&project;
<properties>
- <author email="remm@apache.org">Remy Maucherat</author>
- <author email="fhanik@apache.org">Filip Hanik</author>
- <author email="rjung@apache.org">Rainer Jung</author>
- <author email="kkolinko@apache.org">Konstantin Kolinko</author>
- <author email="pero@apache.org">Peter Rossbach</author>
- <author email="kfujino@apache.org">Keiichi Fujino</author>
- <author email="timw@apache.org">Tim Whittington</author>
- <author email="mturk@apache.org">Mladen Turk</author>
- <author email="schultz@apache.org">Christopher Schultz</author>
- <author email="slaurent@apache.org">Sylvain Laurent</author>
<title>Changelog</title>
</properties>
Other fixed issues are added to the end of the list, chronologically.
They eventually become mixed with the numbered issues. (I.e., numbered
issues to not "pop up" wrt. others).
+
+ Until the first Tomcat 8.0.0 release, only changes not back-ported to 7.0.x
+ should be listed here.
-->
-<section name="Tomcat 7.0.20 (markt)">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Corrected missing comma in the value of <code>jarsToSkip</code>
- property in <code>conf/catalina.properties</code> file, which
- caused tomcat-jdbc.jar and commons-beanutils*.jar to be not
- ignored when scanning jars for tag libraries. (kkolinko)
- </fix>
- <fix>
- <bug>41709</bug>: Provide exception messages where no message is
- provided currently for IllegalStateExcpetions triggered by calling
- HttpServletResponse methods when the reponse is committed. (markt)
- </fix>
- <fix>
- <bug>51509</bug>: Fix potential concurrency issue in CSRF prevention
- filter that may lead to some requests failing that should not. (markt)
- </fix>
- <fix>
- <bug>51518</bug>: Correct error in web.xml parsing rules for the
- <others/> tag when using absolute ordering. (markt)
- </fix>
- <add>
- Move the SetCharacterEncoding filter from the examples web application
- to the <code>org.apache.catalina.filters</code> package so it is
- available for all web applications. (markt)
- </add>
- <fix>
- <bug>51550</bug>: Internal errors in Tomcat components that process
- requests before they are passed to a web application, such as
- Authenticators, now return a 500 response rather than a 200 response.
- (markt)
- </fix>
- <fix>
- <bug>51555</bug>: Allow destroy() to be called on Lifecycle components
- that are in the initialized state. (markt)
- </fix>
- <add>
- Add x-threadname pattern format token to ExtendedAccessLogValve to log
- the current request thread name. Based on a patch from Felix Schumacher.
- (timw)
- </add>
- <fix>
- <bug>51584</bug>: Ensure file paths are encoded/decoded when translated
- to/from URLs when working with resources from a Context so special
- characters don't cause issues. (markt)
- </fix>
- <fix>
- <bug>51586</bug>: Expand error handling to cover anything that is
- recoverable (or might be recoverable) when loading classes during
- HandlesTypes processing. (markt)
- </fix>
- <fix>
- <bug>51588</bug>: Make it easier to extend the AccessLogValve to add
- support for custom elements. (markt)
- </fix>
- <fix>
- Ensure that calls to StandardWrapper methods() that may trigger creation
- of a Servlet instance always do so in way that correctly instantiates a
- Servlet instance. (markt)
- </fix>
- <fix>
- In JDBCStore: Committing connection if autoCommit is false.
- Make sure committed connection is returned to the pool if datasource is
- enabled. (kfujino)
- </fix>
- <add>
- Split <code>condition</code> attribute of AccessLogValve into two,
- <code>conditionIf</code> and <code>conditionUnless</code>. Implement
- conditional logging that logs only if a request attribute is present.
- (kkolinko)
- </add>
- <fix>
- Allow to have several AccessLogValve instances in the same scope (e.g.
- in the same Context). (kkolinko)
- </fix>
- <fix>
- <bug>51610</bug>: If an unchecked exception occurs during a lifecycle
- transition (e.g. web application start) ensure that the component is
- put into the failed state. (markt)
- </fix>
- <fix>
- <bug>51614</bug>: Avoid calling store.load() and session.expire()
- twice in PersistentManager when expiring sessions. (kfujino)
- </fix>
- <fix>
- Prevent spurious log warnings on container stop if a child component has
- previously failed. (markt)
- </fix>
- <fix>
- Add missing getter and setter for the alwaysUseSession attribute of the
- authenticators. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>49595</bug>: Prevent JVM crash with the AJP APR connector when
- flushing a closed socket. (jfclere)
- </fix>
- <fix>
- <bug>50394</bug>: Return -1 instead throwing an exception when
- encountering an EOF while processing an input stream with the HTTP APR
- connector. (jfclere)
- </fix>
- <fix>
- Correctly handle a connectionTimeout value of -1 (no timeout) for the
- HTTP NIO and AJP NIO connectors. (markt)
- </fix>
- <fix>
- <bug>51503</bug>: Add additional validation that prevents a connector
- from starting if it does not have a port > 0. (markt)
- </fix>
- <fix>
- <bug>51557</bug>: Ignore HTTP headers that do not comply with RFC 2616
- and use header names that are not tokens. (markt)
- </fix>
- <add>
- Improve error handling for HTTP APR if an error occurs while using
- sendfile. (markt)
- </add>
- <fix>
- Ensure that when using sendfile, HTTP APR sockets are not added to
- multiple pollers. This may cause errors during shutdown. (markt)
- </fix>
- <update>
- Set <code>reuse</code> flag of final AJP <code>END_RESPONSE</code>
- packet to <code>0</code> if we plan to close the connection. (rjung)
- </update>
- <update>
- Correctly indicate if socket is closing when calling recycle for the AJP
- NIO processor. Note since the flag is unused in this case there were no
- bugs triggered by the re-factoring error. (rjung)
- </update>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>51532</bug>: JSP files with dependencies in JARs were recompiled on
- every access leading to poor performance. (markt)
- </fix>
- <fix>
- <bug>51544</bug>: Correctly resolve bean methods in EL so accessible
- methods that are overridden by inaccessible methods do not cause an
- IllegalAccessException. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>41498</bug>: Add the allRolesMode attribute to the Realm
- configuration page in the documentation web application. (markt)
- </fix>
- <fix>
- <bug>48997</bug>: Fixed some typos and correct cross-referencing to the
- HTTP Connector documentation with the SSL How-To page of the
- documentation web application. (markt)
- </fix>
- <fix>
- <bug>49122</bug>: Improvements and fixes for index page for ROOT web
- application. Based on a patch provided by pidster. (markt)
- </fix>
- <fix>
- <bug>51516</bug>: Correct documentation web application to show correct
- system property name for changing the name of the SSO session cookie.
- (markt)
- </fix>
- <update>
- Configure the Manager and Host Manager web applications with the Set
- Character Encoding Filter to make the default request character encoding
- UTF-8 to improve i18n support. Note that best results will be obtained
- if the connector is also configured with
- <code>URIEncoding="UTF-8"</code>.(markt)
- </update>
- <update>
- Update the documentation web application to be even more explicit about
- the implications of setting the path attribute on a Context element in
- server.xml. (markt)
- </update>
- <fix>
- <bug>51561</bug>: Update the Realm page within the documentation web
- application to recommend the use of digest.[bat|sh] to generate digests
- rather than calling RealmBase directly. (markt)
- </fix>
- <fix>
- <bug>51567</bug>: Update the class loading page of the documentation
- web application to include information on the search order for the
- common class loader when separate values are used for $CATALINA_HOME and
- $CATALINA_BASE. (markt)
- </fix>
- <update>
- Improve class loading documentation and logging documentation.
- (kkolinko)
- </update>
- <add>
- Add information to the security page of the the documentation web
- application for the ciphers attribute of the Connector element. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- <bug>51503</bug>: Add additional validation to Windows installer that
- ensure that the shutdown port, HTTP port and AJP port are all specified
- during the install process. (markt)
- </fix>
- <fix>
- <bug>51531</bug>: Update sample Eclipse classpath file to reflect
- updated ECJ jar. Patch provided by Ian Brandt. (markt)
- </fix>
- <update>
- Convert Tomcat unit tests to JUnit 4. (kkolinko)
- </update>
- <update>
- Update optional CheckStyle library to 5.4. (kkolinko)
- </update>
- <update>
- Remove <code>resolveHosts</code> attribute from AccessLogValve
- configuration in the default <code>server.xml</code>. It was documented
- in 7.0.19 that it has no effect. (kkolinko)
- </update>
- <update>
- Simplify mapping for <code>jsp</code> servlet in the default
- <code>web.xml</code>. (kkolinko)
- </update>
- <fix>
- Correctly handle uninstall with the Windows installer of the service is
- installed with a name that contains a '-' character. (markt)
- </fix>
- <fix>
- <bug>51598</bug>: Prevent direct invocation of the Windows uninstaller
- without a service name from executing since the uninstall will not be
- complete. (markt)
- </fix>
- <fix>
- Use Tomcat icon (cat) instead of Apache Commons Daemon (feather) one
- in the list of uninstallable programs on Windows. (kkolinko)
- </fix>
- <update>
- Update to Apache Commons Daemon 1.0.7. (markt)
- </update>
- <fix>
- <bug>51621</bug>: Add additional required JARs to the deployer
- distribution. (markt)
- </fix>
- <fix>
- Fix a small number of warnings reported by FindBugs. (markt)
- </fix>
- <update>
- Update to version 1.1.22 of the native component for the AJP APR/native
- and HTTP APR/native connectors. (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.19 (markt)" rtext="released 2011-07-19">
- <subsection name="Catalina">
- <changelog>
- <add>
- Add option to activate access log for unit tests. (rjung)
- </add>
- <fix>
- Fix regression in year number formatting for AccessLogValve. (rjung)
- </fix>
- <add>
- <bug>46252</bug>: Allow to specify character set to be used to write
- the access log in AccessLogValve. (kkolinko)
- </add>
- <fix>
- <bug>51494</bug>: Prevent an NPE when a long running request completes
- if the associated web application was destroyed while the request was
- processing. (markt)
- </fix>
- <update>
- Allow choosing a locale for timestamp formatting in AccessLogValve.
- (rjung)
- </update>
- <fix>
- When generating access logs for errors, log at the Context/Host level if
- a Context or Host can be identified for the failed request. (markt)
- </fix>
- <update>
- Create a directory for access log or error log (in AccessLogValve and
- in JULI FileHandler) automatically when it is specified as a part of
- the file name, e.g. in the <code>prefix</code> attribute. Earlier this
- happened only if it was specified with the <code>directory</code>
- attribute. (kkolinko)
- </update>
- <fix>
- Log a failure if access log file cannot be opened. (kkolinko)
- </fix>
- <fix>
- Use en_US as locale for timestamps in ExtendedAccessLogValve.
- (rjung)
- </fix>
- <fix>
- Use en_US as locale for creationdate in WebdavServlet. (rjung)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <update>
- <bug>51477</bug>: Support all SSL protocol combinations in the
- APR/native connector. This only works when using the native library
- version 1.1.21 or later, which is not yet released. (rjung)
- </update>
- <update>
- Various refactorings to reduce code duplication and unnecessary code in
- the connectors. (markt)
- </update>
- <fix>
- Correct regression introduced in 7.0.17 that triggered 400 entries in
- the AccessLog when using the AJP/BIO connector. (markt)
- </fix>
- <fix>
- Fix regression producing invalid MBean names when using IPV6
- addresses for connectors. (rjung)
- </fix>
- <fix>
- Add missing thread name in RequestProcessor when Servlet 3 Async
- is used. Fixes null thread name in access log and JMX MBean. (rjung)
- </fix>
- <fix>
- Fix CVE-2011-2526. Protect against infinite loops (HTTP NIO) and crashes
- (HTTP APR) if sendfile is configured to send more data than is available
- in the file. (markt)
- </fix>
- <fix>
- Prevent NPEs when a socket is closed in non-error conditions after
- sendfile processing when using the HTTP NIO connector. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <update>
- Remove unnecessary server.xml parsing code for old cluster
- implementation that does not ship as part of Tomcat 7. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <add>
- Add additional information to the documentation web application on the
- benefits and remaining risks when running under a security manager.
- (markt)
- </add>
- <fix>
- <bug>51490</bug>: Correct broken HTML in JSP tag plugin examples and
- improve the <c:if> example to make failures more obvious. Based on
- suggestions by Charles. (markt)
- </fix>
- <add>
- Document ExtendedAccessLogValve. (rjung)
- </add>
- <fix>
- Correct default value of <code>enableLookups</code> for connectors
- and mention, that <code>resolveHosts</code> for the AccessLogValve
- is replaced by <code>enableLookups</code>. (rjung)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update to Commons Daemon 1.0.6. (markt)
- </update>
- <update>
- Update to Eclipse JDT Compiler 3.7. (markt)
- </update>
- <add>
- Include jdbc-pool into tomcat release. (fhanik)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.18 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Correct regression introduced in 7.0.17 that triggered an NPE if a
- CrawlerSessionManagerValve was used without setting crawlerUserAgents.
- (markt)
- </fix>
- <fix>
- <bug>51466</bug>: Correct comment typos in HostManagerServlet. Patch
- provided by Felix Schumacher. (markt)
- </fix>
- <fix>
- <bug>51467</bug>: Invoke Thread.start() rather than Thread.run() so that
- listeners and filters are stopped in a separate thread rather than the
- current thread. Patch provided by Felix Schumacher. (markt)
- </fix>
- <fix>
- <bug>51473</bug>: Fix concatenation of values in
- <code>SecurityConfig.setSecurityProperty()</code>. (kkolinko)
- </fix>
- <fix>
- Fix response.encodeURL() for the special case of an absolute URL
- with no path segment (http://name). (rjung)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Correct regression caused by connector re-factoring that made AJP
- APR/native connector very unstable on Windows platforms. (markt)
- </fix>
- <fix>
- Correct regression caused by connector re-factoring that meant that
- sendfile data was not reset between pipe-lined HTTP requests. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Tribes">
- <changelog>
- <update>
- Re-factor tests to align packages for tests with the classes under test.
- Start to convert non-JUnit tests to JUnit. Remove unnecessary code.
- (markt)
- </update>
- <fix>
- Add synchronization to receiver socket binding to prevent test failures
- on Linux. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- More code clean-up to remove unused code and reduce IDE warnings.
