration element (which defaults as N) to reenable forwarding when needed. COMPATIBILITY NOTE: Only if cookie information is used by Metadata Adapter methods, <forward_cookies> should be set as Y. However, if cookie information were used for authentication purpose (which is to be avoided, though), <use_protected_js> should be left as Y and <cross_domain_policy> should be set carefully.

Revised the licensing configuration, with the introduction of the new "lightstreamer_version_conf.xml" configuration file and the new mandatory <version_conf> configuration element in the main configuration file. See the inline comments in the factory configuration files for details. The <trial> and <production> blocks in the main configuration file have been dismissed. COMPATIBILITY NOTE: In order to keep using an existing configuration file, it must be ported; for the <production> block, refer to the "LICENSE_FILE" license type; for the <trial> block, refer to the "LICENSE_SERVER" license type and to the <http_proxy> block (note that the other parts of the <proxy> block are not available for trial license configuration).

Introduced the "DEMO" license type, which is not based on a license key or trial account. See <type> in the new "lightstreamer_version_conf.xml" configuration file for details.

Introduced the generation of audit log files when trial accounts are in use.
Discontinued the generation of audit logs for any other non-production licenses.

Provided an automatic update check service. See <automatic_update_check> in the new "lightstreamer_version_conf.xml" configuration file for details. Note that a proper proxy configuration, through the <proxy> block, may be needed.
New libraries have been added to the "lib" directory for this extension. COMPATIBILITY NOTE: If any existing Adapter were based on a different version of one of the libraries in "lib", conflicts may arise.

Changed the names returned by the "MONITOR" Data Adapter for the "LICENSE_TYPE" field, according to the new licensing policy.

Discontinued the support for java 5 SDK and runtime environment. Java 6 or later is now required. COMPATIBILITY NOTE: installations of the Server still based on a java 5 JVM have to be upgraded. Existing Adapters compiled with a java 5 SDK don't need to be upgraded. Revised the suggested JVM configuration in the launch scripts.

Improved the launch scripts for Windows and major Linux and Unix-like Operating Systems, supplied under the "bin" folder. As a consequence, manually setting the LS_HOME variable is no longer requested.
Provided suitable scripts to install the Server for automatic execution in many Unix and Linux environments, including MAC OS X (now macOS); see "install" under "bin/unix-like".

Updated the included version of the third-party slf4j and logback libraries. COMPATIBILITY NOTE: As the new libraries have different names, ensure that the previous version of the libraries is removed. Moreover, if using a custom launch script, ensure that the new libraries are now referred. COMPATIBILITY NOTE: Existing java Adapter binaries leaning on the included support for slf4j/logback should not be affected (but see the slf4j/logback release notes). COMPATIBILITY NOTE: In case further slf4j/logback libraries are needed by the adapters, ensure that their versions are consistent with the new libraries included.

Removed the third-party JUG libraries. Removed the "lib/native" directory and any reference to it in the launch script. COMPATIBILITY NOTE: Existing launch scripts will still work; any included reference to the "lib/native" directory will be useless. Added more third-party libraries to support the new update check service. COMPATIBILITY NOTE: Existing launch scripts should be extended to include the new libraries in the "lib" directory in the classpath. Simplified the factory launch script in order to do a bulk add of the third-party libraries to the classpath.

Revised the implementation of the scripts that stop a running Server. They are now based on the RMI connector to the JMX service. As a consequence, the requirement for the script to work is that the <rmi_connector> block is properly configured, no longer the <jmxmp_connector> block. If the JMXMP connector is not used directly, it can be disabled. COMPATIBILITY NOTE: If an existing configuration disables the RMI connector, it should enable it, possibly exposing the port to local connections only, in order to restore the "stop" script functionality.

Removed the third-party Oracle's jmxtools.jar and jmxremote_optional.jar libraries, previously redistributed. This drops the support for the HTML Adaptor and JMXMP Connector to the JMX service. The support can be restored by manually downloading and reinstalling the libraries. See README.TXT in the SDK for JMX Extensions for details. COMPATIBILITY NOTE: If just upgrading an existing deployment, the aforementioned libraries should be manually removed. On the other hand, if the current deployment leans on the HTML Adaptor or the JMXMP Connector, the needed libraries must be obtained from Oracle as shown. Removed the factory preconfiguration of the HTML Adaptor and JMXMP Connector.

Introduced a distinction between "prestarted" and started sessions; see CLIENTS.SESSIONS in paragraph 4.2.1 of the General Concepts document for details. Prestarted sessions are not included in the session count as far as Server activity metrics are concerned.
Starting a prestarted session may fail if it would cause any existing limit on the number of sessions to be exceeded.

