Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1636366&r1=1636365&r2=1636366&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Nov 3 14:49:44 2014 @@ -44,2572 +44,16 @@ They eventually become mixed with the numbered issues. (I.e., numbered issues to not "pop up" wrt. others). --> -<section name="Tomcat 8.0.16 (markt)"> - <subsection name="Coyote"> - <changelog> - <fix> - Allow HTTP upgrade process to complete without data corruption when - additional content is sent along with the upgrade header. (remm) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.15 (markt)"> - <subsection name="Catalina"> - <changelog> - <add> - <bug>43548</bug>: Add an XML schema for the tomcat-users.xml file. - (markt) - </add> - <add> - <bug>43682</bug>: Add support for referring to the current context, host - and service name in per Context logging.properties files by using the - properties <code>${classloader.webappName}</code>, - <code>${classloader.hostName}</code> and - <code>${classloader.serviceName}</code>. (markt) - </add> - <add> - <bug>47919</bug>: Extend the information logged when Tomcat starts to - optionally log the values of command line arguments (enabled by - default) and environment variables (disabled by default). Note that - the values added to CATALINA_OPTS and JAVA_OPTS environment variables - will be logged, as they are used to build up the command line. (markt) - </add> - <add> - <bug>49939</bug>: Expose the method that clears the static resource - cache for a web application via JMX. (markt) - </add> - <fix> - <bug>55951</bug>: Allow cookies to use UTF-8 encoded values in HTTP - headers. This requires the use of the RFC6265 - <strong>CookieProcessor</strong>. (markt) - </fix> - <fix> - <bug>55984</bug>: Using the allow separators in version 0 cookies option - with the legacy cookie processor should only apply to version 0 cookies. - Version 1 cookies with values that contain separators should not be - affected and should continue to be quoted. (markt) - </fix> - <add> - <bug>56393</bug>: Add support for RFC6265 cookie parsing and generation. - This is currently disabled by default and may be enabled via the - <strong>CookieProcessor</strong> element of a <strong>Context</strong>. - (markt) - </add> - <add> - <bug>56394</bug>: Introduce new configuration element CookieProcessor in - Context to allow context-specific configuration of cookie processing - options. Attributes of Context element that were added in Tomcat 8.0.13 - to allow configuration of a new experimental RFC6265 based cookie parser - (<code>useRfc6265</code> and <code>cookieEncoding</code>) are - replaced by this new configuration element. (markt) - </add> - <fix> - Improve the previous fix for <bug>56401</bug>. Avoid logging version - information in the constructor since it then gets logged at undesirable - times such as when using <code>StoreConfig</code>. (markt) - </fix> - <fix> - <bug>56403</bug>: Add pluggable password derivation support to the - Realms via the new <code>CredentialHandler</code> interface. - (markt/schultz) - </fix> - <fix> - <bug>57016</bug>: When using the <code>PersistentValve</code> do not - remove sessions from the store when persisting them. (markt) - </fix> - <add> - Deprecate the use of system proprties to control cookie parsing and - replace them with attributes on the new <code>CookieProcessor</code> - that may be configured on a per context basis. (markt) - </add> - <fix> - Correct an edge case and allow a cookie if the value starts with an - equals character and the <code>CookieProcessor</code> is not configured - to allow equals characters in cookie values but is configured to allow - name only cookies. (markt) - </fix> - <fix> - <bug>57022</bug>: Ensure SPNEGO authentication continues to work with - the JNDI Realm using delegated credentials with recent Oracle JREs. - (markt) - </fix> - <fix> - <bug>57027</bug>: Add additional validation for stored credentials used - by Realms when the credential is stored using hex encoding. (markt) - </fix> - <fix> - <bug>57038</bug>: Add a <code>WebResource.getCodeBase()</code> method, - implement for all <code>WebResource</code> implementations and then use - it in the web application class loader to set the correct code base for - resources loaded from JARs and WARs. (markt) - </fix> - <fix> - Correct a couple of NPEs in the JNDI Realm that could be triggered with - when not specifying a roleBase and enabling roleSearchAsUser. (markt) - </fix> - <fix> - Correctly handle relative values for the docBase attribute of a Context. - (markt) - </fix> - <fix> - Ensure that log messages generated by the web application class loader - correctly identify the associated Context when multiple