- (markt/kkolinko)
- </fix>
- <update>
- Further improvements to the Windows installer. (markt/kkolinko)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.17 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <add>
- <bug>48956</bug>: Add regular expression support for SSI. (markt)
- </add>
- <add>
- <bug>49165</bug>: Allow any time stamp formats supported by
- SimpleDateFormat in AccessLogValve. Support logging begin and/or end of
- request. (rjung)
- </add>
- <add>
- <bug>50677</bug>: Allow system property variables to be used in the
- values of "common.loader" and other "*.loader" properties in the
- <code>catalina.properties</code> file. (kkolinko)
- </add>
- <fix>
- <bug>51376</bug>: When adding a Servlet via
- ServletContext#addServlet(String, Servlet), the Servlet was not
- initialized when the web application started and a load on startup value
- was set. (markt)
- </fix>
- <fix>
- <bug>51386</bug>: Correct code for processing @HandlesTypes annotations
- so only types of interest are reported to a ServletContainerInitializer.
- (markt)
- </fix>
- <update>
- Add the Tomcat extras, ant-junit and Java Help Jars to the list of JARs
- to skip when scanning for TLDs and web fragments. (rjung)
- </update>
- <fix>
- The fix for bug <bug>51310</bug> caused a regression that re-introduced
- bug <bug>49957</bug> and deleted the contents of the work directory
- when Tomcat was shutdown. This fix ensures that that work directory for
- an application is not deleted when Tomcat is shutdown. (markt)
- </fix>
- <fix>
- Correct issues with JULI's OneLineFormatter including: correctly
- re-using formatted timestamps when possible; thread-safety issues in
- timestamp formatting; correcting the output of any milliseconds to
- include leading zeros and formatting any parameters present.
- (kkolinko/markt/rjung)
- </fix>
- <fix>
- <bug>51395</bug>: Fix memory leak triggered when an application that
- includes a SAXParserFactory is the first web application to be loaded.
- (markt)
- </fix>
- <fix>
- <bug>51396</bug>: Correctly handle jsp-file entries in web.xml when the
- JSP servlet has been configured via code when embedding Tomcat. (markt)
- </fix>
- <fix>
- <bug>51400</bug>: Avoid known bottleneck in JVM when converting between
- Strings and bytes by always providing a Charset rather than an encoding
- name. Based on a patch by Dave Engberg. (markt)
- </fix>
- <fix>
- <bug>51401</bug>: Correctly initialise shared WebRuleSet instance used
- by the digesters that parse web.xml and prevent incorrect warnings about
- multiple occurrences of elements that are only allowed to appear once in
- web.xml and web-fragment.xml. (kfujino)
- </fix>
- <add>
- <bug>51403</bug>: Avoid NPE in JULI FileHandler if formatter is
- misconfigured. (kkolinko)
- </add>
- <fix>
- Previous improvements in JAR scanning performance introduced a start-up
- performance penalty for some use cases. This fix addresses those
- performance penalties while retaining the original improvements. (markt)
- </fix>
- <add>
- <bug>51418</bug>: Provide more control over Context creation when
- embedding Tomcat. Based on a patch by Benson Margulies. (markt/kkolinko)
- </add>
- <fix>
- Remove redundant copy of catalina.properties from o.a.c.startup.
- Generate this copy for inclusion in bin and src jars during the
- ant "compile" task. (rjung)
- </fix>
- <fix>
- Use system properties loaded from catalina.properties via the class
- path in unit tests. (rjung)
- </fix>
- <update>
- Improve JMX unit test. (rjung)
- </update>
- <fix>
- Fix IllegalStateException for JavaScript files when switching from
- Writer to OutputStream. The special handling of this case in the
- DefaultServlet was broken due to a MIME type change for JavaScript.
- (funkman)
- </fix>
- <fix>
- Fix CVE-2011-2204. Prevent user passwords appearing in log files if a
- runtime exception (e.g. OOME) occurs while creating a new user for a
- MemoryUserDatabase via JMX. (markt)
- </fix>
- <fix>
- Fix an issue with the CrawlerSessionManagerValve that meant sessions
- were not always correctly tracked. (markt)
- </fix>
- <fix>
- <bug>51436</bug>: Send 100 (Continue) response earlier to enable
- ServletRequestListener implementations to read the request body. Based
- on a patch by Simon Olofsson. (markt)
- </fix>
- <fix>
- Ensure an access log entry is made if an error occurs during
- asynchronous request processing and the socket is immediately closed.
- (markt)
- </fix>
- <fix>
- Ensure that if asyncDispatch() is called during an onTimeout event and
- the target Servlet does not call startAsync() or complete() that Tomcat
- calls complete() once the target Servlet exits. (markt)
- </fix>
- <fix>
- Improve the handling for Servlets that implement the deprecated
- SingleThreadModel when embedding Tomcat. (markt)
- </fix>
- <fix>
- <bug>51445</bug>: Correctly initialise all instances of Servlets that
- implement SingleThreadModel. Based on a patch by Felix Schumacher.
- (markt)
- </fix>
- <fix>
- <bug>51453</bug>: Fix a regression in the preemptive authentication
- support (enhancement <bug>12428</bug>) that could trigger authentication
- even if preemptive authentication was disabled. (markt)
- </fix>
- <fix>
- Prevent possible NPE when serving Servlets that implement the
- SingleThreadModel interface. (markt)
- </fix>
- <fix>
- In launcher for embedded Tomcat: do not change <code>catalina.home</code>
- system property if it had a value. (kkolinko)
- </fix>
- <fix>
- When using Servlets that implement the SingleThreadModel interface, add
- the single instance created to the pool when it is determined that a
- pool of servlets is required rather than throwing it away. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Fix unit test for bindOnInit which was failing for APR on some
- platforms. (rjung)
- </fix>
- <fix>
- Remove superfluous quotes from thread names for connection pools.
- (rjung)
- </fix>
- <fix>
- Fix crash observed during pausing the connector when using APR.
- Only add socket to poller if we are sure we don't close it later.
- (rjung)
- </fix>
- <update>
- Various refactorings to reduce code duplication and unnecessary code in
- the connectors. (markt)
- </update>
- <fix>
- Correct a regression introduced in Apache Tomcat 7.0.11 that broke
- certificate revocation list handling. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <update>
- Improve the message printed by TldLocationsCache and add configuration
- example to the <code>logging.properties</code> file. (kkolinko)
- </update>
- <fix>
- <bug>33453</bug>: Recompile JSPs if last modified time of the source or
- any of its dependencies changes either forwards or backwards. Note that
- this introduces an incompatible change to the code generated for JSPs.
- Tomcat will automatically re-compile any JSPs and tag files found in the
- work directory when upgrading from 7.0.16 or earlier to 7.0.17 or later.
- If you later downgrade from 7.0.17 or later to 7.0.16 or earlier, you
- must empty the work directory as part of the downgrade process. (markt)
- </fix>
- <fix>
- <bug>36362</bug>: Handle the case where tag file attributes (which can
- use any valid XML name) have a name which is not a Java identifier.
- (markt/kkolinko)
- </fix>
- <add>
- Broaden the exception handling in the EL Parser so that more failures to
- parse an expression include the failed expression in the exception
- message. Hopefully, this will help track down the cause of
- <bug>51088</bug>. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- <bug>51306</bug>: Avoid NPE when handleSESSION_EXPIRED is processed
- while handleSESSION_CREATED is being processed. (kfujino)
- </fix>
- <fix>
- Notifications of changes in session ID to other nodes in the cluster
- should be controlled by notifySessionListenersOnReplication rather than
- notifyListenersOnReplication. (markt)
- </fix>
- <fix>
- The change in session ID is notified to the container event listener on
- the backup node in cluster.
- This notification is controlled by
- notifyContainerListenersOnReplication.(kfujino)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Update Maven repository information in the documentation to reflect
- current usage. (markt)
- </fix>
- <add>
- <bug>43538</bug>: Add host name and IP address to the HTML Manager
- application. Patch by Dennis Lundberg. (markt)
- </add>
- <fix>
- Add <code>session="false"</code> directive to the index page of the
- ROOT web application. (kkolinko)
- </fix>
- <fix>
- <bug>51443</bug>: Document the notifySessionListenersOnReplication
- attribute for the DeltaManager. (markt)
- </fix>
- <fix>
- <bug>51447</bug>: Viewing a back up session in the HTML Manager web
- application no longer changes the session to a primary session. Based on
- a patch provided by Eiji Takahashi. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- <bug>33262</bug>: Install monitor to auto-start for current user only
- rather than all users to be consistent with menu item creation. (markt)
- </fix>
- <add>
- <bug>40510</bug>: Provide an option to install shortcuts for the current
- user or all users. Also ensure registry is correctly cleaned on
- uninstall for 64-bit platforms. (markt)
- </add>
- <add>
- <bug>50949</bug>: Provide the ability to specify the AJP port and
- service name when installing Tomcat using the Windows installer. This
- permits multiple instances of the same Tomcat version to be installed
- side-by-side. (markt)
- </add>
- <update>
- Clean up shell and batch scripts (improve consistency,
- clarify comments, add <code>configtest</code> command support for
- Windows). (rjung)
- </update>
- <fix>
- <bug>51206</bug>: Make CATALINA_BASE visible for setenv.sh. (rjung)
- </fix>
- <update>
- Remove unnecessary variable BASEDIR from scripts. (rjung)
- </update>
- <fix>
- <bug>51425</bug>, <bug>51450</bug>: Update Spanish translations. Based
- on patches provided by Jesus Marin. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.16 (markt)" rtext="released 2011-06-17">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>51249</bug>: Further improve system property replacement code
- in ClassLoaderLogManager of Tomcat JULI to cover some corner cases.
- (kkolinko)
- </fix>
- <fix>
- <bug>51264</bug>: Improve the previous fix for this issue by returning
- the connection to the pool when not in use so it does not appear to be
- an abandoned connection. Patch provided by Felix Schumacher. (markt)
- </fix>
- <fix>
- <bug>51324</bug>: Improve handling of exceptions when flushing the
- response buffer to ensure that the doFlush flag does not get stuck in
- the enabled state. Patch provided by Jeremy Norris. (markt)
- </fix>
- <fix>
- Correct a regression in the fix for <bug>51278</bug> that prevented any
- web application from being marked as distributable. (kfujino/markt)
- </fix>
- <fix>
- Correct a regression in the fix for <bug>51278</bug> that prevented a
- web application from overriding the default welcome files. (markt)
- </fix>
- <fix>
- Enable remaining valves for Servlet 3 asynchronous processing support.
- (markt)
- </fix>
- <fix>
- Avoid possible NPE when logging requests received during embedded Tomcat
- shutdown. (markt)
- </fix>
- <fix>
- <bug>51340</bug>: Fix thread-safety issue when parsing multiple web.xml
- files in parallel. Apache Tomcat does not do this but products that
- embed it may. (markt)
- </fix>
- <fix>
- <bug>51344</bug>: Fix problem with Lifecycle re-factoring for deprecated
- embedded class that prevented events being triggered. (markt)
- </fix>
- <fix>
- <bug>51348</bug>: Prevent possible NPE when processing WebDAV locks.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- When parsing the port in the HTTP host header, restrict the value to be
- base 10 integer digits rather than hexadecimal ones.
- (rjung/markt/kkolinko)
- </fix>
- <update>
- Various refactorings to reduce code duplication and unnecessary code in
- the connectors. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <update>
- Change JAR scanning log messages where no TLDs are found to DEBUG level
- and replace the multiple messages with a single INFO level message that
- indicates that at least one JAR was scanned needlessly and how to obtain
- more info. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- Enable Servlet 3 asynchronous processing support when using clustering.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Correct the log4j configuration settings when defining conversion
- patterns in the documentation web application. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.15 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>27122</bug>: Remove a workaround for a very old and since fixed
- Mozilla bug and change the default value of the securePagesWithPragma
- attribute of the Authenticator Valves to false. These changes should
- reduce the likelihood of issues when downloading files with IE. (markt)
- </fix>
- <fix>
- <bug>35054</bug>: Check that a file is not specified for a Host's
- appBase and log an error if it is. (markt)
- </fix>
- <fix>
- <bug>51197</bug>: Fix possible dropped connection when sendError or
- sendRedirect are used during async processing. (markt)
- </fix>
- <fix>
- <bug>51221</bug>: Correct Spanish translation of text used in a 302
- response. Patch provided by Paco Soberón. (markt)
- </fix>
- <fix>
- <bug>51249</bug>: Correct ClassLoaderLogManager system property
- replacement code so properties of the form "}${...}" can be used
- without error. (markt)
- </fix>
- <fix>
- <bug>51264</bug>: Allow the JDBC persistent session store to use a
- JNDI datasource to define the database in which sessions are persisted.
- Patch provided by Felix Schumacher. (markt)
- </fix>
- <fix>
- <bug>51274</bug>: Add missing i18n strings in PersistentManagerBase.
- Patch provided by Eiji Takahashi. (markt)
- </fix>
- <fix>
- <bug>51276</bug>: Provide an abstraction for accessing content in JARs
- so the most efficient method can be selected depending on the type of
- URL used to identify the JAR. This improves startup time when JARs are
- located in $CATALINA_BASE/lib. (markt)
- </fix>
- <fix>
- <bug>51277</bug>: Improve error message if an application is deployed
- with an incomplete FORM authentication configuration. (markt)
- </fix>
- <fix>
- <bug>51278</bug>: Allow ServletContainerInitializers to override
- settings in the global default web.xml and the host web.xml. (markt)
- </fix>
- <fix>
- <bug>51310</bug>: When stopping the Server object on shutdown call
- destroy() after calling stop(). (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- <bug>51145</bug>: Add an AJP-NIO connector. (markt/rjung)
- </add>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <add>
- <bug>51220</bug>: Add a system property to enable tag pooling with JSPs
- that use a custom base class. Based on a patch by Dan Mikusa. (markt)
- </add>
- <add>
- Include a comment header in generated java files that indicates when the
- file was generated and which version of Tomcat generated it. (markt)
- </add>
- <fix>
- <bug>51240</bug>: Ensure that maxConnections limit is enforced when
- multiple acceptor threads are configured. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- <bug>51230</bug>: Add missing attributes to JMX for ReplicationValve and
- JvmRouteBinderValve. Patch provided by Eiji Takahashi. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <add>
- Add documentation for AJP-NIO connector. (markt/rjung)
- </add>
- <fix>
- <bug>51182</bug>: Document JAAS supported added in <bug>51119</bug>.