Introduced the optional <client_identification> configuration block, in order to help to better identify the remote address of the connected clients. The block is related to each single <http_server> or <https_server> block. See the configuration file for details.

Changed the factory setting of <max_delay_millis> from 200 to 30 ms (setting <max_delay_millis> may improve performances at the expense of a less smooth data delivery). The new, less restrictive, value is suitable for applications in which push data is used to map moving positions, provided that no edition-related frequency limits apply.

Improved the support for TLS/SSL renegotiation requests by the clients.
Introduced dedicated thread pools to handle the load related with TLS/SSL handshakes; see <handshake_pool_size> and <https_auth_pool_max_*> in the configuration file.

Introduced configuration settings to suspend acceptance of new connection requests when the thread pools devoted to request handling are busy; see <*_pool_max_queue>.

Improved the implementation of the temporary refusal of new client connections that can be requested through the JMX service (see the ServerMBean in the JMX Extension SDK). In case of an HTTPS connection, the refusal now occurs before the initial handshake takes place.

Fixed a compatibility issue with HTML Client SDK version 5, which could have caused error messages related to session creation refusal to be ignored by the SDK library.

Fixed a bug, introduced in build 1513, which prevented the clean closure of TLS/SSL connections. This shouldn't have had any impact on normal operation.

Fixed a bug which could have caused some connections in long polling to return unnecessarily early, with no data.

Fixed a bug which would have provoked an error in the internal Web Server when sending an empty file, if the compression_threshold had been set to 0.

Fixed a bug which could have caused the processing of "remote logs" sent by clients based on the old HTML Client SDK to fail for unusual user-agents.

Fixed a bug in the management of logback's own log, whereby the log related to logback initialization issues were not dumped. Now, it is available on the error console; the log is shown only in case of errors and in that case it is in verbose form.
Introduced a custom Logback StatusListener implementation (OnConsoleErrorWarningStatusListener). Such StatusListener is now configured by default and will show on the standard error any internal ERROR or WARN event from Logback internal status.

Discontinued the support for the old syntax of the JMX service configuration. COMPATIBILITY NOTE: if any of the <html_adaptor_port>, <html_adaptor_public>, <html_adaptor_user>, <rmi_connector_port>, <jmxmp_connector_port> is still used in the configuration file, it should be rewritten with the current syntax.

Reduced the response overhead on polling requests issued by clients based on Javascript Client SDK.

Extended the format of the audit logs with a random identifier of the Server run. COMPATIBILITY NOTE: existing and new audit log lines can coexist with no problems.

Ensured that, for each type of monitor statistics, the same value is collected by the various consumers for each time period; consumers include the monitor log, Monitor Console and any "MONITOR" Data Adapters.

Extended the logging of client activities, by adding information on the server socket (i.e. <http_server> or <https_server> block) related to the connection.

Revised various error log messages.
Moved some harmless "Sync error" log messages from INFO to DEBUG level.
Expanded and clarified info log messages about session closing.

Discontinued support for the LS_top_max_frequency and LS_slowing_factor request parameters. Such parameters had already been dismissed in all Client SDKs. COMPATIBILITY NOTE: only clients based on a very old version of a Client SDK might make use of these features. For them, the settings will no longer have any effect.

Slightly changed the response content-types for requests by clients based on the JavaScript Client SDK; this may give rise to compatibility issues only for Opera browsers earlier than version 10.

Improved the performances under heavy load and under spikes of external requests, by reducing internal thread contention.

Changed the Connection counts returned by the internal MONITOR Data Adapter and the related log, to include sockets currently involved in the initial TLS/SSL handshake.
Similarly, moved the log of accepted connections in https, to be issued immediately, before the initial TLS/SSL handshake, rather than after.

Improved the parsing of incoming HTTP requests, to make syntax checks more strict.

Denied support for specifying a network interface for the RMI connectorto the JMX service when the <data_port> setting is omitted, as this configuration is in fact not working properly. COMPATIBILITY NOTE: we assume that no existing installation could be configured in this way, as it wouldn't have worked correctly; anyway, in such a case, only a warning message will be issued. Fixed a bug which, with the above configuration, would have caused a port conflict error message to be issued.

Introduced the stdout/stderr redirection when launching the Server as a service under Windows. The LS.out file in the predefined logs directory is now generated.

Revised the layout of the Internal Monitor Console and fixed a formatting issue.

Updated the Clustering.pdf document, according with the new features added in the JavaScript Client SDK.

