| ================================================================================ |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| ================================================================================ |
| |
| $Id$ |
| |
| ================================= |
| Apache Tomcat 5.5 Patch Proposals |
| ================================= |
| |
| |
| PATCHES PROPOSED TO BACKPORT: |
| [ New proposals should be added at the end of the list ] |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50771 |
| Ensure HttpServletRequest#getAuthType() returns the name of the authentication scheme |
| if request has already been authenticated. |
| http://svn.apache.org/viewvc?view=revision&revision=1070409 |
| https://issues.apache.org/bugzilla/attachment.cgi?id=26650 (patch against tc5.5) |
| +1: kfujino, markt |
| -1: |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50744 |
| Skip SSL configuration check if we cannot create an unbound socket |
| https://issues.apache.org/bugzilla/attachment.cgi?id=26651 |
| +1: kkolinko, markt |
| -1: |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48717 |
| Call sessionDidActivate when replicating sessions |
| https://issues.apache.org/bugzilla/attachment.cgi?id=26679 |
| +1: markt, kfujino |
| -1: |
| |
| * Fix possible threading issue in JSP compilation when development mode is |
| enabled |
| http://svn.apache.org/viewvc?rev=1078409&view=rev |
| +1: markt, kfujino |
| -1: |
| |
| * Add additional configuration options to the DIGEST authenticator |
| http://people.apache.org/~markt/patches/2011-04-01-digest-tc5.patch |
| +1: markt |
| -1: |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47880 |
| Clarify error messages in *.sh files to mention that if a script is not |
| found it might be because execute permission is needed. |
| http://svn.apache.org/viewvc?rev=1088179&view=rev |
| +1: kkolinko, markt |
| -1: |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51042 |
| Don't notify session creation listeners when changing session ID on |
| authentication |
| http://svn.apache.org/viewvc?view=revision&revision=1094069 |
| +1: markt |
| -1: |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51073 |
| Throw an exception and do not start the APR connector if it is configured for |
| SSL and an invalid value is provided for SSLProtocol. |
| http://svn.apache.org/viewvc?view=revision&revision=1094089 |
| +1: markt |
| -1: |
| |
| * Multiple improvements to the Windows Installer |
| - https://issues.apache.org/bugzilla/show_bug.cgi?id=33262 |
| Install monitor to auto-start for current user only rather than all users to |
| be consistent with menu item creation. |
| - Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=40510 |
| Provide an option to install shortcuts for the current user or all users. |
| Also ensure registry is correctly cleaned on uninstall for 64-bit platforms. |
| - Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50949 |
| Provide the ability to specify the AJP port and service name when installing |
| Tomcat using the Windows installer. This permits multiple instances of the |
| same Tomcat version to be installed side-by-side. |
| - Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51135 |
| Fix auto-detection of JAVA_HOME for 64-bit Windows platforms that only have |
| a 32-bit JVM installed. |
| http://people.apache.org/~markt/patches/2011-06-24-windows-installer-multiple-tc5.patch |
| plus addition of http://people.apache.org/~markt/patches/2011-06-24-windows-installer-multiple-tc5.server_3.xml |
| http://svn.apache.org/viewvc?rev=1141955&view=rev |
| http://svn.apache.org/viewvc?rev=1141976&view=rev |
| http://svn.apache.org/viewvc?rev=1142001&view=rev |
| http://svn.apache.org/viewvc?rev=1142012&view=rev |
| http://svn.apache.org/viewvc?rev=1142784&view=rev |
| http://svn.apache.org/viewvc?rev=1142923&view=rev |
| +1: markt |
| -1: |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51324 |
| Improve handling of exceptions when flushing the response buffer to |
| ensure that the doFlush flag does not get stuck in the enabled state. |
| Patch by Jeremy Norris. |
| http://svn.apache.org/viewvc?rev=1133014&view=rev |
| +1: kkolinko, markt, kfujino |
| -1: |
| |
| * Fix various sendfile issues. CVE-2011-2526 |
| This is a port of r1145380, r1145694 and r1146005 |
| http://people.apache.org/~markt/patches/2011-07-13-cve-2011-2526-tc5.patch |
| +1: markt, kfujino |
| -1: |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41179 |
| Return 404 rather than 400 if no ROOT context is deployed |
| http://people.apache.org/~markt/patches/2011-07-22-bug41179-tc5.patch |
| +1: markt, kfujino |
| -1: |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51647 |
| Session replication fails with ClassNotFoundException when session attribute |
| is Java dynamic proxy |
| https://issues.apache.org/bugzilla/attachment.cgi?id=27375 |
| +1: markt, kfujino |
| -1: |
