<!DOCTYPE html SYSTEM "about:legacy-compat">
|
<html lang="en"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><link href="./images/docs-stylesheet.css" rel="stylesheet" type="text/css"><title>Apache Tomcat 8 (8.5.73) - Changelog</title></head><body><div id="wrapper"><header><div id="header"><div><div><div class="logo noPrint"><a href="https://tomcat.apache.org/"><img alt="Tomcat Home" src="./images/tomcat.png"></a></div><div style="height: 1px;"></div><div class="asfLogo noPrint"><a href="https://www.apache.org/" target="_blank"><img src="./images/asf-logo.svg" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a></div><h1>Apache Tomcat 8</h1><div class="versionInfo">
|
Version 8.5.73,
|
<time datetime="2021-11-11">Nov 11 2021</time></div><div style="height: 1px;"></div><div style="clear: left;"></div></div></div></div></header><div id="middle"><div><div id="mainLeft" class="noprint"><div><nav><div><h2>Links</h2><ul><li><a href="index.html">Docs Home</a></li><li><a href="https://wiki.apache.org/tomcat/FAQ">FAQ</a></li><li><a href="#comments_section">User Comments</a></li></ul></div><div><h2>User Guide</h2><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="manager-howto.html">5) Manager</a></li><li><a href="host-manager-howto.html">6) Host Manager</a></li><li><a href="realm-howto.html">7) Realms and AAA</a></li><li><a href="security-manager-howto.html">8) Security Manager</a></li><li><a href="jndi-resources-howto.html">9) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">10) JDBC DataSources</a></li><li><a href="class-loader-howto.html">11) Classloading</a></li><li><a href="jasper-howto.html">12) JSPs</a></li><li><a href="ssl-howto.html">13) SSL/TLS</a></li><li><a href="ssi-howto.html">14) SSI</a></li><li><a href="cgi-howto.html">15) CGI</a></li><li><a href="proxy-howto.html">16) Proxy Support</a></li><li><a href="mbeans-descriptors-howto.html">17) MBeans Descriptors</a></li><li><a href="default-servlet.html">18) Default Servlet</a></li><li><a href="cluster-howto.html">19) Clustering</a></li><li><a href="balancer-howto.html">20) Load Balancer</a></li><li><a href="connectors.html">21) Connectors</a></li><li><a href="monitoring.html">22) Monitoring and Management</a></li><li><a href="logging.html">23) Logging</a></li><li><a href="apr.html">24) APR/Native</a></li><li><a href="virtual-hosting-howto.html">25) Virtual Hosting</a></li><li><a href="aio.html">26) Advanced IO</a></li><li><a href="extras.html">27) Additional Components</a></li><li><a href="maven-jars.html">28) Mavenized</a></li><li><a href="security-howto.html">29) Security Considerations</a></li><li><a href="windows-service-howto.html">30) Windows Service</a></li><li><a href="windows-auth-howto.html">31) Windows Authentication</a></li><li><a href="jdbc-pool.html">32) Tomcat's JDBC Pool</a></li><li><a href="web-socket-howto.html">33) WebSocket</a></li><li><a href="rewrite.html">34) Rewrite</a></li></ul></div><div><h2>Reference</h2><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Tomcat Javadocs</a></li><li><a href="servletapi/index.html">Servlet 4.0 Javadocs</a></li><li><a href="jspapi/index.html">JSP 2.3 Javadocs</a></li><li><a href="elapi/index.html">EL 3.0 Javadocs</a></li><li><a href="websocketapi/index.html">WebSocket 1.1 Javadocs</a></li><li><a href="jaspicapi/index.html">JASPIC 1.1 Javadocs</a></li><li><a href="annotationapi/index.html">Common Annotations 1.2 Javadocs</a></li><li><a href="https://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul></div><div><h2>Apache Tomcat Development</h2><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="https://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="tribes/introduction.html">Tribes</a></li></ul></div></nav></div></div><div id="mainRight"><div id="content"><h2>Changelog</h2><h3 id="Tomcat_8.5.73_(schultz)"><span style="float: right;">release in progress</span> Tomcat 8.5.73 (schultz)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.73_(schultz)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve robustness of JNDIRealm for exceptions occurring when getting
|
the connection. Also add missing close when running into issues
|
getting the passord of a user. (remm)
|
</li>
|
<li><img alt="Docs: " class="icon" src="./images/docs.gif">
|
Add Javadoc comment which listeners must be nested whithin
|
<code>Server</code> elements only. (michaelo)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Log warning if a listener is not nested inside a Server element
|
although it must have been. (michaelo)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.73_(schultz)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Improve performance of Connector shutdown - primarily to reduce the time
|
it takes to run the test suite. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://github.com/apache/tomcat/pull/457">#457</a>: Add a <code>toString()</code> method to
|
<code>MimeHeader</code> to aid debugging. (dblevins)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Do not ignore the error condition if the APR connector is not able to
|
open a server socket as continuing in this case will trigger a JVM crash.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve error handling if APR/Native fails to attach TLS capabilities to
|
a TLS enabled client connection. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve error handling if APR/Native fails to accept an incoming
|
connection. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.73_(schultz)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Add a new method <code>WsServerContainer.upgradeHttpToWebSocket()</code>
|
to align with the new method that will be available from WebSocket 2.1
|
onwards. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.72_(schultz)"><span style="float: right;">2021-10-06</span> Tomcat 8.5.72 (schultz)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.72_(schultz)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65553">65553</a>: Implement a work-around for a
|
<a href="https://bugs.openjdk.java.net/browse/JDK-8273874">JRE bug</a>
|
that can trigger a memory leak when using the JNDI realm. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://github.com/apache/tomcat/pull/451">#451</a>: Improve the usefulness of the thread name cache used in
|
JULI. Pull request provided by t-gergely. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.72_(schultz)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Further improvements in the management of the connection flow control
|
window. This addresses various bugs that caused streams to incorrectly
|
report that they had timed out waiting for an allocation from the
|
connection flow control window. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65577">65577</a>: Fix a <code>AccessControlException</code> reporting
|
when running an NIO2 connector with TLS enabled. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Reclassify TLS ciphers that use AESCCM8 as medium security rather than
|
high security to align with recent changes in OpenSSL. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix an issue that caused some Servlet non-blocking API reads of the HTTP
|
request body to incorrectly use blocking IO. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.72_(schultz)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix the implementation of <code>MethodExpression.getMethodInfo()</code>
|
so that it returns the expected value rather than failing when the
|
method expression is defined with the parameter values in the expression
|
rather than the types being passed explicitly to
|
<code>ExpressionFactory.createMethodExpression()</code>. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Regenerate the EL parser using JavaCC 7.0.10. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a bug that prevented the EL parser correctly parsing a literal Map
|
that used variables rather than literals for both keys and values.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.72_(schultz)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
The internal upgrade handler should close the associated
|
<code>WebConnection</code> on destroy. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.72_(schultz)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Clarify the JASPIC configuration options in the documentation web
|
application. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.72_(schultz)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65585">65585</a>: Update obsolete comments at the start of the
|
<code>build.properties.default</code> file. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.71_(schultz)"><span style="float: right;">2021-09-13</span> Tomcat 8.5.71 (schultz)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.71_(schultz)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Enable Tomcat to start if an (old) XML parser is configured that does
|
not support <code>allow-java-encodings</code>. A warning will be logged
|
if such an XML parser is detected. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Change the behaviour of custom error pages. If an error occurs after the
|
response is committed, once the custom error page content has been added
|
to the response the connection is now closed immediately rather than
|
closed cleanly. i.e. the last chunk that marks the end of the response
|
body is no longer sent. This acts as an additional signal to the client
|
that the request experienced an error. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65479">65479</a>: When handling requests using JASPIC authentication,
|
ensure that <code>PasswordValidationCallback.getResult()</code> returns
|
the result of the password validation rather than always returning
|
<code>false</code>. Fixed via pull request <a href="https://github.com/apache/tomcat/pull/438">#438</a> provided by
|
Robert Rodewald. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor the authenticators to delegate the check for preemptive
|
authentication to the individual authenticators where an authentication
|
scheme specific check can be performed. Based on pull request
|
<a href="https://github.com/apache/tomcat/pull/444">#444</a> by Robert Rodewald. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add <code>derby-*.jar</code> to the list of JARs to skip when scanning
|
for TLDs, web fragments and annotations. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.71_(schultz)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a logic error that meant setting
|
<code>certificateKeystoreFile</code> to <code>NONE</code> did not have
|
the expected effect. <code>NONE</code> was incorrectly treated as a file
|
path. Patch provided by Mikael Sterner. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65505">65505</a>: When an HTTP header value is removed, ensure that the
|
order of the remaining header values is unchanged. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65563">65563</a>: Correct parsing of HTTP <code>Content-Range</code>
|
headers. Tomcat was incorrectly requiring an <code>=</code> character
|
after <code>bytes</code>. Fix based on pull request <a href="https://github.com/apache/tomcat/pull/449">#449</a> by
|
Thierry Guérin. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.71_(schultz)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65506">65506</a>: Fix write timeout check that was using the read
|
timeout value. Patch submitted by Gustavo Mahlow. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.71_(schultz)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Remove unnecessary Context settings from the examples web application.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Document default value for <code>unpackWARs</code> and related clean-up.
|
Pull request <a href="https://github.com/apache/tomcat/pull/439">#439</a> provided by Robert Rodewald. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Clarify the documentation of the <code>compressionMinSize</code> and
|
<code>compressibleMimeType</code> HTTP <code>Connector</code>
|
attributes. Pull request <a href="https://github.com/apache/tomcat/pull/442">#442</a> provided by crisgeek. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.71_(schultz)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix failing build when building on non-English locales. Pull request
|
<a href="https://github.com/apache/tomcat/pull/441">#441</a> provided by Dachuan J. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update to JSign version 4.0 to enable code signing without the need for
|
the installation of additional client tools. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons BCEL to 40d5eb4 (2021-09-01,
|
6.6.0-SNAPSHOT). Code clean-up only. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons Codec to fd44e6b (2021-09-01,
|
1.16-SNAPSHOT). Minor refactoring. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65661">65661</a>: Update the internal fork of Apache Commons FileUpload
|
to 33d2d79 (2021-09-01, 2.0-SNAPSHOT). Refactoring and code clean-up. As
|
a result of Commons File Upload now using
|
<code>java.nio.file.Files</code>, applications using multi-part uploads
|
need to ensure that the JVM is configured with sufficient direct memory
|
to store all in progress multi-part uploads. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons Pool to 0da5c54
|
(2021-02-02, 2.9.1-SNAPSHOT). Refactoring and code clean-up. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons DBCP to c6d5cd9
|
(2021-06-05, 2.9.0-SNAPSHOT). Refactoring and code clean-up. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.31 to
|
pick up Windows binaries built with OpenSSL 1.1.1l.(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Switch to the CDN as the primary download location for ASF dependencies.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Chinese translations contributed by syseal, wolibo,
|
ZhangJieWen and DigitalFatCat. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Japanese translations contributed by tak7iji. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Korean translations. (woonsan)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.70_(markt)"><span style="float: right;">2021-08-16</span> Tomcat 8.5.70 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.70_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65411">65411</a>: Always close the connection when an uncaught
|
<code>NamingException</code> occurs to avoid connection locking.
|
Submitted by Ole Ostergaard. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65433">65433</a>: Correct a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65397">65397</a>
|
where a <code>StringIndexOutOfBoundsException</code> could be triggered
|
if the canonical path of the target of a symlink was shorter than the
|
canonical path of the directory in which the symlink had been created.
|
Patch provided by Cedomir Igaly. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65443">65443</a>: Refactor the <code>CorsFilter</code> to make it easier
|
to extend. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
To avoid unnecessary cache revalidation, do not add an HTTP
|
<code>Expires</code> header when setting adding an HTTP header of
|
<code>CacheControl: private</code>. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.70_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct bugs in the HTTP/2 connection flow control management that meant
|
it was possible for a connection to stall waiting for a connection flow
|
control window update that had already arrived. Any streams on that
|
connection that were trying to write when this happened would time out.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65454">65454</a>: Fix a race condition that could result in a delay to
|
a new request. The new request could be queued to wait for an existing
|
request to finish processing rather than the thread pool creating a new
|
thread to process the new request. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65460">65460</a>: Correct a regression introduced in the previous
|
release in the change to reduce the number of small HTTP/2 window
|
updates sent for streams. A logic error meant that small window updates
|
for the connection were not flushed. This meant that the connection flow
|
window may not update quite as quickly as the ideal. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.70_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Chinese translations contributed by ZhangJieWen and
|
chengzheyan. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to French translations. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Japanese translations contributed by tak7iji. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Korean translations. (woonsan)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.69_(schultz)"><span style="float: right;">2021-07-05</span> Tomcat 8.5.69 (schultz)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.69_(schultz)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor the <code>RemoteIpValve</code> to use the common utility method
|
for list to comma separated string conversion. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix serialization warnings in <code>UserDatabasePrincipal</code>
|
reported by SpotBugs. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65397">65397</a>: Calls to
|
<code>ServletContext.getResourcePaths()</code> no longer include
|
symbolic links in the results unless <code>allowLinking</code> has been
|
set to <code>true</code>. If a resource is skipped because of this
|
change, a warning will be logged as this typically indicates a
|
configuration issue. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.69_(schultz)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65368">65368</a>: Improve handling of clean closes of inbound TLS
|
connections. Treat them the same way as clean closes of non-TLS
|
connections rather than as unknown errors. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Modify the HTTP/2 connector not to sent small updates for stream flow
|
control windows to the user agent as, depending on how the user agent is
|
written, this may trigger small writes from the user agent that in turn
|
trigger the overhead protection. Small updates for stream flow control
|
windows are now combined with subsequent flow control window updates for
|
that stream to ensure that all stream flow control window updates sent
|
from Tomcat are larger than <code>overheadWindowUpdateThreshold</code>.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add additional debug logging to track the current state of the HTTP/2
|
overhead count that Tomcat uses to detect and close potentially
|
malicious connections. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Many HTTP/2 requests from browsers will trigger one overhead frame and
|
one non-overhead frame. Change the overhead calculation so that a
|
non-overhead frame reduces the current overhead count by 2 rather than
|
1. This means that, over time, the overhead count for a well-behaved
|
connection will trend downwards. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Change the initial HTTP/2 overhead count from <code>-10</code> to
|
<code>-10 * overheadCountFactor</code>. This means that, regardless of
|
the value chosen for <code>overheadCountFactor</code>, when a connection
|
opens 10 overhead frames in a row will be required to trigger the
|
overhead protection. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Increase the default <code>overheadCountFactor</code> from
|
<code>1</code> to <code>10</code> and change the reduction in overhead
|
count for a non-overhead frame from <code>-2</code> to <code>-20</code>.
|
This allows for a larger range (0-20) to be used for
|
<code>overheadCountFactor</code> providing for finer-grained control.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Modify the parsing of HTTP header values that use the
|
<code>1#token</code> to ignore empty elements as per RFC 7230 section 7
|
instead of treating the presence of empty elements as an error. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Expand the unit tests for <code>HttpServlet.doHead()</code> and correct
|
the flushing of the response buffer. The buffer used to behave as if it
|
was one byte smaller than the configured size. The buffer was flushed
|
(and the response committed if required) when the buffer was full. The
|
buffer is now flushed (and the response committed if required) if the
|
buffer is full and there is more data to write. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix an issue where concurrent HTTP/2 writes (or concurrent reads) to the
|
same connection could hang and eventually timeout when async IO was
|
enabled (it is enabled by default). (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.69_(schultz)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65390">65390</a>: Correct a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65124">65124</a>
|
and restore code that was removed in error leading to JSP compilation
|
failures in some circumstances. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add support for specifying Java 17 (with the value <code>17</code>) as
|
the compiler source and/or compiler target for JSP compilation. If used
|
with an Eclipse JDT compiler version that does not support these values,
|
a warning will be logged and the latest supported version will used.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65377">65377</a>: Update the Java code generation for JSPs not to use
|
the boxed primitive constructors as they have been deprecated in Java 9
|
and marked for future removal in Java 16. <code>valueOf()</code> is now
|
used instead. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.69_(schultz)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor the <code>DigestAuthenticator</code> to reuse a shared
|
<code>SecureRandom</code> instance rather than create a new one to
|
generate the <code>cnonce</code> if required. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.69_(schultz)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65385">65385</a>: Correct the link in the documentation web application
|
the Maven Central repository. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65404">65404</a>: Correct a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63362">63362</a>
|
that caused the server status page in the Manager web application to be
|
truncated if HTTP upgrade was used such as when starting a WebSocket
|
connection. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.69_(schultz)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update JUnit to version 4.13.2. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update UnboundID to 6.0.0. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update CheckStyle backport to 8.43 . (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.68_(schultz)"><span style="float: right;">2021-06-15</span> Tomcat 8.5.68 (schultz)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.68_(schultz)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update to the Java 7 compatible build of JSign 3.1 to pick up a fix for
|
SHA-512 signatures. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65369">65369</a> / <a href="https://github.com/apache/tomcat/pull/422">#422</a>: Add the additional
|
<code>--add-opens=...</code> options required for running Tomcat on Java
|
16 onwards to the <code>service.bat</code> script to align it with the
|
other start-up scripts. PR provided by MCMicS. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.67_(schultz)"><span style="float: right;">not released</span> Tomcat 8.5.67 (schultz)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.67_(schultz)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65301">65301</a>: <code>RemoteIpValve</code> will now avoid getting
|
the local host name when it is not needed. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65308">65308</a>: NPE in JNDIRealm when no <code>userRoleAttribute</code>
|
is given. (fschumacher)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://github.com/apache/tomcat/pull/412">#412</a>: Add commented out, sample users for the Tomcat Manager app
|
to the default <code>tomcat-users.xml</code> file. Based on a PR by
|
Arnaud Dagnelies. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://github.com/apache/tomcat/pull/418">#418</a>: Add a new option, <code>pass-through</code>, to the
|
default servlet's <code>useBomIfPresent</code> initialization parameter
|
that causes the default servlet to leave any BOM in place when
|
processing a static file and not to use the BOM to determine the
|
encoding of the file. Based on a pull request by Jean-Louis Monteiro.
|
(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Add <code>cookieName</code> attribute to the SSO valve to configure the
|
SSO cookie name. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://github.com/apache/tomcat/pull/419">#419</a>: When processing POST requests of type
|
<code>multipart/form-data</code> for parts without a filename that are
|
added to the parameter map in String form, check the size of the part
|
before attempting conversion to String. Pull request provided by
|
tianshuang. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62912">62912</a>: Don't mutate an application provided content header if
|
it does not contain a charset. Also remove the outdated workaround for
|
the buggy Adobe Reader 9 plug-in for IE. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
AprLifecycleListener does not show dev version suffix for libtcnative
|
and libapr. (michaelo)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Refactor principal handling in <code>UserDatabaseRealm</code> using
|
an inner class that extends <code>GenericPrincipal</code>. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Enable the default <code>doHead()</code> implementation in
|
<code>HttpServlet</code> to correctly handle responses where the content
|
length needs to be represented as a long since it is larger than the
|
maximum value that can be represented by an int. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid synchronization on roles verification for the memory
|
<code>UserDatabase</code>. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix the default <code>doHead()</code> implementation in
|
<code>HttpServlet</code> to correctly handle responses where the Servlet
|
calls <code>ServletResponse.reset()</code> and/or
|
<code>ServletResponse.resetBuffer()</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix the default <code>doHead()</code> implementation in
|
<code>HttpServlet</code> to correctly handle responses generated using
|
the Servlet non-blocking API. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.67_(schultz)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65303">65303</a>: Fix a possible <code>NullPointerException</code> if
|
an error occurs on an HTTP/1.1 connection being upgraded to HTTP/2 or on
|
a pushed HTTP/2 stream. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65311">65311</a>: Fix a race condition in the
|
<code>NioBlockingSelector</code> that could cause a delay to select
|
operations. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Simplify AprEndpoint socket bind for all platforms. (michaelo)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65340">65340</a>: Add missing check for a negative return value for
|
<code>Hpack.decodeInteger</code> in the <code>HpackDecoder</code>,
|
which could cause a <code>NegativeArraySizeException</code> exception.
|
Submitted by Thomas, and verified the fix is present in the donated
|
hpack code in a further update. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add debug logging for HTTP/2 HPACK header decoding. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct parsing of HTTP headers consisting of a list of tokens so that a
|
header with an empty token is treated consistently regardless of whether
|
the empty token is at the start, middle or end of the list of tokens.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Remove support for the <code>identity</code> transfer encoding. The
|
inclusion of this encoding in RFC 2616 was an error that was corrected
|
in 2001. Requests using this transfer encoding will now receive a 501
|
response. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1
|
clients. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that if the transfer encoding header contains the
|
<code>chunked</code>, that the <code>chunked</code> encoding is the
|
final encoding listed. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.67_(schultz)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Review code used to generate Java source from JSPs and tags and remove
|
code found to be unnecessary. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor use of internal <code>ChildInfo</code> class to use compile
|
time type checking rather than run time type checking. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65358">65358</a>: Improve expression language method matching for
|
methods with varargs. Where multiple methods may match the provided
|
parameters, the method that requires the fewest varargs is preferred.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65332">65332</a>: Add a commented out section in
|
<code>catalina.policy</code> that provides the necessary permissions to
|
compile JSPs with javac when running on Java 9 onwards with a security
|
manager. It is commented out as it will cause errors if used with
|
earlier Java versions. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.67_(schultz)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65317">65317</a>: When using <code>permessage-deflate</code>, the
|
WebSocket connection was incorrectly closed if the uncompressed payload
|
size was an exact multiple of 8192. Based on a patch provided by Saksham
|
Verma. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65342">65342</a>: Correct a regression introduced with the fix for
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65262">65262</a> that meant Tomcat's WebSocket implementation would only
|
work with Tomcat's implementation of the Java EE WebSocket API. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.67_(schultz)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the description of the <code>maxConnections</code> and
|
<code>acceptCount</code> attributes in the Connector section of the
|
documentation web application. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.67_(schultz)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to French translations. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Korean translations. (woonsan)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.30. Also
|
update the minimum recommended version to 1.2.30. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Use JSign to integrate the build script with the code signing service to
|
enable release builds to be created on Linux as well as Windows. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.66_(markt)"><span style="float: right;">2021-05-12</span> Tomcat 8.5.66 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.66_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Expand coverage of unit tests for JNDIRealm using the UnboundID LDAP SDK
|
for Java. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65224">65224</a>: Ensure the correct escaping of attribute values and
|
search filters in the JNDIRealm. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65235">65235</a>: Add missing attributes to the MBean descriptor file
|
for the <code>RemoteIpValve</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65244">65244</a>: HandlesTypes should include classes that use
|
the specified annotation types on fields or methods. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65251">65251</a>: Correct a regression introduced in 8.5.64 that meant
|
that the auto-deployment process may attempt a second, concurrent
|
deployment of a web application that is being deployed by the Manager
|
resulting in one of the deployments failing and errors being reported.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the <code>SSLValve</code> so it is able to handle escaped
|
client certificate headers from Nginx. Based on a patch by Florent
|
Guillaume. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.66_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that all HTTP requests that contain an invalid character in the
|
protocol component of the request line are rejected with a 400 response
|
rather than some requests being rejected with a 505 response. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When generating the error message for an HTTP request with an invalid
|
request line, ensure that all the available data is included in the
|
error message. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65272">65272</a>: Restore the optional HTTP feature that allows
|
<code>LF</code> to be treated as a line terminator for the request line
|
and/or HTTP headers lines as well as the standard <code>CRLF</code>.
|
This behaviour was previously removed as a side-effect of the fix for
|
CVE-2020-1935. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.66_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Review code used to generate Java source from JSPs and tags and remove
|
code found to be unnecessary. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<code><servlet></code> entries in web.xml that include a
|
<code><jsp-file></code> element and a negative
|
<code><load-no-startup></code> element that is not the default
|
value of <code>-1</code> will no longer be loaded at start-up. This
|
makes it possible to define a <code><jsp-file></code> that will
|
not be loaded at start-up. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Allow the JSP configuration option
|
<code>useInstanceManagerForTags</code> to be used with Tags that are
|
implemented as inner classes. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.66_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor the way Tomcat passes path parameters to POJO end points to
|
simplify the code. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65262">65262</a>: Refactor the creation of WebSocket end point, decoder
|
and encoder instances to be more IoC friendly. Instances are now created
|
via the <code>InstanceManager</code> where possible. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.66_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65235">65235</a>: Correct name of <code>changeLocalName</code> in the
|
documentation for the <code>RemoteIpValve</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65265">65265</a>: Avoid getting the boot classpath when it is not
|
available in the Manager diagnostics. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.66_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.28.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Move <code>SystemPropertySource</code> to be a regular class to allow
|
more precise configuration if needed. The system property source will
|
still always be enabled. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Chinese translations. Provided by bytesgo. (mark)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to French translations. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Korean translations. (woonsan)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.65_(markt)"><span style="float: right;">2021-04-06</span> Tomcat 8.5.65 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.65_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid NPE when a JNDI reference cannot be resolved in favor of a
|
NamingException. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid using reflection for setting properties on the webapp
|
classloader. Based on a patch submitted by Romain Manni-Bucau. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.65_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve consistency of OpenSSL error stack handling in the TLS engine,
|
and log all errors found as debug. (remm)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Re-factor the HTTP/2 implementation classes to better align with 9.0.x
|
and 10.0.x to make maintenance simpler. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that HTTP/2 streams are only recycled once as multiple attempts
|
to recycle an HTTP/2 stream may result in
|
<code>NullPointerException</code>s. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Simplify the closing on an HTTP/2 stream when an error condition is
|
present. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64771">64771</a>: Prevent concurrent calls to
|
<code>ServletInputStream.isReady()</code> corrupting the input buffer.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65179">65179</a>: Ensure that the connection level flow control window
|
from the client to the server is updated when handling DATA frames
|
received for completed streams else the flow control window may become
|
exhausted. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65203">65203</a>: Fix a regression introduced in 8.5.64 that meant that
|
an error during an asynchronous read broke all future asynchronous reads
|
associated with the same request instance. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Disable keep-alive when inconsistent content delimitation is present in
|
a request. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.65_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Implement the first phase of reproducible builds. Sequential builds on
|
the same machine now produce identical output provided that the Ant
|
property <code>ant.tstamp.now.iso</code> is set. The minimum required
|
Ant version is now 1.9.10. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Chinese translations. Provided by Ruan Wenjun. (mark)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to French translations. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Japanese translations. Provided by kfujino and
|
Shirayuking. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Korean translations. (woonsan)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.27.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.64_(markt)"><span style="float: right;">2021-03-10</span> Tomcat 8.5.64 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.64_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Revert an incorrect fix for a potential resource leak that broke
|
deployment via the Ant deploy task. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the <code>AsyncListener.onError()</code> event is triggered
|
when a I/O error occurs during non-blocking I/O. There were some cases
|
discovered where this was not happening. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Make the non-blocking I/O error handling more robust by handling the
|
case where the application code swallows an <code>IOException</code> in
|
<code>WriteListener.onWritePossible()</code> and
|
<code>ReadListener.onDataAvailable()</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64938">64938</a>: Align the behaviour when <code>null</code> is passed
|
to the <code>ServletResponse</code> methods
|
<code>setCharacterEncoding()</code>, <code>setContentType()</code> and
|
<code>setLocale()</code> with the recent clarification from the Jakarta
|
Servlet project of the expected behaviour in these cases. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Make the <code>StandardContext.postWorkDirectory()</code> protected
|
rather than private to help users wishing to customise the default
|
work directory behaviour. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.64_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65118">65118</a>: Fix a potential <code>NullPointerException</code> when
|
pruning closed HTTP/2 streams from the connection. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid NullPointerException when a secure channel is closed before the
|
SSL engine was initialized. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve error message for failed ConfigFileLoader lookups. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the <code>ReadListener</code>'s <code>onError()</code> event
|
is triggered if the client closes the connection before sending the
|
entire request body and the server is ready the request body using
|
non-blocking I/O. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65137">65137</a>: Ensure that a response is not corrupted as well as
|
incomplete if the connection is closed before the response is fully
|
written due to a write timeout. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Related to bug <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65131">65131</a>, make sure all errors from OpenSSL are
|
fully cleared, as there could be more than one error present after
|
an operation (confirmed in the OpenSSL API documentation). (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Make handling of OpenSSL read errors more robust when plain text data is
|
reported to be available to read. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct handling of write errors during non-blocking I/O to ensure that
|
the associated <code>AsyncContext</code> was closed down correctly.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.64_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65136">65136</a>: Remove the restriction that prevented the Manager web
|
application deploying different web applications in parallel. This
|
required some refactoring, most notably to
|
<code>HostConfig.check()</code> and how it is used. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.64_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to French translations. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Korean translations. (woonsan)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Russian translations. Provided by Azat. (mark)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Chinese translations. Provided by shawn. (mark)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.63_(markt)"><span style="float: right;">2021-02-03</span> Tomcat 8.5.63 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.63_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65106">65106</a>: Fix the ConfigFileLoader handling of file URIs when
|
running under a security manager on some JREs. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.63_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that SNI provided host names are matched to SSL virtual host
|
configurations in a case insensitive manner. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.62_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.62 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.62_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=50175">50175</a>: Add a new attribute to the standard context
|
implementation, <code>skipMemoryLeakChecksOnJvmShutdown</code>, that
|
allows the user to configure Tomcat to skip the memory leak checks
|
usually performed during web application stop if that stop is triggered
|
by a JVM shutdown. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60781">60781</a>: Escape elements in the access log that need to be
|
escaped for the access log to be parsed unambiguously.
|
(fschumacher/markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64110">64110</a>: Add support for additional TLS related request
|
attributes that provide details of the protocols and ciphers requested
|
by a client in the initial TLS handshake. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Let the <code>RemoteCIDRValve</code> inherit from
|
<code>RequestFilterValve</code> and support all of its features.
|
Especially add support for connector specific configuration
|
using <code>addConnectorPort</code>. (rjung)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add <code>peerAddress</code> to coyote request, which contains
|
the IP address of the direct connection peer. If a reverse proxy
|
sits in front of Tomcat and the protocol used is AJP or HTTP
|
in combination with the <code>RemoteIp(Valve|Filter)</code>,
|
the peer address might differ from the <code>remoteAddress</code>.
|
The latter then contains the address of the client in front of the
|
reverse proxy, not the address of the proxy itself.
|
Support for the peer address has been added to the
|
RemoteAddrValve and RemoteCIDRValve with the new attribute
|
<code>usePeerAddress</code>. This can be used to restrict access
|
to Tomcat based on the reverse proxy IP address, which is especially
|
useful to harden access to AJP connectors. The peer address can also
|
be logged in the access log using the new <code>%{peer}a</code>
|
syntax. (rjung)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid uncaught InaccessibleObjectException on Java 16 trying to clear
|
references threads. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65033">65033</a>: Fix JNDI realm error handling when connecting to a
|
failed server when pooling was not enabled. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65047">65047</a>: If the <code>AccessLogValve</code> is unable to open
|
the access log file, include information on the current user in the
|
associated log message (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.62_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Additional fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64830">64830</a> to address an edge case that could
|
trigger request corruption with h2c connections. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64974">64974</a>: Improve handling of pipelined HTTP requests in
|
combination with the Servlet non-blocking IO API. It was possible that
|
some requests could get dropped. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65001">65001</a>: Fix error handling for exceptions thrown from calls
|
to <code>ReadListener</code> and <code>WriteListener</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid possible infinite loop in <code>OpenSSLEngine.unwrap</code>
|
when the destination buffers state is changed concurrently. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.62_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add a new <code>StringInterpreter</code> interface that allows
|
applications to provide customised string attribute value to type
|
conversion within JSPs. This allows applications to provide a conversion
|
implementation that is optimised for the application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64965">64965</a>: <code>JspContextWrapper.findAttribute</code> should
|
ignore expired sessions rather than throw an
|
<code>IllegalStateException</code>. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.62_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=65007">65007</a>: Clarify that the commands shown in the TLS
|
documentation for importing a signed TLS certificate from a certificate
|
authority are typical examples that may need to be adjusted in some
|
cases. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.62_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Chinese translations. Provided by leeyazhou and Yi Shen.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to French translations. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Korean translations. (woonsan)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.26.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons Pool to 2.9.1-SNAPSHOT
|
(2021-01-15). (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons DBCP to 2.9.0-SNAPSHOT
|
(2021-01-15). (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Migrate to new code signing service. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Use <code>java.nio.file.Path</code> to test for one directory being a
|
sub-directory of another in a consistent way. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update to Commons Daemon 1.2.4. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Russian translations. Provided by Polina and Azat.
