| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <!DOCTYPE document [ |
| <!ENTITY project SYSTEM "project.xml"> |
| ]> |
| <?xml-stylesheet type="text/xsl" href="tomcat-docs.xsl"?> |
| <document url="changelog.html"> |
| |
| &project; |
| |
| <properties> |
| <title>Changelog</title> |
| <no-comments /> |
| </properties> |
| |
| <body> |
| <!-- |
| Subsection ordering: |
| General, Catalina, Coyote, Jasper, Cluster, WebSocket, Web applications, |
| Extras, Tribes, jdbc-pool, Other |
| |
| Item Ordering: |
| |
| Fixes having an issue number are sorted by their number, ascending. |
| |
| There is no ordering by add/update/fix. |
| |
| Other fixed issues are added to the end of the list, chronologically. |
| They eventually become mixed with the numbered issues. (I.e., numbered |
| issues to not "pop up" wrt. others). |
| --> |
| <section name="Tomcat 8.0.14 (markt)"> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| <bug>56079</bug>: The Apache Tomcat Windows installer, the Apache Tomcat |
| Windows service and the Apache Tomcat Windows service monitor |
| application are now digitally signed. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.13 (markt)" rtext="not released"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>55917</bug>: Allow bytes in the range 0x80 to 0xFF to appear in |
| cookie values if the cookie is a V1 (RFC2109) cookie and the value is |
| correctly quoted. The new RFC6265 based cookie parser must be enabled to |
| correctly handle these cookies. (markt) |
| </fix> |
| <fix> |
| <bug>55918</bug>: Do not permit control characters to appear in quoted |
| V1 (RFC2109) cookie values. The new RFC6265 based cookie parser must be |
| enabled to correctly handle these cookies. (markt) |
| </fix> |
| <fix> |
| <bug>55921</bug>: Correctly handle (ignore the cookie) unescaped JSON in |
| a cookie value. The new RFC6265 based cookie parser must be enabled to |
| correctly handle these cookies. (markt) |
| </fix> |
| <add> |
| <bug>56401</bug>: Log version information when Tomcat starts. |
| (markt/kkolinko) |
| </add> |
| <add> |
| <bug>56530</bug>: Add a web application class loader implementation that |
| supports the parallel loading of web application classes. (markt) |
| </add> |
| <fix> |
| <bug>56900</bug>: Fix some potential resource leaks when reading |
| property files reported by Coverity Scan. Based on patches provided by |
| Felix Schumacher. (markt) |
| </fix> |
| <fix> |
| <bug>56902</bug>: Fix a potential resource leak in the Default Servlet |
| reported by Coverity Scan. Based on a patch provided by Felix |
| Schumacher. (markt) |
| </fix> |
| <fix> |
| <bug>56903</bug>: Correct the return value for |
| <code>StandardContext.getResourceOnlyServlets()</code> so that multiple |
| names are separated by commas. Identified by Coverity Scan and fixed |
| based on a patch by Felix Schumacher. (markt) |
| </fix> |
| <add> |
| Add an additional implementation of a RFC6265 based cookie parser along |
| with new Context options to select and configure it. This parser is |
| currently considered experiemental and is not used by default. (markt) |
| </add> |
| <fix> |
| Fixed the multipart elements merge operation performed during web |
| application deployment. Identified by Coverity Scan. (violetagg) |
| </fix> |
| <fix> |
| Correct the information written by |
| <code>ExtendedAccessLogValve</code> when a format token x-O(XXX) is |
| used so that multiple values for a header XXX are separated by commas. |
| Identified by Coverity Scan. (violetagg) |
| </fix> |
| <fix> |
| Fix a potential resource leak when reading MANIFEST.MF file for |
| extension dependencies reported by Coverity Scan. (violetagg) |
| </fix> |
| <fix> |
| Fix some potential resource leaks when reading properties, files and |
| other resources. Reported by Coverity Scan. (violetagg) |
| </fix> |
| <fix> |
| Correct the previous fix for <bug>56825</bug> that enabled pre-emptive |
| authentication to work with the SSL authenticator. (markt) |
| </fix> |
| <scode> |
| Refactor to reduce code duplication identified by Simian. (markt) |
| </scode> |
| <fix> |
| When using parallel deployment and <code>undeployOldVersions</code> |
| feature is enabled on a Host, correctly undeploy context of old |
| version. Make sure that Tomcat does not undeploy older Context if |
| current context is not running. (kfujino) |
| </fix> |
| <fix> |
| Fix a rare threading issue when locking resources via WebDAV. |
| (markt) |
| </fix> |
| <fix> |
| Fix a rare threading issue when using HTTP digest authentication. |
| (markt) |
| </fix> |
| <fix> |
| When deploying war, add XML file in the config base to the redeploy |
| resources if war does not have META-INF/context.xml or |
| <code>deployXML</code> is false. If XML file is created in the config |
| base, redeploy will occur. (kfujino) |
| </fix> |
| <scode> |
| Various changes to reduce unnecessary code in Tomcat's copy of |
| Apache Commons BCEL to reduce the time taken for annotation scanning |
| when web applications start. Includes contributions from kkolinko and |
| hzhang9. (markt) |
| </scode> |
| <fix> |
| <bug>56938</bug>: Ensure web applications that have mixed case context |
| paths and are deployed as directories are correctly removed on undeploy |
| when running on a case sensitive file system. (markt) |
| </fix> |
| <add> |
| <bug>57004</bug>: Add <code>stuckThreadCount</code> property to |
| <code>StuckThreadDetectionValve</code>'s JMX bean. Patch provided by |
| Jiří Pejchal. (schultz) |
| </add> |
| <fix> |
| <bug>57011</bug>: Ensure that the request and response are correctly |
| recycled when processing errors during async processing. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>56910</bug>: Prevent the invalid value of <code>-1</code> being |
| used for <code>maxConnections</code> with APR connectors. (markt) |
| </fix> |
| <fix> |
| Ensure that AJP connectors enable the <code>KeepAliveTimeout</code>. |
| (kfujino) |
| </fix> |
| <fix> |
| Reduce duplicated code. All AJP connectors use common method to |
| configuration of processor. (kfujino) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>43001</bug>: Enable the JspC Ant task to set the JspC option |
| <code>mappedFile</code>. (markt) |
| </fix> |
| <fix> |
| Ensure that the implementation of |
| <code>javax.servlet.jsp.PageContext.include(String)</code> |
| and |
| <code>javax.servlet.jsp.PageContext.include(String, boolean)</code> |
| will throw <code>IOException</code> when an I/O error occur during |
| the operation. (violetagg) |
| </fix> |
| <fix> |
| <bug>56908</bug>: Fix some potential resource leaks when reading |
| jar files. Reported by Coverity Scan. Patch provided by Felix |
| Schumacher. (violetagg) |
| </fix> |
| <fix> |
| Fix a potential resource leak in JDTCompiler when checking wether |
| a resource is a package. Reported by Coverity Scan. (fschumacher) |
| </fix> |
| <fix> |
| <bug>56991</bug>: Deprecate the use of a request attribute to pass a |
| <jsp-file> declaration to Jasper and prevent an infinite loop |
| if this technique is used in conjunction with an include. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| <bug>56905</bug>: Make destruction on web application stop of thread |
| group used for WebSocket connections more robust. (kkolinko/markt) |
| </fix> |
| <fix> |
| <bug>56907</bug>: Ensure that client IO threads are stopped if a secure |
| WebSocket client connection fails. (markt) |
| </fix> |
| <fix> |
| <bug>56982</bug>: Return the actual negotiated extensions rather than an |
| empty list for <code>Session.getNegotiatedExtensions()</code>. (markt) |
| </fix> |
| <update> |
| Update the WebSocket implementation to support the Java WebSocket |
| specification version 1.1. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <add> |
| Add <code>JarScanner</code> to the nested components listed for a |
| Context. (markt) |
| </add> |
| <update> |
| Update the Windows authentication documentation after some additional |
| testing to answer the remaining questions. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| <bug>56895</bug>: Correctly compose <code>JAVA_OPTS</code> in |
| <code>catalina.bat</code> so that escape sequences are preserved. Patch |
| by Lucas Theisen. (markt) |
| </fix> |
| <update> |
| <bug>56988</bug>: Allow to use relative path in <code>base.path</code> |
| setting when building Tomcat. (kkolinko) |
| </update> |
| <fix> |
| <bug>56990</bug>: Ensure that the <code>ide-eclipse</code> build target |
| downloads all the libraries required by the default Eclipse |
| configuration files. (markt) |
| </fix> |
| <fix> |
| Update the package renamed copy of Apache Commons DBCP 2 to revision |
| 1626988 to pick up the fixes since the 2.0.1 release including support |
| for custom eviction policies. (markt) |
| </fix> |
| <fix> |
| Update the package renamed copy of Apache Commons Pool 2 to revision |
| 1627271 to pick up the fixes since the 2.2 release including some memory |
| leak fixes and support for application provided eviction policies. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.12 (markt)" rtext="2014-09-03"> |
| <subsection name="Catalina"> |
| <changelog> |
| <add> |
| Make the session id generator extensible by adding a |
| <code>SessionIdGenerator</code> interface, an abstract |
| base class and a standard implementation. (rjung) |
| </add> |
| <fix> |
| <bug>56882</bug>: Fix regression in processing of includes and forwards |
| when Context have been reloaded. Tomcat was responding with HTTP Status |
| 503 (Servlet xxx is currently unavailable). (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| When building a list of JSSE ciphers from an OpenSSL cipher defintiion, |