versions of a - Context with the same path are present. (markt) - </fix> - <fix> - Remove the unnecessary registration of context.xml as a redeploy - resource. The context.xml having an external docBase has already been - registered as a redeploy resource at first. (kfujino) - </fix> - <fix> - <bug>57089</bug>: Ensure that configuration of a session ID generator is - not lost when a web application is reloaded. (markt) - </fix> - <fix> - <bug>57105</bug>: When parsing web.xml do not limit the buffer element - of the jsp-property-group element to integer values as the allowed - values are <code><number>kb</code> or <code>none</code>. (markt) - </fix> - <update> - Update the minimum required version of the Tomcat Native library (if - used) to 1.1.32. (markt) - </update> - <fix> - Update storeconfig with newly introduced elements: SessionIdGenerator, - CookieProcessor, JarScanner and JarScanFilter. (remm) - </fix> - <fix> - Throw a <code>NullPointerException</code> if a null string is passed to - the <code>write(String,int,int)</code> method of the - <code>PrintWriter</code> obtained from the <code>ServletResponse</code>. - (markt) - </fix> - <fix> - Cookie rewrite flag abbreviation should be CO rather than C. (remm) - </fix> - <fix> - <bug>57153</bug>: When the StandardJarScanner is configured to scan the - full class path, ensure that class path entries added directly to the - web application class loader are scanned. (markt) - </fix> - <fix> - AsyncContext should remain usable until fireOnComplete is called. (remm) - </fix> - <fix> - AsyncContext createListener should wrap any instantiation exception - using a ServletException. (remm) - </fix> - <fix> - <bug>57155</bug>: Allow a web application to be configured that does not - have a docBase on the file system. This is primarily intended for use - when embedding. (markt) - </fix> - <fix> - Propagate header ordering from fileupload to the part implementation. - (remm) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <add> - <bug>53952</bug>: Add support for TLSv1.1 and TLSv1.2 for APR connector. - Based upon a patch by Marcel Šebek. This feature requires - Tomcat Native library 1.1.32 or later. (schultz/jfclere) - </add> - <scode> - Cache the <code>Encoder</code> instances used to convert Strings to byte - arrays in the Connectors (e.g. when writing HTTP headers) to improve - throughput. (markt) - </scode> - <add> - Disable SSLv3 by default for JSSE based HTTPS connectors (BIO, NIO and - NIO2). The change also ensures that SSLv2 is disabled for these - connectors although SSLv2 should already be disabled by default by the - JRE. (markt) - </add> - <add> - Disable SSLv3 by default for the APR/native HTTPS connector. (markt) - </add> - <fix> - Do not increase remaining counter at end of stream in - IdentityInputFilter. (kkolinko) - </fix> - <fix> - Trigger an error if an invalid attempt is made to use non-blocking IO. - (markt) - </fix> - <fix> - <bug>57157</bug>: Allow calls to - <code>AsyncContext.start(Runnable)</code> during non-blocking IO reads - and writes. (markt) - </fix> - <fix> - Async state MUST_COMPLETE should still be started. (remm) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>57099</bug>: Ensure that semi-colons are not permitted in JSP - import page directives. (markt) - </fix> - <fix> - <bug>57113</bug>: Fix broken package imports in Expression Language when - more than one package was imported and the desired class was not in the - last package imported. (markt) - </fix> - <fix> - <bug>57132</bug>: Fix import conflicts reporting in Expression Language. - (kkolinko) - </fix> - <fix> - When coercing an object to a given type, only attempt coercion to an - array if both the object type and the target type are an array type. - (violetagg/markt) - </fix> - <fix> - Improve handling of invalid input to - <code>javax.el.ImportHandler.resolveClass()</code>. (markt) - </fix> - <fix> - Allow the same class to be added to an instance of - <code>javax.el.ImportHandler</code> more than once without triggering - an error. The second and subsequent calls for the same class will be - ignored. (markt) - </fix> - <fix> - <bug>57136</bug>: Ensure only <code>\${</code> and <code>\#{</code> are - treated as escapes for <code>${</code> and <code>#{</code> rather than - <code>\$</code> and <code>\#</code> being treated as escapes for - <code>$</code> and <code>#</code> when processing literal expressions in - expression language. (markt) - </fix> - <fix> - When coercing an object to an array type in Expression Langauage, handle - the case where the source object is an array of primitives. - (markt/kkolinko) - </fix> - <fix> - Do not throw an exception on missing JSP file servlet initialization. - (remm) - </fix> - <fix> - <bug>57148</bug>: When coercing an object to a given type and a - <code>PropertyEditor</code> has been registered for the type correctly - coerce the empty string to <code>null</code> if the - <code>PropertyEditor</code> throws an exception. (kkolinko/markt) - </fix> - <fix> - <bug>57153</bug>: Correctly scan for TLDs located in directories that - represent exanded JARs files that have been added to the web application - class loader's class path. (markt) - </fix> - <fix> - <bug>57141</bug>: Enable EL in JSPs to refer to static fields of - imported classes including the standard <code>java.lang.