|
(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the NSIS Installer used to build the Windows installer to version
|
3.06.1. (kkolinko)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.61_(markt)"><span style="float: right;">2020-12-08</span> Tomcat 8.5.61 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.61_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=56181">56181</a>: Update the RemoteIpValve and RemoteIpFilter so that
|
calls to <code>ServletRequest.getRemoteHost()</code> are consistent with
|
the return value of <code>ServletRequest.getRemoteAddr()</code> rather
|
than always returning a value for the proxy. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=56890">56890</a>: Align the behaviour of
|
<code>ServletContext.getRealPath(String path)</code> with the recent
|
clarification from the Servlet specification project. If the path
|
parameter does not start with <code>/</code> then Tomcat processes the
|
call as if <code>/</code> is appended to the beginning of the
|
provided path. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64921">64921</a>: Ensure that the <code>LoadBalancerDrainingValve</code>
|
uses the correct setting for the secure attribute for any session
|
cookies it creates. Based on a pull request by Andreas Kurth. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64947">64947</a>: Don't assume that the <code>Upgrade</code> header has
|
been set on the <code>HttpServletResponse</code> before any call is made
|
to <code>HttpServletRequest.upgrade()</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that values are not duplicated when manipulating the vary header.
|
Based on a pull request by Fredrik Fall. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.61_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64944">64944</a>: Ensure that the bytesSent metric is correctly updated
|
when compression is enabled. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.61_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64951">64951</a>: Fix a potential file descriptor leak when WebSocket
|
connections are attempted and fail. Patch provided by Maurizio Adami.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.61_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a regression in the addition of the HTTP header security filter
|
to the examples web application that prevented the Servlet examples that
|
depend on the asynchronous API from functioning correctly.
|
(kkolinko/markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.61_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Start all core threads when starting the receiver and dispatch
|
interceptor. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.61_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64931">64931</a>: Implement validation of <code>changelog.xml</code>
|
file at build time. (kkolinko)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update to Maven Ant Resolver Tasks 1.3.0. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62695">62695</a>: Provide SHA-256 and SHA-512 checksums for files
|
published via Maven. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.60_(markt)"><span style="float: right;">2020-11-17</span> Tomcat 8.5.60 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.60_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=55559">55559</a>: Add a new attribute, <code>localJndiResource</code>,
|
that allows a UserDatabaseRealm to obtain a UserDatabase instance from
|
the local (web application) JNDI context rather than the global JNDI
|
context. This option is only useful when the Realm is defined on the
|
Context. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Add connection pooling to JNDI realm. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64805">64805</a>: Correct imports used by <code>JMXProxyServlet</code>.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix JNDIRealm pooling problems retrying on another bad connection. Any
|
retries are made on a new connection, just like with the single
|
connection scenario. Also remove all connections from the pool after
|
an error. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
JNDIRealm connections should only be created with the container
|
classloader as the thread context classloader, just like for the JAAS
|
realm. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64871">64871</a>: Log a warning if Tomcat blocks access to a file
|
because it uses symlinks. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Rename <code>JDBCStore</code> to <code>DataSourceStore</code>
|
and remove bottlenecks for database backed session store. The
|
<code>JDBCStore</code> is deprecated but remains unchanged. Patch
|
submitted by Philippe Mouawad. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.60_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor the HTTP/2 window update handling for padding in data frames to
|
ensure that the connection window is correctly updated after a data
|
frame with zero length padding is received. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix processing of URIs with %nn encoded solidus characters when
|
<code>encodedSolidusHandling</code> was set to <code>passthrough</code>
|
and the encoded solidus was preceded by other %nn encoded characters.
|
Based on a pull request by willmeck. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63362">63362</a>: Add collection of statistics for HTTP/2, WebSocket and
|
connections upgraded via the HTTP upgrade mechanism. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Provide messages for some <code>SocketTimeoutException</code> instances
|
that did not have one. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add additional debug logging for I/O issues when communicating with the
|
user agent. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64830">64830</a>: Fix concurrency issue in HPACK decoder. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.60_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64848">64848</a>: Fix a variation of this memory leak when a write I/O
|
error occurs on a non-container thread. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.60_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64799">64799</a>: Added missing resources to host-manager web app. (isapir)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64797">64797</a>: Align manager.xml template file in Host-Manager with
|
context.xml of real Manager web application. (isapir)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Configure the examples web applications to set
|
<code>SameSite=strict</code> for all cookies, including session cookies,
|
created by the application. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Configure the examples, Manager and Host Manager to use the HTTP header
|
security filter with default settings apart from no HSTS header. Based
|
on a suggestion by Debangshu Kundu. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.60_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to French translations. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Korean translations. (woonsan)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Russian translations. Provided by Azat. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.59_(markt)"><span style="float: right;">2020-10-09</span> Tomcat 8.5.59 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.59_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix race condition when saving and recycling session in
|
<code>PersistentValve</code>. (kfujino)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Deprecate the JDBCRealm. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct numerous spellings throughout the code base. Based on a pull
|
request from John Bampton. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64715">64715</a>: Add PasswordValidationCallback to the JASPIC
|
implementation. Patch provided by Robert Rodewald. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Throw <code>SQLException</code> instead of
|
<code>NullpointerException</code> when failing to connect to the
|
database. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64735">64735</a>: Ensure that none of the methods on a
|
<code>ServletContext</code> instance always fail when running under a
|
SecurityManager. Pull request provided by Kyle Stiemann. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64765">64765</a>: Ensure that the number of currently processing threads
|
is tracked correctly when a web application is undeployed, long running
|
requests are being processed and
|
<code>renewThreadsWhenStoppingContext</code> is enabled for the web
|
application. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improve the error messages when running under JPMS without the necessary
|
options to enable reflection required by the memory leak prevention /
|
detection code. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When estimating the size of a resource in the static resource cache,
|
include a specific allowance for the path to the resource. Based on a
|
pull request by blueSky1825821. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.59_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Do not send an HTTP/2 PING frame to measure round-trip time when it is
|
known that the HTTP/2 connection is not in a good state. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64743">64743</a>: Correct a regression introduced in 8.5.57 that
|
caused a <code>Connection: close</code> header to be added to the
|
response if the Connector was configured with
|
<code>maxSwallowSize=-1</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When logging HTTP/2 debug messages, use consistent formatting for stream
|
identifiers. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct some double counting in the code that tracks the number of
|
in-flight asynchronous requests. The tracking enables Tomcat to shutdown
|
gracefully when asynchronous processing is in use. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Don't send the Keep-Alive response header if the connection has been
|
explicitly closed. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor the handling of closed HTTP/2 streams to reduce the heap usage
|
associated with used streams and to retain information for more streams
|
in the priority tree. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.59_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Use lazy instantiation to improve the performance when working with
|
listeners added to the <code>ELContext</code>. Pull request provided by
|
Thomas Andraschko. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.59_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Configure the Manager and Host Manager applications to set
|
<code>SameSite=strict</code> for all cookies, including session cookies,
|
created by the application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Update the Manager How-To in the documentation web application to
|
clarify when a user may wish to deploy additional instances of the
|
Manager web application. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.59_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update to Commons Daemon 1.2.3. This adds support to jsvc for
|
<code>--enable-preview</code> and native memory tracking (Procrun
|
already supported these features), adds some addition debug logging and
|
adds a new feature to Procrun that outputs the command to (re-)configure
|
the service with the current settings. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
When building, only rebuild JAR files if the contents has changed.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Chinese translations. Pull request provided by Yang
|
Yang. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand coverage of Russian translations. Pull request provided by
|
Nikolay Gribanov. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix running service.bat when called from <code>$CATALINA_HOME</code>.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Complete the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63815">63815</a>. Users wishing to use system
|
properties that require quoting with <code>catalina.sh</code> and the
|
<code>debug</code> option must use a JRE that includes the fix for <a href="https://bugs.openjdk.java.net/browse/JDK-8234808">JDK-8234808</a>.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Chinese translations. Provided by leeyazhou. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to French translations. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Korean translations. (woonsan)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to Spanish translations. Provided by Andrewlanecarr.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.58_(markt)"><span style="float: right;">2020-09-15</span> Tomcat 8.5.58 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.58_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=53411">53411</a>: Improve the handling of HTTP requests that do not
|
explicitly specify a host name when no default host is configured. Also
|
improve the tracking of changes to the default host as hosts are added
|
and removed while Tomcat is running. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64582">64582</a>: Pre-load the <code>CoyoteOutputStream</code> class to
|
prevent a potential exception when running under a security manager.
|
Patch provided by Johnathan Gilday. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64593">64593</a>: If a request is not matched to a Context, delay
|
issuing the 404 response to give the rewrite valve, if configured, an
|
opportunity to rewrite the request. (remm/markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Refactor the Default servlet to provide a single method that can be
|
overridden (<code>generateETag()</code>) should a custom entity tag
|
format be required. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the validation of entity tags provided with conditional
|
requests. Requests with headers that contain invalid entity tags will be
|
rejected with a 400 response code. Improve the matching algorithm used
|
to compare entity tags in conditional requests with the entity tag for
|
the requested resource. Based on a pull request by Sergey Ponomarev.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the description of the storage format for salted hashes in the
|
Javadoc for <code>MessageDigestCredentialHandler</code> and refactor the
|
associated code for clarity.
|
Based on a patch provided by Milo van der Zee. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the path validation to allow the use of the file system root for
|
the <code>docBase</code> attribute of a <code>Context</code>. Note that
|
such a configuration should be used with caution. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Added filtering expression for requests that are not supposed to use
|
session in <code>PersistentValve</code>. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Use the correct method to calculate session idle time in
|
<code>PersistentValve</code>. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64712">64712</a>: The JASPIC authenticator now checks the
|
<code>ServerAuthModule</code> for
|
<code>jakarta.servlet.http.authType</code> and, if present, uses the
|
value provided. Based on a patch by Robert Rodewald. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64713">64713</a>: The JASPIC authenticator now checks the value of
|
<code>jakarta.servlet.http.registerSession</code> set by the
|
<code>ServerAuthModule</code> when deciding whether or nor to register
|
the session. Based on a patch by Robert Rodewald. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.58_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57661">57661</a>: For requests containing the
|
<code>Expect: 100-continue</code> header, add optional support to delay
|
sending an intermediate 100 status response until the servlet reads the
|
request body, allowing the servlet the opportunity to respond without
|
asking for the request body. Based on a pull request by malaysf. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor the implementation of
|
<code>ServletInputStream.available()</code> to provide a more accurate
|
return value, particularly when end of stream has been reached. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64614">64614</a>: Improve compatibility with FIPS keystores. When a FIPS
|
keystore is configured and the keystore contains multiple keys, the
|
alias attribute will be ignored and the key used will be implementation
|
dependent. (jfclere)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64621">64621</a>: Improve handling HTTP/2 stream reset frames received
|
from clients. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64660">64660</a>: Avoid a potential NPE in the AprEndpoint if a socket
|
is closed in one thread at the same time as the poller is processing an
|
event for that socket in another. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64671">64671</a>: Avoid several potential NPEs introduced in the changes
|
in the previous release to reduce the memory footprint of closed HTTP/2
|
streams. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor the HTTP/2 implementation to more consistently return a stream
|
closed error if errors occur after a stream has been reset by the
|
client. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve handling of HTTP/2 stream level flow control errors and notify
|
the stream immediately if it is waiting for an allocation when the flow
|
control error occurs. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that window update frames are sent for HTTP/2 connections to
|
account for DATA frames containing padding including when the associated
|
stream has been closed. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that window update frames are sent for HTTP/2 connections and
|
streams to account for DATA frames containing zero-length padding.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64710">64710</a>: Revert the changes to reduce the memory footprint of
|
closed HTTP/2 streams as they triggered multiple regressions in the form
|
of <code>NullPointerException</code>s. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the HTTP/2 overhead protection check is performed after
|
each HTTP/2 frame is processed. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.58_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Requests received via proxies may be marked as using the <code>ws</code>
|
or <code>wss</code> protocol rather than <code>http</code> or
|
<code>https</code>. Ensure that such requests are not rejected. PR
|
provided by Ronny Perinke. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64848">64848</a>: Fix a potential issue where the write lock for a
|
WebSocket connection may not be released if an exception occurs during
|
the write. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64644">64644</a>: Add support for a read idle timeout and a write idle
|
timeout to the WebSocket session via custom properties in the user
|
properties instance associated with the session. Based on a pull request
|
by sakshamverma. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.58_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Remove the localization of the text output of the Manager application
|
list of contexts and the Host Manager application list of hosts so that
|
the output is more consistent. PR provided by Holomark. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Clean-up / standardize the XSL files used to generate the documentation.
|
PR provided by John Bampton. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62723">62723</a>: Clarify the effects of some options for cluster
|
<code>channelSendOptions</code>. Patch provided by Mitch Claborn.
|
(schultz)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Remove the out of date functional specification section from the
|
documentation web application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Extracted CSS styles from the Manager we application for better code
|
maintenance and replaced the GIF logo with SVG. (isapir)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add document for <code>PersistentValve</code>. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.58_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improve the quality of the Japanese translations provided with Apache
|
Tomcat. Includes contributions from Yuki Shira. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64645">64645</a>: Use a non-zero exit code if the
|
<code>service.bat</code> does not complete normally. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons BCEL to 6.5.0. Code clean-up
|
only. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons Codec to 53c93d0 (2020-08-18,
|
1.15-SNAPSHOT). Code clean-up. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons FileUpload to c25a4e3
|
(2020-08-26, 2.0-SNAPSHOT). Code clean-up and RFC 2231 support. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons Pool to 2.8.1. Code clean-up
|
and improved abandoned pool handling. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons DBCP to 6d232e5 (2020-08-11,
|
2.8.0-SNAPSHOT). Code clean-up various bug fixes. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.25.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.57_(markt)"><span style="float: right;">2020-07-05</span> Tomcat 8.5.57 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.57_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Remove the error message on start if <code>java.io.tmpdir</code> is
|
missing and add an explicit error message on application deployment when
|
the sole feature that depends on it (anti-resource locking) is
|
configured and can't be used. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Implement a significant portion of the TLS environment variables for
|
the rewrite valve. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64506">64506</a>: Correct a potential race condition in the resource
|
cache implementation that could lead to
|
<code>NullPointerException</code>s during class loading. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add <code>application/wasm</code> to the media types recognised by
|
Tomcat. Based on a PR by Thiago Henrique Hüpner. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a bug in <code>HttpServlet</code> so that a <code>405</code>
|
response is returned for an HTTP/2 request if the mapped servlet does
|
implement the requested method rather than the more general
|
<code>400</code> response. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64541">64541</a>: Refactor the DTD used to validate
|
<code>mbeans-descriptors.xml</code> files to avoid issues when XML
|
entity expansion is limited or disabled. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.57_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Include a <code>Connection: close</code> HTTP header when committing a
|
response and it is known that the <code>maxSwallowSize</code> limit is
|
going to be exceeded. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64509">64509</a>: Correctly parse RFC 2109 version 1 cookies that use a
|
comma as a separator between cookies when using the RFC 6265 cookie
|
processor. Based on a patch by W J Carpenter. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix the utility code that converted IPv6 addresses to a canonical form
|
to correctly handle input addresses that ended with a pair of colons.
|
Based on a patch by syarramsetty-skyhook. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly parse RFC 2109 version 1 cookies that have additional linear
|
white space around cookie attribute names and values when using the RFC
|
6265 cookie processor. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Once an HTTP/2 stream has been closed, ensure that the code that cleans
|
up references that are no longer required is called. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Reduce the memory footprint of closed HTTP/2 streams. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the HTTP/1.1 processor is correctly recycled when a direct
|
connection to h2c is made. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.57_(markt)/Cluster">Cluster</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64560">64560</a>: Refactor the replication of a changed session ID for a
|
replicated session so that the list of changes associated with the
|
session is not reset when the session ID changes. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.57_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64563">64563</a>: Add additional validation of payload length for
|
WebSocket messages. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the calculation of payload length when four or more bytes are
|
required to represent the payload length. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.57_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64501">64501</a>: Refactor the handling of the deprecated
|
<code>LOGGING_CONFIG</code> environment variable to avoid using a POSIX
|
shell feature that is not available by default on Solaris 10. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64514">64514</a>: Fixes some missing class dependency issues in bootstrap
|
to address packaging/dependency concerns for JPMS and OSGi. Pull request
|
provided by Raymond Augé. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64521">64521</a>: Avoid moving i18n translations into classes dir since
|
they are packaged into separate jars. Pull request provided by Raymond
|
Augé. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64522">64522</a>: Package jars in effective dependency order. Pull
|
request provided by Raymond Augé. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improve the quality and expand the coverage of the French translations
|
provided with Apache Tomcat. (remm)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.56_(markt)"><span style="float: right;">2020-06-07</span> Tomcat 8.5.56 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.56_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64432">64432</a>: Correct a refactoring regression that broke handling
|
of multi-line configuration in the RewriteValve. Patch provided by Jj.
|
(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Add the special internal rewrite maps for case modification and
|
escaping. (remm/fschumacher)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64470">64470</a>: The default value of the solidus handling should
|
reflect the associated system property. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Implement a few rewrite SSL env that correspond to Servlet request
|
attributes. (remm)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64442">64442</a>: Be more flexible with respect to the ordering of
|
groups, roles and users in the <code>tomcat-users.xml</code> file.
|
(fschumacher)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.56_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Add support for ALPN on recent OpenJDK 8 releases. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64467">64467</a>: Improve performance of closing idle HTTP/2 streams.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64483">64483</a>: Log a warning if an AJP request is rejected because it
|
contains an unexpected request attribute. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.56_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64488">64488</a>: Ensure that the ImportHandler from the Expression
|
Language API is able to load classes from the Java runtime when running
|
under a SecurityManager. Based on a patch by Volodymyr Siedleck. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.56_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Consistently throw a <code>DeploymentException</code> when an invalid
|
endpoint path is specified and catch invalid endpoint paths earlier.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Include the target URL in the log message when a WebSocket connection
|
fails. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.56_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61127">61127</a>Allow human-readable names for channelSendOptions and
|
mapSendOptions. Patch provided by Igal Sapir. (schultz)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.56_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the list of known <code>Charset</code>s in the
|
<code>CharsetCache</code> to include <code>ISO-8859-16</code>, added in
|
OpenJDK 15. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improve the quality and expand the coverage of the French translations
|
provided with Apache Tomcat. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64430">64430</a>: Add support for the <code>CATALINA_OUT_CMD</code>
|
environment variable that defines a command to which captured stdout and
|
stderr will be redirected. Patch provided by Harald Dunkel. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Switch from the unsupported Maven Ant Tasks to the supported Maven
|
Resolver Ant Tasks to upload artifacts to the ASF Maven repository (and
|
from there to Maven Central). (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.55_(markt)"><span style="float: right;">2020-05-11</span> Tomcat 8.5.55 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.55_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Remove the remainder of the deprecated Servlet 4 Preview API. Users
|
still depending on this feature should ideally upgrade to Tomcat
|
9.0.x. If upgrade is not possible, application code should cast to the
|
internal Tomcat implementation classes. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Rework the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64021">64021</a> to better support web applications
|
that use a custom class loader that loads resources from non-standard
|
locations. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Remove redundant sole path/URI from error page message on SC_NOT_FOUND.
|
(michaelo)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Log a warning if a <code>CredentialHandler</code> instance is added to
|
an instance of the <code>CombinedRealm</code> (or a sub-class) as the
|
<code>CombinedRealm</code> doesn't use a configured
|
<code>CredentialHandler</code> and it is likely that a configuration
|
error has occurred. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add more descriptive error message in DefaultServlet for SC_NOT_FOUND.
|
(michaelo)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59203">59203</a>: Before calling <code>Thread.stop()</code> (if
|
configured to do so) on a web application created thread that is not
|
stopped by the web application when the web application is stopped, try
|
interrupting the thread first. Based on a pull request by Govinda
|
Sakhare. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64309">64309</a>: Improve the regular expression used to search for
|
class loader repositories when bootstrapping Tomcat. Pull request
|
provided by Paul Muriel Biya-Bi. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64384">64384</a>: Fix multipart configuration ignoring some parameters
|
in some cases. (schultz)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64386">64386</a>: WebdavServlet does not send "getlastmodified"
|
property for resource collections. (michaelo)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64398">64398</a>: Change default value separator for property
|
replacement to <code>:-</code> due to possible conflicts. The
|
syntax is now <code>${name:-default}</code>. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improve validation of storage location when using FileStore. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.55_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Move <code>SocketProperties</code> mbean to its own type rather than
|
use a subType to improve robustness with tools. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Include the problematic data in the error message when reporting that
|
the provided request line contains an invalid component. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the handling of requests that use an expectation. Do not disable
|
keep-alive where the response has a non-2xx status code but the request
|
body has been fully read. (rjung/markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64403">64403</a>: Ensure that compressed HTTP/2 responses are not sent
|
with a content length header appropriate for the original, uncompressed
|
response. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.55_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Remove redundant sole path/URI from error page message on SC_NOT_FOUND.
|
(michaelo)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add more descriptive error message in DefaultServlet for SC_NOT_FOUND.
|
(michaelo)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64373">64373</a>: When a tag file is packaged in a WAR and then that WAR
|
is unpacked in <code>/WEB-INF/classes</code> ensure that the tag file
|
can still be found. Patch provided by Karl von Randow. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the Jasper code that interfaces with the Eclipse Compiler
|
for Java (ECJ) enables Jasper to compile JSPs using ECJ 4.14 onwards
|
when the JSPs have inner classes. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.55_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix the saving of a Context configuration file via the scripting
|
interface of the Manager web application. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add a section to the TLS Connector documentation on different key store
|
types and how to configure them. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.55_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update JUnit to version 4.13. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add missing entries to test class path in sample NetBeans configuration
|
files. Patch provided by Brian Burch. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor to use parameterized <code>Collection</code> constructors where
|
possible. Pull request provided by Lars Grefer. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor to use empty arrays with <code>Collections.toArray()</code>.
|
Pull request provided by Lars Grefer. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor loops with a condition to exit as soon as the condition is met.
|
Pull request provided by Lars Grefer. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor bulk addition to collections to use <code>addAll()</code>
|
rather than a loop. Pull request provided by Lars Grefer. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage of the Chinese translations provided with Apache
|
Tomcat. Contributions provided by winsonzhao, ZhangJieWen and Lee
|
Yazhou. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.24.
|
(markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor to use enhanced for loops where possible. Pull request by Lars
|
Grefer. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improve IDE support for IntelliJ IDEA. Patch provided by Lars Grefer.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.54_(markt)"><span style="float: right;">2020-04-08</span> Tomcat 8.5.54 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.54_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure all URL patterns provided via web.xml are %nn decoded
|
consistently using the encoding of the web.xml file where specified and
|
UTF-8 where no explicit encoding is specified. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Allow a comma separated list of class names for the
|
<code>org.apache.tomcat.util.digester.PROPERTY_SOURCE</code>
|
system property. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64149">64149</a>: Avoid NPE when using the access log valve without
|
a pattern. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64226">64226</a>: Reset timezone after parsing a date since the date
|
format is reused. Test case submitted by Gary Thomas. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64247">64247</a>: Using a wildcard for <code>jarsToSkip</code> should
|
not override a possibly present <code>jarsToScan</code>. Based on code
|
submitted by Iridias. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64265">64265</a>: Fix ETag comparison performed by the default servlet.
|
The default servlet always uses weak comparison. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add support for default values when using <code>${...}</code> property
|
replacement in configuration files. Based on a pull request provided by
|
Bernd Bohmann. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.54_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
When configuring an HTTP Connector, warn if the encoding specified for
|
<code>URIEncoding</code> is not a superset of US-ASCII as required by
|
RFC7230. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64240">64240</a>: Ensure that HTTP/0.9 requests that contain additional
|
data on the request line after the URI are treated consistently. Such
|
requests will now always be treated as HTTP/1.1. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expose the HTTP/2 connection ID and stream ID to applications via the
|
request attributes <code>org.apache.coyote.connectionID</code> and
|
<code>org.apache.coyote.streamID</code> respectively. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Replace the system property
|
<code>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</code>
|
with the Connector attribute <code>encodedSolidusHandling</code> that
|
adds an additional option to pass the <code>%2f</code> sequence through
|
to the application without decoding it in addition to rejecting such
|
sequences and decoding such sequences. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expose the associated <code>HttpServletRequest</code> to the
|
<code>CookieProcessor</code> when generating a cookie header so the
|
header can be tailored based on the properties of the request, such as
|
the user agent, if required. Based on a patch by Lazar Kirchev. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.54_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add support for specifying Java 14 (with the value <code>14</code>) and
|
Java 15 (with the value <code>15</code>) as the compiler source and/or
|
compiler target for JSP compilation. If used with an ECJ version that
|
does not support these values, a warning will be logged and the latest
|
supported version will used. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.54_(markt)/Cluster">Cluster</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor the creation of <code>DeltaRequest</code> objects to make it
|
simpler to use custom implementations. Based on a pull request provided
|
by Thomas Stock. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.54_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the documentation web application to remove references to the
|
<code>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</code>
|
system property changing how the sequence <code>%5c</code> is
|
interpreted in a URI. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.54_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improve the quality and expand the coverage of the French translations
|
provided with Apache Tomcat. Contribution provided by Tom Bens. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage of the Chinese translations provided with Apache
|
Tomcat. Contribution provided by Lee Yazhou. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64270">64270</a>: Set the documented default umask of <code>0027</code>
|
when using jsvc via <code>daemon.sh</code> and allow the umask used to
|
be configured via the <code>UMASK</code> environment variable as it is
|
when using <code>catalina.sh</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Deprecated the <code>LOGGING_CONFIG</code> environment variable and
|
replace it with the <code>CATALINA_LOGGING_CONFIG</code> environment
|
variable to avoid clashes with other components that use
|
<code>LOGGING_CONFIG</code>. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.53_(markt)"><span style="float: right;">2020-03-16</span> Tomcat 8.5.53 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.53_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64210">64210</a>: Correct a regression in the improvements to HTTP
|
header validation that caused requests to be incorrectly treated as
|
invalid if a <code>CRLF</code> sequence was split between TCP packets.
|
Improve validation of request lines, including for HTTP/0.9 requests.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.53_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64206">64206</a>: Correct a regression introduced in 8.5.51 that meant
|
that the HTTP port specified when using the Windows Installer was
|
ignored and 8080 was always used. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.52_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.52 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.52_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Store config compatibility with HostWebXmlCacheCleaner listener. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Modify the <code>RewriteValve</code> to use
|
<code>ServletRequest.getServerName()</code> to populate the
|
<code>HTTP_HOST</code> variable rather than extracting it from the
|
<code>Host</code> header as this allows HTTP/2 to be supported. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Remove <code>PushBuilder</code> from the deprecated Servlet 4 Preview
|
API. Users still depending on this feature should ideally upgrade to
|
Tomcat 9.0.x. If upgrade is not possible, application code should cast
|
to the internal Tomcat implementation classes. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Switch Tomcat embedded to loading MIME type mappings from a property
|
file generated from the default <code>web.xml</code> so the MIME type
|
mappings are consistent regardless of how Tomcat is started. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Missing store config attributes for Resources elements. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64153">64153</a>: Ensure that the parent for the web application class
|
loader is set consistently. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64166">64166</a>: Ensure that the names returned by
|
<code>HttpServletResponse.getHeaderNames()</code> are unique. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Rename <code>org.apache.tomcat.util.digester.Digester$EnvironmentPropertySource</code>
|
to
|
<code>org.apache.tomcat.util.digester.EnvironmentPropertySource</code>.
|
The old class is still available but deprecated. Patch provided by Bernd
|
Bohmann. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add new attribute <code>persistAuthentication</code> to both
|
<code>StandardManager</code> and <code>PersistentManager</code> to
|
support authentication persistence. Patch provided by Carsten Klein.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64184">64184</a>: Avoid repeated log messages if a
|
<code>MemoryUserDatabase</code> is configured but the specified
|
configuration file is missing. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64189">64189</a>: Expose the web application version String as a
|
<code>ServletContext</code> attribute named
|
<code>org.apache.catalina.webappVersion</code>. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.52_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When the NIO or APR/native connectors were configured with
|
<code>useAsyncIO="true"</code> and a zero length read or write was
|
performed, the read/write would time out rather than return immediately.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64141">64141</a>: If using a CA certificate, remove a default value
|
for the truststore file when not using a JSSE configuration. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve robustness of OpenSSLEngine shutdown. Based on code submitted
|
by Manuel Dominguez Sarmiento. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add the TLS request attributes used by IIS to the attributes that an AJP
|
Connector will always accept. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
A zero length AJP secret will now behave as if it has not been
|
specified. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64188">64188</a>: If an error occurs while committing or flushing the
|
response when using a multiplexing protocol like HTTP/2 that requires
|
the channel to be closed but not the connection, just close the channel
|
and allow the other channels using the connection to continue. Based on
|
a suggestion from Alejandro Anadon. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the semantics of <code>getEnableSessionCreation</code> and
|
<code>setEnableSessionCreation</code> for <code>OpenSSLEngine</code>.
|
Pull request provided by Alexander Scheel. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Allow async requests to complete cleanly when the Connector is paused
|
before <code>complete()</code> is called on a container thread. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.52_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Parameterize JSP version and API class names in localization messages to
|
allow simpler re-use between major versions. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that TLD files listed in the <code>jsp-config</code> section of
|
<code>web.xml</code> that are registered in the
|
<code>uriTldResourcePathMap</code> with the URI specified in
|
<code>web.xml</code> are also registered with the URI in the TLD file if
|
it is different. Patch provided by Markus Lottmann. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.52_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the documentation for the <code>address</code> attribute of the
|
AJP Connector and document that the AJP Connector also supports the
|
<code>ipv6v6only</code> attribute with the APR/Native implementation.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.52_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage of the French translations provided with Apache
|
Tomcat. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage of the Chinese translations provided with Apache
|
Tomcat. Contribution provided by BoltzmannWxd. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage of the Korean translations provided with Apache
|
Tomcat. Contributions provided by B. Cansmile Cha. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64190">64190</a>: Add support for specifying milliseconds (using
|
<code>S</code>, <code>SS</code> or <code>SSS</code>) in the timestamp
|
used by JULI's <code>OneLineFormatter</code>. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.51_(markt)"><span style="float: right;">2020-02-11</span> Tomcat 8.5.51 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.51_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Remove part of the deprecated Servlet 4 Preview API. Users still
|
depending on this feature should ideally upgrade to Tomcat 9.0.x. If
|
upgrade is not possible, application code should cast to the internal
|
Tomcat implementation classes. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Do not store username and password as session notes during
|
authentication if they are not needed. (kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid useless environment restore when not using GSSCredential
|
in JNDIRealm. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58577">58577</a>: Respect the argument-count when searching for MBean
|
operations to invoke via the JMXProxyServlet. (schultz)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62755">62755</a>: Add ability to opt out of adding the default web.xml
|
config when embedding Tomcat and adding a context via
|
<code>addWebapp()</code>. Call
|
<code>setAddDefaultWebXmlToWebapp(false)</code> to prevent the automatic
|
config. (isapir/markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63691">63691</a>: Skip all jar and directory scanning when the wildcard
|
pattern "*" or "*.jar" is set or added to
|
<code>tomcat.util.scan.StandardJarScanFilter.jarsToSkip</code>. (isapir)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64005">64005</a>: Correct a regression in the static resource caching
|
changes introduced in 8.5.28. Avoid a <code>NullPointerException</code>
|
when working with the URL provided for the root of a packed WAR. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64008">64008</a>: Clarify/expand the Javadoc for the
|
<code>Tomcat#addWebapp()</code> and related methods. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Deprecate the <code>JmxRemoteLifecycleListener</code> as the features it
|
provides are now available in the remote JMX capability included with
|
the JRE. This listener will be removed in Tomcat 10 and may be removed
|
from Tomcat 8.5.x some time after 2020-12-31. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64011">64011</a>: <code>JNDIRealm</code> no longer authenticates to LDAP.
|
(michaelo)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64021">64021</a>: Ensure that container provided SCIs are always loaded
|
before application provided SCIs. Note that where both the container and
|
the application provide the same SCI, it is the application provided SCI
|
that will be used. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
SCI definitions from JARs unpacked into <code>WEB-INF/classes</code> are
|
now handled consistently and will always be found irrespective of
|
whether the web application defines a JAR ordering or not. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64023">64023</a>: Skip null-valued session attributes when deserializing
|
sessions. (schultz)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Do not throw a NullPointerException when an MBean or operation cannot
|
be found by the JMXProxyServlet. (schultz)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64067">64067</a>: Allow more than one parameter when defining RewriteMaps.
