This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f04018e7ce8b3865bcebe68d5c8489a4fea81acb Author: Mark Thomas <[email protected]> AuthorDate: Tue Oct 11 19:55:09 2022 +0100 First pass at 10.1 to 11.0 updates --- README.md | 2 +- build.properties.default | 8 +- build.xml | 4 +- java/org/apache/catalina/ant/jmx/package.html | 4 +- java/org/apache/catalina/ant/package.html | 4 +- java/org/apache/catalina/util/ServerInfo.java | 4 +- java/org/apache/tomcat/util/compat/JreCompat.java | 2 +- modules/jdbc-pool/pom.xml | 4 +- modules/openssl-foreign/pom.xml | 2 +- modules/owb/pom.xml | 2 +- res/ide-support/eclipse/eclipse.project | 2 +- res/ide-support/eclipse/start-tomcat.launch | 6 +- res/ide-support/eclipse/stop-tomcat.launch | 6 +- res/maven/mvn-pub.xml | 2 +- res/maven/mvn.properties.default | 2 +- res/rat/rat-excludes.txt | 2 +- webapps/docs/changelog.xml | 2498 +-------------------- webapps/docs/config/http.xml | 2 +- webapps/docs/tomcat-docs.xsl | 8 +- webapps/docs/web-socket-howto.xml | 31 - 20 files changed, 35 insertions(+), 2560 deletions(-) diff --git a/README.md b/README.md index 839a36719c..e1abc71e7b 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ The documentation available as of the date of this release is included in the docs webapp which ships with tomcat. You can access that webapp by starting tomcat and visiting <http://localhost:8080/docs/> in your browser. The most up-to-date documentation for each version can be found at: -- [Tomcat 10.1](https://tomcat.apache.org/tomcat-10.1-doc/) +- [Tomcat 11.0](https://tomcat.apache.org/tomcat-11.0-doc/) - [Tomcat 10.0](https://tomcat.apache.org/tomcat-10.0-doc/) - [Tomcat 9](https://tomcat.apache.org/tomcat-9.0-doc/) - [Tomcat 8](https://tomcat.apache.org/tomcat-8.5-doc/) diff --git a/build.properties.default b/build.properties.default index 4b6859cf61..82fb31bc3e 100644 --- a/build.properties.default +++ b/build.properties.default @@ -29,11 +29,11 @@ # ----------------------------------------------------------------------------- # ----- Version Control Flags ----- -version.major=10 -version.minor=1 -version.build=2 +version.major=11 +version.minor=0 +version.build=0 version.patch=0 -version.suffix= +version.suffix=-M1 version.dev=-dev # ----- Build tools ----- diff --git a/build.xml b/build.xml index b76fbcd3bf..e49889674e 100644 --- a/build.xml +++ b/build.xml @@ -15,7 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> -<project name="Tomcat 10.1" default="deploy" basedir="." +<project name="Tomcat 11.0" default="deploy" basedir="." xmlns:if="ant:if" xmlns:unless="ant:unless" xmlns:jacoco="antlib:org.jacoco.ant" @@ -2068,7 +2068,7 @@ <executiondata> <file file="${coverage.datafile}"/> </executiondata> - <structure name="Tomcat 10.1.x Code Coverage"> + <structure name="Tomcat 11.0.x Code Coverage"> <classfiles> <fileset dir="${tomcat.classes}"/> </classfiles> diff --git a/java/org/apache/catalina/ant/jmx/package.html b/java/org/apache/catalina/ant/jmx/package.html index e05ece3a3b..f7867a2759 100644 --- a/java/org/apache/catalina/ant/jmx/package.html +++ b/java/org/apache/catalina/ant/jmx/package.html @@ -20,8 +20,8 @@ <em>Ant (version 1.6 or later)</em> that can be used to interact with the Remote JMX JSR 160 RMI Adaptor to get/set attributes, invoke MBean operations and query for Mbeans inside a running instance of Tomcat. For more information, see -<a href="https://tomcat.apache.org/tomcat-10.1-doc/monitoring.html";> -https://tomcat.apache.org/tomcat-10.1-doc/monitoring.html</a>.</p> +<a href="https://tomcat.apache.org/tomcat-11.0-doc/monitoring.html";> +https://tomcat.apache.org/tomcat-11.0-doc/monitoring.html</a>.</p> <p>Each task element can open a new jmx connection or reference an existing one. The following attribute are exists in every tasks:</p> diff --git a/java/org/apache/catalina/ant/package.html b/java/org/apache/catalina/ant/package.html index 830afc801e..e4067ad25a 100644 --- a/java/org/apache/catalina/ant/package.html +++ b/java/org/apache/catalina/ant/package.html @@ -20,8 +20,8 @@ <em>Ant (version 1.6.x or later)</em> that can be used to interact with the Manager application to deploy, undeploy, list, reload, start and stop web applications from a running instance of Tomcat. For more information, see -<a href="https://tomcat.apache.org/tomcat-10.1-doc/manager-howto.html";> -https://tomcat.apache.org/tomcat-10.1-doc/manager-howto.html</a>.</p> +<a href="https://tomcat.apache.org/tomcat-11.0-doc/manager-howto.html";> +https://tomcat.apache.org/tomcat-11.0-doc/manager-howto.html</a>.</p> <p>The attributes of each task element correspond exactly to the request parameters that are included with an HTTP request diff --git a/java/org/apache/catalina/util/ServerInfo.java b/java/org/apache/catalina/util/ServerInfo.java index 4f45b29663..7f8f1748ce 100644 --- a/java/org/apache/catalina/util/ServerInfo.java +++ b/java/org/apache/catalina/util/ServerInfo.java @@ -67,13 +67,13 @@ public class ServerInfo { ExceptionUtils.handleThrowable(t); } if (info == null || info.equals("Apache Tomcat/@VERSION@")) { - info = "Apache Tomcat/10.1.x-dev"; + info = "Apache Tomcat/11.0.x-dev"; } if (built == null || built.equals("@VERSION_BUILT@")) { built = "unknown"; } if (number == null || number.equals("@VERSION_NUMBER@")) { - number = "10.1.x"; + number = "11.0.x"; } serverInfo = info; diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java b/java/org/apache/tomcat/util/compat/JreCompat.java index 3e90bed588..993096617a 100644 --- a/java/org/apache/tomcat/util/compat/JreCompat.java +++ b/java/org/apache/tomcat/util/compat/JreCompat.java @@ -48,7 +48,7 @@ public class JreCompat { } graalAvailable = result || System.getProperty("org.graalvm.nativeimage.imagecode") != null; - // This is Tomcat 10.1.x with a minimum Java version of Java 11. + // This is Tomcat 11.0.x with a minimum Java version of Java 11. // Look for the highest supported JVM first if (Jre19Compat.isSupported()) { instance = new Jre19Compat(); diff --git a/modules/jdbc-pool/pom.xml b/modules/jdbc-pool/pom.xml index 30895250dc..40e7f286f9 100644 --- a/modules/jdbc-pool/pom.xml +++ b/modules/jdbc-pool/pom.xml @@ -65,7 +65,7 @@ <dependency> <groupId>org.apache.tomcat</groupId> <artifactId>tomcat-juli</artifactId> - <version>10.1.0-M8</version> + <version>11.0.0-SNAPSHOT</version> </dependency> <dependency> <groupId>junit</groupId> @@ -76,7 +76,7 @@ <dependency> <groupId>org.apache.tomcat</groupId> <artifactId>tomcat-dbcp</artifactId> - <version>10.1.0-M8</version> + <version>11.0.0-SNAPSHOT</version> <scope>test</scope> </dependency> <dependency> diff --git a/modules/openssl-foreign/pom.xml b/modules/openssl-foreign/pom.xml index aac7d891c9..8811bcc22c 100644 --- a/modules/openssl-foreign/pom.xml +++ b/modules/openssl-foreign/pom.xml @@ -31,7 +31,7 @@ <version>0.1-SNAPSHOT</version> <properties> - <tomcat.version>10.1.0</tomcat.version> + <tomcat.version>11.0.0-SNAPSHOT</tomcat.version> <project.build.outputTimestamp>2021-12-02T12:00:00Z</project.build.outputTimestamp> </properties> diff --git a/modules/owb/pom.xml b/modules/owb/pom.xml index 303f9d2982..539ec7f5ff 100644 --- a/modules/owb/pom.xml +++ b/modules/owb/pom.xml @@ -36,7 +36,7 @@ <geronimo-atinject.version>1.2</geronimo-atinject.version> <geronimo-interceptor.version>1.2</geronimo-interceptor.version> <geronimo-jcdi.version>1.3</geronimo-jcdi.version> - <tomcat.version>10.1.0</tomcat.version> + <tomcat.version>11.0.0-SNAPSHOT</tomcat.version> </properties> <dependencies> diff --git a/res/ide-support/eclipse/eclipse.project b/res/ide-support/eclipse/eclipse.project index 8139e415ed..10027f6de0 100644 --- a/res/ide-support/eclipse/eclipse.project +++ b/res/ide-support/eclipse/eclipse.project @@ -16,7 +16,7 @@ limitations under the License. --> <projectDescription> - <name>tomcat-10.1.x</name> + <name>tomcat-11.0.x</name> <comment></comment> <projects> </projects> diff --git a/res/ide-support/eclipse/start-tomcat.launch b/res/ide-support/eclipse/start-tomcat.launch index b0f3eb56f3..0dc362f659 100644 --- a/res/ide-support/eclipse/start-tomcat.launch +++ b/res/ide-support/eclipse/start-tomcat.launch @@ -17,13 +17,13 @@ --> <launchConfiguration type="org.eclipse.jdt.launching.localJavaApplication"> <listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_PATHS"> -<listEntry value="/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java"/> +<listEntry value="/tomcat-11.0.x/java/org/apache/catalina/startup/Bootstrap.java"/> </listAttribute> <listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_TYPES"> <listEntry value="1"/> </listAttribute> <stringAttribute key="org.eclipse.jdt.launching.MAIN_TYPE" value="org.apache.catalina.startup.Bootstrap"/> <stringAttribute key="org.eclipse.jdt.launching.PROGRAM_ARGUMENTS" value="start"/> -<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR" value="tomcat-10.1.x"/> -<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS" value="-Dcatalina.home=${project_loc:/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/> +<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR" value="tomcat-11.0.x"/> +<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS" value="-Dcatalina.home=${project_loc:/tomcat-11.0.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/> </launchConfiguration> diff --git a/res/ide-support/eclipse/stop-tomcat.launch b/res/ide-support/eclipse/stop-tomcat.launch index 1c7bcd35cb..91db8adf6f 100644 --- a/res/ide-support/eclipse/stop-tomcat.launch +++ b/res/ide-support/eclipse/stop-tomcat.launch @@ -17,13 +17,13 @@ --> <launchConfiguration type="org.eclipse.jdt.launching.localJavaApplication"> <listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_PATHS"> -<listEntry value="/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java"/> +<listEntry value="/tomcat-11.0.x/java/org/apache/catalina/startup/Bootstrap.java"/> </listAttribute> <listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_TYPES"> <listEntry value="1"/> </listAttribute> <stringAttribute key="org.eclipse.jdt.launching.MAIN_TYPE" value="org.apache.catalina.startup.Bootstrap"/> <stringAttribute key="org.eclipse.jdt.launching.PROGRAM_ARGUMENTS" value="stop"/> -<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR" value="tomcat-10.1.x"/> -<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS" value="-Dcatalina.home=${project_loc:/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/> +<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR" value="tomcat-11.0.x"/> +<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS" value="-Dcatalina.home=${project_loc:/tomcat-11.0.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/> </launchConfiguration> diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 9781949fa5..e24188a968 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -15,7 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> -<project name="Tomcat 10.1 Maven Deployment" default="" basedir="." +<project name="Tomcat 11.0 Maven Deployment" default="" basedir="." xmlns:resolver="antlib:org.apache.maven.resolver.ant" xmlns:if="ant:if" xmlns:unless="ant:unless"> diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 6e72713f8a..de28419e1e 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=10.1.2 +maven.asf.release.deploy.version=11.0.0-M1 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/res/rat/rat-excludes.txt b/res/rat/rat-excludes.txt index 4b69f950ca..dffcc1bcef 100644 --- a/res/rat/rat-excludes.txt +++ b/res/rat/rat-excludes.txt @@ -234,4 +234,4 @@ output/dist/temp/safeToDelete.tmp output/res/checkstyle/* -tomcat-10.1.x/** +tomcat-11.0.x/** diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 7f4dc123d8..63de62acd5 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,2513 +104,19 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> -<section name="Tomcat 10.1.2 (markt)" rtext="in development"> - <subsection name="Other"> - <changelog> - <update> - Update to Commons Daemon 1.3.2. (markt) - </update> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.1 (markt)" rtext="2022-10-11"> - <subsection name="Catalina"> - <changelog> - <fix> - Update the <code>RewriteValve</code> to perform pattern matching using - dotall mode to avoid unexpected behaviour if the URL includes encoded - line terminators. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - <bug>66276</bug>: Fix incorrect class cast when adding - a descendant of HTTP/2 streams. (lihan) - </fix> - <fix> - <bug>66281</bug>: Fix unexpected timeouts that may appear as client - disconnections when using HTTP/2 and NIO2. (markt) - </fix> - <fix> - Enforce the requirement of RFC 7230 onwards that a request with a - malformed <code>content-length</code> header should always be rejected - with a 400 response. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>66277</bug>: Fix regressions in refactoring from <code>Stack</code> - <code>ArrayDeque</code>. - </fix> - <add> - Add support for specifying Java 20 (with the value <code>20</code>) as - the compiler source and/or compiler target for JSP compilation. If used - with an Eclipse JDT compiler version that does not support these values, - a warning will be logged and the default will used. - (markt) - </add> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - Documentation. Document the <code>nonceRequestParameterName</code> - attribute for the <code>CsrfPreventionFilter</code>. Based on - <pr>553</pr> by Mert Ülkgün. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <update> - Update to the Eclipse JDT compiler 4.23. (markt) - </update> - <update> - Update Objenesis to 3.2. (markt) - </update> - <update> - Update UnboundID to 6.0.6. (markt) - </update> - <update> - Update Checkstyle to 10.3.4. (markt) - </update> - <update> - Update JaCoCo to 0.8.8. (markt) - </update> - <update> - Update SpotBugs to 4.7.2. (markt) - </update> - <update> - Update JSign to 4.2. (markt) - </update> - <update> - Update Derby to 10.16.1.1. (markt) - </update> - <add> - Improvements to Chinese translations. (markt) - </add> - <add> - Improvements to Czech translations. (markt) - </add> - <add> - Improvements to French translations. (remm) - </add> - <add> - Improvements to Japanese translations. Contributed by tak7iji and - Shirayuking. (markt) - </add> - <add> - Improvements to Korean translations. (markt) - </add> - <add> - Improvements to Spanish translations. (markt) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0 (markt)" rtext="2022-09-26"> - <subsection name="Coyote"> - <changelog> - <update> - Update Panama OpenSSL code for the extensive Java 20 changes. (remm) - </update> - <fix> - Fix a regression in refactoring for Hashtables which caused mbeans to - lose many of their attributes. (remm) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <add> - <bug>66203</bug>: Log an error message when the JSP compiler is unable - to create the output directory for the generated code. (markt) - </add> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <add> - Further automation to the build process to reduce the number of manual - steps that release managers must perform. (markt) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M20 (markt)" rtext="not released"> - <subsection name="Coyote"> - <changelog> - <fix> - Prepare OpenSSL Panama module for Java 20 API changes. (remm) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <update> - Update the Apache Tomcat migration tool for Jakarta EE library to 1.0.4. - (markt) - </update> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M19 (markt)" rtext="not released"> - <subsection name="Coyote"> - <changelog> - <fix> - Correct a regression in the previous fix for <bug>66236</bug>. (markt) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M18 (markt)" rtext="not released"> - <subsection name="Catalina"> - <changelog> - <fix> - Correct handling of HTTP TRACE requests where there are multiple - instances of an HTTP header with the same name. (markt) - </fix> - <fix> - Implement the requirements of RFC 7231 and do not include sensitive - headers in responses to HTTP TRACE requests. (markt) - </fix> - <fix> - Implement the clarification in RFC 9110 that the units in HTTP range - specifiers are case insensitive. (markt) - </fix> - <fix> - Properly-escape role and group information when writing - MemoryUserDatabase to an XML file. (schultz) - </fix> - <fix> - Move control of XML-export logic from individual support classes into - MemoryUserDatabase.save(). Deprecate and discontinue use of MemoryUser, - MemoryRole, and MemoryGroup classes. (schultz) - </fix> - <fix> - <bug>66183</bug>: When logging cookie values in an access log valve and - there are multiple cookies with the same name, log all cookie values - rather than just the first. Based on pull request <pr>541</pr> by Han - Li. (markt) - </fix> - <fix> - <bug>66184</bug>: Ensure that JULI root loggers have a default level of - <code>INFO</code>. Pull request <pr>533</pr> provided by Piotr P. - Karwasz. (markt) - </fix> - <fix> - Improve handling of stack overflow errors when parsing SSI expressions. - (markt) - </fix> - <fix> - <bug>66120</bug>: Enable FORM authentication to work correctly if - session persistence and restoration occurs during the authentication - process. (markt) - </fix> - <fix> - <bug>66233</bug>: Include an error message when sending a 400 response - because a request has too many cookies. (markt) - </fix> - <fix> - When web application deployment fails due to JARs with duplicate - fragment names, improve the error message by listing the JARs that - contain the duplicates. Based on pull request <pr>535</pr> by Mads - Rolsdorph. (markt) - </fix> - <fix> - Replace logging thread for JULI's <code>AsyncFileHandler</code> with an - executor to protect against failure of the logging thread. Based on pull - request <pr>545</pr> by Piotr P. Karwasz. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - Avoid potential NPE by skipping duplicate accept check when using a Unix - Domain Socket. Based on <pr>532</pr> by Han Li. (markt) - </fix> - <fix> - Address an edge case in HTTP header parsing that allowed CRCRLF to be - used as a valid line terminator. (markt) - </fix> - <fix> - Ensure HTTP/2 requests that include connection specific headers are - rejected. (markt) - </fix> - <fix> - When processing HTTP/2 requests, allow a <code>host</code> header to be - used in place of an <code>:authority</code> header. (markt) - </fix> - <fix> - When processing HTTP/2 requests, allow a <code>host</code> header and an - <code>:authority</code> header to be present providing they are - consistent. (markt) - </fix> - <fix> - When processing HTTP/2 requests, reject requests containing multiple - <code>host</code> headers. (markt) - </fix> - <fix> - Make parsing of invalid filename directives in - <code>Content-Disposition</code> headers more robust. Invalid filename - directives will now be ignored rather than triggering a 500 response. - (markt) - </fix> - <fix> - <bug>66194</bug>: Log HTTP/2 stream closures (usually caused by client - errors) via a <code>UserDataHelper</code> to broadly align it with the - behaviour of HTTP/1.1 for parsing issues and exceeding limits. (markt) - </fix> - <fix> - <bug>66196</bug>: Align HTTP/1.1 with HTTP/2 and throw an exception when - attempting to commit a response with an header value that includes one - or more characters with a code point above 255. (markt) - </fix> - <fix> - <bug>66236</bug>: Implement support for the special values zero and - minus one when configuring <code>maxSavePostSize</code> for a Connector - when used in conjunction with TLS renegotiation. (markt) - </fix> - <fix> - <bug>66240</bug>: Avoid int overflow when parsing octets by limiting - the maximum value to 255. Based on a PR <pr>548</pr> by Stefan Mayr. - (lihan) - </fix> - <fix> - <pr>550</pr>: Correctly handle case where a Servlet responds to a - request with an expectation with a 2xx response without reading the - request body. Pull request provided by Malay Shah. (markt) - </fix> - <fix> - <pr>551</pr>: Avoid potential IndexOutOfBoundsException by fixing - incorrect check when matching HTTP/2 preface. Submitted by 刘文章. - (lihan) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - Improve handling of stack overflow errors when parsing EL expressions. - (markt) - </fix> - <fix> - Correct parsing of integer and floating point literals in EL expressions - so that larger values are correctly parsed to <code>BigInteger</code> - and <code>BigDecimal</code> respectively. (markt) - </fix> - <fix> - <bug>66235</bug>: Fix various issues with the bean resolver used for - Graal. (remm) - </fix> - <fix> - Improve the performance of the <code>ImportHandler</code> in the - Expression Language implementation. This removes a previous optimisation - that is now detrimental rather than helpful. Pull request <pr>547</pr> - provided by rmannibucau. (markt) - </fix> - <fix> - Improve handling of EL error messages so instances of Number are not - formatted in unexpected ways. (markt/kkolinko) - </fix> - <fix> - Switch to using ELException rather than IllegalArgumentException when a - type conversion fails during an EL arithmetic operation. This is an EL - error so ELException seems more appropriate. (markt) - </fix> - <fix> - Fix a bug in <code>MethodExpression</code> handling that triggered an - error when invoking a static method on an instance of the class rather - than directly on the class. (markt) - </fix> - <fix> - Use <code>BigInteger.remainder()</code> rather than - <code>BigInteger.mod()</code> when performing the modulus operation for - instances of <code>BigInteger</code> as part of an EL expression. - (markt) - </fix> - </changelog> - </subsection> - <subsection name="Cluster"> - <changelog> - <fix> - To aid future additions of new functionality, rather than throw an - <code>IllegalArgumentException</code> if a <code>DeltaRequest</code> is - passed an unrecognised action type, a warning message will now be - logged. (markt) - </fix> - <fix> - <bug>66120</bug>: Enable FORM authentication to work correctly if - session failover occurs during the authentication process. (markt) - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <add> - <bug>62312</bug>: Add support for authenticating WebSocket clients with - an HTTP forward proxy when establishing a connection to a WebSocket - endpoint via a forward proxy that requires authentication. Based on a - patch provided by Joe Mokos. (markt) - </add> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <fix> - Ensure that zip archives use UTC for file modification times to ensure - repeatable builds across time zones. (markt) - </fix> - <add> - Improvements to Chinese translations. (lihan) - </add> - <add> - Improvements to Czech translations. (markt) - </add> - <add> - Improvements to French translations. (remm) - </add> - <add> - Improvements to German translations. (markt) - </add> - <add> - Improvements to Japanese translations. Contributed by tak7iji and - Shirayuking. (markt) - </add> - <add> - Improvements to Korean translations. Contributed by 수현. (markt) - </add> - <add> - Improvements to Brazilian Portuguese translations. (markt) - </add> - <add> - Improvements to Russian translations. (markt) - </add> - <add> - Improvements to Spanish translations. (markt) - </add> - <update> - Update the Apache Tomcat migration tool for Jakarta EE library to 1.0.3. - (markt) - </update> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M17 (markt)" rtext="2022-07-20"> - <subsection name="Catalina"> - <changelog> - <fix> - <bug>66104</bug>: Avoid error message by not trying to clean up old - files from the logging directory before the directory has been created. - Based on <pr>521</pr> by HanLi. (markt) - </fix> - <update> - Update the Jakarta Common Annotations API to 2.1.1. This deprecates the - <code>ManagedBean</code> annotation which will be removed in a future - release. (markt) - </update> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <add> - Provide dedicated loggers - (<code>org.apache.tomcat.util.net.NioEndpoint.handshake</code> / - <code>org.apache.tomcat.util.net.Nio2Endpoint.handshake</code>) for TLS - handshake failures. (markt) - </add> - <add> - Enable the use of the FIPS provider for TLS enabled Connectors when - using Tomcat Native 1.2.34 onwards built with OpenSSL 3.0.x onwards. - (markt) - </add> - <scode> - Remove the <code>jvmRoute</code> system property used to configure a - default value for the <code>jvmRoute</code> attribute of an Engine. - (markt) - </scode> - <update> - Update experimental Panama modules with support for OpenSSL 3.0+. - OpenSSL 1.1 remains supported. (remm) - </update> - <fix> - Correct a regression in the refactoring to support experimentation with - project Loom that broke HTTP/2 support if async IO was disabled. (markt) - </fix> - <fix> - Fix duplicate Poller registration with HTTP/2, NIO and async IO that - could cause HTTP/2 connections to unexpectedly fail. (markt) - </fix> - <update> - Refactor Panama module to better take advantage of the Panama preview - API updates and fixes. Improves memory session usage and avoids some - allocations. Review from Maurizio Cimadamore. (remm) - </update> - <update> - Update the minimum recommended version of the Tomcat Native Library to - 2.0.1. (markt) - </update> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <add> - Add support for specifying Java 19 (with the value <code>19</code>) as - the compiler source and/or compiler target for JSP compilation. If used - with an Eclipse JDT compiler version that does not support these values, - a warning will be logged and the default will used. - (markt) - </add> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <update> - Remove configuration settings related to the restriction on WebSocket - endpoint deployment that was removed in version 2.1 of the - specification. (markt) - </update> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - Documentation. <bug>62245</bug>: Include <code>contextXsltFile</code> - when discussing options for configuring directory listings. (markt) - </fix> - <fix> - Examples. Fix CVE-2022-34305, a low severity XSS vulnerability in the - Form authentication example. (markt) - </fix> - <fix> - Documentation. Expand the description of the <code>useSendfile</code> - attribute for HTTP/2 and reference the possibility of file locking when - using this feature on Windows operating systems. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <update> - Update to bnd 6.3.1. (markt) - </update> - <update> - The minimum Ant version required to build Tomcat 10.1.x is now 1.10.2. - (markt) - </update> - <add> - Add additional automation to the build process to reduce the number of - manual steps that release managers must perform. (schultz) - </add> - <add> - Implement support for reproducible builds. Reproducible builds are - independent of operating system but require the same Ant version and - same JDK (vendor and version) to be used as associated version - information is embedded in a number of build outputs such as JAR file - manifests. (markt) - </add> - <update> - Update the minimum supported version of Tomcat Native to 1.2.34 to allow - the removal of the deprecated Java API associated with features that - will be removed in Tomcat Native 2.0.x. (markt) - </update> - <fix> - Remove and/or update references to the removed - <code>org.apache.tomcat.util.threads.res</code> package. The - <code>LocalStrings*.properties</code> files in that package were moved - to <code>org.apache.tomcat.util.threads</code> package for consistency - with the rest of the Tomcat code base. (markt) - </fix> - <fix> - <bug>66134</bug>: The NSIS based Tomcat installer for Windows now - correctly handles the combination of <code>TomcatAdminRoles</code> - defined in a configuration file and selecting the Manager and/or - Host Manager web applications in the installer's GUI. (markt) - </fix> - <update> - Update the OWB module to Apache OpenWebBeans 2.0.27. (remm) - </update> - <update> - Update the CXF module to Apache CXF 3.5.3. (remm) - </update> - <update> - Update the Apache Tomcat migration tool for Jakarta EE library to 1.0.1. - (markt) - </update> - <update> - Update the packaged version of the Tomcat Native Library to 2.0.1 to - pick up the Windows binaries built with with OpenSSL 3.0.5. (markt) - </update> - <add> - Improvements to French translations. (remm) - </add> - <add> - Improvements to Japanese translations contributed tak7iji. (markt) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M16 (markt)" rtext="2022-06-09"> - <subsection name="Catalina"> - <changelog> - <fix> - Update the memory leak protection code to support stopping application - created executor threads when running on Java 19 and later. (markt) - </fix> - <fix> - Improve the error message if a required <code>--add-opens</code> option - is missing. (markt) - </fix> - <fix> - Disable the memory leak correction code enabled by the Context attribute - <code>clearReferencesObjectStreamClassCaches</code> when running on a - JRE that includes a fix for the underlying memory leak. (markt) - </fix> - <fix> - <pr>515</pr>: Avoid deadlock on startup with some utility executor - configurations. Submitted by Han Li. (remm) - </fix> - <fix> - <bug>66068</bug>: Ensure that the changes made to a request by the - <code>RemoteIPValve</code> persist after the request is put into - asynchronous mode. (markt) - </fix> - <add> - Include the major version in the recommended version used for Tomcat - Native with the <code>AprLifecycleListener</code>. (markt) - </add> - <scode> - Remove the reporting of the unused APR feature flags. (markt) - </scode> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - Additional fix for <bug>65118</bug>. Fix a potential - <code>NullPointerException</code> when pruning closed HTTP/2 streams - from the connection. (markt) - </fix> - <scode> - Refactor synchronization blocks locking on <code>SocketWrapper</code> to - use <code>ReentrantLock</code> to support users wishing to experiment - with project Loom. (markt) - </scode> - <fix> - <bug>66076</bug>: When using TLS with non-blocking writes and the NIO - connector, ensure that flushing the buffers attempts to empty all of the - output buffers. (markt) - </fix> - <fix> - <bug>66084</bug>: Correctly calculate bytes written to a response. Pull - request <pr>516</pr> provided by aooohan HanLi. (markt) - </fix> - <add> - Correct a regression in the support added for encrypted PKCS#1 formatted - private keys in the previous release that broke support for unencrypted - PKCS#1 formatted private keys. (jfclere/markt) - </add> - <update> - Remove support for NPN when using the Tomcat Native Connector as NPN was - never standardised and browser support for NPN was removed several years - ago. (markt) - </update> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - Update XML schema used for generated web fragments to use the Servlet - 6.0 web fragment schema. (markt) - </fix> - <fix> - Update the XML schema used by the web fragment defined for the Jasper EL - JAR to use the Servlet 6.0 web fragment schema. (markt) - </fix> - <fix> - Update <code>ImportHandler</code> optimisation for new classes - introduced in Java 19. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Web Socket"> - <changelog> - <fix> - Update the XML schema used by the web fragment defined for the WebSocket - JAR to use the Servlet 6.0 web fragment schema. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - <bug>66064</bug>: Update the building page in the documentation web - application to reflect changes in required Java version and source - repository. (markt) - </fix> - <fix> - Documentation. Make the description of the HTTP/1.1 configuration - attributes that control the maximum allowed HTTP header size more - specific. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Tribes"> - <changelog> - <fix> - Increase the default buffer size for replication messages from 43800 to - 65536 bytes. This is expected to improve performance for large messages - when running on Linux based systems. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <add> - Improvements to French translations. (remm) - </add> - <add> - Improvements to Japanese translations contributed by Shirayuking and - tak7iji. (markt) - </add> - <add> - Improvements to Chinese translations contributed by Dingzi2012. (markt) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M15 (markt)" rtext="2022-05-16"> - <subsection name="Catalina"> - <changelog> - <scode> - <bug>65853</bug>: Refactor the <code>CsrfPreventionFilter</code> to make - it easier for sub-classes to modify the nonce generation and storage. - Based on suggestions by Marvin Fröhlich. (markt) - </scode> - <fix> - <bug>65991</bug>: Avoid NPE with <code>SSLAuthenticator</code> when - <code>boundOnInit</code> is used on a connector, during the check - for client certificate authentication availability. (remm) - </fix> - <fix> - <bug>66009</bug>: Use <code>getSubjectX500Principal().toString()</code> - rather than <code>getSubjectX500Principal().getName(...)</code> to - retrieve a certificate DN, to match the output of the deprecated - <code>getSubjectDN().getName()</code> that was used previously. (remm) - </fix> - <add> - Revert the change in 10.1.0-M11 that added a mapping of - <code>Shift_JIS</code> for the <code>ja</code> locale to the default - mappings used by <code>ServletResponse.setLocale()</code> as it - caused regressions for applications using UTF-8. (markt) - </add> - <add> - Provide a property source that sources values from Kubernetes service - bindings. Pull request <pr>512</pr> provided by Sumit Kulhadia and - Gareth Evans. (markt) - </add> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <add> - <pr>501</pr>: Add new <code>maxHttpRequestHeaderSize</code> and - <code>maxHttpResponseHeaderSize</code> attributes which allow setting - the maximum HTTP header sizes independently. If not specified, the - value of the <code>maxHttpHeaderSize</code> connector attribute will - be used. Submitted by Zhongming Hua. (remm) - </add> - <fix> - The root cause of the Linux kernel duplicate accept bug has been - identified along with the version of the kernel that includes the fix. - The error message displayed when this bug occurs has been updated to - reflect this new information and to advise users to update to a version - of the OS that uses kernel 5.10 or later. Thanks to Christopher Gual for - the research into this issue. (markt) - </fix> - <scode> - Remove the custom UTF-8 decoder that was introduced to work around - various UTF-8 decoding bugs in Java. These issues were fixed in early - Java 8 releases. Now the minimum Java version is 11, we can be sure that - Tomcat will not be running on a JRE where these issues are present. - (markt) - </scode> - <fix> - <bug>66023</bug>: Improve the fix for <bug>65726</bug> and support HTTP - upgrade with a request body for a wider set of use cases. (markt) - </fix> - <fix> - <bug>66035</bug>: Add NULL check on the SSL session reference in the - Panama code before accessing the session id and creation time. (remm) - </fix> - <add> - Add support for encrypted PKCS#1 formatted private keys when configuring - the internal, in memory key store. Based on <pr>511</pr>. - (jfclere/markt) - </add> - <fix> - Remove the <code>prestartminSpareThreads</code> attribute of the - <code>StandardThreadExecutor</code> since all core threads are always - started by default making this attribute meaningless. Pull request - <pr>510</pr> provided by Aooohan. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <update> - To align with the JSP 3.1 specification, make the - <code>jsp:plugin</code> action a NO-OP. No HTML will be generated as a - result the <code>jsp:plugin</code> action being included in a JSP. This - is be because the associated HTML elements are no longer supported by - any major browser. (markt) - </update> - <fix> - <bug>66031</bug>: Fix NPE when using a custom JspFactory. Patch by - Jean-Louis Monteiro. (remm) - </fix> - </changelog> - </subsection> - <subsection name="Webapps"> - <changelog> - <fix> - <bug>66008</bug>: In the documentation web application, clarify the - recommendation for the use the <code>trimSpaces</code> option for Jasper - in production environments. (markt) - </fix> - <fix> - Update the documentation web application to state that the - <code>EncryptInterceptor</code> does not provide sufficient protection - to run Tomcat clustering over an untrusted network. This is - CVE-2022-29885. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <add> - Improvements to Chinese translations contributed by shawn. (markt) - </add> - <add> - Improvements to French translations. (remm) - </add> - <add> - Improvements to German translations contributed by Thomas Hoffmann. - (markt) - </add> - <add> - Improvements to Japanese translations contributed by Shirayuking. - (markt) - </add> - <add> - Improvements to Korean translations. (woonsan) - </add> - <update> - Update to Commons Daemon 1.3.1. This fixes a known regression in 1.3.0 - when configuring the Windows service with custom scripts as described in - <bug>66055</bug>. (markt) - </update> - <update> - Update to JSign 4.1. (markt) - </update> - <update> - Update the packaged version of the Tomcat Native Library to 1.2.33 to - pick up Windows binaries built with OpenSSL 1.1.1o.(markt) - </update> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M14 (markt)" rtext="2022-04-01"> - <subsection name="Catalina"> - <changelog> - <fix> - <bug>65736</bug>: Disable the <code>forceString</code> option for the - JNDI <code>BeanFactory</code> and replace it with an automatic search - for an alternative setter with the same name that accepts a - <code>String</code>. This is a security hardening measure. (markt) - </fix> - <add> - Remove the <code>WebappClassLoaderBase.getResources()</code> method as - it is not used and if something accidentally exposes the class loader - this method can be used to gain access to Tomcat internals. (markt) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M13 (markt)" rtext="not released"> - <subsection name="Catalina"> - <changelog> - <scode> - Update the JASPIC 2.0 API to Jakarta Authentication 3.0 (JASPIC was - renamed for Jakarta EE 10) including the implementation of the new - methods on <code>AuthConfigFactory</code>. (markt) - </scode> - <scode> - Harden the CredentialHandler implementations by switching to a - constant-time implementation for credential comparisons. (schultz/markt) - </scode> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - Use a constant for the default TLS cipher suite. This will allow - skipping setting it in some cases (for example, it does not make - sense for OpenSSL TLS 1.3). (remm) - </fix> - <fix> - <pr>487</pr>: Improve logging of unknown settings frames. Pull request - by Thomas Hoffmann. (remm) - </fix> - <add> - <bug>65975</bug>: Add a warning if a TLS virtual host is configured with - optional certificate authentication and the containing connector is also - configured to support HTTP/2 as HTTP/2 does not permit optional - certificate authentication. (markt) - </add> - <add> - <bug>65975</bug>: Add a warning if a TLS virtual host is configured for - TLS 1.3 with a JSSE implementation and a web application is configured - for <code>CLIENT-CERT</code> authentication. <code>CLIENT-CERT</code> - authentication requires post-handshake authentication (PHA) when used - with TLS 1.3 but the JSSE TLS 1.3 implementation does not support PHA. - (markt) - </add> - <fix> - Improve the recycling of Processor objects to make it more robust. - (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>65959</bug>: Serialize Function as String[] rather Class[]. (remm) - </fix> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - <bug>65947</bug>: Correct the name of HTTP/1.1 configuration property - (<code>maxHttpHeaderSize</code>) that is inherited by the HTTP/2 upgrade - protocol. Thanks to Thomas Hoffmann. (markt) - </fix> - <fix> - <bug>65952</bug>: Align <code>--add-opens</code> configuration for jsvc - with the current Tomcat scripts. (markt) - </fix> - <fix> - Correct the AJP and HTTP/1.1 Connector configuration pages in the - documentation web application to show which attributes are applicable to - all Connectors and which are implementation specific. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <fix> - Correct a spelling mistake in the German translations. Thanks to Thomas - Hoffmann. (markt) - </fix> - <fix> - <bug>65951</bug>: Use the <code>tomcat.output</code> property for OSGi - bundle manifest paths. (isapir) - </fix> - <update> - Update to Commons Daemon 1.3.0. (markt) - </update> - <update> - Update to Checkstyle 10.0. (markt) - </update> - <update> - Update to SpotBugs 4.6.0. (markt) - </update> - <add> - Expand the <code>spotbugs</code> Ant task to also cover test code. - (markt) - </add> - <update> - Update to bnd 6.2.0. (markt) - </update> - <update> - Remove OSGi annotations dependency as it is no longer required with bnd - 6.2.0. (markt) - </update> - <update> - Update to the Eclipse JDT compiler 4.23. (markt) - </update> - <scode> - Refactor the resource files for the Apache Tomcat installer for Windows - so that all the resource files are located in a single directory in the - source tree. (markt) - </scode> - <update> - Update the packaged version of the Tomcat Native Library to 1.2.32 to - pick up Windows binaries built with OpenSSL 1.1.1n.(markt) - </update> - <add> - Improvements to Chinese translations contributed by 15625988003. (markt) - </add> - <add> - Improvements to French translations. (remm) - </add> - <add> - Improvements to Japanese translations contributed by tak7iji. (markt) - </add> - <add> - Expand coverage of translations for <code>jakarta.el</code> package. - Based on <pr>488</pr> from Volodymyr Siedlecki. (markt) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M12 (markt)" rtext="2022-03-14"> - <subsection name="Catalina"> - <changelog> - <fix> - <pr>477</pr>: Update the default list of JARs to skip to include the - Apache Log4j JAR for Jakarta EE platforms. Pull request by Michael - Seele. (markt) - </fix> - <fix> - <bug>65921</bug>: The <code>type</code> substitution flag for the - rewrite valve should set the content type for the response, not the - request. (markt) - </fix> - <fix> - <pr>479</pr>: Enable the rewrite valve to redirect requests when the - original request cannot be mapped to a context. This typically happens - when no ROOT context is defined. Pull request by elkman. (markt) - </fix> - <fix> - <bug>65940</bug>: Fix <code>NullPointerException</code> if an exception - occurs during the destruction of a Servlet. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - Fix regression introduced with <bug>65757</bug> bugfix which better - identified non request threads but which introduced a similar problem - when user code was doing sequential operations in a single thread. - Test case code submitted by Istvan Szekely. (remm) - </fix> - <fix> - Fix potential thread-safety issue that could cause HTTP/1.1 request - processing to wait, and potentially timeout, waiting for additional - data when the full request has been received. (markt) - </fix> - <fix> - Throw <code>IOException</code> rather than - <code>IllegalStateException</code> when the application attempts to - write to an HTTP/2 stream after the client has closed the stream. - (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - When resolving methods in EL expressions that use beans and/or static - fields, ensure that any custom type conversion is considered when - identifying the method to call. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - Correct the name of the <code>value</code> attribute in the new - documentation of <code>OpenSSLConfCmd</code> elements. (rjung) - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <fix> - Fix typo in JPMS substitution configuration for WebSocket client module. - (markt) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M11 (markt)" rtext="2022-02-28"> - <subsection name="Catalina"> - <changelog> - <add> - Add <code>ha-api-*.jar</code> and <code>jaxws-rt-*.jar</code> to the - list of JARs to skip when scanning for TLDs, web fragments and - annotations. (michaelo) - </add> - <add> - Expand the default mappings used by - <code>ServletResponse.setLocale()</code> to include a mapping from the - <code>ja</code> locale to the <code>Shift_JIS</code> encoding. (markt) - </add> - <fix> - <bug>65806</bug>: Improve the handling of session ID generation when the - default algorithm for <code>SecureRandom</code> (<code>SHA1PRNG</code>) - is not supported by the configured providers as will be the case for a - FIPS compliant configuration. (markt) - </fix> - <add> - <pr>463</pr>: Add support for additional user attributes to - <code>TomcatPrincipal</code> and <code>GenericPrincipal</code>. - Patch provided by Carsten Klein. (michaelo) - </add> - <fix> - <pr>464</pr>: Fall back to the class loader used to load JULI when the - thread context class loader is not set. In a normal Tomcat - configuration, this will be the system class loader. Based on a pull - request by jackshirazi. (markt) - </fix> - <fix> - <pr>469</pr>: Include the Jakarata Annotations API in the classes that - Tomcat will not load from web applications. Pull request provided by - ppkarwasz. (markt) - </fix> - <fix> - Fix a potential <code>StringIndexOutOfBoundsException</code> exception - when generating a WebDAV multi-status response after an error during a - copy or delete. Report the paths relative to the server root for any - resources with an error. (markt) - </fix> - <fix> - Improve the format of WebDAV XML responses to make them easier for - humans to read. The change ensures that there is always a line break - before starting a new element. (markt) - </fix> - <fix> - Improve validation of the <code>Destination</code> header for WebDAV - <code>MOVE</code> and <code>COPY</code> requests. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - Correct a regression in the fix for <bug>65454</bug> that meant that - <code>minSpareThreads</code> and <code>maxThreads</code> settings were - ignored when the Connector used an internal executor. (markt) - </fix> - <fix> - <bug>65776</bug>: Improve the detection of the Linux duplicate accept - bug and reduce (hopefully avoid) instances of false positives. (markt) - </fix> - <fix> - <bug>65848</bug>: Revert the change that attempted to align the - behaviour of client certificate authentication with NIO or NIO2 with - OpenSSL for TLS between MacOS and Linux/Windows as the root cause was - traced to configuration differences. (markt) - </fix> - <fix> - <pr>467</pr>: When system time moves backwards (e.g. after clock - correction), ensure that the cached formatted current date used for - HTTP headers tracks this change. Pull request provided by zhenguoli. - (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <pr>474</pr>: Prevent a tag file from corrupting the ELContext of the - calling page. Pull request provided by Dmitri Blinov. (markt) - </fix> - <fix> - Minor optimisation of serialization for <code>FunctionMapperImpl</code> - in response to pull request <pr>476</pr>. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - Remove the applet example from the example web application as applets - are no longer supported in any major browser. (markt) - </fix> - <scode> - Refactor a small number of pages in the examples web application to - avoid an issue with reproducible builds due to differences in file - ordering across different operating systems with Ant's zip task. (markt) - </scode> - <fix> - Better documentation for the <code>protocol</code> attribute of the - <code>JNDIRealm</code>. (markt) - </fix> - <fix> - Clarify the settings described in the documentation web application to - configure a cluster using static membership. (markt) - </fix> - <add> - Add information on the <code>OpenSSLConf</code> and - <code>OpenSSLConfCmd</code> elements to the HTTP SSL configuration page - in the documentation web applications. (markt) - </add> - </changelog> - </subsection> - <subsection name="jdbc-pool"> - <changelog> - <scode> - Use LF line endings for text files in JARs to support reproducible - builds across different operating systems. (markt) - </scode> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <scode> - Use LF line endings for text files in JARs to support reproducible - builds across different operating systems. (markt) - </scode> - <fix> - Fix dependencies for individual test targets in Ant build file. Based on - <pr>468</pr> provided by Totoo chenyonghui. (markt) - </fix> - <update> - Update the OWB module to Apache OpenWebBeans 2.0.26. (remm) - </update> - <fix> - Revert the cherry-pick of JavaDoc fix from DBCP applied in 10.1.0.M9 - that broke the <code>DataSourceMXBean</code> by using a type that isn't - supported by MXBeans. (markt) - </fix> - <add> - Improvements to Chinese translations contributed by cloudgyb, totoo and - Chenyonghui1028. (markt) - </add> - <add> - Improvements to French translations. (remm) - </add> - <add> - Improvements to German translations contributed by Andreas Abraham. - (markt) - </add> - <add> - Improvements to Japanese translations contributed by tak7iji and - Shirayuking. (markt) - </add> - <add> - Improvements to Korean translations. (woonsan) - </add> - <add> - Improvements to Spanish translations contributed by ceciliabarudi. - (markt) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M10 (markt)" rtext="2022-01-20"> - <subsection name="Coyote"> - <changelog> - <fix> - Correct a regression in the fix for <bug>65785</bug> that broke HTTP/2 - server push. (markt) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M9 (markt)" rtext="not released"> - <subsection name="Catalina"> - <changelog> - <fix> - Add missing check in <code>SessionCookieConfig.setAttribute()</code> to - ensure that the method fails if called after the web application has - started. (markt) - </fix> - <fix> - Add additional locking to <code>DataSourceUserDatabase</code> to provide - improved protection for concurrent modifications. (markt) - </fix> - <fix> - Add recycling check in the input and output stream isReady to try to - give a more informative ISE when the facade has been recycled. (remm) - </fix> - <fix> - Make the calculation of the session storage location more robust when - using file based persistent storage. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - <bug>65726</bug>: Implement support for HTTP/1.1 upgrade when the - request includes a body. The maximum permitted size of the body is - controlled by <code>maxSavePostSize</code>. (markt) - </fix> - <fix> - Restore pre-starting of <code>minSpareThreads</code> lost in the fix for - <bug>65454</bug>. (markt) - </fix> - <fix> - Revert the previous fix for <bug>65714</bug> and implement a more - comprehensive fix. (markt) - </fix> - <fix> - Allow freeing up context on JVM shutdown in the OpenSSL Panama module - by properly using a shared scope. (remm) - </fix> - <fix> - <bug>65757</bug>: Missing initial IO listener notification on Servlet - container dispatch to another container thread. (remm) - </fix> - <fix> - Expand the fix for <bug>65757</bug> so that rather than just checking if - processing is happening on a container thread, the check is now if - processing is happening on the container thread currently allocated to - this request/response. (markt) - </fix> - <fix> - Improve the fix for RST frame ordering added in 10.1.0-M8 to avoid a - potential deadlock on some systems in non-default configurations. - (markt) - </fix> - <add> - <bug>65767</bug>: Add support for certificates that use keys encrypted - using PBES2. Based on a pull request provided by xiezhaokun. (markt) - </add> - <scode> - Refactor testing whether a String is a valid HTTP token. (markt) - </scode> - <fix> - <bug>65785</bug>: Perform additional validation of HTTP headers when - using HTTP/2. (markt) - </fix> - <fix> - When a Connector or Endpoint is paused, ensure that only new connections - and new requests on existing connections are stopped while allowing in - progress requests to run to completion. (markt) - </fix> - <fix> - Explicitly release ByteBuffer instances associated with pooled channels - when stopping the NioEndpoint and Nio2Endpoint. (markt) - </fix> - <fix> - Narrow the scope of the logging of invalid cookie headers to just the - invalid cookie rather than the whole cookie header. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>65724</bug>: Fix missing messages for some - <code>PropertyNotWritableException</code>s caused by a typo in the name - used for a resource string. (markt) - </fix> - <add> - Add support for specifying Java 18 (with the value <code>18</code>) as - the compiler source and/or compiler target for JSP compilation. If used - with an Eclipse JDT compiler version that does not support these values, - a warning will be logged and the default will used. - (markt) - </add> - <update> - To align with the JSP 3.1 specification that requires Java 11 as a - minimum, make the default JSP source version and target version Java 11. - (markt) - </update> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <fix> - Remove the <code>ALLOW_UNSUPPORTED_EXTENSIONS</code> system property. As - per RFC 6455, all extensions are optional. If an endpoint declares an - extension that isn't supported there is no need to trigger an error. The - extension can just be excluded from the result of the negotiation. - (markt) - </fix> - <fix> - Remove the <code>DISABLE_BUILTIN_EXTENSIONS</code>. It was added to - enable Tomcat to pass the WebSocket TCK but after updates to the TCK, it - is no longer required. (markt) - </fix> - <add> - Add support for POJO WebSocket endpoints to the programmatic upgrade - that allows applications to opt to upgrade an HTTP connection to - WebSocket. (markt) - </add> - <add> - Add support for the WebSocket 2.1 client-side API for configuring TLS - connection for wss client connections. (markt) - </add> - <fix> - <bug>65763</bug>: Improve handling of WebSocket connection close if a - message write times out before the message is fully written. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <update> - Update the OWB module to Apache OpenWebBeans 2.0.25. (remm) - </update> - <update> - Update the CXF module to Apache CXF 3.5.0. (remm) - </update> - <add> - Improvements to Chinese translations contributed by zhnnn. (markt) - </add> - <add> - Improvements to French translations. (remm) - </add> - <add> - Improvements to Japanese translations contributed by Shirayuking, yoshy - and tak7iji. (markt) - </add> - <add> - Improvements to Korean translations. (woonsan) - </add> - <add> - Improvements to Spanish translations contributed by Israel. (markt) - </add> - <update> - Update SpotBugs to 4.5.2. (markt) - </update> - <update> - Update to the Eclipse JDT compiler 4.22. (markt) - </update> - <update> - Update the NSIS installer to 3.08. (markt) - </update> - <update> - Update UnboundID to 6.0.3. (markt) - </update> - <update> - Update CheckStyle to 9.2.1. (markt) - </update> - <update> - Update BND to 6.1.0. (markt) - </update> - <update> - Update OSGI annotations to 1.1.1. (markt) - </update> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M8 (markt)" rtext="2021-12-08"> - <subsection name="Catalina"> - <changelog> - <update> - Log warning if a listener is not nested inside a Server element - although it must have been. (michaelo) - </update> - <fix> - Where the getter can be called safely, remove the checks for - <code>ServletContext</code> getters called from a - <code>contextInitialized()</code> method of a - <code>ServletContextListener</code> that was not defined in a - <code>web.xml</code> file, a <code>web-fragment.xml</code> file nor - annotated with <code>WebListener</code>. (markt) - </fix> - <fix> - Make SPNEGO authentication more robust for the case where the provided - credential has expired. (markt) - </fix> - <fix> - Limit cookie support to RFC 6265 to align with recent updates to the - Servlet specification. (markt) - </fix> - <fix> - <bug>65684</bug>: Fix a potential <code>NullPointerException</code> when - using JULI. (markt) - </fix> - <docs> - Document conditions under which the <code>AprLifecycleListener</code> - can be used to avoid JVM crashes. (michaelo) - </docs> - <fix> - Refactor the <code>AsyncFileHandler</code> to reduce the possibility of - log messages being lost on shutdown. (markt) - </fix> - <update> - Refactor the <code>AsyncFileHandler</code> to remove the need for the - <code>org.apache.juli.AsyncLoggerPollInterval</code>. If set, this - property now has no effect. (markt) - </update> - <add> - Add debug logging to the <code>RestCsrfPreventionFilter</code>. Based on - pull request <pr>452</pr> by Polina Georgieva. (markt) - </add> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <add> - Use implicit scopes in the OpenSSL Panama module to tie the cleanup of - OpenSSL memory to the Java GC. (remm) - </add> - <add> - Provide protection against a known <a - href="https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1924298";>OS - bug</a> that causes the acceptor to report an incoming connection more - than once. (markt) - </add> - <fix> - Avoid unnecessary duplicate read registrations for blocking I/O with the - NIO connector. (markt) - </fix> - <fix> - <bug>65677</bug>: Improve exception handling for errors during HTTP/1.1 - reads with NIO2. (markt) - </fix> - <fix> - When an error occurs that triggers a stream reset, ensure that the first - <code>RST</code> frame sent to the client is the one associated with the - error that triggered the reset. (markt) - </fix> - <fix> - <bug>65714</bug>: Fix exceptions when the security manager is enabled - and the first request received after starting is an HTTP request to a - TLS enabled NIO2 connector. (markt) - </fix> - <add> - Ensure that using NIO or NIO2 with OpenSSL for TLS behaves the same way - on MacOS as it does on Linux and Windows when no trusted certificate - authorities are configured and reject all client certificates. (markt) - </add> - <fix> - Avoid a potential deadlock during the concurrent processing of incoming - HTTP/2 frames for a stream and that stream being reset. (markt) - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <add> - Update the WebSocket API packaging to remove the copy of the client API - from the server API and replace it with a dependency on the client API. - This aligns Tomcat with changes in the WebSocket 2.1 specification. - (markt) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M7 (markt)" rtext="2021-11-15"> - <subsection name="Catalina"> - <changelog> - <scode> - Refactor <code>HttpServlet</code> so the default <code>doHead()</code> - implementation now calls <code>doGet()</code> and relies on the - container to ensure that the response body is not sent. The previous - behaviour (wrapping the response) may be enabled per Servlet by setting - the <code>jakarta.servlet.http.legacyDoHead</code> Servlet - initialisation parameter to <code>true</code>. This aligns Tomcat with - recent changes updates for Servlet 6.0 in the Jakarta Servlet - specification project. (markt) - </scode> - <add> - Add support for setting generic attributes for session cookies. This - aligns Apache Tomcat with recent changes in the Jakarta Servlet - specification project. (markt) - </add> - <fix> - Do not add a trailing <code>/</code> to a request URI during - canonicalization. (markt) - </fix> - <fix> - Invalid byte sequences (typically in %nn form) in a request URi that are - not valid for the given URI encoding now trigger a 400 response. (markt) - </fix> - <fix> - Ensure that a request URI starts with a <code>/</code>. (markt) - </fix> - <add> - Add a new Connector option, <code>rejectSuspiciousURIs</code> that will - causes 'suspicious' (see the Servlet 6.0 specification) URIs to be - rejected with a 400 response. (markt) - </add> - <fix> - Improve robustness of JNDIRealm for exceptions occurring when getting - the connection. Also add missing close when running into issues - getting the passord of a user. (remm) - </fix> - <docs> - Add Javadoc comment which listeners must be nested within - <code>Server</code> elements only. (michaelo) - </docs> - <add> - Add support for custom caching strategies for web application resources. - This initial implementation allows control over whether or not a - resource is cached. (markt) - </add> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <scode> - Improve performance of Connector shutdown - primarily to reduce the time - it takes to run the test suite. (markt) - </scode> - <add> - <pr>457</pr>: Add a <code>toString()</code> method to - <code>MimeHeader</code> to aid debugging. (dblevins) - </add> - <add> - Add experimental OpenSSL support through the Panama API incubating in - Java 17, with support for OpenSSL 1.1+. This no longer requires - tomcat-native or APR. Please refer to the <code>openssl-java17</code> - module for more details. (remm) - </add> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <update> - Regenerate the EL parser using JavaCC 7.0.10. (markt) - </update> - <fix> - Fix a bug that prevented the EL parser correctly parsing a literal Map - that used variables rather than literals for both keys and values. - (markt) - </fix> - <update> - Ensure that the <code>getType()</code> method of any - <code>ELResolver</code> implementation returns <code>null</code> if - either the <code>ELResolver</code> or the resolved property is read-only - to align Tomcat with recent updates in the Jakarta EL specification - project. (markt) - </update> - <fix> - Implement an alternative solution to support the JSP page directive - attribute <code>isThreadSafe</code> now that the - <code>SingleThreadModel</code> interface has been removed from the - Servlet API. The new approach synchronizes the <code>service()</code> - method. - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <update> - Add a new method<code> - ServerEndpointConfig.Configurator.getContainerDefaultConfigurator() - </code>to align with recent updates in the WebSocket specification - project. (markt) - </update> - <update> - Add a new method <code>ServerContainer.upgradeHttpToWebSocket()</code> - to align with recent updates in the WebSocket specification project. - (markt) - </update> - </changelog> - </subsection> - <subsection name="Tribes"> - <changelog> - <fix> - <pr>454</pr>: Differentiate warning messages in - <code>KubernetesMembershipProvider</code> so that the missing attribute - is clear to the user. PR provided by Hal Deadman. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <fix> - Switch from Cobertura to JaCoCo for code coverage as Cobertura does not - support code coverage for code compiled for Java 11 onwards. It also - removes the need to use a single thread to run the tests. (markt) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M6 (markt)" rtext="2021-10-01"> - <subsection name="Catalina"> - <changelog> - <fix> - Provide the DataSource in the constructor of - <code>DataSourceUserDatabase</code>, since it is always global. (remm) - </fix> - <fix> - Fix delete then create object manipulations with - <code>DataSourceUserDatabase</code>. (remm) - </fix> - <update> - Remove all deprecated code from the Servlet API to align Tomcat with - recent changes in the Jakarta Servlet specification project. (markt) - </update> - <add> - Add the currently available Jakarta EE 10 schemas from the Jakarta EE - schema project. (markt) - </add> - <add> - Implement the new connection ID and request ID API for Servlet 6.0. - (markt) - </add> - <fix> - <bug>65553</bug>: Implement a work-around for a - <a href="https://bugs.openjdk.java.net/browse/JDK-8273874";>JRE bug</a> - that can trigger a memory leak when using the JNDI realm. (markt) - </fix> - <fix> - <bug>65586</bug>: Fix the bloom filter used to improve performance of - archive file look ups in the web resources implementation so it works - correctly for directory lookups whether or not the provided directory - name includes the trailing <code>/</code>. (markt) - </fix> - <fix> - <pr>451</pr>: Improve the usefulness of the thread name cache used in - JULI. Pull request provided by t-gergely. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - <bug>65563</bug>: Correct parsing of HTTP <code>Content-Range</code> - headers. Tomcat was incorrectly requiring an <code>=</code> character - after <code>bytes</code>. Fix based on pull request <pr>449</pr> by - Thierry Guérin. (markt) - </fix> - <fix> - Correct a potential <code>StackOverflowException</code> with HTTP/2 and - sendfile. (markt) - </fix> - <fix> - Further improvements in the management of the connection flow control - window. This addresses various bugs that caused streams to incorrectly - report that they had timed out waiting for an allocation from the - connection flow control window. (markt) - </fix> - <fix> - <bug>65577</bug>: Fix a <code>AccessControlException</code> reporting - when running an NIO2 connector with TLS enabled. (markt) - </fix> - <update> - Reclassify TLS ciphers that use AESCCM8 as medium security rather than - high security to align with recent changes in OpenSSL. (markt) - </update> - <fix> - Fix an issue that caused some Servlet non-blocking API reads of the HTTP - request body to incorrectly use blocking IO. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <scode> - Deprecate <code>ELResolver.getFeatureDescriptors</code> to align Tomcat - with recent updates in the Jakarta EL specification project. (markt) - </scode> - <add> - Add support for default methods to <code>BeanRELResolver</code> to align - Tomcat with recent updates in the Jakarta EL specification project. - (markt) - </add> - <add> - Add support for <code>MethodReference</code> and the associated getter - on <code>MethodExpression</code> to align Tomcat with recent updates in - the Jakarta EL specification project. (markt) - </add> - <add> - Refactor <code>ScopedAttributeELResolver</code> to separate out the - functionality that is unrelated to scoped attributes into two new - resolvers: <code>ImportELResolver</code> and - <code>NotFoundELResolver</code>. This aligns Tomcat with recent updates - to the Jakarta Server Pages specification. (markt) - </add> - <fix> - Fix the implementation of <code>MethodExpression.getMethodInfo()</code> - so that it returns the expected value rather than failing when the - method expression is defined with the parameter values in the expression - rather than the types being passed explicitly to - <code>ExpressionFactory.createMethodExpression()</code>. (markt) - </fix> - <add> - Add support for a new page/tag directive <code>errorOnELNotFound</code> - that can be used to trigger an identifier if an EL expression in a - page/tag contains an identifier that cannot be resolved. (markt) - </add> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <fix> - The internal upgrade handler should close the associated - <code>WebConnection</code> on destroy. (remm) - </fix> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <update> - Update the web applications that are included with Apache Tomcat to use - the Jakarta EE 10 schema for web.xml. (markt) - </update> - <fix> - Clarify the JASPIC configuration options in the documentation web - application. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <fix> - <bug>65585</bug>: Update obsolete comments at the start of the - <code>build.properties.default</code> file. (markt) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M5 (markt)" rtext="2021-09-10"> - <subsection name="Catalina"> - <changelog> - <fix> - Enable Tomcat to start if an (old) XML parser is configured that does - not support <code>allow-java-encodings</code>. A warning will be logged - if such an XML parser is detected. (markt) - </fix> - <fix> - Change the behaviour of custom error pages. If an error occurs after the - response is committed, once the custom error page content has been added - to the response the connection is now closed immediately rather than - closed cleanly. i.e. the last chunk that marks the end of the response - body is no longer sent. This acts as an additional signal to the client - that the request experienced an error. (markt) - </fix> - <fix> - <bug>65479</bug>: When handling requests using JASPIC authentication, - ensure that <code>PasswordValidationCallback.getResult()</code> returns - the result of the password validation rather than always returning - <code>false</code>. Fixed via pull request <pr>438</pr> provided by - Robert Rodewald. (markt) - </fix> - <update> - Improve the reusability of the <code>UserDatabase</code> by adding - intermediate concrete implementation classes and allowing to do - partial database updates on <code>save</code>. (remm) - </update> - <scode> - Refactor the authenticators to delegate the check for preemptive - authentication to the individual authenticators where an authentication - scheme specific check can be performed. Based on pull request - <pr>444</pr> by Robert Rodewald. (markt) - </scode> - <add> - Add a <code>UserDatabase</code> implementation as a superset of the - <code>DataSourceRealm</code> functionality. (remm) - </add> - <fix> - Make sure the dynamic Principal returned by - <code>UserDatabaseRealm</code> stays up to date with the database - contents, and add an option to have it be static, similar to the other - realms. (remm) - </fix> - <add> - Add <code>derby-*.jar</code> to the list of JARs to skip when scanning - for TLDs, web fragments and annotations. (markt) - </add> - <fix> - <pr>447</pr>. Correct JPMS metadata for catalina.jar. Pull request - provided by Hui Wang. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - Correct a logic error that meant setting - <code>certificateKeystoreFile</code> to <code>NONE</code> did not have - the expected effect. <code>NONE</code> was incorrectly treated as a file - path. Patch provided by Mikael Sterner. (markt) - </fix> - <scode> - Remove the deprecated APR/Native connector which includes the HTTP APR - and the AJP APR connector. Also remove the Java interfaces to the - APR/Native library that are not used by the OpenSSL integration for the - NIO and NIO2 connectors. (markt) - </scode> - <scode> - Refactor the JSSE/OpenSSL integration to avoid the use of - <code>finalize()</code>. (markt) - </scode> - <fix> - <bug>65505</bug>: When an HTTP header value is removed, ensure that the - order of the remaining header values is unchanged. (markt) - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <fix> - <bug>65506</bug>: Fix write timeout check that was using the read - timeout value. Patch submitted by Gustavo Mahlow. (remm) - </fix> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - Remove unnecessary Context settings from the examples web application. - (markt) - </fix> - <fix> - Document default value for <code>unpackWARs</code> and related clean-up. - Pull request <pr>439</pr> provided by Robert Rodewald. (markt) - </fix> - <fix> - Clarify the documentation of the <code>compressionMinSize</code> and - <code>compressibleMimeType</code> HTTP <code>Connector</code> - attributes. Pull request <pr>442</pr> provided by crisgeek. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Tribes"> - <changelog> - <scode> - Refactor the <code>ParallelNioSender</code> to avoid the use of - <code>finalize()</code>. (markt) - </scode> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <fix> - Fix failing build when building on non-English locales. Pull request - <pr>441</pr> provided by Dachuan J. (markt) - </fix> - <update> - Update to JSign version 4.0 to enable code signing without the need for - the installation of additional client tools. (markt) - </update> - <update> - Add Apache Derby 10.15.2.0 to the testsuite dependencies, for JDBC - and DataSource testing. (remm) - </update> - <add> - Update the internal fork of Apache Commons BCEL to 40d5eb4 (2021-09-01, - 6.6.0-SNAPSHOT). Code clean-up only. (markt) - </add> - <add> - Update the internal fork of Apache Commons Codec to fd44e6b (2021-09-01, - 1.16-SNAPSHOT). Minor refactoring. (markt) - </add> - <add> - <bug>65661</bug>: Update the internal fork of Apache Commons FileUpload - to 33d2d79 (2021-09-01, 2.0-SNAPSHOT). Refactoring and code clean-up. As - a result of Commons File Upload now using - <code>java.nio.file.Files</code>, applications using multi-part uploads - need to ensure that the JVM is configured with sufficient direct memory - to store all in progress multi-part uploads. (markt) - </add> - <add> - Update the internal fork of Apache Commons Pool to 2.11.1 (2021-08-17). - Improvements, code clean-up and refactoring. (markt) - </add> - <add> - Update the internal fork of Apache Commons DBCP to 2.9.0 (2021-08-03). - Improvements, code clean-up and refactoring. (markt) - </add> - <update> - Update the packaged version of the Tomcat Native Library to 1.2.31 to - pick up Windows binaries built with OpenSSL 1.1.1l.