| ignore unknown criteria rather than throwing a |
| <code>NullPointerException</code>. (markt) |
| </fix> |
| <add> |
| Add support for the EECDH alias when using the OpenSSL cipher syntax to |
| define JSSE ciphers. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| Correct a logic error in the <code>JasperElResolver</code>. There was no |
| functional impact but the code was less efficient as a result of the |
| error. Based on a patch by martinschaef. (markt) |
| </fix> |
| <fix> |
| <bug>56568</bug>: Enable any HTTP method to be used to request a JSP |
| page that has the <code>isErrorPage</code> page directive set to |
| <code>true</code>. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <add> |
| Extend support for the <code>permessage-deflate</code> extension to |
| compression of outgoing messages on the server side. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <add> |
| <bug>56323</bug>: Include the <code>*.bat</code> files when installing |
| Tomcat via the Windows installer. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.11 (markt)" rtext="2014-08-22"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>56658</bug>: Fix regression that a context was inaccessible after |
| reload. (kkolinko) |
| </fix> |
| <fix> |
| <bug>56710</bug>: Do not map requests to servlets when context is |
| being reloaded. (kkolinko) |
| </fix> |
| <fix> |
| <bug>56712</bug>: Fix session idle time calculations in |
| <code>PersistenceManager</code>. (kkolinko) |
| </fix> |
| <fix> |
| <bug>56717</bug>: Fix duplicate registration of |
| <code>MapperListener</code> during repeated starts of embedded Tomcat. |
| (kkolinko) |
| </fix> |
| <add> |
| <bug>56724</bug>: Write an error message to Tomcat logs if container |
| background thread is aborted unexpectedly. (kkolinko) |
| </add> |
| <fix> |
| When scanning class files (e.g. for annotations) and reading the number |
| of parameters in a <code>MethodParameters</code> structure only read a |
| single byte (rather than two bytes) as per the JVM specification. Patch |
| provided by Francesco Komauli. (markt) |
| </fix> |
| <fix> |
| Allow the JNDI Realm to start even if the directory is not available. |
| The directory not being available is not fatal once the Realm is started |
| and it need not be fatal when the Realm starts. Based on a patch by |
| Cédric Couralet. (markt) |
| </fix> |
| <fix> |
| <bug>56736</bug>: Avoid an incorrect <code>IllegalStateException</code> |
| if the async timeout fires after a non-container thread has called |
| <code>AsyncContext.dispatch()</code> but before a container thread |
| starts processing the dispatch. (markt) |
| </fix> |
| <fix> |
| <bug>56739</bug>: If an application handles an error on an application |
| thread during asynchronous processing by calling |
| <code>HttpServletResponse.sendError()</code>, then ensure that the |
| application is given an opportunity to report that error via an |
| appropriate application defined error page if one is configured. (markt) |
| </fix> |
| <fix> |
| <bug>56784</bug>: Fix a couple of rare but theoretically possible |
| atomicity bugs. (markt) |
| </fix> |
| <fix> |
| <bug>56785</bug>: Avoid <code>NullPointerException</code> if directory |
| exists on the class path that is not readable by the Tomcat user. |
| (markt) |
| </fix> |
| <fix> |
| <bug>56796</bug>: Remove unnecessary sleep when stopping a web |
| application. (markt) |
| </fix> |
| <fix> |
| <bug>56801</bug>: Improve performance of |
| <code>org.apache.tomcat.util.file.Matcher</code> which is to filter JARs |
| for scanning during web application start. Based on a patch by Sheldon |
| Shao. (markt) |
| </fix> |
| <fix> |
| <bug>56815</bug>: When the <code>gzip</code> option is enabled for the |
| <code>DefaultServlet</code> ensure that a suitable <code>Vary</code> |
| header is returned for resources that might be returned directly in |
| compressed form. (markt) |
| </fix> |
| <fix> |
| Do not mark threads from the container thread pool as container threads |
| when being used to process <code>AsyncContext.start(Runnable)</code> so |
| processing is correctly transferred back to a genuine container thread |
| when necessary. (markt) |
| </fix> |
| <add> |
| Add simple caching for calls to <code>StandardRoot.getResources()</code> |
| in the new (for 8.0.x) resources implementation. (markt) |
| </add> |
| <fix> |
| <bug>56825</bug>: Enable pre-emptive authentication to work with the |
| SSL authenticator. Based on a patch by jlmonteiro. (markt) |
| </fix> |
| <fix> |
| <bug>56840</bug>: Avoid NPE when the rewrite valve is mapped to |
| a context. (remm) |
| </fix> |
| <fix> |
| Correctly handle multiple <code>accept-language</code> headers rather |
| than just using the first header to determine the user's preferred |
| Locale. (markt) |
| </fix> |
| <fix> |
| <bug>56848</bug>: Improve handling of <code>accept-language</code> |
| headers. (markt) |
| </fix> |
| <fix> |
| <bug>56857</bug>: Fix thread safety issue when calling ServletContext |
| methods while running under a security manager. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Fix NIO2 sendfile state tracking and error handling to fix |
| various corruption issues. (remm) |
| </fix> |
| <fix> |
| Missing timeout for NIO2 sendfile writes. (remm) |
| </fix> |
| <fix> |
| Allow inline processing for NIO2 sendfile and optimize keepalive |
| behavior. (remm) |
| </fix> |
| <fix> |
| Fix excessive NIO2 sendfile direct memory use in some cases, sendfile |
| will now instead use the regular socket write buffer as configured. |
| (remm) |
| </fix> |
| <fix> |
| <bug>56661</bug>: Fix <code>getLocalAddr()</code> for AJP connectors. |
| The complete fix is only available with a recent AJP forwarder like |
| the forthcoming mod_jk 1.2.41. (rjung) |
| </fix> |
| <fix> |
| Use default ciphers defined as |
| <code>HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5</code> so |
| that no weak ciphers are enabled by default. (remm) |
| </fix> |
| <fix> |
| <bug>56780</bug>: Enable Tomcat to start when using SSL with an IBM JRE |
| in strict SP800-131a mode. (markt) |
| </fix> |
| <fix> |
| <bug>56810</bug>: Remove use of Java 8 specific API calls in unit tests |
| for OpenSSL to JSSE cipher conversion. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>56709</bug>: Fix system property name in a log message. Submitted |
| by Robert Kish. (remm) |
| </fix> |
| <fix> |
| <bug>56797</bug>: When matching a method in an EL expression, do not |
| treat bridge methods as duplicates of the method they bridge to. In this |
| case always call the target of the bridge method. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| <bug>56746</bug>: Allow secure WebSocket client threads to use the |
| current context class loader rather than explicitly setting it to the |
| class loader that loaded the WebSocket implementation. This allows |
| WebSocket client connections from within web applications to access, |
| amongst other things, the JNDI resources associated with the web |
| application. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| Correct the label in the list of sessions by idle time for the bin that |
| represents the idle time immediately below the maximum permitted idle |
| time when using the expire command of the Manager application. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="jdbc-pool"> |
| <changelog> |
| <fix> |
| <bug>53088</bug>: More identifiable thread name. (fhanik) |
| </fix> |
| <fix> |
| <bug>53200</bug>: Selective logging for slow versus failed queries. |
| (fhanik) |
| </fix> |
| <fix> |
| <bug>53853</bug>: More flexible classloading. (fhanik) |
| </fix> |
| <fix> |
| <bug>54225</bug>: Disallow empty init SQL. (fhanik) |
| </fix> |
| <fix> |
| <bug>54227</bug>: Evaluate max age upon borrow. (fhanik) |
| </fix> |
| <fix> |
| <bug>54235</bug>: Disallow nested pools exploitating using data source. |
| (fhanik) |
| </fix> |
| <fix> |
| <bug>54395</bug>: Fix JDBC interceptor parsing bug. (fhanik) |
| </fix> |
| <fix> |
| <bug>54537</bug>: Performance improvement in |
| <code>StatementFinalizer</code>. (fhanik) |
| </fix> |
| <fix> |
| <bug>54978</bug>: Make sure proper connection validation always happens, |
| regardless of config. (fhanik) |
| </fix> |
| <fix> |
| <bug>56318</bug>: Ability to trace statement creation in |
| <code>StatementFinalizer</code>. (fhanik) |
| </fix> |
| <fix> |
| <bug>56789</bug>: getPool() returns the actual pool, always. (fhanik) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <add> |
| <bug>56788</bug>: Display the full version in the list of installed |
| applications when installed via the Windows installer package. Patch |
| provided by Alexandre Garnier. (markt) |
| </add> |
| <add> |
| <bug>56829</bug>: Add the ability for users to define their own values |
| for <code>_RUNJAVA</code> and <code>_RUNJDB</code> environment |
| variables. Be more strict with executable filename on Windows |
| (s/java/java.exe/). Based on a patch by Neeme Praks. (markt/kkolinko) |
| </add> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.10 (markt)" rtext="not released"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>44312</bug>: Log an error if there is a conflict between Host and |
| Alias names. Improve host management methods in <code>Mapper</code> |
| to avoid occasionally removing a wrong host. Check that host management |
| operations are performed on the host and not on an alias. (kkolinko) |
| </fix> |
| <scode> |
| <bug>56611</bug>: Refactor code to remove inefficient calls to |
| <code>Method.isAnnotationPresent()</code>. Based on a patch by Jian Mou. |