|
(fschumacher)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64074">64074</a>: <code>InputStream</code>s for directories obtained
|
from resource URLs now return a directory listing consistent with the
|
behaviour of <code>FileURLConnection</code>. In addition to restoring
|
the behaviour that was lost as a result of the introduction of
|
<code>CachedResourceURLConnection</code>, it expands the feature to
|
include packedWARs and to take account of resource JARs. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Refactor recycle facade system property into a new connector attribute
|
named <code>discardFacades</code>. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64089">64089</a>: Add <code>${...}</code> property replacement support
|
to XML external entity definitions. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Deprecate <code>MappingData.contextPath</code> as it is unused. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a problem that meant that remote host, address and port information
|
could be missing in the access log for an HTTP/2 request where the
|
connection was closed unexpectedly. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.51_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that Servlet Asynchronous processing timeouts fire when requests
|
are made using HTTP/2. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix the corruption of the TLS configuration when using the deprecated TLS
|
attributes on the Connector if the configuration has already been set
|
via the new <code>SSLHostConfig</code> and
|
<code>SSLHostConfigCertificate</code> elements. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63966">63966</a>: Switch the message shown when using HTTP to connect to
|
an HTTPS port from ISO-8859-1 to UTF-8. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add support for RFC 5915 formatted, unencrypted EC key files when using
|
a JSSE based TLS connector. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
When reporting / logging invalid HTTP headers encode any non-printing
|
characters using the 0xNN form. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a regression introduced in 8.5.48 that meant invalid tokens in
|
the <code>Transfer-Encoding</code> header were ignored rather than
|
treated as an error. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Rename the HTTP Connector attribute <code>rejectIllegalHeaderName</code>
|
to <code>rejectIllegalHeader</code> and expand the underlying
|
implementation to include header values as well as names. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Disable (comment out in server.xml) the AJP/1.3 connector by default.
|
(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Change the default bind address for the AJP/1.3 connector to be the
|
loopback address. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Rename the <code>requiredSecret</code> attribute of the AJP/1.3
|
Connector to <code>secret</code> and add a new attribute
|
<code>secretRequired</code> that defaults to <code>true</code>. When
|
<code>secretRequired</code> is <code>true</code> the AJP/1.3 Connector
|
will not start unless the <code>secret</code> attribute is configured to
|
a non-null, non-zero length String. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add a new attribute, <code>allowedRequestAttributesPattern</code> to
|
the AJP/1.3 Connector. Requests with unrecognised attributes will be
|
blocked with a 403. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.51_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Update the performance optimisation for using expressions in tags that
|
depend on uninitialised tag attributes with implied scope to make the
|
performance optimisation aware of the new public class
|
(<code>java.lang.Record</code>) added in Java 14. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64097">64097</a>: Replace the faulty custom services lookup used for
|
<code>ExpressionFactory</code> implementations with
|
<code>ServiceLoader</code>. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add a <code>META-INF/services</code> entry to jasper-el.jar so that the
|
Expression Language implementation can be discovered via the services
|
API. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.51_(markt)/Cluster">Cluster</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64043">64043</a>: Ensure that session ID changes are replicated during
|
form-authentication. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.51_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64000">64000</a>: In the examples web application, where a Servlet
|
example includes i18n support, the Locale used should be based on the
|
request locale and not the server locale. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add additional information on securing AJP/1.3 Connectors. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.51_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63995">63995</a>: Ensure statements are closed when a pooled JDBC
|
connection is passivated in Tomcat's fork of Commons DBCP2. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.50_(markt)"><span style="float: right;">2019-12-12</span> Tomcat 8.5.50 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.50_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvements to CsrfPreventionFilter: additional logging, allow the
|
CSRF nonce request parameter name to be customized.
|
(schultz)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63681">63681</a>: Introduce RealmBase#authenticate(GSSName, GSSCredential)
|
and friends. (michaelo)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63964">63964</a>: Correct a regression in the static resource caching
|
changes introduced in 8.5.48. URLs constructed from URLs obtained from
|
the cache could not be used to access resources. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63968">63968</a>: Fix <code>ClassCastException</code> in the
|
<code>Expires</code> filter which was a regression in the fix for
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63909">63909</a>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63970">63970</a>: Correct a regression in the static resource caching
|
changes introduced in 8.5.48. Connections to URLs obtained for JAR
|
resources could not be cast to <code>JarURLConnection</code>. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63937">63937</a>: Add a new attribute to the standard
|
<code>Authenticator</code> implementations,
|
<code>allowCorsPreflight</code>, that allows the
|
<code>Authenticator</code>s to be configured to allow CORS preflight
|
requests to bypass authentication as required by the CORS specification.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63939">63939</a>: Correct the same origin check in the CORS filter. An
|
origin with an explicit default port is now considered to be the same as
|
an origin without a default port and origins are now compared in a
|
case-sensitive manner as required by the CORS specification. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63982">63982</a>: CombinedRealm makes assumptions about principal implementation
|
(michaelo)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63983">63983</a>: Correct a regression in the static resource caching
|
changes introduced in 8.5.48. A large number of file descriptors were
|
opened that could reach the OS limit before being released by GC.
|
(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63987">63987</a>: Deprecate <code>Realm.getRoles(Principal)</code>. (michaelo)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Add a unit test for the session <code>FileStore</code> implementation
|
and refactor loops in <code>FileStore</code> to use the ForEach style.
|
Pull request provided by Govinda Sakhare. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor FORM authentication to reduce duplicate code and to ensure that
|
the authenticated Principal is not cached in the session when caching is
|
disabled. This is the fix for CVE-2019-17563. (markt/kkolinko)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.50_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor the APR poller to always use a single pollset now that the
|
Windows operating systems that required multiple smaller pollsets to be
|
used are no longer supported. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Add vectoring for NIO in the base and SSL channels. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add async API to the NIO and APR connector. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63931">63931</a>: Improve timeout handling for asyncIO to ensure that
|
blocking operations see a <code>SocketTimeoutException</code> if one
|
occurs. (remm/markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63932">63932</a>: By default, do not compress content that has a strong
|
ETag. This behaviour is configuration for the HTTP/1.1 and HTTP/2
|
connectors via the new Connector attribute
|
<code>noCompressionStrongETag</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Simplify regular endpoint writes by removing write(Non)BlockingDirect.
|
All regular writes will now be buffered for a more predictable
|
behavior. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Send an exception directly to the completion handler when a timeout
|
exception occurs for the operation, and add a boolean to make sure the
|
completion handler is called only once. (remm/markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.50_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure a couple of very unlikely concurrency issues are avoided when
|
writing WebSocket messages. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.50_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix the broken re-try link on the error page for the FORM authentication
|
example in the JSP section of the examples web application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the documentation for the <code>maxConnections</code> attribute
|
of the <code>Connector</code> in the documentation web application.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add the ability to set and display session attributes in the JSP FORM
|
authentication example to demonstrate session persistence across
|
restarts for authenticated sessions. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.50_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63815">63815</a> (quoting the use of
|
<code>CATALINA_OPTS</code> and <code>JAVA_OPTS</code> when used in shell
|
scripts to avoid the expansion of <code>*</code>) as it caused various
|
regressions, particularly with <code>daemon.sh</code>. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the search made by the Windows installer for a suitable Java
|
installation to include the 64-bit JDK registry entries and the
|
<code>JAVA_HOME</code> environment variable. Pull request provided by
|
Alexander Norz. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage of the German translations provided with Apache
|
Tomcat. Contribution provided by Jens. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage of the French translations provided with Apache
|
Tomcat. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage of the Japanese translations provided with Apache
|
Tomcat. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage of the Korean translations provided with Apache
|
Tomcat. (woonsan)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage of the Chinese translations provided with Apache
|
Tomcat. Contributions provided by lins and 磊. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons BCEL to ff6941e (2019-12-06,
|
6.4.2-dev). Code clean-up only. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons Codec to 9637dd4 (2019-12-06,
|
1.14-SNAPSHOT). Code clean-up and a fix for CODEC-265. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons FileUpload to 2317552
|
(2019-12-06, 2.0-SNAPSHOT). Refactoring. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons Pool 2 to 6092f92 (2019-12-06,
|
2.8.0-SNAPSHOT). Clean-up and minor refactoring. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons DBCP 2 to a36390 (2019-12-06,
|
2.7.1-SNAPSHOT). Minor refactoring. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.49_(markt)"><span style="float: right;">2019-11-21</span> Tomcat 8.5.49 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.49_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a regression introduced in 8.5.48 that could trigger a
|
<code>NullPointerException</code> when using a
|
<code>RequestDispatcher</code>. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improvement to CsrfPreventionFilter: expose the latest available nonce
|
as a request attribute; expose the expected nonce request parameter
|
name as a context attribute.
|
(schultz)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.48_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.48 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.48_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63832">63832</a>: Properly mark container as FAILED when a JVM error
|
occurs on stop. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63836">63836</a>: Ensure that references to the Host object are cleared
|
once the Host instance is destroyed. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63872">63872</a>: Fix some edge cases where the docBase was not being
|
set using a canonical path which in turn meant resource URLs were not
|
being constructed as expected. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Make a best effort attempt to clean-up if a request fails during
|
processing due to an <code>OutOfMemoryException</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that, when static resource caching is enabled for a web
|
application, all access to static files (including JSP files) goes via
|
the cache so that a consistent view of the static files is seen. Prior
|
to this change it was possible to see an updated last modified time but
|
the content would be that prior to the modification. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63905">63905</a> Clean up Tomcat CSS. (michaelo)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63909">63909</a>: When the <code>ExpiresFilter</code> is used without a
|
default and the response is served by the Default Servlet, ensure that
|
the filter processes the response if the Default Servlet sets a 304 (Not
|
Found) status code. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Update the Servlet 4 preview API to reflect changes made to the API in
|
the final release. Note that this preview API has been deprecated for over a
|
year and may be removed as soon as the next 8.5.x release. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor JMX remote RMI registry creation. This is the fix for
|
CVE-2019-12418. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.48_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that <code>ServletRequest.isAsyncStarted()</code> returns
|
<code>false</code> once <code>AsyncContext.complete()</code> or
|
<code>AsyncContext.dispatch()</code> has been called during
|
<code>AsyncListener.onTimeout()</code> or
|
<code>AsyncListener.onError()</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63816">63816</a> and <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63817">63817</a>: Correctly handle I/O errors after
|
asynchronous processing has been started but before the container thread
|
that started asynchronous processing has completed processing the
|
current request/response. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63825">63825</a>: When processing the <code>Expect</code> and
|
<code>Connection</code> HTTP headers looking for a specific token, be
|
stricter in ensuring that the exact token is present. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63829">63829</a>: Improve the check of the <code>Content-Encoding</code>
|
header when looking to see if Tomcat is serving pre-compressed content.
|
Ensure that only a full token is matched and that the match is case
|
insensitive. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63835">63835</a>: Add support for Keep-Alive response header. (michaelo)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63864">63864</a>: Refactor parsing of the <code>transfer-encoding</code>
|
request header to use the shared parsing code and reduce duplication.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63865">63865</a>: Add <code>Unset</code> option to same-site cookies
|
and pass through <code>None</code> value if set by user. Patch provided
|
by John Kelly. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63894">63894</a>: Ensure that the configured values for
|
<code>certificateVerification</code> and
|
<code>certificateVerificationDepth</code> are correctly passed to the
|
OpenSSL based SSLEngine implementation. (remm/markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63859">63859</a>: Do not perform a blocking read after a
|
<code>CPING</code> message is received by the AJP connector because, if
|
the JK Connector is configured with
|
<code>ping_mode="I"</code>, the <code>CPING</code> message
|
will not always be followed by the start of a request. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Properly calculate all dynamic parts of the ErrorReportValve response
|
on the fly in
|
<code>org.apache.coyote.http2.TestHttp2InitialConnection</code>.
|
(michaelo)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.48_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63897">63897</a>: Capture the timestamp of a JSP for the purposes of
|
modification tracking before the JSP is compiled to prevent a race
|
condition if the JSP is modified during compilation. Patch provided by
|
Karl von Randow. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a race condition that could mean changes to a modified JSP were not
|
visible to end users. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.48_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63913">63913</a>: Wrap any <code>NullPointerException</code>s throw by
|
the <code>Inflater</code> or <code>Deflater</code> used by the
|
<code>PerMessageDeflate</code> extension in an <code>IOException</code>
|
so that the error can be caught and handled by the WebSocket error
|
handling mechanism. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.48_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the description of the default value for the server attribute in
|
the security How-To. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.48_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63815">63815</a>: Quote the use of <code>CATALINA_OPTS</code> and
|
<code>JAVA_OPTS</code> when used in shell scripts to avoid the expansion
|
of <code>*</code>. Note that any newlines present in
|
<code>CATALINA_OPTS</code> and/or <code>JAVA_OPTS</code> will no longer
|
removed. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63826">63826</a>: Remove <code>commons-daemon-native.tar.gz</code> and
|
<code>tomcat-native.tar.gz</code> from the binary zip distributions for
|
Windows since compiled versions of those components are already
|
included within the zip distributions. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63838">63838</a>: Suppress reflexive access warnings when running the
|
unit tests on the command line. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add missing charsets from the HPE JVM on HP-UX to pass unit tests in
|
<code>org.apache.tomcat.util.buf.TestCharsetCache</code>. (michaelo)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage and quality of the French translations provided
|
with Apache Tomcat. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage and quality of the Korean translations provided
|
with Apache Tomcat. (woonsan)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage and quality of the Simplified Chinese translations
|
provided with Apache Tomcat. Contributions provided by rpo130, Mason
|
Shen, leeyazhou, winsonzhao, qingshi huang, Lay, Shucheng Hou and
|
Yanming Zhou. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.47_(markt)"><span style="float: right;">2019-10-11</span> Tomcat 8.5.47 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.47_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Use URL safe base 64 encoding rather than standard base 64 encoding when
|
generating or parsing the <code>HTTP2-Settings</code> header as part of
|
an HTTP upgrade to <code>h2c</code> as required by RFC 7540. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63765">63765</a>: NIO2 should try to unwrap after TLS handshake to
|
avoid edge cases. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63766">63766</a>: Ensure Processor objects are recycled when processing
|
an HTTP upgrade connection that terminates before processing switches to
|
the Processor for the upgraded protocol. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.47_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63781">63781</a>: When performing various checks related to the
|
visibility of classes, fields and methods in the EL implementation, also
|
check that the containing module has been exported. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Web_Socket">Web Socket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63753">63753</a>: Ensure that the <code>Host</code> header in a Web
|
Socket HTTP upgrade request only contains a port if a non-default port
|
is being used. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When running on Java 9 and above, don't attempt to instantiate WebSocket
|
Endpoints found in modules that are not exported. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.47_(markt)/Web_Applications">Web Applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Docs: " class="icon" src="./images/docs.gif">
|
Add Javadoc for the Common Annotations API implementation. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.47_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When connections are validated without an explicit validation query,
|
ensure that any transactions opened by the validation process are
|
committed. Patch provided by Pascal Davoust. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.47_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Deprecate <code>org.apache.tomcat.util.compat.TLS</code>.
|
Its functionality was only used for unit tests in
|
<code>org.apache.tomcat.util.net.TesterSupport</code>
|
and has been moved there. (rjung)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63759">63759</a>: When installing Tomcat with the Windows installer,
|
grant sufficient privileges to enable the uninstaller to execute when
|
user account control is active. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Use a build property to define the minimum supported Java version and
|
use that build property to reduce the number of edits required to update
|
the minimum supported Java version. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63767">63767</a>: Update to Commons Daemon 1.2.2. This corrects a
|
regression in Commons Daemon 1.2.0 and 1.2.1 that caused the Windows
|
Service to crash on start when running on an operating system that had
|
not been fully updated. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.46_(markt)"><span style="float: right;">2019-09-19</span> Tomcat 8.5.46 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.46_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63684">63684</a>: <code>Wrapper</code> never passed to
|
<code>RealmBase.hasRole()</code> for given security constraints.
|
(michaelo)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid a potential <code>NullPointerException</code> on Service stop if a
|
Service is embedded directly (i.e. with no Server) in an application
|
and JNDI is enabled. Patch provided by S. Ali Tokmen. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add a new <code>PropertySource</code> implementation,
|
<code>EnvironmentPropertySource</code>, that can be used to do property
|
replacement in configuration files with environment variables. Based on
|
a pull request provided by Thomas Meyer. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.46_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63682">63682</a>: Fix a potential hang when using the asynchronous
|
Servlet API to write the response body and the stream and/or connection
|
window reaches 0 bytes in size. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63690">63690</a>: Use the average of the current and previous sizes when
|
calculating overhead for HTTP/2 <code>DATA</code> and
|
<code>WINDOW_UPDATE</code> frames to avoid false positives as a result
|
of client side buffering behaviour that causes a small percentage of
|
non-final DATA frames to be smaller than expected. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63706">63706</a>: Avoid NPE accessing https port with plaintext. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct typos in the names of the configuration attributes
|
<code>overheadDataThreshold</code> and
|
<code>overheadWindowUpdateThreshold</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
If the HTTP/2 connection requires an initial window size larger than the
|
default, send a WINDOW_UPDATE to increase the flow control window for the
|
connection so that the initial size of the flow control window for the
|
connection is consistent with the increased value. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63710">63710</a>: When using HTTP/2, ensure that a
|
<code>content-length</code> header is not set for those responses with
|
status codes that do not permit one. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63737">63737</a>: Correct various issues when parsing the
|
<code>accept-encoding</code> header to determine if gzip encoding is
|
supported including only parsing the first header found. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.46_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the source code links on the index page for the ROOT web
|
application to point to Git rather than Subversion. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix various issues with the Javadoc generated for the documentation web
|
application to enable release builds to be built with Java 10 onwards.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a large number of Javadoc and documentation typos. Patch provided by
|
KangZhiDong. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Spelling and formatting corrections for the cluster how-to. Pull request
|
provided by Bill Mitchell. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.46_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Back-port various corrections and improvements to the English versions
|
of the i18n messages. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Include the available German translations in the standard Tomcat
|
distribution. Back-port additions and updates to the German i18n
|
messages. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Back-port various corrections and improvements to the Spanish i18n
|
messages. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Back-port various corrections and improvements to the French i18n
|
messages. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Back-port various corrections and improvements to the Japanese i18n
|
messages. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Back-port various corrections and improvements to the Russian i18n
|
messages. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add Korean translations to the standard Tomcat distribution. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add Simplified Chinese translations to the standard Tomcat distribution.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62140">62140</a>: Additional usage documentation in comments for
|
<code>catalina.[bat|sh]</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix <code>JSSE_OPTS</code> quoting in <code>catalina.bat</code>.
|
Contributed by Peter Uhnak. (fschumacher)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63625">63625</a>: Update to Commons Daemon 1.2.1. This corrects several
|
regressions in Commons Daemon 1.2.1, most notably the Windows Service
|
crashing on start when using 32-bit JVMs. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63689">63689</a>: Correct a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63285">63285</a>
|
that meant that when installing a service, the service display name was
|
not set. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When performing a silent install with the Windows Installer, ensure that
|
the registry entries are added to the 64-bit registry when using a
|
64-bit JVM. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Remove unused i18n messages and associated translations. Patch provided
|
by KangZhiDong. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.45_(markt)"><span style="float: right;">2019-08-21</span> Tomcat 8.5.45 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.45_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Remove the code in the sendfile poller that ensured smaller pollsets
|
were used with older, no longer supported versions of Windows that
|
could not support larger pollsets. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.44_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.44 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.44_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62258">62258</a>: Don't trigger the standard error page mechanism when
|
the error has caused the connection to the client to be closed as no-one
|
will ever see the error page. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62496">62496</a>: Add option to write auth information (remote user/auth type)
|
to response headers. (michaelo)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=51497">51497</a>: Add an option, <code>ipv6Canonical</code>, to the
|
<code>AccessLogValve</code> that causes IPv6 addresses to be output in
|
canonical form defined by RFC 5952. (ognjen/markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57665">57665</a>: Add support for the <code>X-Forwarded-Host</code>
|
header to the <code>RemoteIpFilter</code> and <code>RemoteIpValve</code>.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63550">63550</a>: Only try the <code>alternateURL</code> in the
|
<code>JNDIRealm</code> if one has been specified. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63556">63556</a>: Mark request as forwarded in RemoteIpValve and
|
RemoteIpFilter (michaelo)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63579">63579</a>: Correct parsing of malformed OPTIONS requests and
|
reject them with a 400 response rather than triggering an internal error
|
that results in a 500 response. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63608">63608</a>: Align the implementation of the negative match feature
|
for patterns used with the <code>RewriteValve</code> with the
|
description in the documentation. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63627">63627</a>: Implement more fine-grained handling in
|
<code>RealmBase.authenticate(GSSContext, boolean)</code>. (michaelo)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
If an unhandled exception occurs on a asynchronous thread started via
|
<code>AsyncContext.start(Runnable)</code>, process it using the standard
|
error page mechanism. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Discard large byte buffers allocated using setBufferSize when recycling
|
the request. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct version information in <code>X-Powered-By</code> header. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid a <code>NullPointerException</code> in the
|
<code>CrawlerSessionManagerValve</code> if no ROOT Context is deployed
|
and a request does not map to any of the other deployed Contexts. Patch
|
provided by Jop Zinkweg. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63636">63636</a>: <code>Context.findRoleMapping()</code> never called
|
in <code>StandardWrapper.findSecurityReference()</code>. (michaelo)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.44_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63524">63524</a>: Improve the handling of PEM file based keys and
|
certificates that do not include a full certificate chain when
|
configuring the internal, in-memory key store. Improve the handling of
|
PKCS#1 formatted private keys when configuring the internal, in-memory
|
key store. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63568">63568</a>: Avoid error when trying to set tcpNoDelay on socket
|
types that do not support it, which can occur when using the NIO
|
inherited channel capability. Submitted by František Kučera. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct parsing of invalid host names that contain bytes in the range
|
128 to 255 and reject them with a 400 response rather than triggering an
|
internal error that results in a 500 response. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63571">63571</a>: Allow users to configure infinite TLS session caches
|
and/or timeouts. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63578">63578</a>: Improve handling of invalid requests so that 400
|
responses are returned to the client rather than 500 responses. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix h2spec test suite failure. It is an error if a Huffman encoded
|
string literal contains the EOS symbol. (jfclere)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Connections that fail the TLS handshake will now appear in the access
|
logs with a 400 status code. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Timeouts for HTTP/2 connections were not always correctly handled
|
leaving some connections open for longer than expected. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the HTTP/2 excessive overhead protection to cover various forms
|
of abusive client behaviour and close the connection if any such
|
behaviour is detected. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a crash on shutdown with the APR/native connector when a blocking
|
I/O operation was still in progress when the connector stopped. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.44_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63597">63597</a>: Update the custom 404 error page for the Host Manager
|
to take account of previous refactoring so that the page is used for
|
404 errors rather than falling back to the default error page. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.44_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=55969">55969</a>: Tighten up the security of the Apache Tomcat
|
installation created by the Windows installer. Change the default
|
shutdown port used by the Windows installer from <code>8005</code> to
|
<code>-1</code> (disabled). Limit access to the chosen installation
|
directory to local administrators, Local System and Local Service.
|
(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62696">62696</a>: The digital signature for the Windows installer now
|
uses SHA-256 for hashes. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63285">63285</a>: Modify <code>service.bat</code> so that when
|
installing a Windows service, by default, it changes the name of the
|
executables used by the Windows service to match the service name. This
|
makes the installation behaviour consistent with the Windows installer.
|
The original executable names will be restored when the Windows service
|
is removed. The renaming can be disabled by using the new
|
<code>--no-rename</code> option after the service name. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Switch from Checkstyle to the JRE6 backport and update to version 8.22.
|
This allows Tomcat 8.5 to use the newer Checkstyle releases while still
|
building with Java 7. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63285">63285</a>: Add an option to <code>service.bat</code> so that when
|
installing a Windows service, the name of the executables used by the
|
Windows service may be changed to match the service name. This makes the
|
installation behaviour consistent with the Windows installer. The
|
original executable names will be restored when the Windows service is
|
removed. The renaming can be enabled by using the new
|
<code>--rename</code> option after the service name. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63310">63310</a>: Update to Commons Daemon 1.2.0. This provides improved
|
support for Java 11. This also changes the user configured by the
|
Windows installer for the Windows service from <code>Local System</code>
|
to the lower privileged <code>Local Service</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63567">63567</a>: Restore the passing of <code>$LOGGING_MANAGER</code>
|
to the jvm in <code>catalina.sh</code> when calling <code>stop</code>.
|
(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons Codec to 3ebef4a (2018-08-01) to
|
pick up the fix for CODEC-134. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons Pool2 to 796e32d (2018-08-01) to
|
pick up the changes Commons Pool2 2.7.0. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons DBCP2 to 87d9e3a (2018-08-01) to
|
pick up the changes Commons DBCP2 2.7.0 and DBCP-555. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63648">63648</a>: Update the test TLS keys and certificates used in the
|
test suite to replace the keys and certificates that are about to
|
expire. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.43_(markt)"><span style="float: right;">2019-07-09</span> Tomcat 8.5.43 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.43_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Modify the Default and WebDAV Servlets so that a 405 status code is
|
returned for <code>PUT</code> and <code>DELETE</code> requests when
|
disabled via the <code>readonly</code> initialisation parameter.
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Align the contents of the <code>Allow</code> header with the response
|
code for the Default and WebDAV Servlets. For any given resource a
|
method that returns a 405 status code will not be listed in the
|
<code>Allow</code> header and a method listed in the <code>Allow</code>
|
header will not return a 405 status code. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When using WebDAV to copy a file resource to a destination that requires
|
a collection to be overwritten, ensure that the operation succeeds
|
rather than fails (with a 500 response). This enables Tomcat to pass two
|
additional tests from the Litmus WebDAV test suite. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=49464">49464</a>: Improve the Default Servlet's handling of static files
|
when the file encoding is not compatible with the required response
|
encoding. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">Fix typo in UTF-32LE charset name. Patch by zhanhb vi Github.
|
(fschumacher)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58590">58590</a>: Add the ability for a UserDatabase to monitor the
|
backing XML file for changes and reload the source file if a change in
|
the last modified time is detected. This is enabled by default meaning
|
that changes to <code>$CATALINA_BASE/conf/tomcat-users.xml</code> will
|
now take effect a short time after the file is saved. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve parsing of Range request headers. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Range headers that specify a range unit Tomcat does not recognise should
|
be ignored rather than triggering a 416 response. Based on a pull
|
request by zhanhb. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When comparing a date from a <code>If-Range</code> header, an exact
|
match is required. Based on a pull request by zhanhb. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add an option to the default servlet to disable processing of PUT
|
requests with Content-Range headers as partial PUTs. The default
|
behaviour (processing as partial PUT) is unchanged. Based on a pull
|
request by zhanhb. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve parsing of Content-Range headers. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the HEAD response is consistent with the GET response when
|
<code>HttpServlet</code> is relied upon to generate the HEAD response
|
and the GET response uses chunking. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the recommended minimum Tomcat Native version to 1.2.23. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.43_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid a potential hang when a client connects using TLS 1.0 to a Tomcat
|
HTTPS connector configured to use NIO or NIO with OpenSSL 1.1.1 or
|
later. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Once a URI is identified as invalid don't attempt to process it further.
|
Based on a PR by Alex Repert. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix to avoid the possibility of long poll times for individual pollers
|
when using multiple pollers with APR. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63205">63205</a> so it only applies when using
|
PKCS12 keystores as regressions have been reported with some other
|
keystore types. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.43_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Include file names in error messages if SMAP processor is unable to
|
delete or rename a class file during SMAP generation. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.43_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63521">63521</a>: As required by the WebSocket specification, if a POJO
|
that is deployed as a result of the SCI scan for annotated POJOs is
|
subsequently deployed via the programmatic API ignore the programmatic
|
deployment. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.43_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Switch i18n message files to use UTF-8 and convert to ASCII at build
|
time. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63523">63523</a>: Restore SSLUtilBase methods as protected to preserve
|
compatibility. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Switch the check for terminal availability to test for stdin as using
|
stdout does not work when output is piped to another process. Patch
|
provided by Radosław Józwik. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.42_(markt)"><span style="float: right;">2019-06-07</span> Tomcat 8.5.42 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.42_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57287">57287</a>: Add file sorting to DefaultServlet (schultz)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the default servlet reads the entire global XSLT file if
|
one is defined. Identified by Coverity Scan. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid potential <code>NullPointerException</code> when generating an
|
HTTP <code>Allow</code> header. Identified by Coverity Scan. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Remove any fragment included in the target path used to obtain a
|
<code>RequestDispatcher</code>. The requested target path is logged as a
|
warning since this is an application error. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.42_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Add additional NIO2 style read and write methods closer to core NIO2,
|
for possible use with an asynchronous workflow like CompletableFuture.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid useless exception wrapping in async IO. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63412">63412</a>: Security manager failure when using the async IO
|
API from a webapp. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix concurrency issue that lead to incorrect HTTP/2 connection timeout.
