Google Git
Sign in
apache / tomcat55 / 0268ce4a9939b5c52181fdce9e399b18a7d1d14f / . / container / webapps / docs / changelog.xml
blob: 7eb294c124a19792d77f7988ad50ae85ccd8b349 [file] [log] [blame]
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE document [
<!ENTITY project SYSTEM "project.xml">
]>
<?xml-stylesheet type="text/xsl" href="tomcat-docs.xsl"?>
<document url="changelog.html">
&project;
<properties>
<author email="remm@apache.org">Remy Maucherat</author>
<author email="yoavs@apache.org">Yoav Shapira</author>
<author email="fhanik@apache.org">Filip Hanik</author>
<author email="pero@apache.org">Peter Rossbach</author>
<author email="kkolinko@apache.org">Konstantin Kolinko</author>
<author email="kfujino@apache.org">Keiichi Fujino</author>
<author email="jim@apache.org">Jim Jagielski</author>
<author email="mturk@apache.org">Mladen Turk</author>
<title>Changelog</title>
</properties>
<body>
<!-- Section names:
General, Catalina, Coyote, Jasper, Cluster, Webapps
-->
<section name="Tomcat 5.5.34 (jim)" rtext="">
<subsection name="General">
<changelog>
<fix>
<bug>51550</bug>: Display error page rather than an empty response for an IllegalStateException
</fix>
<fix>
<bug>33262</bug>: When using the Windows installer, the monitor is now
auto-started for the current user rather than all users to be consistent
with menu item creation. (markt)
</fix>
<fix>
<bug>40510</bug>: Provide an option within the Windows installer to
create menu entries for the current user or all users. (markt)
</fix>
<fix>
<bug>50949</bug>: Add the ability to specify the AJP port and the
shutdown port when using the Windows installer. (markt)
</fix>
<fix>
<bug>51135</bug>: Fix auto-detection of JAVA_HOME for 64-bit Windows
platforms that only have a 32-bit JVM installed when using the Windows
installer. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>27988</bug>: Improve reporting of missing files. (markt)
</fix>
<fix>
<bug>28852</bug>: Add URL encoding where missing to parameters in URLs
presented by Ant tasks to the Manager application. Based on a patch by
Stephane Bailliez. (mark)
</fix>
<fix>
<bug>41179</bug>: Return 404 rather than 400 for requests to the ROOT
context when no ROOT context has been deployed. (markt)
</fix>
<fix>
<bug>50189</bug>: Once the application has finished writing to the
response, prevent further reads from the request since this causes
various problems in the connectors which do not expect this. (markt)
</fix>
<fix>
Fix CVE-2011-2204. Prevent user passwords appearing in log files if a
runtime exception (e.g. OOME) occurs while creating a new user for a
MemoryUserDatabase via JMX. (markt)
</fix>
<fix>
<bug>51042</bug>: Don&apos;t trigger session creation listeners when a
session ID is changed as part of the authentication process. (markt)
</fix>
<fix>
<bug>51324</bug>: Improve handling of exceptions when flushing the
response buffer to ensure that the doFlush flag does not get stuck in
the enabled state. Patch provided by Jeremy Norris. (kkolinko)
</fix>
<fix>
<bug>51403</bug>: Avoid NullPointerException in JULI FileHandler if
formatter is misconfigured. (kkolinko)
</fix>
<fix>
<bug>51473</bug>: Fix concatenation of values in
SecurityConfig.setSecurityProperty() when the value provided by JRE is
null. (kkolinko)
</fix>
<add>
Add additional configuration options to the DIGEST authenticator.
(markt)
</add>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Fix CVE-2011-2526. Protect against crashes (HTTP APR) if sendfile is
configured to send more data than is available in the file. (markt)
</fix>
<fix>
<bug>50744</bug>: Skip the SSL configuration check on platforms where an
unbounded socket cannot be created. (kkolinko)
</fix>
<fix>
<bug>51073</bug>: Throw an exception and do not start the APR connector
if it is configured for SSL and an invalid value is provided for
SSLProtocol. (markt)
</fix>
<fix>
<bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection.
(markt)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>36362</bug>: Handle the case where tag file attributes (which can
use any valid XML name) have a name which is not a Java identifier.
(markt)
</fix>
<fix>
Fix possible threading issue in JSP compilation when development mode is
enabled. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
<bug>48717</bug>: Ensure session activation events are fired. (markt)
</fix>
<fix>
<bug>50771</bug>: Ensure HttpServletRequest#getAuthType() returns the
name of the authentication scheme if request has already been
authenticated. (kfujino)
</fix>
<fix>
<bug>51647</bug>: Fix session replication when a session attribute is a
Java dynamic proxy. Based on a patch by Tomasz Skutnik. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>41498</bug>: Add the allRolesMode attribute to the Realm
configuration page in the documentation web application. (markt)
</fix>
<update>
Configure Security Manager How-To to include a copy of the actual
conf/catalina.policy file when the documentation is built, rather
than maintaining a copy of its content. (kkolinko)
</update>
<fix>
<bug>48997</bug>: Fixed some typos and improve cross-referencing to the
HTTP Connector and APR documentation with the SSL How-To page of the
documentation web application. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Other">
<changelog>
<update>
Clarify error messages in *.sh files to mention that if a script is
not found it might be because execute permission is needed. (kkolinko)
</update>
<update>
Fix CVE-2011-2729. Update commons daemon to 1.0.7. (markt)
</update>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.33 (jim)" rtext="released 2011-02-10">
<subsection name="General">
<changelog>
<fix>
Fix permissions of version.sh in bin tarball. (rjung)
</fix>
<fix>
<bug>45332</bug>, <bug>45852</bug>, <bug>50140</bug>:
Backport numerous improvements to the Windows installer.
Specify the correct encoding (the current Windows code page) rather
than assuming UTF-8 when creating tomcat-users.xml - <bug>45332</bug>,
<bug>45852</bug>.
Update install/uninstall icons. Create an installation log.
Allow 32-bit JVMs to be selected when installing on a 64-bit platform.
Do not ignore install directory if it is specified with the command
line switch on 64-bit platforms - <bug>50140</bug>.
Add support for the <code>/?</code> command line switch.
Replace the .ini files with the script equivalents.
Provide the ability to edit the roles for the added user.
Clean up fully after installation.
Add DetailPrint statements for operations that may take time.
Improve the descriptions of the components.
(kkolinko, mturk, markt)
</fix>
<add>
Add roles (admin-gui, admin-script, manager-gui, manager-script,
manager-jmx, manager-status) to the Manager, Host Manager and Admin
applications to allow more fine-grained control of permissions. The old
roles are deprecated but will still work in the same way. (kkolinko)
</add>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Improve HTTP specification compliance in support of
<code>Accept-Language</code> header. (kkolinko)
</fix>
<fix>
<bug>50620</bug>: Stop exceptions that occur during
<code>Session.endAccess()</code> from preventing the normal completion
of <code>Request.recycle()</code>. (markt/kkolinko)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<update>
Remove <code>JSSE13Factory</code>, <code>JSSE13SocketFactory</code>
classes, as Tomcat 5.5 always runs on JRE 1.4 or later. (kkolinko)
</update>
<fix>
<bug>50325</bug>: When the JVM indicates support for RFC 5746, disable
Tomcat&apos;s <code>allowUnsafeLegacyRenegotiation</code> configuration
attribute and use the JVM configuration to control renegotiation.
(markt/kkolinko)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.32 (jim)" rtext="released 2011-02-01">
<subsection name="General">
<changelog>
<update>
Update to Commons Daemon 1.0.5. (mturk)
</update>
<update>
Update to commons-pool 1.5.5. (markt)
</update>
<fix>
Ensure POM files have correct line endings in source distributions.
(rjung/markt)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<add>
<bug>43960</bug>: Expose <code>available</code> property of
StandardWrapper via JMX. (markt)
</add>
<fix>
<bug>50131</bug>: Avoid possible NPE in debug output in PersistentValve.
Patch provided by sebb. (kkolinko)
</fix>
<fix>
<bug>50413</bug>: Ensure 304s are not returned when using static files
as error pages. (markt/kkolinko)
</fix>
<fix>
Avoid unnecessary cast in StandardContext. (markt)
</fix>
<fix>
<bug>50460</bug>: Avoid a possible memory leak caused by using a cached
exception instance. (kkolinko)
</fix>
<fix>
<bug>50550</bug>: When a new directory is created (e.g. via WebDAV)
ensure that a subsequent request for that directory does not result in a
404 response. (markt/kkolinko)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
<bug>47913</bug>: Return the IP address rather than null for
<code>getRemoteHost()</code> with the APR connector if the IP address
does not resolve. (markt)
</fix>
<fix>
<bug>49521</bug>: Disable scanning for a free port in Jk AJP/1.3
connector by default. Do not change maxPort field value of ChannelSocket
in its <code>setPort()</code> and <code>init()</code> methods. Add
support for <code>maxPort</code> attribute on a <code>Connector</code>
element as a synonym for channelSocket.maxPort. (kkolinko)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>49935</bug>: Handle compilation of recursive tag files. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
Improve sending an access message in DeltaManager.
maxInactiveInterval of not Manager but the session is used.
If maxInactiveInterval is negative, an access message is not sending.
(kfujino)
</fix>
<fix>
<bug>50547</bug>: Add time stamp for CHANGE_SESSION_ID message and
SESSION_EXPIRED message. (kfujino)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<add>
<bug>50294</bug>: Add more information to documentation regarding format
of configuration files. Patch provided by Luke Meyer. (markt)
</add>
<update>
Improve documentation of database connection factory. (rjung)
</update>
<fix>
Improve filtering of Manager display output. (kkolinko)
</fix>
<update>
Configure the Admin, Manager and Host-Manager web applications to use
HttpOnly flag for their session cookies. (kkolinko)
</update>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.31 (jim)" rtext="released 2010-09-16">
<subsection name="General">
<changelog>
<fix>
Add svn:executable property to some script files and
remove it from non-executable files. (rjung)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>38113</bug> Add system property (ALLOW_EMPTY_QUERY_STRING) to allow
spec compliant handling of query string. (markt/kkolinko/jim)
</fix>
<fix>
Return a copy of the URL being used from the webapp class loader, not
the original array. (kkolinko/markt)
</fix>
<fix>
<bug>49749</bug>: Use HttpOnly flag of current context when genrating
a Single-Sign-On cookie. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
<bug>49718</bug>: Fix regression in previous fix for <bug>46984</bug>
caused by the patch being applied to the wrong section of code. The
regression caused HTTP 0.9 requests to fail. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>49585</bug>: Update JSVC documentation to reflect new packaging
of Commons Daemon. (markt)
</fix>
<fix>
<bug>49774</bug>: Add support for SSL with either JSSE or APR baaed
connectors to the admin app. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
Add Null check when CHANGE_SESSION_ID message received. (kfujino)
</fix>
</changelog>
</subsection></section>
<section name="Tomcat 5.5.30 (jim)" rtext="released 2010-07-09">
<subsection name="General">
<changelog>
<update>Update to Commons Daemon 1.0.2. Use service launcher (procrun)
from the Commons Daemon release. Do not keep a copy of it in our source
tree. (mturk/kkolinko)</update>
<update>
Update to NSIS 2.46. (kkolinko)
</update>
<update>
Update to Apache Commons DBCP 1.3. (markt)
</update>
<fix>
<bug>48840</bug>: Swallow output (if any) from use of cd when determining
$CATALINA_HOME in catalina.sh and tool-wrapper.sh scripts. Based on patch
provided by mdietze. (markt/kkolinko)
</fix>
<fix>
<bug>49236</bug>: Do not use indexing when packing Tomcat JARs.
(kkolinko)
</fix>
<fix>
<bug>48990</bug>: Build windows distributions correctly on Linux and
add support for the skip.installer property. (kkolinko)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Fix CVE-2010-1157. Prevent possible disclosure of host name or IP
address via the HTTP WWW-Authenticate header when using BASIC or DIGEST
authentication. (markt)
</fix>
<fix>
<bug>44041</bug>, <bug>48694</bug>: Fix duplicate class definition
under load. Avoid possible deadlock in class loading.
(markt/kkolinko)
</fix>
<fix>
<bug>47774</bug>: Ensure web application class loader is used when
calling session listeners. (kfujino)
</fix>
<update>
<bug>48179</bug>: Improve error handling when reading or writing
TLD cache file ("tldCache.ser"). (kkolinko)
</update>
<fix>
<bug>49398</bug>: ByteChunk.indexOf(String, int, int, int) could not
find a string of length 1. (kkolinko)
</fix>
<fix>
Ensure all required i18n messages are present for the APR/native
Listener. (kkolinko)
</fix>
<fix>
Fix possible overflows when calculating session statistics. (kkolinko)
</fix>
<fix>
<bug>49424</bug>: Avoid NPE if client provides no data with a chunked
POST request. (markt)
</fix>
<fix>
Minor code cleanup in AccessLogValve and FastCommonAccessLogValve
classes. (kkolinko)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>Arrange filter logic. (jfclere)
</fix>
<fix>
<bug>48613</bug>: Only attempt APR/native connector initialization if
the Listener element has been specified in server.xml. (fhanik/kkolinko)
</fix>
<fix>
<bug>48843</bug>: Prevent possible deadlock and correct queue handling
for worker allocation in APR connectors. (kkolinko)
</fix>
<fix>
Use chunked encoding for http 1.1 responses with no content-length
(regardless of keep-alive) so client can differentiate between complete
and partial responses. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>42390</bug>, <bug>48616</bug>: Fix compilation error with some
nested tag files and simple tags. Do not declare or synchronize
scripting variables for JSP fragments since they are scriptless.
(kkolinko)
</fix>
<fix>
<bug>47878</bug>: Return &#x201C;404&#x201D;s rather than a permanent
&#x201C;500&#x201D; if a JSP is deleted. Make sure first response after
deletion is correct. (markt/kkolinko)
</fix>
<fix>
<bug>48701</bug>: Add a system property to allow disabling enforcement
of JSP.5.3. The specification recommends, but does not require, this
enforcement. (kkolinko)
</fix>
<fix>
<bug>48580</bug>: Prevent AccessControlException when running under a
security manager if the first access is to a JSP that uses a
FunctionMapper. (markt/kkolinko)
</fix>
<fix>
<bug>49196</bug>: Avoid NullPointerException in
PageContext.getErrorData() if an error-handling JSP page is called
directly. (kkolinko)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
<bug>48717</bug>: When a node joins a cluster and it receives all the
current sessions, ensure the sessionCreated event is fired if the
Manager is configured to replicate session events. (markt)
</fix>
<fix>
<bug>49170</bug>: Do not send duplicated session. (kfujino)
</fix>
<fix>
<bug>49445</bug>: When session ID is changed after authentication,
ensure the DeltaManager replicates the change in ID to the other nodes
in the cluster. (kfujino)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<add>
Backport documentation stylesheet improvements from Tomcat 6:
use CSS styles to provide printer-friendly layout,
support generation of TOC tables,
support links to revision numbers,
use underscores instead of spaces in anchor names. (kkolinko)
</add>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.29 (fhanik)" rtext="released 2010-04-20">
<subsection name="General">
<changelog>
<add>
<bug>37847</bug>: Make location and filename of catalina.out configurable
in catalina.sh. (fhanik/kkolinko)
</add>
<fix>
<bug>47609</bug>: Provide fail-safe EOL conversion for build process.
(sebb/markt/kkolinko)
</fix>
<fix>
<bug>47689</bug>: Enable the test Ant target to work. (markt)
</fix>
<fix>
<bug>47712</bug>: Loading tcnative was broken in 5.5.28. (rjung)
</fix>
<fix>
Correct CVE-2009-3548. When installed via the Windows installer and
using defaults, don't create an administrative user with a blank
password. Additionally, the administrative user is only created if the
manager or host-manager web applications are selected for installation.
(markt/kkolinko)
</fix>
<update>
Deprecate the jni Buffer and Thread classes. (rjung)
</update>
<update>
Include 32-bit and 64-bit versions of Tomcat Native DLLs into the
Windows installer, instead of downloading them from a web site during
install, and allow it to automatically select the correct one for the
current platform. (kkolinko/mturk)
</update>
<update>
Update Windows installer to use NSIS 2.45. (kkolinko)
</update>
<update>
Update to commons-pool 1.5.4. This fixes regressions in 1.5.2. (markt)
</update>
<fix>
Align server.xml installed by the Windows installer with the one
bundled in zip/tar.gz archives. (kkolinko)
</fix>
<fix>
Encode all property files using ascii escaped UTF-8. (rjung)
</fix>
<fix>
Correct MD5 generation in the build process. (kkolinko)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>37848</bug>: Re-fix. Don't display info output when there is no
terminal. (markt)
</fix>
<fix>
<bug>39231</bug>: Call LoginModule.logout() when using JAASRealm.
(markt/kkolinko)
</fix>
<fix>
<bug>39844</bug>: Fix NPE when performing a non-HTTP forward.
(billbarker)
</fix>
<fix>
<bug>41059</bug>: Reduce the chances of errors when using
ENABLE_CLEAR_REFERENCES. Patch by Curt Arnold. (markt)
</fix>
<add>
<bug>45255</bug>: Add the ability to change session ID on
authentication to protect against session fixation attacks. This is
disabled by default. (markt/kkolinko)
</add>
<fix>
<bug>46967</bug>: Better handling of errors when trying to use
Manager.randomFile. Based on a patch by Kirk Wolf. (kkolinko)
</fix>
<fix>
<bug>47518</bug>: Correct reference in Valve Javadoc that referred to an
old method. Patch provided by Christopher Schultz. (markt)
</fix>
<fix>
<bug>47537</bug>: Return an error page rather than a zero length 200
response if the forward to the login or error page fails during FORM
authentication. (markt)
</fix>
<fix>
<bug>47718</bug>: Fix file descriptor leak on context stop/reload. Patch
provided by George Sexton. (markt)
</fix>
<fix>
<bug>47826</bug>: Correct error in debug message in
org.apache.catalina.Bootstrap (markt)
</fix>
<fix>
<bug>47963</bug>: Ensure that any HTTP status messages are compliant
with RFC2616. (markt/kkolinko)
</fix>
<fix>
<bug>47997</bug>: Enable the NamingResourcesMBean to work with
non-Server (i.e. Context) containers. Patch provided by Michael Allman.
(markt)
</fix>
<fix>
<bug>48004</bug>: Allow applications to set the Server header. (markt)
</fix>
<fix>
<bug>48007</bug>: Improve exception processing in
CustomObjectInputStream. (kkolinko)
</fix>
<fix>
<bug>48049</bug>: Fix copy and paste error so
<code>NamingContext.destroySubContext()</code> works correctly.
Patch provided by gingyang.xu (markt)
</fix>
<update>
<bug>48097</bug>: Make WebappClassLoader to do not swallow
AccessControlException. (kkolinko)
</update>
<fix>
<bug>48097</bug>: Avoid throwing an AccessControlException which can
lead to a NoClassDefFoundError on first access of first jsp.
