| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <!DOCTYPE document [ |
| <!ENTITY project SYSTEM "project.xml"> |
| ]> |
| <?xml-stylesheet type="text/xsl" href="tomcat-docs.xsl"?> |
| <document url="changelog.html"> |
| |
| &project; |
| |
| <properties> |
| <author email="remm@apache.org">Remy Maucherat</author> |
| <author email="yoavs@apache.org">Yoav Shapira</author> |
| <author email="fhanik@apache.org">Filip Hanik</author> |
| <author email="pero@apache.org">Peter Rossbach</author> |
| <author email="kkolinko@apache.org">Konstantin Kolinko</author> |
| <author email="kfujino@apache.org">Keiichi Fujino</author> |
| <author email="jim@apache.org">Jim Jagielski</author> |
| <author email="mturk@apache.org">Mladen Turk</author> |
| <title>Changelog</title> |
| </properties> |
| |
| <body> |
| <!-- Section names: |
| General, Catalina, Coyote, Jasper, Cluster, Webapps, Other |
| --> |
| <section name="Tomcat 5.5.36 (markt)" rtext=""> |
| <subsection name="General"> |
| <changelog> |
| <update> |
| Update to Apache Commons Daemon 1.0.10. (markt) |
| </update> |
| <update> |
| Update to Apache Commons Pool 1.5.7. (markt) |
| </update> |
| <update> |
| Update to Apache Tomcat Native 1.1.24. (markt) |
| </update> |
| <update> |
| Update to Eclipse JDT 3.7.2. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>52677</bug>: The new <code>SetCharacterEncodingFilter</code> needs |
| to implement <code>Filter</code> to be useful. (markt) |
| </fix> |
| <fix> |
| <bug>53050</bug>: Fix XOR arithmetics and charset issue when calculating |
| entropy to initialize random numbers generator in session manager. Based |
| on a proposal by Andras Rozsa. (kkolinko/jim) |
| </fix> |
| <fix> |
| <bug>53531</bug>: Better checking and improved error messages for |
| directory creation during automatic deployment. (schultz/kkolinko) |
| </fix> |
| <fix> |
| Various improvements to the DIGEST authenticator including |
| <bug>52954</bug>, the disabling caching of an authenticated user in the |
| session by default, tracking server rather than client nonces and better |
| handling of stale nonce values. (markt) |
| </fix> |
| <scode> |
| Remove unneeded handling of FORM authentication in RealmBase. (kkolinko) |
| </scode> |
| <fix> |
| <bug>53830</bug>: Better handling of Manager.randomFile default value on |
| Windows. (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Ensure that the chunked input filter is correctly recycled between |
| requests. (kkolinko/jim) |
| </fix> |
| <add> |
| Implement the maxHeaderCount for the HTTP connectors. (kkolinko) |
| </add> |
| <fix> |
| <bug>42181</bug>: Better handling of edge conditions in chunk header |
| processing. Improve chunk header parsing. Properly ignore |
| chunk-extension suffix, not trying to parse digits contained in it. |
| Reject chunks whose header is incorrect. (kkolinko) |
| </fix> |
| <fix> |
| <bug>52055</bug> (comment 14): Correctly reset |
| <code>ChunkedInputFilter.needCRLFParse</code> flag when the filter |
| is recycled. (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| <bug>52641</bug>: Remove mentioning of ldap.jar from docs. |
| Patch provided by Felix Schumacher. (rjung) |
| </fix> |
| <fix> |
| <bug>53158</bug>: Fix documented defaults for DBCP. |
| Patch provided by ph.dezanneau at gmail.com. (rjung) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| <bug>52640</bug>: Correct set the endorsed directory location when using |
| the Windows installer. (markt) |
| </fix> |
| <update> |
| <bug>52579</bug>: Add a note about Sun's Charset.decode() bug to the |
| RELEASE-NOTES file. (kkolinko) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 5.5.35 (jim)" rtext="released 2012-01-16"> |
| <subsection name="Catalina"> |
| <changelog> |
| <add> |
| Make configuration issues for security related Valves and Filters result |
| in the failure of the valve or filter rather than just a warning |
| message. (markt) |
| </add> |
| <fix> |
| Ensure changes to the configuration of the RemoteHostValve and the |
| RemoteAddrValve via JMX are thread-safe. (markt) |
| </fix> |
| <update> |
| In <code>RequestFilterValve</code> (<code>RemoteAddrValve</code>, |
| <code>RemoteHostValve</code>): refactor value matching logic into |
| separate method and expose this new method <code>isAllowed</code> |
| through JMX. (kkolinko) |
| </update> |
| <add> |
| Improve performance of parameter processing for GET and POST requests. |
| Also add an option to limit the maximum number of parameters processed |
| per request. This defaults to 10000. Excessive parameters are ignored. |
| Note that <code>FailedRequestFilter</code> can be used to reject the |
| request if some parameters were ignored. (markt/kkolinko) |
| </add> |
| <add> |
| New filter <code>FailedRequestFilter</code> that will reject a request |
| if there were errors during HTTP parameter parsing. (kkolinko) |
| </add> |
| <fix> |
| <bug>52384</bug>: Do not fail with parameter parsing when debug logging |
| is enabled. (kkolinko, jim) |
| </fix> |
| <fix> |
| Do not flag extra '&' characters in parameters as parse errors. |
| (kkolinko, jim) |
| </fix> |
| <fix> |
| Slightly improve performance of UDecoder.convert(). Align |
| <code>%2f</code> handling between implementations. (kkolinko) |
| </fix> |
| <fix> |
| <bug>52225</bug>: Fix ClassCastException when adding an alias for an |
| existing host via JMX. (kkolinko) |
| </fix> |
| <fix> |
| Do not throw an IllegalArgumentException from a |
| <code>parseParameters()</code> call when a chunked POST request is too |
| large, but treat it like an IO error. (kkolinko) |
| </fix> |
| <add> |
| Add SetCharacterEncodingFilter (similar to the one contained in the |
| examples web application) |
| to the <code>org.apache.catalina.filters</code> package so it is |
| available for all web applications. (kkolinko) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="General"> |
| <changelog> |
| <update> |
| Update Eclipse compiler to 3.7 and switch to using ecj.jar. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Improve multi-byte character handling in all connectors. (rjung) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>52335</bug>: Only handle <code><\%</code> and not |
| <code>\%</code> as escaped in template text. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| <bug>52049</bug>: Improve setup instructions for running as a Windows |
| service: correct information on how a JRE is identified and selected. |
| (kkolinko) |
| </fix> |
| <update> |
| <bug>52172</bug>: Update Tomcat build instructions. Includes changes |
| proposed by bmargulies. (kkolinko) |
| </update> |
| <fix> |
| <bug>52243</bug>: Improve windows service documentation to clarify how |
| to include <code>#</code> and/or <code>;</code> in the value of an |
| environment variable that is passed to the service. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| <bug>52059</bug>: Ensure Windows registry keys are removed when using |
| the un-install option of the Windows installer. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 5.5.34 (jim)" rtext="released 2011-09-22"> |
| <subsection name="General"> |
| <changelog> |
| <update> |
| Update Tomcat-Native to 1.1.22. (jim) |
| </update> |
| <update> |
| Fix CVE-2011-2729. Update to Commons Daemon 1.0.7. (markt) |
| </update> |
| <fix> |
| <bug>33262</bug>: When using the Windows installer, the monitor is now |
| auto-started for the current user rather than all users to be consistent |
| with menu item creation. (markt) |
| </fix> |
| <fix> |
| <bug>40510</bug>: Provide an option within the Windows installer to |
| create menu entries for the current user or all users. (markt) |
| </fix> |
| <fix> |
| <bug>50949</bug>: Add the ability to specify the AJP port and the |
| shutdown port when using the Windows installer. (markt) |
| </fix> |
| <fix> |
| <bug>51135</bug>: Fix auto-detection of JAVA_HOME for 64-bit Windows |
| platforms that only have a 32-bit JVM installed when using the Windows |
| installer. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>27988</bug>: Improve reporting of missing files. (markt) |
| </fix> |
| <fix> |
| <bug>28852</bug>: Add URL encoding where missing to parameters in URLs |
| presented by Ant tasks to the Manager application. Based on a patch by |
| Stephane Bailliez. (mark) |
| </fix> |
| <fix> |
| <bug>41179</bug>: Return 404 rather than 400 for requests to the ROOT |
| context when no ROOT context has been deployed. (markt) |
| </fix> |
| <fix> |
| <bug>50189</bug>: Once the application has finished writing to the |
| response, prevent further reads from the request since this causes |
| various problems in the connectors which do not expect this. (markt) |
| </fix> |
| <fix> |
| Fix CVE-2011-2204. Prevent user passwords appearing in log files if a |
| runtime exception (e.g. OOME) occurs while creating a new user for a |
| MemoryUserDatabase via JMX. (markt) |
| </fix> |
| <fix> |
| <bug>51042</bug>: Don't trigger session creation listeners when a |
| session ID is changed as part of the authentication process. (markt) |
| </fix> |
| <fix> |
| <bug>51324</bug>: Improve handling of exceptions when flushing the |
| response buffer to ensure that the doFlush flag does not get stuck in |
| the enabled state. Patch provided by Jeremy Norris. (kkolinko) |
| </fix> |
| <fix> |
| <bug>51403</bug>: Avoid NullPointerException in JULI FileHandler if |
| formatter is misconfigured. (kkolinko) |
| </fix> |
| <fix> |
| <bug>51473</bug>: Fix concatenation of values in |
| SecurityConfig.setSecurityProperty() when the value provided by JRE is |
| null. (kkolinko) |
| </fix> |
| <fix> |
| <bug>51550</bug>: Internal errors in Tomcat components that process |
| requests before they are passed to a web application, such as |
| Authenticators, now return a 500 response rather than a 200 response. |
| (markt) |
| </fix> |
| <add> |
| CVE-2011-1184: Add additional configuration options to the DIGEST |
| authenticator. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Fix CVE-2011-2526. Protect against crashes (HTTP APR) if sendfile is |
| configured to send more data than is available in the file. (markt) |
| </fix> |
| <fix> |
| <bug>50394</bug>: Return -1 from read operation instead of throwing an |
| exception when encountering an EOF with the HTTP APR connector. |
| (kkolinko) |
| </fix> |
| <fix> |
| <bug>50744</bug>: Skip the SSL configuration check on platforms where an |
| unbounded socket cannot be created. (kkolinko) |
| </fix> |
| <fix> |
| <bug>51073</bug>: Throw an exception and do not start the APR connector |
| if it is configured for SSL and an invalid value is provided for |
| SSLProtocol. (markt) |
| </fix> |
| <fix> |
| <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection. |
| (markt) |
| </fix> |
| <add> |
| Detect incomplete AJP messages and reject the associated request if one |
| is found. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>36362</bug>: Handle the case where tag file attributes (which can |
| use any valid XML name) have a name which is not a Java identifier. |
| (markt) |
| </fix> |
| <fix> |
| Fix possible threading issue in JSP compilation when development mode is |
| enabled. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| <bug>48717</bug>: Ensure session activation events are fired. (markt) |
| </fix> |
| <fix> |
| <bug>50771</bug>: Ensure HttpServletRequest#getAuthType() returns the |
| name of the authentication scheme if request has already been |
| authenticated. (kfujino) |
| </fix> |
| <fix> |
| <bug>51647</bug>: Fix session replication when a session attribute is a |
| Java dynamic proxy. Based on a patch by Tomasz Skutnik. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| <bug>41498</bug>: Add the allRolesMode attribute to the Realm |
| configuration page in the documentation web application. (markt) |
| </fix> |
| <update> |
| Configure Security Manager How-To to include a copy of the actual |
| conf/catalina.policy file when the documentation is built, rather |
| than maintaining a copy of its content. (kkolinko) |
| </update> |
| <fix> |
| <bug>48997</bug>: Fixed some typos and improve cross-referencing to the |
| HTTP Connector and APR documentation with the SSL How-To page of the |
| documentation web application. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| Align jpda settings in catalina.bat with catalina.sh, tc6.0.x, tc7.0.x |
| and trunk. (markt) |
| </fix> |
| <update> |
| Clarify error messages in *.sh files to mention that if a script is |
| not found it might be because execute permission is needed. (kkolinko) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 5.5.33 (jim)" rtext="released 2011-02-10"> |
| <subsection name="General"> |
| <changelog> |
| <fix> |
| Fix permissions of version.sh in bin tarball. (rjung) |
| </fix> |
| <fix> |
| <bug>45332</bug>, <bug>45852</bug>, <bug>50140</bug>: |
| Backport numerous improvements to the Windows installer. |
| Specify the correct encoding (the current Windows code page) rather |
| than assuming UTF-8 when creating tomcat-users.xml - <bug>45332</bug>, |
| <bug>45852</bug>. |
| Update install/uninstall icons. Create an installation log. |
| Allow 32-bit JVMs to be selected when installing on a 64-bit platform. |
| Do not ignore install directory if it is specified with the command |
| line switch on 64-bit platforms - <bug>50140</bug>. |
| Add support for the <code>/?</code> command line switch. |
| Replace the .ini files with the script equivalents. |
| Provide the ability to edit the roles for the added user. |
| Clean up fully after installation. |
| Add DetailPrint statements for operations that may take time. |
| Improve the descriptions of the components. |
| (kkolinko, mturk, markt) |
| </fix> |
| <add> |
| Add roles (admin-gui, admin-script, manager-gui, manager-script, |
| manager-jmx, manager-status) to the Manager, Host Manager and Admin |
| applications to allow more fine-grained control of permissions. The old |
| roles are deprecated but will still work in the same way. (kkolinko) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Improve HTTP specification compliance in support of |
| <code>Accept-Language</code> header. This protects from known exploit |
| of the Oracle JVM bug that triggers a DoS, CVE-2010-4476. (kkolinko) |
| </fix> |
| <fix> |
| <bug>50620</bug>: Stop exceptions that occur during |
