| ================================================================================ |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| ================================================================================ |
| |
| $Id$ |
| |
| ================================= |
| Apache Tomcat 5.5 Patch Proposals |
| ================================= |
| |
| |
| PATCHES PROPOSED TO BACKPORT: |
| [ New proposals should be added at the end of the list ] |
| |
| |
| * Remove JSSE13Factory, JSSE13SocketFactory classes, |
| because |
| - TC 5.5 runs on JRE 1.4+ and that comes bundled with JSSE 1.4, |
| so these classes are no more needed. |
| - JSSE13SocketFactory directly references com.sun.net.* classes in its |
| source code without using reflection, and that causes compilation failure |
| with my IDE/JRE settings. |
| 1) |
| svn delete connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13Factory.java |
| svn delete connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java |
| 2) |
| http://people.apache.org/~kkolinko/patches/2010-03-06_tc55_remove_JSSE13Factory_v2.patch |
| +1: kkolinko, markt |
| -O: jim |
| -1: |
| |
| * Configure Tomcat to use HttpOnly for session cookies by default |
| http://people.apache.org/~kkolinko/patches/2010-04-21_tc55_context_httpOnly.patch |
| +1: kkolinko |
| -0: markt - Consensus was for disabled in 5.5.x |
| http://svn.apache.org/viewvc?view=revision&revision=749019 |
| -1: |
| |
| * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49521 |
| http://people.apache.org/~kkolinko/patches/2010-07-17_tc55_bug49521.patch |
| - Disable scanning for a free port in Jk AJP/1.3 connector by default. |
| - Do not change maxPort field value of ChannelSocket in its #setPort() |
| and #init() methods. |
| - Add support for "maxPort" attribute on a <Connector> element as a synonym |
| for channelSocket.maxPort |
| +1: kkolinko, markt |
| -1: |
| -0: rjung, jim |
| rjung: Should we really change default behaviour for a mature version? |
| kkolinko: (I think that hardly anyone uses that feature, and if it is needed, |
| one can reenable it now by setting the maxPort attribute. |
| It is possible to make this configurable without changing the default |
| -- see attachment 25657 in BZ 49521, but I do not think that it is worth it.) |
| jim: Also not comfortable with such a change this late in the game |
| regarding default behavior of a stable branch. |