|
(remm/markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Reduce the default for <code>maxConcurrentStreams</code> on the
|
<code>Http2Protocol</code> from 200 to 100 to align with typical
|
defaults for HTTP/2 implementations. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Reduce the default HTTP/2 header list size from 4GB to 32kB to align
|
with typical HTTP/2 implementations. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add support for same-site cookie attribute. Patch provided by John
|
Kelly. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a bug in the stream flushing code that could lead to multiple
|
threads processing the stream concurrently which in turn could cause
|
errors processing the stream. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.42_(markt)/Cluster">Cluster</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62841">62841</a>: Refactor the <code>DeltaRequest</code> serialization
|
to reduce the window during which the <code>DeltaSession</code> is
|
locked and to remove a potential cause of deadlocks during
|
serialization. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63441">63441</a>: Further streamline the processing of session creation
|
messages in the <code>DeltaManager</code> to reduce the possibility of a
|
session update message being processed before the session has been
|
created. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.42_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Treat <code>NoRouteToHostException</code> the same way as
|
<code>SocketTimeoutException</code> when checking the health of group
|
members. This avoids a SEVERE log message every time the check is
|
performed when the host associated with a group member is not powered
|
on. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.42_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Switch from FindBugs to SpotBugs. (fschumacher)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63403">63403</a>: Fix TestHttp2InitialConnection test failures when
|
running with a non-English locale. (kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Use the <code>test</code> command to check for terminal availability
|
rather than the <code>tty</code> command since the <code>tty</code>
|
based test fails on non-English locales. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.41_(markt)"><span style="float: right;">2019-05-13</span> Tomcat 8.5.41 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.41_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a potential resource leak when executing CGI scripts from a WAR
|
file. Identified by Coverity scan. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a potential concurrency issue in the StringCache identified by
|
Coverity scan. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a potential concurrency issue in the main Sendfile thread of the APR
|
connector. Identified by Coverity scan. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a potential resource leak when running a web application from a WAR
|
file. Identified by Coverity scan. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a potential resource leak on some exception paths in the
|
<code>DataSourceRealm</code>. Identified by Coverity scan. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a potential resource leak on an exception path when parsing JSP
|
files. Identified by Coverity scan. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a potential resource leak when a JNDI lookup returns an object of an
|
in compatible class. Identified by Coverity scan. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor <code>ManagerServlet</code> to avoid loading classes when
|
filtering JNDI resources for resources of a specified type. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid <code>OutOfMemoryError</code>s and
|
<code>ArrayIndexOutOfBoundsException</code>s when accessing large files
|
via the default servlet when resource caching has been disabled. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid a <code>NullPointerException</code> when a <code>Context</code> is
|
defined in <code>server.xml</code> with a <code>docBase</code> but not
|
the optional <code>path</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63324">63324</a>: Refactor the <code>CrawlerSessionManagerValve</code>
|
so that the object placed in the session is compatible with session
|
serialization with mem-cached. Patch provided by Martin Lemanski.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63333">63333</a>: Override the <code>isAvailable()</code> method in the
|
<code>JAASRealm</code> so that only login failures caused by invalid
|
credentials trigger account lock out when the <code>LockOutRealm</code>
|
is in use. Patch provided by jchobantonov. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.41_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When running on newer JREs that don't support SSLv2Hello, don't warn
|
that it is not available unless explicitly configured. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor Hostname validation to improve performance. Patch provided by
|
Uwe Hees. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Expand HTTP/2 timeout handling to include connection window exhaustion
|
on write. This is the fix for CVE-2019-10072. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.41_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63335">63335</a>: Ensure that stack traces written by the
|
<code>OneLineFormatter</code> are fully indented. The entire stack trace
|
is now indented by an additional TAB character. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When using the <code>OneLineFormatter</code>, don't print a blank line
|
in the log after printing a stack trace. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Apache Commons DBCP 2 to dcdbc72
|
(2019-04-24) to pick up some clean-up and enhancements less the JDBC 4.2
|
related changes that require Java 8. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Apache Commons Pool 2 to 0664f4d
|
(2019-04-30) to pick up some enhancements and bug fixes. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Apache Commons FileUpload to 41e4047
|
(2019-04-24) pick up some enhancements. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.40_(markt)"><span style="float: right;">2019-04-12</span> Tomcat 8.5.40 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.40_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63196">63196</a>: Provide a default (<code>X-Forwarded-Proto</code>) for
|
the <code>protocolHeader</code> attribute of the
|
<code>RemoteIpFilter</code> and <code>RemoteIpValve</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63235">63235</a>: Refactor Charset cache to reduce start time. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63249">63249</a>: Use a consistent log level (<code>WARN</code>) when
|
logging the failure to register or deregister a JMX Bean. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63249">63249</a>: Use a consistent log level (<code>ERROR</code>) when
|
logging the <code>LifecycleException</code> associated with the failure
|
to start or stop a component. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When the SSI directive <code>fsize</code> is used with an invalid
|
target, return a file size of <code>-</code> rather than
|
<code>1k</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63251">63251</a>: Implement a work-around for a known JRE bug (<a href="https://bugs.openjdk.java.net/browse/JDK-8194653">JDK-8194653</a>)
|
that may cause a dead-lock when Tomcat starts. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63275">63275</a>: When using a <code>RequestDispatcher</code> ensure
|
that <code>HttpServletRequest.getContextPath()</code> returns an encoded
|
path in the dispatched request. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63286">63286</a>: Document the differences in behaviour between the
|
<code>LogFormat</code> directive in httpd and the <code>pattern</code>
|
attribute in the <code>AccessLogValve</code> for <code>%D</code> and
|
<code>%T</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63311">63311</a>: Add support for https URLs to the local resolver within
|
Tomcat used to resolve standard XML DTDs and schemas when Tomcat is
|
configured to validate XML configuration files such as web.xml. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Encode the output of the SSI <code>printenv</code> command. This is the
|
fix for CVE-2019-0221. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Use constants for SSI encoding values. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
When the CGI Servlet is configured with
|
<code>enableCmdLineArguments</code> set to true, limit the encoded form
|
of the individual command line arguments to those values allowed by RFC
|
3875. This restriction may be relaxed by the use of the new
|
initialisation parameter <code>cmdLineArgumentsEncoded</code>. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
When the CGI Servlet is configured with
|
<code>enableCmdLineArguments</code> set to true, limit the decoded form
|
of the individual command line arguments to known safe values when
|
running on Windows. This restriction may be relaxed by the use of the
|
new initialisation parameter <code>cmdLineArgumentsDecoded</code>. This
|
is the fix for CVE-2019-0232. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Change the default for the <code>enableCmdLineArguments</code> parameter
|
of the CGI servlet from <code>true</code> to <code>false</code> as
|
additional hardening against CVE-2019-0232. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.40_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix bad interaction between NIO2 async read API and the regular read.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor NIO2 write pending strategy for the classic IO API. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Harmonize NIO2 isReadyForWrite with isReadyForRead code. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When using a JSSE TLS connector that supported ALPN (Java 9 onwards) and
|
a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and
|
instead dropped the connection. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a regression in the TLS connector refactoring in Tomcat 9.0.17
|
that prevented the use of PKCS#8 private keys with OpenSSL based
|
connectors. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When performing an upgrade from HTTP/1.1 to HTTP/2, ensure that any
|
query string present in the original HTTP/1.1 request is passed to the
|
HTTP/2 request processing. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When Tomcat writes a final response without reading all of an HTTP/2
|
request, reset the stream to inform the client that the remaining
|
request body is not required. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63312">63312</a>: Correct a regression in the error page handling that
|
prevented error pages from issuing redirects or taking other action that
|
required the response status code to be changed. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.40_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add support for specifying Java 11 (with the value <code>11</code>) as
|
the compiler source and/or compiler target for JSP compilation. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add support for specifying Java 12 (with the value <code>12</code>) and
|
Java 13 (with the value <code>13</code>) as the compiler source and/or
|
compiler target for JSP compilation. If used with an ECJ version that
|
does not support these values, a warning will be logged and the latest
|
supported version will used. Based on a patch by Thomas Collignon.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.40_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the handling of exceptions during TLS handshakes for the
|
WebSocket client. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.40_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63184">63184</a>: Expand the SSI documentation to provide more
|
information on the supported directives and their attributes. Patch
|
provided by nightwatchcyber. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add a note to the documentation about the risk of DoS with poorly
|
written regular expressions and the <code>RewriteValve</code>. Patch
|
provided by salgattas. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.40_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63320">63320</a>: Ensure that <code>StatementCache</code> caches
|
statements that include arrays in arguments. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.39_(markt)"><span style="float: right;">2019-03-19</span> Tomcat 8.5.39 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.39_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Minor HTTP/2 push fixes. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor how cookies are transferred from the base request to a
|
<code>PushBuilder</code> so that they are accessible, and may be edited,
|
via the standard <code>PushBuilder</code> methods for working with HTTP
|
headers. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Refactor error handling to enable errors that occur before processing is
|
passed to the application to be handled by the application provided
|
error handling and/or the container provided error handling
|
(<code>ErrorReportValve</code>) as appropriate. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Pass 404 errors triggered by a missing ROOT web application to the
|
container error handling to generate the response body. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Pass 400 errors triggered by invalid request targets to the container
|
error handling to generate the response body. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Pass errors triggered by invalid requests or unavailable services to the
|
application provided error handling and/or the container provided error
|
handling (<code>ErrorReportValve</code>) as appropriate. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor the MBean implementations for the internal Tomcat components
|
to reduce code duplication. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Simplify the value of <code>jarsToSkip</code> property in
|
<code>catalina.properties</code> file for tomcat-i18n jar files.
|
Use prefix pattern instead of listing each language. (kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Restore the getter and setter for the access log valve attribute
|
<code>maxLogMessageBufferSize</code> that were accidentally removed.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63206">63206</a>: Add a new attribute to <code>Context</code> -
|
<code>createUploadTargets</code> which, if <code>true</code> enables
|
Tomcat to create the temporary upload location used by a Servlet if the
|
location specified by the Servlet does not already exist. The default
|
value is <code>false</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63210">63210</a>: Ensure that the Apache Commons DBCP 2 based default
|
connection pool is correctly shutdown when it is no longer required.
|
This ensures that a non-daemon thread is not left running that will
|
prevent Tomcat from shutting down cleanly. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63213">63213</a>: Ensure the correct escaping of group names when
|
searching for nested groups when the JNDIRealm is configured with
|
<code>roleNested</code> set to <code>true</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63236">63236</a>: Use <code>String.intern()</code> as suggested by
|
Phillip Webb to reduce memory wasted due to String duplication. This
|
changes saves ~245k when starting a clean installation. With additional
|
thanks to YourKit Java profiler for helping to track down the wasted
|
memory and the root causes. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63246">63246</a>: Fix a potential <code>NullPointerException</code> when
|
calling <code>AsyncContext.dispatch()</code>. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.39_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the <code>toString()</code>, <code>toBytes()</code> and
|
<code>toChars()</code> methods of <code>MessageBytes</code> behave
|
consistently and do not throw a <code>NullPointerException</code> both
|
on newly created objects and immediately after a call to
|
<code>recycle()</code>. This should not impact typical Tomcat users. It
|
may impact users who use these classes directly in their own code.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When performing an HTTP/1.1 upgrade to HTTP/2 (h2c) ensure that the hostname
|
and port from the HTTP/1.1 Host header of the upgraded request are made
|
available via the standard methods
|
<code>ServletRequest.getServerName()</code> and
|
<code>ServletRequest.getServerPort()</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Make PEM file parser a public utility class. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor the APR/Native endpoint TLS configuration code to enable JSSE
|
style configuration - including JKS keystores - to be used with the
|
APR/Native connector. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
With the TLS configuration refactoring, the configuration attributes
|
<code>sessionCacheSize</code> and <code>sessionTimeout</code> are no
|
longer limited to JSSE implementations. They may now be used with
|
OpenSSL implementations as well. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor NIO2 read pending strategy for the classic IO API. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63182">63182</a>: Avoid extra read notifications for HTTP/1.1 with
|
NIO2 when using asynchronous threads. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63205">63205</a>: Add a work-around for a known
|
<a href="https://bugs.openjdk.java.net/browse/JDK-8157404">JRE KeyStore
|
loading bug</a>. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Sync with NIO2 async API from Tomcat 9 branch. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
NIO2 should try to use SocketTimeoutException everywhere rather than a
|
mix of it and InterruptedByTimeout. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct an error in the request validation that meant that HTTP/2 push
|
requests always resulted in a 400 response. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63223">63223</a>: Correctly account for push requests when tracking
|
currently active HTTP/2 streams. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Verify HTTP/2 stream is still writable before assuming a timeout
|
occurred. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid some overflow cases with OpenSSL to improve efficiency, as the
|
OpenSSL engine has an internal buffer. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Harmonize HTTP/1.1 NIO2 keepalive code. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.39_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Remove the <code>STREAMS_DROP_EMPTY_MESSAGES</code> system property that
|
was introduced to work-around four failing TCK tests. An alternative
|
solution has been implemented. Sending messages via
|
<code>getSendStream()</code> and <code>getSendWriter()</code> will now
|
only result in messages on the wire if data is written to the
|
<code>OutputStream</code> or <code>Writer</code>. Writing zero length
|
data will result in an empty message. Note that sending a message via an
|
<code>Encoder</code> may result in the message being send via
|
<code>getSendStream()</code> or <code>getSendWriter()</code>. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.39_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Use client's preferred language for the Server Status page of the
|
Manager web application. Review and fix several cases when the
|
client's language preference was not respected in Manager and
|
Host Manager web applications. (kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix messages used by Manager and Host Manager web applications.
|
Disambiguate message keys used when adding or removing a host.
|
Improve display of summary values on the status page: separate
|
terms and values with a whitespace. Improve wording of messages
|
for expire sessions command. (kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Do not add CSRF nonce parameter and suppress Referer header for external
|
links in Manager and Host Manager web applications. (kkolinko)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.39_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that members registered in the addSuspects list are static
|
members. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.39_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the coverage and quality of the Russian translations provided
|
with Apache Tomcat. (kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63041">63041</a>: Revert the changes for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=53930">53930</a> that added
|
support for the <code>CATALINA_OUT_CMD</code> environment variable as
|
they prevented correct operation with systemd configurations that did
|
not explicitly specify a PID file. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.38_(markt)"><span style="float: right;">2019-02-08</span> Tomcat 8.5.38 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.38_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=54741">54741</a>: Add a new method,
|
<code>Tomcat.addWebapp(String,URL)</code>, that allows a web application
|
to be deployed from a URL when using Tomcat in embedded mode. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the <code>ServletOutputStream</code> implementation is
|
consistent with the requirements of asynchronous I/O and that all of the
|
write methods use a single write rather than multiple writes. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the Javadoc for <code>Context.getDocBase()</code> and
|
<code>Context.setDocBase()</code> and remove text that indicates that a
|
URL may be used for the <code>docBase</code> as this has not been the
|
case for quite some time. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Ensure that Tomcat is fully terminated when running as a service.
|
(markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Treat I/O errors during request body reads the same way as I/O errors
|
during response body writes. The errors are treated as client side
|
errors rather than server side errors and only logged at debug level.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63038">63038</a>: Ensure that a <code>ClassNotFoundException</code> is
|
thrown when attempting to load a class from a corrupted JAR file.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Make the removal of leading and trailing whitespace from credentials
|
passed to BASIC authentication configurable via a new attribute,
|
<code>trimCredentials</code> on the <code>BasicAuthenticator</code>.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63003">63003</a>: Extend the <code>unloadDelay</code> attribute on a
|
<code>Context</code> to include in-flight asynchronous requests. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63026">63026</a>: Add a new attribute, <code>forceDnHexEscape</code>, to
|
the <code>JNDIRealm</code> that forces escaping in the String
|
representation of a distinguished name to use the <code>\nn</code> form.
|
This may avoid issues with realms using Active Directory which appears
|
to be more tolerant of optional escaping when the <code>\nn</code> form
|
is used. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid a swallowed (and therefore ignored) access failure during web
|
application class loading when running under a
|
<code>SecurityManager</code>. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the recommended minimum Tomcat Native version to 1.2.21. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63137">63137</a>: If the resources for a web application have been
|
configured with multiple locations mapped to
|
<code>/WEB-INF/classes</code>, ensure that all of those locations are
|
used when building the web application class path. Patch provided by
|
Marcin Gołębski. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.38_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63009">63009</a>: Include the optional <code>content-length</code>
|
header in HTTP/2 responses where an appropriate value is available.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63022">63022</a>: Do not use the socket open state when using the
|
wrapper isClosed method for NIO and NIO2, as it will disable all
|
further processing. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix socket close discrepancies for NIO2, now the wrapper close
|
is used everywhere except for socket accept problems. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.38_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63056">63056</a>: Correct a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=53737">53737</a>
|
that did not correctly scan the web application directory structure for
|
JSPs. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Update the performance optimisation for using expressions in tags that
|
depend on uninitialised tag attributes with implied scope to make the
|
performance optimisation aware of the new public class
|
(<code>java.lang.Enum$EnumDesc</code>) added in Java 12. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.38_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57974">57974</a>: Ensure implementation of
|
<code>Session.getOpenSessions()</code> returns correct value for both
|
client-side and server-side calls. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63019">63019</a>: Use payload remaining bytes rather than limit when
|
writing. Submitted by Benoit Courtilly. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When running under a <code>SecurityManager</code>, ensure that the
|
<code>ServiceLoader</code> look-up for the default
|
<code>javax.websocket.server.ServerEndpointConfig.Configurator</code>
|
implementation completes correctly rather than silently using the
|
hard-coded fall-back. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the network connection is closed if the client receives an
|
I/O error trying to communicate with the server. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ignore synthetic methods when scanning POJO methods. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Implement the requirements of section 5.2.1 of the WebSocket 1.1
|
specification and ensure that if the deployment of one Endpoint fails,
|
no Endpoints are deployed for that web application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Implement the requirements of section 4.3 of the WebSocket 1.1
|
specification and ensure that the deployment of an Endpoint fails if
|
<code>@PathParam</code> is used with an invalid parameter type. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure a <code>DeploymentException</code> rather than an
|
<code>IllegalArgumentException</code> is thrown if a method annotated
|
with <code>@OnMessage</code> does not conform to the requirements set
|
out in the Javadoc. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve algorithm that determines if two <code>@OnMessage</code>
|
annotations have been added for the same message type. Prior to this
|
change some matches were missed. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.38_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63103">63103</a>: Remove the unused source.jsp file and associated tag
|
from the examples web application as it is no longer used. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63143">63143</a>: Ensure that the Manager web application respects the
|
language preferences of the user as configured in the browser when the
|
language of the default system locale is not English. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.38_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add EncryptInterceptor to the portfolio of available clustering
|
interceptors. This adds symmetric encryption of session data
|
to Tomcat clustering regardless of the type of cluster manager
|
or membership being used. (schultz)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.21 to
|
pick up the memory leak fixes when using NIO/NIO2 with OpenSSL. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.38_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63041">63041</a>: Correct a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=53930">53930</a>
|
that prevented Tomcat from working correctly with systemd. Patch
|
provided by Patrik S. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the NSIS Installer used to build the Windows installer to version
|
3.04. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.37_(markt)"><span style="float: right;">2018-12-18</span> Tomcat 8.5.37 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.37_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the recommended minimum Tomcat Native version to 1.2.19. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.37_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.19 to
|
pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL
|
1.1.1a. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.36_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.36 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.36_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62788">62788</a>: Add explicit logging configuration to write log files
|
using UTF-8 to align with Tomcat's use of UTF-8 by default
|
elsewhere. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
The default Servlet should not override a previously set content-type.
|
(remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62897">62897</a>: Provide a property
|
(<code>clearReferencesThreadLocals</code>) on the standard
|
<code>Context</code> implementation that enables the check for memory
|
leaks via <code>ThreadLocal</code>s to be disabled because this check
|
depends on the use of an API that has been deprecated in later versions
|
of Java. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix more storeconfig issues with duplicated SSL attributes. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62968">62968</a>: Avoid unnecessary (and relatively expensive)
|
<code>getResources()</code> call in the Mapper when processing rule 7.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62978">62978</a>: Update the RemoteIpValve to handle multiple values in
|
the <code>x-forwarded-proto</code> header. Patch provided by Tom Groot.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Update the RemoteIpFilter to handle multiple values in the
|
<code>x-forwarded-proto</code> header. Based on a patch provided by Tom
|
Groot. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62986">62986</a>: Refactor the code that performs class scanning during
|
web application start to make integration simpler for downstream users.
|
Patch provided by rmannibucau. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62988">62988</a>: Fix the <code>LoadBalancerDrainingValve</code> so it
|
works when the session cookie configuration is not explicitly declared.
|
Based on a patch provided by Andreas Kurth. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63002">63002</a>: Fix setting rewrite qsdiscard flag. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Implement the requirements of section 8.2.2 2c of the Servlet
|
specification and prevent a web application from deploying if it has
|
fragments with duplicate names and is configured to use relative
|
ordering of fragments. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.36_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid an exception when using Tomcat Native built with a version of
|
OpenSSL that does not support TLSv1.3. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62899">62899</a>: Prevent the incorrect timing out of connections when
|
Servlet non-blocking I/O is used to read a request body over an HTTP/2
|
stream. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid bad SSLHostConfig JMX registrations before init. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.36_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=53737">53737</a>: Extend JspC, the precompilation tool, to include
|
support for resource JARs. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62976">62976</a>: Avoid an <code>IllegalStateException</code> when using
|
background compilation when tag files are packaged in JAR files. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.36_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62918">62918</a>: Filter out subtype mbeans to avoid breaking the
|
connector status page. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.36_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Prevent an error when running in a Cygwin shell and the
|
<code>JAVA_ENDORSED_DIRS</code> system property is empty. Patch provided
|
by Zemian Deng. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=53930">53930</a>: Add support for the <code>CATALINA_OUT_CMD</code>
|
environment variable that defines a command to which captured stdout and
|
stderr will be redirected. Patch provided by Casey Lucas. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.35_(markt)"><span style="float: right;">2018-11-07</span> Tomcat 8.5.35 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.35_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61692">61692</a>: Add the ability to control which HTTP methods are
|
handled by the CGI Servlet via a new initialization parameter
|
<code>cgiMethods</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62687">62687</a>: Expose content length information for resources
|
when using a compressed war. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62737">62737</a>: Fix rewrite substitutions parsing of {} nesting.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add rewrite flags output when getting the rewrite configuration back.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add missing qsdiscard flag to the rewrite flags as a cleaner way to
|
discard the query string. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add documentation about the files <code>context.xml.default</code> and
|
<code>web.xml.default</code> that can be used to customize <code>conf/context.xml</code>
|
and <code>conf/web.xml</code> on a per host basis. (fschumacher)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that a canonical path is always used for the docBase of a Context
|
to ensure consistent behaviour. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62803">62803</a>: Fix SSL connector configuration processing
|
in storeconfig. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62797">62797</a>: Pass throwable to keep client aborts with status 200
|
rather than 500. Patch submitted by zikfat. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62809">62809</a>: Correct a regression in the implementation of DIGEST
|
authentication support for the Deployer Ant tasks (bug <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=45832">45832</a>)
|
that prevented the <code>DeployTask</code> from working when
|
authentication was required. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the recommended minimum Tomcat Native version to 1.2.18. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Ignore an attribute named <code>source</code> on <code>Context</code>
|
elements provided by <code>StandardContext</code>. This is to suppress
|
warnings generated by the Eclipse / Tomcat integration provided by
|
Eclipse. Based on a patch by mdfst13. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62830">62830</a>: Added <code>JniLifeCycleListener</code> and static
|
methods <code>Library.loadLibrary(libraryName)</code> and
|
<code>Library.load(filename)</code> to load a native library by a
|
shared class loader so that more than one Webapp can use it. (isapir)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a typo in the Spanish resource files. Patch provided by Diego
|
Agulló. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62868">62868</a>: Order the <code>Enumeration<URL></code> provided
|
by <code>WebappClassLoaderBase.getResources(String)</code> according to
|
the setting of the delegate flag. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.35_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add TLSv1.3 to the default protocols and to the <code>all</code>
|
alias for JSSE based TLS connectors when running on a JVM that
|
supports TLS version 1.3. One such JVM is OpenJDK version 11. (rjung)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62685">62685</a>: Correct an error in host name validation parsing that
|
did not allow a fully qualified domain name to terminate with a period.
|
Patch provided by AG. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62739">62739</a>: Do not reject requests with an empty HTTP Host header.
|
Such requests are unusual but not invalid. Patch provided by Michael
|
Orr. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62748">62748</a>: Add TLS 1.3 support for the APR/Native connector and
|
the NIO/NIO2 connector when using the OpenSSL backed JSSE
|
implementation. (schultz/markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62791">62791</a>: Remove an unnecessary check in the NIO TLS
|
implementation that prevented from secure WebSocket connections from
|
being established. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix server initiated TLS renegotiation to obtain a client certificate
|
when using NIO/NIO2 and the OpenSSL backed JSSE TLS implementation.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62871">62871</a>: Improve MBeans for Endpoint instances (type
|
<code>ThreadPool</code> in JMX) by using explicit declaration of
|
attributes and operations rather than relying on introspection. Add a
|
new MBean to expose the <code>Socketproperties</code> values. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.35_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct parsing of XML whitespace in TLD function signatures that
|
incorrectly only looked for the space character. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62674">62674</a>: Correct a regression in the stand-alone JSP compiler
|
utility, <code>JspC</code>, caused by the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=53492">53492</a>, that
|
caused the JSP compiler to hang. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62721">62721</a>: Correct generation of web.xml header when using JspC.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62757">62757</a>: Correct a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62603">62603</a>
|
that caused <code>NullPointerException</code>s when compiling tag files
|
on first access when development mode was disabled and background
|
compilation was enabled. Based on a patch by Jordi Llach. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.35_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62731">62731</a>: Make the URI returned by
|
<code>HandshakeRequest.getRequestURI()</code> and
|
<code>Session.getRequestURI()</code> absolute so that the scheme, host
|
and port are accessible. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.35_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62676">62676</a>: Expand the CORS filter documentation to make it clear
|
that explicit configuration is required to enable support for
|
cross-origin requests. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62712">62712</a>: Correct NPE in Manager application when attempting to
|
view configured certificates for an APR/native TLS connector. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62761">62761</a>: Correct the advanced CORS example in the Filter
|
documentation to use a valid configuration. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62786">62786</a>: Add a note to the Context documentation to explain
|
that, by default, settings for a Context element defined in server.xml
|
will be overwritten by settings specified in a default context file such
|
as <code>conf/context.xml</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Create a little visual separation between the Undeploy button and the
|
other buttons in the Manager application. Patch provided by Łukasz
|
Jąder. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.35_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Apache Commons Pool 2 to d4e0e88
|
(2018-09-12) to pick up some bug fixes and enhancements. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.18 to
|
pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL
|
1.1.1. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.34_(markt)"><span style="float: right;">2018-09-10</span> Tomcat 8.5.34 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.34_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Make the <code>isLocked()</code> method of the <code>LockOutRealm</code>
|
public and expose the method via JMX. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the handling of path parameters when working with
|
RequestDispatcher objects. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62664">62664</a>: Process requests with content type
|
<code>multipart/form-data</code> to servlets with a
|
<code>@MultipartConfig</code> annotation regardless of HTTP method.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62667">62667</a>: Add recursion to rewrite substitution parsing. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62669">62669</a>: When using the SSIFilter and a resource does not
|
specify a content type, do not force the content type to
|
<code>application/x-octet-stream</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62670">62670</a>: Adjust the memory leak protection for the
|
<code>DriverManager</code> so that JDBC drivers located in
|
<code>$CATALINA_HOME/lib</code> and <code>$CATALINA_BASE/lib</code> are
|
loaded via the service loader mechanism when the protection is enabled.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When generating a redirect to a directory in the Default Servlet, avoid
|
generating a protocol relative redirect. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.34_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix potential deadlocks when using asynchronous Servlet processing with
|
HTTP/2 connectors. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62620">62620</a>: Fix corruption of response bodies when writing large
|
bodies using asynchronous processing over HTTP/2. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62628">62628</a>: Additional fixes for output corruption of response
|
bodies when writing large bodies using asynchronous processing over
|
HTTP/2. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.34_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the JSP version in the X-PoweredBy HTTP header generated when
|
the xpoweredBy option is enabled. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62662">62662</a>: Fix the corruption of web.xml output during JSP
|
compilation caused by the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=53492">53492</a>. Patch provided by
|
Bernhard Frauendienst. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.34_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the information in the documentation web application regarding
|
the use of <code>CATALINA_HOME</code> and <code>CATALINA_BASE</code>.
|
Patch provided by Marek Czernek. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62652">62652</a>: Make it clearer that the version of DBCP that is
|
packaged in Tomcat 8.5.x is DBCP 2. Correct the names of some DBCP 2
|
configuration attributes that changed between 1.x and 2.x. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62666">62666</a>: Expand internationalisation support in the Manager
|
application to include the server status page and provide Russian
|
translations in addition to English. Patch provided by Artem Chebykin.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.34_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Switch the build script to use http for downloads from an ASF mirror
|
using the closer.lua script to avoid failures due to HTTPS to HTTP
|
redirects. (rjung)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.33_(markt)"><span style="float: right;">2018-08-17</span> Tomcat 8.5.33 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.33_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the HTTP Vary header is set correctly when using the CORS
|
filter and improve the cacheability of requests that pass through the
|
COPRS filter. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62527">62527</a>: Revert restriction of JNDI to the <code>java:</code>
|
namespace. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Introduce a new class - <code>MultiThrowable</code> - to report
|
exceptions when multiple actions are taken where each action may throw
|
an exception but all actions are taken before any errors are reported.
|
Use this new class when reporting multiple container (e.g. web
|
application) failures during start. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly decode URL paths (<code>+</code> should not be decoded to a
|
space in the path) in the <code>RequestDispatcher</code> and the web
|
application class loader. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Make logout more robust if JASPIC subject is unexpectedly unavailable.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62547">62547</a>: JASPIC <code>cleanSubject()</code> was not called on
|
logout when the authenticator was configured to cache the authenticated
|
Principal. Patch provided by Guillermo González de Agüero. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62559">62559</a>: Add <code>jaxb-*.jar</code> to the list of JARs
|
ignored by <code>StandardJarScanner</code>. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62560">62560</a>: Add <code>oraclepki.jar</code> to the list of JARs
|
ignored by <code>StandardJarScanner</code>. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62607">62607</a>: Return a non-zero exit code from
|
<code>catalina.[bat|sh] run</code> if Tomcat fails to start. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Remove <code>ServletException</code> from declaration of
|
<code>Tomcat.addWebapp(String,String)</code> since it is never thrown.
|
Patch provided by Tzafrir. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Use short circuit logic to prevent potential NPE in CorsFilter. (fschumacher)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Simplify construction of appName from container name in JAASRealm. (fschumacher)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.33_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60560">60560</a>: Add support for using an inherited channel to
|
the NIO connector. Based on a patch submitted by Thomas Meyer with
|
testing and suggestions by Coty Sutherland. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62507">62507</a>: Ensure that JSSE based TLS connectors work correctly
|
with a DKS keystore. Note: DKS keystores require Java 8 or later.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor code that adds an additional header name to the
|
<code>Vary</code> HTTP response header to use a common utility method
|
that addresses several additional edge cases. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62515">62515</a>: When a connector is configured (via setting
|
<code>bindOnInit</code> to <code>false</code>) to bind/unbind the server
|
socket during start/stop, close the socket earlier in the stop process
|
so new connections do not sit in the TCP backlog during the shutdown
|
process only to be dropped as stop completes. In this scenario new
|
connections will now be refused immediately. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62526">62526</a>: Correctly handle PKCS12 format key stores when the key
|
store password is configured to be the empty string. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix error in back-port of HTTP/2 compression that meant compression was
|
never enabled. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62605">62605</a>: Ensure <code>ReadListener.onDataAvailable()</code> is
|
called when the initial request body data arrives after the request
|
headers when using asynchronous processing over HTTP/2. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62614">62614</a>: Ensure that
|
<code>WriteListener.onWritePossible()</code> is called after
|
<code>isReady()</code> returns <code>false</code> and the window size is
|
subsequently incremented when using asynchronous processing over HTTP/2.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.33_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=53011">53011</a>: When pre-compiling with JspC, report all compilation
|
errors rather than stopping after the first error. A new option
|
<code>-failFast</code> can be used to restore the previous behaviour of
|
stopping after the first error. Based on a patch provided by Marc Pompl.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=53492">53492</a>: Make the Java file generation process multi-threaded.
|
By default, one thread will be used per core. Based on a patch by Dan
|
Fabulich. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62453">62453</a>: Add a performance optimisation for using expressions
|
in tags that depend on uninitialised tag attributes with implied scope.
|
Generally, using an explicit scope with tag attributes in EL is the best
|
way to avoid various potential performance issues. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly decode URL paths (<code>+</code> should not be decoded to a
|
space in the path) in the Jasper class loader. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62603">62603</a>: Fix a potential race condition when development mode
|
is disabled and background compilation checks are enabled. It was
|
possible that some updates would not take effect and/or
|
<code>ClassNotFoundException</code>s would occur. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.33_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62596">62596</a>: Remove the limit on the size of the initial HTTP
|
upgrade request used to establish the web socket connection. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.33_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61565">61565</a>: Add the ability to trigger a reloading of TLS host
|
configuration (certificate and key files, server.xml is not re-parsed)
|
via the Manager web application. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62558">62558</a>: Add Russian translations for the Manager and Host
|
Manager web applications. Based on a patch by Ivan Krasnov. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62561">62561</a>: Add advanced class loader configuration information
|
regarding the use of the Server and Shared class loaders to the
|
documentation web application. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.33_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensures that the specified <code>rxBufSize</code> is correctly set to
|
receiver buffer size. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.33_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Support building with Java 9+ while preserving the Java 7 compatibility
|
at runtime (requires Ant 1.9.8 or later). (ebourg)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update WSDL4J library to version 1.6.3 (from 1.6.2). (kkolinko)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update JUnit library to version 4.12 (from 4.11). (kkolinko)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Downgrade CGLib library used for testing with EasyMock to version
|
2.2.2 (from 2.2.3) as version 2.2.3 is not available from Maven Central.
|
(markt/kkolinko)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Implement checksum checks when downloading dependencies that are used
|
to build Tomcat. (kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fixed spelling. Patch provided by Jimmy Casey via GitHub. (violetagg)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Apache Commons Pool 2 to 3e02523
|
(2018-08-09) to pick up some bug fixes and enhancements. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Apache Commons DBCP 2 to abc0484
|
(2018-08-09) to pick up some bug fixes and enhancements. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct various spelling errors throughout the source code and
|
documentation. Patch provided by Kazuhiro Sera. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.32_(markt)"><span style="float: right;">2018-06-25</span> Tomcat 8.5.32 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.32_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Treat the <code><mapped-name></code> element of a
|
<code><env-entry></code> in web.xml in the same way as the
|
<code>mappedName</code> element of the equivalent <code>@Resource</code>
|
annotation. Both now attempt to set the <code>mappedName</code> property
|
of the resource. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the processing of resources with
|
<code><injection-target></code>s defined in web.xml. First look
|
for a match using JavaBean property names and then, only if a match is
|
not found, look for a match using fields. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When restoring a saved request with a request body after FORM
|
authentication, ensure that calls to the <code>HttpServletRequest</code>
|
methods <code>getRequestURI()</code>, <code>getQueryString()</code> and
|
<code>getProtocol()</code> are not corrupted by the processing of the
|
saved request body. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
JNDI resources that are defined with injection targets but no value are
|
now treated as if the resource is not defined. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that JNDI names used for <code><lookup-name></code> entries
|
in web.xml and for <code>lookup</code> elements of
|
<code>@Resource</code> annotations specify a name with an explicit
|
<code>java:</code> namespace. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor the <code>org.apache.naming</code> package to reduce duplicate
|
code. Duplicate code identified by the Simian tool. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=50019">50019</a>: Add support for <code><lookup-name></code>.