- Patch provided by Neil Laurance. (markt)
- </fix>
- <fix>
- <bug>51225</bug>: Fix broken documentation links for non-English locales
- in the HTML Manager application. Patch provided by Eiji Takahashi.
- (markt)
- </fix>
- <fix>
- <bug>51229</bug>: Fix bugs in the Servlet 3.0 asynchronous examples.
- Patch provided by Eiji Takahashi. (markt)
- </fix>
- <fix>
- <bug>51251</bug>: Add web application version support to the Ant tasks.
- Based on a patch provided by Eiji Takahashi. (markt)
- </fix>
- <fix>
- <bug>51294</bug>: Clarify behaviour of unpackWAR attribute of
- StandardContext components. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- <bug>46451</bug>: Configure svn:bugtraq properties for Tomcat trunk.
- Based on a patch provided by Marc Guillemot. (markt)
- </fix>
- <fix>
- <bug>51309</bug>: Correct logic in catalina.sh stop when using a PID
- file to ensure the correct message is shown. Patch provided by Caio
- Cezar. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.14 (markt)" rtext="released 2011-05-12">
- <subsection name="Catalina">
- <changelog>
- <update>
- Stylistic improvements to MIME type sync script.
- Based on a patch provided by Felix Schumacher. (rjung)
- </update>
- <fix>
- Ensure that the SSLValve provides the SSL key size as an Integer rather
- than a String. (markt)
- </fix>
- <fix>
- Ensure that the RemoteIpValve works correctly with Servlet 3.0
- asynchronous requests. (markt)
- </fix>
- <fix>
- Use safe equality test when determining event type in the
- MapperListener. (markt)
- </fix>
- <fix>
- Use correct class loader when loading Servlet classes in
- StandardWrapper. (markt)
- </fix>
- <add>
- Provide additional configuration options for the RemoteIpValve and
- RemoteIpFilter to allow greater control over the values returned by
- ServletRequest#getServerPort() and ServletRequest#getLocalPort() when
- Tomcat is behind a reverse proxy. (markt)
- </add>
- <fix>
- Ensure session cookie paths end in <code>/</code> so that session
- cookies created for a context with a path of <code>/foo</code> do not
- get returned with requests mapped to a context with a path of
- <code>/foobar</code>. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>51177</bug>: Ensure Tomcat's MapElResolver always returns
- <code>Object.class</code> for <code>getType()</code> as required by the
- EL specification. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.13 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Correct mix-up in Realm Javadoc. (markt)
- </fix>
- <fix>
- Fix display of response headers in AccessLogValve. (kkolinko)
- </fix>
- <update>
- Implement display of multiple request headers in AccessLogValve:
- print not just the value of the first header, but of the all of them,
- separated by commas. (kkolinko)
- </update>
- <add>
- <bug>50306</bug>: New StuckThreadDetectionValve to detect requests that
- take a long time to process, which might indicate that their processing
- threads are stuck. Based on a patch provided by TomLu. (slaurent)
- </add>
- <fix>
- <bug>51038</bug>: Ensure that asynchronous requests are included in
- access logs. (markt)
- </fix>
- <fix>
- <bug>51042</bug>: Don't trigger session creation listeners when a
- session ID is changed as part of the authentication process. (markt)
- </fix>
- <fix>
- <bug>51050</bug>: Add additional common but non-standard file extension
- to MIME type mappings for MPEG 4 files. Based on a patch by Cédrik Lime.
- (markt)
- </fix>
- <add>
- Add some additional common JARs that do not contain TLDs or web
- fragments to the list of JARs to skip when scanning for TLDs and web
- fragments. (markt)
- </add>
- <fix>
- While scanning JARs for TLDs and fragments, avoid using JarFile and use
- JarInputStream as in most circumstances where JARs are scanned, JarFile
- will create a temporary copy of the JAR rather than using the resource
- directly. This change significantly improves startup performance for
- applications with lots of JARs to be scanned. (markt)
- </fix>
- <fix>
- Ensure response is committed when <code>AsyncContext#complete()</code>
- is called. (markt)
- </fix>
- <add>
- Add a container event that is fired when a session's ID is changed,
- e.g. on authentication. (markt)
- </add>
- <fix>
- <bug>51099</bug>: Correctly implement non-default login configurations
- (configured via the loginConfigName attribute) for the the SPNEGO
- authenticator. (fhanik/markt)
- </fix>
- <add>
- <bug>51119</bug>: Add JAAS authentication support to the
- JMXRemoteLifecycleListener. Patch provided by Neil Laurance. (markt)
- </add>
- <add>
- <bug>51136</bug>: Provide methods that enable the name of a Context on
- Context creation when using Tomcat in an embedded scenario. Based on a
- patch provided by David Calavera. (markt)
- </add>
- <fix>
- <bug>51137</bug>: Add additional Microsoft Office MIME type mappings.
- (rjung)
- </fix>
- <add>
- Partial sync of MIME type mapping with mime.types from the Apache web
- server. About 600 MIME types added, some changed. (rjung)
- </add>
- <fix>
- Make access logging more robust when logging requests that generate 400
- responses since the request object is unlikely to be fully/correctly
- populated in that case. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>50957</bug>: Fix regression in HTTP BIO connector that triggered
- errors when processing pipe-lined requests. (markt)
- </fix>
- <fix>
- <bug>50158</bug>: Ensure the asynchronous requests never timeout if the
- timeout is set to zero or less. Based on a patch provided by Chris.
- (markt)
- </fix>
- <fix>
- <bug>51073</bug>: Throw an exception and do not start the APR connector
- if it is configured for SSL and an invalid value is provided for
- SSLProtocol. (markt)
- </fix>
- <fix>
- Align all the connector implementations with the documented default
- setting for processorCache of 200. This changes the default from -1
- (unlimited) for the AJP-BIO, AJP-APR and HTTP-APR connectors. Additional
- information was also added to the documentation on how to select an
- appropriate value.
- </fix>
- <fix>
- Take account of time spent waiting for a processing thread when
- calculating connection and keep-alive timeouts for the HTTP BIO
- connector. (markt)
- </fix>
- <fix>
- <bug>51095</bug>: Don't trigger a NullPointerException when the SSL
- handshake fails with the HTTP-APR connector. Patch provided by Mike
- Glazer. (markt)
- </fix>
- <fix>
- Improve handling in AJP connectors of the case where too large a AJP
- packet is received. (markt)
- </fix>
- <fix>
- Restore the automatic disabling of HTTP keep-alive with the BIO
- connector once 75% of the processing threads are in use and make the
- threshold configurable. (markt)
- </fix>
- <fix>
- Make pollerSize and maxConnections synonyms for the APR connectors since
- they perform the same function. (markt)
- </fix>
- <fix>
- Use maxThreads rather than 10000 as the default maxConnections for the
- BIO connectors. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>47371</bug>: Correctly coerce the empty string to zero when used as
- an operand in EL arithmetic. Patch provided by gbt. (markt)
- </fix>
- <add>
- Label JSP/tag file line and column numbers when reporting errors since
- it may not be immediately obvious what the numbers represent. (markt)
- </add>
- <fix>
- Correct a regression in the fix for <bug>49916</bug> that resulted in
- JSPs being compiled twice rather than just once. (markt)
- </fix>
- <add>
- Log JARs that are scanned for TLDs where no TLD is found so that users
- can easily identify JARs that can be added to the list of JARs to skip.
- (markt)
- </add>
- <update>
- Use a single TLD location cache for a web application rather than one
- per JSP compilation to speed up JSP compilation. (markt)
- </update>
- <add>
- <bug>51124</bug>: Refactor BodyContentImpl to assist in determining the
- root cause of this bug. Based on a patch by Ramiro. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- <bug>50950</bug>: Correct possible NotSerializableException for an
- authenticated session when running with a security manager. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <update>
- Configure Security Manager How-To to include a copy of the actual
- conf/catalina.policy file when the documentation is built, rather
- than maintaining a copy of its content. (kkolinko)
- </update>
- <fix>
- Fix broken stylesheet URL in XML based manager status output. (rjung)
- </fix>
- <fix>
- <bug>51156</bug>: Ensure session expiration option is available in
- Manager application was running web applications that were defined in
- server.xml. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Clarify error messages in *.sh files to mention that if a script is
- not found it might be because execute permission is needed. (kkolinko)
- </update>
- <update>
- Update commons pool to 1.5.6. (markt)
- </update>
- <fix>
- <bug>51135</bug>: Fix auto-detection of JAVA_HOME for 64-bit Windows
- platforms that only have a 32-bit JVM installed. (markt)
- </fix>
- <fix>
- <bug>51154</bug>: Remove duplicate @deprecated tags in ServletContext
- Javadoc. Patch provided by sebb. (markt)
- </fix>
- <fix>
- <bug>51155</bug>: Add comments to @deprecated tags that have none. Patch
- provided by sebb. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.12 (markt)" rtext="released 2011-04-06">
- <subsection name="Catalina">
- <changelog>
- <add>
- Automatically correct invalid paths when specified for Context elements
- inside server.xml and log a warning that the configuration has been
- corrected. (markt)
- </add>
- <fix>
- Don't unpack WAR files if they are not located in the Host's
- appBase. (markt)
- </fix>
- <fix>
- Don't log to standard out in SSLValve. (markt)
- </fix>
- <fix>
- Handle the case where a web crawler provides an invalid session ID in
- the CrawlerSessionManagerValve. (markt)
- </fix>
- <update>
- Update pattern used in CrawlerSessionManagerValve to that used by the
- ASF infrastructure team. (markt)
- </update>
- <fix>
- Remove unnecessary whitespace from MIME mapping entries in global
- web.xml file. (markt)
- </fix>
- <fix>
- When using parallel deployment, correctly handle the scenario when the
- client sends multiple JSESSIONID cookies. (markt)
- </fix>
- <add>
- <bug>12428</bug>: Add support (disabled by default) for preemptive
- authentication. This can be configured per context. Based on a patch
- suggested by Werner Donn. (markt)
- </add>
- <fix>
- <bug>50929</bug>: When wrapping an exception, include the root cause.
- Patch provided by sebb. (markt)
- </fix>
- <fix>
- Make the CSRF nonce cache serializable so that it can be replicated
- across a cluster and/or persisted across Tomcat restarts. (markt)
- </fix>
- <update>
- Resolve some refactoring TODOs in the implementation of the new Context
- attribute "swallowAbortedUploads". (markt)
- </update>
- <fix>
- Include the seed time when calculating the time taken to create
- SecureRandom instances for session ID generation, report excessive times
- (greater than 100ms) at INFO level and provide a value for the message
- key so a meaningful message appears in the logs. (markt)
- </fix>
- <fix>
- Don't register Contexts that fail to start with the Mapper. (markt)
- </fix>
- <add>
- <bug>48685</bug>: Add initial support for SPNEGO/Kerberos authentication
- also referred to as integrated Windows authentication. This includes
- user authentication, authorisation via the directory using the
- user's delegated credentials and exposing the user's delegated
- credentials via a request attribute so applications can make use of them
- to impersonate the current user when accessing third-party systems that
- use a compatible authentication mechanism. Based on a patch provided by
- Michael Osipov. (markt)
- </add>
- <fix>
- HTTP range requests cannot be reliably served when a Writer is in use so
- prevent the DefaultServlet from attempting to do so. (kkolinko)
- </fix>
- <fix>
- Protect the DefaultServlet from Valves, Filters and Wrappers that write
- content to the response. Prevent partial responses to partial GET
- requests in this case since the range cannot be reliably determined.
- Also prevent the DefaultServlet from setting a content length header
- since this too cannot be reliably determined. (markt)
- </fix>
- <fix>
- <bug>50991</bug>: Fix regression in fix for <bug>25060</bug> that called
- close on a JNDI resource while it was still available to the
- application. (markt)
- </fix>
- <add>
- Provide a configuration option that lets the close method to be used for
- a JNDI Resource to be defined by the user. This change also disables
- using the close method unless one is explicitly defined for the
- resource and limits it to singleton resources. (markt)
- </add>
- <fix>
- Correctly track changes to context.xml files and trigger redeployment
- when copyXML is set to false. (markt)
- </fix>
- <fix>
- <bug>50997</bug>: Relax the requirement that directories must have a
- name ending in <code>.jar</code> to be treated as an expanded JAR file
- by the default JarScanner. Based on patch by Rodion Zhitomirsky. (markt)
- </fix>
- <fix>
- Don't append the jvmRoute to a session ID if the jvmRoute is a zero
- length string. (markt)
- </fix>
- <fix>
- Don't register non-singelton DataSource resources with JMX. (markt)
- </fix>
- <add>
- Provide additional configuration options for the DIGEST authenticator.
- (markt)
- </add>
- <fix>
- Provide a workaround for Tomcat hanging during shutdown when running the
- unit tests. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- <bug>50887</bug>: Add support for configuring the JSSE provider used to
- convert client certificates. Based on a patch by pknopp. (markt)
- </add>
- <fix>
- <bug>50903</bug>: When a connector is stopped, ensure that requests that
- are currently in a keep-alive state and waiting for client data are not
- processed. Requests where processing has started will continue to
- completion. (markt)
- </fix>
- <fix>
- <bug>50927</bug>: Improve error message when SSLCertificateFile is not
- specified when using APR with SSL. Based on a patch provided by sebb.
