| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <!DOCTYPE document [ |
| <!ENTITY project SYSTEM "project.xml"> |
| |
| <!-- DTD is used to validate changelog structure at build time. BZ 64931. --> |
| |
| <!ELEMENT document (project?, properties, body)> |
| <!ATTLIST document url CDATA #REQUIRED> |
| |
| <!-- body and title are used both in project.xml and in this document --> |
| <!ELEMENT body ANY> |
| <!ELEMENT title (#PCDATA)> |
| |
| <!-- Elements of project.xml --> |
| <!ELEMENT project (title, logo, body)> |
| <!ATTLIST project name CDATA #REQUIRED> |
| <!ATTLIST project href CDATA #REQUIRED> |
| |
| <!ELEMENT logo (#PCDATA)> |
| <!ATTLIST logo href CDATA #REQUIRED> |
| |
| <!ELEMENT menu (item+)> |
| <!ATTLIST menu name CDATA #REQUIRED> |
| |
| <!ELEMENT item EMPTY> |
| <!ATTLIST item name CDATA #REQUIRED> |
| <!ATTLIST item href CDATA #REQUIRED> |
| |
| <!-- Elements of this document --> |
| <!ELEMENT properties (author*, title, no-comments) > |
| <!ELEMENT author (#PCDATA)> |
| <!ATTLIST author email CDATA #IMPLIED> |
| <!ELEMENT no-comments EMPTY> |
| |
| <!ELEMENT section (subsection)*> |
| <!ATTLIST section name CDATA #REQUIRED> |
| <!ATTLIST section rtext CDATA #IMPLIED> |
| |
| <!ELEMENT subsection (changelog+)> |
| <!ATTLIST subsection name CDATA #REQUIRED> |
| |
| <!ELEMENT changelog (add|update|fix|scode|docs|design)*> |
| <!ELEMENT add ANY> |
| <!ELEMENT update ANY> |
| <!ELEMENT fix ANY> |
| <!ELEMENT scode ANY> |
| <!ELEMENT docs ANY> |
| <!ELEMENT design ANY> |
| |
| <!ELEMENT bug (#PCDATA)> |
| <!ELEMENT rev (#PCDATA)> |
| <!ELEMENT pr (#PCDATA)> |
| |
| <!-- Random HTML markup tags. Add more here as needed. --> |
| <!ELEMENT a (#PCDATA)> |
| <!ATTLIST a href CDATA #REQUIRED> |
| <!ATTLIST a rel CDATA #IMPLIED> |
| |
| <!ELEMENT b (#PCDATA)> |
| <!ELEMENT code (#PCDATA)> |
| <!ELEMENT em (#PCDATA)> |
| <!ELEMENT strong (#PCDATA)> |
| <!ELEMENT tt (#PCDATA)> |
| ]> |
| <?xml-stylesheet type="text/xsl" href="tomcat-docs.xsl"?> |
| <document url="changelog.html"> |
| |
| &project; |
| |
| <properties> |
| <title>Changelog</title> |
| <no-comments /> |
| </properties> |
| |
| <body> |
| <!-- |
| Subsection ordering: |
| General, Catalina, Coyote, Jasper, Cluster, WebSocket, Web applications, |
| Extras, Tribes, jdbc-pool, Other |
| |
| Item Ordering: |
| |
| Fixes having an issue number are sorted by their number, ascending. |
| |
| There is no ordering by add/update/fix/scode/docs/design. |
| |
| Other fixed issues are added to the end of the list, chronologically. |
| They eventually become mixed with the numbered issues (i.e., numbered |
| issues do not "pop up" wrt. others). |
| --> |
| <section name="Tomcat 10.0.9 (markt)" rtext="in development"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>65411</bug>: Always close the connection when an uncaught |
| <code>NamingException</code> occurs to avoid connection locking. |
| Submitted by Ole Ostergaard. (remm) |
| </fix> |
| <fix> |
| <bug>65433</bug>: Correct a regression in the fix for <bug>65397</bug> |
| where a <code>StringIndexOutOfBoundsException</code> could be triggered |
| if the canonical path of the target of a symlink was shorter than the |
| canonical path of the directory in which the symlink had been created. |
| Patch provided by Cedomir Igaly. (markt) |
| </fix> |
| <add> |
| <bug>65443</bug>: Refactor the <code>CorsFilter</code> to make it easier |
| to extend. (markt) |
| </add> |
| <fix> |
| To avoid unnecessary cache revalidation, do not add an HTTP |
| <code>Expires</code> header when setting adding an HTTP header of |
| <code>CacheControl: private</code>. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| When writing an HTTP/2 response via sendfile (only enabled when |
| <code>useAsyncIO</code> is true) the connection flow control window was |
| sometimes ignored leading to various error conditions. sendfile now |
| checks both the stream and connection flow control windows before |
| writing. (markt) |
| </fix> |
| <add> |
| Add debug logging for writing an HTTP/2 response via sendfile. (markt) |
| </add> |
| <fix> |
| Correct bugs in the HTTP/2 connection flow control management that meant |
| it was possible for a connection to stall waiting for a connection flow |
| control window update that had already arrived. Any streams on that |
| connection that were trying to write when this happened would time out. |
| (markt) |
| </fix> |
| <fix> |
| <bug>65448</bug>: When using TLS with NIO, it was possible for a |
| blocking response write to hang just before the final TLS packet |
| associated with the response until the connection timed out at which |
| point the final packet would be sent and the connection closed. (markt) |
| </fix> |
| <fix> |
| <bug>65454</bug>: Fix a race condition that could result in a delay to |
| a new request. The new request could be queued to wait for an existing |
| request to finish processing rather than the thread pool creating a new |
| thread to process the new request. (markt) |
| </fix> |
| <fix> |
| <bug>65460</bug>: Correct a regression introduced in the previous |
| release in the change to reduce the number of small HTTP/2 window |
| updates sent for streams. A logic error meant that small window updates |
| for the connection were dropped. This meant that the connection flow |
| window slowly reduced over time until nothing could be sent. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| <bug>65404</bug>: Correct a regression in the fix for <bug>63362</bug> |
| that caused the server status page in the Manager web application to be |
| truncated if HTTP upgrade was used such as when starting a WebSocket |
| connection. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <add> |
| Improvements to Chinese translations contributed by ZhangJieWen and |
| chengzheyan. (markt) |
| </add> |
| <add> |
| Improvements to French translations. (remm) |
| </add> |
| <add> |
| Improvements to Japanese translations contributed by tak7iji. (markt) |
| </add> |
| <add> |
| Improvements to Korean translations. (woonsan) |
| </add> |
| <fix> |
| Use of GraalVM native images no longer automatically disables JMX |
| support. JMX support may still be disabled by calling |
| <code>org.apache.tomcat.util.modeler.Registry.disableRegistry()</code>. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.8 (markt)" rtext="2021-07-02"> |
| <subsection name="Catalina"> |
| <changelog> |
| <scode> |
| Refactor the <code>RemoteIpValve</code> to use the common utility method |
| for list to comma separated string conversion. (markt) |
| </scode> |
| <scode> |
| Refactor <code>JNDIRealm$JNDIConnection</code> so its fields are |
| accessible to sub-classes of <code>JNDIRealm</code>. (markt) |
| </scode> |
| <fix> |
| Fix serialization warnings in <code>UserDatabasePrincipal</code> |
| reported by SpotBugs. (markt) |
| </fix> |
| <fix> |
| <bug>65397</bug>: Calls to |
| <code>ServletContext.getResourcePaths()</code> no longer include |
| symbolic links in the results unless <code>allowLinking</code> has been |
| set to <code>true</code>. If a resource is skipped because of this |
| change, a warning will be logged as this typically indicates a |
| configuration issue. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>65368</bug>: Improve handling of clean closes of inbound TLS |
| connections. Treat them the same way as clean closes of non-TLS |
| connections rather than as unknown errors. (markt) |
| </fix> |
| <fix> |
| Modify the HTTP/2 connector not to sent small updates for stream flow |
| control windows to the user agent as, depending on how the user agent is |
| written, this may trigger small writes from the user agent that in turn |
| trigger the overhead protection. Small updates for stream flow control |
| windows are now combined with subsequent flow control window updates for |
| that stream to ensure that all stream flow control window updates sent |
| from Tomcat are larger than <code>overheadWindowUpdateThreshold</code>. |
| (markt) |
| </fix> |
| <add> |
| Add additional debug logging to track the current state of the HTTP/2 |
| overhead count that Tomcat uses to detect and close potentially |
| malicious connections. (markt) |
| </add> |
| <update> |
| Many HTTP/2 requests from browsers will trigger one overhead frame and |
| one non-overhead frame. Change the overhead calculation so that a |
| non-overhead frame reduces the current overhead count by 2 rather than |
| 1. This means that, over time, the overhead count for a well-behaved |
| connection will trend downwards. (markt) |
| </update> |
| <update> |
| Change the initial HTTP/2 overhead count from <code>-10</code> to |
| <code>-10 * overheadCountFactor</code>. This means that, regardless of |
| the value chosen for <code>overheadCountFactor</code>, when a connection |
| opens 10 overhead frames in a row will be required to trigger the |
| overhead protection. (markt) |
| </update> |
| <update> |
| Increase the default <code>overheadCountFactor</code> from |
| <code>1</code> to <code>10</code> and change the reduction in overhead |
| count for a non-overhead frame from <code>-2</code> to <code>-20</code>. |
| This allows for a larger range (0-20) to be used for |
| <code>overheadCountFactor</code> providing for finer-grained control. |
| (markt) |
| </update> |
| <fix> |
| Modify the parsing of HTTP header values that use the |
| <code>1#token</code> to ignore empty elements as per RFC 7230 section 7 |
| instead of treating the presence of empty elements as an error. (markt) |
| </fix> |
| <fix> |
| Expand the unit tests for <code>HttpServlet.doHead()</code> and correct |
| the flushing of the response buffer. The buffer used to behave as if it |
| was one byte smaller than the configured size. The buffer was flushed |
| (and the response committed if required) when the buffer was full. The |
| buffer is now flushed (and the response committed if required) if the |
| buffer is full and there is more data to write. (markt) |
| </fix> |
| <fix> |
| Fix an issue where concurrent HTTP/2 writes (or concurrent reads) to the |
| same connection could hang and eventually timeout when async IO was |
| enabled (it is enabled by default). (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>65387</bug>: Correct a regression in the fix for <bug>65124</bug> |
| and restore the local definition of <code>out</code> for tags that |
| implement <code>TryCatchFinally</code>. (markt) |
| </fix> |
| <fix> |
| <bug>65390</bug>: Correct a regression in the fix for <bug>65124</bug> |
| and restore code that was removed in error leading to JSP compilation |
| failures in some circumstances. (markt) |
| </fix> |
| <update> |
| Update to the Eclipse JDT compiler 4.20. (markt) |
| </update> |
| <add> |
| Add support for specifying Java 17 (with the value <code>17</code>) as |
| the compiler source and/or compiler target for JSP compilation. If used |
| with an Eclipse JDT compiler version that does not support these values, |
| a warning will be logged and the latest supported version will used. |
| (markt) |
| </add> |
| <fix> |
| <bug>65377</bug>: Update the Java code generation for JSPs not to use |
| the boxed primitive constructors as they have been deprecated in Java 9 |
| and marked for future removal in Java 16. <code>valueOf()</code> is now |
| used instead. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <scode> |
| Refactor the <code>DigestAuthenticator</code> to reuse a shared |
| <code>SecureRandom</code> instance rather than create a new one to |
| generate the <code>cnonce</code> if required. (markt) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| <bug>65385</bug>: Correct the link in the documentation web application |
| the Maven Central repository. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <add> |
| Use JSign to integrate the build script with the code signing service to |
| enable release builds to be created on Linux as well as Windows. (markt) |
| </add> |
| <update> |
| Update the OWB module to Apache OpenWebBeans 2.0.23. (remm) |
| </update> |
| <update> |
| Update the CXF module to Apache CXF 3.4.4. (remm) |
| </update> |
| <fix> |
| <bug>65369</bug> / <pr>422</pr>: Add the additional |