| (markt/kkolinko) |
| </scode> |
| <fix> |
| Fix regression in |
| <code>StandardContext.removeApplicationListener()</code>, introduced by |
| the fix for bug <bug>56588</bug>. (kkolinko) |
| </fix> |
| <fix> |
| <bug>56653</bug>: Fix concurrency issue with lists of contexts in |
| <code>Mapper</code> when stopping Contexts. (kkolinko) |
| </fix> |
| <fix> |
| <bug>56657</bug>: When using parallel deployment, if the same session id |
| matches different versions of a web application, prefer the latest |
| version. Ensure that remapping selects the version that we expect. |
| (kkolinko) |
| </fix> |
| <fix> |
| Assert that mapping result object is empty before performing mapping |
| work in <code>Mapper</code>. (kkolinko) |
| </fix> |
| <scode> |
| Remove <code>context</code> and <code>wrapper</code> fields in |
| <code>Request</code> class and deprecate their setters. (kkolinko) |
| </scode> |
| <fix> |
| <bug>56658</bug>: Avoid delay between registrations of mappings for |
| context and for its servlets. (kkolinko) |
| </fix> |
| <fix> |
| <bug>56665</bug>: Correct the generation of the effective web.xml when |
| elements contain an empty string as value. (violetagg) |
| </fix> |
| <fix> |
| Fix storeconfig exception routing issues, so that a major problem |
| should avoid configuration overwrite. (remm) |
| </fix> |
| <fix> |
| Add configuration fields for header names in SSLValve. (remm) |
| </fix> |
| <fix> |
| <bug>56666</bug>: When clearing the SSO cookie use the same values for |
| domain, path, httpOnly and secure as were used to set the SSO cookie. |
| (markt) |
| </fix> |
| <fix> |
| <bug>56677</bug>: Ensure that |
| <code>HttpServletRequest.getServletContext()</code> returns the correct |
| value during a cross-context dispatch. (markt) |
| </fix> |
| <fix> |
| <bug>56684</bug>: Ensure that Tomcat does not shut down if the socket |
| waiting for the shutdown command experiences a |
| <code>SocketTimeoutException</code>. (markt) |
| </fix> |
| <fix> |
| <bug>56693</bug>: Fix various issues in the static resource cache |
| implementation where the cache retained a stale entry after the |
| successful completion of an operation that always invalidates the cache |
| entry such as a delete operation. |
| (markt) |
| </fix> |
| <fix> |
| When the current PathInfo is modified as a result of dispatching a |
| request, ensure that a call to |
| <code>HttpServletRequest.getPathTranslated()</code> returns a value that |
| is based on the modified PathInfo. (markt) |
| </fix> |
| <fix> |
| <bug>56698</bug>: When persisting idle sessions, only persist newly idle |
| sessions. Patch provided by Felix Schumacher. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>56663</bug>: Fix edge cases demonstrated by ByteCounter relating |
| to data available, remaining and extra write events, mostly occurring |
| with non blocking Servlet 3.1. (remm) |
| </fix> |
| <fix> |
| Avoid possible NPE stopping endpoints that are not started (stop |
| shouldn't do anything in that case). (remm) |
| </fix> |
| <add> |
| <bug>56704</bug>: Add support for OpenSSL syntax for ciphers when |
| using JSSE SSL connectors. Submitted by Emmanuel Hugonnet. (remm) |
| </add> |
| <update> |
| Allow to configure <code>maxSwallowSize</code> attribute of an HTTP |
| connector via JMX. (kkolinko) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>56543</bug>: Update to the Eclipse JDT Compiler 4.4. (violetagg) |
| </fix> |
| <fix> |
| <bug>56652</bug>: Add support for method parameters that use arrays and |
| varargs to <code>ELProcessor.defineFunction()</code>.(markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <add> |
| Add support for the <code>permessage-deflate</code> extension. This is |
| currently limited to decompressing incoming messages on the server side. |
| It is expected that support will be extended to outgoing messages and to |
| the client side shortly. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| Attempt to obfuscate session cookie values associated with other web |
| applications when viewing HTTP request headers with the Cookies example |
| from the examples web application. This reduces the opportunity to use |
| this example for malicious purposes should the advice to remove the |
| examples web application from security sensitive systems be ignored. |
| (markt) |
| </fix> |
| <fix> |
| <bug>56694</bug>: Remove references to <code>Manager</code> attribute |
| <code>checkInterval</code> from documentation and Javadoc since it no |
| longer exists. Based on a patch by Felix Schumacher. Also remove other |
| references to <code>checkInterval</code> that are no longer valid. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <update> |
| Update the API stability section of the release notes now that Tomcat 8 |
| has had its first stable release. (markt) |
| </update> |
| <update> |
| Improve <code>build.xml</code> so that when Eclipse JDT Compiler is |
| updated, it will delete the old JAR from <code>build/lib</code> |
| directory. (kkolinko) |
| </update> |
| <scode> |
| Simplify implementation of "setproxy" target in <code>build.xml</code>. |
| (kkolinko) |
| </scode> |
| <update> |
| Update optional Checkstyle library to 5.7. (kkolinko) |
| </update> |
| <update> |
| <bug>56596</bug>: Update to Tomcat Native Library version 1.1.31 to |
| pick up the Windows binaries that are based on OpenSSL 1.0.1h. (markt) |
| </update> |
| <fix> |
| <bug>56685</bug>: Add quotes necessary for <code>daemon.sh</code> to |
| work correctly on Solaris. Based on a suggesiton by lfuka. (markt) |
| </fix> |
| <update> |
| Update package renamed Apache Commons Pool2 to r1609323 to pick various |
| bug fixes. (markt) |
| </update> |
| <update> |
| Update package renamed Apache Commons DBCP2 to r1609329 to pick up a |
| minor bug fix. (markt) |
| </update> |
| <update> |
| Update package renamed Apache Commons FileUpload to r1596086 to pick |
| various bug fixes. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.9 (markt)" rtext="2014-06-24"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>55282</bug>: Ensure that one and the same application listener is |
| added only once when starting the web application. (violetagg) |
| </fix> |
| <fix> |
| <bug>55975</bug>: Apply consistent escaping for double quote and |
| backslash characters when escaping cookie values. (markt) |
| </fix> |
| <scode> |
| <bug>56387</bug>: Improve the code that handles an attempt to load a |
| class after a web application has been stopped. Use common code to handle |
| this case regardless of the access path and don't throw an exception |
| purely to log a stack trace. (markt) |
| </scode> |
| <scode> |
| <bug>56399</bug>: Improve implementation of CoyoteAdapter.checkRecycled() |
| to do not use an exception for flow control. (kkolinko) |
| </scode> |
| <add> |
| <bug>56461</bug>: New <code>failCtxIfServletStartFails</code> attribute |
| on Context and Host configuration to force the context startup to fail |
| if a load-on-startup servlet fails its startup. (slaurent) |
| </add> |
| <add> |
| <bug>56526</bug>: Improved the <code>StuckThreadDetectionValve</code> to |
| optionally interrupt stuck threads to attempt to unblock them. |
| (slaurent) |
| </add> |
| <fix> |
| <bug>56545</bug>: Pre-load two additional classes, the loading of which |
| may otherwise be triggered by a web application which in turn would |
| trigger an exception when running under a security manager. (markt) |
| </fix> |
| <update> |
| <bug>56546</bug>: Reduce logging level for stack traces of stuck web |
| application threads printed by WebappClassLoader.clearReferencesThreads() |
| from error to info. (kkolinko) |
| </update> |
| <scode> |
| Refactor and simplify common code in object factories in |
| <code>org.apache.catalina.naming</code> package, found thanks to Simian |
| (Similarity Analyser) tool. Improve handling of Throwable. |
| (markt/kkolinko) |
| </scode> |
| <fix> |
| Relax cookie naming restrictions. Cookie attribute names used in the |
| <code>Set-Cookie</code> header may be used unambiguously as cookie |
| names. The restriction that prevented such usage has been removed. |
| (jboynes/markt) |
| </fix> |
| <fix> |
| Further relax cookie naming restrictions. Version 0 (a.k.a Netscape |
| format) cookies may now use names that start with the <code>$</code> |
| character. (jboynes/markt) |
| </fix> |
| <fix> |
| Restrict cookie naming so that the <code>=</code> character is no longer |
| permitted in a version 0 (a.k.a. Netscape format) cookie name. While |
| Tomcat allowed this, browsers always truncated the name at the |
| <code>=</code> character leading to a mis-match between the cookie the |
| server set and the cookie returned by the browser. (jboynes/markt) |
| </fix> |
| <add> |
| Add a simple <code>ServiceLoader</code> based discovery mechanism to the |
| JULI <code>LogFactory</code> to make it easier to use JULI and Tomcat |
| components that depend on JULI (such as Jasper) independently from |
| Tomcat. Patch provided by Greg Wilkins. (markt) |
| </add> |
| <fix> |
| <bug>56578</bug>: Correct regression in the fix for <bug>56339</bug> |
| that prevented sessions from expiring when using clustering. (markt) |
| </fix> |
| <fix> |
| <bug>56588</bug>: Remove code previously added to enforce the |
| requirements of section 4.4 of the Servlet 3.1 specification. The code |
| is no longer required now that Jasper initialization has been refactored |
| and TLD defined listeners are added via a different code path that |
| already enforces the specification requirements. (markt) |
| </fix> |
| <fix> |
| <bug>56600</bug>: In WebdavServlet: Do not waste time generating |