- (markt)
- </fix>
- <fix>
- <bug>50928</bug>: Don't ignore keyPass attribute for HTTP BIO and
- NIO connectors. Based on a patch provided by sebb. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- Securely seed the SecureRandom instance used for UUID generation and
- report excessive creation time (greater than 100ms) at INFO level.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>50924</bug>: Clean-up HTTP connector comparison table. (markt)
- </fix>
- <add>
- Slightly expanded the documentation of the Host element to clarify the
- relationship between host name and DNS name. (markt)
- </add>
- <fix>
- <bug>50925</bug>: Update SSL how-to to take account of
- <code>keyPass</code> connector attribute. (markt)
- </fix>
- <update>
- Improve Tomcat Logging documentation. (kkolinko)
- </update>
- <fix>
- Align the authenticator documentation and MBean descriptors with the
- implementation. (markt)
- </fix>
- <fix>
- Prevent the custom error pages for the Manager and Host Manager
- applications from being accessed directly. (markt)
- </fix>
- <fix>
- <bug>50984</bug>: When using the Manager application ensure that
- undeployment fails if a file cannot be deleted. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update Eclipse JDT complier to 3.6.2. (markt)
- </update>
- <update>
- Update WSDL4J library to 1.6.2 (used by JSR 109 support in the extras
- package). (markt)
- </update>
- <update>
- Update optional CheckStyle library to 5.3. (markt)
- </update>
- <fix>
- <bug>50911</bug>: Reduce noise generated during the build of the Windows
- installer so warnings are more obvious. Patch provided by sebb. (markt)
- </fix>
- <fix>
- Further work to reduce compiler and validation warnings across the code
- base. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.11 (markt)" rtext="released 2011-03-11">
- <subsection name="Catalina">
- <changelog>
- <fix>
- CVE-2011-1088: Completed fix. Don't ignore @ServletSecurity
- annotations. (markt)
- </fix>
- <add>
- <bug>25060</bug>: Close Apache Commons DBCP datasources when the
- associated JNDI naming context is stopped (e.g. for a non-global
- DataSource resource on web application reload) to close remaining
- database connections immediately rather than waiting for garbage
- collection. (markt)
- </add>
- <add>
- <bug>26701</bug>: Provide a mechanism for users to register their own
- <code>URLStreamHandlerFactory</code> objects. (markt)
- </add>
- <fix>
- <bug>50855</bug>: Fix NPE on HttpServletRequest.logout() when debug
- logging is enabled. (markt)
- </fix>
- <add>
- New context attribute "swallowAbortedUploads" allows
- to make request data swallowing configurable for requests
- that are too large. (rjung)
- </add>
- <fix>
- <bug>50854</bug>: Add additional permissions required by the Manager
- application when running under a security Manager and support a shared
- Manager installation when $CATALINA_HOME != CATALINA_BASE. (markt)
- </fix>
- <fix>
- <bug>50893</bug>: Add additional information to the download README for
- the extras components. (markt)
- </fix>
- <fix>
- Calling <code>stop()</code> and then <code>destroy()</code> on a
- connector incorrectly triggered an exception. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- <bug>48208</bug>: Allow the configuration of a custom trust manager for
- use in CLIENT-CERT authentication. (markt)
- </add>
- <fix>
- Fix issues that prevented asynchronous servlets from working when used
- with the HTTP APR connector on platforms that support TCP_DEFER_ACCEPT.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- Correct possible threading issue in JSP compilation when development
- mode is used. (markt)
- </fix>
- <fix>
- <bug>50895</bug>: Don't initialize classes created during the
- compilation stage. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.10 (markt)" rtext="released 2011-03-08">
- <subsection name="Catalina">
- <changelog>
- <fix>
- CVE-2011-1088: Partial fix. Don't ignore @ServletSecurity
- annotations. (markt)
- </fix>
- <fix>
- <bug>27988</bug>: Improve reporting of missing files. (markt)
- </fix>
- <fix>
- <bug>28852</bug>: Add URL encoding where missing to parameters in URLs
- presented by Ant tasks to the Manager application. Based on a patch by
- Stephane Bailliez. (markt)
- </fix>
- <fix>
- Improve handling of SSL renegotiation by failing earlier when the
- request body contains more bytes than maxSavePostSize. (markt)
- </fix>
- <fix>
- Improve shut down speed by not renewing threads during shut down when
- the <code>ThreadLocalLeakPreventionListener</code> is enabled. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- <bug>49284</bug>: Add SSL re-negotiation support to the HTTP NIO
- connector and extend test cases to cover CLIENT-CERT authentication.
- (fhanik/markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.9 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <add>
- <bug>19444</bug>: Add an option to the JNDI realm to allow role searches
- to be performed by the authenticated user. (markt)
- </add>
- <add>
- <bug>21669</bug>: Add the ability to specify the roleBase for the JNDI
- Realm as relative to the users DN. Based on a patch by Art W. (markt)
- </add>
- <add>
- <bug>22405</bug>: Add a new Lifecycle listener,
- <code>org.apache.catalina.security.SecurityListener</code> that prevents
- Tomcat from starting insecurely. It requires that Tomcat is not started
- as root and that a umask at least as restrictive as 0007 is used. This
- new listener is not enabled by default.
- (markt)
- </add>
- <fix>
- <bug>48863</bug>: Better logging when specifying an invalid directory
- for a class loader. Based on a patch by Ralf Hauser. (markt/kkolinko)
- </fix>
- <fix>
- <bug>48870</bug>: Refactor to remove use of parallel arrays. (markt)
- </fix>
- <add>
- Enhance the RemoteIpFilter and RemoteIpValve so that the modified remote
- address, remote host, protocol and server port may be used in an access
- log if desired. (markt)
- </add>
- <fix>
- Restore access to Environments, Resources and ResourceLinks via JMX
- which was lost in early 7.0.x re-factoring. (markt)
- </fix>
- <update>
- Remove ServerLifecycleListener. This was already removed from server.xml
- and with the Lifecycle re-factoring is no longer required. (markt)
- </update>
- <add>
- Add additional checks to ensure that sub-classes of
- <code>org.apache.catalina.util.LifecycleBase</code> correctly implement
- the expected state transitions. (markt)
- </add>
- <fix>
- <bug>50189</bug>: Once the application has finished writing to the
- response, prevent further reads from the request since this causes
- various problems in the connectors which do not expect this. (markt)
- </fix>
- <fix>
- <bug>50700</bug>: Ensure that the override attribute of context
- parameters is correctly followed. (markt)
- </fix>
- <fix>
- <bug>50721</bug>: Correctly handle URL decoding where the URL ends in
- %nn. Patch provided by Christof Marti. (markt)
- </fix>
- <add>
- <bug>50737</bug>: Add additional information when an invalid WAR file is
- detected. (markt)
- </add>
- <fix>
- <bug>50748</bug>: Allow the content length header to be set up to the
- point the response is committed when a writer is being used. (markt)
- </fix>
- <fix>
- <bug>50751</bug>: When authenticating with the JNDI Realm, only attempt
- to read user attributes from the directory if attributes are required.
- (markt)
- </fix>
- <fix>
- <bug>50752</bug>: Fix typo in debug message in deprecated Embedded
- class. (markt)
- </fix>
- <fix>
- <bug>50789</bug>: Provide an option to enable ServletRequestListeners
- for forwards as required by some CDI frameworks. (markt)
- </fix>
- <fix>
- <bug>50793</bug>: When processing Servlet 3.0 async requests, ensure
- that the requestInitialized and requestDestroyed events are only fired
- once per request at the correct times. (markt)
- </fix>
- <fix>
- <bug>50802</bug>: Ensure that
- <code>ServletContext.getResourcePaths()</code> includes static resources
- packaged in JAR files in its output. (markt)
- </fix>
- <add>
- Web crawlers can trigger the creation of many thousands of sessions as
- they crawl a site which may result in significant memory consumption.
- The new Crawler Session Manager Valve ensures that crawlers are
- associated with a single session - just like normal users - regardless
- of whether or not they provide a session token with their requests.
- (markt)
- </add>
- <fix>
- Don't attempt to start NamingResources for Contexts multiple times.
- (markt)
- </fix>
- <fix>
- <bug>50826</bug>: Avoid <code>IllegalArgumentException</code> if an
- embedded Tomcat instance that includes at least one Context is destroyed
- without ever being started. (markt)
- </fix>
- <fix>
- Ensure a web application is taken out of service if the web.xml file is
- not valid. (kkolinko/markt)
- </fix>
- <fix>
- Ensure Servlet 2.2 jspFile elements are correctly converted to use a
- leading '/' if missing. (markt)
- </fix>
- <fix>
- <bug>50836</bug>: Better documentation of the meaning of
- <code>Lifecycle.isAvailable()</code> and correct a couple of cases where
- this could incorrectly return true. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>50780</bug>: Fix memory leak in APR implementation of AJP
- connector introduced by the refactoring for <bug>49884</bug>. (markt)
- </fix>
- <fix>
- If server configuration errors and/or faulty applications caused the
- ulimit for open files to be reached, the acceptor threads for all
- connectors could enter a tight loop. This loop consumed CPU and also
- logged an error message for every iteration of the loop which lead to
- large log files being generated. The acceptors have been enhanced to
- better handle this situation. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>50720</bug>: Ensure that the use of non-ISO-8859-1 character sets
- for web.xml does not trigger an error when Jasper parses the web.xml
- file. (markt)
- </fix>
- <fix>
- <bug>50726</bug>: Ensure that the use of the genStringAsCharArray does
- not result in String constants that are too long for valid Java code.
- (markt)
- </fix>
- <fix>
- <bug>50790</bug>: Improve method resolution in EL expressions. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- <bug>50771</bug>: Ensure HttpServletRequest#getAuthType() returns the
- name of the authentication scheme if request has already been
- authenticated. (kfujino)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>50713</bug>: Remove roles command from the Manager application.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Tribes">
- <changelog>
- <fix>
- <rev>1068549</rev> <bug>50667</bug>: Allow RPC callers to get
- confirmation when sending a reply. (fhanik)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- <bug>50743</bug>: Cache CheckStyle results between builds to speed up
- validation. Patch provided by Oliver. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.8 (markt)" rtext="released 2011-02-05">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Fix NPE in CoyoteAdapter when postParseRequest() call fails. (kkolinko)
- </fix>
- <fix>
- <bug>50709</bug>: Make <code>ApplicationContextFacade</code> non-final to
- enable extension. (markt)
- </fix>
- <fix>
- When running under a security manager, user requests may fail with a
- security exception. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Reduce level of log message for invalid URL parameters from WARNING to
- INFO. (markt)
- </fix>
- <fix>
- Fix hanging Servlet 3 asynchronous requests when using the APR based AJP
- connector. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Align server.xml installed by the Windows installer with the one
- bundled in zip/tar.gz files. The differences are LockOutRealm being
- used and AccessLogValve being enabled by default. (kkolinko)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.7 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>18462</bug>: Don't merge <code>stdout</code> and
- <code>stderr</code> internally so users retain the option to treat them
- separately. (markt)
- </fix>
- <add>
- <bug>18797</bug>: Provide protection against <code>null</code> or zero
- length names being provided for users, roles and groups in the
- <code>MemoryRealm</code> and <code>UserDatabaseRealm</code>. (markt)
- </add>
- <update>
- Improve fix for <bug>50205</bug> to trigger an error earlier if invalid
- configuration is used. (markt)
- </update>
- <add>
- Provide additional control over component class loaders, primarily for
- use when embedding. (markt)
- </add>
- <fix>
- Fix NPE in RemoteAddrFilter, RemoteHostFilter. (kkolinko)
- </fix>
- <fix>
- <bug>49711</bug>: HttpServletRequest#getParts will work in a filter
- or servlet without an @MultipartConfig annotation or
- MultipartConfigElement if the new "allowCasualMultipartParsing"
- context attribute is set to "true". (schultz)
- </fix>
- <fix>
- <bug>49978</bug>: Correct another instance where deployment incorrectly
- failed if a directory in the work area already existed. (markt)
- </fix>
- <fix>
- <bug>50582</bug>: Refactor access logging so chunked encoding is not
- forced for all requests if bytes sent is logged. (markt)
- </fix>
- <fix>
- <bug>50597</bug>: Don't instantiate a new instance of a Filter if
- an instance was provided via the
- <code>ServletContext.addFilter(String, Filter)</code> method. Patch
- provided by Ismael Juma. (markt)
- </fix>
- <fix>
- <bug>50598</bug>: Correct URL for Manager text interface. (markt)
- </fix>
- <fix>
- <bug>50620</bug>: Stop exceptions that occur during
- <code>Session.endAccess()</code> from preventing the normal completion
- of <code>Request.recycle()</code>. (markt)
- </fix>
- <fix>
- <bug>50629</bug>: Make <code>StandardContext.bindThread()</code> and
- <code>StandardContext.unbindThread()</code> protected to allow use by
- sub-classes. (markt)
- </fix>
- <update>
- Use getName() instead of logName() in error messages in StandardContext.
- (kkolinko)
- </update>
- <fix>
- <bug>50642</bug>: Move the <code>sun.net.www.http.HttpClient</code>
- keep-alive thread memory leak protection from the
- JreMemoryLeakPreventionListener to the WebappClassLoader since the
- thread that triggers the memory leak is created on demand. (markt)
- </fix>
- <fix>
- <bug>50673</bug>: Improve Catalina shutdown when running as a service.
- Do not call System.exit(). (kkolinko)
- </fix>
- <fix>
- <bug>50683</bug>: Ensure annotations are scanned when
- <code>unpackWARs</code> is set to <code>false</code> in the Host
- where a web application is deployed. (markt)
- </fix>
- <fix>
- Improve HTTP specification compliance in support of
- <code>Accept-Language</code> header. (kkolinko)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Prevent possible thread exhaustion if a Comet timeout event takes a
- while to complete. (markt)
- </fix>
- <fix>
- Prvent multiple Comet END events if the CometServlet calls
- <code>event.close()</code> during an END event. (markt)
- </fix>
- <fix>
- <bug>50325</bug>: When the JVM indicates support for RFC 5746, disable
- Tomcat's <code>allowUnsafeLegacyRenegotiation</code> configuration
- attribute and use the JVM configuration to control renegotiation.
- (markt)
- </fix>
- <fix>
- <bug>50405</bug>: Fix occassional NPE when using NIO connector and
- Comet. (markt)
- </fix>
- <fix>
- Ensure correct recycling of NIO input filters when processing Comet
- events. (markt)
- </fix>
- <fix>
- <bug>50627</bug>: Correct interaction of NIO socket and Poller when
- processing Comet events. (markt)
- </fix>
- <fix>
- Correct interaction of APR socket and Poller when processing Comet
- events. (markt)
- </fix>
- <fix>
- <bug>50631</bug>: InternalNioInputBuffer should honor
- <code>maxHttpHeadSize</code>. (kkolinko)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- Improve special case handling of
- <code>javax.servlet.jsp.el.ScopedAttributeELResolver</code> in
- <code>javax.el.CompositeELResolver</code> to handle sub-classes. (markt)
- </fix>
- <update>
- <bug>15688</bug>: Use fully-qualified class names in generated jsp files
- to avoid naming conflicts with user imports. (markt)
- </update>
- <fix>
- <bug>46819</bug>: Remove redundant object instantiations in
- JspRuntimeLibrary. Patch provided by Anthony Whitford. (markt)
- </fix>
- <update>
- Improve error message when EL identifiers are not valid Java identifiers
- and use i18n for the error message. (markt)
- </update>
- <fix>
- <bug>50680</bug>: Prevent an NPE when using tag files from an exploded
- JAR file, e.g. from within an IDE. Patch provided by Larry Isaacs.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- <bug>50591</bug>: Fix NPE in ReplicationValve. (kkolinko)
- </fix>
- <add>
- Internationalise the log messages for the FarmWarDeployer. (markt)
- </add>
- <fix>
- <bug>50600</bug>: Prevent a <code>ConcurrentModificationException</code>
- when removing a WAR file via the FarmWarDeployer. (markt)
- </fix>
- <fix>
- Be consistent with locks on sessionCreationTiming,
- sessionExpirationTiming in DeltaManager.resetStatistics(). (kkolinko)
- </fix>
- <fix>
- <bug>50648</bug>: Correctly set the interrupt status if a thread using
- <code>RpcChannel</code> is interrupted waiting for a message reply.