| <code>Session.endAccess()</code> from preventing the normal completion |
| of <code>Request.recycle()</code>. (markt/kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <update> |
| Remove <code>JSSE13Factory</code>, <code>JSSE13SocketFactory</code> |
| classes, as Tomcat 5.5 always runs on JRE 1.4 or later. (kkolinko) |
| </update> |
| <fix> |
| <bug>50325</bug>: When the JVM indicates support for RFC 5746, disable |
| Tomcat's <code>allowUnsafeLegacyRenegotiation</code> configuration |
| attribute and use the JVM configuration to control renegotiation. |
| (markt/kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 5.5.32 (jim)" rtext="released 2011-02-01"> |
| <subsection name="General"> |
| <changelog> |
| <update> |
| Update to Commons Daemon 1.0.5. (mturk) |
| </update> |
| <update> |
| Update to commons-pool 1.5.5. (markt) |
| </update> |
| <fix> |
| Ensure POM files have correct line endings in source distributions. |
| (rjung/markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <add> |
| <bug>43960</bug>: Expose <code>available</code> property of |
| StandardWrapper via JMX. (markt) |
| </add> |
| <fix> |
| <bug>50131</bug>: Avoid possible NPE in debug output in PersistentValve. |
| Patch provided by sebb. (kkolinko) |
| </fix> |
| <fix> |
| <bug>50413</bug>: Ensure 304s are not returned when using static files |
| as error pages. (markt/kkolinko) |
| </fix> |
| <fix> |
| Avoid unnecessary cast in StandardContext. (markt) |
| </fix> |
| <fix> |
| <bug>50460</bug>: Avoid a possible memory leak caused by using a cached |
| exception instance. (kkolinko) |
| </fix> |
| <fix> |
| <bug>50550</bug>: When a new directory is created (e.g. via WebDAV) |
| ensure that a subsequent request for that directory does not result in a |
| 404 response. (markt/kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>47913</bug>: Return the IP address rather than null for |
| <code>getRemoteHost()</code> with the APR connector if the IP address |
| does not resolve. (markt) |
| </fix> |
| <fix> |
| <bug>49521</bug>: Disable scanning for a free port in Jk AJP/1.3 |
| connector by default. Do not change maxPort field value of ChannelSocket |
| in its <code>setPort()</code> and <code>init()</code> methods. Add |
| support for <code>maxPort</code> attribute on a <code>Connector</code> |
| element as a synonym for channelSocket.maxPort. (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>49935</bug>: Handle compilation of recursive tag files. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| Improve sending an access message in DeltaManager. |
| maxInactiveInterval of not Manager but the session is used. |
| If maxInactiveInterval is negative, an access message is not sending. |
| (kfujino) |
| </fix> |
| <fix> |
| <bug>50547</bug>: Add time stamp for CHANGE_SESSION_ID message and |
| SESSION_EXPIRED message. (kfujino) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <add> |
| <bug>50294</bug>: Add more information to documentation regarding format |
| of configuration files. Patch provided by Luke Meyer. (markt) |
| </add> |
| <update> |
| Improve documentation of database connection factory. (rjung) |
| </update> |
| <fix> |
| Improve filtering of Manager display output. (kkolinko) |
| </fix> |
| <update> |
| Configure the Admin, Manager and Host-Manager web applications to use |
| HttpOnly flag for their session cookies. (kkolinko) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 5.5.31 (jim)" rtext="released 2010-09-16"> |
| <subsection name="General"> |
| <changelog> |
| <fix> |
| Add svn:executable property to some script files and |
| remove it from non-executable files. (rjung) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>38113</bug> Add system property (ALLOW_EMPTY_QUERY_STRING) to allow |
| spec compliant handling of query string. (markt/kkolinko/jim) |
| </fix> |
| <fix> |
| Return a copy of the URL being used from the webapp class loader, not |
| the original array. (kkolinko/markt) |
| </fix> |
| <fix> |
| <bug>49749</bug>: Use HttpOnly flag of current context when genrating |
| a Single-Sign-On cookie. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>49718</bug>: Fix regression in previous fix for <bug>46984</bug> |
| caused by the patch being applied to the wrong section of code. The |
| regression caused HTTP 0.9 requests to fail. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| <bug>49585</bug>: Update JSVC documentation to reflect new packaging |
| of Commons Daemon. (markt) |
| </fix> |
| <fix> |
| <bug>49774</bug>: Add support for SSL with either JSSE or APR baaed |
| connectors to the admin app. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| Add Null check when CHANGE_SESSION_ID message received. (kfujino) |
| </fix> |
| </changelog> |
| </subsection></section> |
| <section name="Tomcat 5.5.30 (jim)" rtext="released 2010-07-09"> |
| <subsection name="General"> |
| <changelog> |
| <update>Update to Commons Daemon 1.0.2. Use service launcher (procrun) |
| from the Commons Daemon release. Do not keep a copy of it in our source |
| tree. (mturk/kkolinko)</update> |
| <update> |
| Update to NSIS 2.46. (kkolinko) |
| </update> |
| <update> |
| Update to Apache Commons DBCP 1.3. (markt) |
| </update> |
| <fix> |
| <bug>48840</bug>: Swallow output (if any) from use of cd when determining |
| $CATALINA_HOME in catalina.sh and tool-wrapper.sh scripts. Based on patch |
| provided by mdietze. (markt/kkolinko) |
| </fix> |
| <fix> |
| <bug>49236</bug>: Do not use indexing when packing Tomcat JARs. |
| (kkolinko) |
| </fix> |
| <fix> |
| <bug>48990</bug>: Build windows distributions correctly on Linux and |
| add support for the skip.installer property. (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Fix CVE-2010-1157. Prevent possible disclosure of host name or IP |
| address via the HTTP WWW-Authenticate header when using BASIC or DIGEST |
| authentication. (markt) |
| </fix> |
| <fix> |
| <bug>44041</bug>, <bug>48694</bug>: Fix duplicate class definition |
| under load. Avoid possible deadlock in class loading. |
| (markt/kkolinko) |
| </fix> |
| <fix> |
| <bug>47774</bug>: Ensure web application class loader is used when |
| calling session listeners. (kfujino) |
| </fix> |
| <update> |
| <bug>48179</bug>: Improve error handling when reading or writing |
| TLD cache file ("tldCache.ser"). (kkolinko) |
| </update> |
| <fix> |
| <bug>49398</bug>: ByteChunk.indexOf(String, int, int, int) could not |
| find a string of length 1. (kkolinko) |
| </fix> |
| <fix> |
| Ensure all required i18n messages are present for the APR/native |
| Listener. (kkolinko) |
| </fix> |
| <fix> |
| Fix possible overflows when calculating session statistics. (kkolinko) |
| </fix> |
| <fix> |
| <bug>49424</bug>: Avoid NPE if client provides no data with a chunked |
| POST request. (markt) |
| </fix> |
| <fix> |
| Minor code cleanup in AccessLogValve and FastCommonAccessLogValve |
| classes. (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix>Arrange filter logic. (jfclere) |
| </fix> |
| <fix> |
| <bug>48613</bug>: Only attempt APR/native connector initialization if |
| the Listener element has been specified in server.xml. (fhanik/kkolinko) |
| </fix> |
| <fix> |
| <bug>48843</bug>: Prevent possible deadlock and correct queue handling |
| for worker allocation in APR connectors. (kkolinko) |
| </fix> |
| <fix> |
| Use chunked encoding for http 1.1 responses with no content-length |
| (regardless of keep-alive) so client can differentiate between complete |
| and partial responses. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>42390</bug>, <bug>48616</bug>: Fix compilation error with some |
| nested tag files and simple tags. Do not declare or synchronize |
| scripting variables for JSP fragments since they are scriptless. |
| (kkolinko) |
| </fix> |
| <fix> |
| <bug>47878</bug>: Return “404”s rather than a permanent |
| “500” if a JSP is deleted. Make sure first response after |
| deletion is correct. (markt/kkolinko) |
| </fix> |
| <fix> |
| <bug>48701</bug>: Add a system property to allow disabling enforcement |
| of JSP.5.3. The specification recommends, but does not require, this |
| enforcement. (kkolinko) |
| </fix> |
| <fix> |
| <bug>48580</bug>: Prevent AccessControlException when running under a |
| security manager if the first access is to a JSP that uses a |
| FunctionMapper. (markt/kkolinko) |
| </fix> |
| <fix> |
| <bug>49196</bug>: Avoid NullPointerException in |
| PageContext.getErrorData() if an error-handling JSP page is called |
| directly. (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| <bug>48717</bug>: When a node joins a cluster and it receives all the |
| current sessions, ensure the sessionCreated event is fired if the |
| Manager is configured to replicate session events. (markt) |
| </fix> |
| <fix> |
| <bug>49170</bug>: Do not send duplicated session. (kfujino) |
| </fix> |
| <fix> |
| <bug>49445</bug>: When session ID is changed after authentication, |
| ensure the DeltaManager replicates the change in ID to the other nodes |
| in the cluster. (kfujino) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <add> |
| Backport documentation stylesheet improvements from Tomcat 6: |
| use CSS styles to provide printer-friendly layout, |
| support generation of TOC tables, |
| support links to revision numbers, |
| use underscores instead of spaces in anchor names. (kkolinko) |
| </add> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 5.5.29 (fhanik)" rtext="released 2010-04-20"> |
| <subsection name="General"> |
| <changelog> |
| <add> |
| <bug>37847</bug>: Make location and filename of catalina.out configurable |
| in catalina.sh. (fhanik/kkolinko) |
| </add> |
| <fix> |
| <bug>47609</bug>: Provide fail-safe EOL conversion for build process. |
| (sebb/markt/kkolinko) |
| </fix> |
| <fix> |
| <bug>47689</bug>: Enable the test Ant target to work. (markt) |
| </fix> |
| <fix> |
| <bug>47712</bug>: Loading tcnative was broken in 5.5.28. (rjung) |
| </fix> |
| <fix> |
| Correct CVE-2009-3548. When installed via the Windows installer and |
| using defaults, don't create an administrative user with a blank |
| password. Additionally, the administrative user is only created if the |
| manager or host-manager web applications are selected for installation. |
| (markt/kkolinko) |
| </fix> |
| <update> |
| Deprecate the jni Buffer and Thread classes. (rjung) |
| </update> |
| <update> |
| Include 32-bit and 64-bit versions of Tomcat Native DLLs into the |
| Windows installer, instead of downloading them from a web site during |
| install, and allow it to automatically select the correct one for the |
| current platform. (kkolinko/mturk) |
| </update> |
| <update> |
| Update Windows installer to use NSIS 2.45. (kkolinko) |
| </update> |
| <update> |
| Update to commons-pool 1.5.4. This fixes regressions in 1.5.2. (markt) |
| </update> |
| <fix> |
| Align server.xml installed by the Windows installer with the one |
| bundled in zip/tar.gz archives. (kkolinko) |
| </fix> |
| <fix> |
| Encode all property files using ascii escaped UTF-8. (rjung) |
| </fix> |
| <fix> |
| Correct MD5 generation in the build process. (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>37848</bug>: Re-fix. Don't display info output when there is no |
| terminal. (markt) |
| </fix> |
| <fix> |
| <bug>39231</bug>: Call LoginModule.logout() when using JAASRealm. |
| (markt/kkolinko) |
| </fix> |
| <fix> |
| <bug>39844</bug>: Fix NPE when performing a non-HTTP forward. |
| (billbarker) |
| </fix> |
| <fix> |
| <bug>41059</bug>: Reduce the chances of errors when using |
| ENABLE_CLEAR_REFERENCES. Patch by Curt Arnold. (markt) |
| </fix> |
| <add> |
| <bug>45255</bug>: Add the ability to change session ID on |
| authentication to protect against session fixation attacks. This is |
| disabled by default. (markt/kkolinko) |
| </add> |
| <fix> |
| <bug>46967</bug>: Better handling of errors when trying to use |
| Manager.randomFile. Based on a patch by Kirk Wolf. (kkolinko) |
| </fix> |
| <fix> |
| <bug>47518</bug>: Correct reference in Valve Javadoc that referred to an |
| old method. Patch provided by Christopher Schultz. (markt) |
| </fix> |
| <fix> |
| <bug>47537</bug>: Return an error page rather than a zero length 200 |
| response if the forward to the login or error page fails during FORM |
| authentication. (markt) |
| </fix> |
| <fix> |
| <bug>47718</bug>: Fix file descriptor leak on context stop/reload. Patch |
| provided by George Sexton. (markt) |
| </fix> |
| <fix> |
| <bug>47826</bug>: Correct error in debug message in |
| org.apache.catalina.Bootstrap (markt) |
| </fix> |
| <fix> |
| <bug>47963</bug>: Ensure that any HTTP status messages are compliant |
| with RFC2616. (markt/kkolinko) |
| </fix> |
| <fix> |
| <bug>47997</bug>: Enable the NamingResourcesMBean to work with |
| non-Server (i.e. Context) containers. Patch provided by Michael Allman. |
| (markt) |
| </fix> |
| <fix> |
| <bug>48004</bug>: Allow applications to set the Server header. (markt) |
| </fix> |
| <fix> |
| <bug>48007</bug>: Improve exception processing in |
| CustomObjectInputStream. (kkolinko) |
| </fix> |
| <fix> |
| <bug>48049</bug>: Fix copy and paste error so |
| <code>NamingContext.destroySubContext()</code> works correctly. |
| Patch provided by gingyang.xu (markt) |
| </fix> |
| <update> |
| <bug>48097</bug>: Make WebappClassLoader to do not swallow |
| AccessControlException. (kkolinko) |
| </update> |
| <fix> |
| <bug>48097</bug>: Avoid throwing an AccessControlException which can |
| lead to a NoClassDefFoundError on first access of first jsp. |
| (kkolinko/markt) |
| </fix> |
| <fix> |
| <bug>48322</bug>: Single quote characters are not HTTP separators and |
| should not be treated as such in the cookie handling. (markt) |
| </fix> |
| <add> |
| Provide an option to allow the use of equals characters in cookie |
| values. (markt) |
| </add> |
| <fix> |
| <bug>48516</bug>: Prevent NPE in JNDIRealm if requested user does not |
| exist. Patch provided by Kevin Conaway. (markt) |
| </fix> |
| <fix> |
| <bug>48577</bug>: Filter URL when displaying missing included page. |
| (markt) |
| </fix> |
| <fix> |
| <bug>48760</bug>: Remove race condition that can result in multiple |
| threads trying to use the same InputStream. (markt) |
| </fix> |
| <fix> |
| Add an additional permission required by JULI when running under newer |
