- 36e4312 Use http URL in ASF closer script. by Rainer Jung · 2 years, 8 months ago trunk
- 3672343 Ensures that the specified rxBufSize is correctly set to receiver buffer size. by Keiichi Fujino · 2 years, 9 months ago
- 4a2e3d9 Fix the maven release deploy task: signing fails by Rainer Jung · 2 years, 9 months ago
- e97d800 62527: Revert restriction of JNDI to the java: namespace. by Remy Maucherat · 2 years, 9 months ago
- 436722d Update the release date for 8.0.53 by Violeta Georgieva Georgieva · 2 years, 9 months ago
- 0dd4d9c Increment version for next dev cycle by Violeta Georgieva Georgieva · 2 years, 10 months ago
- 2855cdf Fix typo by Mark Thomas · 2 years, 10 months ago
- 6a16fac Implement checksum checks when downloading dependencies that are used to build Tomcat. by Konstantin Kolinko · 2 years, 10 months ago
- 42a7487 Fixed a broken perldoc link by Emmanuel Bourg · 2 years, 10 months ago
- 07c259a Fixed several links pointing to the documentation of older Tomcat releases by Emmanuel Bourg · 2 years, 10 months ago
- 93b4203 Added the new javac release attribute to be able to build Tomcat with recent JDKs without compromising the compatibility with older versions (requires Ant 1.9.8 or later) by Emmanuel Bourg · 2 years, 10 months ago
- 06fa776 Use https URLs in the documentation when possible by Emmanuel Bourg · 2 years, 10 months ago
- 23d0d83 Updated the Cobertura URL by Emmanuel Bourg · 2 years, 10 months ago
- 0427af5 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62476 by Mark Thomas · 2 years, 10 months ago
- edb4cd7 Minor updates after comparing 8.0.x with 9.0.x by Mark Thomas · 2 years, 10 months ago
- 7d6b6be Java 7 isn't quite as good as Java 8 at inferring generic types. by Mark Thomas · 2 years, 10 months ago
- ce522fb Fill in the gaps in the Javadoc by Mark Thomas · 2 years, 10 months ago
- 847a9f6 Better super constructor to avoid unused parameter by Mark Thomas · 2 years, 10 months ago
- 1efd3f5 Fix Javadoc warnings by Mark Thomas · 2 years, 10 months ago
- 6198ee8 Fix generics warnings by Mark Thomas · 2 years, 10 months ago
- 4aa3bde Update the internal fork of Commons DBCP 2 to 2.4.0. by Mark Thomas · 2 years, 10 months ago
- a7d5dfc Update merge info by Mark Thomas · 2 years, 10 months ago
- b731851 Fix IDE warnings after Pool updates by Mark Thomas · 2 years, 10 months ago
- 6d5aa81 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62458 by Mark Thomas · 2 years, 10 months ago
- 7ddf2a4 Enable host name verification for secure WebSocket client connections by default. by Mark Thomas · 2 years, 10 months ago
- 50ff51f Update Tomcat Native to 1.2.17 by Mark Thomas · 2 years, 10 months ago
- 286949f When logValidationErrors is set to true, the connection validation error is logged as SEVERE instead of WARNING. by Keiichi Fujino · 2 years, 10 months ago
- 7f8869c Fix possible NPE by Mark Thomas · 2 years, 10 months ago
- 2933c63 Make JAASRealm mis-configuration more obvious by requiring the authenticated Subject to include at least one Principal of a type specified by userClassNames by Mark Thomas · 2 years, 10 months ago
- ce55a53 Correct the logic in MBeanFactory.removeConnector() to ensure that the correct Connector is removed when there are multiple Connectors using different addresses but the same port. by Mark Thomas · 2 years, 10 months ago
- 352d845 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62080 by Mark Thomas · 2 years, 10 months ago
- 3fbc848 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62391 by Mark Thomas · 2 years, 10 months ago
- bf805bd Include ::1 as well as 0:0:0:0:0:0:0:1 in the internal proxy list as APR returns ::1 rather than 0:0:0:0:0:0:0:1. by Mark Thomas · 2 years, 10 months ago
- ba52224 Correctly handle the case when the request passes through one or more trustedProxies but no internalProxies. by Mark Thomas · 2 years, 10 months ago
- f7069c2 Improve IPv6 validation by ensuring that IPv4-Mapped IPv6 addresses do not contain leading zeros in the IPv4 part. by Mark Thomas · 2 years, 10 months ago
- 90da49a Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62389 by Mark Thomas · 2 years, 11 months ago
- 65714b4 Add comment to non-static loggers by Mark Thomas · 2 years, 11 months ago