(kkolinko/markt)
</fix>
<fix>
<bug>48322</bug>: Single quote characters are not HTTP separators and
should not be treated as such in the cookie handling. (markt)
</fix>
<add>
Provide an option to allow the use of equals characters in cookie
values. (markt)
</add>
<fix>
<bug>48516</bug>: Prevent NPE in JNDIRealm if requested user does not
exist. Patch provided by Kevin Conaway. (markt)
</fix>
<fix>
<bug>48577</bug>: Filter URL when displaying missing included page.
(markt)
</fix>
<fix>
<bug>48760</bug>: Remove race condition that can result in multiple
threads trying to use the same InputStream. (markt)
</fix>
<fix>
Add an additional permission required by JULI when running under newer
JDKs and a security manager. (markt)
</fix>
<fix>
Close resource stream in WebappClassLoader after read error. (pero)
</fix>
<fix>
Do not swallow exceptions in ApplicationContextFacade.doPrivileged()
(kkolinko)
</fix>
<fix>
Various related (un)deploy improvements including: better handling of
failed (un)deployment; adding checking for invalid zip file entries that
don't make sense in a WAR file; and improved validation of WAR file
names. These changes address CVE-2009-2693, CVE-2009-2901 and
CVE-2009-2902.
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
<bug>43327</bug>: Allow APR/native connector to work correctly on
systems when IPv6 is enabled. (markt)
</fix>
<fix>
<bug>46950</bug>: Support SSL renegotiation with APR/native connector.
Note that this requires APR/native 1.1.17 or later. (markt)
</fix>
<fix>
<bug>47225</bug>: Fix error in calculation of a buffer length in the
mapper. (markt)
</fix>
<fix>
<bug>47744</bug>: Prevent a medium term memory leak if using SSl with
the JSSE provider and also using a security manager. Based on a patch by
Greg Vanore. (markt)
</fix>
<fix>
<bug>47987</bug>: Limit size of not found resources cache. (markt)
</fix>
<fix>
<bug>48109</bug>: Ensure InputStream is closed in WebappClassLoader
on error conditions. (markt)
</fix>
<fix>
<bug>48311</bug>: APR should not be initialised if the APR life-cycle
listener is not enabled. (markt)
</fix>
<fix>
<bug>48581</bug>: Avoid security exception on first access. (markt)
</fix>
<fix>
<bug>48584</bug>: Prevent the APR connector logging an error if the
acceptor fails during shutdown since this is expected. (mturk)
</fix>
<fix>
CVE-2009-3555. Provide option to disable legacy SSL renegotiation.
(markt/costin)
</fix>
<fix>
Fix Windows installer to bundle an up-to-date version of native/APR with
it. When asked to install TC-Native it was downloading some very old (1.1.4)
version of it from the HEAnet site. (kkolinko)
</fix>
<update>
Update the native/APR library version bundled with Tomcat to 1.1.20.
(kkolinko)
</update>
<update>
Update recommended version for native to 1.1.19. (rjung)
</update>
<fix>
Remove unneeded line from the method that normalizes decodedURI.
(kkolinko)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>38797</bug>: Fix regression in previous fix for this bug. (markt)
</fix>
<fix>
<bug>41661</bug>: Fix thread safety issue in JspConfig.init() (markt)
</fix>
<fix>
<bug>41824</bug>: Need to use canonical rather than binary form when
writing code. (markt)
</fix>
<fix>
<bug>46907</bug>: Don't swallow input stream when debug logging is
enabled. (markt)
</fix>
<fix>
<bug>48582</bug>: Avoid NPE on background compile. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
DeltaManager needs to replicate changed attributes even if session
gets invalidated. Otherwise session listeners will not see the right
data on the secondary nodes. (rjung)
</fix>
<fix>
Remove unnecessary Java5 dependencies. (markt)
</fix>
<fix>
<bug>46384</bug>: Correct synchronisation issue that could lead to a
cluster member disappering permanently. (markt)
</fix>
<fix>
<bug>47554</bug>: Include httpOnly attribute when re-writing session
cookie after fail over. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>41564</bug>: Add some information on installing Tomcat as a service
on operating systems with User Account Control, e.g. Vista. (markt)
</fix>
<fix>
<bug>47656</bug>: Add information to documentation on system property
replacement in configuration files. (markt)
</fix>
<fix>
<bug>47769</bug>: Clarify the JNDI docs with repect to use of
&lt;resource-ref&gt; and related elements, specifically when they are
required and when they may be omitted. (markt)
</fix>
<fix>
<bug>48381</bug>: Add information on how Tomcat treats host names to the
host configuration documentation. (markt)
</fix>
<add>
<bug>48530</bug>: Add information on the Manager Server Status page to
the Manager How-To in the documentation webapp. Based on a patch by
Arnaud Espy. (markt)
</add>
<add>
<bug>48532</bug>: Add information to the BIO/NIO SSL configuration page
in the documentation web application to specify how the defaults for the
various trust store attributes are determined. (markt)
</add>
<fix>
<bug>48686</bug>: Fix deleting a host via the Administration web
application rather than failign with a HTTP 500 response. (markt)
</fix>
<add>
Make changelog.xml be directly rendered as HTML by certain browsers.
(kkolinko)
</add>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.28 (fhanik)" rtext="released 2009-09-04">
<subsection name="General">
<changelog>
<fix>
<bug>39194</bug>: Make the setting of the classpath consistent for the
.sh and .bat startup scripts. (markt/kkolinko)
</fix>
<fix>
<bug>45880</bug>: Include NOTICE file in Windows installer and make sure
src files are excluded. (markt)
</fix>
<update>
Update to NSIS 2.44 (kkolinko)
</update>
<update>
Build scripts: Use different values for ${tomcat-dbcp.home} and
${jasper-compiler-jdt.home} in tomcat-deps. Fix download task
checks for commons-pool and commons-dbcp. (kkolinko)
</update>
<add>
Add the 64-bit windows service binaries to the distribution and get the
Windows installer to automatically select the correct one for the
current platform. (markt/kkolinko)
</add>
<update>
Update to commons-pool 1.5.2. This includes various fixes to prevent
deadlocks, reduce syncs and make object allocation occur fairly - i.e.
objects are allocated to threads in the order that the threads request
them. This fixes a number of issues with the version of DBCP embedded
within Tomcat. (markt)
</update>
<update>
Update Tomcat Windows service application (procrun) to version 2.0.5.
It contains a fix for issue <bug>41538</bug> (mturk)
</update>
<fix>
<bug>47149</bug>: Explicitly specify encoding when performing filtering
during copy, fixcrlf or replace operations in build scripts. Don't add
blank lines to files when fixing line endings. Explicitly specify
encoding when compiling. (kkolinko)
</fix>
<fix>
<bug>47464</bug>: Some class files were accidentally included into the
source distributions of TC 5.5.27. (kkolinko)
</fix>
<docs>
Document that building Tomcat requires Ant 1.6.2 or later. (kkolinko)
</docs>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>37458</bug>: Fix sync error that may lead to NPE in rare
circumstances. Patch by Konstantin Kolinko. (markt)
</fix>
<fix>
<bug>37498</bug>: Fall back to container log if application log is
unavailable during context destruction. (markt)
</fix>
<fix>
<bug>37794</bug>: Handle POSTed parameters when sent with chunked
encoding. (markt)
</fix>
<fix>
<bug>37984</bug>: Strip {MD5} as well as {SHA} if present in digest
passwords in LDAP directories. (markt)
</fix>
<fix>
<bug>38553</bug>: A lack of certificates is normal if a user doesn't
have a certificate. Return a 401 rather than a 400 in this case. (markt)
</fix>
<fix>
<bug>38570</bug>: When checking docBase against appBase, make sure we
check for an exact match against the appBase. (markt)
</fix>
<fix>
<bug>39013</bug>: When testing for an invalid docBase, use an exact
match for the appBase. (markt)
</fix>
<fix>
<bug>39396</bug>: Only include TRACE in an OPTIONS response if we know
it has been enabled. (markt)
</fix>
<fix>
Remove wrong "No role found" realm debug log message,
even if a role was found. (rjung)
</fix>
<fix>
<bug>39997</bug>: Add the SSLRandomSeed option to the
AprLifecycleListener to enable faster starts on development systems.
(markt)
</fix>
<fix>
<bug>40380</bug>: Fix potential synchronization issue in
StandardSession.expire(). (markt)
</fix>
<fix>
<bug>41407</bug>: JAAS Realm now works with CLIENT-CERT authentication.
(markt)
</fix>
<add>
<bug>42419</bug>: Add a system property that enables the name of the
session cookie and session path parameter to be configured. (markt)
</add>
<fix>
<bug>42579</bug>: Support both relative and absolute search results in
the JNDI Realm implementation. Patch provided by Brandon DuRette.
(markt)
</fix>
<fix>
<bug>42707</bug>: Make adding a host alias via JMX take effect
immediately. (markt)
</fix>
<fix>
<bug>43343</bug>: Correctly handle requesting a session we are in the
middle of persisting. Based on a suggestion by Wade Chandler.
(markt/kkolinko)
</fix>
<add>
<bug>44382</bug>: Add support for using httpOnly for session cookies.
This is disabled by default. (markt/fhanik)
</add>
<fix>
<bug>45576</bug>: JAAS Realm now works with DIGEST authentication.
(markt)
</fix>
<fix>
<bug>45628</bug>: JARs that do not declare any dependencies should
always be considered as fulfilled. (markt)
</fix>
<fix>
<bug>45933</bug>: Don't use a web application provided parser to process
TLD files. (markt)
</fix>
<fix>
<bug>45996</bug>: Add Accept-Ranges header to responses from the
DefaultServlet with an option to disable it. (markt)
</fix>
<fix>
<bug>46105</bug>: Correctly set URI encoding when replaying a request
after FORM authentication. (markt)
</fix>
<fix>
<bug>46408</bug>: Correct possible invalid case in SecurityUtil. (markt)
</fix>
<fix>
<bug>46552</bug>: Return a 400 response rather than a 200 response if
the request headers are too large. (markt)
</fix>
<fix>
<bug>46597</bug>: Port all cookie handling changes from Tomcat 6.0.x.
(markt)
</fix>
<fix>
<bug>46606</bug>: Make max depth limit for WebDAV servlet configurable.
(markt)
</fix>
<fix>
<bug>46717</bug>: Fix hard to reproduce thread safety issue with session
expiration. (markt)
</fix>
<fix>
<bug>46982</bug>: Fix DST problem with AccessLogValve. (markt)
</fix>
<fix>
Improve handling of situation where web application tries to configure
logging at the context level but the security policy prevents this.
(markt/rjung)
</fix>
<fix>
Fix an information disclosure vulnerability in a number of the Realms
that allowed user enumeration when using FORM authentication. This is
CVE-2009-0580. (markt)
</fix>
<fix>
Fix various WebDAV compliance issues identified by the Litmus test
suite. (markt)
</fix>
<fix>
Use a better default (webapps) for a Host's appBase. (idarwin/markt)
</fix>
<fix>
<bug>44943</bug>: Reduce copy/paste issues caused by different engine
names in server.xml. (markt, kkolinko)
</fix>
<fix>
Remove obsolete classpath entry for commons-logging from start script.
It is already present in the classpath set by the manifest in bootstrap.jar.
(rjung)
</fix>
<fix>
<bug>38483</bug>: Thread safety issues in AccessLogValve classes. (kkolinko)
</fix>
<add>
Allow log file encoding to be configured for JULI FileHandler. (kkolinko)
</add>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>36923</bug>: Parse deactivated EL expressions correctly. (markt)
</fix>
<fix>
<bug>37084</bug>: Fix JspC compilation with Ant when compiling JSPs that
use a custom taglib. (markt/kkolinko)
</fix>
<fix>
<bug>37515</bug>: Add options for Java 1.6 and 1.7 to the JDT compiler.
(markt)
</fix>
<fix>
<bug>38197</bug>: Fix tag pooling when tags are used with jsp:attribute.
(markt)
</fix>
<fix>
<bug>38352</bug>: Make the directory defined by
javax.servlet.context.tempdir readable for JSPs when running under a
security manager as required by the specification. (markt)
</fix>
<fix>
<bug>38797</bug>: Revert previous fix for <bug>37933</bug> and implement
a new fix that does not have the side effects described in
<bug>38797</bug>.
</fix>
<fix>
<bug>38897</bug>: Add uri of broken TLD to error message to aid
debugging. (markt)
</fix>
<fix>
<bug>41606</bug>: Fix double initialisation of JSPs. Patch provided by
Chris Halstead. (markt)
</fix>
<fix>
<bug>45666</bug>: Fix infinite loop on include. Patch provided by Tom
Wadzinski. (markt)
</fix>
<fix>
<bug>46354</bug>: Fix ArrayIndexOutOfBoundsException when using
org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true. Patch
provided by Konstantin Kolinko. (markt)
</fix>
<fix>
<bug>46909</bug>: Only include semi-colon in type attribute for
&lt;jsp:plugin&gt; when it is required. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
Fix minor memory leak found by find bugs. (markt, rjung)
</fix>
<fix>
<bug>40551</bug>: Enable the JvmRouteBinderValve to work with
PersistentManagers as well as clustering. Patch by Chris Chandler.
(markt)
</fix>
<fix>
<bug>46357</bug>: Corrected test for host's parent must be an engine.
(markt, rjung)
</fix>
<update>
<bug>45317</bug>: Properly log the value of the state transfer timeout flag.
(fhanik, rjung)
</update>
<fix>
<bug>45279</bug>: Properly close multicast socket. (fhanik, rjung)
</fix>
<fix>
<bug>45447</bug>: Add Spanish resource files.
Patch provided by Jesus Marin. (markt, rjung)
</fix>
<fix>
<bug>46990</bug>: Fix synchronization issues in cluster membership
reported by FindBugs. Patch provided by Sebb. (markt, rjung)
</fix>
<fix>
<bug>47389</bug>: DeltaManager doesn't do session replication if
notifySessionListenersOnReplication=false.
Patch by Keiichi Fujino. (fhanik, rjung)
</fix>
<fix>
Separate statistics counter lock in FastAsyncSocketSender from inherited
DataSender lock to reduce blocking during failed node detection. (rjung)
</fix>
<fix>
Handle situation session ID rewriting on fail-over with parallel requests
from the same client. (pero)
</fix>
<fix>
<bug>43641</bug>: Use of bind attribute for membership element breaks
multicast. (rjung)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
Fix CVE-2009-0781. XSS in calendar example. (markt)
</fix>
<fix>
<bug>36574</bug>: Fix broken PDFs. (markt)
</fix>
<fix>
<bug>39603</bug>: Admin app only showed ROOT web application when
clustering was enabled. (markt)
</fix>
<fix>
<bug>47032</bug>: Fix /status/all in Manager webapp when using the
PersistentManager. (markt)
</fix>
<fix>
<bug>47235</bug>: Remove use of autoReconnect from MySQL examples.
(mark)
</fix>
<fix>
<bug>46509</bug>: Use correct link on error page in JSP security
example. Patch provided by Michael Moody. (markt)
</fix>
<fix>
<bug>46562</bug>: Close file when reading has finished when using SSI.
(markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote" >
<changelog>
<fix>
<bug>37869</bug>: Correctly extract client certificates, including the
full certificate chain when using the APR/native HTTP connector. (markt)
</fix>
<fix>
<bug>39637</bug>: Correctly extract client certificates, including the
full certificate chain when using the AJP connectors. Patch by Patrik
Schnellmann. (markt)
</fix>
<update>
Set remote port for AJP connectors from the optional request
attribute AJP_REMOTE_PORT. (rjung)
</update>
<fix>
<bug>45026</bug>: Never return an empty HTTP status reason phrase.
mod_jk and httpd 2.x do not like that. (rjung)
</fix>
<fix>
<bug>45528</bug>: An invalid SSL configuration could cause an infinite
logging loop on startup. (markt)
</fix>
<fix>
<bug>46984</bug>: Reject requests with invalid HTTP methods with a 400
rather than a 501. (markt)
</fix>
<update>
Update the APR/native connector to 1.1.16. (markt, kkolinko)
</update>
<fix>
Correct potential DOS issue in Java AJP connector when processing
invalid request headers. This is CVE-2009-0033. (markt)
</fix>
<fix>
Make DateTool thread safe. (fhanik)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.27 (fhanik)" rtext="released 2008-09-08">
<subsection name="General">
<changelog>
<fix>
<bug>44463</bug>: War file upload in manager webapp fails due to missing
commons-io dependency. Added commons-io 1.4. (rjung)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>46770</bug>: Don't send duplicate headers when using flushBuffer(). (rjung)
</fix>
<fix>
<bug>44021</bug>, <bug>43013</bug>: Add support for # to signify multi-level contexts for directories and wars.
</fix>
<fix>
<bug>44494</bug>: Backport from 6.0 (rjung)
</fix>
<fix>
Add additional checks for URI normalization. (remm)
</fix>
<fix>
Don't throw an ArrayIndexOutOfBoundsException when empty URL is
requested. Patch provided by Charles R Caldarale. (markt)
</fix>
<fix>
<bug>29936</bug>: Don't use parser from a webapp to parse web.xml and possibly
context.xml files. (markt)
</fix>
<fix>
<bug>43079</bug>: Correct pattern verification for suspicious URLs.
Patch provided by John Kew. (markt)
</fix>
<fix>
<bug>43080</bug>: Log suspicious URL pattern warnings to the correct
web application. (markt)
</fix>
<fix>
<bug>43117</bug>: Setting an empty workDIR could delete all of
CATALINA_HOME. Patch provided by Takayuki Kaneko. (markt)
</fix>
<fix>
<bug>44282</bug>: Prevent security exception in trace level logging for
web application class loader when running under a security manager.
(markt)
</fix>
<fix>
<bug>44529</bug>: No roles specified (deny all) should take precedence
over no auth-constraint specified (allow-all). (markt)
</fix>
<fix>
<bug>43578</bug>: Enable start on Linux if $CATALINA_HOME contains a
space. Original patch provided by Ray Sauers with improvements by Ian
Ward Comfort. (markt)
</fix>
<fix>
<bug>44673</bug>: Throw IOE if ServletInputStream is closed and a call
is made to any read(), ready(), mark(), reset(), or skip() method as per
javadocs for Reader. (markt)
</fix>
<fix>
Enable the CGIServlet to work with Windows Vista. (markt)
</fix>
<fix>
Add additional permission required to read JDK logging configuration
when running with a security manager. (markt)
</fix>
<fix>
<bug>44943</bug>: Reduce copy/paste issues caused by different engine
names in server.xml. (markt)
</fix>
<fix>
<bug>45195</bug>: Prevent NPE when calling
<code>Session.getAttribute(null)</code> and
<code>Session.removeAttribute(null)</code>. The spec is unclear but this
is a regression from 5.0.x. (markt)
</fix>
<fix>
<bug>45293</bug>: Update name of commons-logging jar in security policy.
(markt)
</fix>
<fix>
<bug>45453</bug>: Fix race condition in JDBC Realm. Based on a patch
provided by Santtu Hyrkk. (markt)
</fix>
<fix>
JAAS Realm did not read role information for users. (markt)
</fix>
<fix>
<bug>46683</bug>: Fix typo in French localisation file name for the
org.apache.catalina.loader package. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<update>
Log errors for AJP signoffs at DEBUG level, since it is harmless if
mod_jk has hung up the phone. (billbarker)
</update>
<fix>
<bug>42727</bug>: Handle request lines that are exact multiples of 4096
in length. Patch provided by Will Pugh. (markt)
</fix>
<fix>
<bug>43191</bug>: Compression could not be disabled for some file types.