| <code>--add-opens=...</code> options required for running Tomcat on Java |
| 16 onwards to the <code>service.bat</code> script to align it with the |
| other start-up scripts. PR provided by MCMicS. (markt) |
| </fix> |
| <update> |
| Update JUnit to version 4.13.2. (markt) |
| </update> |
| <update> |
| Update EasyMock to 4.3. (markt) |
| </update> |
| <update> |
| Update Objenesis to 3.2. (markt) |
| </update> |
| <update> |
| Update UnboundID to 6.0.0. (markt) |
| </update> |
| <update> |
| Update CheckStyle to 8.43. (markt) |
| </update> |
| <update> |
| Update SpotBugs to 4.2.3. (markt) |
| </update> |
| <update> |
| Update OSGi annotations to 1.1.0. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.7 (markt)" rtext="2021-06-15"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>65301</bug>: <code>RemoteIpValve</code> will now avoid getting |
| the local host name when it is not needed. (remm) |
| </fix> |
| <fix> |
| <bug>65308</bug>: NPE in JNDIRealm when no <code>userRoleAttribute</code> |
| is given. (fschumacher) |
| </fix> |
| <add> |
| <pr>412</pr>: Add commented out, sample users for the Tomcat Manager app |
| to the default <code>tomcat-users.xml</code> file. Based on a PR by |
| Arnaud Dagnelies. (markt) |
| </add> |
| <add> |
| <pr>418</pr>: Add a new option, <code>pass-through</code>, to the |
| default servlet's <code>useBomIfPresent</code> initialization parameter |
| that causes the default servlet to leave any BOM in place when |
| processing a static file and not to use the BOM to determine the |
| encoding of the file. Based on a pull request by Jean-Louis Monteiro. |
| (markt) |
| </add> |
| <fix> |
| <pr>419</pr>: When processing POST requests of type |
| <code>multipart/form-data</code> for parts without a filename that are |
| added to the parameter map in String form, check the size of the part |
| before attempting conversion to String. Pull request provided by |
| tianshuang. (markt) |
| </fix> |
| <fix> |
| AprLifecycleListener does not show dev version suffix for libtcnative |
| and libapr. (michaelo) |
| </fix> |
| <update> |
| Refactor principal handling in <code>UserDatabaseRealm</code> using |
| an inner class that extends <code>GenericPrincipal</code>. (remm) |
| </update> |
| <fix> |
| Enable the default <code>doHead()</code> implementation in |
| <code>HttpServlet</code> to correctly handle responses where the content |
| length needs to be represented as a long since it is larger than the |
| maximum value that can be represented by an int. (markt) |
| </fix> |
| <fix> |
| Avoid synchronization on roles verification for the memory |
| <code>UserDatabase</code>. (remm) |
| </fix> |
| <fix> |
| Fix the default <code>doHead()</code> implementation in |
| <code>HttpServlet</code> to correctly handle responses where the Servlet |
| calls <code>ServletResponse.reset()</code> and/or |
| <code>ServletResponse.resetBuffer()</code>. (markt) |
| </fix> |
| <fix> |
| Fix the default <code>doHead()</code> implementation in |
| <code>HttpServlet</code> to correctly handle responses generated using |
| the Servlet non-blocking API. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>65303</bug>: Fix a possible <code>NullPointerException</code> if |
| an error occurs on an HTTP/1.1 connection being upgraded to HTTP/2 or on |
| a pushed HTTP/2 stream. (markt) |
| </fix> |
| <update> |
| Simplify AprEndpoint socket bind for all platforms. (michaelo) |
| </update> |
| <fix> |
| <bug>65340</bug>: Add missing check for a negative return value for |
| <code>Hpack.decodeInteger</code> in the <code>HpackDecoder</code>, |
| which could cause a <code>NegativeArraySizeException</code> exception. |
| Submitted by Thomas, and verified the fix is present in the donated |
| hpack code in a further update. (remm) |
| </fix> |
| <add> |
| Add debug logging for HTTP/2 HPACK header decoding. (markt) |
| </add> |
| <fix> |
| Correct parsing of HTTP headers consisting of a list of tokens so that a |
| header with an empty token is treated consistently regardless of whether |
| the empty token is at the start, middle or end of the list of tokens. |
| (markt) |
| </fix> |
| <fix> |
| Remove support for the <code>identity</code> transfer encoding. The |
| inclusion of this encoding in RFC 2616 was an error that was corrected |
| in 2001. Requests using this transfer encoding will now receive a 501 |
| response. (markt) |
| </fix> |
| <fix> |
| Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1 |
| clients. (markt) |
| </fix> |
| <fix> |
| Ensure that if the transfer encoding header contains the |
| <code>chunked</code>, that the <code>chunked</code> encoding is the |
| final encoding listed. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <scode> |
| Review code used to generate Java source from JSPs and tags and remove |
| code found to be unnecessary. (markt) |
| </scode> |
| <scode> |
| Refactor use of internal <code>ChildInfo</code> class to use compile |
| time type checking rather than run time type checking. (markt) |
| </scode> |
| <fix> |
| <bug>65124</bug>: Partial fix. When generating Java source code to call |
| a tag handler, only define the local variable <code>JspWriter out</code> |
| when it is going to be used. (markt) |
| </fix> |
| <update> |
| Update the <code>web-fragment.xml</code> included in |
| <code>jasper.jar</code> and <code>jasper-el.jar</code> to use the |
| Servlet 5.0 schema. (markt) |
| </update> |
| <fix> |
| Update JspC to generate <code>web.xml</code> and |
| <code>web-fragment.xml</code> files using Servlet 5.0 schemas. (markt) |
| </fix> |
| <fix> |
| <bug>65358</bug>: Improve expression language method matching for |
| methods with varargs. Where multiple methods may match the provided |
| parameters, the method that requires the fewest varargs is preferred. |
| (markt) |
| </fix> |
| <add> |
| <bug>65332</bug>: Add a commented out section in |
| <code>catalina.policy</code> that provides the necessary permissions to |
| compile JSPs with javac when running on Java 9 onwards with a security |
| manager. It is commented out as it will cause errors if used with |
| earlier Java versions. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| <bug>65317</bug>: When using <code>permessage-deflate</code>, the |
| WebSocket connection was incorrectly closed if the uncompressed payload |
| size was an exact multiple of 8192. Based on a patch provided by Saksham |
| Verma. (markt) |
| </fix> |
| <update> |
| Update the <code>web-fragment.xml</code> included in |
| <code>tomcat-websocket.jar</code> to use the Servlet 5.0 schema. (markt) |
| </update> |
| <fix> |
| <bug>65342</bug>: Correct a regression introduced with the fix for |
| <bug>65262</bug> that meant Tomcat's WebSocket implementation would only |
| work with Tomcat's implementation of the Jakarta WebSocket API. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| Improve the description of the <code>maxConnections</code> and |
| <code>acceptCount</code> attributes in the Connector section of the |
| documentation web application. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <add> |
| Improvements to French translations. (remm) |
| </add> |
| <add> |
| Improvements to Korean translations. (woonsan) |
| </add> |
| <fix> |
| <bug>65362</bug>: Correct a regression in the previous release. The |
| change to create OSGi <code>Require-Capability</code> sections in |
| manifests for Jakarta API JARs manually rather than with bnd annotations |
| did not add the necessary manual entries to the embedded JARs. (markt) |
| </fix> |
| <update> |
| Update the packaged version of the Tomcat Native Library to 1.2.30. Also |
| update the minimum recommended version to 1.2.30. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.6 (markt)" rtext="2021-05-12"> |
| <subsection name="Catalina"> |
| <changelog> |
| <scode> |
| Expand coverage of unit tests for JNDIRealm using the UnboundID LDAP SDK |
| for Java. (markt) |
| </scode> |
| <fix> |
| <bug>65224</bug>: Ensure the correct escaping of attribute values and |
| search filters in the JNDIRealm. (markt) |
| </fix> |
| <fix> |
| <bug>65235</bug>: Add missing attributes to the MBean descriptor file |
| for the <code>RemoteIpValve</code>. (markt) |
| </fix> |
| <fix> |
| <bug>65244</bug>: HandlesTypes should include classes that use |
| the specified annotation types on fields or methods. (remm) |
| </fix> |
| <fix> |
| <bug>65251</bug>: Correct a regression introduced in 10.0.3 that meant |
| that the auto-deployment process may attempt a second, concurrent |
| deployment of a web application that is being deployed by the Manager |
| resulting in one of the deployments failing and errors being reported. |
| (markt) |
| </fix> |
| <fix> |
| Improve the <code>SSLValve</code> so it is able to handle escaped |
| client certificate headers from Nginx. Based on a patch by Florent |
| Guillaume. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Ensure that all HTTP requests that contain an invalid character in the |
| protocol component of the request line are rejected with a 400 response |
| rather than some requests being rejected with a 505 response. (markt) |
| </fix> |
| <fix> |
| When generating the error message for an HTTP request with an invalid |
| request line, ensure that all the available data is included in the |
| error message. (markt) |
| </fix> |
| <fix> |
| <bug>65272</bug>: Restore the optional HTTP feature that allows |
| <code>LF</code> to be treated as a line terminator for the request line |
| and/or HTTP headers lines as well as the standard <code>CRLF</code>. |
| This behaviour was previously removed as a side-effect of the fix for |
| CVE-2020-1935. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <scode> |
| Review code used to generate Java source from JSPs and tags and remove |
| code found to be unnecessary. (markt) |
| </scode> |
| <update> |
| <code><servlet></code> entries in web.xml that include a |
| <code><jsp-file></code> element and a negative |
| <code><load-no-startup></code> element that is not the default |
| value of <code>-1</code> will no longer be loaded at start-up. This |
| makes it possible to define a <code><jsp-file></code> that will |
| not be loaded at start-up. (markt) |
| </update> |
| <fix> |
| Allow the JSP configuration option |
| <code>useInstanceManagerForTags</code> to be used with Tags that are |
| implemented as inner classes. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <scode> |
| Refactor the way Tomcat passes path parameters to POJO end points to |
| simplify the code. (markt) |
| </scode> |
| <fix> |
| <bug>65262</bug>: Refactor the creation of WebSocket end point, decoder |
| and encoder instances to be more IoC friendly. Instances are now created |
| via the <code>InstanceManager</code> where possible. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| <bug>65235</bug>: Correct name of <code>changeLocalName</code> in the |
| documentation for the <code>RemoteIpValve</code>. (markt) |
| </fix> |
| <fix> |
| <bug>65265</bug>: Avoid getting the boot classpath when it is not |
| available in the Manager diagnostics. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| Create OSGi <code>Require-Capability</code> sections in manifests for |
| Jakarta API JARs manually rather than via the |
| <code>aQute.bnd.annotation.spi.ServiceConsumer</code> annotation as this |
| triggers TCK failures for downstream consumers of the API JARs. (markt) |
| </fix> |
| <update> |
| Update the packaged version of the Tomcat Native Library to 1.2.28. |
| (markt) |
| </update> |
| <update> |
| Update the OWB module to Apache OpenWebBeans 2.0.22. (remm) |
| </update> |
| <update> |
| Update the CXF module to Apache CXF 3.4.3. (remm) |
| </update> |
| <fix> |
| <bug>65218</bug>: Update the version number shown on the left-hand |
| banner of the Tomcat installer for Windows to Apache Tomcat 10. (markt) |
| </fix> |
| <fix> |
| Move <code>SystemPropertySource</code> to be a regular class to allow |
| more precise configuration if needed. The system property source will |
| still always be enabled. (remm) |
| </fix> |
| <add> |
| Improvements to Chinese translations. Provided by bytesgo. (mark) |
| </add> |
| <add> |
| Improvements to French translations. (remm) |
| </add> |
