| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <!DOCTYPE document [ |
| <!ENTITY project SYSTEM "project.xml"> |
| |
| <!-- DTD is used to validate changelog structure at build time. BZ 64931. --> |
| |
| <!ELEMENT document (project?, properties, body)> |
| <!ATTLIST document url CDATA #REQUIRED> |
| |
| <!-- body and title are used both in project.xml and in this document --> |
| <!ELEMENT body ANY> |
| <!ELEMENT title (#PCDATA)> |
| |
| <!-- Elements of project.xml --> |
| <!ELEMENT project (title, logo, body)> |
| <!ATTLIST project name CDATA #REQUIRED> |
| <!ATTLIST project href CDATA #REQUIRED> |
| |
| <!ELEMENT logo (#PCDATA)> |
| <!ATTLIST logo href CDATA #REQUIRED> |
| |
| <!ELEMENT menu (item+)> |
| <!ATTLIST menu name CDATA #REQUIRED> |
| |
| <!ELEMENT item EMPTY> |
| <!ATTLIST item name CDATA #REQUIRED> |
| <!ATTLIST item href CDATA #REQUIRED> |
| |
| <!-- Elements of this document --> |
| <!ELEMENT properties (author*, title, no-comments) > |
| <!ELEMENT author (#PCDATA)> |
| <!ATTLIST author email CDATA #IMPLIED> |
| <!ELEMENT no-comments EMPTY> |
| |
| <!ELEMENT section (subsection)*> |
| <!ATTLIST section name CDATA #REQUIRED> |
| <!ATTLIST section rtext CDATA #IMPLIED> |
| |
| <!ELEMENT subsection (changelog+)> |
| <!ATTLIST subsection name CDATA #REQUIRED> |
| |
| <!ELEMENT changelog (add|update|fix|scode|docs|design)*> |
| <!ELEMENT add ANY> |
| <!ELEMENT update ANY> |
| <!ELEMENT fix ANY> |
| <!ELEMENT scode ANY> |
| <!ELEMENT docs ANY> |
| <!ELEMENT design ANY> |
| |
| <!ELEMENT bug (#PCDATA)> |
| <!ELEMENT rev (#PCDATA)> |
| <!ELEMENT pr (#PCDATA)> |
| |
| <!-- Random HTML markup tags. Add more here as needed. --> |
| <!ELEMENT a (#PCDATA)> |
| <!ATTLIST a href CDATA #REQUIRED> |
| <!ATTLIST a rel CDATA #IMPLIED> |
| |
| <!ELEMENT b (#PCDATA)> |
| <!ELEMENT code (#PCDATA)> |
| <!ELEMENT em (#PCDATA)> |
| <!ELEMENT strong (#PCDATA)> |
| <!ELEMENT tt (#PCDATA)> |
| ]> |
| <?xml-stylesheet type="text/xsl" href="tomcat-docs.xsl"?> |
| <document url="changelog.html"> |
| |
| &project; |
| |
| <properties> |
| <title>Changelog</title> |
| <no-comments /> |
| </properties> |
| |
| <body> |
| <!-- |
| Subsection ordering: |
| General, Catalina, Coyote, Jasper, Cluster, WebSocket, Web applications, |
| Extras, Tribes, jdbc-pool, Other |
| |
| Item Ordering: |
| |
| Fixes having an issue number are sorted by their number, ascending. |
| |
| There is no ordering by add/update/fix/scode/docs/design. |
| |
| Other fixed issues are added to the end of the list, chronologically. |
| They eventually become mixed with the numbered issues (i.e., numbered |
| issues do not "pop up" wrt. others). |
| --> |
| <section name="Tomcat 10.1.0-M6 (markt)"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Provide the DataSource in the constructor of |
| <code>DataSourceUserDatabase</code>, since it is always global. (remm) |
| </fix> |
| <fix> |
| Fix delete then create object manipulations with |
| <code>DataSourceUserDatabase</code>. (remm) |
| </fix> |
| <update> |
| Remove all deprecated code from the Servlet API to align Tomcat with |
| recent changes in the Jakarta Servlet specification project. (markt) |
| </update> |
| <add> |
| Add the current available Jakarta EE 10 schemas from the Jakarta EE |
| schema project. (markt) |
| </add> |
| <add> |
| Implement the new connection ID and request ID API for Servlet 6.0. |
| (markt) |
| </add> |
| <fix> |
| <bug>65553</bug>: Implement a work-around for a |
| <a href="https://bugs.openjdk.java.net/browse/JDK-8273874">JRE bug</a> |
| that can trigger a memory leak when using the JNDI realm. (markt) |
| </fix> |
| <fix> |
| <bug>65586</bug>: Fix the bloom filter used to improve performance of |
| archive file look ups in the web resources implementation so it works |
| correctly for directory lookups whether or not the provided directory |
| name includes the trailing <code>/</code>. (markt) |
| </fix> |
| <fix> |
| <pr>451</pr>: Improve the usefulness of the thread name cache used in |
| JULI. Pull request provided by t-gergely. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>65563</bug>: Correct parsing of HTTP <code>Content-Range</code> |
| headers. Tomcat was incorrectly requiring an <code>=</code> character |
| after <code>bytes</code>. Fix based on pull request <pr>449</pr> by |