*</code> - imports. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Cluster"> - <changelog> - <fix> - Add support for the <code>SessionIdGenerator</code> to cluster manager - template. (kfujino) - </fix> - <fix> - Avoid possible integer overflows reported by Coverity Scan. (fschumacher) - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <fix> - <bug>57054</bug>: Correctly handle the case in the WebSocket client - when the HTTP response to the upgrade request can not be read in a - single pass; either because the buffer is too small or the server sent - the response in multiple packets. (markt) - </fix> - <add> - Extend support for the <code>permessage-deflate</code> extension to the - client implementation. (markt) - </add> - <fix> - Fix client subprotocol handling. (remm) - </fix> - <fix> - Add null checks for arguments in remote endpoint. (remm/kkolinko) - </fix> - <fix> - <bug>57091</bug>: Work around the behaviour of the Oracle JRE when - creating new threads in an applet environment that breaks the WebSocket - client implementation. Patch provided by Niklas Hallqvist. (markt) - </fix> - <fix> - <bug>57118</bug>: Ensure that that an <code>EncodeException</code> is - thrown by <code>RemoteEndpoint.Basic.sendObject(Object)</code> rather - than an <code>IOException</code> when no suitable <code>Encoder</code> - is configured for the given Object. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - Correct a couple of broken links in the Javadoc. (markt) - </fix> - <fix> - Correct documentation for <code>ServerCookie.ALLOW_NAME_ONLY</code> - system property. (kkolinko) - </fix> - <fix> - <bug>57049</bug>: Clarified that <code>jvmRoute</code> can be set in - <code><Engine></code>'s <code>jvmRoute</code> or in a system - property. (schultz) - </fix> - <fix> - Correct version of Java WebSocket mentioned in documentation - (s/1.0/1.1/). (markt/kkolinko) - </fix> - <update> - Suppress timestamp comments in Javadoc. (kkolinko) - </update> - <fix> - <bug>57147</bug>: Various corrections to the JDBC Store section of the - session manager configuration page of the documentation web application. - (markt) - </fix> - </changelog> - </subsection> - <subsection name="Tribes"> - <changelog> - <fix> - <bug>45282</bug>: Improve shutdown of NIO receiver so that sockets are - closed cleanly. (fhanik/markt) - </fix> - </changelog> - </subsection> - <subsection name="jdbc-pool"> - <changelog> - <fix> - <bug>57005</bug>: Fix javadoc errors when building with Java 8. Patch - provided by Pierre Viret. (markt) - </fix> - <fix> - <bug>57079</bug>: Use Tomcat version number for jdbc-pool module when - building and shipping the module as part of Tomcat. (markt) - </fix> - <fix> - Fix broken overview page in javadoc generated via "javadoc" task in - jdbc-pool build.xml file. (kkolinko) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <fix> - <bug>56079</bug>: The uninstaller packaged with the Apache Tomcat - Windows installer is now digitally signed. (markt) - </fix> - <fix> - Fix timestamps in Tomcat build and jdbc-pool to use 24-hour format - instead of 12-hour one and use UTC timezone. (markt/kkolinko) - </fix> - <fix> - Update the package renamed copy of Apache Commons DBCP 2 to revision - 1631450 to pick up additional fixes since the 2.0.1 release including - Javadoc corrections to fix errors when compiling with Java 8. (markt) - </fix> - <update> - <bug>56596</bug>: Update to Tomcat Native Library version 1.1.32 to - pick up the Windows binaries that are based on OpenSSL 1.0.1j and APR - 1.5.1. (markt) - </update> - <scode> - In Tomcat tests: log name of the current test method at start time. - (kkolinko) - </scode> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.14 (markt)" rtext="2014-09-29"> - <subsection name="Other"> - <changelog> - <fix> - <bug>56079</bug>: The Apache Tomcat Windows installer, the Apache Tomcat - Windows service and the Apache Tomcat Windows service monitor - application are now digitally signed. (markt) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.13 (markt)" rtext="not