| <add> |
| Improvements to Korean translations. (woonsan) |
| </add> |
| <update> |
| Update the version of the Tomcat Migration Tool for Jakarta EE used to |
| provide automatic deployment for Java EE applications to 1.0.0. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.5 (markt)" rtext="2021-04-06"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Avoid NPE when a JNDI reference cannot be resolved in favor of a |
| NamingException. (remm) |
| </fix> |
| <fix> |
| Avoid using reflection for setting properties on the webapp |
| classloader. Based on a patch submitted by Romain Manni-Bucau. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Improve consistency of OpenSSL error stack handling in the TLS engine, |
| and log all errors found as debug. (remm) |
| </fix> |
| <fix> |
| Ensure that HTTP/2 streams are only recycled once as multiple attempts |
| to recycle an HTTP/2 stream may result in |
| <code>NullPointerException</code>s. (markt) |
| </fix> |
| <scode> |
| Simplify the closing on an HTTP/2 stream when an error condition is |
| present. (markt) |
| </scode> |
| <fix> |
| <bug>64771</bug>: Prevent concurrent calls to |
| <code>ServletInputStream.isReady()</code> corrupting the input buffer. |
| (markt) |
| </fix> |
| <fix> |
| <bug>65179</bug>: Ensure that the connection level flow control window |
| from the client to the server is updated when handling DATA frames |
| received for completed streams else the flow control window may become |
| exhausted. (markt) |
| </fix> |
| <fix> |
| <bug>65203</bug>: Fix a regression introduced in 10.0.4 that meant that |
| an error during an asynchronous read broke all future asynchronous reads |
| associated with the same request instance. (markt) |
| </fix> |
| <fix> |
| Disable keep-alive when inconsistent content delimitation is present in |
| a request. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| Include the new <code>org.apache.jasper.optimizations</code> package in |
| the list of OSGi exported packages for the Jasper embedded JAR. Patch |
| provided by Sokratis Zappis. (markt) |
| </fix> |
| <add> |
| Add a new option for the <code>trimSpaces</code> configuration. |
| <code>extended</code> will attempt to remove leading and trailing |
| whitespace from template text and collapse sequences of whitespace and |
| newlines within template text into a single new line. Based on a pull |
| request by kamnani. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <add> |
| Implement the first phase of reproducible builds. Sequential builds on |
| the same machine now produce identical output provided that the Ant |
| property <code>ant.tstamp.now.iso</code> is set. The minimum required |
| Ant version is now 1.9.10. (markt) |
| </add> |
| <add> |
| Improvements to Chinese translations. Provided by Ruan Wenjun. (mark) |
| </add> |
| <add> |
| Improvements to French translations. (remm) |
| </add> |
| <add> |
| Improvements to Japanese translations. Provided by kfujino and |
| Shirayuking. (markt) |
| </add> |
| <add> |
| Improvements to Korean translations. (woonsan) |
| </add> |
| <update> |
| Update the packaged version of the Tomcat Native Library to 1.2.27. |
| (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.4 (markt)" rtext="2021-03-10"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Fix rename operation throwing an exception during the webapp migration |
| process. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.3 (markt)" rtext="not released"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Revert an incorrect fix for a potential resource leak that broke |
| deployment via the Ant deploy task. (markt) |
| </fix> |
| <fix> |
| Improve error message for failed ConfigurationSource lookups in the |
| Catalina implementation. (remm) |
| </fix> |
| <fix> |
| <bug>65135</bug>: Rename Context method |
| <code>isParallelAnnotationScanning</code> to |
| <code>getParallelAnnotationScanning</code> for consistency and ease |
| of use in JMX descriptors. (remm) |
| </fix> |
| <update> |
| Allow the loader to directly use the Tomcat Migration Tool for JakartaEE |
| as a <code>ClassFileTransformer</code> using the |
| <code>jakartaConverter</code> attribute. This only supports javax to |
| jakarta conversion for classes, not for classloader resources or |
| static files. (remm) |
| </update> |
| <add> |
| Integrate the Tomcat Migration Tool for JakartaEE at deployment time. |
| Java EE web applications placed in the <code>webapps-javaee</code> |
| directory will be migrated to Jakarta EE 9 and placed in the |
| <code>webapps</code> where it will be deployed (or not) based on the |
| current settings for automatic deployment. (markt) |
| </add> |
| <fix> |
| <bug>64938</bug>: Align the behaviour when <code>null</code> is passed |
| to the <code>ServletResponse</code> methods |
| <code>setCharacterEncoding()</code>, <code>setContentType()</code> and |
| <code>setLocale()</code> with the recent clarification from the Jakarta |
| Servlet project of the expected behaviour in these cases. (markt) |
| </fix> |
| <fix> |
| Ensure that the <code>AsyncListener.onError()</code> event is triggered |
| when a I/O error occurs during non-blocking I/O. There were some cases |
| discovered where this was not happening. (markt) |
| </fix> |
| <add> |
| Make the non-blocking I/O error handling more robust by handling the |
| case where the application code swallows an <code>IOException</code> in |
| <code>WriteListener.onWritePossible()</code> and |
| <code>ReadListener.onDataAvailable()</code>. (markt) |
| </add> |
| <fix> |
| Correct syntax error in output of <code>JsonErrorReportValve</code>. |
| Pull request provided by Viraj Kanwade. (markt) |
| </fix> |
| <scode> |
| Make the <code>StandardContext.postWorkDirectory()</code> protected |
| rather than private to help users wishing to customise the default |
| work directory behaviour. (markt) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <add> |
| <bug>64943</bug>: Add support for Unix Domain Sockets to |
| <code>org.apache.coyote.http11.Http11AprProtocol</code>. Depends on |
| <code>tomcat-native</code> 1.2.26 and up. (minfrin) |
| </add> |
| <fix> |
| <bug>65118</bug>: Fix a potential <code>NullPointerException</code> when |
| pruning closed HTTP/2 streams from the connection. (markt) |
| </fix> |
| <fix> |
| Avoid NullPointerException when a secure channel is closed before the |
| SSL engine was initialized. (remm) |
| </fix> |
| <fix> |
| Ensure that the <code>ReadListener</code>'s <code>onError()</code> event |
| is triggered if the client closes the connection before sending the |
| entire request body and the server is ready the request body using |
| non-blocking I/O. (markt) |
| </fix> |
| <fix> |
| <bug>65137</bug>: Ensure that a response is not corrupted as well as |
| incomplete if the connection is closed before the response is fully |
| written due to a write timeout. (markt) |
| </fix> |
| <fix> |
| Related to bug <bug>65131</bug>, make sure all errors from OpenSSL are |
| fully cleared, as there could be more than one error present after |
| an operation (confirmed in the OpenSSL API documentation). (remm) |
| </fix> |
| <fix> |
| Make handling of OpenSSL read errors more robust when plain text data is |
| reported to be available to read. (markt) |
| </fix> |
| <fix> |
| Correct handling of write errors during non-blocking I/O to ensure that |
| the associated <code>AsyncContext</code> was closed down correctly. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| Remove the restriction that prevented the Manager web application |
| deploying different web applications in parallel. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <update> |
| Update the OWB module to Apache OpenWebBeans 2.0.21. (remm) |
| </update> |
| <update> |
| Update the CXF module to Apache CXF 3.4.2. (remm) |
| </update> |
| <add> |
| Improvements to French translations. (remm) |
| </add> |
| <add> |
| Improvements to Korean translations. (woonsan) |
| </add> |
| <add> |
| Improvements to Brazilian Portuguese translations. Provided by Thiago. |
| (mark) |
| </add> |
| <add> |
| Improvements to Russian translations. Provided by Azat. (mark) |
| </add> |
| <add> |
| Improvements to Chinese translations. Provided by shawn. (mark) |
| </add> |
| <update> |
| Update to bnd 5.3.0. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.2 (markt)" rtext="2021-02-02"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>65106</bug>: Fix the ConfigFileLoader handling of file URIs when |
| running under a security manager on some JREs. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Ensure that SNI provided host names are matched to SSL virtual host |
| configurations in a case insensitive manner. (markt) |
| </fix> |
| <fix> |
| <bug>65111</bug>: Free direct memory buffers in the APR connector. |
| (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.1 (markt)" rtext="not released"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>60781</bug>: Escape elements in the access log that need to be |
| escaped for the access log to be parsed unambiguously. |
| (fschumacher/markt) |
| </fix> |
| <add> |
| <bug>64110</bug>: Add support for additional TLS related request |
| attributes that provide details of the protocols and ciphers requested |
| by a client in the initial TLS handshake. (markt) |
| </add> |
| <add> |
| Let the <code>RemoteCIDRValve</code> inherit from |
| <code>RequestFilterValve</code> and support all of its features. |
| Especially add support for connector specific configuration |
| using <code>addConnectorPort</code>. (rjung) |
| </add> |
| <add> |
| Add <code>peerAddress</code> to coyote request, which contains |
| the IP address of the direct connection peer. If a reverse proxy |
| sits in front of Tomcat and the protocol used is AJP or HTTP |
| in combination with the <code>RemoteIp(Valve|Filter)</code>, |
| the peer address might differ from the <code>remoteAddress</code>. |
| The latter then contains the address of the client in front of the |
| reverse proxy, not the address of the proxy itself. |
| Support for the peer address has been added to the |
| RemoteAddrValve and RemoteCIDRValve with the new attribute |
| <code>usePeerAddress</code>. This can be used to restrict access |
| to Tomcat based on the reverse proxy IP address, which is especially |
| useful to harden access to AJP connectors. The peer address can also |
| be logged in the access log using the new <code>%{peer}a</code> |
| syntax. (rjung) |
| </add> |
| <fix> |
| Avoid uncaught InaccessibleObjectException on Java 16 trying to clear |
| references threads. (remm) |
| </fix> |
| <fix> |
| <bug>65033</bug>: Fix JNDI realm error handling when connecting to a |
| failed server when pooling was not enabled. (remm) |
| </fix> |
| <fix> |
| <bug>65047</bug>: If the <code>AccessLogValve</code> is unable to open |
| the access log file, include information on the current user in the |
| associated log message (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Additional fix for <bug>64830</bug> to address an edge case that could |
| trigger request corruption with h2c connections. (markt) |
| </fix> |
| <fix> |
| <bug>64974</bug>: Improve handling of pipelined HTTP requests in |
| combination with the Servlet non-blocking IO API. It was possible that |
| some requests could get dropped. (markt) |
| </fix> |
| <add> |
| Add support for using Unix domain sockets for NIO when running |
| on Java 16 or later. This uses NIO specific |
| <code>unixDomainSocketPath</code> and |
| <code>unixDomainSocketPathPermissions</code> attributes. |
| Based on a PR submitted by Graham Leggett. (remm) |
| </add> |
| <fix> |
| <bug>65001</bug>: Fix error handling for exceptions thrown from calls |
| to <code>ReadListener</code> and <code>WriteListener</code>. (markt) |
| </fix> |
| <fix> |
| Avoid possible infinite loop in <code>OpenSSLEngine.unwrap</code> |
| when the destination buffers state is changed concurrently. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <add> |
| Add a new <code>StringInterpreter</code> interface that allows |
| applications to provide customised string attribute value to type |
| conversion within JSPs. This allows applications to provide a conversion |