- Based on a patch by Olivier Costet. (markt)
- </fix>
- <fix>
- <bug>50646</bug>: Ensure larger Tribes messages are fully read. Patch
- provided by Olivier Costet. (markt)
- </fix>
- <fix>
- <bug>50679</bug>: Update the FarmWarDeployer to support parallel
- deployment. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>22278</bug>: Add a commented out <code>RemoteAddrValve</code> that
- limits access to the Manager and Host Manager applications to localhost.
- Based on a patch by Yann Cébron. (markt)
- </fix>
- <fix>
- Correct a handful of Javadoc warnings. (markt)
- </fix>
- <add>
- Provide additional detail about how web application version order is
- determined when using parallel deployment. (markt)
- </add>
- <fix>
- Correct the documentation for the recoveryCount count attribute of the
- the default cluster membership. (markt)
- </fix>
- <fix>
- <bug>50441</bug>: Clarify when it is valid to set the docBase attribute
- in a Context element. (markt)
- </fix>
- <fix>
- <bug>50526</bug>: Provide additional documetation on configuring
- JavaMail resources. (markt)
- </fix>
- <fix>
- <bug>50599</bug>: Use correct names of roles required to access the
- Manager application. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Extend the Checkstyle tests to check for license headers. (markt)
- </add>
- <fix>
- Modify the build script so a release build always rebuilds the
- dependencies to ensure that the correct Tomcat version appears in the
- manifest. (markt)
- </fix>
- <fix>
- Code clean-up to remove unused code and reduce IDE warnings. (markt)
- </fix>
- <fix>
- <bug>50601</bug>: Code clean-up. Patch provided by sebb. (markt)
- </fix>
- <fix>
- <bug>50606</bug>: Improve CGIServlet: Provide support for specifying
- empty value for the <code>executable</code> init-param. Provide support
- for explicit additional arguments for the executable. Those were
- broken when implementing fix for bug <bug>49657</bug>. (kkolinko)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.6 (markt)" rtext="released 2011-01-14">
- <subsection name="General">
- <changelog>
- <update>
- Update to Commons Daemon 1.0.5. (mturk)
- </update>
- </changelog>
- </subsection>
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>8705</bug>: <code>org.apache.catalina.SessionListener</code> now
- extends <code>java.util.EventListener</code>. (markt)
- </fix>
- <add>
- <bug>10526</bug>: Add an option to the <code>Authenticator</code>s to
- force the creation of a session on authentication which may offer some
- performance benefits. (markt)
- </add>
- <update>
- <bug>10972</bug>: Improve error message if the className attribute is
- missing on an element in server.xml where it is required. (markt)
- </update>
- <update>
- <bug>48692</bug>: Provide option to parse
- <code>application/x-www-form-urlencoded</code> PUT requests. (schultz)
- </update>
- <update>
- <bug>48822</bug>: Include context name in case of error while stopping
- or starting a context during its reload. Patch provided by Marc
- Guillemot. (slaurent)
- </update>
- <add>
- <bug>48837</bug>: Extend thread local memory leak detection to include
- classes loaded by subordinate class loaders to the web
- application's class loader such as the Jasper class loader. Based
- on a patch by Sylvain Laurent. (markt)
- </add>
- <add>
- <bug>48973</bug>: Avoid creating a SESSIONS.ser file when stopping an
- application if there's no session. Patch provided by Marc Guillemot.
- (slaurent)
- </add>
- <fix>
- <bug>49000</bug>: No longer accept specification invalid name only
- cookies by default. This behaviour can be restored using a system
- property. (markt)
- </fix>
- <add>
- <bug>49159</bug>: Improve memory leak protection by renewing threads of
- the pool when a web application is stopped. (slaurent)
- </add>
- <fix>
- <bug>49372</bug>: Re-fix after connector re-factoring. If connector
- initialisation fails (e.g. if a port is alreasy in use) do not trigger
- an <code>LifecycleException</code> for an invalid state transition.
- (markt)
- </fix>
- <fix>
- <bug>49543</bug>: Allow Tomcat to use shared data sources with per
- application credentials. (fhanik)
- </fix>
- <fix>
- <bug>49650</bug>: Remove unnecessary entries package.access property
- defined in catalina.properties. Patch provided by Owen Farrell. (markt)
- </fix>
- <fix>
- <bug>50106</bug>: Correct several MBean descriptors. Patch provided by
- Eiji Takahashi. (markt)
- </fix>
- <update>
- Further performance improvements to session ID generation. Remove legacy
- configuration options that are no longer required. Provide additional
- options to control the <code>SecureRandom</code> instances used to
- generate session IDs. (markt)
- </update>
- <fix>
- <bug>50201</bug>: Update the access log reference in
- <code>StandardEngine</code> when the ROOT web application is redeployed,
- started, stopped or defaultHost is changed. (markt/kkolinko)
- </fix>
- <add>
- <bug>50282</bug>: Load
- <code>javax.security.auth.login.Configuration</code> with
- <code>JreMemoryLeakPreventionListener</code> to avoid memory leak when
- stopping a web application that would use JAAS. (slaurent)
- </add>
- <fix>
- <bug>50351</bug>: Fix the regression that broke BeanFactory resources
- caused by the previous fix for <bug>50159</bug>. (markt)
- </fix>
- <fix>
- <bug>50352</bug>: Ensure that <code>AsyncListener.onComplete()</code> is
- fired when <code>AsyncContext.complete()</code> is called. (markt)
- </fix>
- <fix>
- <bug>50358</bug>: Set the correct LifecycleState when stopping instances
- of the deprecated Embedded class. (markt)
- </fix>
- <fix>
- Further Lifecycle refactoring for Connectors and associated components.
- (markt)
- </fix>
- <fix>
- Correct handling of versioned web applications in deployer. (markt)
- </fix>
- <fix>
- Correct removal of <code>LifeCycleListener</code>s from
- <code>Container</code>s via JMX. (markt)
- </fix>
- <fix>
- Don't use <code>null</code>s to construct log messages. (markt)
- </fix>
- <fix>
- Code clean-up. Replace use of inefficient constructors with more
- efficient alternatives. (markt)
- </fix>
- <fix>
- <bug>50411</bug>: Ensure sessions are removed from the
- <code>Store</code> associated with a <code>PersistentManager</code>.
- (markt)
- </fix>
- <fix>
- <bug>50413</bug>: Ensure 304 responses are not returned when using
- static files as error pages. (markt/kkolinko)
- </fix>
- <fix>
- <bug>50448</bug>: Fix possible <code>IllegalStateException</code>
- caused by recent session management refactoring. (markt)
- </fix>
- <fix>
- Ensure aliases settings for a context are retained after a context is
- reloaded. (markt)
- </fix>
- <fix>
- Log a warning if context.xml files define values for properties that do
- not exist (e.g. if there is a typo in a property name). (markt)
- </fix>
- <fix>
- <bug>50453</bug>: Correctly handle multiple <code>X-Forwarded-For</code>
- headers in the RemoteIpFilter and RemoteIpValve. Patch provided by Jim
- Riggs. (markt)
- </fix>
- <add>
- <bug>50541</bug>: Add support for setting the size limit and time limit
- for LDAP seaches when using the JNDI Realm with <code>userSearch</code>.
- (markt)
- </add>
- <update>
- All configuration options that use regular expression now require a
- single regular expression (using <code>java.util.regex</code>) rather
- than a list of comma-separated or semi-colon-separated expressions.
- (markt)
- </update>
- <fix>
- <bug>50496</bug>: Bytes sent in the access log are now counted after
- compression, chunking etc rather than before. (markt)
- </fix>
- <fix>
- <bug>50550</bug>: When a new directory is created (e.g. via WebDAV)
- ensure that a subsequent request for that directory does not result in a
- 404 response. (markt)
- </fix>
- <fix>
- <bug>50554</bug>: Code clean up. (markt)
- </fix>
- <add>
- <bug>50556</bug>: Improve JreMemoryLeakPreventionListener to prevent
- a potential class loader leak caused by a thread spawned when the class
- <code>com.sun.jndi.ldap.LdapPoolManager</code> is initialized and the
- system property <code>com.sun.jndi.ldap.connect.pool.timeout</code> is
- set to a value greater than 0. (slaurent)
- </add>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>47319</bug>: Return the client's IP address rather than null
- for calls to <code>getRemoteHost()</code> when the APR connector is
- used with <code>enableLookups="true"</code> but the IP address
- is not resolveable. (markt)
- </fix>
- <add>
- <bug>50108</bug>: Add get/set methods for Connector property
- minSpareThreads. Patch provided by Eiji Takahashi. (markt)
- </add>
- <fix>
- <bug>50360</bug>: Provide an option to control when the socket
- associated with a connector is bound. By default, the socket is bound on
- <code>Connector.init()</code> and released on
- <code>Connector.destroy()</code> as per the current behaviour but this
- can be changed so that the socket is bound on
- <code>Connector.start()</code> and released on
- <code>Connector.stop()</code>. This fix also includes further Lifecycle
- refactoring for Connectors and associated components. (markt)
- </fix>
- <fix>
- Remove a huge memory leak in the NIO connector introduced by the fix
- for <bug>49884</bug>. (markt)
- </fix>
- <fix>
- <bug>50467</bug>: Protected against NPE triggered by a race condition
- that causes the NIO poller to fail, preventing the processing of further
- requests. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <add>
- <bug>13731</bug>: Make variables in <code>_jspService()</code> method
- final where possible. (markt)
- </add>
- <fix>
- <bug>50408</bug>: Fix <code>NoSuchMethodException</code> when using
- scoped variables with EL method invocation. (markt)
- </fix>
- <fix>
- <bug>50460</bug>: Avoid a memory leak caused by using a cached exception
- instance in <code>JspDocumentParser</code> and
- <code>ProxyDirContext</code>. (kkolinko)
- </fix>
- <fix>
- <bug>50500</bug>: Use correct coercions (as per the EL spec) for
- arithmetic operations involving string values containing '.',
- 'e' or 'E'. Based on a patch by Brian Weisleder.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <add>
- <bug>50185</bug>: Add additional trace level logging to Tribes to assist
- with fault diagnosis. Based on a patch by Ariel. (markt)
- </add>
- <fix>
- Don't try and obtain session data from the cluster if the current
- node is the only node in the cluster. Log requesting session data as
- INFO rather than WARNING. (markt)
- </fix>
- <fix>
- <bug>50503</bug>: When web application has a version, Engine level
- Clustering works correctly. (kfujino)
- </fix>
- <fix>
- <bug>50547</bug>: Add time stamp for CHANGE_SESSION_ID message and
- SESSION_EXPIRED message. (kfujino)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>21157</bug>: Ensure cookies are written before the response is
- commited in the Cookie example. Patch provided by Stefan Radzom. (markt)
- </fix>
- <add>
- <bug>50294</bug>: Add more information to documentation regarding format
- of configuration files. Patch provided by Luke Meyer. (markt)
- </add>
- <fix>
- Correctly validate provided context path so sessions for the ROOT web
- application can be viewed through the HTML Manager. (markt)
- </fix>
- <update>
- Improve documentation of database connection factory. (rjung)
- </update>
- <fix>
- <bug>50488</bug>: Update classpath required when using jsvc and add a
- note regarding server VMs. (markt)
- </fix>
- <fix>
- Further filtering of Manager display output. (kkolinko)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Don't configure Windows installer to use PID file since it is not
- removed when the service stops which prevents the service from starting.
- (markt)
- </fix>
- <fix>
- <bug>14416</bug>: Make <code>TagLibraryInfo.getTag()</code> more robust
- at handling <code>null</code>s. (markt)
- </fix>
- <fix>
- <bug>50552</bug>: Avoid NPE that hides error message when using Ant
- tasks. (schultz)
- </fix>
- <add>
- Provide two alternative locations for the libraries downloaded from
- the ASF web site at build time. Use the main distribution site as
- default and the archive one as fallback. (kkolinko)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.5 (markt)" rtext="beta, 2010-12-01">
- <subsection name="General">
- <changelog>
- <update>
- Update to Commons Daemon 1.0.4. (mturk)
- </update>
- </changelog>
- </subsection>
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>3839</bug>: Provide a mechanism to gracefully handle the case where
- users book-mark the form login page or otherwise misuse the FORM
- authentication process. Based on a suggestion by Mark Morris. (markt)
- </fix>
- <fix>
- <bug>49180</bug>: Add option to disable log rotation in
- juli FileHandler. Patch provided by Pid (pidster at apache). (funkman)
- </fix>
- <fix>
- <bug>49991</bug>: Ensure servlet request listeners are fired for
- the login and error pages during FORM authentication. (markt)
- </fix>
- <fix>
- <bug>50107</bug>: When removing a Host via JMX, do not attempt to
- destroy the host's pipeline twice. Patch provided by Eiji
- Takahashi. (markt)
- </fix>
- <fix>
- <bug>50138</bug>: Fix threading issues in
- <code>org.apache.catalina.security.SecurityUtil</code>. (markt)
- </fix>
- <fix>
- <bug>50157</bug>: Ensure MapperListener is only added to a container
- object once. (markt)
- </fix>
- <fix>
- <bug>50159</bug>: Add a new attribute for <code><Resource></code>
- elements, <code>singleton</code>, that controls whether or not a new
- object is created every time a JNDI lookup is performed to obtain the
- resource. The default value is <code>true</code>, which will return the
- same instance of the resource in every JNDI lookup. (markt)
- </fix>
- <fix>
- <bug>50168</bug>: Separate the <code>Lifecycle.DESTROY_EVENT</code> into
- <code>Lifecycle.BEFORE_DESTROY_EVENT</code> and
- <code>Lifecycle.AFTER_DESTROY_EVENT</code>. Use the additional state to
- ensure that <code>Context</code> objects are only destroyed once.