| Thierry Guérin. (markt) |
| </fix> |
| <fix> |
| Correct a potential <code>StackOverflowException</code> with HTTP/2 and |
| sendfile. (markt) |
| </fix> |
| <fix> |
| Further improvements in the management of the connection flow control |
| window. This addresses various bugs that what cause streams to |
| incorrectly report that they had timed out waiting for an allocation |
| from the connection flow control window. (markt) |
| </fix> |
| <fix> |
| <bug>65577</bug>: Fix a <code>AccessControlException</code> reporting |
| when running an NIO2 connector with TLS enabled. (markt) |
| </fix> |
| <update> |
| Reclassify TLS ciphers that use AESCCM8 as medium security rather than |
| high security to align with recent changes in OpenSSL. (markt) |
| </update> |
| <fix> |
| Fix an issue that caused some Servlet non-blocking API reads of the HTTP |
| request body to incorrectly use blocking IO. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <scode> |
| Deprecate <code>ELResolver.getFeatureDescriptors</code> to align Tomcat |
| with recent updates in the Jakarta EL specification project. (markt) |
| </scode> |
| <add> |
| Add support for default methods to <code>BeanRELResolver</code> to align |
| Tomcat with recent updates in the Jakarta EL specification project. |
| (markt) |
| </add> |
| <add> |
| Add support for <code>MethodReference</code> and the associated getter |
| on <code>MehtodExpression</code> to align Tomcat with recent updates in |
| the Jakarta EL specification project. (markt) |
| </add> |
| <add> |
| Refactor <code>ScopedAttributeELResolver</code> to separate out the |
| functionality that is unrelated to scoped attributes into two new |
| resolvers: <code>ImportELResolver</code> and |
| <code>NotFoundELResolver</code>. This aligns Tomcat with recent updates |
| to the Jakarta Server Pages specification. (markt) |
| </add> |
| <fix> |
| Fix the implementation of <code>MethodExpression.getMethodInfo()</code> |
| so that it returns the expected value rather than failing when the |
| method expression is defined with the parameter values in the expression |
| rather than the types being passed explicitly to |
| <code>ExpressionFactory.createMethodExpression()</code>. (markt) |
| </fix> |
| <add> |
| Add support for a new page/tag directive <code>errorOnELNotFound</code> |
| that can be used to trigger an identifier if an EL expression in a |
| page/tag contains an identifier that cannot be resolved. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| The internal upgrade handler should close the associated |
| <code>WebConnection</code> on destroy. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <update> |
| Update the web applications that are included with Apache Tomcat to use |
| the Jakarta EE 10 schema for web.xml. (markt) |
| </update> |
| <fix> |
| Clarify the JASPIC configuration options in the documentation web |
| application. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| <bug>65585</bug>: Update obsolete comments at the start of the |
| <code>build.properties.default</code> file. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.1.0-M5 (markt)" rtext="release in progress"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Enable Tomcat to start if an (old) XML parser is configured that does |
| not support <code>allow-java-encodings</code>. A warning will be logged |
| if such an XML parser is detected. (markt) |
| </fix> |
| <fix> |
| Change the behaviour of custom error pages. If an error occurs after the |
| response is committed, once the custom error page content has been added |
| to the response the connection is now closed immediately rather than |
| closed cleanly. i.e. the last chunk that marks the end of the response |
| body is no longer sent. This acts as an additional signal to the client |
| that the request experienced an error. (markt) |
| </fix> |
| <fix> |
| <bug>65479</bug>: When handling requests using JASPIC authentication, |
| ensure that <code>PasswordValidationCallback.getResult()</code> returns |
| the result of the password validation rather than always returning |
| <code>false</code>. Fixed via pull request <pr>438</pr> provided by |
| Robert Rodewald. (markt) |
| </fix> |
| <update> |
| Improve the reusability of the <code>UserDatabase</code> by adding |