| response for broken PROPFIND request. (kkolinko) |
| </fix> |
| <fix> |
| Provide a better error message when asynchronous operations are not |
| supported by a filter or servlet. Patch provided by Romain Manni-Bucau. |
| (violetagg) |
| </fix> |
| <fix> |
| <bug>56606</bug>: User entries in <code>tomcat-users.xml</code> file |
| are recommended to use "username" attribute rather than legacy "name" |
| attribute. Fix inconsistencies in Windows installer, examples. Update |
| digester rules and documentation for <code>MemoryRealm</code>. |
| (markt/kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| <bug>56518</bug>: When using NIO, do not attempt to write to the socket |
| if the thread is marked interrupted as this will lead to a connection |
| limit leak. This fix was based on analysis of the issue by hanyong. |
| (markt) |
| </fix> |
| <fix> |
| <bug>56521</bug>: Re-use the asynchronous write buffer between writes to |
| reduce allocation and GC overhead. Based on a patch by leonzhx. Also |
| make the buffer size configurable and remove copying of data within |
| buffer when the buffer is only partially written on a subsequent write. |
| (markt) |
| </fix> |
| <fix> |
| Ensure that a request without a body is correctly handled during Comet |
| processing. This fixes the Comet chat example. (markt) |
| </fix> |
| <fix> |
| Fix input concurrency issue in NIO2 upgrade. (remm) |
| </fix> |
| <fix> |
| Correct a copy/paste error and return a 500 response rather than a 400 |
| response when an internal server error occurs on early stages of |
| request processing. (markt) |
| </fix> |
| <scode> |
| <bug>56582</bug>: Use switch(actionCode) in processors instead of a |
| chain of "elseif"s. (kkolinko) |
| </scode> |
| <fix> |
| <bug>56582#c1</bug>: Implement DISPATCH_EXECUTE action for AJP |
| connectors. (kkolinko) |
| </fix> |
| <fix> |
| If request contains an unrecognized Expect header, respond with error |
| 417 (Expectation Failed), according to RFC2616 chapter 14.20. (markt) |
| </fix> |
| <fix> |
| When an error occurs after the response has been committed close the |
| connection immediately rather than attempting to finish the response to |
| make it easier for the client to differentiate between a complete |
| response and one that failed part way though. (markt) |
| </fix> |
| <scode> |
| Remove the beta tag from the NIO2 connectors. (remm) |
| </scode> |
| <fix> |
| <bug>56620</bug>: Avoid bogus access log entries when pausing the NIO |
| HTTP connector and ensure that access log entries generated by error |
| conditions use the correct request start time. (markt) |
| </fix> |
| <fix> |
| Improve configuration of cache sizes in the endpoint. (markt) |
| </fix> |
| <add> |
| Add a new limit, defaulting to 2MB, for the amount of data Tomcat will |
| swallow for an aborted upload. The limit is configurable by |
| <code>maxSwallowSize</code> attribute of an HTTP connector. (markt) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>56334#c15</bug>: Fix a regression in EL parsing when quoted string |
| follows a whitespace. (kkolinko/markt) |
| </fix> |
| <update> |
| <bug>56543</bug>: Update to the Eclipse JDT Compiler 4.4RC4 to pick up |
| some fixes for Java 8 support. (markt/kkolinko) |
| </update> |
| <fix> |
| <bug>56561</bug>: Avoid <code>NoSuchElementException</code> while |
| handling attributes with empty string value. (violetagg) |
| </fix> |
| <scode> |
| Do not configure a <code>JspFactory</code> in the |
| <code>JasperInitializer</code> if one has already been set as might be |
| the case in some embedding scenarios. (markt) |
| </scode> |
| <add> |
| Add a simple implementation of <code>InstanceManager</code> and have |
| Jasper use it if no other <code>InstanceManager</code> is provided. This |
| makes it easier to use Jasper independently from Tomcat. Patch provided |
| by Greg Wilkins. (markt) |
| </add> |
| <fix> |
| <bug>56568</bug>: Allow any HTTP method when a JSP is being used as an |
| error page. (markt) |
| </fix> |
| <update> |
| <bug>56581</bug>: If an error on a JSP page occurs when response has |
| already been committed, do not clear the buffer of JspWriter, but flush |
| it. It will make more clear where the error occurred. (kkolinko) |
| </update> |
| <fix> |
| <bug>56612</bug>: Correctly parse two consecutive escaped single quotes |
| when used in UEL expression in a JSP. (markt) |
| </fix> |
| <update> |
| Move code that parses EL expressions within JSP template text from |
| <code>Parser</code> to <code>JspReader</code> class for better |
| performance. (kkolinko) |
| </update> |
| <fix> |
| <bug>56636</bug>: Correctly identify the required method when specified |
| via <code>ELProcessor.defineFunction(String,String,String,String)</code> |
| when using Expression Language. (markt) |
| </fix> |
| <fix> |
| <bug>56638</bug>: When using |
| <code>ELProcessor.defineFunction(String,String,String,String)</code> and |
| no function name is specified, use the method name as the function name |
| as required by the specification. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <scode> |
| <bug>56446</bug>: Clearer handling of exceptions when calling a method |
| on a POJO based WebSocket endpoint. Based on a suggestion by Eugene |
| Chung. (markt) |
| </scode> |
| <fix> |
| When a WebSocket client attempts to write to a closed connection, handle |
| the resulting <code>IllegalStateException</code> in a manner consistent |
| with the handling of an <code>IOException</code>. (markt) |
| </fix> |
| <fix> |
| Add more varied endpoints for echo testing. (remm) |
| </fix> |
| <fix> |
| <bug>56577</bug>: Improve the executor configuration used for the |
| callbacks associated with asynchronous writes. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| Set the path for cookies created by the examples web application so they |
| only returned to the examples application. This reduces the opportunity |
| for using such cookies for malicious purposes should the advice to |
| remove the examples web application from security sensitive systems be |
| ignored. (markt/kkolinko) |
| </fix> |
| <fix> |
| Attempt to obfuscate session cookie values associated with other web |
| applications when viewing HTTP request headers with the Request Header |
| example from the examples web application. This reduces the opportunity |
| to use this example for malicious purposes should the advice to remove |
| the examples web application from security sensitive systems be ignored. |
| (markt) |
| </fix> |
| <add> |
| Add options for all of the WebSocket echo endpoints to the WebSocket |
| echo example in the examples web application. (markt) |
| </add> |
| <fix> |
| Ensure that the asynchronous WebSocket echo endpoint in the examples |
| web application always waits for the previous message to complete before |
| it sends the next. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <update> |
| Update package renamed Apache Commons DBCP2 to r1596858. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.8 (markt)" rtext="beta, 2014-05-21"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>56536</bug>: Ensure that |
| <code>HttpSessionBindingListener.valueUnbound()</code> uses the correct |
| class loader when the <code>SingleSignOn</code> valve is used. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>56529</bug>: Avoid <code>NoSuchElementException</code> while handling |
| attributes with empty string value in custom tags. Patch provided by |
| Hariprasad Manchi. (violetagg) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.7 (markt)" rtext="not released"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>56523</bug>: When using SPNEGO authentication, log the exceptions |
| associated with failed user logins at debug level rather than error |
| level. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <add> |
| <bug>56399</bug>: Assert that both Coyote and Catalina request objects |
| have been properly recycled. (kkolinko) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>56522</bug>: When setting a value for a |
| <code>ValueExpression</code>, ensure that the expected coercions take |
| place such as a <code>null</code> string being coerced to an empty |
| string. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| Copy missing resources file from Apache Commons DBCP 2 to packaged |
| renamed copy of DBCP 2. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.6 (markt)" rtext="not released"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Fix extension validation which was broken by refactoring for new |
| resources implementation. (markt) |
| </fix> |
| <fix> |
| Fix custom UTF-8 decoder so that a byte of value 0xC1 is always rejected |
| immediately as it is never valid in a UTF-8 byte sequence. Update UTF-8 |
| decoder tests to account for UTF-8 decoding improvements in Java 8. |
| The custom UTF-8 decoder is still required due to bugs in the UTF-8 |
| decoder provided by Java. Java 8's decoder is better than Java |
| 7's but it is still buggy. (markt) |
| </fix> |
| <fix> |
| <bug>56027</bug>: Add more options for managing FIPS mode in the |
| AprLifecycleListener. (schultz/kkolinko) |
| </fix> |
| <fix> |
| <bug>56320</bug>: Fix a file descriptor leak in the default servlet when |
| sendfile is used. (markt) |
| </fix> |
| <fix> |
| <bug>56321</bug>: When a WAR is modified, undeploy the web application |
| before deleting any expanded directory as the undeploy process may |
| refer to classes that need to be loaded from the expanded directory. If |
| the expanded directory is deleted first, any attempt to load a new class |
| during undeploy will fail. (markt) |
| </fix> |