- 1fd5add Fix broken test by Mark Thomas · 2 years, 11 months ago
- 1e453cc Switch to non-static loggers where there is a possibility of a logger becoming associated with a web application class loader causing log messages to be lost if the web application is stopped. by Mark Thomas · 2 years, 11 months ago
- 7607005 Update docs after changes for CVE-2018-8014 by Mark Thomas · 2 years, 11 months ago
- 918fd4f When decoding of path parameter failed, make sure to throw DecodeException instead of throwing ArrayIndexOutOfBoundsException. by Keiichi Fujino · 2 years, 11 months ago
- f3ba099 Correctly handle an invalid quality value in an Accept-Language header. by Mark Thomas · 2 years, 11 months ago
- c60a9de Correctly handle a digest authorization header when one of the hex field values ends the header with in an invalid character. by Mark Thomas · 2 years, 11 months ago
- c7a972e Correctly handle a digest authorization header when the user name contains an escaped character. by Mark Thomas · 2 years, 11 months ago
- cc27735 Correct the manifest for the annotations-api.jar. The JAR implements the Common Annotations API 1.2 and the manifest should by Mark Thomas · 2 years, 11 months ago
- cc40c5c Logs for Filters must be non-static as loggers are created per class-loader and Filters may be used in multiple class loaders. by Mark Thomas · 2 years, 11 months ago
- 977d614 Fix javadoc. remove old description. by Keiichi Fujino · 2 years, 11 months ago
- c0b67b1 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62395 by Mark Thomas · 2 years, 11 months ago
- 1f1e5e7 Ensure that the web application resources implementation does not incorrectly cache results for resources that are only visible as class loader resources. by Mark Thomas · 2 years, 11 months ago
- 2c9d843 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 by Mark Thomas · 2 years, 11 months ago
- 0337a42 Add invalid host names to the error logged by UserDataHelper by Mark Thomas · 2 years, 11 months ago
- 420d6e9 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 by Mark Thomas · 2 years, 11 months ago
- af996bb Relax Host validation by removing the requirement that the final component of a FQDN must be alphabetic. by Mark Thomas · 2 years, 11 months ago
- 7b794ae Log an error message if the AJP connector detects the the reverse proxy is sending AJP messages that are too large for the configured packetSize. by Mark Thomas · 3 years ago
- bb83fcb Remove duplicate calls when creating a replicated session to reduce the time taken to create the session and thereby reduce the chances of a subsequent session update message being ignored because the session does not yet exist. by Mark Thomas · 3 years ago
- ff23a11 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60490 by Mark Thomas · 3 years ago
- 152acfc Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50019 by Mark Thomas · 3 years ago
- 4449344 Fix imports by Mark Thomas · 3 years ago
- ab1e6dd Towards the fix for BZ 50019 by Mark Thomas · 3 years ago
- 5099a92 Clean up. by Mark Thomas · 3 years ago
- 2529478 Ensure that JNDI names used for <lookup-name> entries in web.xml and for lookup elements of @Resource annotations specify a name with an explicit java: namespace. by Mark Thomas · 3 years ago
- 0463ef6 JNDI resources that are defined with injection targets but no value are now treated as if the resource is not defined. by Mark Thomas · 3 years ago
- 7a229c3 Update the release date for 8.0.52 by Violeta Georgieva Georgieva · 3 years ago
- cc68d0b Remove unnecessary default property values. by Keiichi Fujino · 3 years ago
- 35f62a9 Ensure that the correct default value is returned when retrieve unset properties in McastService. by Keiichi Fujino · 3 years ago
- 7b714d3 Refactor org.apache.jasper.runtime.BodyContentImpl so an additional permission is not required in catalina.policy by Konstantin Kolinko · 3 years ago
- 049f43e Fix http://bz.apache.org/bugzilla/show_bug.cgi?id=62350 by Konstantin Kolinko · 3 years ago
- 56b44f6 When restoring a saved request with a request body after FORM authentication, ensure that calls to the HttpServletRequest methods getRequestURI(), getQueryString() and getProtocol() are not corrupted by the processing of the saved request body. by Mark Thomas · 3 years ago