| intermediate concrete implementation classes and allowing to do |
| partial database updates on <code>save</code>. (remm) |
| </update> |
| <scode> |
| Refactor the authenticators to delegate the check for preemptive |
| authentication to the individual authenticators where an authentication |
| scheme specific check can be performed. Based on pull request |
| <pr>444</pr> by Robert Rodewald. (markt) |
| </scode> |
| <add> |
| Add a <code>UserDatabase</code> implementation as a superset of the |
| <code>DataSourceRealm</code> functionality. (remm) |
| </add> |
| <fix> |
| Make sure the dynamic Principal returned by |
| <code>UserDatabaseRealm</code> stays up to date with the database |
| contents, and add an option to have it be static, similar to the other |
| realms. (remm) |
| </fix> |
| <add> |
| Add <code>derby-*.jar</code> to the list of JARs to skip when scanning |
| for TLDs, web fragments and annotations. (markt) |
| </add> |
| <fix> |
| <pr>447</pr>. Correct JPMS metadata for catalina.jar. Pull request |
| provided by Hui Wang. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Correct a logic error that meant setting |
| <code>certificateKeystoreFile</code> to <code>NONE</code> did not have |
| the expected effect. <code>NONE</code> was incorrectly treated as a file |
| path. Patch provided by Mikael Sterner. (markt) |
| </fix> |
| <scode> |
| Remove the deprecated APR/Native connector which includes the HTTP APR |
| and the AJP APR connector. Also remove the Java interfaces to the |
| APR/Native library that are not used by the OpenSSL integration for the |
| NIO and NIO2 connectors. (markt) |
| </scode> |
| <scode> |
| Refactor the JSSE/OpenSSL integration to avoid the use of |
| <code>finalize()</code>. (markt) |
| </scode> |
| <fix> |
| <bug>65505</bug>: When an HTTP header value is removed, ensure that the |
| order of the remaining header values is unchanged. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| <bug>65506</bug>: Fix write timeout check that was using the read |
| timeout value. Patch submitted by Gustavo Mahlow. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| Remove unnecessary Context settings from the examples web application. |
| (markt) |
| </fix> |
| <fix> |
| Document default value for <code>unpackWARs</code> and related clean-up. |
| Pull request <pr>439</pr> provided by Robert Rodewald. (markt) |
| </fix> |
| <fix> |
| Clarify the documentation of the <code>compressionMinSize</code> and |
| <code>compressibleMimeType</code> HTTP <code>Connector</code> |
| attributes. Pull request <pr>442</pr> provided by crisgeek. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Tribes"> |
| <changelog> |
| <scode> |
| Refactor the <code>ParallelNioSender</code> to avoid the use of |
| <code>finalize()</code>. (markt) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| Fix failing build when building on non-English locales. Pull request |
| <pr>441</pr> provided by Dachuan J. (markt) |
| </fix> |
| <update> |
| Update to JSign version 4.0 to enable code signing without the need for |
| the installation of additional client tools. (markt) |
| </update> |
| <update> |
| Add Apache Derby 10.15.2.0 to the testsuite dependencies, for JDBC |
| and DataSource testing. (remm) |
| </update> |
| <add> |
| Update the internal fork of Apache Commons BCEL to 40d5eb4 (2021-09-01, |
| 6.6.0-SNAPSHOT). Code clean-up only. (markt) |
| </add> |
| <add> |
| Update the internal fork of Apache Commons Codec to fd44e6b (2021-09-01, |
| 1.16-SNAPSHOT). Minor refactoring. (markt) |
| </add> |
| <add> |
| Update the internal fork of Apache Commons FileUpload to 33d2d79 |
| (2021-09-01, 2.0-SNAPSHOT). Refactoring and code clean-up. (markt) |
| </add> |
| <add> |
| Update the internal fork of Apache Commons Pool to 2.11.1 (2021-08-17). |
| Improvements, code clean-up and refactoring. (markt) |
| </add> |
| <add> |
| Update the internal fork of Apache Commons DBCP to 2.9.0 (2021-08-03). |
| Improvements, code clean-up and refactoring. (markt) |
| </add> |
| <update> |
| Update the packaged version of the Tomcat Native Library to 1.2.31 to |
| pick up Windows binaries built with OpenSSL 1.1.1l.(markt) |
| </update> |
| <update> |
| Switch to the CDN as the primary download location for ASF dependencies. |