| JDKs and a security manager. (markt) |
| </fix> |
| <fix> |
| Close resource stream in WebappClassLoader after read error. (pero) |
| </fix> |
| <fix> |
| Do not swallow exceptions in ApplicationContextFacade.doPrivileged() |
| (kkolinko) |
| </fix> |
| <fix> |
| Various related (un)deploy improvements including: better handling of |
| failed (un)deployment; adding checking for invalid zip file entries that |
| don't make sense in a WAR file; and improved validation of WAR file |
| names. These changes address CVE-2009-2693, CVE-2009-2901 and |
| CVE-2009-2902. |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>43327</bug>: Allow APR/native connector to work correctly on |
| systems when IPv6 is enabled. (markt) |
| </fix> |
| <fix> |
| <bug>46950</bug>: Support SSL renegotiation with APR/native connector. |
| Note that this requires APR/native 1.1.17 or later. (markt) |
| </fix> |
| <fix> |
| <bug>47225</bug>: Fix error in calculation of a buffer length in the |
| mapper. (markt) |
| </fix> |
| <fix> |
| <bug>47744</bug>: Prevent a medium term memory leak if using SSl with |
| the JSSE provider and also using a security manager. Based on a patch by |
| Greg Vanore. (markt) |
| </fix> |
| <fix> |
| <bug>47987</bug>: Limit size of not found resources cache. (markt) |
| </fix> |
| <fix> |
| <bug>48109</bug>: Ensure InputStream is closed in WebappClassLoader |
| on error conditions. (markt) |
| </fix> |
| <fix> |
| <bug>48311</bug>: APR should not be initialised if the APR life-cycle |
| listener is not enabled. (markt) |
| </fix> |
| <fix> |
| <bug>48581</bug>: Avoid security exception on first access. (markt) |
| </fix> |
| <fix> |
| <bug>48584</bug>: Prevent the APR connector logging an error if the |
| acceptor fails during shutdown since this is expected. (mturk) |
| </fix> |
| <fix> |
| CVE-2009-3555. Provide option to disable legacy SSL renegotiation. |
| (markt/costin) |
| </fix> |
| <fix> |
| Fix Windows installer to bundle an up-to-date version of native/APR with |
| it. When asked to install TC-Native it was downloading some very old (1.1.4) |
| version of it from the HEAnet site. (kkolinko) |
| </fix> |
| <update> |
| Update the native/APR library version bundled with Tomcat to 1.1.20. |
| (kkolinko) |
| </update> |
| <update> |
| Update recommended version for native to 1.1.19. (rjung) |
| </update> |
| <fix> |
| Remove unneeded line from the method that normalizes decodedURI. |
| (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>38797</bug>: Fix regression in previous fix for this bug. (markt) |
| </fix> |
| <fix> |
| <bug>41661</bug>: Fix thread safety issue in JspConfig.init() (markt) |
| </fix> |
| <fix> |
| <bug>41824</bug>: Need to use canonical rather than binary form when |
| writing code. (markt) |
| </fix> |
| <fix> |
| <bug>46907</bug>: Don't swallow input stream when debug logging is |
| enabled. (markt) |
| </fix> |
| <fix> |
| <bug>48582</bug>: Avoid NPE on background compile. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| DeltaManager needs to replicate changed attributes even if session |
| gets invalidated. Otherwise session listeners will not see the right |
| data on the secondary nodes. (rjung) |
| </fix> |
| <fix> |
| Remove unnecessary Java5 dependencies. (markt) |
| </fix> |
| <fix> |
| <bug>46384</bug>: Correct synchronisation issue that could lead to a |
| cluster member disappering permanently. (markt) |
| </fix> |
| <fix> |
| <bug>47554</bug>: Include httpOnly attribute when re-writing session |
| cookie after fail over. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| <bug>41564</bug>: Add some information on installing Tomcat as a service |
| on operating systems with User Account Control, e.g. Vista. (markt) |
| </fix> |
| <fix> |
| <bug>47656</bug>: Add information to documentation on system property |
| replacement in configuration files. (markt) |
| </fix> |
| <fix> |
| <bug>47769</bug>: Clarify the JNDI docs with repect to use of |
| <resource-ref> and related elements, specifically when they are |
| required and when they may be omitted. (markt) |
| </fix> |
| <fix> |
| <bug>48381</bug>: Add information on how Tomcat treats host names to the |
| host configuration documentation. (markt) |
| </fix> |
| <add> |
| <bug>48530</bug>: Add information on the Manager Server Status page to |
| the Manager How-To in the documentation webapp. Based on a patch by |
| Arnaud Espy. (markt) |
| </add> |
| <add> |
| <bug>48532</bug>: Add information to the BIO/NIO SSL configuration page |
| in the documentation web application to specify how the defaults for the |
| various trust store attributes are determined. (markt) |
| </add> |
| <fix> |
| <bug>48686</bug>: Fix deleting a host via the Administration web |
| application rather than failign with a HTTP 500 response. (markt) |
| </fix> |
| <add> |
| Make changelog.xml be directly rendered as HTML by certain browsers. |
| (kkolinko) |
| </add> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 5.5.28 (fhanik)" rtext="released 2009-09-04"> |
| <subsection name="General"> |
| <changelog> |
| <fix> |
| <bug>39194</bug>: Make the setting of the classpath consistent for the |
| .sh and .bat startup scripts. (markt/kkolinko) |
| </fix> |
| <fix> |
| <bug>45880</bug>: Include NOTICE file in Windows installer and make sure |
| src files are excluded. (markt) |
| </fix> |
| <update> |
| Update to NSIS 2.44 (kkolinko) |
| </update> |
| <update> |
| Build scripts: Use different values for ${tomcat-dbcp.home} and |
| ${jasper-compiler-jdt.home} in tomcat-deps. Fix download task |
| checks for commons-pool and commons-dbcp. (kkolinko) |
| </update> |
| <add> |
| Add the 64-bit windows service binaries to the distribution and get the |
| Windows installer to automatically select the correct one for the |
| current platform. (markt/kkolinko) |
| </add> |
| <update> |
| Update to commons-pool 1.5.2. This includes various fixes to prevent |
| deadlocks, reduce syncs and make object allocation occur fairly - i.e. |
| objects are allocated to threads in the order that the threads request |
| them. This fixes a number of issues with the version of DBCP embedded |
| within Tomcat. (markt) |
| </update> |
| <update> |
| Update Tomcat Windows service application (procrun) to version 2.0.5. |
| It contains a fix for issue <bug>41538</bug> (mturk) |
| </update> |
| <fix> |
| <bug>47149</bug>: Explicitly specify encoding when performing filtering |
| during copy, fixcrlf or replace operations in build scripts. Don't add |
| blank lines to files when fixing line endings. Explicitly specify |
| encoding when compiling. (kkolinko) |
| </fix> |
| <fix> |
| <bug>47464</bug>: Some class files were accidentally included into the |
| source distributions of TC 5.5.27. (kkolinko) |
| </fix> |
| <docs> |
| Document that building Tomcat requires Ant 1.6.2 or later. (kkolinko) |
| </docs> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>37458</bug>: Fix sync error that may lead to NPE in rare |
| circumstances. Patch by Konstantin Kolinko. (markt) |
| </fix> |
| <fix> |
| <bug>37498</bug>: Fall back to container log if application log is |
| unavailable during context destruction. (markt) |
| </fix> |
| <fix> |
| <bug>37794</bug>: Handle POSTed parameters when sent with chunked |
| encoding. (markt) |
| </fix> |
| <fix> |
| <bug>37984</bug>: Strip {MD5} as well as {SHA} if present in digest |
| passwords in LDAP directories. (markt) |
| </fix> |
| <fix> |
| <bug>38553</bug>: A lack of certificates is normal if a user doesn't |
| have a certificate. Return a 401 rather than a 400 in this case. (markt) |
| </fix> |
| <fix> |
| <bug>38570</bug>: When checking docBase against appBase, make sure we |
| check for an exact match against the appBase. (markt) |
| </fix> |
| <fix> |
| <bug>39013</bug>: When testing for an invalid docBase, use an exact |
| match for the appBase. (markt) |
| </fix> |
| <fix> |
| <bug>39396</bug>: Only include TRACE in an OPTIONS response if we know |
| it has been enabled. (markt) |
| </fix> |
| <fix> |
| Remove wrong "No role found" realm debug log message, |
| even if a role was found. (rjung) |
| </fix> |
| <fix> |
| <bug>39997</bug>: Add the SSLRandomSeed option to the |
| AprLifecycleListener to enable faster starts on development systems. |
| (markt) |
| </fix> |
| <fix> |
| <bug>40380</bug>: Fix potential synchronization issue in |
| StandardSession.expire(). (markt) |
| </fix> |
| <fix> |
| <bug>41407</bug>: JAAS Realm now works with CLIENT-CERT authentication. |
| (markt) |
| </fix> |
| <add> |
| <bug>42419</bug>: Add a system property that enables the name of the |
| session cookie and session path parameter to be configured. (markt) |
| </add> |
| <fix> |
| <bug>42579</bug>: Support both relative and absolute search results in |
| the JNDI Realm implementation. Patch provided by Brandon DuRette. |
| (markt) |
| </fix> |
| <fix> |
| <bug>42707</bug>: Make adding a host alias via JMX take effect |
| immediately. (markt) |
| </fix> |
| <fix> |
| <bug>43343</bug>: Correctly handle requesting a session we are in the |
| middle of persisting. Based on a suggestion by Wade Chandler. |
| (markt/kkolinko) |
| </fix> |
| <add> |
| <bug>44382</bug>: Add support for using httpOnly for session cookies. |
| This is disabled by default. (markt/fhanik) |
| </add> |
| <fix> |
| <bug>45576</bug>: JAAS Realm now works with DIGEST authentication. |
| (markt) |
| </fix> |
| <fix> |
| <bug>45628</bug>: JARs that do not declare any dependencies should |
| always be considered as fulfilled. (markt) |
| </fix> |
| <fix> |
| <bug>45933</bug>: Don't use a web application provided parser to process |
| TLD files. (markt) |
| </fix> |
| <fix> |
| <bug>45996</bug>: Add Accept-Ranges header to responses from the |
| DefaultServlet with an option to disable it. (markt) |
| </fix> |
| <fix> |
| <bug>46105</bug>: Correctly set URI encoding when replaying a request |
| after FORM authentication. (markt) |
| </fix> |
| <fix> |
| <bug>46408</bug>: Correct possible invalid case in SecurityUtil. (markt) |
| </fix> |
| <fix> |
| <bug>46552</bug>: Return a 400 response rather than a 200 response if |
| the request headers are too large. (markt) |
| </fix> |
| <fix> |
| <bug>46597</bug>: Port all cookie handling changes from Tomcat 6.0.x. |
| (markt) |
| </fix> |
| <fix> |
| <bug>46606</bug>: Make max depth limit for WebDAV servlet configurable. |
| (markt) |
| </fix> |
| <fix> |
| <bug>46717</bug>: Fix hard to reproduce thread safety issue with session |
| expiration. (markt) |
| </fix> |
| <fix> |
| <bug>46982</bug>: Fix DST problem with AccessLogValve. (markt) |
| </fix> |
| <fix> |
| Improve handling of situation where web application tries to configure |
| logging at the context level but the security policy prevents this. |
| (markt/rjung) |
| </fix> |
| <fix> |
| Fix an information disclosure vulnerability in a number of the Realms |
| that allowed user enumeration when using FORM authentication. This is |
| CVE-2009-0580. (markt) |
| </fix> |
| <fix> |
| Fix various WebDAV compliance issues identified by the Litmus test |
| suite. (markt) |
| </fix> |
| <fix> |
| Use a better default (webapps) for a Host's appBase. (idarwin/markt) |
| </fix> |
| <fix> |
| <bug>44943</bug>: Reduce copy/paste issues caused by different engine |
| names in server.xml. (markt, kkolinko) |
| </fix> |
| <fix> |
| Remove obsolete classpath entry for commons-logging from start script. |
| It is already present in the classpath set by the manifest in bootstrap.jar. |
| (rjung) |
| </fix> |
| <fix> |
| <bug>38483</bug>: Thread safety issues in AccessLogValve classes. (kkolinko) |
| </fix> |
| <add> |
| Allow log file encoding to be configured for JULI FileHandler. (kkolinko) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>36923</bug>: Parse deactivated EL expressions correctly. (markt) |
| </fix> |
| <fix> |
| <bug>37084</bug>: Fix JspC compilation with Ant when compiling JSPs that |
| use a custom taglib. (markt/kkolinko) |
| </fix> |
| <fix> |
| <bug>37515</bug>: Add options for Java 1.6 and 1.7 to the JDT compiler. |
| (markt) |
| </fix> |
| <fix> |
| <bug>38197</bug>: Fix tag pooling when tags are used with jsp:attribute. |
| (markt) |
| </fix> |
| <fix> |
| <bug>38352</bug>: Make the directory defined by |
| javax.servlet.context.tempdir readable for JSPs when running under a |
| security manager as required by the specification. (markt) |
| </fix> |
| <fix> |
| <bug>38797</bug>: Revert previous fix for <bug>37933</bug> and implement |
| a new fix that does not have the side effects described in |
| <bug>38797</bug>. |
| </fix> |
| <fix> |
| <bug>38897</bug>: Add uri of broken TLD to error message to aid |
| debugging. (markt) |
| </fix> |
| <fix> |
| <bug>41606</bug>: Fix double initialisation of JSPs. Patch provided by |
| Chris Halstead. (markt) |
| </fix> |
| <fix> |
| <bug>45666</bug>: Fix infinite loop on include. Patch provided by Tom |
| Wadzinski. (markt) |
| </fix> |
| <fix> |
| <bug>46354</bug>: Fix ArrayIndexOutOfBoundsException when using |
| org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true. Patch |
| provided by Konstantin Kolinko. (markt) |
| </fix> |
| <fix> |
| <bug>46909</bug>: Only include semi-colon in type attribute for |
| <jsp:plugin> when it is required. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| Fix minor memory leak found by find bugs. (markt, rjung) |
| </fix> |
| <fix> |
| <bug>40551</bug>: Enable the JvmRouteBinderValve to work with |
| PersistentManagers as well as clustering. Patch by Chris Chandler. |
| (markt) |
| </fix> |
| <fix> |
| <bug>46357</bug>: Corrected test for host's parent must be an engine. |
| (markt, rjung) |
| </fix> |
| <update> |
| <bug>45317</bug>: Properly log the value of the state transfer timeout flag. |
| (fhanik, rjung) |
| </update> |
| <fix> |
| <bug>45279</bug>: Properly close multicast socket. (fhanik, rjung) |
| </fix> |
| <fix> |
| <bug>45447</bug>: Add Spanish resource files. |
| Patch provided by Jesus Marin. (markt, rjung) |
| </fix> |
| <fix> |
| <bug>46990</bug>: Fix synchronization issues in cluster membership |
| reported by FindBugs. Patch provided by Sebb. (markt, rjung) |
| </fix> |
| <fix> |
| <bug>47389</bug>: DeltaManager doesn't do session replication if |
| notifySessionListenersOnReplication=false. |
| Patch by Keiichi Fujino. (fhanik, rjung) |