|
Based on a patch by Gurkan Erdogdu. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=51953">51953</a>: Add the <code>RemoteCIDRFilter</code> and
|
<code>RemoteCIDRValve</code> that can be used to allow/deny requests
|
based on IPv4 and/or IPv6 client address where the IP ranges are defined
|
using CIDR notation. Based on a patch by Francis Galiegue. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62343">62343</a>: Make CORS filter defaults more secure. This is the fix
|
for CVE-2018-8014. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the web application resources implementation does not
|
incorrectly cache results for resources that are only visible as class
|
loader resources. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Make all loggers associated with Tomcat provided Filters non-static to
|
ensure that log messages are not lost when a web application is
|
reloaded. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the manifest for the annotations-api.jar. The JAR implements the
|
Common Annotations API 1.2 and the manifest should reflect that. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Switch to non-static loggers where there is a possibility of a logger
|
becoming associated with a web application class loader causing log
|
messages to be lost if the web application is stopped. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62389">62389</a>: Add the IPv6 loopback address to the default
|
<code>internalProxies</code> regular expression. Patch by Craig Andrews.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
In the <code>RemoteIpValve</code> and <code>RemoteIpFilter</code>,
|
correctly handle the case when the request passes through one or more
|
<code>trustedProxies</code> but no <code>internalProxies</code>. Based
|
on a patch by zhanhb. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the logic in <code>MBeanFactory.removeConnector()</code> to
|
ensure that the correct Connector is removed when there are multiple
|
Connectors using different addresses but the same port. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Make <code>JAASRealm</code> mis-configuration more obvious by requiring
|
the authenticated Subject to include at least one Principal of a type
|
specified by <code>userClassNames</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62476">62476</a>: Use GMT timezone for the value of
|
<code>Expires</code> header as required by HTTP specification
|
(RFC 7231, 7234). (kkolinko)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.32_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Consistent exception propagation for NIO2 SSL close. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Log an error message if the AJP connector detects that the reverse proxy
|
is sending AJP messages that are too large for the configured
|
<code>packetSize</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Relax Host validation by removing the requirement that the final
|
component of a FQDN must be alphabetic. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62371">62371</a>: Improve logging of Host validation failures. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add missing handshake timeout for NIO2. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly handle a digest authorization header when the user name
|
contains an escaped character. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly handle a digest authorization header when one of the hex
|
field values ends the header with in an invalid character. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly handle an invalid quality value in an
|
<code>Accept-Language</code> header. (markt)
|
</li>
|
<li><img alt="Docs: " class="icon" src="./images/docs.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62423">62423</a>: Fix SSL docs CRL attribute typo. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve IPv6 validation by ensuring that IPv4-Mapped IPv6 addresses do
|
not contain leading zeros in the IPv4 part. Based on a patch by Katya
|
Stoycheva. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix <code>NullPointerException</code> thrown from <code>
|
replaceSystemProperties()</code> when trying to log messages. (csutherl)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid unnecessary processing of async timeouts. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.32_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=50234">50234</a>: Add the capability to generate a web-fragment.xml file
|
to JspC. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62080">62080</a>: Ensure that all reads of the current thread's context
|
class loader made by the UEL API and implementation are performed via a
|
<code>PrivilegedAction</code> to ensure that a
|
<code>SecurityException</code> is not triggered when running under a
|
<code>SecurityManager</code>. (mark)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62350">62350</a>: Refactor
|
<code>org.apache.jasper.runtime.BodyContentImpl</code> so a
|
<code>SecurityException</code> is not thrown when running under a
|
SecurityManger and additional permissions are not required in the
|
<code>catalina.policy</code> file. This is a follow-up to the fix for
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=43925">43925</a>. (kkolinko/markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Update web.xml, web-fragment.xml and web.xml extracts generated by JspC
|
to use the Servlet 3.1 version of the relevant schemas. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.32_(markt)/Cluster">Cluster</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Remove duplicate calls when creating a replicated session to reduce the
|
time taken to create the session and thereby reduce the chances of a
|
subsequent session update message being ignored because the session does
|
not yet exist. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.32_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When decoding of path parameter failed, make sure to throw
|
<code>DecodeException</code> instead of throwing
|
<code>ArrayIndexOutOfBoundsException</code>. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Enable host name verification when using TLS with the WebSocket client.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.32_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62395">62395</a>: Clarify the meaning of the connector attribute
|
<code>minSpareThreads</code> in the documentation web application.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the documentation for the <code>allowHostHeaderMismatch</code>
|
attribute of the standard HTTP Connector implementations. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.32_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the correct default value is returned when retrieve unset
|
properties in <code>McastService</code>. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.32_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When <code>logValidationErrors</code> is set to true, the connection
|
validation error is logged as <code>SEVERE</code> instead of
|
<code>WARNING</code>. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.32_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62391">62391</a>: Remove references to <code>javaw.exe</code> as this
|
file is not required by Tomcat and the references prevent the use of the
|
Server JRE. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.17 to
|
pick up the latest Windows binaries built with APR 1.6.3 and OpenSSL
|
1.0.2o. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62458">62458</a>: Update the internal fork of Commons Pool 2 to dfef97b
|
(2018-06-18) to pick up some bug fixes and enhancements. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons DBCP 2 to 2.4.0. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.31_(markt)"><span style="float: right;">2018-05-03</span> Tomcat 8.5.31 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.31_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62263">62263</a>: Avoid a <code>NullPointerException</code> when the
|
<code>RemoteIpValve</code> processes a request for which no Context can
|
be found. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a rare edge case that is unlikely to occur in real usage. This edge
|
case meant that writing long streams of UTF-8 characters to the HTTP
|
response that consisted almost entirely of surrogate pairs could result
|
in one surrogate pair being dropped. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Register MBean when DataSource Resource <code>
|
type="javax.sql.XADataSource"</code>. Patch provided by Masafumi Miura.
|
(csutherl)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Update the internal fork of Apache Commons BCEL to r1829827 to add early
|
access Java 11 support to the annotation scanning code. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62297">62297</a>: Enable the <code>CrawlerSessionManagerValve</code> to
|
correctly handle bots that crawl multiple hosts and/or web applications
|
when the Valve is configured on a Host or an Engine. (fschumacher)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62309">62309</a>: Fix a <code>SecurityException</code> when using JASPIC
|
under a <code>SecurityManager</code> when authentication is not
|
mandatory. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62329">62329</a>: Correctly list resources in JAR files when directories
|
do not have dedicated entries. Patch provided by Meelis Müür. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Collapse multiple leading <code>/</code> characters to a single
|
<code>/</code> in the return value of
|
<code>HttpServletRequest#getContextPath()</code> to avoid issues if the
|
value is used with <code>HttpServletResponse#sendRedirect()</code>. This
|
behaviour is enabled by default and configurable via the new Context
|
attribute <code>allowMultipleLeadingForwardSlashInPath</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve handing of overflow in the UTF-8 decoder with supplementary
|
characters. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.31_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct off-by-one error in thread pool that allowed thread pools to
|
increase in size to one more than the configured limit. Patch provided
|
by usc. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Prevent unexpected TLS handshake failures caused by errors during a
|
previous handshake that were not correctly cleaned-up when using the NIO
|
or NIO2 connector with the <code>OpenSSLImplementation</code>. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Enable strict validation of the provided host name and port for all
|
connectors. Requests with invalid host names and/or ports will be
|
rejected with a 400 response. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62273">62273</a>: Implement configuration options to work-around
|
specification non-compliant user agents (including all the major
|
browsers) that do not correctly %nn encode URI paths and query strings
|
as required by RFC 7230 and RFC 3986. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.31_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Enable ECJ version 4.7 and later to be used as a drop in replacement for
|
the ECJ version that ships with Apache Tomcat. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Enable Java 10 to be specified as a JSP source and/or target if a newer
|
ECJ version is used. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62287">62287</a>: Do not rely on hash codes to test instances of
|
<code>ValueExpressionImpl</code> for equality. Patch provided by Mark
|
Struberg. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.31_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62301">62301</a>: Correct a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61491">61491</a>
|
that didn't correctly handle a final empty message part in all
|
circumstances when using <code>PerMessageDeflate</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62332">62332</a>: Ensure WebSocket connections are closed after an I/O
|
error is experienced reading from the client. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.31_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid warning when running under Cygwin when the
|
<code>JAVA_ENDORSED_DIRS</code> environment variable is not set. Patch
|
provided by Zemian Deng. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.30_(markt)"><span style="float: right;">2018-04-07</span> Tomcat 8.5.30 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.30_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=51195">51195</a>: Avoid a false positive report of a web application
|
memory leak by clearing <code>ObjectStreamClass$Caches</code> of classes
|
loaded by the web application when the web application is stopped.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=52688">52688</a>: Add support for the <code>maxDays</code> attribute to
|
the <code>AccessLogValve</code> and <code>ExtendedAccessLogValve</code>.
|
This allows the maximum number of days for which rotated access logs
|
should be retained before deletion to be defined. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure the MBean names for the <code>SSLHostConfig</code> and
|
<code>SSLHostConfigCertificate</code> are correctly formed when the
|
<code>Connector</code> is bound to a specific IP address. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62168">62168</a>: When using the <code>PersistentManager</code> honor a
|
value of <code>-1</code> for <code>minIdleSwap</code> and do not swap
|
out sessions to keep the number of active sessions under
|
<code>maxActive</code>. Patch provided by Holger Sunke. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62172">62172</a>: Improve Javadoc for
|
<code>org.apache.catalina.startup.Constants</code> and ensure that the
|
constants are correctly used. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62175">62175</a>: Avoid infinite recursion, when trying to validate
|
a session while loading it with <code>PersistentManager</code>.
|
(fschumacher)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that <code>NamingContextListener</code> instances are only
|
notified once of property changes on the associated naming resources.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add LoadBalancerDrainingValve, a Valve designed to reduce the amount of
|
time required for a node to drain its authenticated users. (schultz)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62224">62224</a>: Disable the <code>forkJoinCommonPoolProtection</code>
|
of the <code>JreMemoryLeakPreventionListener</code> when running on Java
|
9 and above since the underlying JRE bug has been fixed. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.30_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid potential loop in APR/Native poller. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure streams that are received but not processed are excluded from the
|
tracking of maximum ID of processed streams. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor the check for a paused connector to consistently prevent new
|
streams from being created after the connector has been paused. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve debug logging for HTTP/2 pushed streams. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
The OpenSSL engine SSL session will now ignore invalid accesses. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62177">62177</a>: Correct two protocol errors with HTTP/2
|
<code>PUSH_PROMISE</code> frames. Firstly, the HTTP/2 protocol only
|
permits pushes to be sent on peer initiated requests. Secondly, pushes
|
must be sent in order of increasing stream ID. These restriction were
|
not being enforced leading to protocol errors at the client. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.30_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add document for <code>FragmentationInterceptor</code>. (kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Document how the roles for an authenticated user are determined when the
|
<code>CombinedRealm</code> is used. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.30_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add JMX support for <code>FragmentationInterceptor</code> in order to
|
prevent warning of startup. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.30_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that <code>SQLWarning</code> has been cleared when connection
|
returns to the pool. (kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Enable clearing of <code>SQLWarning</code> via JMX. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that parameters have been cleared when
|
<code>PreparedStatement</code> and/or <code>CallableStatement</code> are
|
cached. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Enable PoolCleaner to be started even if <code>validationQuery</code>
|
is not set. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.30_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62164">62164</a>: Switch the build script to use TLS for downloads from
|
SourceForge and Maven Central to avoid failures due to HTTP to HTTPS
|
redirects. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Always report the OS's umask when launching the JVM. (schultz)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.29_(markt)"><span style="float: right;">2018-03-08</span> Tomcat 8.5.29 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.29_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Minor optimization when calling class transformers. (rjung)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Prevent Tomcat from applying gzip compression to content that is already
|
compressed with brotli compression. Based on a patch provided by burka.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62090">62090</a>: Null container names are not allowed. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62104">62104</a>: Fix programmatic login regression as the
|
NonLoginAuthenticator has to be set for it to work (if no login method
|
is specified). (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62117">62117</a>: Improve error message in <code>catalina.sh</code> when
|
calling <code>kill -0 <pid></code> fails. Based on a suggestion
|
from Mark Morschhaeuser. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62118">62118</a>: Correctly create a JNDI <code>ServiceRef</code> using
|
the specified interface rather than the concrete type. Based on a
|
suggestion by Ángel Álvarez Páscua. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix for <code>RequestDumperFilter</code> log attribute. Patch provided
|
by Kirill Romanov via Github. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62123">62123</a>: Avoid <code>ConcurrentModificationException</code>
|
when attempting to clean up application triggered RMI memory leaks on
|
web application stop. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60276">60276</a> that meant that
|
compression was applied to all MIME types. Patch provided by Stefan
|
Knoblich. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.29_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add minor HPACK fixes, based on fixes by Stuart Douglas. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61751">61751</a>: Follow up fix so that OpenSSL engine returns
|
underflow when unwrapping if no bytes were produced and the input is
|
empty. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Minor OpenSSL engine cleanups. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
NIO SSL handshake should throw an exception on overflow status, like
|
NIO2 SSL. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.29_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=48672">48672</a>: Add documentation for the Host Manager web
|
application. Patch provided by Marek Czernek. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Work-around a known, non-specification compliant behaviour in some
|
versions of IE that can allow XSS when the Manager application generates
|
a plain text response. Based on a suggestion from Muthukumar Marikani.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.29_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the build script so MD5 hashes are no longer generated for
|
releases as per the change in the ASF distribution policy. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.28_(markt)"><span style="float: right;">2018-02-11</span> Tomcat 8.5.28 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.28_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Prevent a stack trace being written to standard out when running on Java
|
10 due to changes in the <code>LogManager</code> implementation. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62000">62000</a>: When a JNDI reference cannot be resolved, ensure that
|
the root cause exception is reported rather than swallowed. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62036">62036</a>: When caching an authenticated user Principal in the
|
session when the web application is configured with the
|
<code>NonLoginAuthenticator</code>, cache the internal Principal object
|
rather than the user facing Principal object as Tomcat requires the
|
internal object to correctly process later authorization checks. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid duplicate load attempts if one has been made already. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62067">62067</a>: Correctly apply security constraints mapped to the
|
context root using a URL pattern of <code>""</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When using Tomcat embedded, only perform Authenticator configuration
|
once during web application start. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Process all <code>ServletSecurity</code> annotations at web application
|
start rather than at servlet load time to ensure constraints are applied
|
consistently. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.28_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61751">61751</a>: Fix truncated request input streams when using NIO2
|
with TLS. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62023">62023</a>: Log error reporting multiple SSLHostConfig elements
|
when using the APR Connector instead of crashing Tomcat. (csutherl)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62032">62032</a>: Fix NullPointerException when certificateFile is not
|
defined on an SSLHostConfig and unify the behavior when a
|
certificateFile is defined but the file does not exist for both
|
JKS and PEM file types. (csutherl)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.28_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62024">62024</a>: When closing a connection with an abnormal close,
|
close the socket immediately rather than waiting for a close message
|
from the client that may never arrive. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Webapps">Webapps</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62049">62049</a>: Fix missing class from manager 404 JSP error page.
|
(remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.28_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Enhance the JMX support for jdbc-pool in order to expose
|
<code>PooledConnection</code> and <code>JdbcInterceptors</code>.
|
(kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add MBean for <code>PooledConnection</code>. (kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62011">62011</a>: Add MBean for <code>StatementCache</code>. (kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expose the cache size for each connection via JMX in
|
<code>StatementCache</code>. (kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add MBean for <code>ResetAbandonedTimer</code>. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.28_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the NSIS Installer used to build the Windows installer to version
|
3.03. (kkolinko)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.27_(markt)"><span style="float: right;">2018-01-22</span> Tomcat 8.5.27 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.27_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a regression in the previous fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61916">61916</a> that meant
|
that any call to <code>addHeader()</code> would have been replaced with
|
a call to <code>setHeader()</code> for all requests mapped to the
|
<code>AddDefaultCharsetFilter</code>. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.27_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61993">61993</a>: Improve handling for <code>ByteChunk</code> and
|
<code>CharChunk</code> instances that grow close to the maximum size
|
allowed by the JRE. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.27_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=43925">43925</a>: Add a new system property
|
(<code>org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE</code>) to
|
control the size of the buffer used by Jasper when buffering tag bodies.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.27_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=62006">62006</a>: Document the new <code>JvmOptions9</code> command line
|
parameter for <code>tomcat8.exe</code>. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.26_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.26 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.26_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct Javadoc errors in release build.
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.25_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.25 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.25_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=47214">47214</a>: Use a loop to preload anonymous inner classes
|
when running under a <code>SecurityManager</code>, to be safe for
|
future changes in the code or using a different compiler. (kkolinko)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57619">57619</a>: Implement a small optimisation to how JAR URLs are
|
processed to reduce the storage of duplicate String objects in memory.
|
Patch provided by Dmitri Blinov. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add some missing NPEs to ServletContext. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61916">61916</a>: Extend the <code>AddDefaultCharsetFilter</code> to add
|
a character set when the content type is set via
|
<code>setHeader()</code> or <code>addHeader()</code> as well as when it
|
is set via <code>setContentType()</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61999">61999</a>: maxSavePostSize set to 0 should disable saving POST
|
data during authentication. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.25_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60276">60276</a>: Implement GZIP compression support for responses
|
served over HTTP/2. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Do not call onDataAvailable without any data to read. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61886">61886</a>: Log errors on non-container threads at
|
<code>DEBUG</code> rather than <code>INFO</code>. The exception will be
|
made available to the application via the asynchronous error handling
|
mechanism. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61914">61914</a>: Possible NPE with Java 9 when creating an SSL engine.
|
Patch submitted by Evgenij Ryazanov. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61918">61918</a>: Fix connectionLimitLatch counting when closing an
|
already closed socket. Based on a patch by Ryan Fong. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add support for the OpenSSL ARIA ciphers to the OpenSSL to JSSE
|
cipher mapping. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61932">61932</a>: Allow a call to <code>AsyncContext.dispatch()</code>
|
to terminate non-blocking I/O. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61948">61948</a>: Improve the handling of malformed ClientHello messages
|
in the code that extracts the SNI information from a TLS handshake for
|
the JSSE based NIO and NIO2 connectors. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix NIO2 handshaking with a full input buffer. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Return a simple, plain text error message if a client attempts to make a
|
plain text HTTP connection to a TLS enabled NIO or NIO2 Connector.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly handle EOF when <code>ServletInputStream.isReady()</code> is
|
called. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.25_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61854">61854</a>: When using sets and/or maps in EL expressions, ensure
|
that Jasper correctly parses the expression. Patch provided by Ricardo
|
Martin Camarero. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the handling of methods with varargs in EL expressions. In
|
particular, the calling of a varargs method with no parameters now works
|
correctly. Based on a patch by Nitkalya (Ing) Wiriyanuparb. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.25_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Remove the Servlet 4.0 early preview example from the examples web
|
application as the early preview is now deprecated in favour of Tomcat
|
9 which provides a full Servlet 4.0 implementation. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61223">61223</a>: Add the mbeans-descriptors.dtd file to the custom
|
MBean documentation so users have a reference to use when constructing
|
mbeans-descriptors.xml files for custom components. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61566">61566</a>: Expose the currently in use certificate chain and list
|
of trusted certificates for all virtual hosts configured using the JSSE
|
style (keystore) TLS configuration via the Manager web application.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Partial fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61886">61886</a>. Ensure that multiple threads do not
|
attempt to complete the <code>AsyncContext</code> if an I/O error occurs
|
in the stock ticker example Servlet. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61886">61886</a>: Prevent <code>ConcurrentModificationException</code>
|
when running the asynchronous stock ticker in the examples web
|
application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61886">61886</a>: Prevent <code>NullPointerException</code> and other
|
errors if the stock ticker example is running when the examples web
|
application is stopped. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61910">61910</a>: Clarify the meaning of the <code>allowLinking</code>
|
option in the documentation web application. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add OCSP configuration information to the SSL How-To. Patch provided by
|
Marek Czernek. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.25_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61312">61312</a>: Prevent <code>NullPointerException</code> when using
|
the statement cache of connection that has been closed. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.25_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add an additional system property for the system property replacement.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add missing SHA-512 hash for release artifacts to the build script.
|
(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons Pool 2 to 2.4.3. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons DBCP 2 to 8a71764 (2017-10-18) to
|
pick up some bug fixes and enhancements. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons FileUpload to 6c00d57 (2017-11-23)
|
to pick up some code clean-up. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons Codec to r1817136 to pick up some
|
code clean-up. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
The native source bundles (for Commons Daemon and Tomcat Native) are no
|
longer copied to the bin directory for the deploy target. They are now
|
only copied to the bin directory for the release target. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.24_(markt)"><span style="float: right;">2017-11-30</span> Tomcat 8.5.24 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.24_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
When running under Java 9 or later, and the
|
<code>urlCacheProtection</code> option of the
|
<code>JreMemoryLeakPreventionListener</code> is enabled, use the API
|
added in Java 9 to only disable the caching for JAR URL connections.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix possible <code>SecurityException</code> when using TLS related
|
request attributes. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61597">61597</a>: Extend the <code>StandardJarScanner</code> to scan
|
JARs on the module path when running on Java 9 and class path scanning
|
is enabled. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61601">61601</a>: Add support for multi-release JARs in JAR scanning and
|
web application class loading. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61681">61681</a>: Allow HTTP/2 push when using request wrapping. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Provide the <code>SessionInitializerFilter</code> that can be used to
|
ensure that an HTTP session exists when initiating a WebSocket
|
connection. Patch provided by isapir. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61682">61682</a>: When re-prioritising HTTP/2 streams, ensure that both
|
parent and children fields are correctly updated to avoid a possible
|
<code>StackOverflowError</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve concurrency by reducing the scope of the synchronisation for
|
<code>javax.security.auth.message.config.AuthConfigFactory</code> in the
|
JASPIC API implementation. Based on a patch by Pavan Kumar. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid a possible <code>NullPointerException</code> when timing out
|
<code>AsyncContext</code> instances during shut down. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61777">61777</a>: Avoid a <code>NullPointerException</code> when
|
detaching a JASPIC <code>RegistrationListener</code>. Patch provided by
|
Lazar. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61778">61778</a>: Correct the return value when detaching a JASPIC
|
<code>RegistrationListener</code>. Patch provided by Lazar. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61779">61779</a>: Avoid a <code>NullPointerException</code> when a
|
<code>null</code> <code>RegistrationListener</code> is passed to
|
<code>AuthConfigFactory.getConfigProvider()</code>. Patch provided by
|
Lazar. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61780">61780</a>: Only include the default JASPIC registration ID in the
|
return value for a call to
|
<code>AuthConfigFactory.getRegistrationIDs()</code> if a
|
<code>RegistrationContext</code> has been registered using the default
|
registration ID. Patch provided by Lazar. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61781">61781</a>: Enable JASPIC provider registrations to be persisted
|
when the layer and/or application context are <code>null</code>. Patch
|
provided by Lazar. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61782">61782</a>: When calling
|
<code>AuthConfigFactory.doRegisterConfigProvider()</code> and the
|
requested JASPIC config provider class is found by the web application
|
class loader, do not attempt to load the class with the class loader
|
that loaded the JASPIC API. Patch provided by Lazar. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61783">61783</a>: When calling
|
<code>AuthConfigFactory.removeRegistration()</code> and the registration
|
is persistent, it should be removed from the persistent store. Patch
|
provided by Lazar. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61784">61784</a>: Correctly handle the case when
|
<code>AuthConfigFactoryImpl.registerConfigProvider()</code> is called
|
with a provider name of <code>null</code>. Patch provided by Lazar.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61795">61795</a>: Add a property to the <code>Authenticator</code>
|
implementations to enable a custom JASPIC <code>CallbackHandler</code>
|
to be specified. Patch provided by Lazar. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.24_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Enable ALPN and also, therefore, HTTP/2 for the NIO and NIO2 HTTP
|
connectors when using the JSSE implementation for TLS when running on
|
Java 9. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60762">60762</a>: Add the ability to make changes to the TLS
|
configuration of a connector at runtime without having to restart the
|
Connector. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61568">61568</a>: Avoid a potential <code>SecurityException</code> when
|
using the NIO2 connector and a new thread is added to the pool. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61583">61583</a>: Correct a further regression in the fix to enable the
|
use of Java key stores that contained multiple keys that did not all
|
have the same password. This fixes PKCS11 key store handling with
|
multiple keys selected with an alias. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Reduce default HTTP/2 stream concurrent execution within a connection
|
from 200 to 20. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61668">61668</a>: Avoid a possible NPE when calling
|
<code>AbstractHttp11Protocol.getSSLProtocol()</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61673">61673</a>: Avoid a possible
|
<code>ConcurrentModificationException</code> when working with the
|
streams associated with a connection. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61719">61719</a>: Avoid possible NPE calling
|
InputStream.setReadListener with HTTP/2. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61736">61736</a>: Improve performance of NIO connector when clients
|
leave large time gaps between network packets. Patch provided by Zilong
|
Song. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61740">61740</a>: Correct an off-by-one error in the Hpack header index
|
validation that caused intermittent request failures when using HTTP/2.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.24_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61816">61816</a>: Invalid expressions in attribute values or template
|
text should trigger a translation (compile time) error, not a run time
|
error. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.24_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61604">61604</a>: Add support for authentication in the websocket
|
client. Patch submitted by J Fernandez. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.24_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Enable Javadoc to be built with Java 9. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61603">61603</a>: Add XML filtering for the status servlet output where
|
needed. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the description of how the CGI servlet maps a request to a
|
script in the CGI How-To. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.24_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix incorrect behavior that attempts to resend channel messages more
|
than the actual setting value of <code>maxRetryAttempts</code>.
|
(kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the remaining Sender can send channel messages by avoiding
|
unintended <code>ChannelException</code> caused by comparing the number
|
of failed members and the number of remaining Senders. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that remaining SelectionKeys that were not handled by throwing a
|
<code>ChannelException</code> during SelectionKey processing are
|
handled. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.24_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61439">61439</a> and exclude the JPA, JAX-WS and EJB
|
annotations completely from the Tomcat distributions. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve handling of endorsed directories. The endorsed directory
|
mechanism will only be used if the <code>JAVA_ENDORSED_DIRS</code>
|
system property is explicitly set or if
|
<code>$CATALINA_HOME/endorsed</code> exists. When running on Java 9, any
|
such attempted use of the endorsed directory mechanism will trigger an
|
error and Tomcat will fail to start. (rjung)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactoring in preparation for Java 9. Refactor to avoid using some
|
methods that will be deprecated in Java 9 onwards. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=51496">51496</a>: When using the Windows installer, check if the
|
requested service name already exists and, if it does, prompt the user
|
to select an alternative service name. Patch provided by Ralph
|
Plawetzki. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add necessary Java 9 configuration options to the startup scripts to
|
prevent warnings being generated on web application stop. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61590">61590</a>: Enable <code>service.bat</code> to recognise when
|
<code>JAVA_HOME</code> is configured for a Java 9 JDK. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61598">61598</a>: Update the Windows installer to search the new (as of
|
Java 9) registry locations when looking for a JRE. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add generation of a SHA-512 hash for release artifacts to the build
|
script. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61658">61658</a>: Update MIME mappings for fonts to use
|
<code>font/*</code> as per RFC8081. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.16 to
|
pick up the latest Windows binaries built with APR 1.6.3 and OpenSSL
|
1.0.2m. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the NSIS Installer used to build the Windows installer to version
|
3.02.1. (kkolinko)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the Windows installer to use "The Apache Software Foundation" as
|
the Publisher when Tomcat is displayed in the list of installed
|
applications in Microsoft Windows. (kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61803">61803</a>: Remove outdated SSL information from the Security
|
documentation. (remm)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.23_(markt)"><span style="float: right;">2017-10-01</span> Tomcat 8.5.23 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.23_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Use the correct path when loading the JVM <code>logging.properties</code>
|
file for Java 9. (rjung)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add additional validation to the resource handling required to fix
|
CVE-2017-12617 on Windows. The checks were being performed elsewhere but
|
adding them to the resource handling ensures that the checks are always
|
performed. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61554">61554</a>: Exclude test files in unusual encodings and markdown
|
files intended for display in GitHub from RAT analysis. Patch provided
|
by Chris Thistlethwaite. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.23_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61563">61563</a>: Correct typos in Spanish translation. Patch provided by
|
Gonzalo Vásquez. (csutherl)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.22_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.22 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.22_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60963">60963</a>: Add <code>ExtractingRoot</code>, a new
|
<code>WebResourceRoot</code> implementation that extracts JARs to the
|
work directory for improved performance when deploying packed WAR files.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add an option to reject requests that contain HTTP headers with invalid
|
(non-token) header names with a 400 response. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61542">61542</a>: Fix CVE-2017-12617 and prevent JSPs from being
|
uploaded via a specially crafted request when HTTP PUT was enabled.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Implement the requirements of RFC 7230 (and RFC 2616) that HTTP/1.1
|
requests must include a <code>Host</code> header and any request that
|
does not must be rejected with a 400 response. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Implement the requirements of RFC 7230 that any HTTP/1.1 request that
|
specifies a host in the request line, must specify the same host in the
|
<code>Host</code> header and that any such request that does not, must
|
be rejected with a 400 response. This check is optional but disabled by
|
default. It may be enabled with the
|
<code>allowHostHeaderMismatch</code> attribute of the Connector. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Implement the requirements of RFC 7230 that any HTTP/1.1 request that
|
contains multiple <code>Host</code> headers is rejected with a 400
|
response. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.22_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Add a way to set the property source in embedded mode. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61557">61557</a>: Correct a further regression in the fix to enable the
|
use of Java key stores that contain multiple keys that do not all have
|
the same password. The regression broke support for some FIPS compliant
|
key stores. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.22_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61545">61545</a>: Correctly handle invocations of methods defined in the
|
<code>PooledConnection</code> interface when using pooled XA
|
connections. Patch provided by Nils Winkler. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.22_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Update fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59904">59904</a> so that values less than zero are accepted
|
instead of throwing a NegativeArraySizeException. (remm)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.21_(markt)"><span style="float: right;">2017-09-19</span> Tomcat 8.5.21 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.21_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Before generating an error page in the <code>ErrorReportValve</code>,
|
check to see if I/O is still permitted for the associated connection
|
before generating the error page so that the page generation can be
|
skipped if the page is never going to be sent. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61189">61189</a>: Add the ability to set environment variables for
|
individual CGI scripts. Based on a patch by jm009. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61210">61210</a>: When running under a SecurityManager, do not print a
|
warning about not being able to read a logging configuration file when
|
that file does not exist. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61280">61280</a>: Add RFC 7617 support to the
|
<code>BasicAuthenticator</code>. Note that the default configuration
|
does not change the existing behaviour. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61424">61424</a>: Avoid a possible <code>StackOverflowError</code> when
|
running under a <code>SecurityManager</code> and using
|
<code>Subject.doAs()</code>. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.21_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
The minimum required Tomcat Native version has been increased to 1.2.14.
|
This version includes a new API needed for correct client certificate
|
support when using a Java connector with OpenSSL TLS implementation and
|
support for the <code>SSL_CONF</code> OpenSSL API. (rjung)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add support for the OpenSSL <code>SSL_CONF</code> API when using
|
TLS with OpenSSL implementation. It can be used by adding
|
<code>OpenSSLConf</code> elements underneath <code>SSLHostConfig</code>.
|
The new element contains a list of <code>OpenSSLConfCmd</code> elements,
|
each with the attributes <code>name</code> and <code>value</code>.
|
(rjung)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When using a Java connector in combination with the OpenSSL TLS
|
implementation, do not configure each SSL connection object via
|
the OpenSSLEngine. For OpenSSL the SSL object inherits its
|
settings from the SSL_CTX which we have already configured.
|
(rjung)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When using JSSE TLS configuration with the OpenSSL implementation and
|
client certificates: include client CA subjects in the TLS handshake
|
so that the client can choose an appropriate client certificate to
|
present. (rjung)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
If an invalid option is specified for the
|
<code>certificateVerification</code> attribute of an
|
<code>SSLHostConfig</code> element, treat it as <code>required</code>
|
which is the most secure / restrictive option in addition to reporting
|
the configuration error. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the handling of client disconnections during the TLS
|
renegotiation handshake. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Prevent exceptions being thrown during normal shutdown of NIO
|
connections. This enables TLS connections to close cleanly. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix possible race condition when setting IO listeners on an upgraded
|
connection. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=48655">48655</a>: Enable Tomcat to shutdown cleanly when using sendfile,
|
the APR/native connector and a multi-part download is in progress.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58244">58244</a>: Handle the case when OpenSSL resumes a TLS session
|
using a ticket and the full client certificate chain is not available.