| (markt) |
| </update> |
| <add> |
| Improvements to Chinese translations contributed by syseal, wolibo, |
| ZhangJieWen and DigitalFatCat. (markt) |
| </add> |
| <add> |
| Improvements to French translations. (remm) |
| </add> |
| <add> |
| Improvements to Japanese translations contributed by tak7iji. (markt) |
| </add> |
| <add> |
| Improvements to Korean translations. (woonsan) |
| </add> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.1.0-M4 (markt)" rtext="2021-08-06"> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| Correct a regression in the Java 8 to Java 11 changes made in 10.1.0-M3 |
| that caused all WebSocket end points to fail to register. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.1.0-M3 (markt)" rtext="not released"> |
| <subsection name="General"> |
| <changelog> |
| <update> |
| Update the minimum required Java version to Java 11. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <scode> |
| Incremented the supported Jakarta Servlet version to 6.0 to align with |
| the current development branch of the Jakarta Servlet specification. |
| Plans have changed and the next iteration of the Servlet specification |
| will be 6.0 rather than 5.1. (markt) |
| </scode> |
| <fix> |
| <bug>65411</bug>: Always close the connection when an uncaught |
| <code>NamingException</code> occurs to avoid connection locking. |
| Submitted by Ole Ostergaard. (remm) |
| </fix> |
| <fix> |
| <bug>65433</bug>: Correct a regression in the fix for <bug>65397</bug> |
| where a <code>StringIndexOutOfBoundsException</code> could be triggered |
| if the canonical path of the target of a symlink was shorter than the |
| canonical path of the directory in which the symlink had been created. |
| Patch provided by Cedomir Igaly. (markt) |
| </fix> |
| <add> |
| <bug>65443</bug>: Refactor the <code>CorsFilter</code> to make it easier |
| to extend. (markt) |
| </add> |
| <fix> |
| To avoid unnecessary cache revalidation, do not add an HTTP |
| <code>Expires</code> header when setting adding an HTTP header of |
| <code>CacheControl: private</code>. (markt) |
| </fix> |
| <scode> |
| Refactor JULI's custom <code>LogManager</code>, the |
| web application class loader implementation, the web resources |
| implementation, the <code>JreLeakPreventionListener</code> |
| implementation and the <code>StandardJarScanner</code> implementation to |
| remove Java 8 specific code now that the minimum Java version has been |
| increased to 11. (markt) |
| </scode> |
| <scode> |
| Remove all references to the endorsed standards override feature and the |
| specifying of optional packages (extensions) in the manifest as these |
| are not supported in Java 11. (markt) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| When writing an HTTP/2 response via sendfile (only enabled when |
| <code>useAsyncIO</code> is true) the connection flow control window was |
| sometimes ignored leading to various error conditions. sendfile now |
| checks both the stream and connection flow control windows before |
| writing. (markt) |
| </fix> |
| <add> |
| Add debug logging for writing an HTTP/2 response via sendfile. (markt) |
| </add> |
| <fix> |
| Correct bugs in the HTTP/2 connection flow control management that meant |
| it was possible for a connection to stall waiting for a connection flow |
| control window update that had already arrived. Any streams on that |
| connection that were trying to write when this happened would time out. |
| (markt) |
| </fix> |
| <fix> |
| <bug>65448</bug>: When using TLS with NIO, it was possible for a |
| blocking response write to hang just before the final TLS packet |
| associated with the response until the connection timed out at which |
| point the final packet would be sent and the connection closed. (markt) |
| </fix> |
| <fix> |
| <bug>65454</bug>: Fix a race condition that could result in a delay to |
| a new request. The new request could be queued to wait for an existing |
| request to finish processing rather than the thread pool creating a new |
| thread to process the new request. (markt) |
| </fix> |
| <fix> |
| <bug>65460</bug>: Correct a regression introduced in the previous |
| release in the change to reduce the number of small HTTP/2 window |
| updates sent for streams. A logic error meant that small window updates |