| </fix> |
| <fix> |
| Separate statistics counter lock in FastAsyncSocketSender from inherited |
| DataSender lock to reduce blocking during failed node detection. (rjung) |
| </fix> |
| <fix> |
| Handle situation session ID rewriting on fail-over with parallel requests |
| from the same client. (pero) |
| </fix> |
| <fix> |
| <bug>43641</bug>: Use of bind attribute for membership element breaks |
| multicast. (rjung) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| Fix CVE-2009-0781. XSS in calendar example. (markt) |
| </fix> |
| <fix> |
| <bug>36574</bug>: Fix broken PDFs. (markt) |
| </fix> |
| <fix> |
| <bug>39603</bug>: Admin app only showed ROOT web application when |
| clustering was enabled. (markt) |
| </fix> |
| <fix> |
| <bug>47032</bug>: Fix /status/all in Manager webapp when using the |
| PersistentManager. (markt) |
| </fix> |
| <fix> |
| <bug>47235</bug>: Remove use of autoReconnect from MySQL examples. |
| (mark) |
| </fix> |
| <fix> |
| <bug>46509</bug>: Use correct link on error page in JSP security |
| example. Patch provided by Michael Moody. (markt) |
| </fix> |
| <fix> |
| <bug>46562</bug>: Close file when reading has finished when using SSI. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote" > |
| <changelog> |
| <fix> |
| <bug>37869</bug>: Correctly extract client certificates, including the |
| full certificate chain when using the APR/native HTTP connector. (markt) |
| </fix> |
| <fix> |
| <bug>39637</bug>: Correctly extract client certificates, including the |
| full certificate chain when using the AJP connectors. Patch by Patrik |
| Schnellmann. (markt) |
| </fix> |
| <update> |
| Set remote port for AJP connectors from the optional request |
| attribute AJP_REMOTE_PORT. (rjung) |
| </update> |
| <fix> |
| <bug>45026</bug>: Never return an empty HTTP status reason phrase. |
| mod_jk and httpd 2.x do not like that. (rjung) |
| </fix> |
| <fix> |
| <bug>45528</bug>: An invalid SSL configuration could cause an infinite |
| logging loop on startup. (markt) |
| </fix> |
| <fix> |
| <bug>46984</bug>: Reject requests with invalid HTTP methods with a 400 |
| rather than a 501. (markt) |
| </fix> |
| <update> |
| Update the APR/native connector to 1.1.16. (markt, kkolinko) |
| </update> |
| <fix> |
| Correct potential DOS issue in Java AJP connector when processing |
| invalid request headers. This is CVE-2009-0033. (markt) |
| </fix> |
| <fix> |
| Make DateTool thread safe. (fhanik) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 5.5.27 (fhanik)" rtext="released 2008-09-08"> |
| <subsection name="General"> |
| <changelog> |
| <fix> |
| <bug>44463</bug>: War file upload in manager webapp fails due to missing |
| commons-io dependency. Added commons-io 1.4. (rjung) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>46770</bug>: Don't send duplicate headers when using flushBuffer(). (rjung) |
| </fix> |
| <fix> |
| <bug>44021</bug>, <bug>43013</bug>: Add support for # to signify multi-level contexts for directories and wars. |
| </fix> |
| <fix> |
| <bug>44494</bug>: Backport from 6.0 (rjung) |
| </fix> |
| <fix> |
| Add additional checks for URI normalization. (remm) |
| </fix> |
| <fix> |
| Don't throw an ArrayIndexOutOfBoundsException when empty URL is |
| requested. Patch provided by Charles R Caldarale. (markt) |
| </fix> |
| <fix> |
| <bug>29936</bug>: Don't use parser from a webapp to parse web.xml and possibly |
| context.xml files. (markt) |
| </fix> |
| <fix> |
| <bug>43079</bug>: Correct pattern verification for suspicious URLs. |
| Patch provided by John Kew. (markt) |
| </fix> |
| <fix> |
| <bug>43080</bug>: Log suspicious URL pattern warnings to the correct |
| web application. (markt) |
| </fix> |
| <fix> |
| <bug>43117</bug>: Setting an empty workDIR could delete all of |
| CATALINA_HOME. Patch provided by Takayuki Kaneko. (markt) |
| </fix> |
| <fix> |
| <bug>44282</bug>: Prevent security exception in trace level logging for |
| web application class loader when running under a security manager. |
| (markt) |
| </fix> |
| <fix> |
| <bug>44529</bug>: No roles specified (deny all) should take precedence |
| over no auth-constraint specified (allow-all). (markt) |
| </fix> |
| <fix> |
| <bug>43578</bug>: Enable start on Linux if $CATALINA_HOME contains a |
| space. Original patch provided by Ray Sauers with improvements by Ian |
| Ward Comfort. (markt) |
| </fix> |
| <fix> |
| <bug>44673</bug>: Throw IOE if ServletInputStream is closed and a call |
| is made to any read(), ready(), mark(), reset(), or skip() method as per |
| javadocs for Reader. (markt) |
| </fix> |
| <fix> |
| Enable the CGIServlet to work with Windows Vista. (markt) |
| </fix> |
| <fix> |
| Add additional permission required to read JDK logging configuration |
| when running with a security manager. (markt) |
| </fix> |
| <fix> |
| <bug>44943</bug>: Reduce copy/paste issues caused by different engine |
| names in server.xml. (markt) |
| </fix> |
| <fix> |
| <bug>45195</bug>: Prevent NPE when calling |
| <code>Session.getAttribute(null)</code> and |
| <code>Session.removeAttribute(null)</code>. The spec is unclear but this |
| is a regression from 5.0.x. (markt) |
| </fix> |
| <fix> |
| <bug>45293</bug>: Update name of commons-logging jar in security policy. |
| (markt) |
| </fix> |
| <fix> |
| <bug>45453</bug>: Fix race condition in JDBC Realm. Based on a patch |
| provided by Santtu Hyrkk. (markt) |
| </fix> |
| <fix> |
| JAAS Realm did not read role information for users. (markt) |
| </fix> |
| <fix> |
| <bug>46683</bug>: Fix typo in French localisation file name for the |
| org.apache.catalina.loader package. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <update> |
| Log errors for AJP signoffs at DEBUG level, since it is harmless if |
| mod_jk has hung up the phone. (billbarker) |
| </update> |
| <fix> |
| <bug>42727</bug>: Handle request lines that are exact multiples of 4096 |
| in length. Patch provided by Will Pugh. (markt) |
| </fix> |
| <fix> |
| <bug>43191</bug>: Compression could not be disabled for some file types. |
| Based on a patch by Len Popp. (markt) |
| </fix> |
| <fix> |
| <bug>45591</bug>: Fix NPE on shutdown failure in some cases. Based on a |
| patch by Matt Passell. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>31257</bug>: Quote endorsed dirs if they contain a space. (markt) |
| </fix> |
| <fix> |
| <bug>42943</bug>: Make sure nested element is inside <jsp:text> |
| element before throwing exception. (markt) |
| </fix> |
| <fix> |
| <bug>44877</bug>: Prevent collisions in tag pool names. (markt) |
| </fix> |
| <fix> |
| <bug>45015</bug>: Enfore JSP spec rules on quoting in attrbutes. This is |
| configurable using the system property |
| <code>org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING</code>. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| <bug>42899</bug>: When saving config from admin app, correctly handle |
| case where the old config file does not exist. (markt) |
| </fix> |
| <fix> |
| <bug>44541</bug>: Document packetSize attribute for AJP connector. |
| (markt) |
| </fix> |
| <fix> |
| <bug>44715</bug>: Document use of secret for AJP connector. (markt) |
| </fix> |
| <update> |
| <bug>45323</bug>: Add note that context.xml files can only contain a |
| single Context element. (markt) |
| </update> |
| <fix> |
| Update JNDI datasource docs since maxActive setting for unlimited |
| changed in commons-pool > 1.2. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Specification"> |
| <changelog> |
| <fix> |
| Use a localised error message if a user tries to write a negative length |
| byte array during default processing of a HEAD request. (markt) |
| </fix> |
| <fix> |
| <bug>44562</bug>: HEAD requests cannot use includes. Patch provided by |
| David Jencks. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 5.5.26 (fhanik)" rtext="released 2008-02-05"> |
| <subsection name="General"> |
| <changelog> |
| <update> |
| Use Eclipse JDT 3.3.1. (pero) |
| </update> |
| <update> |
| Use new commons download location. (markt) |
| </update> |
| <update> |
| Use commons-launcher 1.1. (markt) |
| </update> |
| <update> |
| Use commons-digester 1.8. (markt) |
| </update> |
| <update> |
| Use Xerces 2.9.1. (markt) |
| </update> |
| <update> |
| Remove usused commons-httpclient. (funkman) |
| </update> |
| <update> |
| Use commons-collections 3.2. (markt) |
| </update> |
| <update> |
| Use commons-fileupload 1.2. (markt) |
| </update> |
| <update> |
| Use MX4J 3.0.2. (markt) |
| </update> |
| <update> |
| Use JUnit 3.8.2. (markt) |
| </update> |
| <update> |
| Use NSIS 2.34. (markt) |
| </update> |
| <update> |
| Use Struts 1.2.9. (markt) |
| </update> |
| <update> |
| Use JAF 1.1.1. (markt) |
| </update> |
| <update> |
| Use JTA 1.1. (markt) |
| </update> |
| <update> |
| Use JavaMail 1.4.1. (markt) |
| </update> |
| <update> |
| Use PureTLS 0.9b5. (markt) |
| </update> |
| <update> |
| Use commons-pool 1.4. (markt) |
| </update> |
| <fix> |
| <bug>43594</bug>: Use setenv from CATALINA_BASE (if set) in preference |
| to the one in CATALINA_HOME. Patch provided by Shaddy Baddah. (markt) |
| </fix> |
| <fix> |
| Fix CVE-2007-5342 by limiting permissions granted to JULI. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix><bug>38131</bug>: WatchedResource doesn't work if app is outside host appbase webapps. |
| Patch provided by Peter Lynch (pero) |
| </fix> |
| <fix> |
| Set correct sessionCounter at StandardManager after reload sessions. (pero) |
| </fix> |
| <fix> |
| Fix NPE situation at AccessLogValve (pero) |
| </fix> |
| <fix> |
| <bug>30949</bug>: Improve previous fix. Ensure requests are recycled |
| on cross-context includes and forwards when an exception occurs in the |
| target page. (markt) |
| </fix> |
| <fix> |
| <bug>43216</bug>: Set correct StandardSession#accessCount as system property STRICT_SERVLET_COMPLIANCE is true after application restart with SESSION.ser file. |
| Patch provided by Takayuki Kaneko (pero) |
| </fix> |
| <add> |
| Made session createTime accessible for all SessionManager via JMX (pero) |
| </add> |
| <add> |
| Support logging of all response header values at ExtendedAccessLogValve (ex. add x-O(Set-Cookie) to your pattern). (pero) |
| </add> |
| <add> |
| Support logging of current thread name at AccessLogValve (ex. add %I to your pattern). |
| Usefull to compare access logging entry later with a stacktraces. (pero) |
| </add> |
| <fix> |
| o.a.juli.ClassLoaderLogManager handle more then one system property replacement at file logging.properties. (pero) |
| </fix> |
| <fix> |
| <bug>43236</bug>: Reset usingWriter and associated flags when response |
| is reset. (markt) |
| </fix> |
| <fix> |
| <bug>43241</bug>: ServletContext.getResourceAsStream() not spec |
| compliant. Patch provided by John Kew. (markt) |
| </fix> |
| <fix> |
| <bug>43675</bug>: Fix a possible logging related class loader leak. |
| (markt) |
| </fix> |
| <fix> |
| <bug>43687</bug>: Remove conditional headers on Form Auth replay, since the UA (esp. FireFox) isn't expecting it. (billbarker) |
| </fix> |
| <fix> |
| Fix bug in CGI Servlet that caused it to fail when a CGI resource was |
| included in another resource. (markt) |
| </fix> |
| <fix> |
| Cookie handling/parsing changes! |
| The following behavior has been changed with regards to Tomcat's cookie |
| handling:<br/> |
| a) Cookies containing control characters, except 0x09(HT), are rejected |
| using an InvalidArgumentException.<br/> |
| b) If cookies are not quoted, they will be quoted if they contain |
| <code>tspecials(ver0)</code> or <code>tspecials2(ver1)</code> |
| characters.<br/> |
| c) Escape character '\\' is allowed and respected as a escape character, |
| and will be unescaped during parsing. |
| </fix> |
| <fix> |
| <bug>43839</bug>: URL based session tracking fails when session cookie |
| from parent context is present. Based on a patch by Yuan Qingyun. |
| (markt) |
| </fix> |
| <fix> |
| <bug>43887</bug>: Include exception in the log message. (markt) |
| </fix> |
| <fix> |
| <bug>43914</bug>: Location headers must be encoded. Patch provided by |
| Ivan Todoroski. (markt) |
| </fix> |
| <fix> |
| <bug>43957</bug>: Service.bat didn't configure logging correctly. |
| Patch provided by Richard Fearn. (markt) |
| </fix> |
| <fix> |
| <bug>44041</bug>: Fix duplicate class definition error under load. |
| (markt) |
| </fix> |
| <fix> |
| <bug>44084</bug>: JASSRealm is broken for application provided |
| Principals. Patch provided by Noah Levitt. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper" > |
| <changelog> |
| <fix> |
| <bug>43702</bug>: Reduce length of unnecessarily long class names for |
| the inner helper class when using simple tags. (markt) |
| </fix> |
| <fix> |
| <bug>43757</bug>: Rather than use string matching to work out the line |
| in the JSP with the error, use the SMAP info and the knowledge that for |
| a scriptlet there is a one to one line mapping. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| Fix FarmWarDeployer can be only configured at host subelement (pero) |
| </fix> |
| <fix> |
| Fix wrong && at ReplicationValve (pero) |
| </fix> |
| <fix> |
| DeltaManager sessionCounter must be also increment at relicated sessions. (pero) |
| </fix> |
| <add> |
| Made attribute createTime accessible for all DataSenders. (pero) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps" > |
| <changelog> |
| <fix> |
| Fix CVE-2007-5461, an important information disclosure vulnerability in |
| the WebDAV Servlet. (markt) |
| </fix> |
| <fix> |
| <bug>43611</bug>: Provide an error message when trying to upload a WAR |
| for a context that has been defined in server.xml. (markt) |
| </fix> |
| <fix> |
| <bug>44094</bug>: Add note to docs about side-effects of setting |
| privileged on a context. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote" > |
| <changelog> |
| <fix> |
| <bug>43479</bug>: Fix memory leak cleaning up sendfile connections. |
| (markt) |
| </fix> |
| <fix> |
| <bug>43622</bug>: Don't always overwrite min compression size with |
| default. (markt) |
| </fix> |
| <fix> |
| <bug>43995</bug>: No timeout for sendfile (TODO item had been |
| forgotten). (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| |
| <section name="Tomcat 5.5.25 (fhanik)" rtext="released 2007-09-08"> |
| <subsection name="General"> |
| <changelog> |
| <docs> |