|
In this case the client certificate without the chain will be presented
|
to the application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the warning message when JSSE and OpenSSL configuration styles
|
are mixed on the same <code>SSLHostConfig</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61415">61415</a>: Fix TLS renegotiation with OpenSSL based connections
|
and session caching. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Delay checking that the configured attributes for an
|
<code>SSLHostConfig</code> instance are consistent with the configured
|
SSL implementation until <code>Connector</code> start to avoid incorrect
|
warnings when the SSL implementation changes during initialisation.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61450">61450</a>: Fix default key alias algorithm. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61451">61451</a>: Correct a regression in the fix to enable the use of
|
Java key stores that contained multiple keys that did not all have the
|
same password. The regression broke support for any key store that did
|
not store keys in PKCS #8 format such as hardware key stores and Windows
|
key stores. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.21_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60523">60523</a>: Reduce the number of packets used to send WebSocket
|
messages by not flushing between the header and the payload when the
|
two are written together. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61491">61491</a>: When using the <code>permessage-deflate</code>
|
extension, correctly handle the sending of empty messages after
|
non-empty messages to avoid the <code>IllegalArgumentException</code>.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.21_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Show connector cipher list in the manager web application in the
|
correct cipher order. (rjung)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.21_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
To avoid unexpected session timeout notification from backup session,
|
update the access time when receiving the map member notification
|
message. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add member info to the log message when the failure detection check
|
fails in <code>TcpFailureDetector</code>. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid Ping timeout until the added map member by receiving
|
<code>MSG_START</code> message is completely started. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When sending a channel message, make sure that the Sender has connected.
|
(kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the backup node selection logic that node 0 is returned twice
|
consecutively. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix race condition of <code>responseMap</code> in
|
<code>RpcChannel</code>. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.21_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61391">61391</a>: Ensure that failed queries are logged if the
|
<code>SlowQueryReport</code> interceptor is configured to do so and the
|
connection has been abandoned. Patch provided by Craig Webb. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61425">61425</a>: Ensure that transaction of idle connection has
|
terminated when the <code>testWhileIdle</code> is set to
|
<code>true</code> and <code>defaultAutoCommit</code> is set to
|
<code>false</code>. Patch provided by WangZheng. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.21_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61439">61439</a>: Remove the Java Annotation API classes from
|
tomcat-embed-core.jar and package them in a separate JAR in the
|
embedded distribution to provide end users with greater flexibility to
|
handle potential conflicts with the JRE and/or other JARs. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61441">61441</a>: Improve the detection of <code>JAVA_HOME</code> by the
|
<code>daemon.sh</code> script when running on a platform where Java has
|
been installed from an RPM. (rjung)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.14 to
|
pick up the latest Windows binaries built with APR 1.6.2 and OpenSSL
|
1.0.2l. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61599">61599</a>: Update to Commons Daemon 1.1.0 for improved Java 9
|
support. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.20_(markt)"><span style="float: right;">2017-08-08</span> Tomcat 8.5.20 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.20_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Revert the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=49464">49464</a> since it continued to trigger
|
regressions. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a bug in the <code>PushBuilder</code> implementation that
|
meant push URLs containing <code>%nn</code> sequences were not correctly
|
decoded. Identified by FindBugs. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61164">61164</a>: Add support for the <code>%X</code> pattern in the
|
<code>AccessLogValve</code> that reports the connection status at the
|
end of the request. Patch provided by Zemian Deng. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61351">61351</a>: Correctly handle %nn decoding of URL patterns in
|
web.xml and similar locations that may legitimately contain characters
|
that are not permitted by RFC 3986. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61366">61366</a>: Add a new attribute, <code>localDataSource</code>, to
|
the <code>JDBCStore</code> that allows the Store to be configured to use
|
a DataSource defined by the web application rather than the default of
|
using a globally defined DataSource. Patch provided by Jonathan
|
Horowitz. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.20_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61086">61086</a>: Ensure to explicitly signal an empty request body for
|
HTTP 205 responses. Additional fix to r1795278. Based on a patch
|
provided by Alexandr Saperov. (violetagg)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61345">61345</a>: Add a server listener that can be used to do system
|
property replacement from the property source configured in the
|
digester. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add additional logging to record problems that occur while waiting for
|
the NIO pollers to stop during the Connector stop process. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.20_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61364">61364</a>: Ensure that files are closed after detecting encoding
|
of JSPs so that files do not remain locked by the file system. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.20_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57767">57767</a>: Add support to the WebSocket client for following
|
redirects when attempting to establish a WebSocket connection. Patch
|
provided by J Fernandez. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.19_(markt)"><span style="float: right;">2017-07-28</span> Tomcat 8.5.19 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.19_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Performance improvements for service loader look-ups (and look-ups of
|
other class loader resources) when the web application is deployed in a
|
packed WAR file. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61253">61253</a>: Add warn message when Digester.updateAttributes
|
throws an exception instead of ignoring it. (csutherl)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a further regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=49464">49464</a> that could
|
cause an byte order mark character to appear at the start of content
|
included by the <code>DefaultServlet</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61313">61313</a>: Make the read timeout configurable in the
|
<code>JNDIRealm</code> and ensure that a read timeout will result in an
|
attempt to fail over to the alternateURL. Based on patches by Peter
|
Maloney and Felix Schumacher. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.19_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the documentation for how <code>StandardRoot</code> is
|
configured. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.19_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61316">61316</a>: Fix corruption of UTF-16 encoded source files in
|
released source distributions. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.18_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.18 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.18_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61232">61232</a>: When log rotation is disabled only one separator will
|
be used when generating the log file name. For example if the prefix is
|
<code>catalina.</code> and the suffix is <code>.log</code> then the log
|
file name will be <code>catalina.log</code> instead of
|
<code>catalina..log</code>. Patch provided by Katya Stoycheva.
|
(violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61264">61264</a>: Correct a regression in the refactoring to use
|
<code>Charset</code> rather than <code>String</code> to store request
|
character encoding that prevented <code>getReader()</code> throwing an
|
<code>UnsupportedEncodingException</code> if the user agent specifies
|
an unsupported character encoding. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=49464">49464</a> that could cause an
|
incorrect <code>Content-Length</code> header to be sent by the
|
<code>DefaultServlet</code> if the encoding of a static is not
|
consistent with the encoding of the response. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.18_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Enable TLS connectors to use Java key stores that contain multiple keys
|
where each key has a separate password. Based on a patch by Frank
|
Taffelt. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the handling of HTTP/2 stream resets due to excessive headers
|
when a continuation frame is used. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.18_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=53031">53031</a>: Add support for the <code>fork</code> option when
|
compiling JSPs with the Jasper Ant task and javac. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.18_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=52791">52791</a>: Add the ability to set the defaults used by the
|
Windows installer from a configuration file. Patch provided by Sandra
|
Madden. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.17_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.17 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.17_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=49464">49464</a>: Improve the Default Servlet's handling of static files
|
when the file encoding is not compatible with the required response
|
encoding. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61214">61214</a>: Remove deleted attribute <code>servlets</code> from
|
the Context MBean description. Patch provided by Alexis Hassler. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61215">61215</a>: Correctly define <code>addConnectorPort</code> and
|
<code>invalidAuthenticationWhenDeny</code> in the
|
<code>mbean-descriptors.xml</code> file for the
|
<code>org.apache.catalina.valves</code> package so that the attributes
|
are accessible via JMX. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Make asynchronous error handling more robust. In particular ensure that
|
<code>onError()</code> is called for any registered
|
<code>AsyncListener</code>s after an I/O error on a non-container
|
thread. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Additional permission for deleting files is granted to JULI as it is
|
required by FileHandler when running under a Security Manager. The
|
thread that cleans the log files is marked as daemon thread.
|
(violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61229">61229</a>: Correct a regression in 8.5.15 that broke WebDAV
|
handling for resources with names that included a <code>&</code>
|
character. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.17_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Restore the ability to configure support for SSLv3. Enabling this
|
protocol will trigger a warning in the logs since it is known to be
|
insecure. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Do not log a warning when a <code>null</code> session is returned for an
|
OpenSSL based TLS session since this is expected when session tickets
|
are enabled. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When the access log valve logs a TLS related request attribute and the
|
NIO2 connector is used with OpenSSL, ensure that the TLS attributes are
|
available to the access log valve when the connection is closing.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60461">60461</a>: Sync SSL session access for the APR connector. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
To ease migration from 8.0.x to 8.5.x, if the HTTP or AJP BIO connector
|
is explicitly configured, rather than failing to start the connector
|
because BIO has been removed, automatically switch to NIO and continue.
|
A warning will be logged to alert the user to the switch. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.17_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Remove references to the Loader attribute
|
<code>searchExternalFirst</code> from the documentation since the
|
attribute is no longer supported. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.16_(markt)"><span style="float: right;">2017-06-26</span> Tomcat 8.5.16 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.16_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61072">61072</a>: Respect the documentation statements that allow
|
using the platform default secure random for session id generation.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the javadoc for
|
<code>o.a.c.connector.CoyoteAdapter#parseSessionCookiesId</code>.
|
Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61101">61101</a>: CORS filter should set Vary header in response.
|
Submitted by Rick Riemer. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61105">61105</a>: Add a new JULI FileHandler configuration for
|
specifying the maximum number of days to keep the log files.
|
(violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61125">61125</a>: Ensure that <code>WarURLConnection</code> returns the
|
correct value for calls to <code>getLastModified()</code> as this is
|
required for the correct detection of JSP modifications when the JSP is
|
packaged in a WAR file. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the <code>SSLValve</code> so it is able to handle client
|
certificate headers from Nginx. Based on a patch by Lucas Ventura Carro.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61134">61134</a>: Do not use '[' and ']' symbols around substituted
|
text fragments when generating the default error pages. Patch provided
|
by Katya Todorova. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61154">61154</a>: Allow the Manager and Host Manager web applications to
|
start by default when running under a security manager. This was
|
accomplished by adding a custom permission,
|
<code>org.apache.catalina.security.DeployXmlPermission</code>, that
|
permits an application to use a <code>META-INF/context.xml</code> file
|
and then granting that permission to the Manager and Host Manager.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61173">61173</a>: Polish the javadoc for
|
<code>o.a.catalina.startup.Tomcat</code>. Patch provided by
|
peterhansson_se. (violetagg)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
A new configuration property <code>crawlerIps</code> is added to the
|
<code>o.a.catalina.valves.CrawlerSessionManagerValve</code>. Using this
|
property one can specify a regular expression that will be used to
|
identify crawlers based on their IP address. Based on a patch provided
|
by Tetradeus. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61180">61180</a>: Log a warning message rather than an information
|
message if it takes more than 100ms to initialised a
|
<code>SecureRandom</code> instance for a web application to use to
|
generate session identifiers. Patch provided by Piotr Chlebda. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61185">61185</a>: When an asynchronous request is dispatched via
|
<code>AsyncContext.dispatch()</code> ensure that
|
<code>getRequestURI()</code> for the dispatched request matches that of
|
the original request. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61197">61197</a>: Ensure that the charset name used in the
|
<code>Content-Type</code> header has exactly the same form as that
|
provided by the application. This reverts a behavioural change in
|
8.5.15 that caused problems for some clients. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61201">61201</a>: Ensure that the <code>SCRIPT_NAME</code> environment
|
variable for CGI executables is populated in a consistent way regardless
|
of how the CGI servlet is mapped to a request. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.16_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61086">61086</a>: Explicitly signal an empty request body for HTTP 205
|
responses. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61120">61120</a>: Do not ignore path parameters when processing HTTP/2
|
requests. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Revert a change introduced in the fix for bug <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60718">60718</a> that
|
changed the status code recorded in the access log when the client
|
dropped the connection from 200 to 500. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add additional syncs to the SSL session object provided by the OpenSSL
|
engine so that a concurrent destruction cannot cause a JVM crash.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61195">61195</a>: Backport, with deprecation where appropriate, the
|
endpoint and protocol property changes from 9.0.x to ease migration from
|
8.5.x to 9.0.x. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.16_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=44787">44787</a>: Improve error message when JSP compiler configuration
|
options are not valid. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61137">61137</a>: <code>j.s.jsp.tagext.TagLibraryInfo#uri</code> and
|
<code>j.s.jsp.tagext.TagLibraryInfo#prefix</code> fields should not be
|
final. Patch provided by Katya Todorova. (violetagg)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.16_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the log message when a <code>MessageHandler</code> for
|
<code>PongMessage</code> does not implement
|
<code>MessageHandler.Whole</code>. (rjung)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Introduce new API <code>o.a.tomcat.websocket.WsSession#suspend</code>/
|
<code>o.a.tomcat.websocket.WsSession#resume</code> that can be used to
|
suspend/resume reading of the incoming messages. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve thread-safety of <code>Future</code>s used to report the result
|
of sending WebSocket messages. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61183">61183</a>: Correct a regression in the previous fix for
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58624">58624</a> that could trigger a deadlock depending on the locking
|
strategy employed by the client code. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.16_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Better document the meaning of the trimSpaces option for Jasper. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61150">61150</a>: Configure the Manager and Host-Manager web
|
applications to permit serialization and deserialization of
|
CRSFPreventionFilter related session objects to avoid warning messages
|
and/or stack traces on web application stop and/or start when running
|
under a security manager. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the TLS configuration documentation to remove SSLv2 and SSLv3
|
from the list of supported protocols. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.16_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add JMX support for Tribes components. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.16_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=45832">45832</a>: Add HTTP DIGEST authentication support to the Catalina
|
Ant tasks used to communicate with the Manager application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=45879">45879</a>: Add the <code>RELEASE-NOTES</code> file to the root of
|
the installation created by the Tomcat installer for Windows to make it
|
easier for users to identify the installed Tomcat version. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61055">61055</a>: Clarify the code comments in the rewrite valve to make
|
clear that there are no plans to provide proxy support for this valve
|
since Tomcat does not have proxy capabilities. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61076">61076</a>: Document the <code>altDDName</code> attribute for the
|
<code>Context</code> element. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct typo in Jar Scan Filter Configuration Reference.
|
Issue reported via comments.apache.org. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61145">61145</a>: Add missing <code>@Documented</code> annotation to
|
annotations in the annotations API. Patch provided by Katya Todorova.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61146">61146</a>: Add missing <code>lookup()</code> method to
|
<code>@EJB</code> annotation in the annotations API. Patch provided by
|
Katya Todorova. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct typo in Context Container Configuration Reference.
|
Patch provided by Katya Todorova. (violetagg)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.15_(markt)"><span style="float: right;">2017-05-10</span> Tomcat 8.5.15 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.15_(markt)/General">General</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Allow to exclude JUnit test classes using the build property
|
<code>test.exclude</code> and document the property in
|
BUILDING.txt. (rjung)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.15_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Review those places where Tomcat re-encodes a URI or URI component and
|
ensure that the correct encoding (path differs from query string) is
|
applied and that the encoding is applied consistently. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid a <code>NullPointerException</code> when reading attributes for a
|
initialised HTTP connector where TLS is enabled. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Always quote the <code>hostName</code> of an <code>SSLHostConfig</code>
|
element when using it as part of the JMX object name to avoid errors that
|
prevent the associated TLS connector from starting if a wild card
|
<code>hostName</code> is configured (because <code>*</code> is a
|
reserved character for JMX object names). (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Switch to using <code>Charset</code> rather than <code>String</code> to
|
store encoding settings (including for configuration and for the
|
<code>Content-Type header</code>) to reduce the number of places the
|
associated <code>Charset</code> needs to be looked up. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Use a more reliable mechanism for the <code>DefaultServlet</code> when
|
determining if the current request is for custom error page or not.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that when the Default or WebDAV servlets process an error
|
dispatch that the error resource is processed via the
|
<code>doGet()</code> method irrespective of the method used for the
|
original request that triggered the error. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
If a static custom error page is specified that does not exist or cannot
|
be read, ensure that the intended error status is returned rather than a
|
404 or 403. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When the WebDAV servlet is configured and an error dispatch is made to a
|
custom error page located below <code>WEB-INF</code>, ensure that the
|
target error page is displayed rather than a 404 response. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61047">61047</a>: Add MIME mapping for woff2 fonts in the default
|
web.xml. Patch provided by Justin Williamson. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the logic that selects the encoding to use to decode the query
|
string in the <code>SSIServletExternalResolver</code> so that the
|
<code>useBodyEncodingForURI</code> attribute of the
|
<code>Connector</code> is correctly taken into account. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Within the Expires filter, make the content type value specified with the
|
<code>ExpiresByType</code> parameter, case insensitive. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.15_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When a <code>TrustManager</code> is configured that does not support
|
<code>certificateVerificationDepth</code> only log a warning about that
|
lack of support when <code>certificateVerificationDepth</code> has been
|
explicitly set. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60970">60970</a>: Extend the fix for large headers to push requests.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Do not include a <code>Date</code> header in HTTP/2 responses with
|
status codes less than 200. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.15_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When no BOM is present and an encoding is detected, do not skip the
|
bytes used to detect the encoding since they are not part of a BOM.
|
(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61057">61057</a>: Update to Eclipse JDT Compiler 4.6.3. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61065">61065</a>: Ensure that once the class is resolved by
|
<code>javax.el.ImportHandler#resolveClass</code> it will be cached with
|
the proper name. (violetagg)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.15_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61003">61003</a>: Ensure the flags for reading/writing in
|
<code>o.a.t.websocket.AsyncChannelWrapperSecure</code> are correctly
|
reset even if some exceptions occurred during processing. (markt/violetagg)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.15_(markt)/Web_Applications">Web Applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add documents for <code>maxIdleTime</code> attribute to Channel Receiver
|
docs. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.15_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Modify the Ant build script used to publish to a Maven repository so
|
that it no longer requires artifacts to be GPG signed. This is make it
|
possible for the CI system to upload snapshot builds to the ASF Maven
|
repository. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Review i18n property files, remove unnecessary escaping and consistently
|
use <code>[...]</code> to delimit inserted values. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.14_(markt)"><span style="float: right;">2017-04-18</span> Tomcat 8.5.14 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.14_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59825">59825</a>: Log a message that lists the components in the
|
processing chain that do not support async processing when a call to
|
<code>ServletRequest.startAsync()</code> fails. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60926">60926</a>: Ensure
|
<code>o.a.c.core.ApplicationContextFacade#setSessionTimeout</code> will
|
invoke the correct method when running Tomcat with security manager.
|
(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the early access Servlet 4.0 API implementation to reflect the
|
change in method name from <code>getPushBuilder()</code> to
|
<code>newPushBuilder()</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a regression in the X to comma refactoring that broke JMX
|
operations that take parameters. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid a <code>NullPointerException</code> when reading attributes for a
|
running HTTP connector where TLS is not enabled. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60940">60940</a>: Improve the handling of the <code>META-INF/</code> and
|
<code>META-INF/MANIFEST.MF</code> entries for Jar files located in
|
<code>/WEB-INF/lib</code> when running a web application from a packed
|
WAR file. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Pre-load the <code>ExceptionUtils</code> class. Since the class is used
|
extensively in error handling, it is prudent to pre-load it to avoid any
|
failure to load this class masking the true problem during error
|
handling. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid potential <code>NullPointerException</code>s related to access
|
logging during shutdown, some of which have been observed when running
|
the unit tests. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When there is no <code>javax.servlet.WriteListener</code> registered
|
then a call to <code>javax.servlet.ServletOutputStream#isReady</code>
|
will return <code>false</code> instead of throwing
|
<code>IllegalStateException</code>. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When there is no <code>javax.servlet.ReadListener</code> registered
|
then a call to <code>javax.servlet.ServletInputStream#isReady</code>
|
will return <code>false</code> instead of throwing
|
<code>IllegalStateException</code>. (violetagg)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.14_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Align cipher configuration parsing with current OpenSSL master. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60970">60970</a>: Fix infinite loop if application tries to write a
|
large header to the response when using HTTP/2. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.14_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60925">60925</a>: Improve the handling of access to properties defined
|
by interfaces when a <code>BeanELResolver</code> is used under a
|
<code>SecurityManager</code>. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.14_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor the creating a constructor for a proxy class to reduce
|
duplicate code. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
In <code>StatementFacade</code>, the method call on the statements that
|
have been closed throw <code>SQLException</code> rather than
|
<code>NullPointerException</code>. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.14_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct comments about Java 8 in <code>Jre8Compat</code>.
|
Patch provided by fibbers via Github. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60932">60932</a>: Correctly escape single quotes when used in i18n
|
messages. Based on a patch by Michael Osipov. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Update the custom Ant task that integrates with the Symantec code
|
signing service to use the now mandatory 2-factor authentication.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.13_(markt)"><span style="float: right;">2017-03-30</span> Tomcat 8.5.13 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.13_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=54618">54618</a>: Add support to the
|
<code>HttpHeaderSecurityFilter</code> for the HSTS preload parameter.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60853">60853</a>: Expose the <code>SSLHostConfig</code> and
|
<code>SSLHostConfigCertificate</code> objects via JMX. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60876">60876</a>: Ensure that <code>Set-Cookie</code> headers generated
|
by the <code>Rfc6265CookieProcessor</code> are aligned with the
|
specification. Patch provided by Jim Griswold. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60882">60882</a>: Fix a <code>NullPointerException</code> when obtaining
|
a <code>RequestDispatcher</code> for a request that will not have any
|
pathInfo associated with it. This was a regression in the changes in
|
8.5.12 for the Servlet 4.0 API early preview changes. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Align <code>PushBuilder</code> API with changes from Servlet expert
|
group. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor the various implementations of X to comma separated list to a
|
single utility class and update the code to use the new utility class.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60911">60911</a>: Ensure NPE will not be thrown when looking for SSL
|
session ID. Based on a patch by Didier Gutacker. (violetagg)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.13_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60362">60362</a>: Add a new Connector configuration
|
<code>sendReasonPhrase</code>. When this attribute is set to
|
<code>true</code>, a reason phrase will be sent with the response.
|
By default a reason phrase will not be sent. This option is deprecated
|
and is not available in Tomcat 9. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix HTTP/2 incorrect input unblocking on EOF. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Close the connection sooner if an event occurs for a current connection
|
that is not consistent with the current state of that connection.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Speed up shutdown when using multiple acceptor threads by ensuring that
|
the code that unlocks the acceptor threads correctly handles the case
|
where there are multiple threads. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60852">60852</a>: Correctly spell compressible when used in
|
configuration attributes and internal code. Based on a patch by Michael
|
Osipov. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60900">60900</a>: Avoid a <code>NullPointerException</code> in the APR
|
Poller if a connection is closed at the same time as new data arrives on
|
that connection. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve HPACK specification compliance by fixing some test failures
|
reported by the h2spec tool written by Moto Ishizawa. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve HTTP/2 specification compliance by fixing some test failures
|
reported by the h2spec tool written by Moto Ishizawa. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60918">60918</a>: Fix sendfile processing error that could lead to
|
subsequent requests experiencing an <code>IllegalStateException</code>.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve sendfile handling when requests are pipelined. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.13_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the error handling for simple tags to ensure that the tag is
|
released and destroyed once used. (remm, violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60844">60844</a>: Correctly handle the error when fewer parameter values
|
than required by the method are used to invoke an EL method expression.
|
Patch provided by Daniel Gray. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.13_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60764">60764</a>: Implement <code>equals()</code> and
|
<code>hashCode()</code> in the <code>StatementFacade</code> in order to
|
enable these methods to be called on the closed statements if any
|
statement proxy is set. This behavior can be changed with
|
<code>useStatementFacade</code> attribute. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.13_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor the build script and the NSIS installer script so that either
|
NSIS 2.x or NSIS 3.x can be used to build the installer. This is
|
primarily to re-enable building the installer on the Linux based CI
|
system where the combination of NSIS 3.x and wine leads to failed
|
installer builds. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.12_(markt)"><span style="float: right;">2017-03-13</span> Tomcat 8.5.12 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.12_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60469">60469</a>: Refactor <code>RealmBase</code> for better code re-use
|
when implementing Realms that use a custom <code>Principal</code>.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60490">60490</a>: Various formatting and layout improvements for the
|
<code>ErrorReportValve</code>. Patch provided by Michael Osipov. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60596">60596</a>: Improve performance of DefaultServlet when sendfile
|
feature is disabled on connector. (kkolinko)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Make it easier for sub-classes of <code>Tomcat</code> to modify the
|
default web.xml settings by over-riding
|
<code>getDefaultWebXmlListener()</code>. Patch provided by Aaron
|
Anderson. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Reduce the contention in the default <code>InstanceManager</code>
|
implementation when multiple threads are managing objects and need to
|
reference the annotation cache. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60674">60674</a>: Remove <code>final</code> marker from
|
<code>CorsFilter</code> to enable sub-classing. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60683">60683</a>: Security manager failure causing NPEs when doing IO
|
on some JVMs. (csutherl)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60688">60688</a>: Update the internal fork of Apache Commons BCEL to
|
r1782855 to add early access Java 9 support to the annotation scanning
|
code. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60694">60694</a>: Prevent NPE during authentication when no JASPIC
|
<code>AuthConfigFactory</code> is available. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60697">60697</a>: When HTTP TRACE requests are disabled on the
|
Connector, ensure that the HTTP OPTIONS response from custom servlets
|
does not include TRACE in the returned Allow header. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60718">60718</a>: Improve error handling for asynchronous processing and
|
correct a number of cases where the <code>requestDestroyed()</code>
|
event was not being fired and an entry wasn't being made in the access
|
logs. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60720">60720</a>: Replace "WWW-Authenticate" literal with static final
|
AUTH_HEADER_NAME in SpnegoAuthenticator. Patch provided by Michael
|
Osipov. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
The default JASPIC <code>AuthConfigFactory</code> now correctly notifies
|
registered <code>RegistrationListener</code>s when a new
|
<code>AuthConfigProvider</code> is registered. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Improve the performance of <code>AuthenticatorBase</code> when there is
|
no JASPIC configuration available. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When HTTP TRACE requests are disabled on the Connector, ensure that the
|
HTTP OPTIONS response from the WebDAV servlet does not include
|
TRACE in the returned Allow header. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60722">60722</a>: Take account of the
|
<strong>dispatchersUseEncodedPaths</strong> setting on the current
|
<strong>Context</strong> when generating paths for dispatches triggered
|
by <code>AsyncContext.dispatch()</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60728">60728</a>: Make the separator Tomcat uses in the Tomcat specific
|
<code>war:file:...</code> URL protocol customizable via a system
|
property. The separator is equivalent to the use of the <code>!</code>
|
character in <code>jar:file:...</code> URLs. The default separator of
|
<code>*</code> remains unchanged. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the <code>org.apache.catalina.servlet4preview</code> package that
|
can be used to gain early access to Servlet 4.0 features to align with
|
the latest proposals from the Servlet 4.0 expert group. This includes
|
updates to the new Servlet mapping API, new methods on the
|
<code>ServletContext</code> to make the available API more equivalent to
|
the deployment descriptor, updates to the HTTP push API and the ability
|
to set default request and response character encoding per web
|
application. Note that the Servlet 4.0 API is still a work in progress
|
and further changes are likely. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60798">60798</a>: Correct a bug in the handling of JARs in unpacked WARs
|
that meant multiple attempts to read the same entry from a JAR in
|
succession would fail for the second and subsequent attempts. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60808">60808</a>: Ensure that the <code>Map</code> returned by
|
<code>ServletRequest.getParameterMap()</code> is fully immutable. Based
|
on a patch provided by woosan. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60824">60824</a>: Correctly cache the <code>Subject</code> in the
|
session - if there is a session - when running under a
|
<code>SecurityManager</code>. Patch provided by Jan Engehausen. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure request and response facades are used when firing application
|
listeners. (markt/remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.12_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve handling of case when an HTTP/2 client sends more data that is
|
subject to flow control than the current window size allows. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve NIO2 look-ahead parsing of TLS client hello for SNI with large
|
client hello messages. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59807">59807</a>: Provide a better error message when there is no
|
<strong>SSLHostConfig</strong> defined with a <code>hostName</code> that
|
matches the <code>defaultSSLHostConfigName</code> for the associated
|
<strong>Connector</strong>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Include the value of <code>SslHostConfig.truststoreAlgorithm</code> when
|
warning that the algorithm does not support the
|
<code>certificateVerificationDepth</code> configuration option. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that executor thread pools used with connectors pre-start the
|
configured minimum number of idle threads. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60594">60594</a>: Allow some invalid characters that were recently
|
restricted to be processed in requests by using the system property
|
<code>tomcat.util.http.parser.HttpParser.requestTargetAllow</code>.
|
(csutherl)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60627">60627</a>: Modify the <code>Rfc6265CookieProcessor</code> so that
|
in addition to cookie headers that start with an explicit RFC 2109
|
<code>$Version=1</code>, cookies that start with <code>$Version=0</code>
|
are also parsed as RFC 2109 cookies. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60716">60716</a>: Add a new JSSE specific attribute,
|
<code>revocationEnabled</code>, to <code>SSLHostConfig</code> to permit
|
JSSE provider revocation checks to be enabled when no
|
<code>certificateRevocationListFile</code> has been configured. The
|
expectation is that configuration will be performed via a JSSE provider
|
specific mechanisms. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Modify the cookie header generated by the
|
<code>Rfc6265CookieProcessor</code> so it always sends an
|
<code>Expires</code> attribute as well as a <code>Max-Age</code>
|
attribute to avoid problems with Microsoft browsers that do not support
|
the <code>Max-Age</code> attribute. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60761">60761</a>: Expose a protected getter and setter for
|
<code>NioEndpoint.stopLatch</code> to make the class easier to extend.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Prevent blocking reads after a stream exception occurs with HTTP/2.
|
(remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.12_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Follow up to the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58178">58178</a>. When creating the
|
<code>ELContext</code> for a tag file, ensure that any registered
|
<code>ELContextListener</code>s are fired. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor code generated for JSPs to reduce the size of the code required
|
for tags. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60769">60769</a>: Correct a regression in the XML encoding detection
|
refactoring carried out for 8.5.10 that incorrectly always used the
|
detected BOM encoding in preference to any encoding specified in the
|
prolog. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update to the Eclipse JDT Compiler 4.6.1. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.12_(markt)/Cluster">Cluster</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Make the <code>accessTimeout</code> configurable in
|
<code>BackupManager</code> and <code>ClusterSingleSignOn</code>. The
|
<code>accessTimeout</code> is used as a timeout period for PING in
|
replication map. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60806">60806</a>: To avoid <code>ClassNotFoundException</code>, make
|
sure that the web application class loader is passed to
|
<code>ReplicatedContext</code>. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.12_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60617">60617</a>: Correctly create a <code>CONNECT</code> request when
|
establishing a WebSocket connection via a proxy. Patch provided by
|
Svetlin Zarev. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.12_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add log message that PING message has received beyond the timeout
|
period. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When a PING message that beyond the time-out period has been received,
|
make sure that valid member is added to the map membership. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that <code>NoRpcChannelReply</code> messages are not received on
|
<code>RpcCallback</code>. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.12_(markt)/Web_Applications">Web Applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add Specification and Javadoc references for JASPIC to the Docs
|
application. (csutherl)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.12_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Spelling corrections provided by Josh Soref. (violetagg)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.12 to
|
pick up the latest Windows binaries built with OpenSSL 1.0.2k. (violetagg)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60784">60784</a>: Update all unit tests that test the HTTP status line
|
to check for the required space after the status code. Patch provided by
|
Michael Osipov. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the NSIS Installer used to build the Windows installer to version
|
3.01. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.11_(markt)"><span style="float: right;">2017-01-16</span> Tomcat 8.5.11 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.11_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60620">60620</a>:
|
Extend the <code>JreMemoryLeakPreventionListener</code> to provide
|
protection against <code>ForkJoinPool.commonPool()</code> related memory
|
leaks. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.11_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure UpgradeProcessor instances associated with closed connections are
|
removed from the map of current connections to Processors. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Remove a workaround for a problem previously reported with WebSocket,
|
TLS and APR that treated some error conditions as not errors. The
|
original problem cannot be reproduced with the current code and the
|
work-around is now causing problems. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.11_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60497">60497</a>: Follow up fix using a better variable name for the
|
tag reuse flag. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Revert use of try/finally for simple tags. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.11_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Prevent potential processing loop on unexpected WebSocket connection
|
closure. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.11_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Enable reset the statistics without restarting the pool. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.11_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Spelling corrections provided by Josh Soref. (violetagg)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.10_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.10 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.10_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=53602">53602</a>: Add HTTP status code 451 (RFC 7725) to the list of
|
HTTP status codes recognised by the ErrorReportValve. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60446">60446</a>: Handle the case where the stored user credential uses
|
a different key length than the length currently configured for the
|
<code>CredentialHandler</code>. Based on a patch by Niklas Holm. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the warnings that reference required options for running on Java
|
9 to use the latest syntax for those options. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60513">60513</a>: Fix thread safety issue with RMI cleanup code. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.10_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Expand the search process for a server certificate when OpenSSL is used
|
with a JSSE connector and an explicit alias has not been configured.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60450">60450</a>: Improve the selection algorithm for the default trust
|
store type for a TLS Virtual Host. In particular, don't use
|
<code>PKCS12</code> as a default trust store type. Better document how
|
the default trust store type is selected for a TLS virtual host. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60451">60451</a>: Correctly handle HTTP/2 header values that contain
|
characters with unicode code points in the range 128 to 255. Reject
|
with a clear error message HTTP/2 header values that contain characters
|
with unicode code points above 255. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the logic that selects an address to use to unlock the Acceptor
|
to take account of platforms what do not listen on all local addresses
|
when configured with an address of <code>0.0.0.0</code> or
|
<code>::</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a regression in the refactoring to make wider use of
|
<code>ByteBuffer</code> that caused an intermittent failure in the unit
|
tests. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60482">60482</a>: HTTP/2 shouldn't do URL decoding on the query string.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix an HTTP/2 compression error. Once a new size has been agreed for the
|
dynamic HPACK table, the next header block must begin with a dynamic
|
table update. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60508">60508</a>: Set request start time for HTTP/2. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.10_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Implement a simpler JSP file encoding detector that delegates XML prolog
|
encoding detection to the JRE rather than using a custom XML parser.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60497">60497</a>: Restore previous tag reuse behavior following the use
|
of try/finally. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the error handling for simple tags to ensure that the tag is
|
released and destroyed once used. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.10_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly handle blocking WebSocket writes when the write times out just
|
before the write is attempted. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.10_(markt)/Web_Applications">Web Applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
In the documentation web application, be explicit that clustering
|
requires a secure network for all of the cluster network traffic.
|
(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the ASF logos to the new versions.