Based on a patch by Len Popp. (markt)
</fix>
<fix>
<bug>45591</bug>: Fix NPE on shutdown failure in some cases. Based on a
patch by Matt Passell. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>31257</bug>: Quote endorsed dirs if they contain a space. (markt)
</fix>
<fix>
<bug>42943</bug>: Make sure nested element is inside &lt;jsp:text&gt;
element before throwing exception. (markt)
</fix>
<fix>
<bug>44877</bug>: Prevent collisions in tag pool names. (markt)
</fix>
<fix>
<bug>45015</bug>: Enfore JSP spec rules on quoting in attrbutes. This is
configurable using the system property
<code>org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING</code>.
(markt)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>42899</bug>: When saving config from admin app, correctly handle
case where the old config file does not exist. (markt)
</fix>
<fix>
<bug>44541</bug>: Document packetSize attribute for AJP connector.
(markt)
</fix>
<fix>
<bug>44715</bug>: Document use of secret for AJP connector. (markt)
</fix>
<update>
<bug>45323</bug>: Add note that context.xml files can only contain a
single Context element. (markt)
</update>
<fix>
Update JNDI datasource docs since maxActive setting for unlimited
changed in commons-pool > 1.2. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Specification">
<changelog>
<fix>
Use a localised error message if a user tries to write a negative length
byte array during default processing of a HEAD request. (markt)
</fix>
<fix>
<bug>44562</bug>: HEAD requests cannot use includes. Patch provided by
David Jencks. (markt)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.26 (fhanik)" rtext="released 2008-02-05">
<subsection name="General">
<changelog>
<update>
Use Eclipse JDT 3.3.1. (pero)
</update>
<update>
Use new commons download location. (markt)
</update>
<update>
Use commons-launcher 1.1. (markt)
</update>
<update>
Use commons-digester 1.8. (markt)
</update>
<update>
Use Xerces 2.9.1. (markt)
</update>
<update>
Remove usused commons-httpclient. (funkman)
</update>
<update>
Use commons-collections 3.2. (markt)
</update>
<update>
Use commons-fileupload 1.2. (markt)
</update>
<update>
Use MX4J 3.0.2. (markt)
</update>
<update>
Use JUnit 3.8.2. (markt)
</update>
<update>
Use NSIS 2.34. (markt)
</update>
<update>
Use Struts 1.2.9. (markt)
</update>
<update>
Use JAF 1.1.1. (markt)
</update>
<update>
Use JTA 1.1. (markt)
</update>
<update>
Use JavaMail 1.4.1. (markt)
</update>
<update>
Use PureTLS 0.9b5. (markt)
</update>
<update>
Use commons-pool 1.4. (markt)
</update>
<fix>
<bug>43594</bug>: Use setenv from CATALINA_BASE (if set) in preference
to the one in CATALINA_HOME. Patch provided by Shaddy Baddah. (markt)
</fix>
<fix>
Fix CVE-2007-5342 by limiting permissions granted to JULI. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix><bug>38131</bug>: WatchedResource doesn't work if app is outside host appbase webapps.
Patch provided by Peter Lynch (pero)
</fix>
<fix>
Set correct sessionCounter at StandardManager after reload sessions. (pero)
</fix>
<fix>
Fix NPE situation at AccessLogValve (pero)
</fix>
<fix>
<bug>30949</bug>: Improve previous fix. Ensure requests are recycled
on cross-context includes and forwards when an exception occurs in the
target page. (markt)
</fix>
<fix>
<bug>43216</bug>: Set correct StandardSession#accessCount as system property STRICT_SERVLET_COMPLIANCE is true after application restart with SESSION.ser file.
Patch provided by Takayuki Kaneko (pero)
</fix>
<add>
Made session createTime accessible for all SessionManager via JMX (pero)
</add>
<add>
Support logging of all response header values at ExtendedAccessLogValve (ex. add x-O(Set-Cookie) to your pattern). (pero)
</add>
<add>
Support logging of current thread name at AccessLogValve (ex. add %I to your pattern).
Usefull to compare access logging entry later with a stacktraces. (pero)
</add>
<fix>
o.a.juli.ClassLoaderLogManager handle more then one system property replacement at file logging.properties. (pero)
</fix>
<fix>
<bug>43236</bug>: Reset usingWriter and associated flags when response
is reset. (markt)
</fix>
<fix>
<bug>43241</bug>: ServletContext.getResourceAsStream() not spec
compliant. Patch provided by John Kew. (markt)
</fix>
<fix>
<bug>43675</bug>: Fix a possible logging related class loader leak.
(markt)
</fix>
<fix>
<bug>43687</bug>: Remove conditional headers on Form Auth replay, since the UA (esp. FireFox) isn't expecting it. (billbarker)
</fix>
<fix>
Fix bug in CGI Servlet that caused it to fail when a CGI resource was
included in another resource. (markt)
</fix>
<fix>
Cookie handling/parsing changes!
The following behavior has been changed with regards to Tomcat's cookie
handling:<br/>
a) Cookies containing control characters, except 0x09(HT), are rejected
using an InvalidArgumentException.<br/>
b) If cookies are not quoted, they will be quoted if they contain
<code>tspecials(ver0)</code> or <code>tspecials2(ver1)</code>
characters.<br/>
c) Escape character '\\' is allowed and respected as a escape character,
and will be unescaped during parsing.
</fix>
<fix>
<bug>43839</bug>: URL based session tracking fails when session cookie
from parent context is present. Based on a patch by Yuan Qingyun.
(markt)
</fix>
<fix>
<bug>43887</bug>: Include exception in the log message. (markt)
</fix>
<fix>
<bug>43914</bug>: Location headers must be encoded. Patch provided by
Ivan Todoroski. (markt)
</fix>
<fix>
<bug>43957</bug>: Service.bat didn't configure logging correctly.
Patch provided by Richard Fearn. (markt)
</fix>
<fix>
<bug>44041</bug>: Fix duplicate class definition error under load.
(markt)
</fix>
<fix>
<bug>44084</bug>: JASSRealm is broken for application provided
Principals. Patch provided by Noah Levitt. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Jasper" >
<changelog>
<fix>
<bug>43702</bug>: Reduce length of unnecessarily long class names for
the inner helper class when using simple tags. (markt)
</fix>
<fix>
<bug>43757</bug>: Rather than use string matching to work out the line
in the JSP with the error, use the SMAP info and the knowledge that for
a scriptlet there is a one to one line mapping. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
Fix FarmWarDeployer can be only configured at host subelement (pero)
</fix>
<fix>
Fix wrong &amp;&amp; at ReplicationValve (pero)
</fix>
<fix>
DeltaManager sessionCounter must be also increment at relicated sessions. (pero)
</fix>
<add>
Made attribute createTime accessible for all DataSenders. (pero)
</add>
</changelog>
</subsection>
<subsection name="Webapps" >
<changelog>
<fix>
Fix CVE-2007-5461, an important information disclosure vulnerability in
the WebDAV Servlet. (markt)
</fix>
<fix>
<bug>43611</bug>: Provide an error message when trying to upload a WAR
for a context that has been defined in server.xml. (markt)
</fix>
<fix>
<bug>44094</bug>: Add note to docs about side-effects of setting
privileged on a context. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote" >
<changelog>
<fix>
<bug>43479</bug>: Fix memory leak cleaning up sendfile connections.
(markt)
</fix>
<fix>
<bug>43622</bug>: Don't always overwrite min compression size with
default. (markt)
</fix>
<fix>
<bug>43995</bug>: No timeout for sendfile (TODO item had been
forgotten). (markt)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.25 (fhanik)" rtext="released 2007-09-08">
<subsection name="General">
<changelog>
<docs>
Correct j.u.l log levels in JULI docs. (rjung)
</docs>
<update>
Update to Commons Modeler 2.0.1, fix embed release starting issue. (pero)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Handle special case of ROOT when re-loading webapp after ROOT.xml has
been modified. In some circumstances the reloaded ROOT webapp had no
associated resources. (markt)
</fix>
<fix>
Fix WebDAV Servlet so it works correctly with MS clients. (markt)
</fix>
<fix>
Remove invalid attribute "encoding" of MBean MemoryUserDatabase,
which lead to errors in the manager webapp JMXProxy output. (rjung)
</fix>
<fix>
Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host
Manager. Reported by Daiki Fukumori. (markt)
</fix>
<add>
<bug>39055</bug>: Add JMXAdaptorLifecycleListener to start JMX Connector
with fixed naming and data ports. This feature is needed to have stable
remote access when a firewall is active. The adaptor reads all standard
JMX system properties (-Dcom.sun.management.jmxremote.XXX). Currently
only included at src release (uses JDK 1.5 classes).
Feature provided by George Lindholm and Juergen Herrman (pero)
</add>
<fix>
<bug>41722</bug>: Make the role-link element optional (as required by
the spec) when using a security-role-ref element. (markt)
</fix>
<fix>
<bug>42547</bug>: Fix NPE when a ResourceLink in context.xml tries to
override an env-entry in web.xml. (markt)
</fix>
<fix>
<bug>42944</bug>: Correctly handle servlet mappings that use a '+'
character as part of the url pattern. (markt)
</fix>
<fix>
Improve large-file support (more then 4 Gb) at all AccessLogValves. (pero)
</fix>
<update>
<bug>43129</bug>: Support logging of response headers at AccessLogValve (ex. add %{Set-Cookie}o to your pattern). (pero)
</update>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>2500</bug>: FileNotFoundException within a JSP pages resulted in a
404 rather than a 500. (markt)
</fix>
<fix>
<bug>37326</bug>: No error reported when an included page does not
exist. (markt)
</fix>
<fix>
<bug>42643</bug>: Prevent creation of duplicate JSP function mapper
variables. (markt)
</fix>
<fix>
<bug>42314</bug>: Provide compilation error details in cases where the
error can't be mapped back to a source file. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
Don't write error on System.out, use log() instead. (rjung)
</fix>
<fix>
Fix XSS security vulnerabilities (CVE-2007-2449) in the examples.
Reported by Toshiharu Sugiyama. (markt)
</fix>
<fix>
<bug>39212</bug>: Fix possible NPE in DummyCart example and remove
redundant code. (markt)
</fix>
<fix>
<bug>42979</bug>: Update sample.war to include recent security fixes
in the source code. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Separate sequence increment from getter in ThreadPool to avoid
misleading increments during monitoring via JMX. (rjung)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
<bug>40042</bug>: Recovery membership heartbeat after interface down. (pero)
</fix>
<fix>
<bug>42691</bug>: Don't set access time after session sync. Fix that sessions
after node restart better expire. Requested by Casey Lucas (pero)
</fix>
<fix>
Backport Tomcat 6 cluster socket parameter. (pero)
</fix>
<fix>
Fix typo in new MBean attribute which lead to errors in the manager webapp JMXProxy output. (rjung)
</fix>
<fix>
<bug>42689</bug>: No way to timeout new connect attempts for replication sockets.
Patch by Casey Lucas (pero)
</fix>
<fix>
Fix timeout setting on a replicated DeltaSession.
Patch by Alexander Maas (fhanik,pero)
</fix>
<fix>
<bug>42720</bug>: Don't send a message if no cluster member exists.
Patch by Keiichi Fujino (pero)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.24 (fhanik)" rtext="not released">
<subsection name="General">
<changelog>
<update>
Update to Commons DBCP src 1.2.2 (pero)
</update>
<update>
Update to Commons Pool src 1.3 (pero)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>33774</bug> Retry JNDI authentiction on ServiceUnavailableException
as at least one provider throws this after an idle connection has been
closed. (markt)
</fix>
<fix>
<bug>40593</bug> Cleanup that Listener stop after Manager stop
at StandardContext.stop(). Patch by Suzuki Yuichiro (pero)
</fix>
<fix>
<bug>41747</bug> Correct example ant script for deploy task. (markt)
</fix>
<fix>
<bug>41752</bug> Correct error message on exception in MemoryRealm.
(markt)
</fix>
<fix>
<bug>39875</bug> Minor cleanup in RealmBase.init, as requested by Takayoshi Kimura. (yoavs)
</fix>
<fix>
<bug>41477</bug> Add commons-el.jar to bin/catalina-tasks.xml, required for jasper2 tasks
using EL. Patch by Daniel Santos. (yoavs)
</fix>
<fix>
<bug>40150</bug> Ensure user and role classnames are validated on startup. Patch by
Tom. (yoavs)
</fix>
<fix>
<bug>42039</bug> Log a stack trace if a servlet throws an
UnavailableException. Patch provided by Kawasima Kazuh. (markt)
</fix>
<fix>
<bug>41990</bug> Add some additional mime-type mappings. (markt)
</fix>
<fix>
<bug>41655</bug> Fix message translations. Japanese translations
provided by Suzuki Yuichiro. (markt)
</fix>
<fix>
<bug>41939</bug> Add configuration option to disable nulling of static
and final fields of loaded classes when stopping a web application
classloader. Setting the system property
org.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES to
false will stop these fields being set to null on context stop. (markt)
</fix>
<fix>
Fix a logging related memory leak in ManagerBase and
ApplicationDispatcher. (markt)
</fix>
<fix>
<bug>42354</bug>: Ensure JARs in webapps are scanned for TLDs when the
Tomcat installation path contains spaces. (markt)
</fix>
<fix>
<bug>42361</bug>: Handle multi-part forms when saving requests during
FORM authentication process. Patch provided by Peter Runge. (markt)
</fix>
<fix>
<bug>42401</bug>: Update RUNNING.txt with better JRE/JDK information.
(markt)
</fix>
<fix>
<bug>42497</bug>: Ensure ETag header is present in a 304 response.
Patch provided by Len Popp. (markt)
</fix>
<fix>
Allow for a forward/include to call getAttributeNames on the Request in a sandbox. (billbarker)
</fix>
<add>
And getSession() operation to StandardManager and DeltaManager JMX Interface (pero)
</add>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<update>
Update host configuration document for new behaviour for directories
in appBase. (markt)
</update>
<update>
<bug>39883</bug> Add note to context configuration document about using
antiResourceLocking on a webapp outside the Host's appBase directory. (yoavs)
</update>
<update>
<bug>39540</bug> Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)
</update>
<fix>
<bug>41289</bug>: Create configBase, since it is no longer created elsewhere.
Submitted by Shiva Kumar H R. (pero)
</fix>
<fix>
<bug>42103</bug>: Use correct names for truststoreFile, truststoreType and
truststorePass when saving server.xml in Admin webapp. Patch provided by
Matheus Bastos. (markt)
</fix>
<fix>
<bug>42025</bug>: Update valve documentation to refer to correct regular
expression implementation. (markt)
</fix>
<fix>
<bug>41956</bug>: Don't skip the connector address attribute when
persisting server.xml changes via the admin webapp. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
<bug>40960</bug> Inconsistent exception type thrown on socket timeout in
InternalAprInputBuffer. Patch by Christophe Pierret. (yoavs)
</fix>
<add>
<bug>41675</bug> Add a couple of DEBUG-level logging statements to Http11Processors
when sending error responses. Patch by Ralf Hauser. (yoavs)
</add>
<fix>
<bug>42119</bug> Fix return value for request.getCharacterEncoding() when
Content-Type headers contain parameters other than charset. Patch by
Leigh L Klotz Jr. (markt)
</fix>
<fix>
<bug>36155</bug> Always reset the MB when doing getBytes in the JK Connector (billbarker)
</fix>
<fix>
Improve large-file support in the AJP Connectors (billbarker)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
Receiver can also use tcpListenAddress with a hostname. (rjung, pero)
</fix>
<fix>
DeltaRequest synchronized getSize() and show log message as
readExternal() failure. (rjung, pero)
</fix>
<add>
Add DeltaManager expireTolerance attribute to quicker auto expire long backup sessions. (rjung, pero)
</add>
<add>
Add DeltaManager updateActiveIntervall attribute to send every 60 sec a session access message. (rjung, pero)
</add>
<fix>
<bug>39866</bug> Duplicate names appended to cluster manager name. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>39425</bug> Add additional system property permission to
catalina.policy for pre-compiled JSPs. (markt)
</fix>
<fix>
<bug>41227</bug> Add a bit of DEBUG-level logging to JspC so users know
which file is being compiled. (yoavs)
</fix>
<fix>
<bug>41869</bug> TagData.getAttribute() should return
TagData.REQUEST_TIME_VALUE when the attribute value is an EL expression.
(markt)
</fix>
<fix>
<bug>42071</bug> Fix IllegalStateException on multiple requests to
an unavailable JSP. Patch provided by Kawasima Kazuh. (markt)
</fix>
<fix>
After a JSP throws an UnavailableException allow it to be accessed once
the unavailable period has expired. (markt)
</fix>
<fix>
<bug>42072</bug> Don't call destroy() if the associated init() fails.
Patch provided by Kawasima Kazuh. (markt)
</fix>
<fix>
Fix a logging related memory leak in PageContextImpl. (markt)
</fix>
<fix>
<bug>42438</bug> Duplicate temporary variables were created when
jsp:attribute was used in conjunction with custom tags. Patch provided
by Brian Lenz. (markt)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.23 (fhanik)" rtext="released 2007-03-09">
<subsection name="Catalina">
<changelog>
<fix>
<bug>41608</bug> Make log levels consistent when Servlet.service()
throws an exception. (markt)
</fix>
<fix>
<bug>41666</bug> Correct handling of boundary conditions for
If-Unmodified-Since and If-Modified-Since headers. Patch provided by
Suzuki Yuichiro. (markt)
</fix>
<fix>
<bug>41674</bug> Fix error messages when parsing context.xml that
incorrectly referred to web.xml. (markt)
</fix>
<fix>
<bug>41739</bug> Correct handling of servlets with a load-on-startup
value of zero. These are now the first servlets to be started. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Requests with multiple content-length headers are now rejected. (markt)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.22 (fhanik)" rtext="not released">
<subsection name="General">
<changelog>
<fix>
Fix regression in build that prevented connectors from building.
(markt)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.21 (fhanik)" rtext="not released">
<subsection name="Catalina">
<changelog>
<fix>
<bug>41401</bug>: StandardService.getConnectorNames() return array of
Connector JMX objectnames. (pero)
</fix>
<fix>
<bug>29727</bug>: If env-entry values in web.xml are changed then
ensure new values are applied when context is reloaded. (markt)
</fix>
<fix>
<bug>34956</bug>: Ensure request and response objects passed to a
RequestDispatcher meet the requirements of SRV.8.2 and
SRV.14.2.5.1. This is disabled by default. The Java option
<code>-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true</code>
is required to enable this test. (markt)
</fix>
<fix>
<bug>36274</bug>: When including static content with the
DefaultServlet also treat content types ending in xml as text.