| implementation that is optimised for the application. (markt) |
| </add> |
| <fix> |
| <bug>64965</bug>: <code>JspContextWrapper.findAttribute</code> should |
| ignore expired sessions rather than throw an |
| <code>IllegalStateException</code>. (remm) |
| </fix> |
| <update> |
| Update to the Eclipse JDT compiler 4.18. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| <bug>65007</bug>: Clarify that the commands shown in the TLS |
| documentation for importing a signed TLS certificate from a certificate |
| authority are typical examples that may need to be adjusted in some |
| cases. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Tribes"> |
| <changelog> |
| <fix> |
| Work around DNS caching for the DNS provider of the cloud membership. |
| (jfclere) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <add> |
| Improvements to Chinese translations. Provided by leeyazhou and Yi Shen. |
| (markt) |
| </add> |
| <add> |
| Improvements to French translations. (remm) |
| </add> |
| <add> |
| Improvements to Korean translations. (woonsan) |
| </add> |
| <update> |
| Update the packaged version of the Tomcat Native Library to 1.2.26. |
| (markt) |
| </update> |
| <add> |
| Update the internal fork of Apache Commons Pool to 2.9.1-SNAPSHOT |
| (2021-01-15). (markt) |
| </add> |
| <add> |
| Update the internal fork of Apache Commons DBCP to 2.9.0-SNAPSHOT |
| (2021-01-15). (markt) |
| </add> |
| <update> |
| Migrate to new code signing service. (markt) |
| </update> |
| <scode> |
| Use <code>java.nio.file.Path</code> to test for one directory being a |
| sub-directory of another in a consistent way. (markt) |
| </scode> |
| <update> |
| Update to Commons Daemon 1.2.4. (markt) |
| </update> |
| <add> |
| Improvements to Brazilian Portuguese translations. Provided by Rual |
| Zaninetti Rosa and Lucas. (markt) |
| </add> |
| <add> |
| Improvements to Russian translations. Provided by Polina and Azat. |
| (markt) |
| </add> |
| <update> |
| Update the NSIS Installer used to build the Windows installer to version |
| 3.06.1. (kkolinko) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.0 (markt)" rtext="2020-12-08"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>56181</bug>: Update the RemoteIpValve and RemoteIpFilter so that |
| calls to <code>ServletRequest.getRemoteHost()</code> are consistent with |
| the return value of <code>ServletRequest.getRemoteAddr()</code> rather |
| than always returning a value for the proxy. (markt) |
| </fix> |
| <fix> |
| <bug>56890</bug>: Align the behaviour of |
| <code>ServletContext.getRealPath(String path)</code> with the recent |
| clarification from the Servlet specification project. If the path |
| parameter does not start with <code>/</code> then Tomcat processes the |
| call as if <code>/</code> is appended to the beginning of the |
| provided path. (markt) |
| </fix> |
| <add> |
| <bug>64080</bug>: Enhance the graceful shutdown feature. Includes a new |
| option for <code>StandardService</code>, |
| <code>gracefulStopAwaitMillis</code>, that allows a time to be |
| specified to wait for client connections to complete and close before |
| the Container hierarchy is stopped. (markt) |
| </add> |
| <fix> |
| <bug>64921</bug>: Ensure that the <code>LoadBalancerDrainingValve</code> |
| uses the correct setting for the secure attribute for any session |
| cookies it creates. Based on a pull request by Andreas Kurth. (markt) |
| </fix> |
| <fix> |
| <bug>64947</bug>: Don't assume that the <code>Upgrade</code> header has |
| been set on the <code>HttpServletResponse</code> before any call is made |
| to <code>HttpServletRequest.upgrade()</code>. (markt) |
| </fix> |
| <fix> |
| Ensure that values are not duplicated when manipulating the vary header. |
| Based on a pull request by Fredrik Fall. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <update> |
| The APR/Native Connectors for both HTTP and AJP have been deprecated and |
| will be removed in Apache Tomcat 10.1.x onwards. (markt) |
| </update> |
| <fix> |
| <bug>64944</bug>: Ensure that the bytesSent metric is correctly updated |
| when compression is enabled. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| <bug>64951</bug>: Fix a potential file descriptor leak when WebSocket |
| connections are attempted and fail. Patch provided by Maurizio Adami. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| Correct a regression in the addition of the HTTP header security filter |
| to the examples web application that prevented the Servlet examples that |
| depend on the asynchronous API from functioning correctly. |
| (kkolinko/markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Tribes"> |
| <changelog> |
| <scode> |
| Start all core threads when starting the receiver and dispatch |
| interceptor. (kfujino) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <update> |
| Update the OWB module to Apache OpenWebBeans 2.0.20. (remm) |
| </update> |
| <update> |
| Update the CXF module to Apache CXF 3.4.1. (remm) |
| </update> |
| <add> |
| <bug>64931</bug>: Implement validation of <code>changelog.xml</code> |
| file at build time. (kkolinko) |
| </add> |
| <update> |
| Update to Maven Ant Resolver Tasks 1.3.0. (markt) |
| </update> |
| <fix> |
| <bug>62695</bug>: Provide SHA-256 and SHA-512 checksums for files |
| published via Maven. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.0-M10 (markt)" rtext="2020-11-19"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>55559</bug>: Add a new attribute, <code>localJndiResource</code>, |
| that allows a UserDatabaseRealm to obtain a UserDatabase instance from |
| the local (web application) JNDI context rather than the global JNDI |
| context. This option is only useful when the Realm is defined on the |
| Context. (markt) |
| </fix> |
| <fix> |
| <bug>64805</bug>: Correct imports used by <code>JMXProxyServlet</code>. |
| (markt) |
| </fix> |
| <fix> |
| Fix JNDIRealm pooling problems retrying on another bad connection. Any |
| retries are made on a new connection, just like with the single |
| connection scenario. Also remove all connections from the pool after |
| an error. (remm) |
| </fix> |
| <fix> |
| Remove the entry for |
| <code>org.apache.tomcat.util.descriptor.tld.LocalStrings</code> |
| from tomcat-embed-core's GraalVM tomcat-resource.json. It no more part |
| of the jar since |
| <a href="https://github.com/apache/tomcat/commit/3815b4951eb3acd30a0b77aafa75fbdb928d5782"> |
| Fix unwanted JPMS dependency of embed-core on embed-jasper</a>. |
| (mgrigorov) |
| </fix> |
| <fix> |
| Add <code>org.apache.coyote.http11.Http11Nio2Protocol</code> to the list |
| of classes which could be instantiated via reflection in GraalVM. |
| (mgrigorov) |
| </fix> |
| <add> |
| Add <code>JsonErrorReportValve</code> that extends the |
| <code>ErrorReportValve</code> that returns response as JSON instead of |
| HTML. (kfujino) |
| </add> |
| <add> |
| Add GraalVM config for Tomcat JNI related classes. This makes it |
| possible to use the APR protocol in GraalVM native images. |
| To use it add the following to the native-image arguments: |
| <code>-H:JNIConfigurationResources=META-INF/native-image/org.apache.tomcat.embed/tomcat-embed-core/tomcat-jni.json</code> |
| (mgrigorov) |
| </add> |
| <fix> |
| JNDIRealm connections should only be created with the container |
| classloader as the thread context classloader, just like for the JAAS |
| realm. (remm) |
| </fix> |
| <add> |
| <bug>64871</bug>: Log a warning if Tomcat blocks access to a file |
| because it uses symlinks. (markt) |
| </add> |
| <update> |
| Rename <code>JDBCStore</code> to <code>DataSourceStore</code> |
| and remove bottlenecks for database backed session store. Legacy JDBC |
| driver configuration is no longer supported. Patch submitted by |
| Philippe Mouawad. (remm) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Refactor the HTTP/2 window update handling for padding in data frames to |
| ensure that the connection window is correctly updated after a data |
| frame with zero length padding is received. (markt) |
| </fix> |
| <fix> |
| Fix processing of URIs with %nn encoded solidus characters when |
| <code>encodedSolidusHandling</code> was set to <code>passthrough</code> |
| and the encoded solidus was preceded by other %nn encoded characters. |
| Based on a pull request by willmeck. (markt) |
| </fix> |
| <fix> |
| <bug>63362</bug>: Add collection of statistics for HTTP/2, WebSocket and |
| connections upgraded via the HTTP upgrade mechanism. (markt) |
| </fix> |
| <fix> |
| Restore exception catch around Poller.events, as it would cause |
| the NIO poller thread to exit. This is a regression caused when |
| the Poller.events method was refactored. (remm) |
| </fix> |
| <add> |
| Provide messages for some <code>SocketTimeoutException</code> instances |
| that did not have one. (markt) |
| </add> |
| <fix> |
| Avoid most of the thread pool use during NIO2 socket accept. Patch |
| submitted by Anil Gursel. (remm) |
| </fix> |
| <add> |
| Add additional debug logging for I/O issues when communicating with the |
| user agent. (markt) |
| </add> |
| <fix> |
| <bug>64830</bug>: Fix concurrency issue in HPACK decoder. (markt) |
| </fix> |
| <fix> |
| Fix a concurrency issue in the NIO connector that could cause newly |
| created connections to be removed from the poller. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>64784</bug>: Don't include the time the Java file was generated as |
| a comment when generating Java files for JSPs and/or tags if the Java |
| file was created during pre-compilation. This is to aid repeatable |
| builds. (markt) |
| </fix> |
| <fix> |
| <bug>64794</bug>: Security exception reading system property on |
| JspRuntimeLibrary use. (remm) |
| </fix> |
| <add> |
| Add support for specifying Java 16 (with the value <code>16</code>) as |
| the compiler source and/or compiler target for JSP compilation. If used |
| with an ECJ version that does not support these values, a warning will |
| be logged and the latest supported version will used. (markt) |
| </add> |
| <update> |
| Update to the Eclipse JDT compiler 4.17. (markt) |
| </update> |
| <fix> |
| <bug>64849</bug>: Correct JPMS metadata for the Jakarta Expression |
| Language JARs to provide missing ServiceLoader information. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| <bug>64848</bug>: Fix a variation of this memory leak when a write I/O |
| error occurs on a non-container thread. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| <bug>64799</bug>: Added missing resources to host-manager web app. (isapir) |
| </fix> |
| <fix> |
| <bug>64797</bug>: Align manager.xml template file in Host-Manager with |
| context.xml of real Manager web application. (isapir) |
| </fix> |
| <add> |
| Configure the examples web applications to set |
| <code>SameSite=strict</code> for all cookies, including session cookies, |
| created by the application. (markt) |
| </add> |
| <add> |
| Configure the examples, Manager and Host Manager to use the HTTP header |
| security filter with default settings apart from no HSTS header. Based |
| on a suggestion by Debangshu Kundu. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <add> |
| Improvements to French translations. (remm) |
| </add> |
| <add> |
| Improvements to Korean translations. (woonsan) |
| </add> |
| <add> |
| Improvements to Russian translations. Provided by Azat. (markt) |
| </add> |
| <fix> |
| <bug>64870</bug>: Update to bnd 5.3.0-SNAPSHOT to work around a |
| <a href="https://bugs.openjdk.java.net/browse/JDK-8255854">JRE bug</a>. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.0-M9 (markt)" rtext="2020-10-09"> |
| <subsection name="Catalina"> |
| <changelog> |
| <update> |
| The health check valve will now check the state of its associated |
| containers to report availability. (remm) |
| </update> |
| <fix> |
| Fix race condition when saving and recycling session in |
| <code>PersistentValve</code>. (kfujino) |
| </fix> |
| <update> |
| Remove the JDBCRealm. (markt) |
| </update> |
| <fix> |
| Correct numerous spellings throughout the code base. Based on a pull |
| request from John Bampton. (markt) |
| </fix> |
| <fix> |