| <fix> |
| <bug>56327</bug>: Enable AJP as well as HTTP connectors to be created |
| via JMX. Patch by kiran. (markt) |
| </fix> |
| <fix> |
| <bug>56339</bug>: Avoid an infinite loop if an application calls |
| <code>session.invalidate()</code> from the session destroyed event for |
| that session. (markt) |
| </fix> |
| <scode> |
| <bug>56365</bug>: Simplify file name pattern matching code in |
| <code>StandardJarScanner</code>. Improve documentation. (kkolinko) |
| </scode> |
| <fix> |
| Ensure that the static resource cache is able to detect when a cache |
| entry is invalidated by being overridden by a new resource in a |
| different <code>WebResourceSet</code>. (markt) |
| </fix> |
| <fix> |
| <bug>56369</bug>: Ensure that removing an MBean notification listener |
| reverts all the operations performed when adding an MBean notification |
| listener. (markt) |
| </fix> |
| <scode> |
| Improve implementation of <code>Lifecycle</code> for |
| <code>WebappClassLoader</code>. State is now correctly reported rather |
| than always reporting as <code>NEW</code>. (markt) |
| </scode> |
| <add> |
| <bug>56382</bug>: Information about finished deployment and its execution |
| time is added to the log files. Patch is provided by Danila Galimov. |
| (violetagg) |
| </add> |
| <add> |
| <bug>56383</bug>: Properties for disabling server information and error |
| report are added to the <code>org.apache.catalina.valves.ErrorReportValve</code>. |
| Based on the patch provided by Nick Bunn. (violetagg/kkolinko) |
| </add> |
| <fix> |
| <bug>56390</bug>: Fix JAR locking issue with JARs containing TLDs and |
| the TLD cache that prevented the undeployment of web applications when |
| the WAR was deleted. (markt) |
| </fix> |
| <fix> |
| Fix CVE-2014-0119: |
| Only create XML parsing objects if required and fix associated potential |
| memory leak in the default Servlet. |
| Extend XML factory, parser etc. memory leak protection to cover some |
| additional locations where, theoretically, a memory leak could occur. |
| (markt) |
| </fix> |
| <fix> |
| Modify generic exception handling so that |
| <code>StackOverflowError</code> is not treated as a fatal error and can |
| handled and/or logged as required. (markt) |
| </fix> |
| <fix> |
| <bug>56409</bug>: Avoid <code>StackOverflowError</code> on non-Windows |
| systems if a file named <code>\</code> is encountered when scanning for |
| TLDs. (markt) |
| </fix> |
| <add> |
| <bug>56430</bug>: Extend checks for suspicious URL patterns to include |
| patterns of the form <code>*.a.b</code> which are not valid patterns for |
| extension mappings. (markt) |
| </add> |
| <fix> |
| <bug>56441</bug>: Raise the visibility of exceptions thrown when a |
| problem is encountered calling a getter or setter on a component |
| attribute. The logging level is raised from debug to warning. (markt) |
| </fix> |
| <add> |
| <bug>56463</bug>: Property for disabling server information is added to |
| the <code>DefaultServlet</code>. Server information is presented in the |
| response sent to the client when directory listings is enabled. |
| (violetagg) |
| </add> |
| <fix> |
| <bug>56472</bug>: Allow NamingContextListener to clean up on stop if its |
| start failed. (kkolinko) |
| </fix> |
| <fix> |
| <bug>56481</bug>: Work around case insensitivity issue in |
| <code>URLClassLoader</code> exposed by some recent refactoring. (markt) |
| </fix> |
| <add> |
| <bug>56492</bug>: Avoid eclipse debugger pausing on uncaught exceptions |
| when tomcat renews its threads. (slaurent) |
| </add> |
| <add> |
| Add the <code>org.apache.naming</code> package to the packages requiring |
| code to have the <code>defineClassInPackage</code> permission when |
| running under a security manager. (markt) |
| </add> |
| <fix> |
| Make the naming context tokens for containers more robust by using a |
| separate object. Require RuntimePermission when introducing a new token. |
| (markt/kkolinko) |
| </fix> |
| <fix> |
| <bug>56501</bug>: <code>HttpServletRequest.getContextPath()</code> |
| should return the undecoded context path used by the user agent. (markt) |
| </fix> |
| <fix> |
| Minor fixes to <code>ThreadLocalLeakPreventionListener</code>. Do not |
| trigger threads renewal for failed contexts. Do not ignore |
| <code>threadRenewalDelay</code> setting. Improve documentation. (kkolinko) |
| </fix> |
| <fix> |
| Correct regression introduced in <rev>1239520</rev> that broke loading |
| of users from <code>tomcat-users.xml</code> when using the |
| <code>JAASMemoryLoginModule</code>. (markt) |
| </fix> |
| <fix> |
| Correct regression introduced in <rev>797162</rev> that broke |
| authentication of users when using the |
| <code>JAASMemoryLoginModule</code>. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| More cleanup of NIO2 endpoint shutdown. (remm) |
| </fix> |
| <fix> |
| <bug>56336</bug>: AJP output corruption and errors. (remm) |
| </fix> |
| <fix> |
| Handle various cases of incomplete writes in NIO2. (remm) |
| </fix> |
| <scode> |
| Code cleanups and i18n in NIO2. (remm) |
| </scode> |
| <fix> |
| Fix extra onDataAvailable calls in the NIO2 connector. (remm) |
| </fix> |
| <fix> |
| Fix gather writes in NIO2 SSL. (remm) |
| </fix> |
| <scode> |
| Upgrade the NIO2 connectors to beta, but still not ready for production. (remm) |
| </scode> |
| <scode> |
| Fix code duplication between NIO and NIO2. (remm) |
| </scode> |
| <fix> |
| <bug>56348</bug>: Fix slow asynchronous read when read was performed on |
| a non-container thread. (markt) |
| </fix> |
| <fix> |
| <bug>56416</bug>: Correct documentation for default value of socket |
| linger for the AJP and HTTP connectors. (markt) |
| </fix> |
| <fix> |
| Fix possible corruption if doing keepalive after a comet request. (remm) |
| </fix> |
| <fix> |
| <bug>56518</bug>: Fix connection limit latch leak when a non-container |
| thread is interrupted during asynchronous processing. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>56334</bug>: Fix a regression in the handling of back-slash |
| escaping introduced by the fix for <bug>55735</bug>. (markt/kkolinko) |
| </fix> |
| <fix> |
| <bug>56425</bug>: Improve method matching for EL expressions. When |
| looking for matching methods, an exact match between parameter types is |
| preferred followed by an assignable match followed by a coercible match. |
| (markt) |
| </fix> |
| <fix> |
| Correct the handling of back-slash escaping in the EL parser and no |
| longer require that <code>\$</code> or <code>\#</code> must be followed |
| by <code>{</code> in order for the back-slash escaping to take effect. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <scode> |
| Remove the implementation of |
| <code>org.apache.catalina.LifecycleListener</code> from |
| <code>org.apache.catalina.ha.tcp.SimpleTcpCluster</code>. |
| <code>SimpleTcpCluster</code> does not work as |
| <code>LifecycleListener</code>, it works as nested components of Host or |
| Engine. (kfujino) |
| </scode> |
| <fix> |
| Remove cluster and replicationValve from cluster manager template. These |
| instance are not necessary to template. (kfujino) |
| </fix> |
| <fix> |
| Add support for cross context session replication to |
| <code>org.apache.catalina.ha.session.BackupManager</code>. (kfujino) |
| </fix> |
| <fix> |
| Remove the unnecessary cross context check. It does not matter whether |
| the context that is referenced by other context is set to |
| <code>crossContext</code>=true. The context that refers to the different |
| context must be set to <code>crossContext</code>=true. (kfujino) |
| </fix> |
| <scode> |
| Move to <code>org.apache.catalina.ha.session.ClusterManagerBase</code> |
| common logics of |
| <code>org.apache.catalina.ha.session.BackupManager</code> and |
| <code>org.apache.catalina.ha.session.DeltaManager</code>. (kfujino) |
| </scode> |
| <scode> |
| Simplify the code of <code>o.a.c.ha.tcp.SimpleTcpCluster</code>. In |
| order to add or remove cluster valve to Container, use pipeline instead |
| of <code>IntrospectionUtils</code>. (kfujino) |
| </scode> |
| <fix> |
| There is no need to set cluster instance when |
| <code>SimpleTcpCluster.unregisterClusterValve</code> is called. |
| Set null than cluster instance for cleanup. (kfujino) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| <bug>56343</bug>: Avoid a NPE if Tomcat's Java WebSocket 1.0 |
| implementation is used with the Java WebSocket 1.0 API JAR from the |
| reference implementation. (markt) |
| </fix> |
| <fix> |
| Increase the default maximum size of the executor used by the WebSocket |
| implementation for call backs associated with asynchronous writes from |
| 10 to 200. (markt) |
| </fix> |
| <add> |
| Add a warning if the thread group created for WebSocket asynchronous |
| write call backs can not be destroyed when the web application is |
| stopped. (markt) |
| </add> |
| <fix> |
| Ensure that threads created to support WebSocket clients are stopped |
| when no longer required. This will happen automatically for WebSocket |
| client connections initiated by web applications but stand alone clients |
| must call <code>WsWebSocketContainer.destroy()</code>. (markt) |
| </fix> |
| <fix> |
| <bug>56449</bug>: When creating a new session, add the message handlers |
| to the session before calling <code>Endpoint.onOpen()</code> so the |
| message handlers are in place should the <code>onOpen()</code> method |
| trigger the sending of any messages. (markt) |
| </fix> |
| <fix> |
| <bug>56458</bug>: Report WebSocket sessions that are created over secure |
| connections as secure rather than as not secure. (markt) |
| </fix> |
| <fix> |