(markt)
</fix>
<fix>
<bug>36976</bug>: Don't use CATALINA_OPTS when stopping Tomcat. This
allows options for starting and stopping to be set on JAVA_OPTS and
options for starting only to be set on CATALINA_OPTS. Without this
fix, some startup options (eg the port for remote JMX) would cause
stop to fail. Based on a fix suggested by Michael Vorburger. (markt)
</fix>
<fix>
<bug>37070</bug>: Update mbean name documentation to include the
StandardWrapper. (markt)
</fix>
<fix>
<bug>37356</bug>: Ensure sessions time out correctly. This has been
fixed by removing the accessCount feature by default. This feature
prevents the session from timing out whilst requests that last
longer than the session time out are being processed. This feature
is enabled by setting the Java option
<code>-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true</code>
The feature is now implemented with synchronization which addresses
the thread safety issues associated with the original bug report.
(markt)
</fix>
<fix>
<bug>37439</bug>: Update documentation for Engine component to add
the requirement that the name must be unique. (markt)
</fix>
<fix>
<bug>37458</bug>: Add syncs to the WebappClassloader to address
rare issues when multiple threads attempt to load the same class
concurrently. (markt)
</fix>
<fix>
<bug>37509</bug>: Do not remove whitespace from the end of values
defined in logging.properties files. (markt)
</fix>
<fix>
<bug>38198</bug>: Add reference to Context documentation from Host
documentation that explains how Context name is obtained from the
Context filename. (markt)
</fix>
<fix>
<bug>39088</bug>: Prevent infinte loops when an exception is thrown
that returns itself for getRootCause(). Based on a patch by Wouter
Zelle. (markt)
</fix>
<fix>
<bug>39436</bug>: Correct MIME type for SVG. (markt)
</fix>
<fix>
<bug>39627</bug>: JULI no longer ignores a ".level=XXX" directive
in logging.properties. Patch provided by Roger Keays and Richard
Fearn. (markt)
</fix>
<fix>
<bug>39724</bug>: Removing the last valve from a pipeline did not
return the pipeline to the original state. Patch provided by
David Gagon. (markt)
</fix>
<fix>
<bug>40367</bug>: Update JK auto configuration documentation to clarify
that workers.properties must also exist. (markt)
</fix>
<fix>
<bug>40524</bug>: HttpServletRequest.getAuthType() now returns
CLIENT_CERT rather than CLIENT-CERT for certificate authentication
as per the spec. Note that web.xml continues to use CLIENT-CERT to
specify the certificate authentication should be used. (markt)
</fix>
<fix>
<bug>40526</bug>: Add support for JPDA_OPTS to catalina.bat and add a
JPDA_SUSPEND environment variable to both startup scripts. Patch
provided by Kurt Roy. (markt)
</fix>
<fix>
<bug>40528</bug>: Add missing message localisations as provided by
Ben Clifford. (markt)
</fix>
<fix>
<bug>40585</bug>: Fix parameterised constructor for o.a.juli.FileHandler
so parameters have an effect. (markt)
</fix>
<fix>
<bug>40625</bug>: Stop CGIServlet swallowing the root cause of an
exception. Patch provided by Takayoshi Kimura. (markt)
</fix>
<fix>
<bug>40723</bug>: Correct table creation example in JavaDoc for
JDBCAccessLogValve. (markt)
</fix>
<fix>
<bug>40802</bug>: Add jsp-api.jar to fileset in catalina-tasks.xml as provided by
Daniel Santos. (pero)
</fix>
<fix>
<bug>40817</bug>: Correct problem where CGI scripts in the root of the
ROOT context threw a <code>StringIndexOutOfBoundsException</code>.
(markt)
</fix>
<update>
Set the <code>SCRIPT_FILENAME</code> environment variable required
by PHP when using the CGIServlet to execute PHP. (markt)
</update>
<fix>
<bug>40823</bug>: Update context doc to clarify use of ROOT.xml,
multi-level context paths and to further discourage use of server.xml
(markt)
</fix>
<fix>
<bug>40844</bug>: Add additional syncs to JDBCRealm to resolve NPE when
two users try to authenticate using DIGEST authentication at the same
time. (markt)
</fix>
<fix>
<bug>40860</bug>: Log exceptions and other problems during parameter
processing. (markt)
</fix>
<fix>
<bug>40901</bug>: Encode directory listing output. Based on a patch
provided by Chris Halstead. (markt)
</fix>
<fix>
<bug>40929</bug>: Correct JavaDoc for StandardCalssLoader. (markt)
</fix>
<fix>
<bug>41008</bug>: Allow POST to be used for indexed queries with CGI
Servlet. Patch provided by Chris Halstead. (markt)
</fix>
<fix>
<bug>41020</bug>: Improve error message when custom error report Valve
fails to load. Also remove requirement that custom error report Valves
extend ValveBase. (markt)
</fix>
<fix>
<bug>41217</bug>: Set secure attribute on SSO cookie when cookie is
created during a secure request. Patch provided by Chris Halstead.
(markt)
</fix>
<fix>
Ensure Accept-Language headers conform to RFC 2616. Ignore them if
they do not. (markt)
</fix>
<fix>
Make provided instances of RequestDispatcher thread safe. (markt)
</fix>
<fix>
Fix formatting of CGI variable SCRIPT_NAME. (markt)
</fix>
<fix>
<bug>34643</bug>: Improved documentation for per-user / per-session clientAuth
usage in SSL Authenticator. Docs provided by jack and Ralf Hauser. (yoavs)
</fix>
<fix>
<bug>40668</bug>: Update release notes and readme files specific to v5.5.20 to
notify users of missing MailSessionFactory in distribution, suggest workarounds,
and link to relevant Bugzilla issue. (yoavs)
</fix>
<fix>
<bug>37977</bug>: adapt BUILDING.txt and net build.xml for SVN. Patch by
Christopher Sahnwaldt. (yoavs)
</fix>
<update>
<bug>39055</bug>: Link to sample workaround code for using JSR160 JMX monitoring
with a local firewall. Thanks to George Lindholm for the patch. (yoavs)
</update>
<update>
<bug>39476</bug>: add xml declaration to most build.xml files, as suggested by
Gregory S. Hoerner Sr. (yoavs)
</update>
<fix>
<bug>40326</bug>: stop using File#deleteOnExit in DefaultServlet to avoid
JVM memory leak, as suggested by quartz. (yoavs)
</fix>
<fix>
<bug>40192</bug>: update setup.html notes regarding Windows tray icon. (yoavs)
</fix>
<fix>
<bug>40177</bug>: add more warnings to documentation about RequestDumperValve
character encoding. (yoavs)
</fix>
<fix>
<bug>39255</bug>: NPE in AuthenticatorBase when logging level is set to DEBUG
and no prinicpal found. (yoavs)
</fix>
<fix>
<bug>41437</bug>: Make log messages and loglevel consistent during Context
start. Patch provided by Suzuki Yuichiro. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
<bug>38332</bug>: Add backlog attribute to ChannelSocket as provided by
Takayoshi Kimura. (pero)
</fix>
<update>
Backport packetSize feature from Tomcat 6.0.x at standard coyote AJP Jk handler. (pero)
</update>
<fix>
<bug>40771</bug>: Fix implementation of
SavedRequestInputFilter.doRead() so POST data may be read using a
Valve or Filter. Patch provided by Michael Dufel. (markt)
</fix>
<fix>
<bug>41017</bug>: Restore behaviour of MessageBytes.setString(null).
(remm/markt)
</fix>
<fix>
<bug>41057</bug>: Modify StringCache to add a configurable upper bound
to the length of cached strings. (remm/markt)
</fix>
<fix>
<bug>38774</bug>: Check javax.net.ssl.keyStorePassword system property as a secondary
source for keystore password in JSSESocketFactory, as suggested by Ted X. Toth. (yoavs)
</fix>
<fix>
<bug>39402</bug>: Modify existing Vary HTTP header, rather than overwrite it, if it
exists when using GZip compression. Patch by Matthew Cooke. (yoavs)
</fix>
<fix>
<bug>40241</bug>: Catch Exceptions instead of Throwables in Default and SSI servlets.
Also improve relevant logging while we're at it. (yoavs)
</fix>
<fix>
<bug>40133</bug>: Better error message when context name is not available on startup,
as suggested by Andreas Plesner Jacobsen. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>39975</bug>: don't have static Log references to prevent
classloader leaks. (yoavs)
</fix>
<fix>
<bug>40104</bug>: When displaying JSP source after an exception, handle
included files. (markt)
</fix>
<fix>
<bug>40797</bug>: This was a regression as a result of the fix for
<bug>33407</bug>. TLD validation was failing as a result of the use
of the escape character (0x1b) as a temporary replacement for \$.
An alternative character (0xe000) from the unicode private use range
is now used. (markt)
</fix>
<fix>
<bug>41057</bug>: Make jsp:plugin output XHTML compliant. (markt)
</fix>
<fix>
<bug>41327</bug>: Show full URI for a 404. Patch provided by Vijay.
(markt)
</fix>
<fix>
<bug>41265</bug>: Allow JspServlet checkInterval init parameter to be
explicitly set to the stated default value of zero by removing the
code that resets it to 300 if explicitly specified as zero. (markt)
</fix>
<fix>
Display the JSP source when a compilation error occurs and display
the correct line number rather than start of a scriptlet block. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>34952</bug>: Clarify that the Windows Installer always installs
a Windows service. (markt)
</fix>
<fix>
<bug>35968</bug>: Make environment entry properties input a text area.
Patch provided by Tristan Marly. (markt)
</fix>
<fix>
<bug>37588</bug>: Fix creation of JNDI Realm in admin application. Patch
provided by Terry Zhou. (markt)
</fix>
<fix>
<bug>38048</bug>: Fix memory leak assoaciated with use of expression
language in JSPs. Patch provided by Taras Tielkes. (markt)
</fix>
<fix>
<bug>39572</bug>: Improvements to CompressionFilter example provided by
Eric Hedström. (markt)
</fix>
<update>
<bug>40507</bug>: Update host-manager and servlet-examples web-apps to
use the servlet 2.4 xsd. Patch provided by Chris Halstead. (markt)
</update>
<fix>
<bug>40581</bug>: Add information on the use of a symbloic link as the
docBase for a Context to the Context documentation. (markt)
</fix>
<fix>
<bug>40633</bug>: Remove references to the DefaultContext from the
documentation. (markt)
</fix>
<fix>
<bug>40677</bug>: Update SSL documentation to indicate that PKCS11
keystores may be used. (markt)
</fix>
<fix>
<bug>40714</bug>: Admin webapp no longer requires a username for a
DataSource since it is not required in all cases. (markt)
</fix>
<fix>
<bug>40720</bug>: Fix exception in admin webapp when adding a group to
a user. (markt)
</fix>
<fix>
<bug>40874</bug>: Correct log4j configuration in documentation webapp.
Patch provided by Franck Borel. (markt)
</fix>
<fix>
<bug>40999</bug>: Add trust store configuration for SSL connectors to
the admin webapp. (markt)
</fix>
<fix>
<bug>41051</bug>: Add information on keystore aliases and case
sensitivity to SSL HOW-TO. (markt)
</fix>
<fix>
<bug>41182</bug>: Update the Jasper documentation for the classpath
attribute. (markt)
</fix>
<fix>
<bug>41493</bug>: Fix handling of APR connectors in Admin webapp.
(markt)
</fix>
<fix>
<bug>41512</bug>: Version number was not inserted in release notes.
(markt)
</fix>
<fix>
<bug>40257</bug>: Update Manager webapp howto on remote deployment to reflect
need for explicit path in one specific use-case. Thanks to Venkatesh Jayaraman. (yoavs)
</fix>
<update>
<bug>40160</bug>: add reference to the Filter proposed in this Bugzilla item to the WebdavServlet.
While at it, give the WebdavServlet some long-overdue TLC by cleaning up some of the old data
structures in favor of modern (but still JDK 1.4-compliant) interfaces. (yoavs)
</update>
<docs>
Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)
</docs>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<add>
Add clustered SSO code and backport feature from Tomcat 6.0.x,
submitted by Fabien Carrion (pero)
</add>
<add>
Add better recovery at FastAsyncQueueSender. Made the startegy more robust for temporary connection problems (pero)
</add>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.20 (fhanik)" rtext="released 2006-09-28">
<subsection name="Catalina">
<changelog>
<fix>
Fix logic error in UserDatbaseRealm.getprincipal() that caused user
roles assigned via groups to be ignored. (markt)
</fix>
<fix>
<bug>40518</bug>: Use correct message when a RuntimeException is
thrown from the requestInitialized or requestDestroyed method of
a listener that implements ServletRequestListener. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>31804</bug>: Unnested tags within a tag file are now configured
with the Tag represented by the containing tag file as their parent
tag. (markt)
</fix>
<fix>
<bug>33356</bug>: Tag attributes that contained $ followed by 1 or
more non-special characters and then a { character caused an
exception. (markt)
</fix>
<fix>
<bug>33407</bug>: The string \$ in template text was reduced to $
when the isELIgnored page directive was set to true. (markt)
</fix>
<fix>
<bug>34509</bug>: Tag names may now use the full range of
characters permitted by xsd:nmtoken. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>34399</bug>: Disable undeploy for applications that have not
been deployed such as those defined in server.xml (markt)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.19 (fhanik)" rtext="not released">
<subsection name="General">
<changelog>
<update>
Add multi attribute setting to jmx:set JMX remote ant task.
Patch contributed by Didier Donsez (pero)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>30762</bug>: Re-fix this bug that was re-introduced by the fix
to <bug>37264</bug>. (markt)
</fix>
<fix>
<bug>37588</bug>: Fix JNDI realm creation through JMX. Patch contributed by TerryZhou (fhanik)
</fix>
<fix>
<bug>39704</bug>: The use of custom classloaders failed when the context
was specified in server.xml. Correction of the fault will require setting
the new loader attribute useSystemClassLoaderAsParent to false. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
<bug>40418</bug>: APR Endpoint socket evaluation (remm)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>31339</bug>: Admin app threw exceptions if a name other than Catalina
was configured for the Engine. Patch based on a suggestion from Amila
Suriarachchi. (markt)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.18 (yoavs)" rtext="not released">
<subsection name="General">
<changelog>
<update>
Change MD5 release signature files to have md5 (lowercase) extension instead of MD5 (uppercase),
as suggested by Henk Penning and specified in the
<a href="http://www.apache.org/dev/release-publishing.html">ASF release publishing guidelines</a>. (yoavs)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Fix that ManagerBase increment expireSessions counter at background task two times. (pero)
</fix>
<fix>
<bug>39406</bug>: Fix that StandardSession#getLastAccessedTime() uses correct exception message,
suggested by Takayoshi Kimura. (pero)
</fix>
<add>
<bug>39661</bug>: Add documentation on JULI FileHandler properties. (yoavs)
</add>
<add>
<bug>39657</bug>: Warn (and don't load jar) if JSP API is in webapp classloader repository, as suggested by
David Sanchez Crespillo. (yoavs)
</add>
<add>
<bug>39674</bug>: Support JRockit JVM in service.bat script, as suggested by lizongbo. (yoavs)
</add>
<fix>
<bug>39711</bug>: Update Loader configuration documentation, as suggested by Stephane Bailliez. (yoavs)
</fix>
<fix>
<bug>39865</bug>: Add Open Office mime types to conf/web.xml. (markt)
</fix>
<fix>
<bug>38814</bug>: Align CGI handling of indexed queries, parameters and
POST content with other CGI providers. The changes: only provide
parameters on the command line for indexed queries; always provide the
query string via the QUERY_STRING environment variable; provide POST
content unmodified to stdin; and never call getParameters(). (markt)
</fix>
<fix>
<bug>34801</bug>: Partial fix that adds handling of IOExceptions during
long running CGI requests. Based on a patch by Chris Davey. (markt)
</fix>
<fix>
<bug>39689</bug>: Allow single quotes (') and backticks (`) as well as
double quotes (") to be used to delimit SSI attribute values. (markt)
</fix>
<fix>
<bug>40053</bug>: Correct application deployment documentation so it
agrees with the classloader documentation regarding shared lib and
CATALINA_BASE. (markt)
</fix>
<fix>
<bug>39592</bug>: Stop HEAD requests for resources handled by SSI
servlet or filter generating stack traces in the logs. (markt)
</fix>
<fix>
Improve handling of the ';' character in the URL so that it is now
allowed if properly %xx encoded. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Fix APR endpoint so that the acceptor thread now only processes socket
accepts. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>39813</bug>: Correct handling of new line characters in JMX
attributes. Patch provided by R Bramley. (markt)
</fix>
<fix>
<bug>37781</bug>: Make sure that StoreConfig save external referenced war files at context.xml correct. (pero)
</fix>
<fix>
<bug>39791</bug>: Use correct default for useNaming within a Context. (markt)
</fix>
<fix>
Correctly generate re-direct for admin app index.jsp to prevent login page
being displayed twice when cookies are disabled. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
<bug>39473</bug>: Session timeout much shorter than setting
at web.xml at cluster environment, suggested by Jin Jiang. (pero)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.17 (yoavs)" rtext="released 2006-04-27">
<subsection name="General">
<changelog>
<update>
Update to Xerces 2.8.0 (remm)
</update>
<update>
Update to tcnative 1.1.3 (remm)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Fix SingleSignOn Valve and add Session.getLastAccessTimeInternal() without session invalidation test. (pero)
</fix>
<fix>
<bug>38814</bug>: CGIServlet correctly handles Shift_JIS output. (markt)
</fix>
<fix>
Add missing REQUEST_URI environment variable to CGI environment. (markt)
</fix>
<fix>
<bug>27617</bug>: Sync existing mime types with httpd. (keith)
</fix>
<fix>
<bug>38761</bug>: Handle relative symlinks to shell scripts as suggested by Adam Murray (keith)
</fix>
<fix>
<bug>38795</bug>: Associate more closely bind with a finally unbind in StandardContext start and
stop, based on a patch by Darryl Miles (remm)
</fix>
<fix>
Improve undeployment robustness (remm)
</fix>
<update>
Expand the semaphore valve (remm)
</update>
<fix>
<bug>39021</bug>: Add back support for authentication only, submitted by Scott Stark (remm)
</fix>
<fix>
Revert fix for <bug>38113</bug>, which does not seem a legitimate problem, and causes
regressions (remm)
</fix>
<fix>
Correctly reset listeners when reloading a webapp (remm)
</fix>
<fix>
<bug>38194</bug>: Don't fail silently if -force is used without CATALINA_PID, submitted by Matthew Buckett. (yoavs)
</fix>
<fix>
<bug>38154</bug>: Avoid NPE in FileDirContext after webapp undeploy, reported by Jamie Maher. (yoavs)
</fix>
<fix>
<bug>38217</bug>: Added cautionary note about keystore password to SSL HowTo, as suggested by Ralf Hauser. (yoavs)
</fix>
<fix>
<bug>38262</bug>: Cleared ambiguity in host documentation, as suggested by Jeffrey Bennett. (yoavs)
</fix>
<fix>
<bug>38476</bug>: Modified check for null TLD stream, as suggested by Fabrizio Giustina. (yoavs)
</fix>
<fix>
<bug>38052</bug>: Use <i>userName</i> as userField default. User is at many databases a
reserved keyword, as suggested by rik. (pero)
</fix>
<fix>
Fix handling of non matching if-range header (remm)
</fix>
<fix>
<bug>37848</bug>: Only output catalina.sh diagnostic messages if we have a TTY, submitted by
David Shaw. (yoavs)
</fix>
<fix>
<bug>38596</bug>: Minor performance optimization in DataSourceRealm, suggested by Sandy
McArthur. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Make the default cipher suites available for SSL the same as the set of cipher
suites enabled by default rather than the set of all cipher suites. This prevents
ciphers suites that do not provide confidentiality protection and/or server
authentication being used by default. (markt)
</fix>
<fix>
Move AprEndpoint.getWorkerThread inside the try/catch for the main accept loop, to guard
about an OOM (which would most likely doom the server anyway) (remm)
</fix>
<fix>
As exhibited in the ASF's JIRA installation, it seems EINTR is a status code that should
be ignored as a result to a poll call (remm)
</fix>
<update>
New APR connectors defaults (remm)
</update>
<update>
Add multiple threads for APR pollers, to work around Windows limitations (performance degrades
very rapidly if poller sizes over 1024 are allowed when compiling APR) (remm)
</update>
<update>
New modes for firstReadTimeout (-1 being the new default) (remm)
</update>
<update>
Replace java.util.Stack usage with a simple array in the APR endpoint (remm)
</update>
<fix>
tcnative jnilib.c now report correct compile flags for runtime
Library.java checks like sendfile support default true/false (pero)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>38015</bug>: Remove misleading warnings logged in TagLibraryInfoImpl, as suggested by Andrew Houghton. (yoavs)
</fix>
<fix>
<bug>38376</bug>: Make sure body content stack is always properly aligned, as submitted by Tony Deigh. (yoavs)
</fix>
<fix>
Compatibility with JDT 3.2 (remm)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>39292</bug>: Update catalina.policy at demo balancer app. Fix provided by Kerry Sainsbury (pero)
</fix>
<fix>
<bug>36847</bug>: Fixed the manager app copy function to not overwrite fileA with fileB when fileA==fileB.