| <bug>64715</bug>: Add PasswordValidationCallback to the Jakarta |
| Authentication implementation. Patch provided by Robert Rodewald. |
| (markt) |
| </fix> |
| <update> |
| Allow using the utility executor for annotation scanning. Patch |
| provided by Jatin Kamnani. (remm) |
| </update> |
| <fix> |
| <bug>64751</bug>: Correct the JPMS module descriptor so the embedded |
| JARs may be used with JPMS. (markt) |
| </fix> |
| <fix> |
| When performing an incremental build, ensure bnd does not create |
| unwanted JPMS dependencies between embedded JARs. (markt) |
| </fix> |
| <update> |
| Add a bloom filter to speed up archive lookup and improve deployment |
| speed of applications with a large number of JARs. Patch |
| provided by Jatin Kamnani. (remm) |
| </update> |
| <fix> |
| Throw <code>SQLException</code> instead of |
| <code>NullPointerException</code> when failing to connect to the |
| database. (kfujino) |
| </fix> |
| <fix> |
| <bug>64735</bug>: Ensure that none of the methods on a |
| <code>ServletContext</code> instance always fail when running under a |
| SecurityManager. Pull request provided by Kyle Stiemann. (markt) |
| </fix> |
| <fix> |
| <bug>64765</bug>: Ensure that the number of currently processing threads |
| is tracked correctly when a web application is undeployed, long running |
| requests are being processed and |
| <code>renewThreadsWhenStoppingContext</code> is enabled for the web |
| application. (markt) |
| </fix> |
| <add> |
| Improve the error messages when running under JPMS without the necessary |
| options to enable reflection required by the memory leak prevention / |
| detection code. (markt) |
| </add> |
| <fix> |
| When estimating the size of a resource in the static resource cache, |
| include a specific allowance for the path to the resource. Based on a |
| pull request by blueSky1825821. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Do not send an HTTP/2 PING frame to measure round-trip time when it is |
| known that the HTTP/2 connection is not in a good state. (markt) |
| </fix> |
| <fix> |
| Ensure HTTP/2 timeouts are processed for idle connections. (markt) |
| </fix> |
| <fix> |
| <bug>64743</bug>: Correct a regression introduced in 10.0.0-M7 that |
| caused a <code>Connection: close</code> header to be added to the |
| response if the Connector was configured with |
| <code>maxSwallowSize=-1</code>. (markt) |
| </fix> |
| <fix> |
| When logging HTTP/2 debug messages, use consistent formatting for stream |
| identifiers. (markt) |
| </fix> |
| <fix> |
| Correct some double counting in the code that tracks the number of |
| in-flight asynchronous requests. The tracking enables Tomcat to shutdown |
| gracefully when asynchronous processing is in use. (markt) |
| </fix> |
| <fix> |
| Improve the error handling for the HTTP/2 connection preface when the |
| Connector is configured with <code>useAsyncIO="true"</code>. |
| (markt) |
| </fix> |
| <fix> |
| Refactor the handling of closed HTTP/2 streams to reduce the heap usage |
| associated with used streams and to retain information for more streams |
| in the priority tree. (markt) |
| </fix> |
| <fix> |
| Don't send the Keep-Alive response header if the connection has been |
| explicitly closed. (markt) |
| </fix> |
| <fix> |
| <bug>64710</bug>: Avoid a <code>BufferOverflowException</code> if an |
| HTTP/2 connection is closed while the parser still has a partial HTTP/2 |
| frame in the input buffer. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| Use lazy instantiation to improve the performance when working with |
| listeners added to the <code>ELContext</code>. Pull request provided by |
| Thomas Andraschko. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <add> |
| Configure the Manager and Host Manager web applications to set |
| <code>SameSite=strict</code> for all cookies, including session cookies, |
| created by the application. (markt) |
| </add> |
| <fix> |
| Update the Manager How-To in the documentation web application to |
| clarify when a user may wish to deploy additional instances of the |
| Manager web application. (markt) |
| </fix> |
| <fix> |
| <bug>64774</bug>: Review references to Tomcat 9 in the documentation |
| web application and remove them or update them to refer to Tomcat 10 as |
| appropriate. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <update> |
| Update to Commons Daemon 1.2.3. This adds support to jsvc for |
| <code>--enable-preview</code> and native memory tracking (Procrun |
| already supported these features), adds some additional debug logging and |
| adds a new feature to Procrun that outputs the command to (re-)configure |
| the service with the current settings. (markt) |
| </update> |
| <add> |
| When building, only rebuild JAR files (including OSGi and JPMS metadata) |
| if the contents has changed. (markt) |
| </add> |
| <add> |
| Improvements to Chinese translations. Pull request provided by Yang |
| Yang. (markt) |
| </add> |
| <add> |
| Expand coverage of Russian translations. Pull request provided by |
| Nikolay Gribanov. (markt) |
| </add> |
| <update> |
| Update the OWB module to Apache OpenWebBeans 2.0.18. (remm) |
| </update> |
| <update> |
| Update the CXF module to Apache CXF 3.4.0. (remm) |
| </update> |
| <fix> |
| Fix running service.bat when called from <code>$CATALINA_HOME</code>. |
| (markt) |
| </fix> |
| <fix> |
| Complete the fix for <bug>63815</bug>. Users wishing to use system |
| properties that require quoting with <code>catalina.sh</code> and the |
| <code>debug</code> option must use a JRE that includes the fix for <a |
| href="https://bugs.openjdk.java.net/browse/JDK-8234808">JDK-8234808</a>. |
| (markt) |
| </fix> |
| <add> |
| Improvements to Chinese translations. Provided by leeyazhou. (markt) |
| </add> |
| <add> |
| Improvements to Czech translations. Provided by Dušan Hlaváč and Arnošt |
| Havelka. (markt) |
| </add> |
| <add> |
| Improvements to French translations. (remm) |
| </add> |
| <add> |
| Improvements to Korean translations. (woonsan) |
| </add> |
| <add> |
| Improvements to Spanish translations. Provided by Andrewlanecarr. |
| (markt) |
| </add> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.0-M8 (markt)" rtext="2020-09-14"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>64582</bug>: Pre-load the <code>CoyoteOutputStream</code> class to |
| prevent a potential exception when running under a security manager. |
| Patch provided by Johnathan Gilday. (markt) |
| </fix> |
| <fix> |
| <bug>64593</bug>: If a request is not matched to a Context, delay |
| issuing the 404 response to give the rewrite valve, if configured, an |
| opportunity to rewrite the request. (remm/markt) |
| </fix> |
| <fix> |
| Change top package name for generated embedded classes to avoid |
| conflict with default host name on case insensitive filesystems. |
| (remm) |
| </fix> |
| <fix> |
| Add missing code generation for remaining digester rules. (remm) |
| </fix> |
| <update> |
| Add a dedicated loader for generated code to avoid dynamic class |
| loading. (remm) |
| </update> |
| <add> |
| Refactor the Default servlet to provide a single method that can be |
| overridden (<code>generateETag()</code>) should a custom entity tag |
| format be required. (markt) |
| </add> |
| <fix> |
| Improve the validation of entity tags provided with conditional |
| requests. Requests with headers that contain invalid entity tags will be |
| rejected with a 400 response code. Improve the matching algorithm used |
| to compare entity tags in conditional requests with the entity tag for |
| the requested resource. Based on a pull request by Sergey Ponomarev. |
| (markt) |
| </fix> |
| <fix> |
| Correct the description of the storage format for salted hashes in the |
| Javadoc for <code>MessageDigestCredentialHandler</code> and refactor the |
| associated code for clarity. |
| Based on a patch provided by Milo van der Zee. (markt) |
| </fix> |
| <fix> |
| Correct the path validation to allow the use of the file system root for |
| the <code>docBase</code> attribute of a <code>Context</code>. Note that |
| such a configuration should be used with caution. (markt) |
| </fix> |
| <add> |
| Added filtering expression for requests that are not supposed to use |
| session in <code>PersistentValve</code>. (kfujino) |
| </add> |
| <fix> |
| Use the correct method to calculate session idle time in |
| <code>PersistentValve</code>. (kfujino) |
| </fix> |
| <fix> |
| Fix path used by the health check valve when it is not associated with |
| a <code>Context</code>. (remm) |
| </fix> |
| <fix> |
| <bug>64712</bug>: The JASPIC authenticator now checks the |
| <code>ServerAuthModule</code> for |
| <code>jakarta.servlet.http.authType</code> and, if present, uses the |
| value provided. Based on a patch by Robert Rodewald. (markt) |
| </fix> |
| <fix> |
| <bug>64713</bug>: The JASPIC authenticator now checks the value of |
| <code>jakarta.servlet.http.registerSession</code> set by the |
| <code>ServerAuthModule</code> when deciding whether or nor to register |
| the session. Based on a patch by Robert Rodewald. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <add> |
| <bug>57661</bug>: For requests containing the |
| <code>Expect: 100-continue</code> header, add optional support to delay |
| sending an intermediate 100 status response until the servlet reads the |
| request body, allowing the servlet the opportunity to respond without |
| asking for the request body. Based on a pull request by malaysf. (markt) |
| </add> |
| <fix> |
| Remove deprecated <code>CookieProcessor.generateHeader</code> method. |
| (remm) |
| </fix> |
| <fix> |
| Refactor the implementation of |
| <code>ServletInputStream.available()</code> to provide a more accurate |
| return value, particularly when end of stream has been reached. (markt) |
| </fix> |
| <fix> |
| Refactor the stopping of the acceptor to ensure that the acceptor thread |
| stops when a connector is started immediately after it is stopped. |
| (markt) |
| </fix> |
| <fix> |
| <bug>64614</bug>: Improve compatibility with FIPS keystores. When a FIPS |
| keystore is configured and the keystore contains multiple keys, the |
| alias attribute will be ignored and the key used will be implementation |
| dependent. (jfclere) |
| </fix> |
| <fix> |
| <bug>64621</bug>: Improve handling HTTP/2 stream reset frames received |
| from clients. (markt) |
| </fix> |
| <fix> |
| <bug>64660</bug>: Avoid a potential NPE in the AprEndpoint if a socket |
| is closed in one thread at the same time as the poller is processing an |
| event for that socket in another. (markt) |
| </fix> |
| <fix> |
| <bug>64671</bug>: Avoid several potential NPEs introduced in the changes |
| in the previous release to reduce the memory footprint of closed HTTP/2 |
| streams. (markt) |
| </fix> |
| <fix> |
| Refactor the HTTP/2 implementation to more consistently return a stream |
| closed error if errors occur after a stream has been reset by the |
| client. (markt) |
| </fix> |
| <fix> |
| Improve handling of HTTP/2 stream level flow control errors and notify |
| the stream immediately if it is waiting for an allocation when the flow |
| control error occurs. (markt) |
| </fix> |
| <fix> |
| Ensure that window update frames are sent for HTTP/2 connections to |
| account for DATA frames containing padding including when the associated |
| stream has been closed. (markt) |
| </fix> |
| <fix> |
| Ensure that window update frames are sent for HTTP/2 connections and |
| streams to account for DATA frames containing zero-length padding. |
| (markt) |
| </fix> |
| <fix> |
| <bug>64710</bug>: Revert the changes to reduce the memory footprint of |
| closed HTTP/2 streams as they triggered multiple regressions in the form |
| of <code>NullPointerException</code>s. (markt) |
| </fix> |
| <fix> |
| Ensure that the HTTP/2 overhead protection check is performed after |
| each HTTP/2 frame is processed. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| Requests received via proxies may be marked as using the <code>ws</code> |
| or <code>wss</code> protocol rather than <code>http</code> or |
| <code>https</code>. Ensure that such requests are not rejected. PR |
| provided by Ronny Perinke. (markt) |
| </fix> |
| <fix> |
