I'm pleased to announce the availability of the Beta 2 release of the next generation of the Tomcat servlet container, at: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0-b2/ Tomcat 4.0 beta 2 has many new features, including: * Tomcat 4.0 can now run web applications out of an unpacked directory or directly from a WAR file. * Web applications are now run under the control of a Java SecurityManager that can support fine-grained control over each web-app's access to system resources. * You can now specify a <DefaultContext> element in the server configuration file (server.xml) that defines default configuration information for contexts that are automatically configured. * An example Filter implementation that supports on-the-fly GZIP compression for clients that support it. * A servlet that implements all of the NCSA documented functionality for server side includes (*.shtml) except for the "exec" capability. * Standard resource factories for JavaMail related resources accessible via a JNDI InitialContext, compatible with J2EE Specification requirements. * Reflects the most up-to-date changes in the Servlet 2.3 and JSP 1.2 APIs that have been approved by the JSR-053 expert group, and will appear in the next published version of the corresponding specifications. In addition, the following major bug fixes are included: * Fixes for two reported security vulnerabilities (a "cross site scripting vulnerability" plus a "URL decoding vulnerability") * The JSP servlet (Jasper) that compiles and executes JSP pages now uses its own classloader its associated XML parser, which avoids potential conflicts with parsers included with a web application. * Bug fix updates for directory listings, the WebDAV support, binding to a single IP address (if requested), incorrectly named access log files, URL decoding improvements, form-based authentication, HTTP/1.1 chunking, isUserInRole(), JSP page parsing problems, and many other patches. See the Tomcat 4.0 Beta 2 Release Notes (RELEASE-NOTES-4.0-B2.txt) that are included in the top-level directory of the release for more detailed information. Craig McClanahan