- (markt)
- </fix>
- <fix>
- <bug>50169</bug>: Ensure that when a Container is started that it
- doesn't try and register with the mapper unless its parent has
- already started. Patch provided by Eiji Takahashi. (markt)
- </fix>
- <add>
- <bug>50222</bug>: Modify memory leak prevention code so it pins the
- system class loader in memory rather than than the common class loader,
- which is better for embedded systems. Patch provided by Christopher
- Schultz. (markt)
- </add>
- <add>
- Improve debug logging for MapperListener registration. (markt)
- </add>
- <add>
- Expose names of LifecycleListeners and ContainerListeners for
- StandardContext via JMX. (markt)
- </add>
- <add>
- Add a new option, <code>resourceOnlyServlets</code>, to Context elements
- that provides a mechanism for working around the issues caused by new
- requirements for welcome file mapping introduced in Servlet 3.0. By
- default, the existing Tomcat 6.0.x welcome file handling is used.
- (markt)
- </add>
- <fix>
- Make Tomcat more tolerant of <code>null</code> when generating JMX names
- for Valves. (markt)
- </fix>
- <fix>
- Make AccessLogValve attribute <code>enabled</code> changeable via JMX.
- (pero)
- </fix>
- <fix>
- Correct infinite loop if <code>ServletRequest.startAsync(ServletRequest,
- ServletResponse)</code> was called. (markt)
- </fix>
- <fix>
- <bug>50232</bug>: Remove dependency between StoreBase and
- PersistentManager and associated code clean-up. Patch provided by
- Tiago Batista. (markt)
- </fix>
- <fix>
- <bug>50252</bug>: Prevent ClassCastException when using a
- <ResourceLink>. Patch provided by Eiji Takahashi. (markt)
- </fix>
- <add>
- Reduce synchronization in session managers to improve performance of
- session creation. (markt)
- </add>
- <fix>
- If starting children automatically when adding them to a container (e.g.
- when adding a Context to a Host) don't lock the parent's set
- of children whilst the new child is being started since this can block
- other threads and cause issues such as lost cluster messages. (markt)
- </fix>
- <add>
- Implement support for parallel deployment. This allows multiple versions
- of the same web application to be deployed to the same context path at
- the same time. Users without a current session will be mapped to the
- latest version of the web application. Users with a current session will
- continue to use the version of the web application with which the
- session is associated until the session expires. (markt)
- </add>
- <fix>
- <bug>50308</bug>: Allow asynchronous request processing to call
- <code>AsyncContext.dispatch()</code> once the asynchronous request has
- timed out. (markt)
- </fix>
- <add>
- Make memory leak prevention code that clears ThreadLocal instances more
- robust against objects with toString() methods that throw exceptions.
- (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>49860</bug>: Complete support for handling trailing headers in
- chunked HTTP requests. (markt)
- </fix>
- <add>
- Impose a limit on the length of the trailing headers. The limit
- is configurable with a system property and is <code>8192</code>
- by default. (kkolinko)
- </add>
- <fix>
- <bug>50207</bug>: Ensure Comet timeout events are triggered. This bug
- was a regression triggered by the fix for <bug>49884</bug>. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>49297</bug>: Enforce the rules in the JSP specification for parsing
- the attributes of custom and standard actions that require that
- the attribute names are unique within an element and that there is
- whitespace before the attribute name. The whitespace test can be
- disabled by setting the system property
- <code>org.apache.jasper.compiler.Parser.STRICT_WHITESPACE</code> to
- <code>false</code>. Attributes of the page directive have slightly
- different rules. The implementation of that part of the fix is based on
- a patch by genspring. (markt)
- </fix>
- <fix>
- <bug>50105</bug>: When processing composite EL expressions use
- <code>Enum.name()</code> rather than <code>Enum.toString()</code> as
- required by the EL specification. (markt)
- </fix>
- <fix>
- Fix minor thread-safety and performance issues in the implementation
- of <code>maxLoadedJsps</code>. (rjung)
- </fix>
- <add>
- Add support for unloading JSPs that have not been requested for a
- long time using the new parameter <code>jspIdleTimeout</code>. (rjung)
- </add>
- <add>
- Add logging and JMX support to JSP unloading. (rjung)
- </add>
- <fix>
- <bug>50192</bug>: Improve performance for EL when running under a
- security manager. Based on a patch by Robert Goff. (markt)
- </fix>
- <fix>
- <bug>50228</bug>: Improve recycling of <code>BodyContentImpl</code>.
- This avoids keeping a cached reference to a webapp-provided Writer
- used in JspFragment.invoke() calls. (kkolinko)
- </fix>
- <add>
- <bug>50273</bug>: Provide a workaround for an HP-UX issue that can
- result in large numbers of SEVERE log messages appearing in the logs as
- a result of normal operation. (markt)
- </add>
- <fix>
- <bug>50293</bug>: Increase the size of internal ELResolver array from 2
- to 8 since in typical usage there are at least 5 resolvers. Based on a
- patch by Robert Goff. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- Add support for maxActiveSessions attribute to BackupManager. (kfujino)
- </fix>
- <fix>
- Improve sending an access message in DeltaManager.
- maxInactiveInterval of not Manager but the session is used.
- If maxInactiveInterval is negative, an access message is not sending.
- (kfujino)
- </fix>
- <fix>
- <bug>50183</bug>: BIO sender was not scheduling tasks to the executor
- during normal operation. Patch provided by Ariel. (markt)
- </fix>
- <fix>
- <bug>50184</bug>: Add an option to the RpcChannel to enable the Channel
- send options to be set for the reply message. Based on a patch by Ariel.
- (markt)
- </fix>
- <fix>
- Ensure that a new Context waiting for session data from other nodes in
- the cluster does not block the processing of clustering messages for
- other Contexts. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>49426</bug>: Localize messages in the Manager application based on
- the Locale of the user rather than the default Locale of the server.
- (markt)
- </fix>
- <fix>
- Localize messages in the Host Manager application based on the Locale of
- the user rather than the default Locale of the server. (markt)
- </fix>
- <add>
- <bug>50242</bug>: Provide a sample log4j configuration that more
- closely matches the default JULI configuration. Patch provided by
- Christopher Schultz. (markt)
- </add>
- <add>
- Restore the ability to edit the contents of /WEB-INF and /META-INF via
- WebDAV via the provision of a new configuration option,
- allowSpecialPaths. (markt)
- </add>
- <fix>
- Correct broken links for on-line JavaDocs. (markt)
- </fix>
- <fix>
- <bug>50230</bug>: Add new DistributedManager interface that is
- implemented by the Backup Manager to remove circular dependency between
- tomcat-catalina-ha and tomcat-catalina modules. Also allows third-party
- distributed Manager implementations to report full session information
- through the HTML Manager. (markt)
- </fix>
- <update>
- Improve Tomcat Logging documentation. (kkolinko)
- </update>
- <fix>
- <bug>50303</bug>: Update JNDI how-to to reflect the new JavaMail
- download location and that JAF is now included in Java SE 6. (markt)
- </fix>
- <fix>
- Fix ordering functionality on sessions page for the HTML Manager
- application. (markt)
- </fix>
- <fix>
- Fix primary sessions not always being treated as such in the HTML
- Manager application. (markt)
- </fix>
- <fix>
- Fix message not being displayed after session attribute removal in the
- HTML Manager application. (markt)
- </fix>
- <fix>
- <bug>50310</bug>: Fix display of Servlet information in the Manager
- application. (markt)
- </fix>
- <fix>
- CVE-2010-4172: Multiple XSS in the Manager application. (markt/kkolinko)
- </fix>
- <fix>
- <bug>50316</bug>: Fix display of negative values in the Manager
- application. (kkolinko)
- </fix>
- <fix>
- <bug>50318</bug>: Avoid NPE when trying to view session detail for an
- expired session in the Manager application. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Correct a handful of Javadoc warnings. (markt)
- </fix>
- <fix>
- <bug>22965</bug>: Fix some typos and formatting issues in the global
- web.xml file. Based on a patch by Yann Cébron. (markt)
- </fix>
- <add>
- Extend Checkstyle validation checks to check for unused imports. (markt)
- </add>
- <fix>
- General code clean-up to reduce (not eliminate) the number of warnings
- reported by IDEs. (markt)
- </fix>
- <fix>
- <bug>50140</bug>: Don't ignore a user specified installation
- directory when performing a silent install with the Windows installer on
- 64-bit platforms. (markt)
- </fix>
- <update>
- Reimplemented Windows installer dialogs, using modern libraries
- (nsDialogs, MUI2). (kkolinko)
- </update>
- <add>
- When installing with the Windows installer on 64-bit platforms, allow
- the user to select either a 32-bit JDK or a 64-bit JDK. If a 32-bit JDK
- is selected, the 32-bit service wrapper and the 32-bit native DLL will
- be installed. If a 64-bit JDK is selected, the 64-bit service wrapper
- and the 64-bit native DLL will be installed. (markt/kkolinko)
- </add>
- <add>
- Create Windows shortcuts for the Manager and Host Manager webapps.
- (kkolinko)
- </add>
- <add>
- Support /? command line option in the Windows Installer. (kkolinko)
- </add>
- <add>
- Display and allow to change roles for the Tomcat admin user in the
- Windows installer. (kkolinko)
- </add>
- <fix>
- In the Windows installer: do not leave stale <code>server.xml</code>
- and <code>tomcat-users.xml</code> fragments in the $TEMP folder.
- (kkolinko)
- </fix>
- <update>
- <bug>49819</bug>: Redesign of home page by Pid (pidster at apache).
- (timw)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.4 (markt)" rtext="beta, 2010-10-21">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>49428</bug>: Re-implement the fix for bug <bug>49428</bug> –
- namespace issues for some Microsoft WebDAV clients. (kkolinko)
- </fix>
- <fix>
- <bug>49669</bug>: Fix memory leak triggered by using the deprecated
- javax.security.auth.Policy class. (markt)
- </fix>
- <fix>
- <bug>49922</bug>: Don't add filter twice to filter chain if the
- filter matches more than one URL pattern and/or Servlet name. Patch
- provided by heyoulin. (markt)
- </fix>
- <fix>
- <bug>49937</bug>: Use an InstanceManager when creating an AsyncListener
- through the AsyncContext to ensure annotations are processed. Based on a
- patch by David Jencks. (markt)
- </fix>
- <fix>
- To avoid NoSuchMethodException, xmlValidation and xmlNamespaceAware are
- removed from the createStandardHost definition
- of mbeans-descriptors.xml. (kfujino)
- </fix>
- <fix>
- <bug>49945</bug>: Continue improvements to JMX. Fix a handful of
- attributes that were showing as Unavailable in JConsole. Patch provided
- by Chamith Buddhika. (markt)
- </fix>
- <fix>
- <bug>49952</bug>: Allow ServletContainerInitializers to add listeners to
- a web application. Patch provided by David Jencks. (markt)
- </fix>
- <fix>
- <bug>49956</bug>: Handle case when @Resource annotation uses the full
- JNDI name for a resource. Based on a patch by Gurkan Erdogdu. (markt)
- </fix>
- <fix>
- <bug>49557</bug>: Correct regression due to Lifecycle refactoring that
- cleared all work directories (with compiled JSPs and persisted sessions)
- when Tomcat was stopped. (markt)
- </fix>
- <fix>
- <bug>49978</bug>: Correctly handle the case when a directory expected
- to be created during web application start is already present. Rather
- than throwing an exception and failing to start, allow the web
- application to start normally. (markt)
- </fix>
- <fix>
- <bug>49987</bug>: Fix thread safety issue with population of servlet
- context initialization parameters. (markt)
- </fix>
- <fix>
- <bug>49994</bug>: As per the Java EE 6 specification, return a new
- object instance for each JNDI look up of a resource reference. (markt)
- </fix>
- <fix>
- <bug>50015</bug>: Re-factor dynamic servlet security implementation to
- make extensions, such as JACC implementations, simpler. Patch provided
- by David Jencks. (markt)
- </fix>
- <fix>
- <bug>50016</bug>: Re-factor <code>isUserInRole()</code> and
- <code>login()/logout()</code> methods to support JACC implementations
- and to improve encapsulation. Patch provided by David Jencks. (markt)
- </fix>
- <update>
- <bug>50017</bug>: Code clean-up. No functional change. Patch provided by
- sebb. (markt)
- </update>
- <fix>
- <bug>50027</bug>: Avoid NPE on start when a Context is defined in
- server.xml with one or more JNDI resources. (markt)
- </fix>
- <fix>
- <bug>50059</bug>: JARs should always be searched for static resources
- even if the web application is marked as meta-data complete. (markt)
- </fix>
- <fix>
- <bug>50063</bug>: Correct regression in fix for <bug>50059</bug> that
- causes applications marked as meta-data complete to return 404s for all
- requests. Patch provided by heyoulin. (markt)
- </fix>
- <fix>
- <bug>50087</bug>: Catch ClassFormatErrors when scanning for annotations.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>49923</bug>: Avoid using negative timeouts during acceptor unlock
- to ensure APR connector shuts down properly. (mturk)
- </fix>
- <fix>
- <bug>49972</bug>: Fix potential thread safe issue when formatting dates
- for use in HTTP headers. (markt)
- </fix>
- <fix>
- <bug>50003</bug>: Set not maxThreads but minSpareThreads to
- corePoolSize, if AbstractEndpoint.setMinSpareThreads is called.