Fix provided by Haroon Rafique (fhanik)
</fix>
<fix>
<bug>38508</bug>: Several enhancements to Host Manager application, including configurable
manager app support and dialog box enhancements. Thanks to George Sexton for the patch. (yoavs)
</fix>
<fix>
<bug>37781</bug>: Make sure context config file is writeable, suggested by George Sexton. (yoavs,pero)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<update>
Add at PooledSocketSender the jmx attributes inPoolSize and inUsePoolSize. (pero)
</update>
<fix>
DeltaManager set session creationTime at backup node. (pero)
</fix>
<update>
Add JvmRouteBinderValve documentation at cluster-howto.xml. (pero)
</update>
<add>
JvmRouteBinderValve now supports now sessionid's from request and cookies.
Thanks to Brian Stansberry for reporting it. (pero)
</add>
<fix>
<bug>38779</bug> Fix wrong jmx message arg at SimpleTcpCluster
at o.a.c.cluster.tcp.mbeans-descriptors.xml, submitted by Pawel Tucholski (pero)
</fix>
<fix>
Fix that not after every "Keep Alive Socket close" a log warning is generated at TcpReplicationThread (pero)
</fix>
<fix>
<bug>39178</bug>: Now ROOT.war deployment with FarmWarDeployer is possible (pero)
</fix>
<fix>
ReplicationValve not set primarySession flag when all backup nodes gone (pero)
</fix>
<update>
Add DeltaSession.getLastAccessTimeInternal() without session invalidation test. (pero)
</update>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.16 (yoavs)" rtext="released 2006-03-15">
<subsection name="General">
<changelog>
<update>
Updated / enhanced docs to remove old FIXME references. (yoavs)
</update>
<update>
Required tcnative library version upgraded to 1.1.2 (remm)
</update>
<update>
Update to Eclipse JDT 3.1.2 (remm)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>23950</bug>: Context.listBindings() should return objects not
references. (markt)
</fix>
<fix>
<bug>38124</bug>: Add support for Windows 20xx when reading environment
variables in CGIServlet. (markt)
</fix>
<fix>
<bug>29214</bug>: response.containsHeader() now returns the correct
value for Content-Type and Content-Length headers. (markt)
</fix>
<fix>
Allow using a custom ContextConfig when using JMX embedding of Tomcat, as
is done by the regular deployer. (remm)
</fix>
<add>
Add JMX serverInfo attribute to Server MBean, that we can identify
the tomcat release remotely. (pero)
</add>
<fix>
Fix the JMX MBeanFactory.createStandardHost signature at mbean-descriptors.xml (pero)
</fix>
<fix>
Fix some cases (for example with realm usage) where the container logger for a context
would be retrieved using the wrong classloader (remm)
</fix>
<fix>
HttpSession.getId will no longer throw an ISE when the session is invalid (remm)
</fix>
<fix>
More detailed errors for naming issues (remm)
</fix>
<docs>
Add documentation for the Transaction element (remm)
</docs>
<update>
Add getContextPath to the internal servlet context implementation (remm)
</update>
<fix>
Only null instances loaded by the webapp CL, submitted by Matt Jensen (remm)
</fix>
<update>
Deploy folders which don't have a WEB-INF, and return an error when a context
file does not contain a Context element (remm)
</update>
<fix>
<bug>38653</bug>: Fix property name (remm)
</fix>
<fix>
Slightly modify the timing of the manager start, so that it is not started by a
listener (remm)
</fix>
<fix>
Refresh loggers used by the digester (remm)
</fix>
<fix>
Use sendError instead of setStatus to send the 401 code. (billbarker)
</fix>
<fix>
Don't append the port for an SSL redirect if it is the default port. (billbarker)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Log errors when setting socket options with debug priority rather than error. (remm)
</fix>
<fix>
<bug>38100</bug>: Make certain that a valid Host name is set, or none at all. (billbarker)
</fix>
<fix>
<bug>38485</bug>: Fix minor regression setting connection timeout (as well as linger and
no delay) where the default value was always used when using the regular
HTTP connector (remm)
</fix>
<update>
Pass along more of the SSL related fields to OpenSSL (remm)
</update>
<update>
CharChunk now implements CharSequence (remm)
</update>
<fix>
Fix coding error which could cause a rare crash when a poller error occurred and sockets
where pending being added to the keepalive poller (remm)
</fix>
<fix>
Fix potential sync issues when restarting a poller (remm)
</fix>
<fix>
Update APR error reports, including the error codes (remm)
</fix>
<fix>
<bug>38726</bug>: Remove duplicate request group field causing blank statistics for the
HTTP connector (remm)
</fix>
<fix>
Fix invalid length used by some AJP packets for the AJP APR connector, which could cause
corruption, submitted by Rudiger Plum (jim)
</fix>
<fix>
<bug>38346</bug>: Fix problems with request.getReader().readLine().
Patch by Rainer Jung (billbarker)
</fix>
<update>
Local address reuse for APR Endpoints (via APR_SO_REUSEADDR) now enabled (jim)
</update>
<fix>
Don't write out the shutdown secret file if shutdown is disabled (the default) (billbarker)
</fix>
<fix>
Fix NPE when no sink is supplied. (billbarker)
</fix>
<update>
APR Endpoints now IPv6 aware (jim)
</update>
<update>
Downgrade "Response already committed" logging entry to DEBUG. (billbarker)
</update>
<fix>
<bug>38113</bug>: Return the empty String for an empty query-string instead of null. (billbarker)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>38389</bug>: Set correct JDT Compiler option to java 1.5 compliance.
Patch from Olivier Thomann and Paul Hamer (pero)
</fix>
<update>
Add some useful hints to jasper-howto. (pero).
</update>
<fix>
<bug>38776</bug>: Fix source file attribute, submitted by Olivier Thomann (remm)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
Update DeltaManager session access stats (pero)
</fix>
<fix>
DeltaSession getId will no longer throw an ISE when the session is invalid (pero)
</fix>
<update>
Resurrected the &quot;suspect&quot; property so that the logs don't fill
up with errors when member disappears or a connection is lost. Only useful for pooled mode (fhanik)
</update>
<add>
<bug>35710</bug>: Add session replication for cross context session changes.
The portlet api need this support, see refactored ReplicationValve. (pero)
</add>
<update>
ReplicationValve reset DeltaSession when cluster node has no backup node. (pero)
</update>
<update>
DataSender close connection and throw exception also even if waitForAck is false. (pero)
</update>
<fix>
Active cluster junit test again. (pero)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
Fix some XSS issues in the JSP examples. (markt)
</fix>
<fix>
Fix logos in the manager webapp (remm)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.15 (yoavs)" rtext="released 2006-01-21">
<subsection name="General">
<changelog>
<fix>
<bug>32081</bug>: Remove the JDK requirement from the Win32 scripts. (keith)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>37852</bug>: Fix regression where the magic role '*' was denying all access. Patch by xrcat (billbarker)
</fix>
<fix>
<bug>37934</bug>: Don't ask for authentication if deny-from-all is in effect. (billbarker)
</fix>
<fix>
<bug>15570</bug>: auth-constraint of * was interpretted as all
authenticated users rather than as all roles defined in web.xml. (markt)
</fix>
<fix>
Remove leftover static logger which was used to log application level messages in
ApplicationContextFacade (remm)
</fix>
<fix>
<bug>38012</bug>: Where a CGI script sets a response code, use it. (markt)
</fix>
<fix>
<bug>37854</bug>: Extension-List checking was too strict. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Report binding errors in the APR endpoint as strings rather than platform specific
status codes (remm)
</fix>
<fix>
<bug>37934</bug>: Don't ask for authentication if deny-from-all is in effect. (billbarker)
</fix>
<fix><bug>38047</bug>: Handle the case where the Servlet attempts to read
the Request body from the AJP/1.3 Connector, in the case that no
body was sent. (billbarker)
</fix>
<fix><bug>38030</bug>: Unconditionally return EOS for an attempt to read
the body of any request that doesn't send CL or TE.
(remm, billbarker).
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>35351</bug>: Fix problem using an inner class for a &lt;jsp:useBean /&gt;. (kinman).
</fix>
<fix>
<bug>37929</bug>: Don't stop on the generic attribute methods just because the session is invalid. Patch by Pierre Delisle. (billbarker)
</fix>
<update>
Add system properties org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER and
org.apache.jasper.runtime.JspFactoryImpl.USE_POOL to allow configuring Jasper
memory usage (remm)
</update>
<fix>
<bug>37933</bug>: Restrict &lt;jsp:getAttribute /&gt; to only look in PAGE_SCOPE. (billbarker)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
<bug>37808</bug>: Fix ArrayIndexOutOfBoundsException inside XByteBuffer. Reported by Dietmar Mueller (pero)
</fix>
<update>
<bug>37896</bug>DataSender starts new Socket after IOException. (pero)
</update>
<update>
Reduce memory usage at membership service. (pero)
</update>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.14 (yoavs)">
<subsection name="General">
<changelog>
<update>
Update optional native APR connector version to 1.1.1. (mturk)
</update>
<update>
Update build.properties.default to get native connector from new location. (yoavs)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>13040</bug>: Fix getContext() when used to obtain a context that is a sub-context
of the current context. Ported from TC4. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>37746</bug>: Remove extra space from StringTokenizer pattern in JspC, as suggested by
Eric Hedstrom. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
<bug>36863</bug>: Strip quotes when parsing Cookie values, even for v0 Cookies. (billbarker)
</fix>
<fix>
<bug>37803</bug>: Don't claim that we have a string value in MessageBytes until we actually do.
Patch by Doug Rand (billbarker)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.13 (yoavs)">
<subsection name="General">
<changelog>
<fix>
<bug>36711</bug>: Unused line of code. (yoavs)
</fix>
<update>
Removed unused SAXPath, Jaxen dependencies. (yoavs)
</update>
<update>
Update log4j dependency to version 1.2.12, Struts to 1.2.7. (yoavs)
</update>
<update>
Removed JDBC 2.0 StdExt dependency (only class from there is javax.sql.XADataSource, which is
present in JDK 1.4 and later. (yoavs)
</update>
<fix>
<bug>37039</bug>: typo on JK Quick configuration how-to. (yoavs)
</fix>
<add>
<bug>37035</bug>: Add a placeholder file in the temp directory for WinZip tar.gz handling. (yoavs)
</add>
<update>
Update JAF dependency to 1.0.2, JTA to 1.0.1b and JavaMail to 1.3.3_01. (markt)
</update>
<add>
Added Eclipse .project, .classpath, and associated files to make building Tomcat from
Eclipse significantly easier. (markt)
</add>
<add>
<bug>37284</bug>: Guess JSE 5.0 location on Mac OS X, patch by Stepan Koltsov. (yoavs)
</add>
<fix>
Wrong class name in antlib.xml for JkStatusUpdateTask. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>36802</bug>: Fix problem of double-init when JMX-deploying a
Context into a started Host. (billbarker)
</fix>
<fix>
<bug>36840</bug>: Provide information as to which web.xml is being processed on startup to
help debug parsing errors. (yoavs)
</fix>
<add>
<bug>34724</bug>: Ability to set domain for Single-Sign-On cookie. Patch by Oliver
Rossmueller. (yoavs)
</add>
<fix>
<bug>37044</bug>: RealmBase.hasResourcePermission needs to access the GenericPrincipal as
set by the realm unless hasRole is overriden, which was no longer being done properly for
the JAAS realm (remm)
</fix>
<fix>
<bug>37264</bug>: JNDI resources were no longer available when stopping listeners,
submitted by Bogdan Calmac (remm)
</fix>
<fix>
<bug>37150</bug>: Turn off directory listing by default and add a warning
regarding enabling listing of directories with many entries. (markt)
</fix>
<update>
Add configurability for the amount of time that the container will wait for requests
to complete when unloading servlets, using the unloadDelay property. (remm)
</update>
<update>
Add code to set to null fields in loaded classes when stopping a web application, as a
possible workaround for suspicious garbage collection behavior. (remm)
</update>
<update>
Update messages and stack traces for classloading errors which may occur when removing
a web application, and for stopped web applications. (remm)
</update>
<fix>
<bug>37319</bug>: Fix catalina.bat reference to CATALINA_BASE for logging.properties. Thanks
to Pierre-Yves Benzaken. (yoavs)
</fix>
<fix>
<bug>36852</bug>: Custom classloaders don't honor Contet privileged attribute. Thanks to
Matt Brinkley for the analysis and patch. (yoavs)
</fix>
<fix>Fix for a couple of (mostly silly) edge-cases in testing auth.
Thanks to Nam T. Nguyen for the report. (billbarker)
</fix>
<fix>
<bug>37060</bug>: Actually copy the Request headers when replaying after Form auth. (billbarker)
</fix>
<fix>
<bug>37591</bug>: Typo in Engine configuration reference. (yoavs)
</fix>
<fix>
<bug>37668</bug>: Added note about JSP recompilation to Context configuration documentation. (yoavs)
</fix>
<fix>
<bug>37132</bug>: Have DigestAuthenticator Handle user names with commas. Thanks to
Robert Wille for the patch. (yoavs)
</fix>
<fix>
<bug>37212</bug>: Better error reporting in Connector.java. Thanks to Ralf Hauser for
the patch. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Gracefully handle the case where some Socket options are disabled at
the OS level for the AJP/1.3 Connector. (billbarker)
</fix>
<fix>
<bug>36366</bug>: Use rewritten deployer-howto page by Allistair Crossley. (remm)
</fix>
<add>
<bug>36630</bug>: Added extra log output for class instantiation failure. (yoavs)
</add>
<fix>
<bug>37121</bug>: Sendfile always needs to be given the length of data to write,
which fixes ranged requests. (remm)
</fix>
<fix>
Optimized direct byte buffers association with the socket for APR connectors. (mturk)
</fix>
<fix>
Fix hidden NPEs when using the APR connectors and there's no host header. (pero, remm)
</fix>
<fix>
Http11Protocol now register RequestProcessor at JMX and show current usage inside manager app. (pero)
</fix>
<add>
JkStatus Ant tasks for mod_jk 1.2.15. (pero)
</add>
<update>Connection Timeout is normal, so reduce logging to DEBUG (billbarker)
</update>
<fix>
Fix crash which could occur with the HTTP APR connector when accessing request JMX objects
outside of the processing of the said request (remm)
</fix>
<fix>
<bug>37627</bug>: Fix buffering issue in the HTTP APR connector when a large buffer size was
used for servlets (remm)
</fix>
<fix>
<bug>37673</bug>: Fix implementation of getLocalPort and getLocalAddr in the HTTP APR connector
(remm)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>35252</bug>: Jasper PageDataImpl outputs malformed XML. Patch by Rahul Akolkar. (yoavs)
</fix>
<add>
<bug>37062</bug>: Helpful JSP exception message containing file, line numbers. Patch by
Tim Fennell at http://www.tfenne.com/jasper/. (yoavs)
</add>
<fix>
<bug>37407</bug>: File descriptor leak in JspReader. Thanks to Fred for the patch. I also
did some minor cleanup in the class. (yoavs)
</fix>
<add>
<bug>37612</bug>: Add file location to JSP Validator error message. Thanks to Renaud Bruyeron
for the patch. (yoavs)
</add>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
Fix that session replace messages are logged after node recovery get all session from master node. (pero)
</fix>
<fix>
<bug>37896</bug> Fix that sendMessage signature at all DataSender subclasses must be changed.
Now pooled and async modes working as expected. (pero)
</fix>
<fix>
Fix that socket at o.a.c.cluster.tcp.FastAsyncSocketSender can be disconnect/connect. (pero)
</fix>
<fix>
Fix cluster module build.xml script for new svn repository structure (pero)
</fix>
<fix>
Fix closed socket exceptions at normal server shutdown, reported by Olve Hansen (pero)
</fix>
<fix>
Fix closed socket exceptions inside async message transfer modes (pero)
</fix>
<fix>
<bug>34984</bug>: HttpSessionBindingEvent.getValue() get correct value (pero)
</fix>
<fix>
<bug>35916</bug>: send sessionCreated to SessionListener after cluster node recovery (pero)
</fix>
<fix>
<bug>36541</bug>: Used also Hashtable at DeltaSession (pero)
</fix>
<fix>
Better support cluster at engine level. (pero)
</fix>
<fix>
<bug>36866</bug>: Correct attribute name in conf/server.xml documentation for Cluster element. (yoavs)
</fix>
<fix>
<bug>37261</bug>: Allow xerces to know where the web.xml file is so that relative entities can be resolved.