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60344">60344</a>: Add a note to BUILDING.txt regarding using the source
|
bundle with the correct line endings. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60468">60468</a>: Correct the format of the sample ISO-8601 date used
|
to report the build date for the documentation. Patch provided by
|
Michael Osipov. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.10_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the ASF logos used in the Apache Tomcat installer for Windows to
|
use the new versions.
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.9_(markt)"><span style="float: right;">2016-12-08</span> Tomcat 8.5.9 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.9_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60202">60202</a>: Add an available flag to realms, to indicate the
|
state, or the realm backend. Update lockout realm to only register
|
auth failures if the realm is available. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60340">60340</a>: Readability improvements for CSS used in
|
DefaultServlet and ErrorReportValve. Patch provided by Michael
|
Osipov. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60351">60351</a>: Delay creating <code>META-INF/war-tracker</code> file
|
until after the WAR has been expanded to address the case where the
|
Tomcat process terminates during the expansion. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly generate URLs for resources located inside JARs that are
|
themselves located inside a packed WAR file. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly handle the <code>configClass</code> attribute of a Host when
|
embedding Tomcat. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60368">60368</a>: Restore egde case for embedded allowing the connector
|
to be removed. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60379">60379</a>: Dispose of the GSS credential once it is no longer
|
required. Patch provided by Michael Osipov. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60380">60380</a>: Ensure that a call to
|
<code>HttpServletRequest#logout()</code> triggers a call to
|
<code>TomcatPrincipal#logout()</code>. Based on a patch by Michael
|
Osipov. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60387">60387</a>: Correct the javadoc for
|
<code>o.a.catalina.AccessLog.setRequestAttributesEnabled</code>.
|
The default value is different for the different implementations.
|
(violetagg)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60393">60393</a>: Use consistent parameter naming in implementations of
|
<code>Realm#authenticate(GSSContext, boolean)</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60395">60395</a>: Log when an <code>Authenticator</code> passes an
|
incomplete <code>GSSContext</code> to a Realm since it indicates a bug
|
in the <code>Authenticator</code>. Patch provided by Michael Osipov.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60400">60400</a>: When expanding the buffer used for reading the
|
request body, ensure the read position will be restored to the
|
original one. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60410">60410</a>: Ensure that multiple calls to
|
<code>JarInputStreamWrapper#close()</code> do not incorrectly trigger
|
the closure of the underlying JAR or WAR file. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60411">60411</a>: Implement support in the <code>RewriteValve</code> for
|
symbolic names to specify the redirect code to use when returning a
|
redirect response to the user agent. Patch provided by Michael Osipov.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60413">60413</a>: In the <code>RewriteValve</code> write empty capture
|
groups as the empty string rather than as <code>"null"</code>
|
when generating the re-written URL. Based on a patch by Michael Osipov.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.9_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60372">60372</a>: Ensure the response headers' buffer limit is reset to
|
the capacity of this buffer when IOException occurs while writing the
|
headers to the socket. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the availability of configured upgrade protocols that
|
require ALPN is correctly reported during Tomcat start. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60386">60386</a>: Implement a more sophisticated pruning algorithm for
|
removing closed streams from the priority tree to ensure that the tree
|
does not grow too large. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60409">60409</a>: When unable to complete sendfile request, ensure the
|
Processor will be added to the cache only once. (markt/violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the endpoint is able to unlock the acceptor thread during
|
shutdown if the endpoint is configured to listen to any local address
|
of a specific type such as <code>0.0.0.0</code> or <code>::</code>.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add a new configuration option, <code>ipv6v6only</code> to the APR
|
connectors that allows them to be configure to only accept IPv6
|
connections when configured with an IPv6 address rather than the
|
default which is to accept IPv4 connections as well if the operating
|
system uses a dual network stack. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the logic that unlocks the acceptor thread so a better choice is
|
made for the address to connect to when a connector is configured for
|
any local port. This reduces the likelihood of the unlock failing.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60436">60436</a>: Avoid a potential NPE when processing async timeouts.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Reduce the window in which an async request that has just started
|
processing on a container thread remains eligible for an async timeout.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.9_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60431">60431</a>: Improve handling of varargs in UEL expressions. Based
|
on a patch by Ben Wolfe. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.9_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix JDK version number documented in BUILDING.txt. (rjung)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a typo in Host Configuration Reference.
|
Issue reported via comments.apache.org. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60412">60412</a>: Add information on the comment syntax for the
|
<code>RewriteValve</code> configuration. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60467">60467</a>: remove problematic characters from XML documentation.
|
Based upon a patch by Michael Osipov. (schultz)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.9_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Reduce the warning logs for a message received from a different domain
|
in order to avoid excessive log outputs. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.9_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60437">60437</a>: Avoid possible handshake overflows in the websocket
|
client. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.9_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58816">58816</a>: Implement the statistics of jdbc-pool. The stats infos
|
are <code>borrowedCount</code>, <code>returnedCount</code>,
|
<code>createdCount</code>, <code>releasedCount</code>,
|
<code>reconnectedCount</code>, <code>releasedIdleCount</code> and
|
<code>removeAbandonedCount</code>. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60194">60194</a>: If <code>validationQuery</code> is not specified,
|
connection validation is done by calling the <code>isValid()</code>
|
method. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60398">60398</a>: Fix testcase of <code>TestSlowQueryReport</code>.
|
(kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.9_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Allow customization of service.bat, such as heap memory size, service
|
startup mode and JVM args. Patch provided by isapir via Github.
|
(violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60366">60366</a>: Change <code>catalina.bat</code> to use directly
|
<code>LOGGING_MANAGER</code> and <code>LOGGING_CONFIG</code> variables
|
in order to configure logging, instead of modifying
|
<code>JAVA_OPTS</code>. Patch provided by Petter Isberg. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60383">60383</a>: JASPIC API is added as a dependency to the
|
<code>org.apache.tomcat:tomcat-catalina</code> maven artifact.
|
(violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Update the comments associated with the TLS Connector examples in
|
<code>server.xml</code>. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
New property is added <code>test.verbose</code> in order to control
|
whether the output of the tests is displayed on the console or not.
|
Patch provided by Emmanuel Bourg. (violetagg)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
<code>TestOpenSSLCipherConfigurationParser.testSpecification</code>
|
- if there are test failures, provide more detailed information. Patch
|
provided by Emmanuel Bourg. (violetagg)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.8_(markt)"><span style="float: right;">2016-11-08</span> Tomcat 8.5.8 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.8_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Check that threadPriority values used in AbstractProtocol are valid.
|
(fschumacher)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.7_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.7 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.7_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When creating a new Connector via JMX, ensure that both HTTP/1.1 and
|
AJP/1.3 connectors can be created. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Include the Context name in the log message when an item cannot be
|
added to the cache. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Exclude JAR files in <code>/WEB-INF/lib</code> from the static resource
|
cache. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When calling <code>getResourceAsStream()</code> on a directory, ensure
|
that <code>null</code> is returned. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60161">60161</a>: Allow creating subcategories of the container logger,
|
and use it for the rewrite valve. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly test for control characters when reading the provided shutdown
|
password. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60297">60297</a>: Simplify connector creation in embedded mode. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor creation of containers in embedded mode for more consistency
|
and flexibility. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Introduce new methods <code>read(ByteBuffer)</code>/
|
<code>write(ByteBuffer)</code> in
|
<code>o.a.catalina.connector.CoyoteInputStream</code>/
|
<code>o.a.catalina.connector.CoyoteOutputStream</code>. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When configuring the JMX remote listener, specify the allowed types for
|
the credentials. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.7_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the HPACK header table size configuration that transposed the
|
client and server table sizes when creating the encoder and decoder.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Don't continue to process an HTTP/2 stream if it is reset during header
|
parsing. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
HTTP/2 uses separate headers for each Cookie. As required by RFC 7540,
|
merge these into a single Cookie header before processing continues.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Align the HTTP/2 implementation with the HTTP/1.1 implementation and
|
return a 500 response when an unhandled exception occurs during request
|
processing. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the HTTP header parser so that DEL is not treated as a valid
|
token character. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add checks around the handling of HTTP/2 pseudo headers. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add support for trailer headers to the HTTP/2 implementation. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60232">60232</a>: When processing headers for an HTTP/2 stream, ensure
|
that the read buffer is large enough for the header being processed.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add configuration options to the HTTP/2 implementation to control the
|
maximum number of headers allowed, the maximum size of headers allowed,
|
the maximum number of trailer headers allowed, the maximum size of
|
trailer headers allowed and the maximum number of cookies allowed.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly differentiate between sending and receiving a reset frame when
|
tracking the state of an HTTP/2 stream. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60319">60319</a>: When using an Executor, disconnect it from the
|
Connector attributes <code>maxThreads</code>,
|
<code>minSpareThreads</code> and <code>threadPriority</code> to enable
|
the configuration settings to be consistently reported. These Connector
|
attributes will be reported as <code>-1</code> when an Executor is in
|
use. The values used by the executor may be set and obtained via the
|
Executor. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
If an I/O error occurs during async processing on a non-container
|
thread, ensure that the <code>onError()</code> event is triggered.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve detection of I/O errors during async processing on non-container
|
threads and trigger async error handling when they are detected. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add additional checks for valid characters to the HTTP request line
|
parsing so invalid request lines are rejected sooner. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.7_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add HTTP/2 configuration information to the documentation web
|
application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix default value of <code>validationInterval</code> attribute in
|
jdbc-pool. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a typo in CGI How-To.
|
Issue reported via comments.apache.org. (violetagg)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.7_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When the proxy node sends a backup retrieve message, ensure that using
|
the <code>channelSendOptions</code> that has been set rather than the
|
default <code>channelSendOptions</code>. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.7_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add the JASPIC API jar to the Maven Central publication script. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Remove classes from tomcat-util-scan.jar that are duplicates of those in
|
tomcat-util.jar. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.6_(markt)"><span style="float: right;">2016-10-10</span> Tomcat 8.5.6 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.6_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59961">59961</a>: Add an option to the <code>StandardJarScanner</code>
|
to control whether or not JAR Manifests are scanned for additional
|
class path entries. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60013">60013</a>: Refactor the previous fix to align the behaviour of
|
the Rewrite Valve with mod_rewrite. As part of this, provide an
|
implementation for the <code>B</code> and <code>NE</code> flags and
|
improve the handling for the <code>QSA</code> flag. Includes multiple
|
test cases by Santhana Preethiand a patch by Tiago Oliveira. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60087">60087</a>: Refactor the web resources handling to use the Tomcat
|
specific <code>war:file:...</code> URL protocol to refer to WAR files
|
and their contents rather than the standard <code>jar:file:...</code>
|
form since some components of the JRE, such as JAR verification, give
|
unexpected results when the standard form is used. A side-effect of the
|
refactoring is that when using packed WARs, it is now possible to
|
reference a WAR and/or specific JARs within a WAR in the security policy
|
file used when running under a <code>SecurityManager</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60116">60116</a>: Fix a problem with the rewrite valve that caused back
|
references evaluated in conditions to be forced to lower case when using
|
the <code>NC</code> flag. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure <code>Digester.useContextClassLoader</code> is considered in
|
case the class loader is used. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60117">60117</a>: Ensure that the name of <code>LogLevel</code> is
|
localized when using <code>OneLineFormatter</code>. Patch provided by
|
Tatsuya Bessho. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60138">60138</a>: Fix the <code>SSLHostConfig</code> so that the
|
<code>protocols</code> attribute is limited to the protocols supported
|
by the current JSSE implementation rather than the default protocols
|
used by the implementation. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60146">60146</a>: Improve performance for resource retrieval by making
|
calls to WebResource.getInputStream() trigger caching if the resource is
|
small enough. Patch provided by mohitchugh. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60151">60151</a>: Improve the exception error messages when a
|
<code>ResourceLink</code> fails to specify the type, specifies an
|
unknown type or specifies the wrong type. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60167">60167</a>: Ignore empty lines in <code>/etc/passwd</code> files
|
when using the <code>PasswdUserDatabase</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60170">60170</a>: Exclude the compressed test file
|
<code>index.html.br</code> from RAT analysis. Patch provided by Gavin
|
McDonald. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When starting web resources, ensure that class resources are only
|
started once. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the access checks for linked global resources to handle the case
|
where the current class loader is a child of the web application class
|
loader. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60196">60196</a>: Ensure that the <code>isMandatory</code> flag is
|
correctly set when using JASPIC authentication. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60199">60199</a>: Log a warning if deserialization issues prevent a
|
session attribute from being loaded. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60208">60208</a>: When using RFC6265 compliant cookies, the
|
<code>/</code> character should not be allowed in a cookie name since
|
the RFC6265 will drop such cookies as invalid. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.6_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Refactor the code that implements the requirement that a call to
|
<code>complete()</code> or <code>dispatch()</code> made from a
|
non-container thread before the container initiated thread that called
|
<code>startAsync()</code> completes must be delayed until the container
|
initiated thread has completed. Rather than implementing this by
|
blocking the non-container thread, extend the internal state machine to
|
track this. This removes the possibility that blocking the non-container
|
thread could trigger a deadlock. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fail earlier if the client closes the connection during SNI processing.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60123">60123</a>: Avoid potential threading issues that could cause
|
excessively large vales to be returned for the processing time of
|
a current request. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60174">60174</a>: Log instances of <code>HeadersTooLargeException</code>
|
during request processing. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60173">60173</a>: Allow up to 64kB HTTP/2 header table size limit. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Java 9 compatibility of direct ByteBuffer cleaner. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.6_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60101">60101</a>: Remove preloading of the class that was deleted.
|
(violetagg)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.6_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Expand the documentation for the nested elements within a
|
<code>Resources</code> element to clarify the behaviour of different
|
configuration options with respect to the order in which resources are
|
searched. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add an example of using the <code>classesToInitialize</code> attribute
|
of the <code>JreMemoryLeakPreventionListener</code> to the documentation
|
web application. Based on a patch by Cris Berneburg. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60192">60192</a>: Correct a typo in the status output of the Manager
|
application. Patch provided by Radhakrishna Pemmasani. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.6_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Notify jmx when returning the connection that has been marked suspect.
|
(kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the <code>POOL_EMPTY</code> notification has been added to
|
the jmx notification types. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60099">60099</a>: Ensure that use all method arguments as a cache key
|
when using <code>StatementCache</code>. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60139">60139</a>: Correct Javadocs for
|
<code>PoolConfiguration.getValidationInterval</code> and
|
<code>setValidationInterval</code>. Reported by Phillip Webb. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.6_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Update the download location for Objenesis. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60164">60164</a>: Replace <code>log4j-core*.jar</code> with
|
<code>log4j-web*.jar</code> since it is <code>log4j-web*.jar</code> that
|
contains the <code>ServletContainerInitializer</code>. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add documentation to the bin/catalina.bat script to remind users that
|
environment variables don't affect the configuration of Tomcat when
|
run as a Windows Service. Based upon a documentation patch by
|
James H.H. Lampert. (schultz)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.10 to
|
pick up the latest Windows binaries built with OpenSSL 1.0.2j. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.5_(markt)"><span style="float: right;">2016-09-05</span> Tomcat 8.5.5 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.5_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=18500">18500</a>: Add limited support for wildcard host names and host
|
aliases. Names of the form <code>*.domainname</code> are now permitted.
|
Note that an exact host name match takes precedence over a wild card
|
host name match. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59813">59813</a>: Ensure that circular relations of the Class-Path
|
attribute from JAR manifests will be processed correctly. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that reading the <code>singleThreadModel</code> attribute of a
|
<code>StandardWrapper</code> via JMX does not trigger initialisation of
|
the associated servlet. With some frameworks this can trigger an
|
unexpected initialisation thread and if initialisation is not thread-safe
|
the initialisation can then fail. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Compatibility with rewrite from httpd for non existing headers.
|
(jfclere)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
By default, treat paths used to obtain a request dispatcher as encoded.
|
This behaviour can be changed per web application via the
|
<code>dispatchersUseEncodedPaths</code> attribute of the Context.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59839">59839</a>: Apply <code>roleSearchAsUser</code> to all nested searches
|
in JNDIRealm. (fschumacher)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59859">59859</a>: Fix resource leak in WebDAV servlet. Based on patch by
|
Coty Sutherland. (fschumacher)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Provide a mechanism that enables the container to check if a component
|
(typically a web application) has been granted a given permission when
|
running under a SecurityManager without the current execution stack
|
having to have passed through the component. Use this new mechanism to
|
extend SecurityManager protection to the system property replacement
|
feature of the digester. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
When retrieving an object via a <code>ResourceLink</code>, ensure that
|
the object obtained is of the expected type. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59823">59823</a>: Ensure that JASPIC configuration is taken into account
|
when calling <code>HttpServletRequest.authenticate()</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59824">59824</a>: Mark the <code>RewriteValve</code> as supporting async
|
processing by default. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59862">59862</a>: Allow nested jar files scanning to be filtered with
|
the system property
|
<code>tomcat.util.scan.StandardJarScanFilter.jarsToSkip</code>. Patch
|
is provided by Terence Bandoian. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59866">59866</a>: When scanning <code>WEB-INF/classes</code> for
|
annotations, don't scan the contents of
|
<code>WEB-INF/classes/META-INF</code> (if present) since classes will
|
never be loaded from that location. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59888">59888</a>: Correctly handle tabs and spaces in quoted version one
|
cookies when using the <code>Rfc6265CookieProcessor</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59912">59912</a>: Fix an edge case in input stream handling where an
|
<code>IOException</code> could be thrown when reading a POST body.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59913">59913</a>: Correct a regression introduced with the support for
|
the Servlet 4 <code>HttpServletRequest.getMapping()</code> API that
|
caused the attributes for forwarded requests to be lost if requested
|
from within a subsequent include. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59966">59966</a>: Do not start the web application if the error page
|
configuration in web.xml is invalid. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Switch the CGI servlet to the standard logging mechanism and remove
|
support for the debug attribute. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60012">60012</a>: Improvements in the log messages. Based on
|
suggestions by Nemo Chen. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Changes to the <code>allowLinking</code> attribute of a
|
<code>StandardRoot</code> instance now invalidate the cache if caching
|
is enabled. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add a new initialisation parameter, <code>envHttpHeaders</code>, to
|
the CGI Servlet to mitigate <a href="https://httpoxy.org">httpoxy</a>
|
(<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5388">CVE-2016-5388</a>) by default and to provide a mechanism that can be
|
used to mitigate any future, similar issues. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
When adding and removing <code>ResourceLink</code>s dynamically, ensure
|
that the global resource is only visible via the
|
<code>ResourceLinkFactory</code> when it is meant to be. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60008">60008</a>: When processing CORs requests, treat any origin with a
|
URI scheme of <code>file</code> as a valid origin. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve handling of exceptions during a Lifecycle events triggered by a
|
state transition. The exception is now caught and the component is now
|
placed into the <code>FAILED</code> state. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60013">60013</a>: Fix encoding issues when using the RewriteValve with
|
UTF-8 query strings or UTF-8 redirect URLs. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60022">60022</a>: Improve handling when a WAR file and/or the associated
|
exploded directory are symlinked into the <code>appBase</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a file descriptor leak when reading the global web.xml. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Consistently decode URL patterns provided via web.xml using the encoding
|
of the web.xml file where specified or UTF-8 where no explicit encoding
|
is specified. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Make timing attacks against the Realm implementations harder. (schultz)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
A number of the JRE memory leaks addressed by the
|
<code>JreMemoryLeakPreventionListener</code> have been fixed in Java 9
|
so the associated protection is now disabled when running on Java 9
|
onwards. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.5_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a regression in refactoring to enable injection of custom
|
keystores that broke the automatic conversion of OpenSSL style PEM
|
key and certificate files for use with JSSE TLS connectors. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59910">59910</a>: Don't hardcode key alias value to "tomcat" for JSSE.
|
When using a keystore, OpenSSL will still default to it. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59904">59904</a>: Add a limit (default 200) for the number of cookies
|
allowed per request. Based on a patch by gehui. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59925">59925</a>: Correct regression in r1628368 and ensure that HTTP
|
separators are handled as configured in the
|
<code>LegacyCookieProcessor</code>. Patch provided by Kyohei Nakamura.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59950">59950</a>: Correct log message when reporting that the current
|
number of HTTP/2 streams for a connection could not be pruned to below
|
the limit. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that <code>Semaphore.release</code> is called in all cases. Even
|
when there is an exception. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60030">60030</a>: Correct a potential infinite loop in the SNI parsing
|
code triggered by failing to handle an end of stream condition. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Small logging optimization in the <code>Rfc6265CookieProcessor</code>.
|
Patch provided by Svetlin Zarev. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
OpenSSL now disables 3DES by default so reflect this when using OpenSSL
|
syntax to select ciphers. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Use the proper ERROR socket status code for async errors with NIO2.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60035">60035</a>: Fix a potential connection leak if the client drops a
|
TLS connection before the handshake completes. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor the JSSE client certificate validation so that the
|
effectiveness of the <code>certificateVerificationDepth</code>
|
configuration attribute does not depend on the presence of a certificate
|
revocation list. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Log a warning at start up if a JSSE TLS connector is configured with
|
a trusted certificate that is either not yet valid or has expired.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.5_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When writing out a full web.xml file with JspC ensure that the encoding
|
used in the XML prolog matches the encoding used to write the contents
|
of the file. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve the error handling for custom tags to ensure that the tag is
|
returned to the pool or released and destroyed once used. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60032">60032</a>: Fix handling of method calls that use varargs within
|
EL value expressions. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ignore <code>engineOptionsClass</code> and <code>scratchdir</code> when
|
running under a security manager. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fixed StringIndexOutOfBoundsException. Based on a patch provided by
|
wuwen via Github. (violetagg)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.5_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59908">59908</a>: Ensure that a reason phrase is included in the close
|
message if a session is closed due to a timeout. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.5_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59867">59867</a>: Correct the documentation provided by Manager's
|
403.jsp. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59868">59868</a>: Clarify the documentation for the Manager web
|
application to make clearer that the host name and IP address in the
|
server section are the primary host name and IP address. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59940">59940</a>: Correct the name of the
|
<code>truststorePassword</code> attribute of the
|
<code>SSLHostConfig</code> element in the configuration documentation.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
MBeans Descriptors How-To is moved to
|
<code>mbeans-descriptors-howto.html</code>. Patch provided by Radoslav
|
Husar. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Update NIO Connector configuration documentation with an information
|
about <code>socket.directSslBuffer</code>. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60034">60034</a>: Correct a typo in the Manager How-To page of the
|
documentation web application. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.5_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
In order to avoid the unintended skip of <code>PoolCleaner</code>,
|
remove the check code of the execution interval in the task that has
|
been scheduled. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59850">59850</a>: Ensure that the <code>ResultSet</code> is closed when
|
enabling the <code>StatementCache</code> interceptor. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59923">59923</a>: Reduce the default value of
|
<code>validationInterval</code> in order to avoid the potential issue
|
that continues to return an invalid connection after database restart.
|
(kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the <code>ResultSet</code> is returned as Proxy object when
|
enabling the <code>StatementDecoratorInterceptor</code>. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60043">60043</a>: Ensure that the <code>suspectTimeout</code> works
|
without removing connection when the <code>removeAbandoned</code> is
|
disabled. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add log message of when returning the connection that has been marked
|
suspect. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct Javadoc for <code>ConnectionPool.suspect()</code>. Based on a
|
patch by Yahya Cahyadi. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.5_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59871">59871</a>: Add a property (<code>timeFormat</code>) to
|
JULI's <code>OneLineFormatter</code> to enable the format of the
|
time stamp used in log messages to be configured. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59899">59899</a>: Update Tomcat's copy of the Java Persistence
|
annotations to include the changes made in 2.1 / JavaEE 7. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fixed typos in mbeans-descriptors.xml files. (violetagg)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons BCEL to r1757132 to align with the
|
BCEL 6 release. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons DBCP 2 to r1757164 to pick up a
|
couple of bug fixes. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons Codec to r1757174. Code formatting
|
changes only. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons FileUpload to afdedc9. This pulls in
|
a fix to improve the performance with large multipart boundaries.
|
(markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.4_(markt)"><span style="float: right;">2016-07-12</span> Tomcat 8.5.4 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.4_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57705">57705</a>: Add debug logging for requests denied by the remote
|
host and remote address valves and filters. Based on a patch by Graham
|
Leggett. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58588">58588</a> that removed the
|
entire <code>org.apache.juli</code> package from the embedded JARs
|
rendering them unusable. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59399">59399</a>: Add a new option to the Realm implementations that
|
ship with Tomcat that allows the HTTP status code used for HTTP -> HTTPS
|
redirects to be controlled per Realm. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Change the default of the
|
<code>sessionCookiePathUsesTrailingSlash</code> attribute of the
|
<code>Context</code> element to <code>false</code> since the problems
|
caused when a Servlet is mapped to <code>/*</code> are more significant
|
than the security risk of not enabling this option by default. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Follow-up to <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59655">59655</a>. Improve the documentation for configuring
|
permitted cookie names. Patch provided by Kyohei Nakamura. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Do not attempt to start web resources during a web application's
|
initialisation phase since the web application is not fully configured
|
at that point and the web resources may not be correctly configured.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59708">59708</a>: Modify the LockOutRealm logic. Valid authentication
|
attempts during the lock out period will no longer reset the lock out
|
timer to zero. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve error handling around user code prior to calling
|
<code>InstanceManager.destroy()</code> to ensure that the method is
|
executed. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.4_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor the certificate keystore and trust store generation to make it
|
easier for embedded users to inject their own key stores. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59233">59233</a>: Add the ability to add TLS virtual hosts dynamically.
|
(markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Add a <code>maxConcurrentStreamExecution</code> on the HTTP/2
|
protocol handler to allow restricting the amount of concurrent stream
|
that are being executed in a single connection. The default is to
|
not limit it. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a problem with <code>ServletRequest.getServerPort()</code> for
|
secure HTTP/2 connections that meant an incorrect value was returned when
|
using the default port. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve error handling around user code prior to calling
|
<code>InstanceManager.destroy()</code> to ensure that the method is
|
executed. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Document the default for the HTTP/2 configuration parameter
|
<code>maxConcurrentStreamExecution</code> as 20. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.4_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve error handling around user code prior to calling
|
<code>InstanceManager.destroy()</code> to ensure that the method is
|
executed. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.4_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Now the WebSocket implementation is not built directly on top of the
|
Servlet API and can use Tomcat internals, there is no need for the
|
dedicated WebSocket Executor. It has been replaced by the use of the
|
Connector/Endpoint provided Executor. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve error handling around user code prior to calling
|
<code>InstanceManager.destroy()</code> to ensure that the method is
|
executed. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.4_(markt)/Web_Applications">Web Applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Do not log an additional case of <code>IOException</code>s in the
|
error handler for the Drawboard WebSocket example when the root cause is
|
the client disconnecting since the logs add no value. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59642">59642</a>: Mention the <code>localDataSource</code> in the
|
<code>DataSourceRealm</code> section of the Realm How-To. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59672">59672</a>: Update the security considerations page of the
|
documentation web application to take account of the fact that the
|
Manager and HostManager applications now have a
|
<code>RemoteAddrValve</code> configured by default. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Follow-up to the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59399">59399</a>. Ensure that the new attribute
|
<code>transportGuaranteeRedirectStatus</code> is documented for all
|
<strong>Realm</strong>s. Also document the <code>NullRealm</code> and
|
when it is automatically created for an <strong>Engine</strong>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix the description of <code>maxAge</code> attribute in jdbc-pool doc.
|
This attribute works both when a connection is returned and when a
|
connection is borrowed. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59774">59774</a>: Correct the <code>prefix</code> values in the
|
documented examples for configuring the <code>AccessLogValve</code>.
|
Patch provided by Mike Noordermeer. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Extras">Extras</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58588">58588</a>: Remove the JULI extras package from the distribution.
|
It was only useful for switching Tomcat's internal logging to log4j
|
1.2.x and that version of log4j is no longer supported. No additional
|
Tomcat code is required if switching Tomcat's internal logging to log
|
via log4j 2.x. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.4_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add log message when the ping has timed-out. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
If the ping message has been received at the
|
<code>AbstractReplicatedMap#leftOver</code> method, ensure that notify
|
the member is alive than ignore it. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.4_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix the duplicated connection release when connection verification
|
failed. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that do not remove the abandoned connection that has been already
|
released. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.4_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59276">59276</a>: Update optional Checkstyle library to 6.17. (kkolinko)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Use the mirror network rather than the ASF master site to download the
|
current ASF dependencies. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.8 to
|
pick up the latest fixes and make 1.2.8 the minimum recommended version.
|
(markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Use UTF-8 with a standard prolog for all XML files. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.3_(markt)"><span style="float: right;">2016-06-13</span> Tomcat 8.5.3 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.3_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
RMI Target related memory leaks are avoidable which makes them an
|
application bug that needs to be fixed rather than a JRE bug to work
|
around. Therefore, start logging RMI Target related memory leaks on web
|
application stop. Add an option that controls if the check for these
|
leaks is made. Log a warning if running on Java 9 with this check
|
enabled but without the command line option it requires. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure NPE will not be thrown during deployment when scanning jar files
|
without MANIFEST.MF file. (violetagg)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Remove the <code>clearReferencesStatic</code> option from
|
<code>StandardContext</code>. It was known to cause problems with some
|
libraries (such as log4j) and was only linked to suspected memory leaks
|
rather than known memory leaks. It had been disabled by default with no
|
increase in the reports of memory leaks for some time. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59604">59604</a>: Correct the assumption made in the URL decoding that
|
the default platform encoding is always compatible with ISO-8859-1. This
|
assumption is not always valid, e.g. on z/OS. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59608">59608</a>: Skip over any invalid <code>Class-Path</code> attribute
|
from JAR manifests. Log errors at debug level due to many bad libraries.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix error message when failed to register MBean. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59655">59655</a>: Configure the cookie name validation to use RFC6265 rules by default to
|
align it with the default cookie parser. Document the impact system properties have on
|
cookie name validation. (mark)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.3_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that requests with HTTP method names that are not tokens (as
|
required by RFC 7231) are rejected with a 400 response. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When an asynchronous request is processed by the AJP connector, ensure
|
that request processing has fully completed before starting the next
|
request. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve handling of HTTP/2 stream resets. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58750">58750</a>: The HTTP Server header is no longer set by default. A
|
Server header may be configured by setting the <code>server</code>
|
attribute on the <code>Connector</code>. A new <code>Connector</code>
|
attribute, <code>serverRemoveAppProvidedValues</code> may be used to
|
remove any Server header set by a web application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59564">59564</a>: Correct offset when reading into HTTP/2 input buffer
|
that could cause problems reading request bodies. (violetagg/markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Modify the handling of read/write timeouts so that the appropriate error
|
handling (<code>ReadListener.onError()</code>,
|
<code>WriteListener.onError()</code> or
|
<code>AsyncListener.onError()</code>) is called. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
If an async dispatch results in the completion of request processing,
|
ensure that any remaining request body is swallowed before starting the
|
processing of the next request else the remaining body may be read as the
|
start of the next request leading to a 400 response. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a cause of multiple attempts to close the same socket. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.3_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59567">59567</a>: Fix NPE scanning webapps for TLDs when an exploded
|
JAR has an empty WEB-INF/classes/META-INF folder. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a memory leak in the expression language implementation that caused
|
the class loader of the first web application to use expressions to be
|
pinned in memory. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59654">59654</a>: Improve error message when attempting to use a TLD
|
file from an invalid location. Patch provided by Huxing Zhang. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.3_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59659">59659</a>: Fix possible memory leak in WebSocket handling of
|
unexpected client disconnects. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.3_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58891">58891</a>: Update the SSL how-to. Based on a suggestion by
|
Alexander Kjäll. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.3_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a memory leak with the pool cleaner thread that retained a reference
|
to the web application class loader for the first web application to use
|
a connection pool. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.3_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons DBCP 2 to r1743696 (2.1.1 plus
|
additional fixes). (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons Pool 2 to r1743697 (2.4.2 plus
|
additional fixes). (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons File Upload to r1743698 (1.3.1 plus
|
additional fixes). (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58626">58626</a>: Add support for a new environment variable
|
(<code>USE_NOHUP</code>) that causes <code>nohup</code> to be used when
|
starting Tomcat. It is disabled by default except on HP-UX where it is
|
enabled by default since it is required when starting Tomcat at boot on
|
HP-UX. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.2_(markt)"><span style="float: right;">2016-05-16</span> Tomcat 8.5.2 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.2_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that annotated web components packed in web fragments will be
|
processed when <code>unpackWARs</code> is enabled. (violetagg)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.1_(markt)"><span style="float: right;">not released</span> Tomcat 8.5.1 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.1_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59206">59206</a>: Ensure NPE will not be thrown by
|
<code>o.a.tomcat.util.file.ConfigFileLoader</code> when
|
<code>catalina.base</code> is not specified. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59217">59217</a>: Remove duplication in the recycling of the path in
|
<code>o.a.tomcat.util.http.ServerCookie</code>. Patch is provided by
|
Kyohei Nakamura. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fixed possible NPE in
|
<code>o.a.catalina.loader.WebappClassLoaderBase.getResourceAsStream</code>
|
(violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59213">59213</a>: Async dispatches should be based off a wrapped request.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that <code>javax.servlet.ServletRequest</code> and
|
<code>javax.servlet.ServletResponse</code> provided during
|
<code>javax.servlet.AsyncListener</code> registration are made
|
available via <code>javax.servlet.AsyncEvent.getSuppliedRequest</code>
|
and <code>javax.servlet.AsyncEvent.getSuppliedResponse</code>
|
(violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59219">59219</a>: Ensure <code>AsyncListener.onError()</code> is called
|
if an <code>Exception</code> is thrown during async processing. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59220">59220</a>: Ensure that <code>AsyncListener.onComplete()</code> is
|
called if the async request times out and the response is already
|
committed. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59226">59226</a>: Process the <code>Class-Path</code> attribute from
|
JAR manifests for JARs on the class path excluding JARs packaged in
|
<code>WEB-INF/lib</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59255">59255</a>: Fix possible NPE in mapper. (kkolinko/remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59256">59256</a>: <code>slf4j-taglib*.jar</code> should not be excluded
|
from the standard JAR scanning by default. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Clarify in the log message that specifying both urlPatterns and value
|
attributes in WebServlet and WebFilter annotations is not allowed.