| Correct j.u.l log levels in JULI docs. (rjung) |
| </docs> |
| <update> |
| Update to Commons Modeler 2.0.1, fix embed release starting issue. (pero) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Handle special case of ROOT when re-loading webapp after ROOT.xml has |
| been modified. In some circumstances the reloaded ROOT webapp had no |
| associated resources. (markt) |
| </fix> |
| <fix> |
| Fix WebDAV Servlet so it works correctly with MS clients. (markt) |
| </fix> |
| <fix> |
| Remove invalid attribute "encoding" of MBean MemoryUserDatabase, |
| which lead to errors in the manager webapp JMXProxy output. (rjung) |
| </fix> |
| <fix> |
| Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host |
| Manager. Reported by Daiki Fukumori. (markt) |
| </fix> |
| <add> |
| <bug>39055</bug>: Add JMXAdaptorLifecycleListener to start JMX Connector |
| with fixed naming and data ports. This feature is needed to have stable |
| remote access when a firewall is active. The adaptor reads all standard |
| JMX system properties (-Dcom.sun.management.jmxremote.XXX). Currently |
| only included at src release (uses JDK 1.5 classes). |
| Feature provided by George Lindholm and Juergen Herrman (pero) |
| </add> |
| <fix> |
| <bug>41722</bug>: Make the role-link element optional (as required by |
| the spec) when using a security-role-ref element. (markt) |
| </fix> |
| <fix> |
| <bug>42547</bug>: Fix NPE when a ResourceLink in context.xml tries to |
| override an env-entry in web.xml. (markt) |
| </fix> |
| <fix> |
| <bug>42944</bug>: Correctly handle servlet mappings that use a '+' |
| character as part of the url pattern. (markt) |
| </fix> |
| <fix> |
| Improve large-file support (more then 4 Gb) at all AccessLogValves. (pero) |
| </fix> |
| <update> |
| <bug>43129</bug>: Support logging of response headers at AccessLogValve (ex. add %{Set-Cookie}o to your pattern). (pero) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>2500</bug>: FileNotFoundException within a JSP pages resulted in a |
| 404 rather than a 500. (markt) |
| </fix> |
| <fix> |
| <bug>37326</bug>: No error reported when an included page does not |
| exist. (markt) |
| </fix> |
| <fix> |
| <bug>42643</bug>: Prevent creation of duplicate JSP function mapper |
| variables. (markt) |
| </fix> |
| <fix> |
| <bug>42314</bug>: Provide compilation error details in cases where the |
| error can't be mapped back to a source file. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| Don't write error on System.out, use log() instead. (rjung) |
| </fix> |
| <fix> |
| Fix XSS security vulnerabilities (CVE-2007-2449) in the examples. |
| Reported by Toshiharu Sugiyama. (markt) |
| </fix> |
| <fix> |
| <bug>39212</bug>: Fix possible NPE in DummyCart example and remove |
| redundant code. (markt) |
| </fix> |
| <fix> |
| <bug>42979</bug>: Update sample.war to include recent security fixes |
| in the source code. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Separate sequence increment from getter in ThreadPool to avoid |
| misleading increments during monitoring via JMX. (rjung) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| <bug>40042</bug>: Recovery membership heartbeat after interface down. (pero) |
| </fix> |
| <fix> |
| <bug>42691</bug>: Don't set access time after session sync. Fix that sessions |
| after node restart better expire. Requested by Casey Lucas (pero) |
| </fix> |
| <fix> |
| Backport Tomcat 6 cluster socket parameter. (pero) |
| </fix> |
| <fix> |
| Fix typo in new MBean attribute which lead to errors in the manager webapp JMXProxy output. (rjung) |
| </fix> |
| <fix> |
| <bug>42689</bug>: No way to timeout new connect attempts for replication sockets. |
| Patch by Casey Lucas (pero) |
| </fix> |
| <fix> |
| Fix timeout setting on a replicated DeltaSession. |
| Patch by Alexander Maas (fhanik,pero) |
| </fix> |
| <fix> |
| <bug>42720</bug>: Don't send a message if no cluster member exists. |
| Patch by Keiichi Fujino (pero) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 5.5.24 (fhanik)" rtext="not released"> |
| <subsection name="General"> |
| <changelog> |
| <update> |
| Update to Commons DBCP src 1.2.2 (pero) |
| </update> |
| <update> |
| Update to Commons Pool src 1.3 (pero) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>33774</bug> Retry JNDI authentiction on ServiceUnavailableException |
| as at least one provider throws this after an idle connection has been |
| closed. (markt) |
| </fix> |
| <fix> |
| <bug>40593</bug> Cleanup that Listener stop after Manager stop |
| at StandardContext.stop(). Patch by Suzuki Yuichiro (pero) |
| </fix> |
| <fix> |
| <bug>41747</bug> Correct example ant script for deploy task. (markt) |
| </fix> |
| <fix> |
| <bug>41752</bug> Correct error message on exception in MemoryRealm. |
| (markt) |
| </fix> |
| <fix> |
| <bug>39875</bug> Minor cleanup in RealmBase.init, as requested by Takayoshi Kimura. (yoavs) |
| </fix> |
| <fix> |
| <bug>41477</bug> Add commons-el.jar to bin/catalina-tasks.xml, required for jasper2 tasks |
| using EL. Patch by Daniel Santos. (yoavs) |
| </fix> |
| <fix> |
| <bug>40150</bug> Ensure user and role classnames are validated on startup. Patch by |
| Tom. (yoavs) |
| </fix> |
| <fix> |
| <bug>42039</bug> Log a stack trace if a servlet throws an |
| UnavailableException. Patch provided by Kawasima Kazuh. (markt) |
| </fix> |
| <fix> |
| <bug>41990</bug> Add some additional mime-type mappings. (markt) |
| </fix> |
| <fix> |
| <bug>41655</bug> Fix message translations. Japanese translations |
| provided by Suzuki Yuichiro. (markt) |
| </fix> |
| <fix> |
| <bug>41939</bug> Add configuration option to disable nulling of static |
| and final fields of loaded classes when stopping a web application |
| classloader. Setting the system property |
| org.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES to |
| false will stop these fields being set to null on context stop. (markt) |
| </fix> |
| <fix> |
| Fix a logging related memory leak in ManagerBase and |
| ApplicationDispatcher. (markt) |
| </fix> |
| <fix> |
| <bug>42354</bug>: Ensure JARs in webapps are scanned for TLDs when the |
| Tomcat installation path contains spaces. (markt) |
| </fix> |
| <fix> |
| <bug>42361</bug>: Handle multi-part forms when saving requests during |
| FORM authentication process. Patch provided by Peter Runge. (markt) |
| </fix> |
| <fix> |
| <bug>42401</bug>: Update RUNNING.txt with better JRE/JDK information. |
| (markt) |
| </fix> |
| <fix> |
| <bug>42497</bug>: Ensure ETag header is present in a 304 response. |
| Patch provided by Len Popp. (markt) |
| </fix> |
| <fix> |
| Allow for a forward/include to call getAttributeNames on the Request in a sandbox. (billbarker) |
| </fix> |
| <add> |
| And getSession() operation to StandardManager and DeltaManager JMX Interface (pero) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <update> |
| Update host configuration document for new behaviour for directories |
| in appBase. (markt) |
| </update> |
| <update> |
| <bug>39883</bug> Add note to context configuration document about using |
| antiResourceLocking on a webapp outside the Host's appBase directory. (yoavs) |
| </update> |
| <update> |
| <bug>39540</bug> Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs) |
| </update> |
| <fix> |
| <bug>41289</bug>: Create configBase, since it is no longer created elsewhere. |
| Submitted by Shiva Kumar H R. (pero) |
| </fix> |
| <fix> |
| <bug>42103</bug>: Use correct names for truststoreFile, truststoreType and |
| truststorePass when saving server.xml in Admin webapp. Patch provided by |
| Matheus Bastos. (markt) |
| </fix> |
| <fix> |
| <bug>42025</bug>: Update valve documentation to refer to correct regular |
| expression implementation. (markt) |
| </fix> |
| <fix> |
| <bug>41956</bug>: Don't skip the connector address attribute when |
| persisting server.xml changes via the admin webapp. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>40960</bug> Inconsistent exception type thrown on socket timeout in |
| InternalAprInputBuffer. Patch by Christophe Pierret. (yoavs) |
| </fix> |
| <add> |
| <bug>41675</bug> Add a couple of DEBUG-level logging statements to Http11Processors |
| when sending error responses. Patch by Ralf Hauser. (yoavs) |
| </add> |
| <fix> |
| <bug>42119</bug> Fix return value for request.getCharacterEncoding() when |
| Content-Type headers contain parameters other than charset. Patch by |
| Leigh L Klotz Jr. (markt) |
| </fix> |
| <fix> |
| <bug>36155</bug> Always reset the MB when doing getBytes in the JK Connector (billbarker) |
| </fix> |
| <fix> |
| Improve large-file support in the AJP Connectors (billbarker) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| Receiver can also use tcpListenAddress with a hostname. (rjung, pero) |
| </fix> |
| <fix> |
| DeltaRequest synchronized getSize() and show log message as |
| readExternal() failure. (rjung, pero) |
| </fix> |
| <add> |
| Add DeltaManager expireTolerance attribute to quicker auto expire long backup sessions. (rjung, pero) |
| </add> |
| <add> |
| Add DeltaManager updateActiveIntervall attribute to send every 60 sec a session access message. (rjung, pero) |
| </add> |
| <fix> |
| <bug>39866</bug> Duplicate names appended to cluster manager name. (yoavs) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>39425</bug> Add additional system property permission to |
| catalina.policy for pre-compiled JSPs. (markt) |
| </fix> |
| <fix> |
| <bug>41227</bug> Add a bit of DEBUG-level logging to JspC so users know |
| which file is being compiled. (yoavs) |
| </fix> |
| <fix> |
| <bug>41869</bug> TagData.getAttribute() should return |
| TagData.REQUEST_TIME_VALUE when the attribute value is an EL expression. |
| (markt) |
| </fix> |
| <fix> |
| <bug>42071</bug> Fix IllegalStateException on multiple requests to |
| an unavailable JSP. Patch provided by Kawasima Kazuh. (markt) |
| </fix> |
| <fix> |
| After a JSP throws an UnavailableException allow it to be accessed once |
| the unavailable period has expired. (markt) |
| </fix> |
| <fix> |
| <bug>42072</bug> Don't call destroy() if the associated init() fails. |
| Patch provided by Kawasima Kazuh. (markt) |
| </fix> |
| <fix> |
| Fix a logging related memory leak in PageContextImpl. (markt) |
| </fix> |
| <fix> |
| <bug>42438</bug> Duplicate temporary variables were created when |
| jsp:attribute was used in conjunction with custom tags. Patch provided |
| by Brian Lenz. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| |
| <section name="Tomcat 5.5.23 (fhanik)" rtext="released 2007-03-09"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>41608</bug> Make log levels consistent when Servlet.service() |
| throws an exception. (markt) |
| </fix> |
| <fix> |
| <bug>41666</bug> Correct handling of boundary conditions for |
| If-Unmodified-Since and If-Modified-Since headers. Patch provided by |
| Suzuki Yuichiro. (markt) |
| </fix> |
| <fix> |
| <bug>41674</bug> Fix error messages when parsing context.xml that |
| incorrectly referred to web.xml. (markt) |
| </fix> |
| <fix> |
| <bug>41739</bug> Correct handling of servlets with a load-on-startup |
| value of zero. These are now the first servlets to be started. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Requests with multiple content-length headers are now rejected. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| |
| <section name="Tomcat 5.5.22 (fhanik)" rtext="not released"> |
| <subsection name="General"> |
| <changelog> |
| <fix> |
| Fix regression in build that prevented connectors from building. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| |
| <section name="Tomcat 5.5.21 (fhanik)" rtext="not released"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>41401</bug>: StandardService.getConnectorNames() return array of |
| Connector JMX objectnames. (pero) |
| </fix> |
| <fix> |
| <bug>29727</bug>: If env-entry values in web.xml are changed then |
| ensure new values are applied when context is reloaded. (markt) |
| </fix> |
| <fix> |
| <bug>34956</bug>: Ensure request and response objects passed to a |
| RequestDispatcher meet the requirements of SRV.8.2 and |
| SRV.14.2.5.1. This is disabled by default. The Java option |
| <code>-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true</code> |
| is required to enable this test. (markt) |
| </fix> |
| <fix> |
| <bug>36274</bug>: When including static content with the |
| DefaultServlet also treat content types ending in xml as text. |
| (markt) |
| </fix> |
| <fix> |
| <bug>36976</bug>: Don't use CATALINA_OPTS when stopping Tomcat. This |
| allows options for starting and stopping to be set on JAVA_OPTS and |
| options for starting only to be set on CATALINA_OPTS. Without this |
| fix, some startup options (eg the port for remote JMX) would cause |
| stop to fail. Based on a fix suggested by Michael Vorburger. (markt) |
| </fix> |
| <fix> |
| <bug>37070</bug>: Update mbean name documentation to include the |
| StandardWrapper. (markt) |
| </fix> |
| <fix> |
| <bug>37356</bug>: Ensure sessions time out correctly. This has been |
| fixed by removing the accessCount feature by default. This feature |
| prevents the session from timing out whilst requests that last |
| longer than the session time out are being processed. This feature |
| is enabled by setting the Java option |
| <code>-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true</code> |
| The feature is now implemented with synchronization which addresses |
| the thread safety issues associated with the original bug report. |
| (markt) |
| </fix> |
| <fix> |
| <bug>37439</bug>: Update documentation for Engine component to add |
| the requirement that the name must be unique. (markt) |
| </fix> |
| <fix> |
| <bug>37458</bug>: Add syncs to the WebappClassloader to address |
| rare issues when multiple threads attempt to load the same class |
| concurrently. (markt) |
| </fix> |
| <fix> |
| <bug>37509</bug>: Do not remove whitespace from the end of values |
| defined in logging.properties files. (markt) |
| </fix> |
| <fix> |
| <bug>38198</bug>: Add reference to Context documentation from Host |
| documentation that explains how Context name is obtained from the |
| Context filename. (markt) |
| </fix> |
| <fix> |
| <bug>39088</bug>: Prevent infinte loops when an exception is thrown |
| that returns itself for getRootCause(). Based on a patch by Wouter |