| for the connection were dropped. This meant that the connection flow |
| window slowly reduced over time until nothing could be sent. (markt) |
| </fix> |
| <fix> |
| Remove NIO workarounds and code that is no longer needed with Java 11. |
| (remm) |
| </fix> |
| <scode> |
| Refactor the endpoints to remove Java 8 specific code now that the |
| minimum Java version has been increased to 11. (markt) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <scode> |
| Add additional generics to the EL API to align with the latest changes |
| in the EL specification project. (markt) |
| </scode> |
| <add> |
| Enable EL lambda expressions to be coerced to functional interfaces. |
| This is an implementation of a proposed extension to the Jakarta |
| Expression Language specification. (markt) |
| </add> |
| <scode> |
| Refactor the EL API and implementation to remove Java 8 specific code |
| now that the minimum Java version has been increased to 11. (markt) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <scode> |
| Refactor the WebSocket implementation to remove Java 8 specific code now |
| that the minimum Java version has been increased to 11. (markt) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| <bug>65404</bug>: Correct a regression in the fix for <bug>63362</bug> |
| that caused the server status page in the Manager web application to be |
| truncated if HTTP upgrade was used such as when starting a WebSocket |
| connection. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <add> |
| Improvements to Chinese translations contributed by ZhangJieWen and |
| chengzheyan. (markt) |
| </add> |
| <add> |
| Improvements to French translations. (remm) |
| </add> |
| <add> |
| Improvements to Japanese translations contributed by tak7iji. (markt) |
| </add> |
| <add> |
| Improvements to Korean translations. (woonsan) |
| </add> |
| <fix> |
| Use of GraalVM native images no longer automatically disables JMX |
| support. JMX support may still be disabled by calling |
| <code>org.apache.tomcat.util.modeler.Registry.disableRegistry()</code>. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.1.0-M2 (markt)" rtext="2021-07-02"> |
| <subsection name="Catalina"> |
| <changelog> |
| <scode> |
| Refactor the <code>RemoteIpValve</code> to use the common utility method |
| for list to comma separated string conversion. (markt) |
| </scode> |
| <scode> |
| Refactor <code>JNDIRealm$JNDIConnection</code> so its fields are |
| accessible to sub-classes of <code>JNDIRealm</code>. (markt) |
| </scode> |
| <fix> |
| Fix serialization warnings in <code>UserDatabasePrincipal</code> |
| reported by SpotBugs. (markt) |
| </fix> |
| <fix> |
| <bug>65397</bug>: Calls to |
| <code>ServletContext.getResourcePaths()</code> no longer include |
| symbolic links in the results unless <code>allowLinking</code> has been |
| set to <code>true</code>. If a resource is skipped because of this |
| change, a warning will be logged as this typically indicates a |
| configuration issue. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>65368</bug>: Improve handling of clean closes of inbound TLS |
| connections. Treat them the same way as clean closes of non-TLS |
| connections rather than as unknown errors. (markt) |
| </fix> |
| <fix> |
| Modify the HTTP/2 connector not to sent small updates for stream flow |
| control windows to the user agent as, depending on how the user agent is |
| written, this may trigger small writes from the user agent that in turn |
| trigger the overhead protection. Small updates for stream flow control |
| windows are now combined with subsequent flow control window updates for |
| that stream to ensure that all stream flow control window updates sent |
| from Tomcat are larger than <code>overheadWindowUpdateThreshold</code>. |
| (markt) |
| </fix> |
| <add> |
| Add additional debug logging to track the current state of the HTTP/2 |
| overhead count that Tomcat uses to detect and close potentially |
| malicious connections. (markt) |
| </add> |
| <update> |
| Many HTTP/2 requests from browsers will trigger one overhead frame and |
| one non-overhead frame. Change the overhead calculation so that a |
| non-overhead frame reduces the current overhead count by 2 rather than |