|
(violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure the exceptions caused by Valves will be available in the log
|
files so that they can be evaluated when
|
<code>o.a.catalina.valves.ErrorReportValve.showReport</code> is
|
disabled. Patch is provided by Svetlin Zarev. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Remove unused <code>distributable</code> attribute that is defined as
|
<code>TransientAttribute</code> of <code>Manager</code> in StoreConfig.
|
(kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix handling of Cluster Receiver in StoreConfig. The <code>bind</code>
|
and <code>host</code> attributes define as
|
<code>TransientAttribute</code>. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59261">59261</a>: <code>ServletRequest.getAsyncContext()</code> now
|
throws an <code>IllegalStateException</code> as required by the Servlet
|
specification if the request is not in asynchronous mode when called.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59269">59269</a>: Correct the implementation of
|
<code>PersistentManagerBase</code> so that <code>minIdleSwap</code>
|
functions as designed and sessions are swapped out to keep the active
|
session count below <code>maxActiveSessions</code>. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add the <code>org.apache.catalina.servlet4preview</code> package that
|
can be used to gain early access to Servlet 4.0 features. Note that this
|
package will <strong>not</strong> be present in Tomcat 9. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly configure the base path for a resources directory provided by
|
an expanded JAR file. Patch provided by hengyunabc. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
When multiple compressed formats are available and the client does not
|
express a preference, use the server order to determine the preferred
|
format. Based on a patch by gmokki. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59284">59284</a>: Allow the Tomcat provided JASPIC
|
<code>SimpleServerAuthConfig</code> to pick up module configuration
|
properties from either the property set passed to its constructor or
|
from the properties passed in the call to <code>getAuthContext</code>.
|
Based on a patch by Thomas Maslen. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59310">59310</a>: Do not add a <code>Content-Length: 0</code> header for
|
custom responses to <code>HEAD</code> requests that do not set a
|
<code>Content-Length</code> value. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When normalizing paths, improve the handling when paths end with
|
<code>/.</code> or <code>/..</code> and ensure that input and output are
|
consistent with respect to whether or not they end with <code>/</code>.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59317">59317</a>: Ensure that
|
<code>HttpServletRequest.getRequestURI()</code> returns an encoded URI
|
rather than a decoded URI after a dispatch. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Use the correct URL for the fragment when reporting errors processing
|
a <code>web-fragment.xml</code> file from a JAR located in an unpacked
|
WAR. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that <code>JarScanner</code> only uses the explicit call-back to
|
process <code>WEB-INF/classes</code> and only when configured to treat
|
the contents of <code>WEB-INF/classes</code> as a possible exploded JAR.
|
(markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Remove the <code>java2DDisposerProtection</code> option from the
|
<code>JreMemoryLeakPreventionListener</code>. The leak is fixed in Java
|
7 onwards and Tomcat 8 requires Java 7 so the option is unnecessary.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the value for the header <code>X-Frame-Options</code> is
|
constructed correctly according to the specification when
|
<code>ALLOW-FROM</code> option is used. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix an <code>IllegalArgumentException</code> if the first use of an
|
internal <code>Response</code> object requires JASPIC authentication.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Do not trigger unnecessary session ID changes when using JASPIC and the
|
user is authenticated using cached credentials. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59437">59437</a>: Ensure that the JASPIC <code>CallbackHandler</code> is
|
thread-safe. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59449">59449</a>: In <code>ContainerBase</code>, ensure that the process
|
to remove a child container is the reverse of the process to add one.
|
Patch provided by Huxing Zhang. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.1_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Align cipher configuration parsing with current OpenSSL master. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Change the default for <code>honorCipherOrder</code> to
|
<code>false</code>. With the current default TLS configuration, it is no
|
longer necessary for this to be <code>true</code> for a reasonably
|
secure configuration. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add a new environment variable <code>JSSE_OPTS</code> that is intended
|
to be used to pass JVM wide configuration to the JSSE implementation.
|
The default value is <code>-Djdk.tls.ephemeralDHKeySize=2048</code>
|
which protects against weak Diffie-Hellman keys. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When running on Java 7, exclude DHE ciphers from the default cipher list
|
for JSSE connectors since they use weak 768 bit DH keys and cannot be
|
configured to use more secure keys. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58970">58970</a>: Fix a connection counting bug in the NIO connector
|
that meant some dropped connections were not removed from the current
|
connection count. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59289">59289</a>: Do not recycle upgrade processors in unexpected close
|
situations. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59295">59295</a>: Use <code>Locale.toLanguageTag()</code> to construct
|
the <code>Content-Language</code> HTTP header to ensure the locale is
|
correctly represented. Patch provided by zikfat. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59344">59344</a>: Add support for using pem encoded certificates with
|
JSSE SSL. Submitted by Emmanuel Bourg with additional tweaks. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Make the TLS certificate chain available to clients when using
|
JSSE+OpenSSL with the certificate chain stored in a Java KeyStore.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Work around <a href="https://github.com/openssl/openssl/issues/188">a
|
known issue in OpenSSL</a> that does not permit the TLS handshake to be
|
failed if the ALPN negotiation fails. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59421">59421</a>: Add direct HTTP/2 connection support. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly handle a call to <code>AsyncContext.complete()</code> from a
|
non-container thread when non-blocking I/O is being used. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59451">59451</a>: Correct Javadoc for <code>MessageBytes</code>. Patch
|
provided by Kyohei Nakamura. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59450">59450</a>: Correctly handle the case where the
|
<code>LegacyCookieProcessor</code> is configured with
|
<code>allowHttpSepsInV0</code> set to <code>false</code> and
|
<code>forwardSlashIsSeparator</code> set to <code>true</code>. Patch
|
provided by Kyohei Nakamura. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.1_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When scanning JARs for TLDs, correctly handle the (rare) case where a
|
JAR has been exploded into <code>WEB-INF/classes</code> and the web
|
application is deployed as a packed WAR. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59640">59640</a>: NPEs with not found TLDs. (remm)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.1_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59189">59189</a>: Explicitly release the native memory held by the
|
<code>Inflater</code> and <code>Deflater</code> when using
|
PerMessageDeflate and the WebSocket session ends. Based on a patch by
|
Henrik Olsson. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Return back a container specific extension to the WsServerContainer
|
to allow frameworks to more easily dispatch requests to WebSocket
|
endpoints. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a regression caused by the connector refactoring and ensure that the
|
thread context class loader is set to the web application
|
classloader when processing WebSocket messages on the server. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that a client disconnection triggers the error handling for the
|
associated WebSocket end point. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Make WebSocket client more robust when handling errors during the close
|
of a WebSocket session. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.1_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59210">59210</a>: Server push example has to use
|
<code>o.a.catalina.connector.RequestFacade</code> when obtaining
|
<code>o.a.catalina.core.ApplicationPushBuilder</code>. Patch is
|
provided by Huxing Zhang. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59218">59218</a>: Correct the path to <code>jaspic-providers.xml</code>
|
in Jaspic How-To. Patch is provided by Tatsuya Bessho. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Remove button that has accidentally been added to the host manager.
|
Submitted by Coty Sutherland. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Update in the documentation the link to the maven repository where
|
Tomcat snapshot artifacts are deployed. (markt/violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Clarify in the documentation that calls to
|
<code>ServletContext.log(String, Throwable)</code> or
|
<code>GenericServlet.log(String, Throwable)</code> are logged at the
|
SEVERE level. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a typo in SSL/TLS Configuration How-To.
|
Issue reported via comments.apache.org. (violetagg)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.1_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Avoid NPE when a proxy node failed to retrieve a backup entry. (kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add log of when received an unexpected messages. (kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add the flag indicating that member is a localMember. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix potential NPE that depends on the setting order of attributes of
|
static member when using the static cluster. (kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add get/set method for the channel that is related to
|
<code>ChannelInterceptor</code>. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
As with the multicast cluster environment, in the static cluster
|
environment, the local member inherits properties from the cluster
|
receiver. (kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add get/set method for the channel that is related to each Channel
|
services. (kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add name to channel in order to identify channels. In tomcat cluster
|
environment, it is set the cluster name + "-Channel" as default value.
|
(kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add the channel name to the thread which is invoked by channel services
|
in order to identify the associated channel. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that clear the channel instance from channel services when
|
stopping channel. (kfujino)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Implement map state in the replication map. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the ping is not executed during the start/stop of the
|
replication map. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
In ping processing in the replication map, send not the
|
<code>INIT</code> message but the newly introduced <code>PING</code>
|
message. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.1_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59209">59209</a>: Remove <code>honorCipherOrder=false</code> attribute
|
from the connector example in server.xml. When the block is uncommented
|
the connector will use the default value for this attribute which is
|
<code>false</code>. If one needs to enable it, one can add it
|
explicitly to the connector definition. Use of this feature requires
|
Java 8 or later. Patch is provided by Huxing Zhang. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59211">59211</a>: Add hamcrest to Eclipse classpath. Patch is provided
|
by Huxing Zhang. (violetagg)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59280">59280</a>: Update the NSIS Installer used to build the
|
Windows Installers to version 2.51. (kkolinko)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.7 to
|
pick up the Windows binaries that are based on OpenSSL 1.0.2h and APR
|
1.5.2. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div><h3 id="Tomcat_8.5.0_(markt)"><span style="float: right;">2016-03-24</span> Tomcat 8.5.0 (markt)</h3><div class="text">
|
<div class="subsection"><h4 id="Tomcat_8.5.0_(markt)/General">General</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Remove support for Comet. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Tighten up the default file permissions for the <code>.tar.gz</code>
|
distribution so no files or directories are world readable by default.
|
Configure Tomcat to run with a default umask of <code>0027</code> which
|
may be overridden by setting <code>UMASK</code> in
|
<code>setenv.sh</code>. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Remove native code (Windows Service Wrapper, APR/native connector)
|
support for Windows Itanium. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.0_(markt)/Catalina">Catalina</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
The default HTTP cookie parser has been changed to
|
<code>org.apache.tomcat.util.http.Rfc6265CookieProcessor</code>. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor creation of <code>MapperListener</code> to ensure that the
|
<code>Mapper</code> used is the <code>Mapper</code> associated with the
|
<code>Service</code> for which the listener was created. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Move the functionality that provides redirects for context roots and
|
directories where a trailing <code>/</code> is added from the Mapper to
|
the <code>DefaultServlet</code>. This enables such requests to be
|
processed by any configured Valves and Filters before the redirect is
|
made. This behaviour is configurable via the
|
<code>mapperContextRootRedirectEnabled</code> and
|
<code>mapperDirectoryRedirectEnabled</code> attributes of the Context
|
which may be used to restore the previous behaviour. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor <code>Service.getContainer()</code> to return an
|
<code>Engine</code> rather than a <code>Container</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=34319">34319</a>: Only load those keys in
|
<code>StoreBase.processExpire</code> from JDBCStore that are old enough
|
to be expired. Based on a patch by Tom Anderson. (fschumacher)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58351">58351</a>: Make the server build date and server version number
|
accessible via JMX. Patch provided by Huxing Zhang. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=56917">56917</a>: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later
|
redirects to use relative URIs. This is controlled by a new attribute
|
<code>useRelativeRedirects</code> on the <strong>Context</strong> and
|
defaults to <code>true</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58629">58629</a>: Allow an embedded Tomcat instance to start when the
|
<code>Service</code> has no <code>Engine</code> configured. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly notify the MapperListener associated with a Service if the
|
Engine for that Service is changed. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Make a web application's CredentialHandler available through a context
|
attribute. This allows a web application to use the same algorithm
|
for validating or generating new stored credentials from cleartext
|
ones. (schultz)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58635">58635</a>: Enable break points to be set within agent code when
|
running Tomcat with a Java agent. Based on a patch by Huxing Zhang.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fixed potential NPE in <code>HostConfig</code> while deploying an
|
application. Issue reported by coverity scan. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58655">58655</a>: Fix an <code> IllegalStateException</code> when
|
calling <code>HttpServletResponse.sendRedirect()</code> with the
|
<code>RemoteIpFilter</code>. This was caused by trying to correctly
|
generate the absolute URI for the redirect. With the fix for
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=56917">56917</a>, redirects may now be relative making the
|
<code>sendRedirect()</code> implementation for the
|
<code>RemoteIpFilter</code> much simpler. This also addresses issues
|
where the redirect may not have behaved as expected when redirecting
|
from http to https to from https to http. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58657">58657</a>: Exceptions in a Servlet 3.1 <code>ReadListener</code>
|
or <code>WriteListener</code> do not need to be immediately fatal to the
|
connection. Allow an error response to be written. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct implementation of
|
<code>validateClientProvidedNewSessionId</code> so client provided
|
session IDs may be rejected if validation is enabled. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58701">58701</a>: Reset the <code>instanceInitialized</code> field in
|
<code>StandardWrapper</code> when unloading a Servlet so that a new
|
instance may be correctly initialized. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Add a new flag <code>aprPreferred</code> to the Apr listener. if set to
|
<code>false</code>, when using the connector defaults, it will use
|
NIO + OpenSSL if tomcat-native is available, rather than the APR
|
connector. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add path parameter handling to
|
<code>HttpServletRequest.getContextPath()</code>. This is a follow-up to
|
the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57215">57215</a>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58692">58692</a>: Make <code>StandardJarScanner</code> more robust. Log
|
a warning if a class path entry cannot be scanned rather than triggering
|
the failure of the web application. Includes a test case written by
|
Derek Abdine. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58702">58702</a>: Ensure an access log entry is generated if the client
|
aborts the connection. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fixed various issues reported by Findbugs. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58735">58735</a>: Add support for the <code>X-XSS-Protection</code>
|
header to the <code>HttpHeaderSecurityFilter</code>. Patch provided by
|
Jacopo Cappellato. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add the <code>StatusManagerServlet</code> to the list of Servlets that
|
can only be loaded by privileged applications. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Simplify code and fix messages in
|
<code>org.apache.catalina.core.DefaultInstanceManager</code> class.
|
(kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58751">58751</a>: Correctly handle the case where an
|
<code>AsyncListener</code> dispatches to a Servlet on an asynchronous
|
timeout and the Servlet uses <code>sendError()</code> to trigger an
|
error page. Includes a test case based on code provided by Andy
|
Wilkinson.(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the proper file encoding, if specified, will be used when
|
a readme file is served by DefaultServlet. (violetagg)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix declaration of <code>localPort</code> attribute of Connector MBean:
|
it is read-only. (kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58766">58766</a>: Make skipping non-class files during annotation
|
scanning faster by checking the file name first. Improve debug logging.
|
(kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58768">58768</a>: Log a warning if a redirect fails because of an
|
invalid location. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58827">58827</a>: Remove remains of JSR-77 implementation. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58836">58836</a>: Correctly merge query string parameters when
|
processing a forwarded request where the target includes a query string
|
that contains a parameter with no value. (markt/kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Make sure that shared Digester is reset in an unlikely error case
|
in <code>HostConfig.deployWAR()</code>. (kkolinko)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Extend the feature available in the cluster session manager
|
implementations that enables session attribute replication to be
|
filtered based on attribute name to all session manager implementations.
|
Note that configuration attribute name has changed from
|
<code>sessionAttributeFilter</code> to
|
<code>sessionAttributeNameFilter</code>. Apply the filter on load as
|
well as unload to ensure that configuration changes made while the web
|
application is stopped are applied to any persisted data. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Extend the session attribute filtering options to include filtering
|
based on the implementation class of the value and optional
|
<code>WARN</code> level logging if an attribute is filtered. These
|
options are available for all of the Manager implementations that ship
|
with Tomcat. When a <code>SecurityManager</code> is used filtering will
|
be enabled by default. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Remove <code>distributable</code> and <code>maxInactiveInterval</code>
|
from the <code>Manager</code> interface because the attributes are never
|
used. The equivalent attributes from the <code>Context</code> always
|
take precedence. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58867">58867</a>: Improve checking on Host start for WAR files that have
|
been modified while Tomcat has stopped and re-expand them if
|
<code>unpackWARs</code> is <code>true</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58900">58900</a>: Correctly undeploy symlinked resources and prevent an
|
infinite cycle of deploy / undeploy. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Protect initialization of <code>ResourceLinkFactory</code> when
|
running with a SecurityManager. (kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a thread safety issue in the filtering of session attributes
|
based on the implementing class name of the value object. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix class loader decision on the delegation for class loading and
|
resource lookup and make it faster too. (rjung)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58905">58905</a>: Ensure that <code>Tomcat.silence()</code> silences the
|
correct logger and respects the current setting. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58946">58946</a>: Ensure that the request parameter map remains
|
immutable when processing via a RequestDispatcher. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that <code>/WEB-INF/classes</code> is never processed as a web
|
fragment. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Switch default connector when native is installed. Unless configured
|
otherwise, the NIO endpoint will be used by default. If SSL is
|
configured, OpenSSL will be used rather than JSSE. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58867">58867</a>. When configuring a
|
Context to use an external directory for the <code>docBase</code>, and
|
that directory happens to be located along side the original WAR, use
|
the directory as the <code>docBase</code> rather than expanding the
|
WAR into the <code>appBase</code> and using the newly created expanded
|
directory as the <code>docBase</code>. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58988">58988</a>: Special characters in the substitutions for the
|
RewriteValve can now be quoted with a backslash. (fschumacher)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58999">58999</a>: Fix class and resource name filtering in
|
WebappClassLoader. It throws a StringIndexOutOfBoundsException if the
|
name is exactly "org" or "javax". (rjung)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add JASPIC (JSR-196) support. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Make checking for var and map replacement in RewriteValve a bit stricter
|
and correct detection of colon in var replacement. (fschumacher)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor the web application class loader to reduce the impact of JAR
|
scanning on the memory footprint of the web application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix some resource leaks in the error handling for accessing files from
|
JARs and WARs. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor the JAR and JAR-in-WAR resource handling to reduce the memory
|
footprint of the web application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor the web.xml parsing so a new parser is created every time the
|
web application starts rather than creating and caching the parser when
|
the Context is created. This enables the parser to take account of
|
modified Context configuration parameters and reduces (slightly) the
|
memory footprint of a running Tomcat instance. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Switch the web application class loader to the
|
<code>ParallelWebappClassLoader</code> by default. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57809">57809</a>: Remove the custom context attribute that held the
|
effective web.xml. Components needing access to configuration
|
information may access it via the Servlet API. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Refactor JAR scanning to reduce memory footprint. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59001">59001</a>: Correctly handle the case when Tomcat is installed on
|
a path where one of the segments ends in an exclamation mark. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Expand the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59001">59001</a> to cover the special sequences used
|
in Tomcat's custom jar:war: URLs. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59043">59043</a>: Avoid warning while expiring sessions associated with
|
a single sign on if <code>HttpServletRequest.logout()</code> is used.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59054">59054</a>: Ensure that using the
|
<code>CrawlerSessionManagerValve</code> in a distributed environment
|
does not trigger an error when the Valve registers itself in the
|
session. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add socket properties support to storeconfig. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix incorrect parsing of the NE and NC flags in rewrite rules. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59065">59065</a>: Correct the timing of the check for colons in paths
|
on non-Windows systems implemented in <code>catalina.sh</code> so it
|
works correctly with Cygwin. Patch provided by Ed Randall. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When a Host is configured with an appBase that does not exist, create
|
the appBase before trying to expand an external WAR file into it.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59115">59115</a>: When using the Servlet 3.0 file upload, the submitted
|
file name may be provided as a token or a quoted-string. If a
|
quoted-string, unquote the string before returning it to the user.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59123">59123</a>: Close <code>NamingEnumeration</code> objects used by
|
the <code>JNDIRealm</code> once they are no longer required.
|
(fschumacher/markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Implement the proposed Servlet 4.0 API to provide mapping type
|
information for the current request. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59138">59138</a>: Correct a false positive warning for ThreadLocal
|
related memory leaks when the key class but not the value class has been
|
loaded by the web application class loader. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59017">59017</a>: Make the pre-compressed file support in the Default
|
Servlet generic so any compression may be used rather than just gzip.
|
Patch provided by Mikko Tiihonen. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59145">59145</a>: Don't log an invalid warning when a user logs out of
|
a session associated with SSO. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59150">59150</a>: Add an additional flag on APR listener to allow
|
disabling automatic use of OpenSSL. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59151">59151</a>: Fix a regression in the fix for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=56917">56917</a> that
|
added additional (and arguably unnecessary) validation to the provided
|
redirect location. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59154">59154</a>: Fix a <code>NullPointerException</code> in the
|
<code>JAASMemoryLoginModule</code> resulting from the introduction of
|
the <code>CredentialHandler</code> to <code>Realm</code>s.
|
(schultz/markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.0_(markt)/Coyote">Coyote</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Remove support for the HTTP BIO and AJP BIO connectors. (markt)
|
</li>
|
<li><img alt="Code: " class="icon" src="./images/code.gif">
|
Refactor HTTP upgrade and AJP implementations to reduce duplication.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add support for HPACK header encoding and decoding, contributed
|
by Stuart Douglas. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57108">57108</a>: Add support for Server Name Indication (SNI). There
|
has been significant changes to the SSL configuration in server.xml to
|
support this. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add SSL engine for JSSE backed by OpenSSL. Includes ALPN support.
|
Based on code contributed by Numa de Montmollin and derived from code
|
developed by Twitter and Netty. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
RFC 7230 states that clients should ignore reason phrases in HTTP/1.1
|
response messages. Since the reason phrase is optional, Tomcat no longer
|
sends it. As a result the system property
|
<code>org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER</code> is no
|
longer used and has been removed. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
The minimum required Tomcat Native version has been increased to 1.2.2.
|
The 1.2.x branch includes ALPN and SNI support which are required for
|
HTTP/2. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Add support for HTTP/2 including server push. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58621">58621</a>: The certificate chain cannot be set using the main
|
certificate attribute, so restore the certificate chain property. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Allow a new SSL config type where a connector can use either JSSE or
|
OpenSSL. Both could be allowed, but it would likely create support
|
issues. This type is used by the OpenSSL implementation for NIOx. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Improve upgrade context classloader handling by using Context.bind and
|
unbind. (remm)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Improve OpenSSL keystore/truststore configuration by using the code
|
from the JSSE implementation. (remm, jfclere)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a potential loop when a client drops the connection unexpectedly.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
OpenSSL renegotiation support for client certificate authentication.
|
(remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix NIO connector renegotiation. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58659">58659</a>: Fix a potential deadlock during HTTP/2 processing when
|
the connection window size is limited. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct an NPE when listing the enabled ciphers (e.g. via the Manager
|
web application) for a TLS enabled APR/native connector. (markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
New configuration option <code>ajpFlush</code> for the AJP connectors
|
to disable the sending of AJP flush packets. (rjung)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Handle the case in the NIO connector where the required TLS buffer sizes
|
increase after the connection has been initiated. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Handle the case in the NIO2 connector where the required TLS buffer
|
sizes increase after the connection has been initiated. (markt/remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Bad processing of handshake errors in NIO2. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Use JSSE session configuration options with OpenSSL. (remm)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59015">59015</a>: Fix potential cause of endless APR Poller loop during
|
shutdown if the Poller experiences an error during the shutdown process.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Align cipher aliases for <code>kECDHE</code> and <code>ECDHE</code> with
|
the current OpenSSL implementation. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59081">59081</a>: Retain the user defined cipher order when defining
|
ciphers. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59089">59089</a>: Correctly ignore HTTP headers that include non-token
|
characters in the header name. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.0_(markt)/Jasper">Jasper</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57136#c25">57136#c25</a>: Change default value of
|
<code>quoteAttributeEL</code> setting in Jasper to be <code>true</code>
|
for better compatibility with other implementations and older versions
|
of Tomcat. Add command line option <code>-no-quoteAttributeEL</code> in
|
JspC. (kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix handling of missing messages in
|
<code>org.apache.el.util.MessageFactory</code>. (violetagg)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update to the Eclipse JDT Compiler 4.5.1. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57583">57583</a>: Improve the performance of
|
<code>javax.servlet.jsp.el.ScopedAttributeELResolver</code> when
|
resolving attributes that do not exist. This improvement only works when
|
Jasper is used with Tomcat's EL implementation. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.0_(markt)/Cluster">Cluster</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Enable an explicit configuration of local member in the static cluster
|
membership. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix potential integer overflow in <code>DeltaSession</code>.
|
Reported by coverity scan. (fschumacher)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
In order to avoid that the heartbeat thread and the background thread to
|
run <code>Channel.heartbeat</code> simultaneously, if
|
<code>heartbeatBackgroundEnabled</code> of <code>SimpleTcpCluster</code>
|
set to <code>true</code>, ensure that the heartbeat thread does not
|
start. (kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.0_(markt)/WebSocket">WebSocket</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=55006">55006</a>: The WebSocket client now honors the
|
<code>java.net.java.net.ProxySelector</code> configuration (using the
|
HTTP type) when establishing WebSocket connections to servers. Based on
|
a patch by Niki Dokovski. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=57489">57489</a>: Ensure <code>onClose()</code> is called when a
|
WebSocket connection is closed even if the sending of the close message
|
fails. Includes test cases by Barry Coughlan. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58624">58624</a>: Correct a potential deadlock if the WebSocket
|
connection is closed when a message write is in progress. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix a timing issue on session close that could result in an exception
|
being thrown for an incomplete message even through the message was
|
completed. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correctly handle compression of partial messages when the final message
|
fragment has a zero length payload. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59119">59119</a>: Correct read logic for WebSocket client when using
|
secure connections. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59134">59134</a>: Correct client connect logic for secure connections
|
made through a proxy. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.0_(markt)/Web_applications">Web applications</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=48674">48674</a>: Implement an option within the Host Manager web
|
application to persist the current configuration. Based on a patch by
|
Coty Sutherland. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58631">58631</a>: Correct the continuation character use in the Windows
|
Service How-To page of the documentation web application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the SSL documentation for deprecated attributes to point to the
|
correct, new location for attributes related to individual certificates.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct some typos in the JNDI resources How-To. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Don't create session unnecessarily in the Manager application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Don't create session unnecessarily in the Host Manager application.
|
(markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58723">58723</a>: Clarify documentation and error messages for the text
|
interface of the manager to make clear that version must be used with
|
path when referencing contexts deployed using parallel deployment.
|
(markt)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Document <code>test.threads</code> option in BUILDING.txt. (kkolinko)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct an error in the documentation of the expected behaviour for
|
automatic deployment. If a WAR is updated and an expanded directory is
|
present, the directory will always be deleted and recreated by expanding
|
the WAR if <code>unpackWARs</code> is <code>true</code>. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58935">58935</a>: Remove incorrect references in the documentation to
|
using <code>jar:file:</code> URLs with the Manager application. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct the description of the
|
<code>ServletRequest.getServerPort()</code> in Proxy How-To.
|
Issue reported via comments.apache.org. (violetagg)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
The Manager and Host Manager applications are now only accessible via
|
<code>localhost</code> by default. (markt)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.0_(markt)/Tribes">Tribes</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Clarify the handling of Copy message and Copy nodes. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ensure that the static member is registered to the add suspect list even
|
if the static member that is registered to the remove suspect list has
|
disappeared. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
When using a static cluster, add the members that have been cached in
|
the membership service to the map members list in order to ensure that
|
the map member is a static member. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add support for the startup notification of local members in the static
|
cluster. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Ignore the unnecessary member remove operation from different domain.
|
(kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Add support for the shutdown notification of local members in the static
|
cluster. (kfujino)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
If promoting a proxy node to a primary node when getting a session,
|
notify the change of the new primary node to the original backup node.
|
(kfujino)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.0_(markt)/jdbc-pool">jdbc-pool</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Correct evaluation of system property
|
<code>org.apache.tomcat.jdbc.pool.onlyAttemptCurrentClassLoader</code>.
|
It was basically ignored before. Reported by coverity scan. (fschumacher)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
Fix potential integer overflow in <code>ConnectionPool</code> and
|
<code>PooledConnection</code>. Reported by coverity scan. (fschumacher)
|
</li>
|
</ul>
|
</div></div>
|
<div class="subsection"><h4 id="Tomcat_8.5.0_(markt)/Other">Other</h4><div class="text">
|
<ul class="changelog">
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Allow to configure multiple JUnit test class patterns with the build
|
property <code>test.name</code> and document the property in
|
BUILDING.txt. (rjung)
|
</li>
|
<li><img alt="Add: " class="icon" src="./images/add.gif">
|
Support the use of the <code>threads</code> attribute on Ant's
|
junit task. Note that using this with a value of greater than one will
|
disable Cobertura code coverage. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update optional Checkstyle library to 6.14.1. (kkolinko)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.4 to
|
pick up the Windows binaries that are based on OpenSSL 1.0.2e and APR
|
1.5.1. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the NSIS Installer used to build the Windows Installers to
|
version 2.50. (markt/kkolinko)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons BCEL to r1725718 to align with the
|
refactoring for BCEL 6, the next major BCEL release. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons DBCP 2 to r1725730 (2.1.1 plus
|
additional fixes). (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons Pool 2 to r1725738 (2.4.2 plus
|
additional fixes). (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the internal fork of Commons Codec to r1725746 (1.9 plus
|
additional fixes). (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58283">58283</a>: Change the default download location for libraries
|
during the build process from <code>/usr/share/java</code> to
|
<code>${user.home}/temp</code>. Patch provided by Ahmed Hosni. (markt)
|
</li>
|
<li><img alt="Fix: " class="icon" src="./images/fix.gif">
|
<a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59031">59031</a>: When using the Windows uninstaller, do not remove the
|
contents of any directories that have been symlinked into the Tomcat
|
directory structure. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Update the packaged version of the Tomcat Native Library to 1.2.5 to
|
pick up the Windows binaries that are based on OpenSSL 1.0.2g and APR
|
1.5.1. (markt)
|
</li>
|
<li><img alt="Update: " class="icon" src="./images/update.gif">
|
Modify the default <code>tomcat-users.xml</code> file to make it harder
|
for users to configure the entries intended for use with the examples
|
web application for the Manager application. (markt)
|
</li>
|
</ul>
|
</div></div>
|
</div></div></div></div></div><footer><div id="footer">
|
Copyright © 1999-2021, The Apache Software Foundation
|
</div></footer></div></body></html>
|