| Stop threads used for secure WebSocket client connections when they are |
| no longer required and give them better names for easier debugging while |
| they are running. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| Add Support for <code>copyXML</code> attribute of Host to Host Manager. |
| (kfujino) |
| </fix> |
| <fix> |
| Ensure that "name" request parameter is used as a application base of |
| host if "webapps" request parameter is not set when adding host in |
| HostManager Application. (kfujino) |
| </fix> |
| <fix> |
| Correct documentation on Windows service options, aligning it with |
| Apache Commons Daemon documentation. (kkolinko) |
| </fix> |
| <fix> |
| <bug>56418</bug>: Ensure that the Manager web application does not |
| report success for a web application deployment that fails. (slaurent) |
| </fix> |
| <update> |
| Improve valves documentation. Split valves into groups. (kkolinko) |
| </update> |
| <fix> |
| <bug>56513</bug>: Make the documentation crystal clear that using |
| sendfile will disable any compression that Tomcat may otherwise have |
| applied to the response. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <scode> |
| Review source code and take advantage of Java 7's |
| try-with-resources syntax where possible. (markt) |
| </scode> |
| <fix> |
| Align DisplayName of Tomcat installed by <code>service.bat</code> with |
| one installed by the *.exe installer. Print a warning in case if neither |
| server nor client jvm is found by <code>service.bat</code>. (kkolinko) |
| </fix> |
| <update> |
| <bug>56363</bug>: Update to version 1.1.30 of Tomcat Native library. |
| (schultz) |
| </update> |
| <update> |
| Update package renamed Apache Commons BCEL to r1593495 to pick up some |
| additional changes for Java 7 support and some code clean up. (markt) |
| </update> |
| <update> |
| Update package renamed Apache Commons FileUpload to r1569132 to pick up |
| some small improvements (e.g. better <code>null</code> protection) and |
| some code clean up. (markt) |
| </update> |
| <update> |
| Update package renamed Apache Commons Codec to r1586336 to pick up some |
| Javadoc fixes and some code clean up. (markt) |
| </update> |
| <scode> |
| Switch to including Apache Commons DBCP via a package renamed svn copy |
| rather than building from a source release for consistency with other |
| Commons packages and to allow faster releases to fix DBCP related |
| issues. (markt) |
| </scode> |
| <update> |
| Update package renamed Apache Commons Pool2 and DBCP2 to r1593563 to |
| pick various bug fixes. (markt) |
| </update> |
| <add> |
| In tests: allow to configure directory where JUnit reports and access |
| log are written to. (kkolinko) |
| </add> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.5 (markt)" rtext="beta, 2014-03-27"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Rework the fix for <bug>56190</bug> as the previous fix did not recycle |
| the request in all cases leading to mis-routing of requests. (markt) |
| </fix> |
| <fix> |
| Allow web applications to package tomcat-jdbc.jar and their JDBC driver |
| of choice in the web application. (markt) |
| </fix> |
| <fix> |
| <bug>56293</bug>: Cache resources loaded by the class loader from |
| <code>/META-INF/services/</code> for better performance for repeated |
| look ups. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Fix possibly incomplete final flush with NIO2 when using non blocking |
| mode. (remm) |
| </fix> |
| <fix> |
| Cleanup NIO2 endpoint shutdown. (remm) |
| </fix> |
| <fix> |
| Fix rare race condition notifying onWritePossible in the NIO2 |
| HTTP/1.1 connector. (remm) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| <bug>54475</bug>: Add Java 8 support to SMAP generation for JSPs. Patch |
| by Robbie Gibson. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| <bug>56273</bug>: If the Manager web application does not perform an |
| operation because the web application is already being serviced, report |
| an error rather than reporting success. (markt) |
| </fix> |
| <fix> |
| <bug>56304</bug>: Add a note to the documentation about not using |
| WebSocket with BIO HTTP in production. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.4 (markt)" rtext="not released"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Restore the ability to use the <code>addURL()</code> method of the |
| web application class loader to add external resources to the web |
| application. (markt) |
| </fix> |
| <fix> |
| Improve the robustness of web application undeployment based on some |
| code analysis triggered by the report for <bug>54315</bug>. (markt) |
| </fix> |
| <fix> |
| <bug>56125</bug>: Correctly construct the URL for a resource that |
| represents the root of a JAR file. (markt) |
| </fix> |
| <fix> |
| Generate a valid root element for the effective web.xml for a web |
| application for all supported versions of web.xml. (markt) |
| </fix> |
| <add> |
| Make it easier for applications embedding and/or extending Tomcat to |
| modify the <code>javaseClassLoader</code> attribute of the |
| <code>WebappClassLoader</code>. (markt) |
| </add> |
| <fix> |
| Add missing support for <code><deny-uncovered-http-methods></code> |
| element when merging web.xml files. (markt) |
| </fix> |
| <fix> |
| Improve merging process for web.xml files to take account of the |
| elements and attributes supported by the Servlet version of the merged |
| file. (markt) |
| </fix> |
| <fix> |
| Avoid <code>NullPointerException</code> in resource cache when making an |
| invalid request for a resource outside of the web application. (markt) |
| </fix> |
| <fix> |
| Remove an unnecessary null check identified by FindBugs. (markt) |
| </fix> |
| <add> |
| In WebappClassLoader, when reporting threads that are still running |
| while web application is being stopped, print their stack traces to |
| the log. (kkolinko) |
| </add> |
| <fix> |
| <bug>56190</bug>: The response should be closed (i.e. no further output |
| is permitted) when a call to <code>AsyncContext.complete()</code> takes |
| effect. (markt) |
| </fix> |
| <fix> |
| <bug>56236</bug>: Enable Tomcat to work with alternative Servlet and |
| JSP API JARs that package the XML schemas in such as way as to require |
| a dependency on the JSP API before enabling validation for web.xml. |
| Tomcat has no such dependency. (markt) |
| </fix> |
| <fix> |
| <bug>56244</bug>: Fix MBeans descriptor for WebappClassLoader MBean. |
| (kkolinko) |
| </fix> |
| <add> |
| Add a work around for validating XML documents (often TLDs) that use |
| just the file name to refer to refer to the JavaEE schema on which they |
| are based. (markt) |
| </add> |
| <add> |
| Add methods of get the idle time from last client access time to |
| <code>org.apache.catalina.Session</code>. (kfujino) |
| </add> |
| <fix> |
| <bug>56246</bug>: Fix NullPointerException in MemoryRealm when |
| authenticating an unknown user. (markt) |
| </fix> |
| <fix> |
| <bug>56248</bug>: Allow the deployer to update an existing WAR file |
| without undeploying the existing application if the update flag is set. |
| This allows any existing custom context.xml for the application to be |
| retained. To update an application and remove any existing context.xml |
| simply undeploy the old version of the application before deploying the |
| new version. (markt) |
| </fix> |
| <fix> |
| <bug>56253</bug>: When listing resources that are provided by a JAR, fix |
| possible <code>StringIndexOutOfBoundsException</code>s. Add some unit |
| tests for this and similar scenarios and fix the additional issues those |
| unit tests identified. Based on a patch by Larry Isaacs. (markt) |
| </fix> |
| <fix> |
| Fix CVE-2014-0096: |
| Redefine the <code>globalXsltFile</code> initialisation parameter of the |
| DefaultServlet as relative to CATALINA_BASE/conf or CATALINA_HOME/conf. |
| Prevent user supplied XSLTs used by the DefaultServlet from defining |
| external entities. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| In some circumstances asynchronous requests could time out too soon. |
| (markt) |
| </fix> |
| <fix> |
| <bug>56172</bug>: Avoid possible request corruption when using the AJP |
| NIO connector and a request is sent using more than one AJP message. |
| Patch provided by Amund Elstad. (markt) |
| </fix> |
| <add> |
| Add experimental NIO2 connector. Based on code developed by |
| Nabil Benothman. (remm) |
| </add> |
| <fix> |
| Fix CVE-2014-0075: |
| Improve processing of chuck size from chunked headers. Avoid overflow |
| and use a bit shift instead of a multiplication as it is marginally |
| faster. (markt/kkolinko) |
| </fix> |
| <fix> |
| Fix CVE-2014-0095: |
| Correct regression introduced in 8.0.0-RC2 as part of the Servlet 3.1 |
| non-blocking IO support that broke handling of requests with an explicit |
| content length of zero. (markt/kkolinko) |
| </fix> |
| <fix> |
| Fix CVE-2014-0099: |
| Fix possible overflow when parsing long values from a byte array. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| Change the default compiler source and compiler target versions to 1.7 |
| since Tomcat 8 requires a minimum of Java 7. (markt) |
| </fix> |
| <fix> |
| <bug>56179</bug>: Fix parsing of EL expressions that contain unnecessary |
| parentheses. (markt) |
| </fix> |
| <fix> |
| <bug>56177</bug>: Handle dependency tracking for TLDs when using JspC |
| with a tag library JAR that is located outside of the web application. |
| (markt) |
| </fix> |
| <fix> |
| Remove an unnecessary null check identified by FindBugs. (markt) |
| </fix> |
| <fix> |
| <bug>56199</bug>: Restore validateXml option for JspC which determines |