| 1. This means that, over time, the overhead count for a well-behaved |
| connection will trend downwards. (markt) |
| </update> |
| <update> |
| Change the initial HTTP/2 overhead count from <code>-10</code> to |
| <code>-10 * overheadCountFactor</code>. This means that, regardless of |
| the value chosen for <code>overheadCountFactor</code>, when a connection |
| opens 10 overhead frames in a row will be required to trigger the |
| overhead protection. (markt) |
| </update> |
| <update> |
| Increase the default <code>overheadCountFactor</code> from |
| <code>1</code> to <code>10</code> and change the reduction in overhead |
| count for a non-overhead frame from <code>-2</code> to <code>-20</code>. |
| This allows for a larger range (0-20) to be used for |
| <code>overheadCountFactor</code> providing for finer-grained control. |
| (markt) |
| </update> |
| <fix> |
| Modify the parsing of HTTP header values that use the |
| <code>1#token</code> to ignore empty elements as per RFC 7230 section 7 |
| instead of treating the presence of empty elements as an error. (markt) |
| </fix> |
| <fix> |
| Expand the unit tests for <code>HttpServlet.doHead()</code> and correct |
| the flushing of the response buffer. The buffer used to behave as if it |
| was one byte smaller than the configured size. The buffer was flushed |
| (and the response committed if required) when the buffer was full. The |
| buffer is now flushed (and the response committed if required) if the |
| buffer is full and there is more data to write. (markt) |
| </fix> |
| <fix> |
| Fix an issue where concurrent HTTP/2 writes (or concurrent reads) to the |
| same connection could hang and eventually timeout when async IO was |
| enabled (it is enabled by default). (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>65387</bug>: Correct a regression in the fix for <bug>65124</bug> |
| and restore the local definition of <code>out</code> for tags that |
| implement <code>TryCatchFinally</code>. (markt) |
| </fix> |
| <fix> |
| <bug>65390</bug>: Correct a regression in the fix for <bug>65124</bug> |
| and restore code that was removed in error leading to JSP compilation |
| failures in some circumstances. (markt) |
| </fix> |
| <update> |
| Update to the Eclipse JDT compiler 4.20. (markt) |
| </update> |
| <add> |
| Add support for specifying Java 17 (with the value <code>17</code>) as |
| the compiler source and/or compiler target for JSP compilation. If used |
| with an Eclipse JDT compiler version that does not support these values, |
| a warning will be logged and the latest supported version will used. |
| (markt) |
| </add> |
| <fix> |
| <bug>65377</bug>: Update the Java code generation for JSPs not to use |
| the boxed primitive constructors as they have been deprecated in Java 9 |
| and marked for future removal in Java 16. <code>valueOf()</code> is now |
| used instead. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <scode> |
| Refactor the <code>DigestAuthenticator</code> to reuse a shared |
| <code>SecureRandom</code> instance rather than create a new one to |
| generate the <code>cnonce</code> if required. (markt) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| <bug>65385</bug>: Correct the link in the documentation web application |
| the Maven Central repository. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <add> |
| Use JSign to integrate the build script with the code signing service to |
| enable release builds to be created on Linux as well as Windows. (markt) |
| </add> |
| <update> |
| Update the OWB module to Apache OpenWebBeans 2.0.23. (remm) |
| </update> |
| <update> |
| Update the CXF module to Apache CXF 3.4.4. (remm) |
| </update> |
| <fix> |
| <bug>65369</bug> / <pr>422</pr>: Add the additional |
| <code>--add-opens=...</code> options required for running Tomcat on Java |
| 16 onwards to the <code>service.bat</code> script to align it with the |
| other start-up scripts. PR provided by MCMicS. (markt) |
| </fix> |
| <add> |
| Improvements to French translations. (remm) |
| </add> |
| <add> |
| Improvements to Korean translations. (woonsan) |
| </add> |
| <update> |
| Update JUnit to version 4.13.2. (markt) |
| </update> |
| <update> |
| Update EasyMock to 4.3. (markt) |
| </update> |
| <update> |
| Update Objenesis to 3.2. (markt) |
| </update> |