| Zelle. (markt) |
| </fix> |
| <fix> |
| <bug>39436</bug>: Correct MIME type for SVG. (markt) |
| </fix> |
| <fix> |
| <bug>39627</bug>: JULI no longer ignores a ".level=XXX" directive |
| in logging.properties. Patch provided by Roger Keays and Richard |
| Fearn. (markt) |
| </fix> |
| <fix> |
| <bug>39724</bug>: Removing the last valve from a pipeline did not |
| return the pipeline to the original state. Patch provided by |
| David Gagon. (markt) |
| </fix> |
| <fix> |
| <bug>40367</bug>: Update JK auto configuration documentation to clarify |
| that workers.properties must also exist. (markt) |
| </fix> |
| <fix> |
| <bug>40524</bug>: HttpServletRequest.getAuthType() now returns |
| CLIENT_CERT rather than CLIENT-CERT for certificate authentication |
| as per the spec. Note that web.xml continues to use CLIENT-CERT to |
| specify the certificate authentication should be used. (markt) |
| </fix> |
| <fix> |
| <bug>40526</bug>: Add support for JPDA_OPTS to catalina.bat and add a |
| JPDA_SUSPEND environment variable to both startup scripts. Patch |
| provided by Kurt Roy. (markt) |
| </fix> |
| <fix> |
| <bug>40528</bug>: Add missing message localisations as provided by |
| Ben Clifford. (markt) |
| </fix> |
| <fix> |
| <bug>40585</bug>: Fix parameterised constructor for o.a.juli.FileHandler |
| so parameters have an effect. (markt) |
| </fix> |
| <fix> |
| <bug>40625</bug>: Stop CGIServlet swallowing the root cause of an |
| exception. Patch provided by Takayoshi Kimura. (markt) |
| </fix> |
| <fix> |
| <bug>40723</bug>: Correct table creation example in JavaDoc for |
| JDBCAccessLogValve. (markt) |
| </fix> |
| <fix> |
| <bug>40802</bug>: Add jsp-api.jar to fileset in catalina-tasks.xml as provided by |
| Daniel Santos. (pero) |
| </fix> |
| <fix> |
| <bug>40817</bug>: Correct problem where CGI scripts in the root of the |
| ROOT context threw a <code>StringIndexOutOfBoundsException</code>. |
| (markt) |
| </fix> |
| <update> |
| Set the <code>SCRIPT_FILENAME</code> environment variable required |
| by PHP when using the CGIServlet to execute PHP. (markt) |
| </update> |
| <fix> |
| <bug>40823</bug>: Update context doc to clarify use of ROOT.xml, |
| multi-level context paths and to further discourage use of server.xml |
| (markt) |
| </fix> |
| <fix> |
| <bug>40844</bug>: Add additional syncs to JDBCRealm to resolve NPE when |
| two users try to authenticate using DIGEST authentication at the same |
| time. (markt) |
| </fix> |
| <fix> |
| <bug>40860</bug>: Log exceptions and other problems during parameter |
| processing. (markt) |
| </fix> |
| <fix> |
| <bug>40901</bug>: Encode directory listing output. Based on a patch |
| provided by Chris Halstead. (markt) |
| </fix> |
| <fix> |
| <bug>40929</bug>: Correct JavaDoc for StandardCalssLoader. (markt) |
| </fix> |
| <fix> |
| <bug>41008</bug>: Allow POST to be used for indexed queries with CGI |
| Servlet. Patch provided by Chris Halstead. (markt) |
| </fix> |
| <fix> |
| <bug>41020</bug>: Improve error message when custom error report Valve |
| fails to load. Also remove requirement that custom error report Valves |
| extend ValveBase. (markt) |
| </fix> |
| <fix> |
| <bug>41217</bug>: Set secure attribute on SSO cookie when cookie is |
| created during a secure request. Patch provided by Chris Halstead. |
| (markt) |
| </fix> |
| <fix> |
| Ensure Accept-Language headers conform to RFC 2616. Ignore them if |
| they do not. (markt) |
| </fix> |
| <fix> |
| Make provided instances of RequestDispatcher thread safe. (markt) |
| </fix> |
| <fix> |
| Fix formatting of CGI variable SCRIPT_NAME. (markt) |
| </fix> |
| <fix> |
| <bug>34643</bug>: Improved documentation for per-user / per-session clientAuth |
| usage in SSL Authenticator. Docs provided by jack and Ralf Hauser. (yoavs) |
| </fix> |
| <fix> |
| <bug>40668</bug>: Update release notes and readme files specific to v5.5.20 to |
| notify users of missing MailSessionFactory in distribution, suggest workarounds, |
| and link to relevant Bugzilla issue. (yoavs) |
| </fix> |
| <fix> |
| <bug>37977</bug>: adapt BUILDING.txt and net build.xml for SVN. Patch by |
| Christopher Sahnwaldt. (yoavs) |
| </fix> |
| <update> |
| <bug>39055</bug>: Link to sample workaround code for using JSR160 JMX monitoring |
| with a local firewall. Thanks to George Lindholm for the patch. (yoavs) |
| </update> |
| <update> |
| <bug>39476</bug>: add xml declaration to most build.xml files, as suggested by |
| Gregory S. Hoerner Sr. (yoavs) |
| </update> |
| <fix> |
| <bug>40326</bug>: stop using File#deleteOnExit in DefaultServlet to avoid |
| JVM memory leak, as suggested by quartz. (yoavs) |
| </fix> |
| <fix> |
| <bug>40192</bug>: update setup.html notes regarding Windows tray icon. (yoavs) |
| </fix> |
| <fix> |
| <bug>40177</bug>: add more warnings to documentation about RequestDumperValve |
| character encoding. (yoavs) |
| </fix> |
| <fix> |
| <bug>39255</bug>: NPE in AuthenticatorBase when logging level is set to DEBUG |
| and no prinicpal found. (yoavs) |
| </fix> |
| <fix> |
| <bug>41437</bug>: Make log messages and loglevel consistent during Context |
| start. Patch provided by Suzuki Yuichiro. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>38332</bug>: Add backlog attribute to ChannelSocket as provided by |
| Takayoshi Kimura. (pero) |
| </fix> |
| <update> |
| Backport packetSize feature from Tomcat 6.0.x at standard coyote AJP Jk handler. (pero) |
| </update> |
| <fix> |
| <bug>40771</bug>: Fix implementation of |
| SavedRequestInputFilter.doRead() so POST data may be read using a |
| Valve or Filter. Patch provided by Michael Dufel. (markt) |
| </fix> |
| <fix> |
| <bug>41017</bug>: Restore behaviour of MessageBytes.setString(null). |
| (remm/markt) |
| </fix> |
| <fix> |
| <bug>41057</bug>: Modify StringCache to add a configurable upper bound |
| to the length of cached strings. (remm/markt) |
| </fix> |
| <fix> |
| <bug>38774</bug>: Check javax.net.ssl.keyStorePassword system property as a secondary |
| source for keystore password in JSSESocketFactory, as suggested by Ted X. Toth. (yoavs) |
| </fix> |
| <fix> |
| <bug>39402</bug>: Modify existing Vary HTTP header, rather than overwrite it, if it |
| exists when using GZip compression. Patch by Matthew Cooke. (yoavs) |
| </fix> |
| <fix> |
| <bug>40241</bug>: Catch Exceptions instead of Throwables in Default and SSI servlets. |
| Also improve relevant logging while we're at it. (yoavs) |
| </fix> |
| <fix> |
| <bug>40133</bug>: Better error message when context name is not available on startup, |
| as suggested by Andreas Plesner Jacobsen. (yoavs) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>39975</bug>: don't have static Log references to prevent |
| classloader leaks. (yoavs) |
| </fix> |
| <fix> |
| <bug>40104</bug>: When displaying JSP source after an exception, handle |
| included files. (markt) |
| </fix> |
| <fix> |
| <bug>40797</bug>: This was a regression as a result of the fix for |
| <bug>33407</bug>. TLD validation was failing as a result of the use |
| of the escape character (0x1b) as a temporary replacement for \$. |
| An alternative character (0xe000) from the unicode private use range |
| is now used. (markt) |
| </fix> |
| <fix> |
| <bug>41057</bug>: Make jsp:plugin output XHTML compliant. (markt) |
| </fix> |
| <fix> |
| <bug>41327</bug>: Show full URI for a 404. Patch provided by Vijay. |
| (markt) |
| </fix> |
| <fix> |
| <bug>41265</bug>: Allow JspServlet checkInterval init parameter to be |
| explicitly set to the stated default value of zero by removing the |
| code that resets it to 300 if explicitly specified as zero. (markt) |
| </fix> |
| <fix> |
| Display the JSP source when a compilation error occurs and display |
| the correct line number rather than start of a scriptlet block. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| <bug>34952</bug>: Clarify that the Windows Installer always installs |
| a Windows service. (markt) |
| </fix> |
| <fix> |
| <bug>35968</bug>: Make environment entry properties input a text area. |
| Patch provided by Tristan Marly. (markt) |
| </fix> |
| <fix> |
| <bug>37588</bug>: Fix creation of JNDI Realm in admin application. Patch |
| provided by Terry Zhou. (markt) |
| </fix> |
| <fix> |
| <bug>38048</bug>: Fix memory leak assoaciated with use of expression |
| language in JSPs. Patch provided by Taras Tielkes. (markt) |
| </fix> |
| <fix> |
| <bug>39572</bug>: Improvements to CompressionFilter example provided by |
| Eric Hedström. (markt) |
| </fix> |
| <update> |
| <bug>40507</bug>: Update host-manager and servlet-examples web-apps to |
| use the servlet 2.4 xsd. Patch provided by Chris Halstead. (markt) |
| </update> |
| <fix> |
| <bug>40581</bug>: Add information on the use of a symbloic link as the |
| docBase for a Context to the Context documentation. (markt) |
| </fix> |
| <fix> |
| <bug>40633</bug>: Remove references to the DefaultContext from the |
| documentation. (markt) |
| </fix> |
| <fix> |
| <bug>40677</bug>: Update SSL documentation to indicate that PKCS11 |
| keystores may be used. (markt) |
| </fix> |
| <fix> |
| <bug>40714</bug>: Admin webapp no longer requires a username for a |
| DataSource since it is not required in all cases. (markt) |
| </fix> |
| <fix> |
| <bug>40720</bug>: Fix exception in admin webapp when adding a group to |
| a user. (markt) |
| </fix> |
| <fix> |
| <bug>40874</bug>: Correct log4j configuration in documentation webapp. |
| Patch provided by Franck Borel. (markt) |
| </fix> |
| <fix> |
| <bug>40999</bug>: Add trust store configuration for SSL connectors to |
| the admin webapp. (markt) |
| </fix> |
| <fix> |
| <bug>41051</bug>: Add information on keystore aliases and case |
| sensitivity to SSL HOW-TO. (markt) |
| </fix> |
| <fix> |
| <bug>41182</bug>: Update the Jasper documentation for the classpath |
| attribute. (markt) |
| </fix> |
| <fix> |
| <bug>41493</bug>: Fix handling of APR connectors in Admin webapp. |
| (markt) |
| </fix> |
| <fix> |
| <bug>41512</bug>: Version number was not inserted in release notes. |
| (markt) |
| </fix> |
| <fix> |
| <bug>40257</bug>: Update Manager webapp howto on remote deployment to reflect |
| need for explicit path in one specific use-case. Thanks to Venkatesh Jayaraman. (yoavs) |
| </fix> |
| <update> |
| <bug>40160</bug>: add reference to the Filter proposed in this Bugzilla item to the WebdavServlet. |
| While at it, give the WebdavServlet some long-overdue TLC by cleaning up some of the old data |
| structures in favor of modern (but still JDK 1.4-compliant) interfaces. (yoavs) |
| </update> |
| <docs> |
| Add a virtual hosting how-to contributed by Hassan Schroeder. (markt) |
| </docs> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <add> |
| Add clustered SSO code and backport feature from Tomcat 6.0.x, |
| submitted by Fabien Carrion (pero) |
| </add> |
| <add> |
| Add better recovery at FastAsyncQueueSender. Made the startegy more robust for temporary connection problems (pero) |
| </add> |
| </changelog> |
| </subsection> |
| </section> |
| |
| |
| <section name="Tomcat 5.5.20 (fhanik)" rtext="released 2006-09-28"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Fix logic error in UserDatbaseRealm.getprincipal() that caused user |
| roles assigned via groups to be ignored. (markt) |
| </fix> |
| <fix> |
| <bug>40518</bug>: Use correct message when a RuntimeException is |
| thrown from the requestInitialized or requestDestroyed method of |
| a listener that implements ServletRequestListener. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>31804</bug>: Unnested tags within a tag file are now configured |
| with the Tag represented by the containing tag file as their parent |
| tag. (markt) |
| </fix> |
| <fix> |
| <bug>33356</bug>: Tag attributes that contained $ followed by 1 or |
| more non-special characters and then a { character caused an |
| exception. (markt) |
| </fix> |
| <fix> |
| <bug>33407</bug>: The string \$ in template text was reduced to $ |
| when the isELIgnored page directive was set to true. (markt) |
| </fix> |
| <fix> |
| <bug>34509</bug>: Tag names may now use the full range of |
| characters permitted by xsd:nmtoken. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| <bug>34399</bug>: Disable undeploy for applications that have not |
| been deployed such as those defined in server.xml (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| |
| |
| <section name="Tomcat 5.5.19 (fhanik)" rtext="not released"> |
| <subsection name="General"> |
| <changelog> |
| <update> |
| Add multi attribute setting to jmx:set JMX remote ant task. |
| Patch contributed by Didier Donsez (pero) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>30762</bug>: Re-fix this bug that was re-introduced by the fix |
| to <bug>37264</bug>. (markt) |
| </fix> |
| <fix> |
| <bug>37588</bug>: Fix JNDI realm creation through JMX. Patch contributed by TerryZhou (fhanik) |
| </fix> |
| <fix> |
| <bug>39704</bug>: The use of custom classloaders failed when the context |
| was specified in server.xml. Correction of the fault will require setting |
| the new loader attribute useSystemClassLoaderAsParent to false. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>40418</bug>: APR Endpoint socket evaluation (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| <bug>31339</bug>: Admin app threw exceptions if a name other than Catalina |
| was configured for the Engine. Patch based on a suggestion from Amila |
| Suriarachchi. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| |
| |
| <section name="Tomcat 5.5.18 (yoavs)" rtext="not released"> |
| <subsection name="General"> |
| <changelog> |
| <update> |
| Change MD5 release signature files to have md5 (lowercase) extension instead of MD5 (uppercase), |
| as suggested by Henk Penning and specified in the |
| <a href="http://www.apache.org/dev/release-publishing.html">ASF release publishing guidelines</a>. (yoavs) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Fix that ManagerBase increment expireSessions counter at background task two times. (pero) |
| </fix> |
| <fix> |
| <bug>39406</bug>: Fix that StandardSession#getLastAccessedTime() uses correct exception message, |
| suggested by Takayoshi Kimura. (pero) |
| </fix> |
| <add> |
| <bug>39661</bug>: Add documentation on JULI FileHandler properties. (yoavs) |
| </add> |
| <add> |