</fix>
<fix>
<bug>37529</bug>: Fixed race condition in ReplicationLister#stopListening. Thanks to
Chris Walker for the patch. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>Remove obsolete TagPlugin file from JSP examples (billbarker)</fix>
<fix>
<bug>36019</bug>: Made clear the Host-Manager HowTo is coming soon, not ready yet. (yoavs)
</fix>
<fix>
<bug>36336</bug>: Check WAR extension in both upper and lower case, as suggested by
A. Grasoff. (yoavs)
</fix>
<fix>
<bug>35982</bug>: Can't delete mail sessions in admin webapp. (yoavs)
</fix>
<fix>
<bug>36673</bug>: Similar to the one above, for data sources. (yoavs)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.12 (yoavs)">
<subsection name="General">
<changelog>
<fix>
Remove uneeded files in conf. (remm)
</fix>
<update>
Change distribution file names from jakarta-* to apache-*. (remm)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<add>
Add JMX Remote create and unregister ant tasks (pero)
</add>
<fix>
<bug>36343</bug>: Only normalize out backslash on Windows platforms. (billbarker)
</fix>
<fix>
Allow configuring standard stream redirection. (remm)
</fix>
<add>
<bug>36088</bug>: Add RUNNING.txt and RELEASE-NOTES.txt to fulldocs distro. (yoavs)
</add>
<fix>
<bug>36534</bug>: fix equals for URLs returned by ServletContext.getResource() (luehe)
</fix>
<fix>
<bug>36558</bug>: Clear IntrospectionUtils cache when stopping a webapp, as it
could leak to keeping a reference to the classloader (remm)
</fix>
<fix>
<bug>36113</bug>: Session persistence for objects with primitive types could fail in
some rare cases (remm)
</fix>
<fix>
<bug>36541</bug>: Full synchronization for session objects attributes collections (remm)
</fix>
<fix>
<bug>35609</bug>: service.bat echo command when wrong arguments given [patch by Robert
Longson] (yoavs)
</fix>
<fix>
<bug>34749</bug>: jsessionid dropped on trailing slash (/) redirect (remm)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<update>
Add support for secret for AJP APR (remm)
</update>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
Fix NPE with an error message when no Java compiler is available (remm)
</fix>
<fix>
Restrict System err stream capture to the Ant compiler, as the Eclipse compiler
does not need it (remm)
</fix>
<update>
JSP compilation speed improvement using tag library information caching,
submitted by Xingbo Gao (remm)
</update>
<add>
Initial contribution of JSTL tag plugins supporting the core tag library of
JSTL, submitted by Jing Li (remm)
</add>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
<bug>36541</bug>: Sync all session attribute access (read and write) at DeltaSession (pero)
</fix>
<fix>
<bug>36518</bug>: Classname typos for senders, submitted by Christoph Bachhuber-Haller (remm)
</fix>
<add>
<bug>35613</bug>: Added FAQ question and answer about tcpListenAddress="auto" and /etc/hosts (yoavs)
</add>
<update>
Moved FAQ section for Clustering from Clustering HowTo page to its own FAQ page. (yoavs)
</update>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<docs>
<bug>36319</bug>: Fix broken link to DBCP docs, submitted by Xavier Poinsard (remm)
</docs>
<docs>
Brand new deployer specs, submitted by Allistair Crossley (remm)
</docs>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.11 (yoavs)">
<subsection name="General">
<changelog>
<update>
Update to Xerces 2.7.1 (remm)
</update>
<add>
Add ready to build bin/tomcat-native.tar.gz for the APR JNI wrapper library (remm)
</add>
<fix>
<bug>35930</bug>: Bad logging config used by the Tomcat Windows service (remm)
</fix>
<add>
<bug>33261</bug>: Windows installer now checks the user type and warns non-admins as needed. (yoavs)
</add>
<update>
The Windows installer will now optionally download a (32bit) Windows .dll for Tomcat native
from HEAnet (remm)
</update>
<fix>
Declaration of jspc Ant task to fix the deployer package (remm)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<add>
Add concurrency control valve (o.a.c.valves.SemaphoreValve). As the Tomcat distribution
is not built for Java 5, the valve will have to be compiled from the sources
using Java 5 (remm)
</add>
<fix>
<bug>35880</bug>: Ignore JSSE15SocketFactory when generating JavaDoc, as it breaks
the JDK 1.4 JavaDoc tool. (yoavs)
</fix>
<fix>
<bug>35865</bug>: setclasspath.sh cannot be excutive under cygwin. (funkman)
</fix>
<fix>
<bug>33267</bug>: Set working path in service installer, as suggested by Dominik
Drzewiecki. (yoavs)
</fix>
<update>
<bug>34794</bug>: Update connector documentation to include clientAuth attribute. (yoavs)
</update>
<fix>
<bug>35894</bug>, <bug>36228</bug>: Fix CNFE when starting in a sandbox. (billbarker, remm)
</fix>
<fix>
Add version check for Tomcat native so that incompatible API changes are detected early (remm)
</fix>
<fix>
<bug>36020</bug>: Allow MemoryUserDatabase to work better on write protected mediums,
submitted by Rainer Jung (remm)
</fix>
<fix>
<bug>35978</bug>: Bad handling of single range requests greater than 2GB in the DefaultServlet
(remm)
</fix>
<fix>
<bug>35984</bug>: Client abort exceptions will now use getCause (remm)
</fix>
<fix>
Fix handling of non-file based includes with SSI, submitted by David Becker (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Fix default ports for http and https which are set in the request when the parsed
hostname does not specify the port, and which were inverted (https was set as 80
and http as 443). (remm)
</fix>
<fix>
Add missing tomcatAuthentication attribute to the AJP APR implementation. (remm)
</fix>
<fix>
Check filename sendfile attribute only if sendfile is enabled. (remm)
</fix>
<fix>
Fix output buffering for APR AJP implementation. (remm)
</fix>
<fix>
<bug>35941</bug>: Fix getRemoteAddr for APR AJP implementation. (remm)
</fix>
<fix>
<bug>35942</bug>: Fix NPE retriving cipher suite attribute when no certificate
was submitted (for example with no SSL). (remm)
</fix>
<fix>
Internationalization and code cleanups for APR AJP implementation. (remm)
</fix>
<fix>
Security exception in APR AJP implementation when running with the security
manager enabled. (remm)
</fix>
<fix>
<bug>36173</bug>: Add missing sync in FastHttpDateFormat.formatDate, submitted
by Alexei Krainiouk (remm)
</fix>
<fix>
Disable HTTP compression when sendfile is used for a resource (remm)
</fix>
<fix>
AJP secret attribute report only at trace level. (pero)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>36127</bug>: Validation compatibility with Xerces 2.7.1, submitted
by Florent Benoit (remm)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
Fix NPE when cluster stops (pero)
</fix>
<fix>
<bug>36218</bug>: MemoryRealm now support also GenericPrincipal, but
JAASRealm with cluster replication still has a problem, detected by Dirk Dekok (pero)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.10 (yoavs)">
<subsection name="General">
<changelog>
<add>
Add JMX remote ant task to control tomcat MBeanserver via ant scripts.
Ant lib is included at "server/lib/catalina-ant-jmx.jar" and documentation
is added to <a href="monitoring.html">Monitoring and Managing Tomcat How-To</a> (pero)
</add>
<fix>
<bug>34361</bug>: Integrate better antlib and import support for
catalina manager tasks [Modified patch from Daniel Santos] (pero)
</fix>
<fix>
StoreConfig save now the Connector.sslProtocol attribute. (pero)
</fix>
<update>
Change log dir at service.bat to "$CATALINA_BASE/logs" for better multi instance support. (pero)
</update>
<update>
<bug>34237</bug>: Added note and links to context and host configuration
references in JNDI DataSources HowTo to aid the clueless. (yoavs)
</update>
<update>
<bug>34248</bug>: Update JavaMail download instructions to include JAF. (yoavs)
</update>
<update>
Update to JDT from Eclipse 3.1, with support for Java 5 (remm)
</update>
<update>
Refactoring, redesign and extend the cluster module
- Cluster can be configured as subelement from Engine and Host.
- Optimized performance and reduce memory usage
- Better JMX support
- add a lot of JMX stats attribute for better monitoring
- add a single element default cluster configuration
- more config options
LifecycleListener
ClusterListener
more than one cluster valves
- better subclass support
- change a lot of existing cluster API's (pero)
</update>
<add>
Add Apache Portable Runtime JNI wrapper and helper API (mturk)
</add>
<update>
Update JULI to provide support for taking over java.util.logging bootstrap configuration,
and move the default properties file to ${catalina.base}/conf/logging.properties (remm)
</update>
<fix>
<bug>34746</bug>: Updated catalina.properties instructions per Bill Edwards' suggestion. (yoavs)
</fix>
<fix>
<bug>35090</bug>: Minor documentation typo fix. (yoavs)
</fix>
<fix>
<bug>34931</bug>: Rewrote ROOT/index.jsp to be XHTML strict compliant, per Richard
Beton's patch. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>20380</bug>: Access log timestamps now take account of Daylight Saving
Time (DST). (markt)
</fix>
<add>
<bug>34220</bug>: Provide better error message when server.xml can't be located.
[Modified patch from Ralf Hauser] (yoavs)
</add>
<add>
Add MessageListener and LifecylceListener cluster saving to storeconfig module
(&lt;Cluster ... &gt;&lt;ClusterListener className="org.apache.catalina.cluster.session.JvmRouteSessionIDBinderListener" &gt;) (pero)
</add>
<fix>
<bug>33743</bug>: Add additional synchronization in webapp classloader to avoid
possible race condition when defining a class (remm)
</fix>
<fix>
<bug>33711</bug>: Add events on passivate and activate to cleanup SSO, and recycle
session objects when removing them from a manager (so that anyone keeping references
to it would leak a minimal amount of memory) (remm)
</fix>
<update>
Re-add patch causing Session.getId to throw an ISE, and make all internal components
use a safe getIdInternal method (remm)
</update>
<update>
Store principal to be exposed for Request.getUserPrincipal inside the GenericPrincipal,
to remove hacks from the JAAS realm (remm)
</update>
<fix>
<bug>10385</bug>: SSI Servlet now includes better support for files that use character
encodings other than the platform default.(markt)
</fix>
<fix>
Remove CopyParentClassLoader rule, which doesn't seem to be doing anything useful
anymore. (remm)
</fix>
<add>
Provide an ServletFilter implementation of Server Side Includes (SSI). This was
submitted by David Becker under <bug>33106</bug>. (markt)
</add>
<add>
Add sendfile support to default servlet, with a sendfileSize configuration attribute.
(remm)
</add>
<update>
If APR as well as Tomcat's JNI wrapper for APR are present, use APRized protocol handlers
instead of the regular ones (remm)
</update>
<fix>
<bug>22617</bug>: When used with an EJB container and a realm that supports the concept
of an unauthenticated user (J2EE.3.4.3) BASIC authentication was always authenticating
users as the unauthenticated user without giving them a chance to supply a username and
password. (markt)
</fix>
<fix>
Prevent facade objects cloning (remm)
</fix>
<update>
Add missing CGI variables to SSI servlet. Patch submitted by Fritz Schneider. (markt)
</update>
<fix>
<bug>34578</bug>: Updated JNDIRealm comment. (yoavs)
</fix>
<fix>
<bug>34273</bug>: Better Bootstrap warning message. [Path from Ralf Hauser] (yoavs)
</fix>
<update>
<bug>34675</bug>: Updated Proxy-HowTo page with Servlet API calls. (yoavs)
</update>
<fix>
<bug>34546</bug>: Fix problem where the "first" Valve couldn't be removed from a Pipeline. (billbarker)
</fix>
<fix>
Fix NPE when POST size exceeds limit defined by maxPostSize. (markt)
</fix>
<fix>
Fix FORM authentication so POSTed parameters are not assumed to be encoded with platform
default encoding. A side effect of this fix is that the bodies of POST requests that
require FORM authentication are now buffered and made available after a sucessful login. (markt)
</fix>
<fix>
<bug>34840</bug>: Better handling of external WARs redeployment, and ignore docBase specified
in context file if within the Host appBase (remm)
</fix>
<fix>
Fix handling of symbolic links when the DefaultServlet is generating directory
listings. (markt)
</fix>
<fix>
<bug>35769</bug>: Correct implementation of javax.naming.Context.composeName( Name, Name)
in multiple places. Patch provided by Laurent Simon. (markt)
</fix>
<add>
<bug>34805</bug>: Add warning for suspicious security patterns, as suggested by Ralf Hauser. (yoavs)
</add>
<fix>
<bug>35819</bug>: Use getWorkPath for deleting work directory on context destroy, as suggested
by Rob Steele. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<update>
Add support for using "Smart Cards" as trust/keyStore. (billbarker)
</update>
<update>
Add some Mbean attributes and operations to ChannelSocket (pero)
</update>
<add>
Apache Portable Runtime based HTTP/1.1 protocol handler, with SSL support (remm)
</add>
<add>
Add support for simple file-based CRLs under JDK 1.5 (billbarker)
</add>
<add>
Add experimental NIO-Socket channel for the AJP/1.3 Connector (billbarker)
</add>
<add>
<bug>34648</bug>: Add configuration option to enable IP-based Virtual Hosts. (billbarker)
</add>
<update>
Refactor the AJP/1.3 Connector to be able to handle more advanced Actions. (billbarker)
</update>
<fix>
Fix connector initialisation so sslProtocol is not required for SSL. (markt)
</fix>
<add>
Add bufferSize option to the AJP/1.3 Java connector to control output buffering. (billbarker)
</add>
<add>
Apache Portable Runtime based AJP/1.3 protocol handler (remm)
</add>
<fix>
Delay reading the inital request body packet by default for the AJP/1.3 Java connector. (billbarker)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>18477</bug>: Allow symbolic links when precompiling JSPs (markt)
</fix>
<add>
<bug>34272</bug>: Allow specifying the Option class used by the Jasper engine,
submitted by Scott Stark (remm)
</add>
<add>
Support for Java 5.0 in JSPs (remm)
</add>
<update>
Java 5 will be the source and target for JSPs when running on Java 5 (remm)
</update>
<update>
<bug>34652</bug>: Add the ability to get SMAPs when precompiling, submitted by
Daryl Robbins (remm)
</update>
<fix>
<bug>34465</bug>: Jspc failure if there is no web.xml (remm)
</fix>
<fix>
<bug>35696</bug>: Make certain that release is called for custom tags
when tag-pooling is disabled. (billbarker)
</fix>
<fix>
<bug>35386</bug>: Make useBean resources use consistent spelling, from Kurt Huwig. (yoavs)
</fix>
<update>
<bug>33522</bug>: Update jasper-howto to reflect use of javac switch. (yoavs)
</update>
<add>
<bug>35114</bug>: Add failOnError flag to JspC, by ziweth. (yoavs)
</add>
<fix>
<bug>35410</bug>: Fixed NPE in JspWriterImpl. (yoavs)
</fix>
<add>
<bug>35571</bug>: JspC resolved uriRoot relative to Ant project basedir, if any, as suggested
by Jason Pettiss. (yoavs)
</add>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<add>
Add that cluster can configure as Engine and Host element. (pero)
</add>
<add>
Add single cluster default configuration element - discussed at JAX 2005 conference Cluster Workshop. (pero)
</add>
<fix>
Fix resend GET_ALL_SESSIONS when wait ACK failed at receiver side (pero)
</fix>
<fix>
ClusterValve now remove from container element when cluster stops and added with next start again. (pero)
</fix>
<add>
Set timestamp only at first time inside SessionMessageImpl (pero)
</add>
<add>
Set timestamp from findsessions method call, when handling GET_ALL_SESSION
to all SEND_SESSION_DATA and TRANSFER complete messages. (pero>
</add>
<add>
Drop all received message inside GET_ALL_SESSION message queue before state
transfer message timestamp. (pero)
</add>
<add>
Cluster ping now transfer cluster domain information and DeltaManager only
send and receive message from same domain members (pero)
</add>
<add>
JMX Support for McastService (Membership) (pero)
</add>
<add>
Redesign SimpleTcpCluster message receiving to ClusterReceiverBase (pero)
</add>
<add>
Cluster transfer all attributes to the generate session manager at addManager.
Remove some unused attributes at SimpleTcpCluster and ReplicationTransmitter (pero)
</add>
<update>
Refactor DeltaManager:
- createSession call now ManagerBase super class method
- extract some long methods
- send GET_ALL_SESSION with session blocks
- don't sync sessions map when send all sessions (pero)
</update>
<update>
Add developer actions at to-do.txt (Proposal of changes) (pero)
</update>
<update>
Small refactorings at FastAsyncSocketSender (pero)
</update>
<update>
Redesign cluster message sending to lesser cpu and memory usage.
Set at ReplicationTransmitter#compress=false as default. Change API from
ClusterSender, ReplicaitonTransmitter, DataSender, SimpleTcpCluster (pero)
</update>
<add>
DeltaManager has now JMX expireAllLocalSessions and processExipre operation
for better cluster node shutdown handling (usefull for testing only) (pero)
</add>
<add>
DataSender doWaitAckStats for better understanding wait ack problems (pero)
</add>
<update>
Refactor DeltaManager and add counter for cluster message send/receive message (pero)
</update>
<fix>
<bug>34389</bug>:Porting Clustering fix pack to 5.5.10 code base.
Remove synchonized from DataSender.pushMessage(). Very offen the
complete cluster blocking after replicated a bulk of new session messages under heavy load.
All cluster node standing for a lot of time and made nothing.
Fix it for pooled, asynchronous and fastasyncqueue replication mode. Very bad thing, sorry! (pero)
</fix>
<add>
Add notifySessionListenersOnReplication attribute to SimpleTcpCluster to stop notify
event to SessionListener at backup nodes from create and destroy replicated session (pero)
</add>
<add>
Add compress attribute to ClusterSender and ClusterReceiver interface. Now compress config
transfer from sender to receiver at SimpleTcpCluster. (pero)
</add>
<add>
Add ClusterValve interface and implement it as ReplicationValve and JvmRouteBinderValve. Now both
Valves can be directly configured at server.xml Host/Cluster/Valve subelements.
Also this configuration are correctly handled with the StoreConfig module. (pero)
</add>
<update>
Deactivate DataSender keepAliveMaxRequestCount change default to -1.
Cluster replication sockets are fast and very stable! (pero)
</update>
<update>
Setup JvmRouteBinderValve as host valve instead context valve. Refactor the API a little bit. (pero)
</update>
<fix>
Don't increment open socket counter before socket is really open. Add socket open failures counter (pero)
</fix>
<add>
Add MessageListener support to cluster server.xml element (ClusterListener) to
register your own cluster message receiver (pero)
</add>
<add>
Add LifecycleListener support to cluster server.xml element (Listener)
and notify those listener from start/stop cluster,
add/remove session manager, sending fault and start/stop member (pero)
</add>
<add>
Add active backgroundProcess keepAlive timeout and request count socket close check
at ReplicationTransmitter. Check frequency can be change with attribute
processSenderFrequency (default 2). (pero)
</add>
<add>
Remove useless Jdk13ReplicationListener,Jdk13ObjectReader.
Add SocketReplicationListener and SocketObjectReader to have nativ socket ClusterReceiver.