| <update> |
| Update UnboundID to 6.0.0. (markt) |
| </update> |
| <update> |
| Update CheckStyle to 8.43. (markt) |
| </update> |
| <update> |
| Update SpotBugs to 4.2.3. (markt) |
| </update> |
| <update> |
| Update OSGi annotations to 1.1.0. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.1.0-M1 (markt)" rtext="2021-06-15"> |
| <subsection name="General"> |
| <changelog> |
| <scode> |
| This release contains all of the changes up to and including those in |
| Apache Tomcat 10.0.6 plus the additional changes listed below. (markt) |
| </scode> |
| <scode> |
| Remove code previously marked for removal in Tomcat 10.1.x. (markt) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <scode> |
| Incremented the supported Jakarta Servlet version to 5.1 to align with |
| the current development branch of the Jakarta Servlet specification. |
| (markt) |
| </scode> |
| <fix> |
| <bug>65301</bug>: <code>RemoteIpValve</code> will now avoid getting |
| the local host name when it is not needed. (remm) |
| </fix> |
| <fix> |
| <bug>65308</bug>: NPE in JNDIRealm when no <code>userRoleAttribute</code> |
| is given. (fschumacher) |
| </fix> |
| <add> |
| <pr>412</pr>: Add commented out, sample users for the Tomcat Manager app |
| to the default <code>tomcat-users.xml</code> file. Based on a PR by |
| Arnaud Dagnelies. (markt) |
| </add> |
| <add> |
| <pr>418</pr>: Add a new option, <code>pass-through</code>, to the |
| default servlet's <code>useBomIfPresent</code> initialization parameter |
| that causes the default servlet to leave any BOM in place when |
| processing a static file and not to use the BOM to determine the |
| encoding of the file. Based on a pull request by Jean-Louis Monteiro. |
| (markt) |
| </add> |
| <fix> |
| <pr>419</pr>: When processing POST requests of type |
| <code>multipart/form-data</code> for parts without a filename that are |
| added to the parameter map in String form, check the size of the part |
| before attempting conversion to String. Pull request provided by |
| tianshuang. (markt) |
| </fix> |
| <add> |
| Implement the new <code>Cookie</code> methods |
| <code>setAttribute()</code>, <code>getAttribute()</code> and |
| <code>getAttributes()</code> introduced in Servlet 6.0. (markt) |
| </add> |
| <fix> |
| AprLifecycleListener does not show dev version suffix for libtcnative |
| and libapr. (michaelo) |
| </fix> |
| <update> |
| Refactor principal handling in <code>UserDatabaseRealm</code> using |
| an inner class that extends <code>GenericPrincipal</code>. (remm) |
| </update> |
| <fix> |
| Enable the default <code>doHead()</code> implementation in |
| <code>HttpServlet</code> to correctly handle responses where the content |
| length needs to be represented as a long since it is larger than the |
| maximum value that can be represented by an int. (markt) |
| </fix> |
| <fix> |
| Avoid synchronization on roles verification for the memory |
| <code>UserDatabase</code>. (remm) |
| </fix> |
| <fix> |
| Fix the default <code>doHead()</code> implementation in |
| <code>HttpServlet</code> to correctly handle responses where the Servlet |
| calls <code>ServletResponse.reset()</code> and/or |
| <code>ServletResponse.resetBuffer()</code>. (markt) |
| </fix> |
| <fix> |
| Fix the default <code>doHead()</code> implementation in |
| <code>HttpServlet</code> to correctly handle responses generated using |
| the Servlet non-blocking API. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>65303</bug>: Fix a possible <code>NullPointerException</code> if |
| an error occurs on an HTTP/1.1 connection being upgraded to HTTP/2 or on |
| a pushed HTTP/2 stream. (markt) |
| </fix> |
| <update> |
| Simplify AprEndpoint socket bind for all platforms. (michaelo) |
| </update> |
| <fix> |
| <bug>65340</bug>: Add missing check for a negative return value for |
| <code>Hpack.decodeInteger</code> in the <code>HpackDecoder</code>, |
| which could cause a <code>NegativeArraySizeException</code> exception. |
| Submitted by Thomas, and verified the fix is present in the donated |
| hpack code in a further update. (remm) |
| </fix> |
| <add> |
| Add debug logging for HTTP/2 HPACK header decoding. (markt) |
| </add> |
| <fix> |
| Correct parsing of HTTP headers consisting of a list of tokens so that a |