Fixed the jars of the included StockList demo: LS_StockListDemo_DataAdapter.jar also included the classes already in LS_quote_feed_simulator.jar.

Revised the documentation, in regard to the names of the main concepts.

Fixed the handling of uncommon pathnames in the utility scripts for using the Server as a service under Windows.

Fixed the documentation of the <license_path> configuration element with the extensions introduced in build 1513.1.4

Enlarged the "SNAPSHOT" thread pool (devoted to dispatching of snapshot contents) so as to match the number of available processors, if greater than 10.

Fixed a bug, introduced in version 3.6, which affected subscriptions by clients based on the HTML Client SDK to items in MERGE mode in case their snapshots was also requested; the update representing the snapshot could have been notified as not being a snapshot by the SDK library.

Fixed a bug in the RelativeFileAppenders$RollingFileAppender implementation: the <FileNamePattern> specified in the <rollingPolicy> was interpreted relative to the launch directory instead of being interpreted relative to the log configuration file location, as it should have been. Now the paths specified in the <FileNamePattern> elements are correctly interpreted. On the other hand note that the <File> element was already correctly interpreted and thus its handling has not changed.

Introduced the support for dinamically reconfiguring the maximum frequency of currently subscribed items, that can be leveraged by Client SDKs.

Introduced the optional "randomize" attribute for both the <default_keepalive_millis> and <max_idle_millis> configuration elements, that can be used in particular scenarios; see the descriptions in the configuration file.

Fixed a bug in the handling of the <allowed_domain> setting, by which the check could have been avoided by purposedly altering the HTML Client SDK library.

Clarified how resampling works for the LightstreamerMonitorText and LightstreamerMonitorTAB loggers configuration.

Revised the low level log of the Proxy Adapters, to allow for suppressing the log of real-time messages while logging the requests and replies from the Remote Server; see com.lightstreamer.adapters.remote in the Lightstreamer Server log configuration file.
Fixed a typo in the com.lightstreamer.adapters.remote logger description.

Adopted java 7 as the recommended SDK runtime environment and as the factory setting in the launch scripts.

Added the <max_streaming_millis> configuration flag; see the configuration file for details.

Fixed a bug, introduced in version 4.0, affecting polling sessions; under particular conditions of slowness, poll requests could have returned immediately even with no data available, thus causing an unneeded increase of the overall frequency of requests.

Fixed a bug affecting polling sessions; under particular conditions of fastness, poll requests could have returned with no data even if data were available, thus causing data delivery to be delayed.

Fixed the supplied scripts for running the Server as a Windows service, which, under some conditions, could have failed to correctly install the service.

Introduced new configuration properties to let the RobustNetworkedMetadataProvider return a custom error notification to the Client upon a request for a new session when the Remote Server is currently unavailable; see "notify_user_disconnection_code" and "notify_user_disconnection_msg" in "conf\sockets(robust)\adapters.xml".

Introduced new configuration properties to let the RobustNetworkedDataProvider manage a custom item which carries notifications about the availability of the Remote Server; see "remote_adapter_status" in "conf\sockets(robust)\adapters.xml".

Added checks on the correct configuration of the Proxy Adapters; in fact, wrongly setting a notify port on a Proxy Metadata Adapter could lead to wrong behavior.

Improved the extraction of HTTP headers supplied by the "NUS"/"NUA" request.

Added log to detect issues caused by obsolete Remote Servers

Fixed an issue with potential conflicts regarding proxy settings when a trial license is used; if proxy settings are supplied in order to access the LightStreamer trial license validation server, they could also affect connections performed by the Adapters.

Fixed a bug introduced in version 4.0 which could have caused a client based on HTML Client SDK to receive wrong data in case of issues with the use of XHR during a polling session. The error was serious, but the triggering environmental conditions were very rare.

Fixed a potential race condition which could have led to an internal thread deadlock. A high rate of socket disconnections (about 100 per second) was the only triggering scenario observed.

Changed, from 6666 to 6600, the factory setting for the port to be used for accessing the HTML-based connector to the JMX service; in fact, access to port 6666 could be restricted by some browsers because of conflicts with known protocols.

Extended license configuration support by allowing to specify multiple <license_path> elements, so that, at any moment in the Server life, at least one should refer to a valid license. Slightly changed the log upon license refusal.

Fixed a bug that could have caused read failures on TLS/SSL connections upon long requests.

Fixed and changed the timestamp format on the audit logs. COMPATIBILITY NOTE: existing and new audit log lines can coexist with no problems.

Introduced the execute permission flags for launch scripts also in the zip version of the package.

Introduction of Lightstreamer "Duomo" release (Server 4.0).