- 9f6811b Correct the processing of resources with <injection-target>s defined in web.xml. First look for a match using JavaBean property names and then, only if a match is not found, look for a match using fields. by Mark Thomas · 3 years ago
- 8fc7205 Fix failing tests now mappedName in @Resource does not set the value for env-entry resources. by Mark Thomas · 3 years ago
- c1c7191 Use a constant for a repeatedly used String by Mark Thomas · 3 years ago
- 5604561 Treat the <mapped-name> element of a <env-entry> in web.xml in the same way as the mappedName element of the equivalent @Resource annotation. Both now attempt to set the mappedName property of the resource. by Mark Thomas · 3 years ago
- 32127f3 Modify import controls so they do not overlap which prevents the reversal of deny/allow ordering from causing failures in Gump which uses the latest Checkstyle code. by Mark Thomas · 3 years ago
- c381dbe Increment version for next dev cycle by Violeta Georgieva Georgieva · 3 years ago
- 8a9229f Fix tests broken by introduction of allowMultipleLeadingForwardSlashInPath by Mark Thomas · 3 years ago
- 9e9b7fe Improve handing of overflow in the UTF-8 decoder with supplementary characters. by Mark Thomas · 3 years ago
- d3ffb5c Collapse multiple leading '/' characters to a single '/' in the return value of HttpServletRequest#getContextPath() to avoid issues if the value is used with HttpServletResponse#sendRedirect(). This behaviour is enabled by default and configurable via the new Context attribute allowMultipleLeadingForwardSlashInPath. by Mark Thomas · 3 years ago
- f7ac344 Avoid warning when running under Cygwin when the JAVA_ENDORSED_DIRS environment variable is not set. Patch provided by Zemian Deng. by Mark Thomas · 3 years ago
- 41eca61 Correctly list resources in JAR files when directories do not have dedicated entries. by Mark Thomas · 3 years ago
- ed308fc Move to the correct section by Mark Thomas · 3 years ago
- 6079bb1 Fix test failures now 8.0.x enforces the requirement that a Host header MUST be present by Mark Thomas · 3 years ago
- a677c41 Back-port default port handling that updated validation depends on. (Should fix failing CI build) by Mark Thomas · 3 years ago
- 360efc1 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62273 by Mark Thomas · 3 years ago
- 4756b72 First step in addressing https://bz.apache.org/bugzilla/show_bug.cgi?id=62273 by Mark Thomas · 3 years ago
- 5b59798 Better i18n in request target processing by Mark Thomas · 3 years ago
- c5cec7d Implement various Host header checks required by RFC 7230 by Mark Thomas · 3 years ago
- 3c2db7f Enable strict host/port validation for all connectors. by Mark Thomas · 3 years ago
- 67e1e82 Update the host validation to permit host names and components of domain names (excluding top-level domains) to start with a number and to ensure that top-level domains are fully alphabetic. by Mark Thomas · 3 years ago
- 5906b5e Add error messages when exceptions are thrown due to host name parsing issues. by Mark Thomas · 3 years ago
- 5263f2e Fix typo and spelling of octet by Mark Thomas · 3 years ago
- 7dcf93c Inner enums are implicitly static by Mark Thomas · 3 years ago
- 03beb42 Correct various edge cases in the new HTTP Host header validation parser. by Mark Thomas · 3 years ago
- c7f74e6 Expand the HttpParser to include Host header validation / port location extraction. by Mark Thomas · 3 years ago
- d135de0 Optimise Patch provided by Sebastian Staudt by Mark Thomas · 3 years ago
- 3302d75 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62297 by Mark Thomas · 3 years ago
- 36631ca Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62301 by Mark Thomas · 3 years ago
- 4f4bedd Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62287 by Mark Thomas · 3 years ago
- ea8d713 Enable Java 10 to be specified as a JSP source and/or target if a newer ECJ version is used. by Mark Thomas · 3 years ago
- fa6cc29 Enable ECJ version 4.7 and later to be used as a drop in replacement for the ECJ version that ships with Apache Tomcat. by Mark Thomas · 3 years ago
- ea2bb09 Register MBean when DataSource Resource type=javax.sql.XADataSource. Patch provided by Masafumi Miura. by Coty Sutherland · 3 years ago