| if web.xml will be parsed with a validating parser. (markt) |
| </fix> |
| <fix> |
| <bug>56223</bug>: Throw an <code>IllegalStateException</code> if a call |
| is made to <code>ServletContext.setInitParameter()</code> after the |
| ServletContext has been initialized. (markt) |
| </fix> |
| <fix> |
| <bug>56265</bug>: Do not escape values of dynamic tag attributes |
| containing EL expressions. (kkolinko) |
| </fix> |
| <fix> |
| Make the default compiler source and target versions for JSPs Java 7 |
| since Tomcat 8 requires Java 7 as a minimum. (markt) |
| </fix> |
| <update> |
| <bug>56283</bug>: Update to the Eclipse JDT Compiler P20140317-1600 |
| which adds support for Java 8 syntax to JSPs. Add support for value |
| "1.8" for the <code>compilerSourceVM</code> and |
| <code>compilerTargetVM</code> options. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| Avoid a possible deadlock when one thread is shutting down a connection |
| while another thread is trying to write to it. (markt) |
| </fix> |
| <fix> |
| Avoid NPE when flushing batched messages. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Web Applications"> |
| <changelog> |
| <add> |
| <bug>56093</bug>: Add the SSL Valve to the documentation web |
| application. (markt) |
| </add> |
| <fix> |
| <bug>56217</bug>: Improve readability by using left alignment for the |
| table cell containing the request information on the Manager application |
| status page. (markt) |
| </fix> |
| <fix> |
| Fixed <code>java.lang.NegativeArraySizeException</code> when using |
| "Expire sessions" command in the manager web application on a |
| context where the session timeout is disabled. (kfujino) |
| </fix> |
| <fix> |
| Add support for <code>LAST_ACCESS_AT_START</code> system property to |
| Manager web application. (kfujino) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| <bug>56115</bug>: Expose the <code>httpusecaches</code> property of |
| Ant's <code>get</code> task as some users may need to change the |
| default. Based on a suggestion by Anthony. (markt) |
| </fix> |
| <fix> |
| <bug>56143</bug>: Improve <code>service.bat</code> so that it can be |
| launched from a non-UAC console. This includes using a single call to |
| <code>tomcat8.exe</code> to install the Windows service rather than |
| three calls, and using command line arguments instead of environment |
| variables to pass the settings. (markt/kkolinko) |
| </fix> |
| <scode> |
| Simplify Windows *.bat files: remove %OS% checks, as current java does |
| not run on ancient non-NT operating systems. (kkolinko) |
| </scode> |
| <fix> |
| Align options between <code>service.bat</code> and <code>exe</code> |
| Windows installer. For <code>service.bat</code> the changes are in |
| --Classpath, --DisplayName, --StartPath, --StopPath. For |
| <code>exe</code> installer the changes are in --JvmMs, --JvmMx options, |
| which are now 128 Mb and 256 Mb respectively instead of being empty. |
| Explicitly specify --LogPath path when uninstalling Windows service, |
| avoiding default value for that option. (kkolinko) |
| </fix> |
| <fix> |
| <bug>56137</bug>: Explicitly use NIO connector in SSL example in |
| server.xml so it doesn't break if APR is enabled. (markt) |
| </fix> |
| <fix> |
| <bug>56139</bug>: Avoid a web application class loader leak in some unit |
| tests when running on Windows. (markt) |
| </fix> |
| <fix> |
| Correct build script to avoid building JARs with empty packages. (markt) |
| </fix> |
| <add> |
| Allow to limit JUnit test run to a number of selected test case |
| methods. (kkolinko) |
| </add> |
| <update> |
| Update Commons Pool 2 to 2.2. (markt) |
| </update> |
| <update> |
| Update Commons DBCP 2 to the 2.0 release. (markt) |
| </update> |
| <fix> |
| <bug>56189</bug>: Remove used file cpappend.bat from the distribution. |
| (markt) |
| </fix> |
| <fix> |
| <bug>56204</bug>: Remove unnecessary dependency between tasks in the |
| build script. (markt) |
| </fix> |
| <fix> |
| Add definition of <code>org.apache.catalina.ant.FindLeaksTask</code>. |
| (kfujino) |
| </fix> |
| <fix> |
| Implement <code>org.apache.catalina.ant.VminfoTask</code>, |
| <code>org.apache.catalina.ant.ThreaddumpTask</code> and |
| <code>org.apache.catalina.ant.SslConnectorCiphersTask</code>. (kfujino) |
| </fix> |
| <add> |
| Add the option to the Apache Ant tasks to ignore the constraint of the |
| first line of the response message that must be "OK -" |
| (<code>ignoreResponseConstraint</code> in <code>AbstractCatalinaTask</code>). |
| Default is false. (kfujino) |
| </add> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.3 (markt)" rtext="beta, 2014-02-11"> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| Fix build of Apache Commons DBCP2 classes. (kkolinko) |
| </fix> |
| <update> |
| Update Commons DBCP 2 to snapshot 170 dated 07 Feb 2014. This enables |
| DBCP to work with a SecurityManager such that only DBCP needs to be |
| granted the necessary permissions to communicate with the database. |
| (markt) |
| </update> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.2 (markt)" rtext="not released"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| <bug>56082</bug>: Fix a concurrency bug in JULI's LogManager |
| implementation. (markt) |
| </fix> |
| <fix> |
| <bug>56085</bug>: <code>ServletContext.getRealPath(String)</code> should |
| return <code>null</code> for invalid input rather than throwing an |
| <code>IllegalArgumentException</code>. (markt) |
| </fix> |
| <fix> |
| Fix WebDAV support that was broken by the refactoring for the new |
| resources implementation. (markt) |
| </fix> |
| <scode> |
| Simplify Catalina.initDirs(). (kkolinko) |
| </scode> |
| <fix> |
| <bug>56096</bug>: When the attribute <code>rmiBindAddress</code> of the |
| JMX Remote Lifecycle Listener is specified it's value will be used when |
| constructing the address of a JMX API connector server. Patch is |
| provided by Jim Talbut. (violetagg) |
| </fix> |
| <fix> |
| When environment entry with one and the same name is defined in the web |
| deployment descriptor and with annotation then the one specified in the |
| web deployment descriptor is with priority. (violetagg) |
| </fix> |
| <fix> |
| Fix passing the value of false for <code>xmlBlockExternal</code> option |
| of Context to Jasper, as the default was changed in 8.0.1. (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Enable non-blocking reads to take place on non-container threads. |
| (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <scode> |
| Simplify the code of |
| <code>o.a.c.ha.tcp.SimpleTcpCluster.createManager(String)</code>. |
| Remove unnecessary class cast. (kfujino) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <fix> |
| In Manager web application improve handling of file upload errors. |
| Display a message instead of error 500 page. Simplify. (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <fix> |
| <bug>56104</bug>: Correct the version number on the welcome page of the |
| Windows installer. (markt) |
| </fix> |
| <update> |
| Update Commons DBCP 2 to snapshot 168 dated 05 Feb 2014. (markt) |
| </update> |
| <fix> |
| Fix CVE-2014-0050, a denial of service with a malicious, malformed |
| Content-Type header and multipart request processing. Fixed by merging |
| latest code (r1565159) from Commons FileUpload. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.1 (markt)" rtext="beta, 2014-02-02"> |
| <subsection name="Catalina"> |
| <changelog> |
| <fix> |
| Change default value of <code>xmlBlockExternal</code> attribute of |
| Context. It is <code>true</code> now. (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <fix> |
| Correct regression in the fix for <bug>55996</bug> that meant that |
| asynchronous requests might timeout too early. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <fix> |
| Change default value of the <code>blockExternal</code> attribute of |
| JspC task. The default value is <code>true</code>. Add support for |
| <code>-no-blockExternal</code> switch when JspC is run as a |
| standalone application. (kkolinko) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="WebSocket"> |
| <changelog> |
| <fix> |
| Do not return an empty string for the |
| <code>Sec-WebSocket-Protocol</code> HTTP header when no sub-protocol has |
| been requested or no sub-protocol could be agreed as RFC6455 requires |
| that no <code>Sec-WebSocket-Protocol</code> header is returned in this |
| case. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| <section name="Tomcat 8.0.0 (markt)" rtext="not released"> |
| <subsection name="Catalina"> |
| <changelog> |
| <add> |
| Implement JSR 340 - Servlet 3.1. The JSR 340 implementation includes |
| contributions from Nick Williams and Jeremy Boynes. (markt) |
| </add> |
| <add> |
| Implement JSR 245 MR2 - JSP 2.3. (markt) |
| </add> |
| <add> |
| Implement JSR 341 - Unified Expression Language 3.0. (markt) |
| </add> |
| <add> |
| Implement JSR 356 - WebSockets. The JSR 356 implementation includes |
| contributions from Nick Williams, Rossen Stoyanchev and Niki Dokovski. |
| (markt) |
| </add> |
| <update> |
| <bug>46727</bug>: Refactor default servlet to make it easier to |
| sub-class to implement finer grained control of the file encoding. Based |
| on a patch by Fred Toth. (markt) |
| </update> |
| <add> |
| <bug>45995</bug>: Align Tomcat with Apache httpd and perform MIME type |
| mapping based on file extension in a case insensitive manner. (markt) |
| </add> |
| <scode> |
| Remove duplicate code that converted a Host's appBase attribute to |
| a canonical file. (markt) |
| </scode> |
| <scode> |
| <bug>51408</bug>: Replace calls to <code>Charset.defaultCharset()</code> |