| <bug>64848</bug>: Fix a potential issue where the write lock for a |
| WebSocket connection may not be released if an exception occurs during |
| the write. (markt) |
| </fix> |
| <add> |
| <bug>64644</bug>: Add support for a read idle timeout and a write idle |
| timeout to the WebSocket session via custom properties in the user |
| properties instance associated with the session. Based on a pull request |
| by sakshamverma. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| Remove the localization of the text output of the Manager application |
| list of contexts and the Host Manager application list of hosts so that |
| the output is more consistent. PR provided by Holomark. (markt) |
| </fix> |
| <fix> |
| Clean-up / standardize the XSL files used to generate the documentation. |
| PR provided by John Bampton. (markt) |
| </fix> |
| <fix> |
| <bug>62723</bug>: Clarify the effects of some options for cluster |
| <code>channelSendOptions</code>. Patch provided by Mitch Claborn. |
| (schultz) |
| </fix> |
| <fix> |
| Remove the out of date functional specification section from the |
| documentation web application. (markt) |
| </fix> |
| <fix> |
| Extracted CSS styles from the Manager we application for better code |
| maintenance and replaced the GIF logo with SVG. (isapir) |
| </fix> |
| <add> |
| Add document for <code>PersistentValve</code>. (kfujino) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| Correct a regression in the fix for <bug>64540</bug> and include |
| <code>org.apache.tomcat.util.modeler.modules</code> and |
| <code>org.apache.tomcat.util.net.jsse</code> in the list of exported |
| packages. (markt) |
| </fix> |
| <fix> |
| Remove the local copy of the <code>javax.transaction.xa</code> package |
| which is only used during compilation. The package is provided by the |
| JRE from Java 1.4 onwards so the local copy should be unnecessary. |
| (markt) |
| </fix> |
| <fix> |
| Rename the local copy of the <code>javax.xml.ws</code> package to |
| <code>jakarta.xml.ws</code>. (markt) |
| </fix> |
| <add> |
| Improve the quality of the Japanese translations provided with Apache |
| Tomcat. Includes contributions from Yuki Shira. (markt) |
| </add> |
| <fix> |
| <bug>64645</bug>: Use a non-zero exit code if the |
| <code>service.bat</code> does not complete normally. (markt) |
| </fix> |
| <add> |
| Update the internal fork of Apache Commons BCEL to 6.5.0. Code clean-up |
| only. (markt) |
| </add> |
| <add> |
| Update the internal fork of Apache Commons Codec to 53c93d0 (2020-08-18, |
| 1.15-SNAPSHOT). Code clean-up. (markt) |
| </add> |
| <add> |
| Update the internal fork of Apache Commons FileUpload to c25a4e3 |
| (2020-08-26, 2.0-SNAPSHOT). Code clean-up and RFC 2231 support. (markt) |
| </add> |
| <add> |
| Update the internal fork of Apache Commons Pool to 2.8.1. Code clean-up |
| and improved abandoned pool handling. (markt) |
| </add> |
| <add> |
| Update the internal fork of Apache Commons DBCP to 6d232e5 (2020-08-11, |
| 2.8.0-SNAPSHOT). Code clean-up various bug fixes. (markt) |
| </add> |
| <update> |
| Update the packaged version of the Tomcat Native Library to 1.2.25. |
| (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.0-M7 (markt)" rtext="2020-07-05"> |
| <subsection name="Catalina"> |
| <changelog> |
| <add> |
| Remove the error message on start if <code>java.io.tmpdir</code> is |
| missing and add an explicit error message on application deployment when |
| the sole feature that depends on it (anti-resource locking) is |
| configured and can't be used. (markt) |
| </add> |
| <update> |
| Implement a significant portion of the TLS environment variables for |
| the rewrite valve. (remm) |
| </update> |
| <add> |
| Add the Jakarta EE 9 schema. (markt) |
| </add> |
| <fix> |
| <bug>64506</bug>: Correct a potential race condition in the resource |
| cache implementation that could lead to |
| <code>NullPointerException</code>s during class loading. (markt) |
| </fix> |
| <add> |
| Add <code>application/wasm</code> to the media types recognised by |
| Tomcat. Based on a PR by Thiago Henrique Hüpner. (markt) |
| </add> |
| <fix> |
| Fix a bug in <code>HttpServlet</code> so that a <code>405</code> |
| response is returned for an HTTP/2 request if the mapped servlet does |
| implement the requested method rather than the more general |
| <code>400</code> response. (markt) |
| </fix> |
| <add> |
| Add generated classes using Tomcat embedded as an optional replacement |
| for the Catalina configuration files. (remm) |
| </add> |
| <fix> |
| <bug>64541</bug>: Refactor the DTD used to validate |
| <code>mbeans-descriptors.xml</code> files to avoid issues when XML |
| entity expansion is limited or disabled. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <add> |
| Include a <code>Connection: close</code> HTTP header when committing a |
| response and it is known that the <code>maxSwallowSize</code> limit is |
| going to be exceeded. (markt) |
| </add> |
| <fix> |
| <bug>64509</bug>: Correctly parse RFC 2109 version 1 cookies that use a |
| comma as a separator between cookies when using the RFC 6265 cookie |
| processor. Based on a patch by W J Carpenter. (markt) |
| </fix> |
| <fix> |
| Fix the utility code that converted IPv6 addresses to a canonical form |
| to correctly handle input addresses that ended with a pair of colons. |
| Based on a patch by syarramsetty-skyhook. (markt) |
| </fix> |
| <fix> |
| Correctly parse RFC 2109 version 1 cookies that have additional linear |
| white space around cookie attribute names and values when using the RFC |
| 6265 cookie processor. (markt) |
| </fix> |
| <fix> |
| Once an HTTP/2 stream has been closed, ensure that the code that cleans |
| up references that are no longer required is called. (markt) |
| </fix> |
| <fix> |
| Reduce the memory footprint of closed HTTP/2 streams. (markt) |
| </fix> |
| <fix> |
| Ensure that the HTTP/1.1 processor is correctly recycled when a direct |
| connection to h2c is made. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <update> |
| Update the JSP document validation to permit <code>3.0</code> as a valid |
| version attribute for the <code><jsp-root></code> element. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| <bug>64560</bug>: Refactor the replication of a changed session ID for a |
| replicated session so that the list of changes associated with the |
| session is not reset when the session ID changes. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| <bug>64563</bug>: Add additional validation of payload length for |
| WebSocket messages. (markt) |
| </fix> |
| <fix> |
| Correct the calculation of payload length when four or more bytes are |
| required to represent the payload length. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web Applications"> |
| <changelog> |
| <update> |
| Update all web applications to use the Jakarta EE 9 schema for web.xml. |
| (markt) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| Fix incorrect version format in OSGi manifests. Patch provided by |
| Raymond Augé. (markt) |
| </fix> |
| <fix> |
| <bug>64513</bug>: Remove bndlib from dependencies as it is not required. |
| Pull request provided by Raymond Augé. (markt) |
| </fix> |
| <fix> |
| <bug>64515</bug>: Bnd files don't need to be filtered (save some work). |
| Pull request provided by Raymond Augé. (markt) |
| </fix> |
| <update> |
| Update the OWB module to Apache OpenWebBeans 2.0.17. (remm) |
| </update> |
| <fix> |
| <bug>64514</bug>: Fixes some missing class dependency issues in bootstrap |
| to address packaging/dependency concerns for JPMS and OSGi. Pull request |
| provided by Raymond Augé. (markt) |
| </fix> |
| <fix> |
| <bug>64521</bug>: Avoid moving i18n translations into classes dir since |
| they are packaged into separate jars. Pull request provided by Raymond |
| Augé. (markt) |
| </fix> |
| <fix> |
| <bug>64522</bug>: Package jars in effective dependency order. Pull |
| request provided by Raymond Augé. (markt) |
| </fix> |
| <fix> |
| Store common build details in a shared build-defaults.bnd. Pull |
| request provided by Raymond Augé. (markt) |
| </fix> |
| <fix> |
| <bug>64532</bug>: Update to bnd 5.1.1. Pull request provided by Raymond |
| Augé. (markt) |
| </fix> |
| <fix> |
| <bug>64540</bug>: Switch from bndwrap task to bnd task, begin generating |
| a better manifest and make sure the resulting jar contents are correct. |
| Pull request provided by Raymond Augé. (markt) |
| </fix> |
| <fix> |
| <bug>64544</bug>: Add built libs to the bnd classpath for introspection. |
| Pull request provided by Raymond Augé. (markt) |
| </fix> |
| <add> |
| Improve the quality and expand the coverage of the French translations |
| provided with Apache Tomcat. (remm) |
| </add> |
| <fix> |
| <bug>64548</bug>: Generate JPMS metadata. (rotty3000) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.0-M6 (markt)" rtext="2020-06-07"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>64432</bug>: Correct a refactoring regression that broke handling |
| of multi-line configuration in the RewriteValve. Patch provided by Jj. |
| (markt) |
| </fix> |
| <fix> |
| Fix use of multiple parameters when defining RewriteMaps. |
| (remm/fschumacher) |
| </fix> |
| <update> |
| Add the special internal rewrite maps for case modification and |
| escaping. (remm/fschumacher) |
| </update> |
| <fix> |
| Correct a regression in an earlier fix that broke the loading of |
| configuration files such as keystores via URIs on Windows. (markt) |
| </fix> |
| <fix> |
| Implement a few rewrite SSL env that correspond to Servlet request |
| attributes. (remm) |
| </fix> |
| <update> |
| <bug>64442</bug>: Be more flexible with respect to the ordering of |
| groups, roles and users in the <code>tomcat-users.xml</code> file. |
| (fschumacher) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <update> |
| Add support for ALPN on recent OpenJDK 8 releases. (remm) |
| </update> |
| <fix> |
| <bug>64467</bug>: Improve performance of closing idle HTTP/2 streams. |
| (markt) |
| </fix> |
| <update> |
| Expose server certificate through the <code>SSLSupport</code> |
| interface. (remm) |
| </update> |
| <add> |
| <bug>64483</bug>: Log a warning if an AJP request is rejected because it |
| contains an unexpected request attribute. (markt) |
| </add> |
| <fix> |
| <bug>64485</bug>: Fix possible resource leak getting last modified from |
| <code>ConfigurationSource.Resource</code>. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <update> |
| Update the Jakarta Server Pages API implementation to align with |
| specification updates to use generics and add missing |
| <code>@Deprecated</code> annotations. (markt) |
| </update> |
| <fix> |
| <bug>64488</bug>: Ensure that the ImportHandler from the Expression |
| Language API is able to load classes from the Java runtime when running |
| under a SecurityManager. Based on a patch by Volodymyr Siedleck. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <add> |
| Add default implementations for <code>init()</code> and |
| <code>destroy()</code> to the <code>Encoder</code> and |
| <code>Decoder</code> interfaces. (markt) |
| </add> |
| <fix> |
| Consistently throw a <code>DeploymentException</code> when an invalid |
| endpoint path is specified and catch invalid endpoint paths earlier. |
| (markt) |
| </fix> |
| <add> |
| Include the target URL in the log message when a WebSocket connection |
| fails. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <update> |
| Update the list of known <code>Charset</code>s in the |
| <code>CharsetCache</code> to include <code>ISO-8859-16</code>, added in |
| OpenJDK 15. (markt) |
| </update> |
| <add> |
| Improve the quality and expand the coverage of the French translations |
| provided with Apache Tomcat. (remm) |
| </add> |
| <add> |
| <bug>64430</bug>: Add support for the <code>CATALINA_OUT_CMD</code> |
| environment variable that defines a command to which captured stdout and |
| stderr will be redirected. Patch provided by Harald Dunkel. (markt) |
| </add> |
| <update> |
| Switch from the unsupported Maven Ant Tasks to the supported Maven |
| Resolver Ant Tasks to upload artifacts to the ASF Maven repository (and |