- (kfujino)
- </fix>
- <fix>
- <bug>50044</bug>: Fix issue when using comet where socket remained in
- long poll after the comet request has ended. (markt)
- </fix>
- <fix>
- <bug>50054</bug>: Correctly handle the setting of minSpareThreads in
- AJP connector. (kfujino)
- </fix>
- <fix>
- <bug>50072</bug>: Fix issues when using a non-blocking read for the
- request line with the NIO connector that could result in the request
- line being mis-read. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>49986</bug>: Fix thread safety issue for JSP reload. (timw)
- </fix>
- <fix>
- <bug>49998</bug>: Make jsp:root detection work with single quoted
- attributes as well. (timw)
- </fix>
- <fix>
- Correctly handle the setting of primitive bean values via expression
- language. (markt)
- </fix>
- <fix>
- Don't swallow exceptions when processing TLD files and handle the
- case when there is no web.xml file. (markt)
- </fix>
- <fix>
- <bug>50066</bug>: Fix building of recursive tag files when the file
- depends on a JAR file. Patch provided by Sylvain Laurent. (markt)
- </fix>
- <fix>
- <bug>50078</bug>: Fix threading problem in EL caches. Patch provided by
- Takayoshi Kimura. (markt)
- </fix>
- <add>
- Make EL cache sizes configurable. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Apply filters to default home page so copyright year is correctly
- displayed. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- <bug>48716</bug>: Do not call reset if the default LogManager is in use.
- (markt)
- </update>
- <fix>
- <bug>50013</bug>: Correctly package classes from
- <code>org.apache.tomcat.util.file</code> and add the tomcat-util.jar to
- the class path for the Ant tasks. Based on a patch provided by
- Sylvain Laurent. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.3 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>48644</bug>: Review all instances of catching Throwable and
- re-throw where appropriate. (markt)
- </fix>
- <update>
- Allow glob patterns in the <code>jarsToSkip</code> configuration and add
- some debug logging to the jar scanner. (rjung)
- </update>
- <fix>
- <bug>48738</bug>: Workaround a couple of long standing JDK bugs to
- enable GZIP compressed output streams to be flushed. Based on a patch
- provided by Jiong Wang. (markt)
- </fix>
- <update>
- <bug>48967</bug>: Replace strings "catalina.base" and "catalina.home"
- by globally defined constants. Patch provided by Marc Guillemot. (rjung)
- </update>
- <fix>
- <bug>49195</bug>: Don't report an error when shutting down a Windows
- service for a Tomcat instance that has a disabled shutdown port. (markt)
- </fix>
- <fix>
- <bug>49209</bug>: Prevent possible AccessControlException during
- undeployment when running with a security manager. Patch provided by
- Sylvain Laurent. (markt)
- </fix>
- <fix>
- <bug>49657</bug>: Handle CGI executables with spaces in the path.
- (markt)
- </fix>
- <fix>
- <bug>49667</bug>: Ensure that using the JDBC driver memory leak
- prevention code does not cause a one of the memory leaks it is meant to
- avoid. (markt)
- </fix>
- <fix>
- <bug>49670</bug>: Restore SSO functionality that was broken by Lifecycle
- refactoring. (markt)
- </fix>
- <fix>
- <bug>49698</bug>: Allow a listener to complete an asynchronous request
- if it times out. (markt)
- </fix>
- <fix>
- <bug>49714</bug>: The annotation process of Jar doesn't influence
- distributable element of web.xml. (kfujino)
- </fix>
- <fix>
- <bug>49721</bug>: Alls JAR in a web application should be searched for
- resources, not just those with a web-fragment.xml that is going to be
- processed. (markt)
- </fix>
- <fix>
- <bug>49728</bug>: Improve PID file handling when another process is
- managing the PID file and Tomcat does not have write access. (markt)
- </fix>
- <fix>
- <bug>49730</bug>: Fix a race condition in StandardThreadExector that can
- cause requests to experience large delays. Patch provided by Sylvain
- Laurent. (markt)
- </fix>
- <fix>
- <bug>49749</bug>: Single sign on cookies should have httpOnly flag set
- using same rules as session cookies. (markt)
- </fix>
- <fix>
- <bug>49750</bug>: Align <code>WebappClassLoader.validate()</code>
- implementation with Javadoc and ensure that <code>javax.servlet.*</code>
- classes can not be loaded by a <code>WebappClassLoader</code> instance.
- Patch provided by pid. (markt)
- </fix>
- <fix>
- <bug>49757</bug>: Correct some generics warnings. Based on a patch
- provided by Gábor. (markt)
- </fix>
- <fix>
- <bug>49779</bug>: Improve handling of POST requests and FORM
- authentication, particularly when the user agent responds to the 302
- response by repeating the POST request including a request body. Any
- request body provided at this point is now swallowed. (markt)
- </fix>
- <fix>
- CSRF prevention filter did not correctly handle URLs that used anchors.
- (markt)
- </fix>
- <fix>
- Fix memory leak on web application stopped caused by failed to
- de-register the web application's Servlets with the MBean server.
- (markt)
- </fix>
- <update>
- More tweaks to the Lifecycle refactoring to ensure that when a component
- is being destroyed, the destroy method is only called once on each
- child component. (markt)
- </update>
- <fix>
- Keep the MBean names for web applications consistent between Tomcat 6
- and Tomcat 7. (markt)
- </fix>
- <fix>
- <bug>49856</bug>: Add an executorName attribute to Connectors so it is
- possible to trace ThreadPool to Connector to Executor via the JMX
- interface. (markt)
- </fix>
- <fix>
- <bug>49865</bug>: Tomcat failed to start if catalina.properties was not
- present. (markt)
- </fix>
- <fix>
- <bug>49876</bug>: Fix the generics warnings in the copied Apache Jakarta
- BCEL code. Based on a patch by Gábor. (markt)
- </fix>
- <fix>
- <bug>49883</bug>: Ensure that the CombinedRealm and LockOutRealm return
- a name for use in log messages rather than throwing an
- <code>UnsupportedOperationException</code>. (markt)
- </fix>
- <fix>
- <bug>49884</bug>: Fix occassional NullPointerException on async
- complete(). This resulted in a major refactoring of the async
- implementation to address a number of threading issues. (markt)
- </fix>
- <fix>
- Update the version numbers in ServerInfo defaults to Tomcat 7.0.x.
- (markt)
- </fix>
- <fix>
- <bug>49892</bug>: Correct JNDI name for method resource injections.
- Based on a patch by Gurkan Erdogdu. (markt)
- </fix>
- <fix>
- Ensure that Context elements defined in server.xml use any configClass
- setting specified in the parent Host element. (markt)
- </fix>
- <fix>
- GSOC 2010. Enable the creation of Services, Engines, Connectors, Hosts
- and Contexts via JMX from a minimal server.xml that contains only a
- Server element. Based on a patch by Chamith Buddhika. (markt)
- </fix>
- <fix>
- <bug>49909</bug>: Fix a regression introduced with the fix for
- <bug>47950</bug> that prevented JSTL classes being loaded. (markt)
- </fix>
- <fix>
- <bug>49915</bug>: Make error more obvious, particularly when accessed
- via JConsole, if StandardServer.storeConfig() is called when there is
- no StoreConfig implementation present. (markt)
- </fix>
- <fix>
- <bug>50018</bug>: Fix some minor Javadoc errors in Jasper source.
- Based on a patch by sebb. (timw)
- </fix>
- <fix>
- <bug>50021</bug>: Correct a regression in the fix for <bug>46844</bug>
- that may have caused additional problems during a failure at start up.
- (markt)
- </fix>
- <fix>
- <bug>50026</bug>: Prevent serving of resources from WEB-INF and
- META-INF directories when DefaultServlet or WebdavServlet is mapped
- to a sub-path of the context. This changes DefaultServlet to always
- serve resources with paths relative to the root of the context
- regardless of where it is mapped, which is a breaking change for
- current servlet-mappings that map the default servlet to a subpath.
- (timw)
- </fix>
- <fix>
- <bug>50689</bug>: Provide 100 Continue responses at appropriate points
- during FORM authentication if client indicates that they are expected.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <update>
- Wait for the connectors to exit before closing them down. (mturk)
- </update>
- <add>
- Follow up to <bug>48545</bug>. Make JSSE connectors more tolerant of a
- incorrect trust store password. (markt)
- </add>
- <fix>
- Fix some edge cases in the NIO connector when handling requests that are
- not received all at the same time and the socket needs to be returned to
- the poller. (markt)
- </fix>
- <update>
- Further work to reduce the code duplication in the HTTP connectors.
- (markt)
- </update>
- <fix>
- Make sure acceptor threads are stopped when the connector is stopped.
- (markt)
- </fix>
- <fix>
- Make sure async timeout thread is stopped when the connector is stopped.
- (markt)
- </fix>
- <fix>
- <bug>49625</bug>: Ensure Vary header is set if response may be
- compressed rather than only setting it if it is compressed. (markt)
- </fix>
- <fix>
- <bug>49802</bug>: Re-factor connector pause, stop and destroy methods so
- that calling any of those methods has the expected results. (markt)
- </fix>
- <update>
- Various refactorings to reduce code duplication and unnecessary code in
- the connectors. (markt)
- </update>
- <fix>
- <bug>49860</bug>: Add partial support for trailing headers in chunked
- HTTP requests. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>49665</bug>: Provide better information including JSP file name and
- location when a missing file is detected during TLD handling. Patch
- provided by Ted Leung. (markt)
- </fix>
- <fix>
- <bug>49726</bug>: Specifying a default content type via a JSP property
- group should not prevent a page from setting some other content type.
- (markt)
- </fix>
- <fix>
- <bug>49799</bug>: The new <code>omit</code> attribute for
- <code>jsp:attribute</code> elements now supports the use of expressions
- and expression language. (markt)
- </fix>
- <fix>
- <bug>49916</bug>: Switch to using an initialisation parameter to pass
- JSP file information from Catalina to Jasper. This simplifies the
- Catalina code as well as making it easier for Geronimo and others to
- integrate Jasper. Patch provided by David Jencks. (markt)
- </fix>
- <fix>
- <bug>49985</bug>: Fix thread safety issue in EL parser. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- Remove domainReplication attribute from ClusterManager.
- If you send session to only same domain, use DomainFilterInterceptor.
- (kfujino)
- </fix>
- <fix>
- Add Null check when CHANGE_SESSION_ID message received. (kfujino)
- </fix>
- <fix>
- Add support for LAST_ACCESS_AT_START system property to DeltaSession.
- (kfujino)
- </fix>
- <fix>
- Avoid a NPE in the DeltaManager when a parallel request invalidates the
- session before the current request has a chance to send the replication
- message. (markt)
- </fix>
- <fix>
- <bug>49905</bug>: Prevent memory leak when using asynchronous session
- replication. (markt)
- </fix>
- <fix>
- <bug>49924</bug>: When non-primary node changes into a primary node,
- make sure isPrimarySession is changed to true. (kfujino)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Correct the class name of the default JAR scanner in the documentation
- web application. (rjung)
- </fix>
- <fix>
- <bug>49585</bug>: Update JSVC documentation to reflect new packaging
- of Commons Daemon. (markt)
- </fix>
- <update>
- Update the Servlet, JSP and EL Javadoc links to link to the
- specifications and the relevant part of the Java EE 6 Javadoc. (markt)
- </update>
- <fix>
- Update a few places in the docs where the Manager documentation referred
- to the old role name of manager rather than than the new manager-script.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Extras">
- <changelog>
- <fix>
- <bug>49861</bug>: Don't log RMI ports formatted with commas for the
- JMX remote listener. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Correct the user names created by the Windows installer for the Manager
- and Host Manager applications. (mturk)
- </fix>
- <fix>
- Correct the Eclipse compiler dependency in the Jasper POM. (markt)
- </fix>
- <add>
- Extend Checkstyle validation checks to check import order. (markt)
- </add>
- <fix>
- <bug>49758</bug>: Fix generics warnings exposed by a fix in Eclipse 3.6.
- Patch provided by sebb. (markt)
- </fix>
- <update>
- Update commons pool to 1.5.5. (markt)
- </update>
- <update>
- <bug>49955</bug>: Improvement and correction of Building Tomcat guide.
- Based on a patch from Wesley Acheson. (timw)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.2 (markt)" rtext="beta, 2010-08-11">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Fix regression that prevented running with a security manager enabled.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Correct Javadoc errors. (markt)
- </fix>
- <add>
- Provide Javadoc for Servlet 3.0 API, JSP 2.2 API and EL 2.2 API.
- (markt)
- </add>
- <fix>
- Remove second copy of RUNNING.txt from the full-docs distribution. Some
- unpacking utilities can't handle multiple copies of a file with the same
- name in a directory. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Extend Checkstyle validation checks to check for tabs in nearly all text
- files. (markt)
- </add>
- <update>
- Update Commons Daemon from 1.0.2 to 1.0.3.(markt)
- </update>
- <update>
- Update Eclipse JDT Core Batch Compiler (ecj.jar) from 3.5.1 to 3.6.
- (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.1 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <fix>
- GSOC 2010. Continue work to align MBean descriptors with reality. Patch
- provided by Chamith Buddhika. (markt)
- </fix>
- <fix>
- When running under a security manager, enforce package access and
- package definition restrictions defined in the catalina.properties file.
- (markt)
- </fix>
- <fix>
- When using a Loader configured with
- <code>searchExternalFirst="true"</code> failure to find the
- class in an external repository should not prevent searching of the
- local repositories. (markt)
- </fix>
- <add>
- Add entryPoint support to the CSRF prevention filter. (markt)
- </add>
- <fix>
- <bug>48297</bug>: Correctly initialise handler chain for web services
- resources. (markt)
- </fix>
- <add>
- <bug>48960</bug>: Add a new option to the SSI Servlet and SSI Filter to
- allow the disabling of the <code>exec</code> command. This is now
- disabled by default. Based on a patch by Yair Lenga. (markt)
- </add>
- <add>
- <bug>48998</bug>, <bug>49617</bug>: Add the ExpiresFilter, a port of the
- httpd mod_expires module. Patch provided by Cyrille Le Clerc. (markt)
- </add>
- <fix>
- <bug>49030</bug>: When initializing/starting/stopping connectors and
- one of them fails, do not ignore the others. (markt/kkolinko)
- </fix>
- <fix>
- <bug>49128</bug>: Don't swallow exceptions unnecessarily in
- <code>WebappClassLoader.start()</code>. (markt)
- </fix>
- <fix>
- <bug>49182</bug>: Align comments in setclasspath.[sh|bat] with
- behaviour. Based on a patch provided by sebb. (markt)
- </fix>
- <fix>
- <bug>49230</bug>: Enhance JRE leak prevention listener with protection
- for the keep-alive thread started by
- <code>sun.net.www.http.HttpClient</code>. Based on a patch provided by
- Rob Kooper. (markt)
- </fix>
- <fix>
- <bug>49414</bug>: When reporting threads that may have triggered a
- memory leak on web application stop, attempt to differentiate between
- request processing threads and threads started by the application.