| with an explicit reference to the ISO-8859-1 Charset. (markt) |
| </scode> |
| <scode> |
| Refactor initialization code to use a single, consistent approach to |
| determining the Catalina home (binary) and base (instance) directories. |
| The search order for home is <code>catalina.home</code> system property, |
| parent of current directory if boootstrap.jar is present and finally |
| current working directory. The search order for Catalina base is |
| <code>catalina.base</code> system property falling back to the value for |
| Catalina home. (markt) |
| </scode> |
| <update> |
| <bug>52092</bug>: JULI now uses the <code>OneLineFormatter</code> and |
| <code>AsyncFileHandler</code> by default. (markt) |
| </update> |
| <fix> |
| <bug>52558</bug>: Refactor <code>CometConnectionManagerValve</code> so |
| that it does not prevent the session from being serialized in when |
| running in a cluster. (markt) |
| </fix> |
| <fix> |
| <bug>52767</bug>: Remove reference to MySQL specific autoReconnect |
| property in <code>JDBCAccessLogValve</code>. (markt) |
| </fix> |
| <scode> |
| Make the Mapper type-safe. Hosts, Contexts and Wrappers are no |
| longer handled as plain objects, instead they keep their type. |
| Code using the Mapper doesn't need to cast objects returned by |
| the mapper. (rjung) |
| </scode> |
| <scode> |
| Move Manager, Loader and Resources from Container to Context since |
| Context is the only place they are used. The documentation already |
| states (and has done for some time) that Context is the only valid |
| location for these nested components. (markt) |
| </scode> |
| <scode> |
| Move the Mapper from the Connector to the Service since the Mapper is |
| identical for all Connectors of a given Service and it is common for |
| there to be multiple Connectors for a Service (http, https and ajp). |
| This means there is now only ever one Mapper per Service rather than |
| possibly multiple identically configured Mapper objects. (markt) |
| </scode> |
| <scode> |
| Remove the per Context Mapper objects and use the Mapper from the |
| Service. This removes the need to maintain two copies of the mappings |
| for Servlets and Filters. (markt) |
| </scode> |
| <add> |
| Implement a new Resources implementation that merges Aliases, |
| VirtualLoader, VirtualDirContext, JAR resources and external |
| repositories into a single framework rather than a separate one for each |
| feature. (markt) |
| </add> |
| <add> |
| URL rewrite valve, similar in functionality to mod_rewrite. (remm) |
| </add> |
| <add> |
| Port storeconfig functionality, which can persist to server.xml and |
| context.xml runtime container configuration changes. (remm) |
| </add> |
| <add> |
| <bug>54095</bug>: Add support to the Default Servlet for serving |
| gzipped versions of static resources directly from disk as an |
| alternative to Tomcat compressing them on each request. Patch by |
| Philippe Marschall. (markt) |
| </add> |
| <fix> |
| <bug>54708</bug>: Change the name of the working directory for the ROOT |
| application (located under $CATALINA_BASE/work by default) from _ to |
| ROOT. (markt) |
| </fix> |
| <add> |
| Change default configuration so that a change to the global web.xml file |
| will trigger a reload of all web applications. (markt) |
| </add> |
| <fix> |
| <bug>55101</bug>: Make BASIC authentication more tolerant of whitespace. |
| Patch provided by Brian Burch. (markt) |
| </fix> |
| <fix> |
| <bug>55166</bug>: Move JSP descriptor and tag library descriptor schemas |
| to servlet-api.jar to enable relative references between the schemas to |
| be correctly resolved. (markt) |
| </fix> |
| <scode> |
| Refactor the descriptor parsing code into a separate module that can be |
| used by both Catalina and Jasper. Includes patches provided by Jeremy |
| Boynes. (violetagg/markt) |
| </scode> |
| <scode> |
| <bug>55246</bug>: Move TLD scanning to a ServletContainerInitializer |
| provided by Jasper. Includes removal of TldConfig lifecycle listener and |
| associated Context properties. (jboynes) |
| </scode> |
| <add> |
| <bug>55317</bug>: Facilitate weaving by allowing ClassFileTransformer to |
| be added to WebppClassLoader. Patch by Nick Williams. (markt) |
| </add> |
| <fix> |
| <bug>55620</bug>: Enable Tomcat to start when either $CATALINA_HOME |
| and/or $CATALINA_BASE contains a comma character. Prevent Tomcat from |
| starting when $CATALINA_HOME and/or $CATALINA_BASE contains a semi-colon |
| on Windows. Prevent Tomcat from starting when $CATALINA_HOME and/or |
| $CATALINA_BASE contains a colon on Linux/FreeBSD/etc. (markt) |
| </fix> |
| <scode> |
| Initialize the JSP runtime in Jasper's initializer to avoid need for a |
| Jasper-specific lifecycle listener. <code>JasperListener</code> has been |
| removed. (jboynes) |
| </scode> |
| <fix> |
| Change ordering of elements of JMX objects names so components are |
| grouped more logically in JConsole. Generally, components are now |
| grouped by Host and then by Context. (markt) |
| </fix> |
| <add> |
| Context listener to allow better EE and framework integration. (remm) |
| </add> |
| </changelog> |
| </subsection> |
| <subsection name="Coyote"> |
| <changelog> |
| <add> |
| Experimental support for SPDY. Includes contributions from Sheldon Shao. |
| (costin) |
| </add> |
| <scode> |
| The default connector is now the Java NIO connector even when specifying |
| HTTP/1.1 as protocol (fhanik) |
| </scode> |
| <scode> |
| Update default value of pollerThreadCount for the NIO connector. The new |
| default value will never go above 2 regardless of available processors. |
| (fhanik) |
| </scode> |
| <fix> |
| <bug>54010</bug>: Remove some unnecessary code (duplicate calls to |
| configure the scheme as https for AJP requests originally received over |
| HTTPS). (markt) |
| </fix> |
| <scode> |
| Refactor char encoding/decoding using NIO APIs. (remm) |
| </scode> |
| <update> |
| Change the default URIEncoding for all connectors from ISO-8859-1 to |
| UTF-8. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Jasper"> |
| <changelog> |
| <scode> |
| Simplify API of <code>ErrorDispatcher</code> class by using varargs. |
| (kkolinko) |
| </scode> |
| <scode> |
| Update Jasper to use the new common web.xml parsing code. Includes |
| patches by Jeremy Boynes. (markt/violetagg) |
| </scode> |
| <add> |
| Create test cases for JspC. Patch by Jeremy Boynes. (markt) |
| </add> |
| <scode> |
| <bug>55246</bug>: TLD scanning is now performed by JasperInitializer |
| (a ServletContainerInitializer) removing the need for support within the |
| Servlet container itself. The scan is now performed only once rather than |
| in two passes reducing startup time. (jboynes) |
| </scode> |
| <fix> |
| <bug>55251</bug>: Do not allow JspC task to fail silently if the web.xml |
| or web.xml fragment can not be generated. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| <subsection name="Cluster"> |
| <changelog> |
| <scode> |
| Remove unused JvmRouteSessionIDBinderListener and SessionIDMessage. |
| (kfujino) |
| </scode> |
| <scode> |
| Modify method signature in ReplicationValve. Cluster instance is not |
| necessary to argument of method. (kfujino) |
| </scode> |
| <scode> |
| Remove unused <code>expireSessionsOnShutdown</code> attribute in |
| <code>org.apache.catalina.ha.session.BackupManager</code>. (kfujino) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Web applications"> |
| <changelog> |
| <add> |
| Extend the diagnostic information provided by the Manager web |
| application to include details of the configured SSL ciphers suites for |
| each connector. (markt) |
| </add> |
| <update> |
| <bug>48550</bug>: Update examples web application to use UTF-8. (markt) |
| </update> |
| <update> |
| <bug>55383</bug>: Improve the design and correct the HTML markup of |
| the documentation web application. Patches provided by Konstantin |
| Preißer. (markt) |
| </update> |
| </changelog> |
| </subsection> |
| <subsection name="Tribes"> |
| <changelog> |
| <scode> |
| Refactor <code>AbstractReplicatedMap</code> to use generics. A key |
| side-effect of this is that the class now implements |
| <code>Map<K,V></code> rather than extends |
| <code>ConcurrentMap</code>. (markt) |
| </scode> |
| </changelog> |
| </subsection> |
| <subsection name="Other"> |
| <changelog> |
| <scode> |
| Remove unused, deprecated code. (markt) |
| </scode> |
| <scode> |
| Remove static info String and associated getInfo() method where present. |
| (markt) |
| </scode> |
| <update> |
| (<rev>1353242</rev>, <rev>1353410</rev>): |
| Remove Ant tasks <code>jasper2</code> and <code>jkstatus</code>. |
| The correct names are <code>jasper</code> and <code>jkupdate</code>. |
| (kkolinko) |
| </update> |
| <fix> |
| <bug>53529</bug>: Clean-up the handling of |
| <code>InterruptedException</code> throughout the code base. (markt) |
| </fix> |
| <add> |
| <bug>54899</bug>: Provide an initial implementation of NetBeans support. |
| Patch provided by Brian Burch. (markt) |
| </add> |
| <fix> |
| <bug>55166</bug>: Move the JSP descriptor and tag library descriptor |
| schema defintion files from jsp-api.jar to servlet-api.jar so relative |
| includes between the J2EE, Servlet and JSP schemas are correctly |
| resolved. (markt) |
| </fix> |
| <fix> |
| <bug>55372</bug>: When starting Tomcat with the <code>jpda</code> option |
| to enable remote debugging, by default only listen on localhost for |
| connections from a debugger. Prior to this change, Tomcat listened on |
| all known addresses. (markt) |
| </fix> |
| </changelog> |
| </subsection> |
| </section> |
| </body> |
| </document> |