| <bug>39657</bug>: Warn (and don't load jar) if JSP API is in webapp classloader repository, as suggested by |
| David Sanchez Crespillo. (yoavs) |
| </add> |
| <add> |
| <bug>39674</bug>: Support JRockit JVM in service.bat script, as suggested by lizongbo. (yoavs) |
| </add> |
| <fix> |
| <bug>39711</bug>: Update Loader configuration documentation, as suggested by Stephane Bailliez. (yoavs) |
| </fix> |
| <fix> |
| <bug>39865</bug>: Add Open Office mime types to conf/web.xml. (markt) |
| </fix> |
| <fix> |
| <bug>38814</bug>: Align CGI handling of indexed queries, parameters and |
| POST content with other CGI providers. The changes: only provide |
| parameters on the command line for indexed queries; always provide the |
| query string via the QUERY_STRING environment variable; provide POST |
| content unmodified to stdin; and never call getParameters(). (markt) |
| </fix> |
| <fix> |
| <bug>34801</bug>: Partial fix that adds handling of IOExceptions during |
| long running CGI requests. Based on a patch by Chris Davey. (markt) |
| </fix> |
| <fix> |
| <bug>39689</bug>: Allow single quotes (') and backticks (`) as well as |
| double quotes (") to be used to delimit SSI attribute values. (markt) |
| </fix> |
| <fix> |
| <bug>40053</bug>: Correct application deployment documentation so it |
| agrees with the classloader documentation regarding shared lib and |
| CATALINA_BASE. (markt) |
| </fix> |
| <fix> |
| <bug>39592</bug>: Stop HEAD requests for resources handled by SSI |
| servlet or filter generating stack traces in the logs. (markt) |
| </fix> |
| <fix> |
| Improve handling of the ';' character in the URL so that it is now |
| allowed if properly %xx encoded. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Fix APR endpoint so that the acceptor thread now only processes socket |
| accepts. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| <bug>39813</bug>: Correct handling of new line characters in JMX |
| attributes. Patch provided by R Bramley. (markt) |
| </fix> |
| <fix> |
| <bug>37781</bug>: Make sure that StoreConfig save external referenced war files at context.xml correct. (pero) |
| </fix> |
| <fix> |
| <bug>39791</bug>: Use correct default for useNaming within a Context. (markt) |
| </fix> |
| <fix> |
| Correctly generate re-direct for admin app index.jsp to prevent login page |
| being displayed twice when cookies are disabled. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| <bug>39473</bug>: Session timeout much shorter than setting |
| at web.xml at cluster environment, suggested by Jin Jiang. (pero) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| |
| <section name="Tomcat 5.5.17 (yoavs)" rtext="released 2006-04-27"> |
| <subsection name="General"> |
| <changelog> |
| <update> |
| Update to Xerces 2.8.0 (remm) |
| </update> |
| <update> |
| Update to tcnative 1.1.3 (remm) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Fix SingleSignOn Valve and add Session.getLastAccessTimeInternal() without session invalidation test. (pero) |
| </fix> |
| <fix> |
| <bug>38814</bug>: CGIServlet correctly handles Shift_JIS output. (markt) |
| </fix> |
| <fix> |
| Add missing REQUEST_URI environment variable to CGI environment. (markt) |
| </fix> |
| <fix> |
| <bug>27617</bug>: Sync existing mime types with httpd. (keith) |
| </fix> |
| <fix> |
| <bug>38761</bug>: Handle relative symlinks to shell scripts as suggested by Adam Murray (keith) |
| </fix> |
| <fix> |
| <bug>38795</bug>: Associate more closely bind with a finally unbind in StandardContext start and |
| stop, based on a patch by Darryl Miles (remm) |
| </fix> |
| <fix> |
| Improve undeployment robustness (remm) |
| </fix> |
| <update> |
| Expand the semaphore valve (remm) |
| </update> |
| <fix> |
| <bug>39021</bug>: Add back support for authentication only, submitted by Scott Stark (remm) |
| </fix> |
| <fix> |
| Revert fix for <bug>38113</bug>, which does not seem a legitimate problem, and causes |
| regressions (remm) |
| </fix> |
| <fix> |
| Correctly reset listeners when reloading a webapp (remm) |
| </fix> |
| <fix> |
| <bug>38194</bug>: Don't fail silently if -force is used without CATALINA_PID, submitted by Matthew Buckett. (yoavs) |
| </fix> |
| <fix> |
| <bug>38154</bug>: Avoid NPE in FileDirContext after webapp undeploy, reported by Jamie Maher. (yoavs) |
| </fix> |
| <fix> |
| <bug>38217</bug>: Added cautionary note about keystore password to SSL HowTo, as suggested by Ralf Hauser. (yoavs) |
| </fix> |
| <fix> |
| <bug>38262</bug>: Cleared ambiguity in host documentation, as suggested by Jeffrey Bennett. (yoavs) |
| </fix> |
| <fix> |
| <bug>38476</bug>: Modified check for null TLD stream, as suggested by Fabrizio Giustina. (yoavs) |
| </fix> |
| <fix> |
| <bug>38052</bug>: Use <i>userName</i> as userField default. User is at many databases a |
| reserved keyword, as suggested by rik. (pero) |
| </fix> |
| <fix> |
| Fix handling of non matching if-range header (remm) |
| </fix> |
| <fix> |
| <bug>37848</bug>: Only output catalina.sh diagnostic messages if we have a TTY, submitted by |
| David Shaw. (yoavs) |
| </fix> |
| <fix> |
| <bug>38596</bug>: Minor performance optimization in DataSourceRealm, suggested by Sandy |
| McArthur. (yoavs) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Make the default cipher suites available for SSL the same as the set of cipher |
| suites enabled by default rather than the set of all cipher suites. This prevents |
| ciphers suites that do not provide confidentiality protection and/or server |
| authentication being used by default. (markt) |
| </fix> |
| <fix> |
| Move AprEndpoint.getWorkerThread inside the try/catch for the main accept loop, to guard |
| about an OOM (which would most likely doom the server anyway) (remm) |
| </fix> |
| <fix> |
| As exhibited in the ASF's JIRA installation, it seems EINTR is a status code that should |
| be ignored as a result to a poll call (remm) |
| </fix> |
| <update> |
| New APR connectors defaults (remm) |
| </update> |
| <update> |
| Add multiple threads for APR pollers, to work around Windows limitations (performance degrades |
| very rapidly if poller sizes over 1024 are allowed when compiling APR) (remm) |
| </update> |
| <update> |
| New modes for firstReadTimeout (-1 being the new default) (remm) |
| </update> |
| <update> |
| Replace java.util.Stack usage with a simple array in the APR endpoint (remm) |
| </update> |
| <fix> |
| tcnative jnilib.c now report correct compile flags for runtime |
| Library.java checks like sendfile support default true/false (pero) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>38015</bug>: Remove misleading warnings logged in TagLibraryInfoImpl, as suggested by Andrew Houghton. (yoavs) |
| </fix> |
| <fix> |
| <bug>38376</bug>: Make sure body content stack is always properly aligned, as submitted by Tony Deigh. (yoavs) |
| </fix> |
| <fix> |
| Compatibility with JDT 3.2 (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| <bug>39292</bug>: Update catalina.policy at demo balancer app. Fix provided by Kerry Sainsbury (pero) |
| </fix> |
| <fix> |
| <bug>36847</bug>: Fixed the manager app copy function to not overwrite fileA with fileB when fileA==fileB. |
| Fix provided by Haroon Rafique (fhanik) |
| </fix> |
| <fix> |
| <bug>38508</bug>: Several enhancements to Host Manager application, including configurable |
| manager app support and dialog box enhancements. Thanks to George Sexton for the patch. (yoavs) |
| </fix> |
| <fix> |
| <bug>37781</bug>: Make sure context config file is writeable, suggested by George Sexton. (yoavs,pero) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <update> |
| Add at PooledSocketSender the jmx attributes inPoolSize and inUsePoolSize. (pero) |
| </update> |
| <fix> |
| DeltaManager set session creationTime at backup node. (pero) |
| </fix> |
| <update> |
| Add JvmRouteBinderValve documentation at cluster-howto.xml. (pero) |
| </update> |
| <add> |
| JvmRouteBinderValve now supports now sessionid's from request and cookies. |
| Thanks to Brian Stansberry for reporting it. (pero) |
| </add> |
| <fix> |
| <bug>38779</bug> Fix wrong jmx message arg at SimpleTcpCluster |
| at o.a.c.cluster.tcp.mbeans-descriptors.xml, submitted by Pawel Tucholski (pero) |
| </fix> |
| <fix> |
| Fix that not after every "Keep Alive Socket close" a log warning is generated at TcpReplicationThread (pero) |
| </fix> |
| <fix> |
| <bug>39178</bug>: Now ROOT.war deployment with FarmWarDeployer is possible (pero) |
| </fix> |
| <fix> |
| ReplicationValve not set primarySession flag when all backup nodes gone (pero) |
| </fix> |
| <update> |
| Add DeltaSession.getLastAccessTimeInternal() without session invalidation test. (pero) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| |
| <section name="Tomcat 5.5.16 (yoavs)" rtext="released 2006-03-15"> |
| <subsection name="General"> |
| <changelog> |
| <update> |
| Updated / enhanced docs to remove old FIXME references. (yoavs) |
| </update> |
| <update> |
| Required tcnative library version upgraded to 1.1.2 (remm) |
| </update> |
| <update> |
| Update to Eclipse JDT 3.1.2 (remm) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>23950</bug>: Context.listBindings() should return objects not |
| references. (markt) |
| </fix> |
| <fix> |
| <bug>38124</bug>: Add support for Windows 20xx when reading environment |
| variables in CGIServlet. (markt) |
| </fix> |
| <fix> |
| <bug>29214</bug>: response.containsHeader() now returns the correct |
| value for Content-Type and Content-Length headers. (markt) |
| </fix> |
| <fix> |
| Allow using a custom ContextConfig when using JMX embedding of Tomcat, as |
| is done by the regular deployer. (remm) |
| </fix> |
| <add> |
| Add JMX serverInfo attribute to Server MBean, that we can identify |
| the tomcat release remotely. (pero) |
| </add> |
| <fix> |
| Fix the JMX MBeanFactory.createStandardHost signature at mbean-descriptors.xml (pero) |
| </fix> |
| <fix> |
| Fix some cases (for example with realm usage) where the container logger for a context |
| would be retrieved using the wrong classloader (remm) |
| </fix> |
| <fix> |
| HttpSession.getId will no longer throw an ISE when the session is invalid (remm) |
| </fix> |
| <fix> |
| More detailed errors for naming issues (remm) |
| </fix> |
| <docs> |
| Add documentation for the Transaction element (remm) |
| </docs> |
| <update> |
| Add getContextPath to the internal servlet context implementation (remm) |
| </update> |
| <fix> |
| Only null instances loaded by the webapp CL, submitted by Matt Jensen (remm) |
| </fix> |
| <update> |
| Deploy folders which don't have a WEB-INF, and return an error when a context |
| file does not contain a Context element (remm) |
| </update> |
| <fix> |
| <bug>38653</bug>: Fix property name (remm) |
| </fix> |
| <fix> |
| Slightly modify the timing of the manager start, so that it is not started by a |
| listener (remm) |
| </fix> |
| <fix> |
| Refresh loggers used by the digester (remm) |
| </fix> |
| <fix> |
| Use sendError instead of setStatus to send the 401 code. (billbarker) |
| </fix> |
| <fix> |
| Don't append the port for an SSL redirect if it is the default port. (billbarker) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Log errors when setting socket options with debug priority rather than error. (remm) |
| </fix> |
| <fix> |
| <bug>38100</bug>: Make certain that a valid Host name is set, or none at all. (billbarker) |
| </fix> |
| <fix> |
| <bug>38485</bug>: Fix minor regression setting connection timeout (as well as linger and |
| no delay) where the default value was always used when using the regular |
| HTTP connector (remm) |
| </fix> |
| <update> |
| Pass along more of the SSL related fields to OpenSSL (remm) |
| </update> |
| <update> |
| CharChunk now implements CharSequence (remm) |
| </update> |
| <fix> |
| Fix coding error which could cause a rare crash when a poller error occurred and sockets |
| where pending being added to the keepalive poller (remm) |
| </fix> |
| <fix> |
| Fix potential sync issues when restarting a poller (remm) |
| </fix> |
| <fix> |
| Update APR error reports, including the error codes (remm) |
| </fix> |
| <fix> |
| <bug>38726</bug>: Remove duplicate request group field causing blank statistics for the |
| HTTP connector (remm) |
| </fix> |
| <fix> |
| Fix invalid length used by some AJP packets for the AJP APR connector, which could cause |
| corruption, submitted by Rudiger Plum (jim) |
| </fix> |
| <fix> |
| <bug>38346</bug>: Fix problems with request.getReader().readLine(). |
| Patch by Rainer Jung (billbarker) |
| </fix> |
| <update> |
| Local address reuse for APR Endpoints (via APR_SO_REUSEADDR) now enabled (jim) |
| </update> |
| <fix> |
| Don't write out the shutdown secret file if shutdown is disabled (the default) (billbarker) |
| </fix> |
| <fix> |
| Fix NPE when no sink is supplied. (billbarker) |
| </fix> |
| <update> |
| APR Endpoints now IPv6 aware (jim) |
| </update> |
| <update> |
| Downgrade "Response already committed" logging entry to DEBUG. (billbarker) |
| </update> |
| <fix> |
| <bug>38113</bug>: Return the empty String for an empty query-string instead of null. (billbarker) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>38389</bug>: Set correct JDT Compiler option to java 1.5 compliance. |
| Patch from Olivier Thomann and Paul Hamer (pero) |
| </fix> |
| <update> |
| Add some useful hints to jasper-howto. (pero). |
| </update> |
| <fix> |
| <bug>38776</bug>: Fix source file attribute, submitted by Olivier Thomann (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| Update DeltaManager session access stats (pero) |
| </fix> |
| <fix> |
| DeltaSession getId will no longer throw an ISE when the session is invalid (pero) |
| </fix> |
| <update> |
| Resurrected the "suspect" property so that the logs don't fill |
| up with errors when member disappears or a connection is lost. Only useful for pooled mode (fhanik) |
| </update> |
| <add> |
| <bug>35710</bug>: Add session replication for cross context session changes. |
| The portlet api need this support, see refactored ReplicationValve. (pero) |
| </add> |
| <update> |
| ReplicationValve reset DeltaSession when cluster node has no backup node. (pero) |
| </update> |
| <update> |
| DataSender close connection and throw exception also even if waitForAck is false. (pero) |
| </update> |
| <fix> |