(markt) - </update> - <update> - Switch to the CDN as the primary download location for ASF dependencies. - (markt) - </update> - <add> - Improvements to Chinese translations contributed by syseal, wolibo, - ZhangJieWen and DigitalFatCat. (markt) - </add> - <add> - Improvements to French translations. (remm) - </add> - <add> - Improvements to Japanese translations contributed by tak7iji. (markt) - </add> - <add> - Improvements to Korean translations. (woonsan) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M4 (markt)" rtext="2021-08-06"> - <subsection name="WebSocket"> - <changelog> - <fix> - Correct a regression in the Java 8 to Java 11 changes made in 10.1.0-M3 - that caused all WebSocket end points to fail to register. (markt) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M3 (markt)" rtext="not released"> - <subsection name="General"> - <changelog> - <update> - Update the minimum required Java version to Java 11. (markt) - </update> - </changelog> - </subsection> - <subsection name="Catalina"> - <changelog> - <scode> - Incremented the supported Jakarta Servlet version to 6.0 to align with - the current development branch of the Jakarta Servlet specification. - Plans have changed and the next iteration of the Servlet specification - will be 6.0 rather than 5.1. (markt) - </scode> - <fix> - <bug>65411</bug>: Always close the connection when an uncaught - <code>NamingException</code> occurs to avoid connection locking. - Submitted by Ole Ostergaard. (remm) - </fix> - <fix> - <bug>65433</bug>: Correct a regression in the fix for <bug>65397</bug> - where a <code>StringIndexOutOfBoundsException</code> could be triggered - if the canonical path of the target of a symlink was shorter than the - canonical path of the directory in which the symlink had been created. - Patch provided by Cedomir Igaly. (markt) - </fix> - <add> - <bug>65443</bug>: Refactor the <code>CorsFilter</code> to make it easier - to extend. (markt) - </add> - <fix> - To avoid unnecessary cache revalidation, do not add an HTTP - <code>Expires</code> header when setting adding an HTTP header of - <code>CacheControl: private</code>. (markt) - </fix> - <scode> - Refactor JULI's custom <code>LogManager</code>, the - web application class loader implementation, the web resources - implementation, the <code>JreLeakPreventionListener</code> - implementation and the <code>StandardJarScanner</code> implementation to - remove Java 8 specific code now that the minimum Java version has been - increased to 11. (markt) - </scode> - <scode> - Remove all references to the endorsed standards override feature and the - specifying of optional packages (extensions) in the manifest as these - are not supported in Java 11. (markt) - </scode> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - When writing an HTTP/2 response via sendfile (only enabled when - <code>useAsyncIO</code> is true) the connection flow control window was - sometimes ignored leading to various error conditions. sendfile now - checks both the stream and connection flow control windows before - writing. (markt) - </fix> - <add> - Add debug logging for writing an HTTP/2 response via sendfile. (markt) - </add> - <fix> - Correct bugs in the HTTP/2 connection flow control management that meant - it was possible for a connection to stall waiting for a connection flow - control window update that had already arrived. Any streams on that - connection that were trying to write when this happened would time out. - (markt) - </fix> - <fix> - <bug>65448</bug>: When using TLS with NIO, it was possible for a - blocking response write to hang just before the final TLS packet - associated with the response until the connection timed out at which - point the final packet would be sent and the connection closed. (markt) - </fix> - <fix> - <bug>65454</bug>: Fix a race condition that could result in a delay to - a new request. The new request could be queued to wait for an existing - request to finish processing rather than the thread pool creating a new - thread to process the new request. (markt) - </fix> - <fix> - <bug>65460</bug>: Correct a regression introduced in the previous - release in the change to reduce the number of small HTTP/2 window - updates sent for streams. A logic error meant that small window updates - for the connection were dropped. This meant that the connection flow - window slowly reduced over time until nothing could be sent. (markt) - </fix> - <fix> - Remove NIO workarounds and code that is no longer needed with Java 11. - (remm) - </fix> - <scode> - Refactor the endpoints to remove Java 8 specific code now that the - minimum Java version has been increased to 11. (markt) - </scode> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <scode> - Add additional generics to the EL API to align with the latest changes - in the EL specification project. (markt) - </scode> - <add> - Enable EL lambda expressions to be coerced to functional interfaces. - This is an implementation of a proposed extension to the Jakarta - Expression Language specification. (markt) - </add> - <scode> - Refactor the EL API and implementation to remove Java 8 specific code - now that the minimum Java version has been increased to 11. (markt) - </scode> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <scode> - Refactor the WebSocket implementation to remove Java 8 specific code now - that the minimum Java version has been increased to 11. (markt) - </scode> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - <bug>65404</bug>: Correct a regression in the fix for <bug>63362</bug> - that caused the server status page in the Manager web application to be - truncated if HTTP upgrade was used such as when starting a WebSocket - connection. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <add> - Improvements to Chinese translations contributed by ZhangJieWen and - chengzheyan. (markt) - </add> - <add> - Improvements to French translations. (remm) - </add> - <add> - Improvements to Japanese translations contributed by tak7iji. (markt) - </add> - <add> - Improvements to Korean translations. (woonsan) - </add> - <fix> - Use of GraalVM native images no longer automatically disables JMX - support. JMX support may still be disabled by calling - <code>org.apache.tomcat.util.modeler.Registry.disableRegistry()</code>. - (markt) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M2 (markt)" rtext="2021-07-02"> - <subsection name="Catalina"> - <changelog> - <scode> - Refactor the <code>RemoteIpValve</code> to use the common utility method - for list to comma separated string conversion. (markt) - </scode> - <scode> - Refactor <code>JNDIRealm$JNDIConnection</code> so its fields are - accessible to sub-classes of <code>JNDIRealm</code>. (markt) - </scode> - <fix> - Fix serialization warnings in <code>UserDatabasePrincipal</code> - reported by SpotBugs. (markt) - </fix> - <fix> - <bug>65397</bug>: Calls to - <code>ServletContext.getResourcePaths()</code> no longer include - symbolic links in the results unless <code>allowLinking</code> has been - set to <code>true</code>. If a resource is skipped because of this - change, a warning will be logged as this typically indicates a - configuration issue. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - <bug>65368</bug>: Improve handling of clean closes of inbound TLS - connections. Treat them the same way as clean closes of non-TLS - connections rather than as unknown errors. (markt) - </fix> - <fix> - Modify the HTTP/2 connector not to sent small updates for stream flow - control windows to the user agent as, depending on how the user agent is - written, this may trigger small writes from the user agent that in turn - trigger the overhead protection. Small updates for stream flow control - windows are now combined with subsequent flow control window updates for - that stream to ensure that all stream flow control window updates sent - from Tomcat are larger than <code>overheadWindowUpdateThreshold</code>. - (markt) - </fix> - <add> - Add additional debug logging to track the current state of the HTTP/2 - overhead count that Tomcat uses to detect and close potentially - malicious connections. (markt) - </add> - <update> - Many HTTP/2 requests from browsers will trigger one overhead frame and - one non-overhead frame. Change the overhead calculation so that a - non-overhead frame reduces the current overhead count by 2 rather than - 1. This means that, over time, the overhead count for a well-behaved - connection will trend downwards. (markt) - </update> - <update> - Change the initial HTTP/2 overhead count from <code>-10</code> to - <code>-10 * overheadCountFactor</code>. This means that, regardless of - the value chosen for <code>overheadCountFactor</code>, when a connection - opens 10 overhead frames in a row will be required to trigger the - overhead protection. (markt) - </update> - <update> - Increase the default <code>overheadCountFactor</code> from - <code>1</code> to <code>10</code> and change the reduction in overhead - count for a non-overhead frame from <code>-2</code> to <code>-20</code>. - This allows for a larger range (0-20) to be used for - <code>overheadCountFactor</code> providing for finer-grained control. - (markt) - </update> - <fix> - Modify the parsing of HTTP header values that use the - <code>1#token</code> to ignore empty elements as per RFC 7230 section 7 - instead of treating the presence of empty elements as an error. (markt) - </fix> - <fix> - Expand the unit tests for <code>HttpServlet.doHead()</code> and correct - the flushing of the response buffer. The buffer used to behave as if it - was one byte smaller than the configured size. The buffer was flushed - (and the response committed if required) when the buffer was full. The - buffer is now flushed (and the response committed if required) if the - buffer is full and there is more data to write. (markt) - </fix> - <fix> - Fix an issue where concurrent HTTP/2 writes (or concurrent reads) to the - same connection could hang and eventually timeout when async IO was - enabled (it is enabled by default). (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>65387</bug>: Correct a regression in the fix for <bug>65124</bug> - and restore the local definition of <code>out</code> for tags that - implement <code>TryCatchFinally</code>. (markt) - </fix> - <fix> - <bug>65390</bug>: Correct a regression in the fix for <bug>65124</bug> - and restore code that was removed in error leading to JSP compilation - failures in some circumstances. (markt) - </fix> - <update> - Update to the Eclipse JDT compiler 4.20. (markt) - </update> - <add> - Add support for specifying Java 17 (with the value <code>17</code>) as - the compiler source and/or compiler target for JSP compilation. If used - with an Eclipse JDT compiler version that does not support these values, - a warning will be logged and the latest supported version will used. - (markt) - </add> - <fix> - <bug>65377</bug>: Update the Java code generation for JSPs not to use - the boxed primitive constructors as they have been deprecated in Java 9 - and marked for future removal in Java 16. <code>valueOf()</code> is now - used instead. (markt) - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <scode> - Refactor the <code>DigestAuthenticator</code> to reuse a shared - <code>SecureRandom</code> instance rather than create a new one to - generate the <code>cnonce</code> if required. (markt) - </scode> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - <bug>65385</bug>: Correct the link in the documentation web application - the Maven Central repository. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <add> - Use JSign to integrate the build script with the code signing service to - enable release builds to be created on Linux as well as Windows. (markt) - </add> - <update> - Update the OWB module to Apache OpenWebBeans 2.0.23. (remm) - </update> - <update> - Update the CXF module to Apache CXF 3.4.4. (remm) - </update> - <fix> - <bug>65369</bug> / <pr>422</pr>: Add the additional - <code>--add-opens=...