| from there to Maven Central). (markt) |
| </update> |
| <update> |
| Update dependency on bnd to 5.1.0. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.0-M5 (markt)" rtext="2020-05-11"> |
| <subsection name="Catalina"> |
| <changelog> |
| <update> |
| Remove <code>useAprConnector</code> flag from |
| <code>AprLifecycleListener</code> so that the only way to use the APR |
| connectors is to set the full class name. (remm) |
| </update> |
| <add> |
| <bug>59203</bug>: Before calling <code>Thread.stop()</code> (if |
| configured to do so) on a web application created thread that is not |
| stopped by the web application when the web application is stopped, try |
| interrupting the thread first. Based on a pull request by Govinda |
| Sakhare. (markt) |
| </add> |
| <fix> |
| <bug>62912</bug>: Don't mutate an application provided content header if |
| it does not contain a charset. Also remove the outdated workaround for |
| the buggy Adobe Reader 9 plug-in for IE. (markt) |
| </fix> |
| <scode> |
| Remove the <code>reloadable</code> attribute from the |
| <code>Loader</code> interface as it is duplicated on the |
| <code>Context</code> interface. (markt) |
| </scode> |
| <fix> |
| Reduce reflection use and remove AJP specific code in the Connector. |
| (remm/markt/fhanik) |
| </fix> |
| <fix> |
| Rework the fix for <bug>64021</bug> to better support web applications |
| that use a custom class loader that loads resources from non-standard |
| locations. (markt) |
| </fix> |
| <update> |
| Remove redundant sole path/URI from error page message on SC_NOT_FOUND. |
| (michaelo) |
| </update> |
| <add> |
| Log a warning if a <code>CredentialHandler</code> instance is added to |
| an instance of the <code>CombinedRealm</code> (or a sub-class) as the |
| <code>CombinedRealm</code> doesn't use a configured |
| <code>CredentialHandler</code> and it is likely that a configuration |
| error has occurred. (markt) |
| </add> |
| <add> |
| Add more descriptive error message in DefaultServlet for SC_NOT_FOUND. |
| (michaelo) |
| </add> |
| <fix> |
| <bug>64309</bug>: Improve the regular expression used to search for |
| class loader repositories when bootstrapping Tomcat. Pull request |
| provided by Paul Muriel Biya-Bi. (markt) |
| </fix> |
| <fix> |
| <bug>64384</bug>: Fix multipart configuration ignoring some parameters |
| in some cases. (schultz) |
| </fix> |
| <add> |
| <bug>64386</bug>: WebdavServlet does not send "getlastmodified" |
| property for resource collections. (michaelo) |
| </add> |
| <update> |
| Remove reason phrase on WebDAV Multi-Status (207) response. (michaelo) |
| </update> |
| <fix> |
| <bug>64398</bug>: Change default value separator for property |
| replacement to <code>:-</code> due to possible conflicts. The |
| syntax is now <code>${name:-default}</code>. (remm) |
| </fix> |
| <add> |
| Improve validation of storage location when using FileStore. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Move <code>SocketProperties</code> mbean to its own type rather than |
| use a subType to improve robustness with tools. (remm) |
| </fix> |
| <fix> |
| Include the problematic data in the error message when reporting that |
| the provided request line contains an invalid component. (markt) |
| </fix> |
| <fix> |
| Improve the handling of requests that use an expectation. Do not disable |
| keep-alive where the response has a non-2xx status code but the request |
| body has been fully read. (rjung/markt) |
| </fix> |
| <fix> |
| <bug>64403</bug>: Ensure that compressed HTTP/2 responses are not sent |
| with a content length header appropriate for the original, uncompressed |
| response. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <update> |
| Remove redundant sole path/URI from error page message on SC_NOT_FOUND. |
| (michaelo) |
| </update> |
| <add> |
| Add more descriptive error message in DefaultServlet for SC_NOT_FOUND. |
| (michaelo) |
| </add> |
| <fix> |
| <bug>64373</bug>: When a tag file is packaged in a WAR and then that WAR |
| is unpacked in <code>/WEB-INF/classes</code> ensure that the tag file |
| can still be found. Patch provided by Karl von Randow. (markt) |
| </fix> |
| <fix> |
| Ensure that the Jasper code that interfaces with the Eclipse Compiler |
| for Java (ECJ) enables Jasper to compile JSPs using ECJ 4.14 onwards |
| when the JSPs have inner classes. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <update> |
| Refactor Tribes BufferPool and add the |
| <code>org.apache.catalina.tribes.io.BufferPool.DEFAULT_POOL_SIZE</code> |
| system property to configure its size. (remm) |
| </update> |
| <update> |
| Remove java.io based Tribes receiver and sender, in favor of NIO which |
| was the default. (remm) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| Fix the saving of a Context configuration file via the scripting |
| interface of the Manager web application. (markt) |
| </fix> |
| <add> |
| Add a section to the TLS Connector documentation on different key store |
| types and how to configure them. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <update> |
| Update JUnit to version 4.13. (markt) |
| </update> |
| <fix> |
| Add missing entries to test class path in sample NetBeans configuration |
| files. Patch provided by Brian Burch. (markt) |
| </fix> |
| <scode> |
| Refactor to use parameterized <code>Collection</code> constructors where |
| possible. Pull request provided by Lars Grefer. (markt) |
| </scode> |
| <scode> |
| Refactor to use empty arrays with <code>Collections.toArray()</code>. |
| Pull request provided by Lars Grefer. (markt) |
| </scode> |
| <scode> |
| Refactor loops with a condition to exit as soon as the condition is met. |
| Pull request provided by Lars Grefer. (markt) |
| </scode> |
| <scode> |
| Refactor bulk addition to collections to use <code>addAll()</code> |
| rather than a loop. Pull request provided by Lars Grefer. (markt) |
| </scode> |
| <add> |
| Expand the coverage of the Chinese translations provided with Apache |
| Tomcat. Contributions provided by winsonzhao, ZhangJieWen and Lee |
| Yazhou. (markt) |
| </add> |
| <add> |
| Improve the quality and expand the coverage of the French translations |
| provided with Apache Tomcat. (remm) |
| </add> |
| <add> |
| Improve the quality of the Japanese translations provided with Apache |
| Tomcat. Includes contributions from Yoshy. (markt) |
| </add> |
| <add> |
| Improve the quality of the German translations provided with Apache |
| Tomcat. (markt) |
| </add> |
| <update> |
| Update the packaged version of the Tomcat Native Library to 1.2.24. |
| (markt) |
| </update> |
| <scode> |
| Refactor to use enhanced for loops where possible. Pull request by Lars |
| Grefer. (markt) |
| </scode> |
| <add> |
| Improve IDE support for IntelliJ IDEA. Patch provided by Lars Grefer. |
| (markt) |
| </add> |
| <add> |
| Improve the coverage and quality of the Korean translations provided |
| with Apache Tomcat. (woonsan) |
| </add> |
| <update> |
| Update dependency on bnd to 5.0.1. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.0-M4 (markt)" rtext="2020-04-08"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Ensure all URL patterns provided via web.xml are %nn decoded |
| consistently using the encoding of the web.xml file where specified and |
| UTF-8 where no explicit encoding is specified. (markt) |
| </fix> |
| <update> |
| Allow a comma separated list of class names for the |
| <code>org.apache.tomcat.util.digester.PROPERTY_SOURCE</code> |
| system property. (remm) |
| </update> |
| <fix> |
| <bug>64149</bug>: Avoid NPE when using the access log valve without |
| a pattern. (remm) |
| </fix> |
| <fix> |
| <bug>64226</bug>: Reset timezone after parsing a date since the date |
| format is reused. Test case submitted by Gary Thomas. (remm) |
| </fix> |
| <fix> |
| <bug>64247</bug>: Using a wildcard for <code>jarsToSkip</code> should |
| not override a possibly present <code>jarsToScan</code>. Based on code |
| submitted by Iridias. (remm) |
| </fix> |
| <update> |
| Refactor DefaultServlet to avoid using an internal Range structure that |
| is duplicated from the parsing result. (remm) |
| </update> |
| <update> |
| Remove |
| <code>org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH</code> |
| system property, replaced by the <code>allowBackslash</code> attribute |
| on the Connector. (remm) |
| </update> |
| <update> |
| Remove |
| <code>org.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER</code> |
| system property, replaced by the |
| <code>enforceEncodingInGetWriter</code> attribute on the Connector. |
| (remm) |
| </update> |
| <update> |
| Remove |
| <code>org.apache.catalina.session.StandardSession.ACTIVITY_CHECK</code> |
| system property, replaced by the <code>sessionActivityCheck</code> attribute |
| on the Manager. (remm) |
| </update> |
| <update> |
| Remove |
| <code>org.apache.catalina.session.StandardSession.LAST_ACCESS_AT_START</code> |
| system property, replaced by the |
| <code>sessionLastAccessAtStart</code> attribute on the Manager. (remm) |
| </update> |
| <update> |
| Remove |
| <code>org.apache.catalina.core.StandardHostValve.ACCESS_SESSION</code> |
| system property, replaced by the |
| <code>alwaysAccessSession</code> attribute on the Context. (remm) |
| </update> |
| <update> |
| Remove |
| <code>org.apache.catalina.core.ApplicationContext.GET_RESOURCE_REQUIRE_SLASH</code> |
| system property, replaced by the |
| <code>contextGetResourceRequiresSlash</code> attribute on the Context. (remm) |
| </update> |
| <update> |
| Remove |
| <code>org.apache.catalina.core.ApplicationDispatcher.WRAP_SAME_OBJECT</code> |
| system property, replaced by the |
| <code>dispatcherWrapsSameObject</code> attribute on the Context. (remm) |
| </update> |
| <fix> |
| <bug>64265</bug>: Fix ETag comparison performed by the default servlet. |
| The default servlet always uses weak comparison. (markt) |
| </fix> |
| <update> |
| Remove |
| <code>org.apache.catalina.authenticator.Constants.SSO_SESSION_COOKIE_NAME</code> |
| system property, replaced by the |
| <code>cookieName</code> attribute on the SSO valve. (remm) |
| </update> |
| <fix> |
| Add support for default values when using <code>${...}</code> property |
| replacement in configuration files. Based on a pull request provided by |
| Bernd Bohmann. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| When closing a NIO channel, avoid canceling keys as a workaround for |
| deadlocks when running on Java 11. Excessive internal NIO |
| synchronization on channel close is resolved starting with this |
| Java version. (remm) |
| </fix> |
| <add> |
| When configuring an HTTP Connector, ensure that the encoding specified |
| for <code>URIEncoding</code> is a superset of US-ASCII as required by |
| RFC7230. (markt) |
| </add> |
| <fix> |
| Avoid always retrieving the NIO poller selection key when processing |
| to reduce sync. (remm) |
| </fix> |
| <fix> |
| <bug>64240</bug>: Ensure that HTTP/0.9 requests that contain additional |
| data on the request line after the URI are treated consistently. Such |
| requests will now always be treated as HTTP/1.1. (markt) |
| </fix> |
| <add> |
| Expose the HTTP/2 connection ID and stream ID to applications via the |
| request attributes <code>org.apache.coyote.connectionID</code> and |
| <code>org.apache.coyote.streamID</code> respectively. (markt) |
| </add> |
| <add> |
| Replace the system property |
| <code>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</code> |
| with the Connector attribute <code>encodedSolidusHandling</code> that |
| adds an additional option to pass the <code>%2f</code> sequence through |
| to the application without decoding it in addition to rejecting such |
| sequences and decoding such sequences. (markt) |
| </add> |
| <add> |
| Expose the associated <code>HttpServletRequest</code> to the |
| <code>CookieProcessor</code> when generating a cookie header so the |
| header can be tailored based on the properties of the request, such as |
| the user agent, if required. Based on a patch by Lazar Kirchev. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <update> |
| Update to the Eclipse JDT compiler 4.15. (markt) |
| </update> |
| <add> |
| Add support for specifying Java 14 (with the value <code>14</code>) and |