Also extract ClusterReceiverBase superclass for SocketReplicationListener and ReplicationListener (pero)
</add>
<update>
Add and update some API and the <a href="cluster-howto.html">cluster howto documentation</a> (pero)
</update>
<update>
Refactor ReplicationValve for better understanding and small optimization (pero)
</update>
<add>
Starting a unit test suite for cluster module - very much todo (pero)
</add>
<fix>
Fix ant build.xml to direct compile at cluster module directory (pero)
</fix>
<fix>
Fix some I18N messages, but a lot of work is waiting for fix (pero)
</fix>
<add>
Add ReplicationValve Mbeans stats attribute getter and resetStatistics operation (pero)
</add>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>35758</bug>: Admin webapp mishandling digest attribute of JDBCDataSourceRealm. (yoavs)
</fix>
<add>
<bug>34250</bug>: Admin webapp Commit Changes button now asks for confirmation. (yoavs)
</add>
<add>
<bug>34818</bug>: Alternating row for apps in HTML manager, as suggested by Jeff
Domeyer. (yoavs)
</add>
<add>
<bug>35379</bug>: Added commons-logging to build path of manager and host-manager apps,
to make them build with Jikes, as suggested by Aaron Isotton. (yoavs)
</add>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.9 (yoavs)">
<subsection name="General">
<changelog>
<add>
Add JULI, a java.util.logging implementation, used to provide sane defaults and
configurability equivalent to Tomcat 4.0 for Tomcat 5.5 logging (remm)
</add>
<docs>
Add JULI documentation to the logging page (remm)
</docs>
<add>
Add host manager webapp (remm)
</add>
<add>
Add ant JkStatusUpdateTask for remote status worker handling ( >=mod_jk 1.2.9) (pero)
</add>
<add>
<bug>33739</bug>: Add reference to RUNNING.txt in setup.html. (yoavs)
</add>
<fix>
<bug>33719</bug>: Update reference to Ant download page. (yoavs)
</fix>
<fix>
<bug>33883</bug>: Bad options in SSL-HowTo. (yoavs)
</fix>
<update>
Update to MX4J 3.0.1 (pero)
</update>
<update>
<bug>34139</bug>: Updated Realm-HowTo to specify JMX, Commons-Logging jars for RealmBase. (yoavs)
</update>
<add>
<bug>33325</bug>: Added top-level clean target to Netbuild build.xml file. (yoavs)
</add>
<update>
<bug>33755</bug>: Clarified Postgresql JNDI datasource example. [patch submitted by
Tom Witmer] (yoavs)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Remove some instances of expanded folder removal (remm)
</fix>
<fix>
Don't call mkdirs if we're not going to save the configuration in StandardContext (remm)
</fix>
<fix>
Fix context classloader binding during loader initialization (it was set to null before) (remm)
</fix>
<fix>
The webapp logger should only be retrieved when the context classloader is set to the
webapp's classloader (remm)
</fix>
<fix>
<bug>34170</bug>: Add back retry logic in JDBC realm in case of a connection failure (remm)
</fix>
<fix>
<bug>22041</bug>: Support dynamic proxies as session objects. (markt)
</fix>
<fix>
Fix logger names for wrappers (remm)
</fix>
<fix>
<bug>34006</bug>: If antiResourceLocking was used, HostConfig considered the path as external,
and web application resources were not correctly removed or tacked; also simplify the code a lot
(remm)
</fix>
<fix>
<bug>34016</bug>: Save and restore docBase when using antiResourceLocking, for compatibility with
the admin webapp (remm)
</fix>
<add>
<bug>33636</bug>: Set lastModified attribute when expanding WAR files. (yoavs)
</add>
<add>
<bug>32938</bug>: Allow Salted SHA (SSHA) passwords in JNDIRealm. (yoavs)
</add>
<add>
<bug>31288</bug>: Allow SMTP authentication for JNDI MailSessionFactory. (yoavs)
</add>
<update>
Harmonize processing of the context.xml defaults with the way web.xml is processed
(remm)
</update>
<fix>
Ignore ';' if it is in the query string (remm)
</fix>
<fix>
private to protected for the webapp classloader (remm)
</fix>
<fix>
Improve logging of filters and listeners startup errors (remm)
</fix>
<fix>
<bug>33774</bug>: Retry once in JNDI realm authenticate failure regardless of the
exception message (remm)
</fix>
<fix>
<bug>33961</bug>: Don't encode '~' in context paths (remm)
</fix>
<fix>
<bug>32866</bug>: Propagate distributable property from context to manager (yoavs)
</fix>
<fix>
<bug>32867</bug>: Reset distributable attribute in context for clean reload handling (yoavs)
</fix>
<update>
Fix some RealmBase/JNDIRealm log.isXXXEnabled (pero)
</update>
<fix>
<bug>34161</bug>: Harmonize StandardContext.stop with ContainerBase.stop (remm)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
<bug>33971</bug>: Set remoteHost to null when Apache doesn't send one. (billbarker)
</fix>
<fix>
Fix calculation of threadRatio for the ms thread pool, and fix setting the updated
timeout value (remm)
</fix>
<update>
Update the ms thread pool so that we allocate a worker before accepting a new socket,
and wait a little if the pool is exhausted; this should make low maxThreads values work a
lot better (remm)
</update>
<update>
<bug>33857</bug>: Update information on automatic mod_jk configuration in Apache-HowTo (yoavs)
</update>
<fix>
Fix sync block placement in Mapper.addContext (remm)
</fix>
<fix>
<bug>32741</bug>: Fix spelling of "committed" [patch from Ben Souther] (yoavs)
</fix>
<fix>
<bug>34133</bug>: Make setHeader clear multi-valued headers (billbarker)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>34034</bug>: Jasper does not respect external entities (billbarker)
</fix>
<fix>
<bug>33810</bug>: Incorrect recycling of BodyContent if close is called (remm)
</fix>
<update>
Per instance loggers in Jasper (remm)
</update>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
Fix JvmRouteBinderValve primary failover attribute to
org.apache.catalina.cluster.session.JvmRouteOrignalSessionID (pero)
</fix>
<fix>
Change attribute name waitForAck to sendAck at ReplicationListener (pero)
</fix>
<add>
Integrate new fastasyncqueue cluster sender mode.
Support queue size limitation,
get all queued objects and send it to the backup node,
no queue thread lock contention under high replication load,
submitted by Rainer Jung (pero)
</add>
<add>
Add compress attribute to Sender and Receiver to transfer data uncompressed.
At high cluster load this option consume lesser cpu and memory.
Implement the compress handling to ReplicationTransmitter, ReplicationListener,
XByteBuffer and Jdk13ReplicationListener (pero)
</add>
<add>
Add doProcessingStats to synchronous, asynchronous and fastqueueasync sender modes
to get min, avg, max processing times as IDataSender JMX MBeans (pero)
</add>
<fix>
TcpThreadPool use constant ACK byte array instead create
new 3 byte buffer for every message ack (pero)
</fix>
<update>
Refactor ReplicationTransmitter and ReplicationListener (pero)
</update>
<update>
add getCatalinaCluster() to ClusterReceiver and SimpleTcpCluster (pero)
</update>
<update>
Update the Api documentation (pero)
</update>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<update>
Use the standard struts taglib URIs in admin JSPs. (billbarker)
</update>
<add>
Add more host parameters to create new host with host-manager (pero)
</add>
<fix>
<bug>34033</bug>: Fix quoting related bugs (remm)
</fix>
<fix>
<bug>33713</bug>: Add Struts init code in frameset.jsp as well (remm)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.8 (yoavs)">
<subsection name="General">
<changelog>
<fix>
<bug>33204</bug>: Fixed SSL HowTo page. (yoavs)
</fix>
<fix>
<bug>33351</bug>: Fix silent uninstallation. (remm)
</fix>
<fix>
<bug>33489</bug>: Missing space in uninstaller message. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Unregister host mbean and all context mbeans at remove a host, s. StandardHost.destroy() and MBeanFactory.createStandardHost/removeHost(,) detected by Thorsten Kamann (pero)
</fix>
<fix>
make it possible to restart connector, now serversocket recreated after stop,start (pero)
</fix>
<fix>
change mbean names from Mapper and ProtocolHandler to connector naming style (pero)
</fix>
<update>
Add some log.isXXXEnabled (pero)
</update>
<fix>
Deregister MapperListener after remove connector (pero)
</fix>
<fix>
Remove host only at own domain with same name at all services, detected by Thorsten Kamann (pero)
</fix>
<fix>
<bug>33187</bug>: Remove any logging of the password in the JAAS realm,
submitted by Andrew Jaquith (remm)
</fix>
<fix>
<bug>33033</bug>: Don't do anything to the response in the ErrorReportValve
if data has already been written (remm)
</fix>
<update>
Add charset support for the URLs used by the tasks, to remove deprecation (remm)
</update>
<fix>
<bug>26135</bug>: Workaround for memory leak when reloading Struts
based web applications by clearing the bean instrospector cache of the JVM on
classloader stop, submitted by Tobias Lofstrand. (remm)
</fix>
<fix>
Ensure that if CLASSPATH is declared on startup - it is not used. (funkman)
</fix>
<fix>
Add back use of deployOnStartup in HostConfig (remm)
</fix>
<docs>
Ant tasks docs patches, submitted by Gabriele Garuglieri. (remm)
</docs>
<update>
Use NIO for the raw copying operation, as it is faster (a little under 30%),
and decreases a little the impact of antiResourceLocking. (remm)
</update>
<fix>
<bug>33357</bug>: Fix connection leaks with the DataSourceRealm, as well
as improve efficiency, submitted by Dominik Drzewiecki. (remm)
</fix>
<update>
Improve a little logging of servlet exceptions, which should all log the root cause. (remm)
</update>
<update>
Add new Manager.createSession(sessionId) method, allowing the client to "specify" the session id which should be used using a cookie
when using emptySessionPath="true". This fixes session tracking in this case. (remm)
</update>
<fix>
<bug>33368</bug>: Fix memory leak in swallowOutput feature which occurred when the thread pool size is
reduced, submitted by Rainer Jung. (remm)
</fix>
<fix>
StoreConfig: can't save cluster Membership element (pero)
</fix>
<add>
StoreConfig: suppress default jkHome attribute at connector (pero)
</add>
<add>
StoreConfig: Save new dymanic properties from ReplicationTransmitter (pero)
</add>
<fix>
<bug>33463</bug>: Remove attributes after context destroy. (remm)
</fix>
<fix>
<bug>33572</bug>: context.xml should be a redeploy resource, and add prioritization for
redeploy resources. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
PoolTcpEndpoint recreate ServerSocket after start,stop,start connector (pero)
</fix>
<update>
Add some log.isXXXEnabled (pero)
</update>
<add>
JkMX: make log4j mbean configurable with attribute log4jEnabled (pero)
</add>
<fix>
When Tomcat runs on Windows and IE is uploading data to the server, the first read
must be at least 8KB, otherwise upload speed is extremely low, submitted by Noel
Rocher (remm)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>33223</bug>: pageContext.forward and jsp:include result
in StringIndexOutOfBoundsException (luehe)
</fix>
<fix>
<bug>33373</bug>: Fix handling of context classloader in jspc (remm)
</fix>
<fix>
<bug>33538</bug>: Ignore example and tag-extension elements in TagLibraryInfoImpl. (yoavs)
</fix>
<fix>
<bug>33539</bug>: Better error message when an unknown element is encountered in the tag file. (yoavs)
</fix>
<fix>
<bug>33219</bug>: Minor JspServletWrapper code cleanup. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
Add instance based ReplicationValve statistics to Mbean descriptor (pero)
</fix>
<fix>
Better I18N support to cluster session and tcp classes (pero)
</fix>
<add>
Support optional primaryIndicator at ReplicationValve to mark that
request processing to existing session is at primary cluster node.
Easy failover detection, when mark is not at
configurable primaryIndicator attribute, submitted by Rainer Jung (pero)
</add>
<update>
Refactor all implementation from interface IDataSenders (pero)
</update>
<add>
Add some usefull attributes and operations to the all sender MBeans. (pero)
</add>
<add>
Add keepAlive and waitForAck handling to AsyncSocketSender and factor out a DataSender base class.(pero)
</add>
<add>
ReplicationTransmitter: Enable and Disable autoreconnect sender and waitForAck. (pero)
</add>
<add>
ReplicationTransmitter: transfer all properties to socket sender from server.xml configuration. (pero)
</add>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
Fix create and remove Host for Admin app. (pero)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.7 (remm)">
<subsection name="General">
<changelog>
<add>
Add installer for mod_jk on IIS. (mturk)
</add>
<add>
New store config module for better server.xml saving support.<br/>
Add &lt;Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener" /&gt; to your server.xml (pero)
</add>
<update>
<bug>32081</bug>: Remove the JDK requirement from the Unix scripts, submitted
by Ben Souther (remm)
</update>
<fix>
<bug>32953</bug>: SERVLETAPI: XSS Issues, submitted by Mark Thomas (jfarcand)
</fix>
<update>
Update to commons-digester 1.6, JDT 3.0.1, MX4J 2.1.0, Struts 1.2.6 (remm)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<update>
First integration at StoreConfig to StandardServer (pero)
</update>
<fix>
<bug>32714 </bug>: Don't make the AccessLogValve final (funkman)
</fix>
<fix>
<bug>32694</bug>: Fix bad code to make docBase path aboslute in antiLocking
method. (remm)
</fix>
<fix>
<bug>32713</bug>: Fix resource-env-ref handling. (remm)
</fix>
<fix>
<bug>31201</bug>: Improve i18n support in DefaultServlet. This was causing
problems with JSP include actions and static files. (markt)
</fix>
<fix>
Add some log.isXXXEnabled to o.a.c.core.StandardHost StandardEngine, StandardService (pero)
</fix>
<add>
Feature addition to add Redirector and failOnError support for all Catalina Ant tasks,
submitted by Gabriele Garuglieri (remm)
</add>
<fix>
<bug>31198</bug>: Fix FORM and DIGEST authentication for non-ASCII
usernames and passwords. (markt)
</fix>
<fix>
Reimplement charset mapper (remm)
</fix>
<fix>
Add logging of exception which could occur when retrieving the password in JDBCRealm (remm)
</fix>
<fix>
<bug>25889</bug>: Don't execute queries twice, submitted by Tom Anderson (remm)
</fix>
<fix>
<bug>32832</bug>: request.getSession(false) fails to return null (luehe)
</fix>
<fix>
<bug>28222</bug>: request.getRequestURL() in forwarded jsp/servlet returns
original url rather than new url as per SRV8.4 (markt)
</fix>
<fix>
<bug>33157</bug>: Fix handling of the buffer length for basic authentication parsing (remm)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
<bug>32708</bug>: Better handling of bad encoding with the string cache. (remm)
</fix>
<fix>
<bug>32781</bug>: Fix bad initialization of the "scheme" field of the request
object, which would cause getScheme to return "http" for the first request. (remm)
</fix>
<fix>
Content length should be ignored if there is chunking (remm)
</fix>
<fix>
Remove most deprecation problems for the AJP connector (remm)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>32746</bug>: Avoid JAR locking when loading classes and improve loading
performance by taking advantage of caching, submitted by Dominik Drzewiecki. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
correct JvmRouteSessionIDBinderListener MBean name to &lt;domain&gt;:type=Listener,name=JvmRouteSessionIDBinderListener,host=&lt;host&gt; (pero)
</fix>
<add>
JMX support to SimpleTcpCluster, ReplicationTransmitter and all senders (pero)
</add>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
Fix the webDAV servlet so it can be used via any arbitrary mapping
(eg /webdav/*) to edit the contents of a web application. (markt)
</fix>
<fix>
<bug>32729</bug>: Stop is optional and may fail, so it needs to be in a separate try/catch (remm)
</fix>
<update>
Remove the remove method of the manager servlet, and use the undeploy method instead (remm)
</update>
<fix>
<bug>32777</bug>: Fail if application isn't configured properly, submitted by Gabriele Garuglieri
(remm)
</fix>
<fix>
<bug>32771</bug>: Cannot undeploy/deploy misconfigured app after tomcat startup,
submitted by Gabriele Garuglieri (remm)
</fix>
<fix>
<bug>28867</bug>: Correct manager documentation to document correct way to
reference the ROOT context. Submitted by Stephane Bailliez. (markt)
</fix>
<fix>
<bug>33085</bug>: Add support for setting privileged attribute of context
to admin webapp. (markt)
</fix>
<fix>
<bug>33117</bug>: Fix Open bugs link broken on default homepage.
Patch supplied by Sander Temme. (markt)
</fix>
<fix>
Improve javadoc generation for Catalina. (remm)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.6 (yoavs)">
<subsection name="General">
<changelog>
<update>
<bug>32532</bug>: updated logging documentation. (yoavs)
</update>
<update>
<bug>32382</bug>: Index page and packaed WAR for sample webapp. (yoavs)
</update>
<fix>
<bug>32603</bug>: Updated host.xml to reflect appBase resolution. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Add child to the map of the parent before starting it. (remm)
</fix>
<fix>
Decouple usage of the scheme and secure attributes from enabling SSL. (remm)
</fix>
<fix>
<bug>32502</bug>: memory leak in DigestAuthenticator. (yoavs)
</fix>
<fix>
<bug>28709</bug>: javax.servlet.http.HttpServletRequest.isRequestedSessionIdValid() returns true for an invalidated session. (luehe)
</fix>
<fix>
<bug>32137</bug>: Possible thread-safety issue in RealmBase. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
<bug>32585</bug>: Better handling for content length greater than Integer.MAX_VALUE in response. (markt)
</fix>
<update>
Allow ApacheConfig and friends to live under an Engine. (billbarker)
</update>
<update>
Syncronize access to the Jk Request registration count. (billbarker)
</update>
<update>
Speed the MsgContext on its way to GC. (billbarker)
</update>
<fix>
Keep correct thread counts in Thread pool when thread ends in an exception (billbarker)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<update>
Updated Jasper-HowTo section on using Jikes, changed conf/web.xml JSPServlet to refer people to Jasper-HowTo so that we don't have these instructions in two places. (yoavs)
</update>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>32505</bug>: Fix handling of an empty context parameter (which occurred every time the HTML
manager was used to deploy a local war without specifying also a context file). (remm)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.5 (yoavs)">
<subsection name="General">
<changelog>
<update>
<bug>32235</bug>: Sync conf/web.xml MIME types with Apache httpd. (yoavs)
</update>
<fix>
<bug>31132</bug>: Better -x/-r support for OS/400 in startup scripts. (yoavs)
</fix>
<update>
<bug>22679</bug>: Added misc note on accessing session ID to SSL-HowTo. (yoavs)
</update>
<!-- ByteBufferAccessLogValve.java is not inside!!