</code> options required for running Tomcat on Java - 16 onwards to the <code>service.bat</code> script to align it with the - other start-up scripts. PR provided by MCMicS. (markt) - </fix> - <add> - Improvements to French translations. (remm) - </add> - <add> - Improvements to Korean translations. (woonsan) - </add> - <update> - Update JUnit to version 4.13.2. (markt) - </update> - <update> - Update EasyMock to 4.3. (markt) - </update> - <update> - Update Objenesis to 3.2. (markt) - </update> - <update> - Update UnboundID to 6.0.0. (markt) - </update> - <update> - Update CheckStyle to 8.43. (markt) - </update> - <update> - Update SpotBugs to 4.2.3. (markt) - </update> - <update> - Update OSGi annotations to 1.1.0. (markt) - </update> - </changelog> - </subsection> -</section> -<section name="Tomcat 10.1.0-M1 (markt)" rtext="2021-06-15"> +<section name="Tomcat 11.0.0-M1 (markt)" rtext="in development"> <subsection name="General"> <changelog> <scode> This release contains all of the changes up to and including those in Apache Tomcat 10.0.6 plus the additional changes listed below. (markt) </scode> - <scode> - Remove code previously marked for removal in Tomcat 10.1.x. (markt) - </scode> - </changelog> - </subsection> - <subsection name="Catalina"> - <changelog> - <scode> - Incremented the supported Jakarta Servlet version to 5.1 to align with - the current development branch of the Jakarta Servlet specification. - (markt) - </scode> - <fix> - <bug>65301</bug>: <code>RemoteIpValve</code> will now avoid getting - the local host name when it is not needed. (remm) - </fix> - <fix> - <bug>65308</bug>: NPE in JNDIRealm when no <code>userRoleAttribute</code> - is given. (fschumacher) - </fix> - <add> - <pr>412</pr>: Add commented out, sample users for the Tomcat Manager app - to the default <code>tomcat-users.xml</code> file. Based on a PR by - Arnaud Dagnelies. (markt) - </add> - <add> - <pr>418</pr>: Add a new option, <code>pass-through</code>, to the - default servlet's <code>useBomIfPresent</code> initialization parameter - that causes the default servlet to leave any BOM in place when - processing a static file and not to use the BOM to determine the - encoding of the file. Based on a pull request by Jean-Louis Monteiro. - (markt) - </add> - <fix> - <pr>419</pr>: When processing POST requests of type - <code>multipart/form-data</code> for parts without a filename that are - added to the parameter map in String form, check the size of the part - before attempting conversion to String. Pull request provided by - tianshuang. (markt) - </fix> - <add> - Implement the new <code>Cookie</code> methods - <code>setAttribute()</code>, <code>getAttribute()</code> and - <code>getAttributes()</code> introduced in Servlet 6.0. (markt) - </add> - <fix> - AprLifecycleListener does not show dev version suffix for libtcnative - and libapr. (michaelo) - </fix> - <update> - Refactor principal handling in <code>UserDatabaseRealm</code> using - an inner class that extends <code>GenericPrincipal</code>. (remm) - </update> - <fix> - Enable the default <code>doHead()</code> implementation in - <code>HttpServlet</code> to correctly handle responses where the content - length needs to be represented as a long since it is larger than the - maximum value that can be represented by an int. (markt) - </fix> - <fix> - Avoid synchronization on roles verification for the memory - <code>UserDatabase</code>. (remm) - </fix> - <fix> - Fix the default <code>doHead()</code> implementation in - <code>HttpServlet</code> to correctly handle responses where the Servlet - calls <code>ServletResponse.reset()</code> and/or - <code>ServletResponse.resetBuffer()</code>. (markt) - </fix> - <fix> - Fix the default <code>doHead()</code> implementation in - <code>HttpServlet</code> to correctly handle responses generated using - the Servlet non-blocking API. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - <bug>65303</bug>: Fix a possible <code>NullPointerException</code> if - an error occurs on an HTTP/1.1 connection being upgraded to HTTP/2 or on - a pushed HTTP/2 stream. (markt) - </fix> - <update> - Simplify AprEndpoint socket bind for all platforms. (michaelo) - </update> - <fix> - <bug>65340</bug>: Add missing check for a negative return value for - <code>Hpack.decodeInteger</code> in the <code>HpackDecoder</code>, - which could cause a <code>NegativeArraySizeException</code> exception. - Submitted by Thomas, and verified the fix is present in the donated - hpack code in a further update. (remm) - </fix> - <add> - Add debug logging for HTTP/2 HPACK header decoding. (markt) - </add> - <fix> - Correct parsing of HTTP headers consisting of a list of tokens so that a - header with an empty token is treated consistently regardless of whether - the empty token is at the start, middle or end of the list of tokens. - (markt) - </fix> - <fix> - Remove support for the <code>identity</code> transfer encoding. The - inclusion of this encoding in RFC 2616 was an error that was corrected - in 2001. Requests using this transfer encoding will now receive a 501 - response. (markt) - </fix> - <fix> - Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1 - clients. (markt) - </fix> - <fix> - Ensure that if the transfer encoding header contains the - <code>chunked</code>, that the <code>chunked</code> encoding is the - final encoding listed. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <scode> - Incremented the supported Jakarta Expression Language version to 5.0 to - align with the current development branch of the Jakarta Expression - Language specification. (markt) - </scode> - <scode> - Review code used to generate Java source from JSPs and tags and remove - code found to be unnecessary. (markt) - </scode> - <scode> - Refactor use of internal <code>ChildInfo</code> class to use compile - time type checking rather than run time type checking. (markt) - </scode> - <fix> - <bug>65124</bug>: Partial fix. When generating Java source code to call - a tag handler, only define the local variable <code>JspWriter out</code> - when it is going to be used. (markt) - </fix> - <scode> - Add generics to the EL 5.0 API to align with the current EL 5.0 - development branch. (markt) - </scode> - <update> - Update the <code>web-fragment.xml</code> included in - <code>jasper.jar</code> and <code>jasper-el.jar</code> to use the - Servlet 5.0 schema. (markt) - </update> - <fix> - Update JspC to generate <code>web.xml</code> and - <code>web-fragment.xml</code> files using Servlet 5.0 schemas. (markt) - </fix> - <scode> - Remove the deprecated method - <code>MethodExpression.isParmetersProvided()</code> from the EL API to - align with the current EL 5.0 development branch. (markt) - </scode> - <fix> - <bug>65358</bug>: Improve expression language method matching for - methods with varargs. Where multiple methods may match the provided - parameters, the method that requires the fewest varargs is preferred. - (markt) - </fix> - <add> - <bug>65332</bug>: Add a commented out section in - <code>catalina.policy</code> that provides the necessary permissions to - compile JSPs with javac when running on Java 9 onwards with a security - manager. It is commented out as it will cause errors if used with - earlier Java versions. (markt) - </add> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <fix> - <bug>65317</bug>: When using <code>permessage-deflate</code>, the - WebSocket connection was incorrectly closed if the uncompressed payload - size was an exact multiple of 8192. Based on a patch provided by Saksham - Verma. (markt) - </fix> - <update> - Update the <code>web-fragment.xml</code> included in - <code>tomcat-websocket.jar</code> to use the Servlet 5.0 schema. (markt) - </update> - <fix> - <bug>65342</bug>: Correct a regression introduced with the fix for - <bug>65262</bug> that meant Tomcat's WebSocket implementation would only - work with Tomcat's implementation of the Jakarta WebSocket API. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - Improve the description of the <code>maxConnections</code> and - <code>acceptCount</code> attributes in the Connector section of the - documentation web application. (markt) - </fix> </changelog> </subsection> <subsection name="Other"> <changelog> - <add> - Improvements to French translations. (remm) - </add> - <add> - Improvements to Korean translations. (woonsan) - </add> - <fix> - <bug>65362</bug>: Correct a regression in the previous release. The - change to create OSGi <code>Require-Capability</code> sections in - manifests for Jakarta API JARs manually rather than with bnd annotations - did not add the necessary manual entries to the embedded JARs. (markt) - </fix> <update> - Update the packaged version of the Tomcat Native Library to 1.2.30. Also - update the minimum recommended version to 1.2.30. (markt) + Update to Commons Daemon 1.3.2. (markt) </update> </changelog> </subsection> diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml index 8b6ace9a42..61413829cb 100644 --- a/webapps/docs/config/http.xml +++ b/webapps/docs/config/http.xml @@ -1162,7 +1162,7 @@ <p>In addition to the standard TLS related request attributes defined in section 3.10 of the Servlet specification, Tomcat supports a number of additional TLS related attributes. The full list may be found in the <a - href="http://tomcat.apache.org/tomcat-10.1-doc/api/index.html";>SSLSupport + href="http://tomcat.apache.org/tomcat-11.0-doc/api/index.html";>SSLSupport Javadoc</a>.</p> <p>For more information, see the diff --git a/webapps/docs/tomcat-docs.xsl b/webapps/docs/tomcat-docs.xsl index 557788b7d6..0af22d75b4 100644 --- a/webapps/docs/tomcat-docs.xsl +++ b/webapps/docs/tomcat-docs.xsl @@ -36,9 +36,9 @@ <xsl:param name="subdir" select="''"/> <xsl:param name="relative-path" select="'.'"/> <!-- Keep versions in sync with build.xml --> - <xsl:param name="version" select="'10.1.x'"/> - <xsl:param name="majorversion" select="'10'"/> - <xsl:param name="majorminorversion" select="'10.1'"/> + <xsl:param name="version" select="'11.0.x'"/> + <xsl:param name="majorversion" select="'11'"/> + <xsl:param name="majorminorversion" select="'11.0'"/> <xsl:param name="minjavaversion" select="'11'"/> <xsl:param name="buildjavaversion" select="'11'"/> <xsl:param name="antversionrequired" select="'1.10.2'"/> @@ -48,7 +48,7 @@ <xsl:param name="buglink" select="'https://bz.apache.org/bugzilla/show_bug.cgi?id='"/> <xsl:param name="prlink" select="'https://github.com/apache/tomcat/pull/'"/> <xsl:param name="revlink" select="'https://svn.apache.org/viewvc?view=rev&rev='"/> - <xsl:param name="doclink" select="'https://tomcat.apache.org/tomcat-10.1-doc'"/> + <xsl:param name="doclink" select="'https://tomcat.apache.org/tomcat-11.0-doc'"/> <xsl:param name="sylink" select="'https://tomcat.apache.org/security-10.html'"/> <xsl:param name="dllink" select="'https://tomcat.apache.org/download-10.cgi'"/> <xsl:param name="sitedir" select="''"/> diff --git a/webapps/docs/web-socket-howto.xml b/webapps/docs/web-socket-howto.xml index 20cf2caf38..49d155bd25 100644 --- a/webapps/docs/web-socket-howto.xml +++ b/webapps/docs/web-socket-howto.xml @@ -103,37 +103,6 @@ timeout as a <code>String</code> in milliseconds. The default is 5000 (5 seconds).</p> -<p>When using the WebSocket client to connect to secure server endpoints, the - client SSL configuration should be configured via - <code>jakarta.websocket.ClientEndpointConfig.getSSLContext()</code>. Tomcat - 10.1.x still supports the pre-WebSocket 2.1 configuration method where TLS - configuration was via the <code>userProperties</code> of the provided - <code>jakarta.websocket.ClientEndpointConfig</code>. However, this approach - is deprecated and will be removed in Tomcat 11. The following user properties - are supported:</p> - <ul> - <li><code>org.apache.tomcat.websocket.SSL_CONTEXT</code></li> - <li><code>org.apache.tomcat.websocket.SSL_PROTOCOLS</code></li> - <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code></li> - <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code></li> - </ul> - <p>The default truststore password is <code>changeit</code>.</p> - -<p>If the <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> property is - set then the <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code> and - <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code> properties - will be ignored.</p> - -<p>For secure server end points, host name verification is enabled by default. - To bypass this verification (not recommended), it is necessary to provide a - custom <code>SSLContext</code> via the - <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> user property. The - custom <code>SSLContext</code> must be configured with a custom - <code>TrustManager</code> that extends - <code>javax.net.ssl.X509ExtendedTrustManager</code>. The desired verification - (or lack of verification) can then be controlled by appropriate - implementations of the individual abstract methods.</p> - <p>When using the WebSocket client to connect to server endpoints, the number of HTTP redirects that the client will follow is controlled by the <code>userProperties</code> of the provided --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