| header with an empty token is treated consistently regardless of whether |
| the empty token is at the start, middle or end of the list of tokens. |
| (markt) |
| </fix> |
| <fix> |
| Remove support for the <code>identity</code> transfer encoding. The |
| inclusion of this encoding in RFC 2616 was an error that was corrected |
| in 2001. Requests using this transfer encoding will now receive a 501 |
| response. (markt) |
| </fix> |
| <fix> |
| Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1 |
| clients. (markt) |
| </fix> |
| <fix> |
| Ensure that if the transfer encoding header contains the |
| <code>chunked</code>, that the <code>chunked</code> encoding is the |
| final encoding listed. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <scode> |
| Incremented the supported Jakarta Expression Language version to 5.0 to |
| align with the current development branch of the Jakarta Expression |
| Language specification. (markt) |
| </scode> |
| <scode> |
| Review code used to generate Java source from JSPs and tags and remove |
| code found to be unnecessary. (markt) |
| </scode> |
| <scode> |
| Refactor use of internal <code>ChildInfo</code> class to use compile |
| time type checking rather than run time type checking. (markt) |
| </scode> |
| <fix> |
| <bug>65124</bug>: Partial fix. When generating Java source code to call |
| a tag handler, only define the local variable <code>JspWriter out</code> |
| when it is going to be used. (markt) |
| </fix> |
| <scode> |
| Add generics to the EL 5.0 API to align with the current EL 5.0 |
| development branch. (markt) |
| </scode> |
| <update> |
| Update the <code>web-fragment.xml</code> included in |
| <code>jasper.jar</code> and <code>jasper-el.jar</code> to use the |
| Servlet 5.0 schema. (markt) |
| </update> |
| <fix> |
| Update JspC to generate <code>web.xml</code> and |
| <code>web-fragment.xml</code> files using Servlet 5.0 schemas. (markt) |
| </fix> |
| <scode> |
| Remove the deprecated method |
| <code>MethodExpression.getParmetersProvided()</code> from the EL API to |
| align with the current EL 5.0 development branch. (markt) |
| </scode> |
| <fix> |
| <bug>65358</bug>: Improve expression language method matching for |
| methods with varargs. Where multiple methods may match the provided |
| parameters, the method that requires the fewest varargs is preferred. |
| (markt) |
| </fix> |
| <add> |
| <bug>65332</bug>: Add a commented out section in |
| <code>catalina.policy</code> that provides the necessary permissions to |
| compile JSPs with javac when running on Java 9 onwards with a security |
| manager. It is commented out as it will cause errors if used with |
| earlier Java versions. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| <bug>65317</bug>: When using <code>permessage-deflate</code>, the |
| WebSocket connection was incorrectly closed if the uncompressed payload |
| size was an exact multiple of 8192. Based on a patch provided by Saksham |
| Verma. (markt) |
| </fix> |
| <update> |
| Update the <code>web-fragment.xml</code> included in |
| <code>tomcat-websocket.jar</code> to use the Servlet 5.0 schema. (markt) |
| </update> |
| <fix> |
| <bug>65342</bug>: Correct a regression introduced with the fix for |
| <bug>65262</bug> that meant Tomcat's WebSocket implementation would only |
| work with Tomcat's implementation of the Jakarta WebSocket API. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| Improve the description of the <code>maxConnections</code> and |
| <code>acceptCount</code> attributes in the Connector section of the |
| documentation web application. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <add> |
| Improvements to French translations. (remm) |
| </add> |
| <add> |
| Improvements to Korean translations. (woonsan) |
| </add> |
| <fix> |
| <bug>65362</bug>: Correct a regression in the previous release. The |
| change to create OSGi <code>Require-Capability</code> sections in |
| manifests for Jakarta API JARs manually rather than with bnd annotations |
| did not add the necessary manual entries to the embedded JARs. (markt) |
| </fix> |
| <update> |
| Update the packaged version of the Tomcat Native Library to 1.2.30. Also |
| update the minimum recommended version to 1.2.30. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| </body> |
| </document> |