<update>
Add an asynchrounous access log valve based on NIO (jfarcand)
</update>
-->
<update>
<bug>32249</bug>: Updated logging documentation. (yoavs)
</update>
<update>
<bug>32282</bug>: Modify Windows Uninstaller to only remove webapps/ROOT and webapps if user asks to remove everything. (yoavs)
</update>
<fix>
<bug>32371</bug>: outdated introduction.xml page. (yoavs)
</fix>
<fix>
<bug>32373</bug>: outdated installation.xml page. (yoavs)
</fix>
<update>
<bug>32454</bug>: amended JNDI documentation for JavaMail/JavaActivationFramework usage. (yoavs)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
<bug>32130</bug>: Add safety check to FileStore#keys method. (yoavs)
</fix>
<update>
<bug>32276</bug>: Add developer info to Realm How-To. (yoavs)
</update>
<fix>
<bug>32082</bug>: Added protected getPrincipals method to MemoryRealm for easier extension. (yoavs)
</fix>
<fix>
<bug>32023</bug>: CGIServlet fails to handle post message with multipart/form data. (yoavs)
</fix>
<fix>
<bug>32269</bug>: JNDIRealm fails with InvalidNameException to authenticate users if LDAP distinguished name (DN) contains slash or double quote character(s). (yoavs)
</fix>
<fix>
Move processExpiresFrequency check to ManagerBase and reflect change to all subclasses (StandardManager, PersientManagerBase, DeltaManager). (pero)
</fix>
<update>
Add DIGEST authentication support to the JDBC and DataSource realms. Supports both digested and cleartext passwords. (markt)
</update>
<fix>
<bug>32429</bug>: CGIServlet calculates number of lines received on stderr incorrectly. (markt)
</fix>
<fix>
<bug>32431</bug>: Fix typo in code that passes data to CGI script. (markt)
</fix>
<fix>
<bug>32430</bug>: Class cast exception in toString() method within CGI servlet. (markt)
</fix>
<fix>
Add some log.isXXXEnabled checks at StandardContext and HostConfig (pero)
</fix>
<fix>
Remove the last DefaultContext artifacts (pero)
</fix>
<fix>
<bug>32031</bug>: using createConnector with "http" protocol (remm)
</fix>
<fix>
Add configFile attribute in JMX descriptors (remm)
</fix>
<fix>
Fix autodeployer handling of a war which includes a /META-INF/context.xml, so that it is
correctly registered and can be reloaded correctly (remm)
</fix>
<fix>
<bug>32137</bug>: Use of MessageDigest should be synced in DIGEST (remm)
</fix>
<fix>
Add info log when the autodeployer reloads a context (remm)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<update>
Small HTTP/1.1 optimizations: replace usage of Strings with constant byte arrays, and
simplify the code converting Strings to bytes (remm)
</update>
<update>
Greatly reduce the amount of recycle method calls on the buffers (remm)
</update>
<fix>Add null OName check for Request unregistration in Jk, to remove
exception under JDK 1.5. (billbarker)
</fix>
<fix><bug>32292</bug>: Don't send keep-alive header when the protocol
can't be parsed. (billbarker)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<update>
Updated JspC usage messages to include recently added configurable parameters. (yoavs)
</update>
<fix>
<bug>32330</bug>: JspC changes context classloader. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<add>
JvmRouteBinderValve/JvmRouteSessionIDBinderListener to bind cluster session after primary node failure at first calling backup node.
This was an option to have session stickyness after cluster node crashed. Work only with JESSIONID cookies. (pero)
</add>
<add>
Better log support to DeltaManager to see detail information at debug level. (pero)
</add>
<fix>
Fix FarmWarDeployer based on new HostConfig deployer. (pero)
</fix>
<fix>
FarmWarDeployer controlled WarWatcher with engine backgroundProcess call.
Added processDeployFrequency attribute to Deployer server.xml element. (pero)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<update>
<bug>32019</bug>: Remove maxlength=64 restriction on env entry values in admin webapp. (yoavs)
</update>
<fix>
Fix various problems in realm docs, submitted by Phil Mocek. (remm)
</fix>
<update>
Add log4j docs submitted by Allistair Crossley. (remm)
</update>
<fix><bug>32381</bug>: Fix problem where EL expression is used as a
place holder in the admin webapp.
Submitted by Allistair Crossley. (billbarker)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.4 (yoavs)">
<subsection name="General">
<changelog>
<update>
<bug>31671</bug>: Update web.xml files to 2.4 schema where applicable. (yoavs)
</update>
<update>
<bug>31912</bug>: Add PNG and CSS file types to replication filter default. (yoavs)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Add processExpiresFrequency to PersistentManagerBase and made some small JDBCStore optimizations (pero)
</fix>
<fix>
Register JSP monitoring mbean for each servlet that declares a jsp-file in web.xml. (luehe)
</fix>
<fix>
<bug>31578</bug>: Update Manager configuration documentation. (yoavs)
</fix>
<fix>
<bug>31273</bug>: Add support for derefaliases in JNDIRealm. (markt)
</fix>
<fix>
<bug>31623</bug>: Better OS400 support in setclasspath.sh. (yoavs)
</fix>
<add>
Extend background processing to most container components. (remm)
</add>
<fix>
Remove all MX4J related code. (remm)
</fix>
<fix>
Update JAR list in TldConfig. (remm)
</fix>
<add>
Register datasources with JMX. With DBCP, this is enough to provide JMX management and monitoring.
It might work well with many other data sources which might not register themselves in JMX
but do expose their stuff in a java bean fashion. (remm)
</add>
<update>
Add the ability to force session cookies to be set to the root path "/". This should not be used
on large servers, otherwise tons of cookies may be sent. (remm)
</update>
<fix>
Workaround for client socket exceptions occurring while running a CGI, which could cause
the external process to hang. (remm)
</fix>
<update>
Optimize session cookie IDs conversion to String, since this is an unavoidable and uncacheable
operation. (remm)
</update>
<fix>
Add explicit error message if temp dir does not exist, and remove useless calls to initDirs. (remm)
</fix>
<add>
Add an optimized access log valve, supporting hardcoded support for the common and combined patterns,
and doing a majority of its write-to-logfile operations asynchronously. (remm)
</add>
<update>
Register an MBean to monitor and manage the StringCache, and allow invoking the reset operation. (remm)
</update>
<fix>
<bug>31677</bug>: Log warning if work dir for context can't be determined. (yoavs)
</fix>
<fix>
<bug>31903</bug>: Fix condition which seems to not have been properly updated after adding
entry.binaryContent = null a little below, submitted by Joe Zhou. (remm)
</fix>
<fix>
Prevent silent NPEs during StandardContext.start dealing with JMX registration of realm, submitted
by Keith Wannamaker. (remm)
</fix>
<fix>
<bug>31592</bug>: Support other encodings for digests. (yoavs)
</fix>
<update>
<bug>31739</bug>: Minor realm-howto and AJP connector doc updates. (yoavs)
</update>
<fix>
<bug>31753</bug>: Minor inconsistency between JDBC and DataSourceRealm#authenticate. (yoavs)
</fix>
<update>
<bug>31683</bug>: Minor clarifications to realm documentation. (yoavs)
</update>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Improve i18n in TCP endpoint, and add a better error message when an exception occurs
in setSocketOptions. (remm)
</fix>
<fix>
<bug>31663</bug>: Use interval field as the delay for monitor thread. (remm)
</fix>
<fix>
Remove bad shutdown logic for ms pool strategy. (remm)
</fix>
<fix>
Sync with Cookie, by adding ' ' as a special char. If a special char is present,
the string will be quoted. If the client doesn't support it, the String will no be quoted anyway
and no IAE will be thrown. (remm)
</fix>
<add>
Add an optional String cache for ByteChunk.toString and CharChunk.toString. The cache is
unsynchronized during most of its operation, and is static after a training period. An operation
is provided to allow resetting the cache. (remm)
</add>
<update>
String caching is enabled by default for ByteChunk. (remm)
</update>
<fix>
<bug>31090</bug>: Use a URL encoded path when setting session cookies. (remm)
</fix>
<add>
Add getAttributeName() to ProtocolHandler to get all attributes at runtime (pero)
</add>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<update>
Exposed compilerSourceVM and compilerTargetVM options to JspC. (yoavs)
</update>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
DeltaManager and SimpleTcpReplicationManager generate double jvmRoute (pero)
</fix>
<add>
Add some missing Getters and log.isXXXEnableds (pero)
</add>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>31707</bug>: Broken JavaScript confirmation in HTML manager. (yoavs)
</fix>
<fix>
Remove hard-coded admin context path from admin's banner.jsp. (yoavs)
</fix>
<update>
Major connector docs update. (remm)
</update>
<fix>
<bug>31732</bug>: Fix Japanese localization of Manager's list output. (yoavs)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.3 (yoavs)">
<subsection name="General">
<changelog>
<fix>
<bug>30568</bug>: Incomplete setup.html documentation for launching jsvc. (yoavs)
</fix>
<update>
Repackage naming features. (remm)
</update>
<fix>
Fix deployer packaging. (remm)
</fix>
<fix>
Fix embed packaging. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Fix memory leak when Security Manager is turned on. (jfarcand)
</fix>
<fix>
When checking status codes for error handling, only check if
Response.isError() is true. This way, users may use setStatus() to set their own
error status without having the error page invoked. (in which case, the user should've
use sendError()) (funkman)
</fix>
<update>
Remove Digester code for Xerces workaround. (jfarcand)
</update>
<fix>
Give proper permission to the balancer app when running under the security manager. (jfarcand)
</fix>
<fix>
<bug>30869</bug>: Make sure JAAS realm name is legal. (yoavs)
</fix>
<update>
md5Helper, md5Encoder, and normalize are used by WebdavServlet,
not DefaultServelt so move them into WebdavServlet.
</update>
<fix>
<bug>31277</bug>: Clarified automatic application deployment section of Host configuration page. (yoavs)
</fix>
<fix>
<bug>28631</bug>: JAASRealm enhancements to support custom user and role classes use Commons-Logging. (yoavs)
</fix>
<fix>
<bug>31364</bug>: Missing resource in org.apache.catalina.core.LocalString.properties. (yoavs)
</fix>
<fix>
<bug>31362</bug>: Missing -Xdebug in catalina.bat when launching with JPDA and Security. (yoavs)
</fix>
<fix>
<bug>31356</bug>: Duplicates not counted in session generation. (yoavs)
</fix>
<fix>
<bug>30949</bug>: Make sure ApplicationDispatcher unwraps request/response even if include error occurs. (yoavs)
</fix>
<fix>
Fixed StandardContext.getStartTime() to return actual start time/date instead of time (startupTime) it took to start context. (luehe)
</fix>
<update>
getRequest/getResponse should return the most relevant interface, to avoid casts. (remm)
</update>
<update>
Add check for directory before considering something is a compressed WAR. (remm)
</update>
<docs>
Update the connector documentation. (remm)
</docs>
<fix>
When parsing a context file, ignore the "path" attribute:
the only place where it is acceptable is in server.xml. (remm)
</fix>
<fix>
Digester handling fixes: always call reset in a finally block after using a digester. (remm)
</fix>
<update>
Remove many fields from Connector, and tie the creation of the Connector to the
creation of the protocol handler. (remm)
</update>
<update>
Remove package triggers from the classloader, which seem useless when using Java 5. (remm)
</update>
<fix>
Realms will now use set attribute to set themselves in their container when using JMX. (remm)
</fix>
<fix>
Fix JMX related operations with the Connector. (remm)
</fix>
<fix>
Fix save-to-XML for naming resources. (remm)
</fix>
<fix>
Remove authenticator "debug" attributes from the descriptors. (remm)
</fix>
<update>
Refactor org.apache.catalina.deploy.ContextXXX to use new super class ResourceBase. (pero)
</update>
<fix>
Enable Connector.findLifecycleListener that we can listen start/stop Connector events and save the listener to xml. (pero)
</fix>
<update>
Remove Watchdog references, as it is no longer used. (yoavs)
</update>
<fix>
<bug>31511</bug>: Don't call setenv.bat if not found, in *using-launcher scripts. (yoavs)
</fix>
<fix>
<bug>31549</bug>: Add name to WebappClassLoader's stopped message. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<update>
Allow customized server header for Standalone. (funkman)
</update>
<fix>
Digester.reset now removes the error handler, the root and calls clear, to prevent
any memory leak. (remm)
</fix>
<update>
Remove useless stuff in digester. (remm)
</update>
<update>
In HTTP, add a utility method to convert strings to byte arrays, and output the server header
directly as bytes. (remm)
</update>
<add>
Add a master slave thread pool based on the code from Tomcat 4.0. It is less exotic than the
default one, and might fare better on some picky systems, such as Redhat 9. The two threadpools
will likely be removed once we use the Java 5 API, although more investigation is needed. (remm)
</add>
<fix>
Fix issue with getProperty in IntrospectionUtils. (remm)
</fix>
<update>
Remove attribute translation for SSL in the HTTP protocol handler: it will now be done in the
Catalina Connector class. (remm)
</update>
<fix>
Fix handling of the "timeout" attribute of the HTTP protocol handler. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
<bug>31171</bug>: Wrap to avoid ClassCastException in PageContextImpl. (yoavs)
</fix>
<fix>
<bug>31257</bug>: Added specification of endorsed dirs if forking. Note that this is fairly useless for now in 5.5 since it uses JDT and not javac by default. (yoavs)
</fix>
<docs>
Document new Jasper defaults, and update the production configuration. (remm)
</docs>
<fix>
Copied XML encoding detection logic into JASPER, so we're no longer dependent on Xerces. (luehe)
</fix>
<fix>
Fix cosmetic issue where extra CRLF would be inserted during each precompilation in web.xml. (remm)
</fix>
<update>
Allow configuring the interval following a compilation during which a JSP will not be checked
for modifications. (remm)
</update>
<fix>
<bug>31465</bug>: Ensure that the compiler reads the .java file using the same encoding as that with which it was written. (markt)
</fix>
<fix>
<bug>31510</bug>: Null out response in JspWriterImpl#recycle to aid in JBoss memory leak. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<update>
Added flag to the cluster (notifyListenersOnReplication) to enable/disable the
notifications of attribute/context listeners upon replication of a session delta
Works only with the DeltaManager (fhanik)
</update>
<update>
Added flag to the cluster (Cluster/Sender/ackTimeout) to set the timeout in milliseconds
for a synchronous request to go through, defaults to 15000ms (fhanik)
</update>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<fix>
<bug>29485</bug>: I broke the HTML manager when adding JavaScript confirmation, fixed now ;) (yoavs)
</fix>
<fix>
<bug>31058</bug>: Ensure StatusTransformer escapes query string for XML. (yoavs)
</fix>
<update>
Added contexts' start time (available from 'startTime' MBean attribute of StandardContext) to status page (luehe)
</update>
<fix>
<bug>31264</bug>: the deploy task should now behave correctly. (remm)
</fix>
<update>
Refactor the manager servlet to make calls to the deployer more robust. (remm)
</update>
<fix>
Use the more robust String.valueOf in the form edit action of the connector. (remm)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.2 (yoavs)">
<subsection name="General">
<changelog>
<fix>
The installer will now use the system's JRE. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Fix URL generation for classloaders on Windows, causing common/classes and shared/classes
to be unusable (remm)
</fix>
<fix>
<bug>31110</bug>: Fix resource packaging bug for servlets (remm)
</fix>
<fix>
Fix 5.5 regression where going through the authenticator would create a session each time. (remm)
</fix>
<fix>
Fix classname of the connector in Embedded, and remove the socket factory. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Redo server header handling again. (remm)
</fix>
<update>
Cleanup a little access to the headers using a local variable and
use setValue for Server and Date headers. (remm)
</update>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
Remove maxTagNesting and curTagNesting since they are unused. (funkman)
</fix>
<fix>
Fix tag files handling with JDT, which were ususable, and refactor the lifecycle handling of
the page loader. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.1 (yoavs)">
<subsection name="General">
<changelog>
<update>
Tomcat 5.5 can be built on JDK 5.0. (yoavs)
</update>
<fix>
Windows installer polish. (mladen, remm)
</fix>
<update>
Remove dependency on Jakarta regexp. (remm)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Allow overriding the location of the default context file, similar to the default
web.xml. (remm)
</fix>
<update>
Backport if-else logic for SSI servlet from 4.1 (funkman)
</update>
<fix>
Remove DefaultContext elements from the digester rules. (remm)
</fix>
<fix>
Fix ResourceLink handling. (remm)
</fix>
<fix>
Modify the auto deployer to get along with contexts which are statically defined in server.xml. (remm)
</fix>
<fix>
Externalize constant strings defining the location of deployment related resources. (remm)
</fix>
<fix>
<bug>31052</bug>: BeanFactory swallows root cause of exception. (yoavs)
</fix>
<fix>
Allow using deploy Ant task with just config attribute, submitted by Michael Schuerig. (remm)
</fix>
<add>
Added longest time an expired session had been alive to set of monitorable session manager attributes. (luehe)
</add>
<add>
Added average time an expired session had been alive to set of monitorable session manager attributes. (luehe)
</add>
<fix>
Clear a reference in the digester where a context would be referenced for more time than it
needed, until the next context deployment operation. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
<bug>31018</bug>: Race condition in SystemLogHandler. (yoavs)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
Use the "compiler" parameter to allow specifying that Ant should be used. (remm)
</fix>
<fix>
Ignore JDT compiler warnings. (remm)
</fix>
<add>
Added compilerTargetVM option support, "1.4" default. (yoavs)
</add>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
Fix adding the clustering valve, so that session replication actually occurs. (fhanik)
</fix>
</changelog>
</subsection>
<subsection name="Webapps">
<changelog>
<update>
Major documentation update with current Tomcat 5.5 changes. (remm)
</update>
<update>
Added JavaScript confirmation dialog to "dangerous" Manager servler links. (yoavs)
</update>
</changelog>
</subsection>
</section>
<section name="Tomcat 5.5.0 (yoavs)">
<subsection name="General">
<changelog>
<update>
Many updated and fixed JavaDocs. (yoavs)
</update>
<update>
Designed and tested Tomcat on J2SE 5.0 (aka JDK 1.5). (everyone)
</update>
<update>
Bundled Eclipse JDT (new dependency) to allow Tomcat to run on a JRE only, i.e. no JDK required. (remm)
</update>
<update>
Repackage commons-dbcp and its dependencies as a sigle smaller WAR, with renamed packages. (remm)
</update>
<update>
Removed dependencies on commons-digester, commons-beanutils, and commons-collections.
The relevant digester functionality is now merged in tomcat-util. (remm)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<update>
Removed usage of org.apache.catalina.Logger, increased usage of commons-logging everywhere. (remm)
</update>
<update>
Refactored classloader code to better handle JAR and general resource locking. (remm)
</update>
<update>
Written JMX-related code to play nicely with J2SE 5.0 built-in JMX abilities. (remm, costin)
</update>
<update>
Extensively profiled and optimized the server startup performance as well as the request mapping and processing pipeline. (remm)
</update>
<update>
The container will now always process a /META-INF/context.xml resource, unless the webapp has a specified external context file. (remm)
</update>
<update>
New default configuration mechanism for web applications, replacing DefaultContext. This uses a
shared context file located in conf/context.xml. (remm)
</update>
<update>
Revamped deployer, alloying full hotdeploy (note: on Windows, this requires the anti file locking
features). (remm)
</update>
<update>
Remove verbosity from the JNDI resources configuration, by allowing arbitrary attributes on the Resource element. (remm)
</update>
<update>
Simpler Valve interface, to allow smaller stack traces and reducing the amount of method calls. (remm)
</update>
</changelog>
</subsection>
<subsection name="Coyote">
</subsection>
<subsection name="Jasper">
<changelog>
<update>
Eclipse JDT is now the default Java compiler in Jasper. Source dependencies are now loaded from
the container classloader, and compilation times are much faster. (remm)
</update>
<update>
Jasper development mode should now have acceptable performance for heavily accessed pages.
Precompiling JSPs is still significantly more efficient, however. (remm)
</update>
</changelog>
</subsection>
<subsection name="Cluster">
</subsection>
<subsection name="Webapps">
<changelog>
</changelog>
</subsection>
</section>
</body>
</document>