| Java 15 (with the value <code>15</code>) as the compiler source and/or |
| compiler target for JSP compilation. If used with an ECJ version that |
| does not support these values, a warning will be logged and the latest |
| supported version will used. (markt) |
| </add> |
| <update> |
| Remove Jasper configuration using system properties and replace them |
| by a new set of JSP Servlet init parameters. (remm) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| Correct the documentation web application to remove references to the |
| <code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> system |
| property changing the default for the <code>URIEncoding</code> attribute |
| of the Connector. (markt) |
| </fix> |
| <fix> |
| Correct the documentation web application to remove references to the |
| <code>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</code> |
| system property changing how the sequence <code>%5c</code> is |
| interpreted in a URI. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Tribes"> |
| <changelog> |
| <scode> |
| Remove support for the deprecated system property |
| <code>org.apache.catalina.tribes.dns_lookups</code>. The default value |
| of <code>false</code> will now always be used. (markt) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <add> |
| Improve the quality and expand the coverage of the French translations |
| provided with Apache Tomcat. Contribution provided by Tom Bens. (remm) |
| </add> |
| <add> |
| Expand the coverage of the Chinese translations provided with Apache |
| Tomcat. Contribution provided by Lee Yazhou. (markt) |
| </add> |
| <fix> |
| <bug>64270</bug>: Set the documented default umask of <code>0027</code> |
| when using jsvc via <code>daemon.sh</code> and allow the umask used to |
| be configured via the <code>UMASK</code> environment variable as it is |
| when using <code>catalina.sh</code>. (markt) |
| </fix> |
| <update> |
| Update the OWB module to Apache OpenWebBeans 2.0.16. (remm) |
| </update> |
| <update> |
| Update the CXF module to Apache CXF 3.3.6. (remm) |
| </update> |
| <fix> |
| Remove the <code>LOGGING_CONFIG</code> environment variable and |
| replace it with the <code>CATALINA_LOGGING_CONFIG</code> environment |
| variable to avoid clashes with other components that use |
| <code>LOGGING_CONFIG</code>. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.0-M3 (markt)" rtext="2020-03-16"> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>64202</bug>: Use a loop on NIO blocking reads, as it is possible |
| zero bytes are produced by a network read. (markt/remm) |
| </fix> |
| <fix> |
| <bug>64210</bug>: Correct a regression in the improvements to HTTP |
| header validation that caused requests to be incorrectly treated as |
| invalid if a <code>CRLF</code> sequence was split between TCP packets. |
| Improve validation of request lines, including for HTTP/0.9 requests. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| <bug>64206</bug>: Correct a regression introduced in 10.0.0-M1 that |
| meant that the HTTP port specified when using the Windows Installer was |
| ignored and 8080 was always used. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.0-M2 (markt)" rtext="not released"> |
| <subsection name="Catalina"> |
| <changelog> |
| <scode> |
| Refactor <code>HttpServlet.doOptions()</code> to improve performance. |
| (markt) |
| </scode> |
| <update> |
| Disable StandardManager session persistence by default. It can be |
| enabled back in <code>context.xml</code>. (remm) |
| </update> |
| <add> |
| Add extension point to DeltaSession to improve subclassing. |
| Patch provided by ThStock. (schultz) |
| </add> |
| <fix> |
| <bug>64153</bug>: Ensure that the parent for the web application class |
| loader is set consistently. (markt) |
| </fix> |
| <fix> |
| <bug>64166</bug>: Ensure that the names returned by |
| <code>HttpServletResponse.getHeaderNames()</code> are unique. (markt) |
| </fix> |
| <scode> |
| Rename <code>org.apache.tomcat.util.digester.Digester$EnvironmentPropertySource</code> |
| to |
| <code>org.apache.tomcat.util.digester.EnvironmentPropertySource</code>. |
| Patch provided by Bernd Bohmann. (markt) |
| </scode> |
| <fix> |
| <bug>63286</bug>: Resolve inconsistencies with access log valve. This |
| changes the element API to use a nanosecond resolution elapsed time |
| argument. (remm) |
| </fix> |
| <add> |
| Add new attribute <code>persistAuthentication</code> to both |
| <code>StandardManager</code> and <code>PersistentManager</code> to |
| support authentication persistence. Patch provided by Carsten Klein. |
| (markt) |
| </add> |
| <fix> |
| <bug>64184</bug>: Avoid repeated log messages if a |
| <code>MemoryUserDatabase</code> is configured but the specified |
| configuration file is missing. (markt) |
| </fix> |
| <add> |
| <bug>64189</bug>: Expose the web application version String as a |
| <code>ServletContext</code> attribute named |
| <code>org.apache.catalina.webappVersion</code>. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Fix support of native jakarta servlet attributes in AJP connector. |
| (remm) |
| </fix> |
| <update> |
| <bug>56966</bug>: Add use of System.nanoTime to track request |
| execution time. (remm) |
| </update> |
| <fix> |
| <bug>64141</bug>: If using a CA certificate, remove a default value |
| for the truststore file when not using a JSSE configuration. (remm) |
| </fix> |
| <fix> |
| Improve robustness of OpenSSLEngine shutdown. Based on code submitted |
| by Manuel Dominguez Sarmiento. (remm) |
| </fix> |
| <fix> |
| Add the TLS request attributes used by IIS to the attributes that an AJP |
| Connector will always accept. (markt) |
| </fix> |
| <fix> |
| A zero length AJP secret will now behave as if it has not been |
| specified. (remm) |
| </fix> |
| <fix> |
| <bug>64188</bug>: If an error occurs while committing or flushing the |
| response when using a multiplexing protocol like HTTP/2 that requires |
| the channel to be closed but not the connection, just close the channel |
| and allow the other channels using the connection to continue. Based on |
| a suggestion from Alejandro Anadon. (markt) |
| </fix> |
| <fix> |
| Correct the semantics of <code>getEnableSessionCreation</code> and |
| <code>setEnableSessionCreation</code> for <code>OpenSSLEngine</code>. |
| Pull request provided by Alexander Scheel. (markt) |
| </fix> |
| <fix> |
| <bug>64192</bug>: Correctly handle case where unread data is returned to |
| the read buffer when the read buffer is non empty. Ensure a gathering |
| TLS read stops once the provided ByteBuffers are full or no more data is |
| available. (markt) |
| </fix> |
| <fix> |
| Allow async requests to complete cleanly when the Connector is paused |
| before <code>complete()</code> is called on a container thread. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| Allow configuring the <code>DNSMembershipProvider</code> using the |
| <code>dns</code> alias. Submitted by Bernd Bohmann. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <add> |
| Expand the documentation for the <code>address</code> attribute of the |
| AJP Connector and document that the AJP Connector also supports the |
| <code>ipv6v6only</code> attribute with the APR/Native implementation. |
| (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <update> |
| Update the OWB module to Apache OpenWebBeans 2.0.15. (remm) |
| </update> |
| <update> |
| Update the CXF module to Apache CXF 3.3.5. (remm) |
| </update> |
| <add> |
| Expand the coverage of the Korean translations provided with Apache |
| Tomcat. Contributions provided by B. Cansmile Cha. (markt) |
| </add> |
| <add> |
| Expand the coverage of the French translations provided with Apache |
| Tomcat. (remm) |
| </add> |
| <add> |
| <bug>64190</bug>: Add support for specifying milliseconds (using |
| <code>S</code>, <code>SS</code> or <code>SSS</code>) in the timestamp |
| used by JULI's <code>OneLineFormatter</code>. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 10.0.0-M1 (markt)" rtext="2020-02-20"> |
| <subsection name="General"> |
| <changelog> |
| <scode> |
| This release contains all of the changes upto and including those in |
| Apache Tomcat 9.0.31 plus the additional changes listed below. (markt) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <update> |
| Refactor recycle facade system property into a new connector attribute |
| named <code>discardFacades</code> and enable it by default. (remm) |
| </update> |
| <update> |
| Update to Jakarta Servlet 5.0, Jakarta Server Pages 3.0. Jakarta |
| Expression Language 4.0, Jakarta WebSocket 2.0, Jakarta Authentication |
| 2.0 and Jakarta Annotations 2.0. (markt) |
| </update> |
| <update> |
| Remove GenericPrincipal.getPassword. The credentials should remain |
| managed by the realm. (remm) |
| </update> |
| <update> |
| Add connection pooling to JNDI realm. (remm) |
| </update> |
| <update> |
| Use <code><request-character-encoding></code> and |
| <code><response-character-encoding></code> in |
| <code>conf/web.xml</code> to set the default request and response |
| character encodings to UTF-8. (markt) |
| </update> |
| <fix> |
| Store config compatibility with HostWebXmlCacheCleaner listener. (remm) |
| </fix> |
| <fix> |
| Modify the <code>RewriteValve</code> to use |
| <code>ServletRequest.getServerName()</code> to populate the |
| <code>HTTP_HOST</code> variable rather than extracting it from the |
| <code>Host</code> header as this allows HTTP/2 to be supported. (markt) |
| </fix> |
| <fix> |
| Switch Tomcat embedded to loading MIME type mappings from a property |
| file generated from the default <code>web.xml</code> so the MIME type |
| mappings are consistent regardless of how Tomcat is started. (markt) |
| </fix> |
| <fix> |
| Missing store config attributes for Resources elements. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <update> |
| Update endpoint cache sizes defaults. (remm) |
| </update> |
| <update> |
| Remove unused NIO blocking selector. (remm) |
| </update> |
| <add> |
| When using an AJP Connector, convert Java Servlet specific request |
| attributes to the Jakarta Servlet equivalent. (markt) |
| </add> |
| <add> |
| When reporting / logging invalid HTTP headers encode any non-printing |
| characters using the 0xNN form. (markt) |
| </add> |
| <update> |
| Remove duplication of HTTP/1.1 configuration on the HTTP/2 |
| UpgradeProtocol element. Configuration from the main Connector element |
| will now be used. (remm) |
| </update> |
| <fix> |
| When the NIO or APR/native connectors were configured with |
| <code>useAsyncIO="true"</code> and a zero length read or write was |
| performed, the read/write would time out rather than return immediately. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <scode> |
| Parameterize JSP version and API class names in localization messages to |
| allow simpler re-use between major versions. (markt) |
| </scode> |
| <fix> |
| Ensure that TLD files listed in the <code>jsp-config</code> section of |
| <code>web.xml</code> that are registered in the |
| <code>uriTldResourcePathMap</code> with the URI specified in |
| <code>web.xml</code> are also registered with the URI in the TLD file if |
| it is different. Patch provided by Markus Lottmann. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| Fix cloud environment lookup order and add a dedicated |
| <code>DNS_MEMBERSHIP_SERVICE_NAME</code> environment for use with the |
| DNS membership provider. Submitted by Bernd Bohmann. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| <bug>53620</bug>: JULI now only creates logging files when there is a |
| log entry to write. Based on a patch by Karol Bucek. (markt) |
| </fix> |
| <fix> |
| Update implemented specification version information in a few places |
| where it has not been updated for Jakarta EE 9. (markt) |
| </fix> |
| <add> |
| Expand the coverage of the French translations provided with Apache |
| Tomcat. (remm) |
| </add> |
| <add> |
| Expand the coverage of the Chinese translations provided with Apache |
| Tomcat. Contribution provided by BoltzmannWxd. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| </section> |
| </body> |
| </document> |