| Active cluster junit test again. (pero) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix> |
| Fix some XSS issues in the JSP examples. (markt) |
| </fix> |
| <fix> |
| Fix logos in the manager webapp (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| |
| <section name="Tomcat 5.5.15 (yoavs)" rtext="released 2006-01-21"> |
| <subsection name="General"> |
| <changelog> |
| <fix> |
| <bug>32081</bug>: Remove the JDK requirement from the Win32 scripts. (keith) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>37852</bug>: Fix regression where the magic role '*' was denying all access. Patch by xrcat (billbarker) |
| </fix> |
| <fix> |
| <bug>37934</bug>: Don't ask for authentication if deny-from-all is in effect. (billbarker) |
| </fix> |
| <fix> |
| <bug>15570</bug>: auth-constraint of * was interpretted as all |
| authenticated users rather than as all roles defined in web.xml. (markt) |
| </fix> |
| <fix> |
| Remove leftover static logger which was used to log application level messages in |
| ApplicationContextFacade (remm) |
| </fix> |
| <fix> |
| <bug>38012</bug>: Where a CGI script sets a response code, use it. (markt) |
| </fix> |
| <fix> |
| <bug>37854</bug>: Extension-List checking was too strict. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Report binding errors in the APR endpoint as strings rather than platform specific |
| status codes (remm) |
| </fix> |
| <fix> |
| <bug>37934</bug>: Don't ask for authentication if deny-from-all is in effect. (billbarker) |
| </fix> |
| <fix><bug>38047</bug>: Handle the case where the Servlet attempts to read |
| the Request body from the AJP/1.3 Connector, in the case that no |
| body was sent. (billbarker) |
| </fix> |
| <fix><bug>38030</bug>: Unconditionally return EOS for an attempt to read |
| the body of any request that doesn't send CL or TE. |
| (remm, billbarker). |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>35351</bug>: Fix problem using an inner class for a <jsp:useBean />. (kinman). |
| </fix> |
| <fix> |
| <bug>37929</bug>: Don't stop on the generic attribute methods just because the session is invalid. Patch by Pierre Delisle. (billbarker) |
| </fix> |
| <update> |
| Add system properties org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER and |
| org.apache.jasper.runtime.JspFactoryImpl.USE_POOL to allow configuring Jasper |
| memory usage (remm) |
| </update> |
| <fix> |
| <bug>37933</bug>: Restrict <jsp:getAttribute /> to only look in PAGE_SCOPE. (billbarker) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| <bug>37808</bug>: Fix ArrayIndexOutOfBoundsException inside XByteBuffer. Reported by Dietmar Mueller (pero) |
| </fix> |
| <update> |
| <bug>37896</bug>DataSender starts new Socket after IOException. (pero) |
| </update> |
| <update> |
| Reduce memory usage at membership service. (pero) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| |
| <section name="Tomcat 5.5.14 (yoavs)"> |
| <subsection name="General"> |
| <changelog> |
| <update> |
| Update optional native APR connector version to 1.1.1. (mturk) |
| </update> |
| <update> |
| Update build.properties.default to get native connector from new location. (yoavs) |
| </update> |
| </changelog> |
| </subsection> |
| |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>13040</bug>: Fix getContext() when used to obtain a context that is a sub-context |
| of the current context. Ported from TC4. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>37746</bug>: Remove extra space from StringTokenizer pattern in JspC, as suggested by |
| Eric Hedstrom. (yoavs) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>36863</bug>: Strip quotes when parsing Cookie values, even for v0 Cookies. (billbarker) |
| </fix> |
| <fix> |
| <bug>37803</bug>: Don't claim that we have a string value in MessageBytes until we actually do. |
| Patch by Doug Rand (billbarker) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| |
| <section name="Tomcat 5.5.13 (yoavs)"> |
| <subsection name="General"> |
| <changelog> |
| <fix> |
| <bug>36711</bug>: Unused line of code. (yoavs) |
| </fix> |
| <update> |
| Removed unused SAXPath, Jaxen dependencies. (yoavs) |
| </update> |
| <update> |
| Update log4j dependency to version 1.2.12, Struts to 1.2.7. (yoavs) |
| </update> |
| <update> |
| Removed JDBC 2.0 StdExt dependency (only class from there is javax.sql.XADataSource, which is |
| present in JDK 1.4 and later. (yoavs) |
| </update> |
| <fix> |
| <bug>37039</bug>: typo on JK Quick configuration how-to. (yoavs) |
| </fix> |
| <add> |
| <bug>37035</bug>: Add a placeholder file in the temp directory for WinZip tar.gz handling. (yoavs) |
| </add> |
| <update> |
| Update JAF dependency to 1.0.2, JTA to 1.0.1b and JavaMail to 1.3.3_01. (markt) |
| </update> |
| <add> |
| Added Eclipse .project, .classpath, and associated files to make building Tomcat from |
| Eclipse significantly easier. (markt) |
| </add> |
| <add> |
| <bug>37284</bug>: Guess JSE 5.0 location on Mac OS X, patch by Stepan Koltsov. (yoavs) |
| </add> |
| <fix> |
| Wrong class name in antlib.xml for JkStatusUpdateTask. (yoavs) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>36802</bug>: Fix problem of double-init when JMX-deploying a |
| Context into a started Host. (billbarker) |
| </fix> |
| <fix> |
| <bug>36840</bug>: Provide information as to which web.xml is being processed on startup to |
| help debug parsing errors. (yoavs) |
| </fix> |
| <add> |
| <bug>34724</bug>: Ability to set domain for Single-Sign-On cookie. Patch by Oliver |
| Rossmueller. (yoavs) |
| </add> |
| <fix> |
| <bug>37044</bug>: RealmBase.hasResourcePermission needs to access the GenericPrincipal as |
| set by the realm unless hasRole is overriden, which was no longer being done properly for |
| the JAAS realm (remm) |
| </fix> |
| <fix> |
| <bug>37264</bug>: JNDI resources were no longer available when stopping listeners, |
| submitted by Bogdan Calmac (remm) |
| </fix> |
| <fix> |
| <bug>37150</bug>: Turn off directory listing by default and add a warning |
| regarding enabling listing of directories with many entries. (markt) |
| </fix> |
| <update> |
| Add configurability for the amount of time that the container will wait for requests |
| to complete when unloading servlets, using the unloadDelay property. (remm) |
| </update> |
| <update> |
| Add code to set to null fields in loaded classes when stopping a web application, as a |
| possible workaround for suspicious garbage collection behavior. (remm) |
| </update> |
| <update> |
| Update messages and stack traces for classloading errors which may occur when removing |
| a web application, and for stopped web applications. (remm) |
| </update> |
| <fix> |
| <bug>37319</bug>: Fix catalina.bat reference to CATALINA_BASE for logging.properties. Thanks |
| to Pierre-Yves Benzaken. (yoavs) |
| </fix> |
| <fix> |
| <bug>36852</bug>: Custom classloaders don't honor Contet privileged attribute. Thanks to |
| Matt Brinkley for the analysis and patch. (yoavs) |
| </fix> |
| <fix>Fix for a couple of (mostly silly) edge-cases in testing auth. |
| Thanks to Nam T. Nguyen for the report. (billbarker) |
| </fix> |
| <fix> |
| <bug>37060</bug>: Actually copy the Request headers when replaying after Form auth. (billbarker) |
| </fix> |
| <fix> |
| <bug>37591</bug>: Typo in Engine configuration reference. (yoavs) |
| </fix> |
| <fix> |
| <bug>37668</bug>: Added note about JSP recompilation to Context configuration documentation. (yoavs) |
| </fix> |
| <fix> |
| <bug>37132</bug>: Have DigestAuthenticator Handle user names with commas. Thanks to |
| Robert Wille for the patch. (yoavs) |
| </fix> |
| <fix> |
| <bug>37212</bug>: Better error reporting in Connector.java. Thanks to Ralf Hauser for |
| the patch. (yoavs) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Gracefully handle the case where some Socket options are disabled at |
| the OS level for the AJP/1.3 Connector. (billbarker) |
| </fix> |
| <fix> |
| <bug>36366</bug>: Use rewritten deployer-howto page by Allistair Crossley. (remm) |
| </fix> |
| <add> |
| <bug>36630</bug>: Added extra log output for class instantiation failure. (yoavs) |
| </add> |
| <fix> |
| <bug>37121</bug>: Sendfile always needs to be given the length of data to write, |
| which fixes ranged requests. (remm) |
| </fix> |
| <fix> |
| Optimized direct byte buffers association with the socket for APR connectors. (mturk) |
| </fix> |
| <fix> |
| Fix hidden NPEs when using the APR connectors and there's no host header. (pero, remm) |
| </fix> |
| <fix> |
| Http11Protocol now register RequestProcessor at JMX and show current usage inside manager app. (pero) |
| </fix> |
| <add> |
| JkStatus Ant tasks for mod_jk 1.2.15. (pero) |
| </add> |
| <update>Connection Timeout is normal, so reduce logging to DEBUG (billbarker) |
| </update> |
| <fix> |
| Fix crash which could occur with the HTTP APR connector when accessing request JMX objects |
| outside of the processing of the said request (remm) |
| </fix> |
| <fix> |
| <bug>37627</bug>: Fix buffering issue in the HTTP APR connector when a large buffer size was |
| used for servlets (remm) |
| </fix> |
| <fix> |
| <bug>37673</bug>: Fix implementation of getLocalPort and getLocalAddr in the HTTP APR connector |
| (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>35252</bug>: Jasper PageDataImpl outputs malformed XML. Patch by Rahul Akolkar. (yoavs) |
| </fix> |
| <add> |
| <bug>37062</bug>: Helpful JSP exception message containing file, line numbers. Patch by |
| Tim Fennell at http://www.tfenne.com/jasper/. (yoavs) |
| </add> |
| <fix> |
| <bug>37407</bug>: File descriptor leak in JspReader. Thanks to Fred for the patch. I also |
| did some minor cleanup in the class. (yoavs) |
| </fix> |
| <add> |
| <bug>37612</bug>: Add file location to JSP Validator error message. Thanks to Renaud Bruyeron |
| for the patch. (yoavs) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
| Fix that session replace messages are logged after node recovery get all session from master node. (pero) |
| </fix> |
| <fix> |
| <bug>37896</bug> Fix that sendMessage signature at all DataSender subclasses must be changed. |
| Now pooled and async modes working as expected. (pero) |
| </fix> |
| <fix> |
| Fix that socket at o.a.c.cluster.tcp.FastAsyncSocketSender can be disconnect/connect. (pero) |
| </fix> |
| <fix> |
| Fix cluster module build.xml script for new svn repository structure (pero) |
| </fix> |
| <fix> |
| Fix closed socket exceptions at normal server shutdown, reported by Olve Hansen (pero) |
| </fix> |
| <fix> |
| Fix closed socket exceptions inside async message transfer modes (pero) |
| </fix> |
| <fix> |
| <bug>34984</bug>: HttpSessionBindingEvent.getValue() get correct value (pero) |
| </fix> |
| <fix> |
| <bug>35916</bug>: send sessionCreated to SessionListener after cluster node recovery (pero) |
| </fix> |
| <fix> |
| <bug>36541</bug>: Used also Hashtable at DeltaSession (pero) |
| </fix> |
| <fix> |
| Better support cluster at engine level. (pero) |
| </fix> |
| <fix> |
| <bug>36866</bug>: Correct attribute name in conf/server.xml documentation for Cluster element. (yoavs) |
| </fix> |
| <fix> |
| <bug>37261</bug>: Allow xerces to know where the web.xml file is so that relative entities can be resolved. |
| </fix> |
| <fix> |
| <bug>37529</bug>: Fixed race condition in ReplicationLister#stopListening. Thanks to |
| Chris Walker for the patch. (yoavs) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Webapps"> |
| <changelog> |
| <fix>Remove obsolete TagPlugin file from JSP examples (billbarker)</fix> |
| <fix> |
| <bug>36019</bug>: Made clear the Host-Manager HowTo is coming soon, not ready yet. (yoavs) |
| </fix> |
| <fix> |
| <bug>36336</bug>: Check WAR extension in both upper and lower case, as suggested by |
| A. Grasoff. (yoavs) |
| </fix> |
| <fix> |
| <bug>35982</bug>: Can't delete mail sessions in admin webapp. (yoavs) |
| </fix> |
| <fix> |
| <bug>36673</bug>: Similar to the one above, for data sources. (yoavs) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| |
| <section name="Tomcat 5.5.12 (yoavs)"> |
| <subsection name="General"> |
| <changelog> |
| <fix> |
| Remove uneeded files in conf. (remm) |
| </fix> |
| <update> |
| Change distribution file names from jakarta-* to apache-*. (remm) |
| </update> |
| </changelog> |
| </subsection> |
| |
| <subsection name="Catalina"> |
| <changelog> |
| <add> |
| Add JMX Remote create and unregister ant tasks (pero) |
| </add> |
| <fix> |
| <bug>36343</bug>: Only normalize out backslash on Windows platforms. (billbarker) |
| </fix> |
| <fix> |
| Allow configuring standard stream redirection. (remm) |
| </fix> |
| <add> |
| <bug>36088</bug>: Add RUNNING.txt and RELEASE-NOTES.txt to fulldocs distro. (yoavs) |
| </add> |
| <fix> |
| <bug>36534</bug>: fix equals for URLs returned by ServletContext.getResource() (luehe) |
| </fix> |
| <fix> |
| <bug>36558</bug>: Clear IntrospectionUtils cache when stopping a webapp, as it |
| could leak to keeping a reference to the classloader (remm) |
| </fix> |
| <fix> |
| <bug>36113</bug>: Session persistence for objects with primitive types could fail in |
| some rare cases (remm) |
| </fix> |
| <fix> |
| <bug>36541</bug>: Full synchronization for session objects attributes collections (remm) |
| </fix> |
| <fix> |
| <bug>35609</bug>: service.bat echo command when wrong arguments given [patch by Robert |
| Longson] (yoavs) |
| </fix> |
| <fix> |
| <bug>34749</bug>: jsessionid dropped on trailing slash (/) redirect (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| |
| <subsection name="Coyote"> |
| <changelog> |
| <update> |
| Add support for secret for AJP APR (remm) |
| </update> |
| </changelog> |
| </subsection> |
| |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| Fix NPE with an error message when no Java compiler is available (remm) |
| </fix> |
| <fix> |
| Restrict System err stream capture to the Ant compiler, as the Eclipse compiler |
| does not need it (remm) |
| </fix> |
| <update> |
| JSP compilation speed improvement using tag library information caching, |
| submitted by Xingbo Gao (remm) |
| </update> |
| <add> |
| Initial contribution of JSTL tag plugins supporting the core tag library of |
| JSTL, submitted by Jing Li (remm) |
| </add> |
| </changelog> |
| </subsection> |
| |
| <subsection name="Cluster"> |
| <changelog> |
| <fix> |
|