- (markt)
- </fix>
- <fix>
- <bug>49428</bug>: Add a work-around for the known namespace issues for
- some Microsoft WebDAV clients. Patch provided by Panagiotis Astithas.
- (markt)
- </fix>
- <add>
- Add support for <code>*.jar</code> pattern in VirtualWebappLoader.
- (kkolinko)
- </add>
- <add>
- Use a LockOutRealm in the default configuration to prevent attempts to
- guess user passwords by brute-force. (markt)
- </add>
- <add>
- <bug>49478</bug>: Add support for user specified character sets to the
- <code>AddDefaultCharsetFilter</code>. Based on a patch by Felix
- Schumacher. (markt)
- </add>
- <fix>
- <bug>49503</bug>: Make sure connectors bind to their associated ports
- sufficiently early to allow jsvc and the
- org.apache.catalina.startup.EXIT_ON_INIT_FAILURE system property to
- operate correctly. (markt)
- </fix>
- <fix>
- <bug>49525</bug>: Ensure cookies for the ROOT context have a path of /
- rather than an empty string. (markt)
- </fix>
- <fix>
- <bug>49528</bug>, <bug>49567</bug>: Ensure that
- <code>AsyncContext.isAsyncStarted()</code> returns the correct value
- after <code>AsyncContext.start()</code> and that if
- <code>AsyncContext.complete()</code> is called on a separate thread that
- it is handled correctly. (markt)
- </fix>
- <fix>
- <bug>49530</bug>: Contexts and Servlets not stopped when Tomcat is shut
- down. (markt)
- </fix>
- <fix>
- <bug>49536</bug>: If no ROOT context is deployed, ensure a 404 rather
- than a 200 is returned for requests that don't map to any other context.
- (markt)
- </fix>
- <add>
- Additional debug logging in StandardContext to provide information on
- Manager selection. (markt)
- </add>
- <fix>
- <bug>49550</bug>: Supress deprecation warning where deprecated code is
- required to be used. No functional change. Patch provided by Sebb.
- (markt)
- </fix>
- <fix>
- <bug>49551</bug>: Allow default context.xml location to be specified
- using an absolute path. (markt)
- </fix>
- <add>
- Improve logging of unhandled exceptions in servlets by including the
- path of the context where the error occurred. (markt)
- </add>
- <add>
- Include session ID in error message logged when trying to set an
- attribute on an invalid session. (markt)
- </add>
- <fix>
- Improve the CSRF protection filter by using SecureRandom rather than
- Random to generate nonces. Also make the implementation class used user
- configurable. (markt)
- </fix>
- <fix>
- Avoid NullPointerException, when copyXML=true and META-INF/context.xml
- does not exist. (kfujino)
- </fix>
- <fix>
- <bug>49598</bug>: When session is changed and the session cookie is
- replaced, ensure that the new Set-Cookie header overwrites the old
- Set-Cookie header. (markt)
- </fix>
- <fix>
- Create a thread to trigger asynchronous timeouts when using the BIO
- connector, change the default timeout to 10s (was infinite) and make the
- default timeout configurable using the <code>asyncTimeout</code>
- attribute on the connector. (pero/markt)
- </fix>
- <fix>
- <bug>49600</bug>: Make exceptions returned by the
- <code>ProxyDirContext</code> consistent for resources that weren't found
- by checking the <code>DirContext</code> or the cache. Test case based on
- a patch provided by Marc Guillemot. (markt)
- </fix>
- <fix>
- <bug>49613</bug>: Improve performance when using SSL for applications
- that make multiple class to <code>Request.getAttributeNames()</code>.
- Patch provided by Sampo Savolainen. (markt)
- </fix>
- <fix>
- Handle the edge cases where resources packaged in JARs have names that
- start with a single quote character or a double quote character. (markt)
- </fix>
- <fix>
- Correct copy and paste typo in web.xml parsing rules that mixed up
- <code>local-ejb-ref</code> and <code>resource-env-ref</code>. (markt)
- </fix>
- <update>
- Refactor session managers to remove unused code and to reduce code
- duplication. Also, all session managers used for session replication now
- extend <code>org.apache.catalina.ha.session.ClusterManagerBase</code>.
- (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <update>
- Remove references to Jikes since it does not support Java 6. (markt)
- </update>
- <fix>
- Correct over zealous type checking for EL in attributes that broke the
- use of JSF converters. (markt)
- </fix>
- <fix>
- Correct algorithm used to identify correct method to use when a
- MethodExpressions is used in EL. (markt)
- </fix>
- <fix>
- <bug>49217</bug>: Ensure that identifiers used in EL meet the
- requirements of the Java Language Specification. (markt)
- </fix>
- <add>
- Improve logging of JSP exceptions by including JSP snippet (if enabled)
- rather than just the root cause in the host log. (markt)
- </add>
- <fix>
- <bug>49555</bug>: Correctly handled Tag Libraries where functions are
- defined in static inner classes. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- <bug>49127</bug>: Don't swallow exceptions unnecessarily in
- <code>SimpleTcpReplicationManager.startInternal()</code>. (markt)
- </fix>
- <fix>
- <bug>49407</bug>: Change the BackupManager so it is consistent with
- DeltaManager and reports both primary and backup sessions when active
- sessions are requested. (markt)
- </fix>
- <fix>
- <bug>49445</bug>: When session ID is changed after authentication,
- ensure the DeltaManager replicates the change in ID to the other nodes
- in the cluster. (kfujino)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>49112</bug>: Update the ROOT web application's index page. Patch
- provided by pid. (markt)
- </fix>
- <fix>
- <bug>49213</bug>: Add the permissions necessary to enable the Manager
- application to operate currently when running with a security manager.
- (markt)
- </fix>
- <fix>
- <bug>49436</bug>: Correct documented default for readonly attribute of
- the UserDatabase component. (markt)
- </fix>
- <fix>
- <bug>49475</bug>: Use new role name for manager application access on
- the ROOT web application's index page. (markt)
- </fix>
- <fix>
- <bug>49476</bug>: CSRF protection was preventing access to the session
- expiration features. Also switch the manager application to the generic
- CSRF protection filter. (markt)
- </fix>
- <fix>
- Better handle failure to create directories required for new hosts in
- the Host Manager application. (markt)
- </fix>
- <fix>
- Switch the Host Manager application to the generic CSRF protection for
- the HTML interface and prevent started hosts from being started and
- stopped hosts from being stopped. (markt)
- </fix>
- <fix>
- <bug>49518</bug>: Fix typo in extras documentation. (markt)
- </fix>
- <fix>
- <bug>49522</bug>: Fix regression due to change of name for MBeans for
- naming resources that broke the complete server status page in the
- manager application. Note these MBeans now have a new name. (markt)
- </fix>
- <fix>
- <bug>49570</bug>: When using the example compression filter, set the
- Vary header on compressed responses. (markt)
- </fix>
- <add>
- Add redirects for the root of the manager and host-manager web
- applications that redirect users to the html interface rather than
- returning a 404. (markt)
- </add>
- <add>
- Provide the HTML Manager application with the ability to differentiate
- between primary, backup and proxy sessions. Note that proxy sessions are
- only shown if enabled in web.xml. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- <bug>49130</bug>: Better describe the core package in the Windows
- installer, making it clear that the service will be installed. Patch
- provided by sebb. (markt)
- </fix>
- <add>
- Re-factor unit tests to enable them to be run once with each of the HTTP
- connector implementations (BIO, NIO and APR/native). (markt)
- </add>
- <add>
- <bug>49268</bug>: Add the necessary plumbing to include CheckStyle in
- the build process. Start with no checks. Additional checks will be
- added as they are agreed. (markt)
- </add>
- <update>
- Updated to Ant 1.8.1. The build now requires a minimum of Ant 1.8.x.
- (markt)
- </update>
- <update>
- Update the re-packaged version of commons-fileupload from 1.2.1 to
- 1.2.2. The layout of re-packaged version was also restored to the
- original commons-fileupload layout to make merging of future updates
- easier. (markt)
- </update>
- <update>
- Update the re-packaged version of Jakarta BCEL from trunk revision
- 880760 to trunk revision 978831. (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 7.0.0 (markt)" rtext="beta, 2010-06-29">
- <subsection name="Catalina">
- <changelog>
- <update>
- Update Servlet support to the Servlet 3.0 specification. (all)
- </update>
- <update>
- Improve and document VirtualWebappLoader. (rjung)
- </update>
- <add>
- <bug>43642</bug>: Add prestartminSpareThreads attribute for Executor.
- (jfclere)
- </add>
- <update>
- Switch from AnnotationProcessor to InstanceManager. Patch provided by
- David Jecks with modifications by Remy. (remm/fhanik)
- </update>
- <update>
- <rev>620845</rev> and <rev>669119</rev>. Make shutdown address
- configurable. (jfclere)
- </update>
- <fix>
- <rev>651977</rev> Add some missing control checks to
- <code>ThreadWithAttributes</code>. (markt)
- </fix>
- <add>
- <rev>677640</rev> Add a startup class that does not require any
- configuration files. (costin)
- </add>
- <fix>
- <rev>700532</rev> Log if temporary file operations within the CGI
- servlet fail. Make sure header Reader is closed on failure. (markt)
- </fix>
- <fix>
- <rev>708541</rev> Delete references to DefaultContext which was removed
- in 6.0.x. (markt)
- </fix>
- <add>
- <rev>709018</rev> Initial implementation of an asynchronous file handler
- for JULI. (fhanik)
- </add>
- <fix>
- Give session thisAccessedTime and lastAccessedTime clear semantics.
- (rjung)
- </fix>
- <add>
- Expose thisAccessedTime via Session interface. (rjung)
- </add>
- <add>
- Provide a log format for JULI that provides the same information as the
- default but on a single line. (markt)
- </add>
- <add>
- <rev>723889</rev> Provide the ability to configure the Executor job
- queue size and a timeout for adding jobs to the queue. (fhanik)
- </add>
- <add>
- Add support for aliases to StandardContext. This allows content from
- other directories and/or WAR files to be mapped to paths within the
- context. (markt)
- </add>
- <update>
- Provide clearer definition of Lifecycle interface, particularly start
- and stop, and align components that implement Lifecycle with this
- definition. (markt)
- </update>
- <add>
- <bug>48662</bug>: Provide a new option to control the copying of context
- XML descriptors from web applications to the host's xmlBase. Copying of
- XMl descriptors is now disabled by default. (markt)
- </add>
- <fix>
- Move comet classes from the org.apache.catalina package to the
- org.apache.catalina.comet package to allow comet to work under a
- security manager. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <update>
- Port SSLInsecureRenegotiation from mod_ssl. This requires
- to use tomcat-native 1.2.21 that have option to detect this
- support from OpenSSL library. (mturk)
- </update>
- <update>
- Allow bigger AJP packets also for request bodies and responses
- using the packetSize attribute of the Connector. (rjung)
- </update>
- <update><rev>703017</rev> Make Java socket options consistent between NIO
- and JIO connector. Expose all the socket options available on
- <code>java.net.Socket</code> (fhanik)
- </update>
- <fix>
- <bug>46051</bug>: The writer returned by <code>getWriter()</code> now
- conforms to the <code>PrintWriter</code> specification and uses platform
- dependent line endings rather than always using <code>\r\n</code>.
- (markt)
- </fix>
- <update>
- Use tc-native 1.2.x which is based on APR 1.3.3+ (mturk)
- </update>
- <update>
- <rev>724239</rev> NIO connector now always uses an Executor. (fhanik)
- </update>
- <update>
- <rev>724393</rev> Implement keepAliveCount for NIO connector in a thread
- safe manner. (fhanik)
- </update>
- <update>
- <rev>724849</rev> Implement keep alive timeout for NIO connector.
- (fhanik)
- </update>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <update>
- Update JSP support to the JSP 2.2 specification. (markt)
- </update>
- <update>
- Update EL support to the EL 2.2 specification. (markt)
- </update>
- <update>
- <rev>787978</rev> Use "1.6" as the default value for compilerSourceVM
- and compilerTargetVM options of Jasper. (kkolinko)
- </update>
- <add>
- <bug>48358</bug>: Add support for limiting the number of JSPs that are
- loaded at any one time. Based on a patch by Isabel Drost. (markt)
- </add>
- <add>
- <bug>48689</bug>: Access TLD files through a new JarResource interface
- to make extending Jasper simpler, particularly in OSGi environments.
- Patch provided by Jarek Gawor. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="High Availability">
- <changelog>
- <add>
- Add support for UDP and secure communication to tribes. (fhanik)
- </add>
- <add>
- Add versioning to the tribes communication protocol to support future
- developments. (fhanik)
- </add>
- <add>
- Add a demo on how to use the payload. (fhanik)
- </add>
- <add>
- Started to add JMX support to the cluster implementation. (markt)
- </add>
- <fix>
- <rev>609778</rev> Minor fixes to the throughput interceptor and the
- NIO receiver. (fhanik)
- </fix>
- <fix>
- <rev>630234</rev> Additional checks for the NIO receiver. (fhanik)
- </fix>
- <update>
- <rev>671650</rev> Improve error message when multicast is not enabled.
- (fhanik)
- </update>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <update>
- <rev>631321</rev> Update changelog to support the <rev> element
- in the documentation. (fhanik)
- </update>
- <add>
- A number of additional roles were added to the Manager and Host Manager
- applications to separate out permissions for the HTML interface, the
- text interface and the JMX proxy. (markt)
- </add>
- <add>
- CSRF protection was added to the Manager and Host Manager applications.
- (markt)
- </add>
- <add>
- List array elements in the JMX proxy output of the Manager application.
- (rjung)
- </add>
- </changelog>
- </subsection>
- <subsection name="Extras">
- <changelog>
- <add>
- A new JmxRemoteLifecycleListener that can be used to fix the ports used
- for remote JMX connections, eg when using JConsole. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Numerous code clean-up changes including the use of generics and
- removing unused imports, fields, parameters and methods. (markt)
- </fix>
- <fix>
- All deprecated internal code has been removed. <b>Warning:</b> If you
- have custom components for a previous Tomcat version that extend
- internal Tomcat classes and override deprecated methods it is highly
- likely that they will no longer work. (markt)
- </fix>
- <update>
- Parameterize version number throughout build scripts and source. (rjung)
- </update>
- </changelog>
- </subsection>
+<section name="Tomcat 8.0.0">
</section>
</body>
</document>
projects / tomcat7.0 / commitdiff