• Restrict allowed mime types to text/plain and application/json for the response.
• Because of security reasion, the JSR-160 proxy mode is disabled by default int the Java EE agent. It can be enabled via web.xml configuration, a system property or an environment variable. In addition it is now possible to configure a whitelist with patterns which are allowed as targets in the proxy mode. See the reference manual section on "Proxy mode" for details.
• New authMode service-any and service-all to allow to lookup an org.jolokia.osgi.security.Authenticator used for authentication. Note that this class has been changed from an abstract base class to an interface for ease of customization.