released"> - <subsection name="Catalina"> - <changelog> - <fix> - <bug>55917</bug>: Allow bytes in the range 0x80 to 0xFF to appear in - cookie values if the cookie is a V1 (RFC2109) cookie and the value is - correctly quoted. The new RFC6265 based cookie parser must be enabled to - correctly handle these cookies. (markt) - </fix> - <fix> - <bug>55918</bug>: Do not permit control characters to appear in quoted - V1 (RFC2109) cookie values. The new RFC6265 based cookie parser must be - enabled to correctly handle these cookies. (markt) - </fix> - <fix> - <bug>55921</bug>: Correctly handle (ignore the cookie) unescaped JSON in - a cookie value. The new RFC6265 based cookie parser must be enabled to - correctly handle these cookies. (markt) - </fix> - <add> - <bug>56401</bug>: Log version information when Tomcat starts. - (markt/kkolinko) - </add> - <add> - <bug>56530</bug>: Add a web application class loader implementation that - supports the parallel loading of web application classes. (markt) - </add> - <fix> - <bug>56900</bug>: Fix some potential resource leaks when reading - property files reported by Coverity Scan. Based on patches provided by - Felix Schumacher. (markt) - </fix> - <fix> - <bug>56902</bug>: Fix a potential resource leak in the Default Servlet - reported by Coverity Scan. Based on a patch provided by Felix - Schumacher. (markt) - </fix> - <fix> - <bug>56903</bug>: Correct the return value for - <code>StandardContext.getResourceOnlyServlets()</code> so that multiple - names are separated by commas. Identified by Coverity Scan and fixed - based on a patch by Felix Schumacher. (markt) - </fix> - <add> - Add an additional implementation of a RFC6265 based cookie parser along - with new Context options to select and configure it. This parser is - currently considered experimental and is not used by default. (markt) - </add> - <fix> - Fixed the multipart elements merge operation performed during web - application deployment. Identified by Coverity Scan. (violetagg) - </fix> - <fix> - Correct the information written by - <code>ExtendedAccessLogValve</code> when a format token x-O(XXX) is - used so that multiple values for a header XXX are separated by commas. - Identified by Coverity Scan. (violetagg) - </fix> - <fix> - Fix a potential resource leak when reading MANIFEST.MF file for - extension dependencies reported by Coverity Scan. (violetagg) - </fix> - <fix> - Fix some potential resource leaks when reading properties, files and - other resources. Reported by Coverity Scan. (violetagg) - </fix> - <fix> - Correct the previous fix for <bug>56825</bug> that enabled pre-emptive - authentication to work with the SSL authenticator. (markt) - </fix> - <scode> - Refactor to reduce code duplication identified by Simian. (markt) - </scode> - <fix> - When using parallel deployment and <code>undeployOldVersions</code> - feature is enabled on a Host, correctly undeploy context of old - version. Make sure that Tomcat does not undeploy older Context if - current context is not running. (kfujino) - </fix> - <fix> - Fix a rare threading issue when locking resources via WebDAV. - (markt) - </fix> - <fix> - Fix a rare threading issue when using HTTP digest authentication. - (markt) - </fix> - <fix> - When deploying war, add XML file in the config base to the redeploy - resources if war does not have META-INF/context.xml or - <code>deployXML</code> is false. If XML file is created in the config - base, redeploy will occur. (kfujino) - </fix> - <scode> - Various changes to reduce unnecessary code in Tomcat's copy of - Apache Commons BCEL to reduce the time taken for annotation scanning - when web applications start. Includes contributions from kkolinko and - hzhang9. (markt) - </scode> - <fix> - <bug>56938</bug>: Ensure web applications that have mixed case context - paths and are deployed as directories are correctly removed on undeploy - when running on a case sensitive file system. (markt) - </fix> - <add> - <bug>57004</bug>: Add <code>stuckThreadCount</code> property to - <code>StuckThreadDetectionValve</code>'s JMX bean. Patch provided by - Jiří Pejchal. (schultz) - </add> - <fix> - <bug>57011</bug>: Ensure that the request and response are correctly - recycled when processing errors during async processing. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - <bug>56910</bug>: Prevent the invalid value of <code>-1</code> being - used for <code>maxConnections</code> with APR connectors. (markt) - </fix> - <fix> - Ensure that AJP connectors enable the <code>KeepAliveTimeout</code>. - (kfujino) - </fix> - <fix> - Reduce duplicated code. All AJP connectors use common method to - configuration of processor. (kfujino) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>43001</bug>: Enable the JspC Ant task to set the JspC option - <code>mappedFile</code>. (markt) - </fix> - <fix> - Ensure that the implementation of - <code>javax.servlet.jsp.PageContext.include(String)</code> - and - <code>javax.servlet.jsp.PageContext.include(String, boolean)</code> - will throw <code>IOException</code> when an I/O error occur during - the operation. (violetagg) - </fix> - <fix> - <bug>56908</bug>: Fix some potential resource leaks when reading - jar files. Reported by Coverity Scan. Patch provided by Felix - Schumacher. (violetagg) - </fix> - <fix> - Fix a potential resource leak in JDTCompiler when checking wether - a resource is a package. Reported by Coverity Scan. (fschumacher) - </fix> - <fix> - <bug>56991</bug>: Deprecate the use of a request attribute to pass a - <jsp-file> declaration to Jasper and prevent an infinite loop - if this technique is used in conjunction with an include. (markt) - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <fix> - <bug>56905</bug>: Make destruction on web application stop of thread - group used for WebSocket connections more robust. (kkolinko/markt) - </fix> - <fix> - <bug>56907</bug>: Ensure that client IO threads are stopped if a secure - WebSocket client connection fails. (markt) - </fix> - <fix> - <bug>56982</bug>: Return the actual negotiated extensions rather than an - empty list for <code>Session.getNegotiatedExtensions()</code>. (markt) - </fix> - <update> - Update the WebSocket implementation to support the Java WebSocket - specification version 1.1. (markt) - </update> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <add> - Add <code>JarScanner</code> to the nested components listed for a - Context. (markt) - </add> - <update> - Update the Windows authentication documentation after some additional - testing to answer the remaining questions. (markt) - </update> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <fix> - <bug>56895</bug>: Correctly compose <code>JAVA_OPTS</code> in - <code>catalina.bat</code> so that escape sequences are preserved. Patch - by Lucas Theisen. (markt) - </fix> - <update> - <bug>56988</bug>: Allow to use relative path in <code>base.path</code> - setting when building Tomcat. (kkolinko) - </update> - <fix> - <bug>56990</bug>: Ensure that the <code>ide-eclipse</code> build target - downloads all the libraries required by the default Eclipse - configuration files. (markt) - </fix> - <fix> - Update the package renamed copy of Apache Commons DBCP 2 to revision - 1626988 to pick up the fixes since the 2.0.1 release including support - for custom eviction policies. (markt) - </fix> - <fix> - Update the package renamed copy of Apache Commons Pool 2 to revision - 1627271 to pick up the fixes since the 2.2 release including some memory - leak fixes and support for application provided eviction policies. - (markt) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.12 (markt)" rtext="2014-09-03"> - <subsection name="Catalina"> - <changelog> - <add> - Make the session id generator extensible by adding a - <code>SessionIdGenerator</code> interface, an abstract - base class and a standard implementation. (rjung) - </add> - <fix> - <bug>56882</bug>: Fix regression in processing of includes and forwards - when Context have been reloaded. Tomcat was responding with HTTP Status - 503 (Servlet xxx is currently unavailable). (kkolinko) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - When building a list of JSSE ciphers from an OpenSSL cipher defintiion, - ignore unknown criteria rather than throwing a - <code>NullPointerException</code>. (markt) - </fix> - <add> - Add support for the EECDH alias when using the OpenSSL cipher syntax to - define JSSE ciphers. (markt) - </add> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - Correct a logic error in the <code>JasperElResolver</code>. There was no - functional impact but the code was less efficient as a result of the - error. Based on a patch by martinschaef. (markt) - </fix> - <fix> - <bug>56568</bug>: Enable any HTTP method to be used to request a JSP - page that has the <code>isErrorPage</code> page directive set to - <code>true</code>. (markt) - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <add> - Extend support for the <code>permessage-deflate</code> extension to - compression of outgoing messages on the server side. (markt) - </add> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <add> - <bug>56323</bug>: Include the <code>*.bat</code> files when installing - Tomcat via the Windows installer. (markt) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.11 (markt)" rtext="2014-08-22"> - <subsection name="Catalina"> - <changelog> - <fix> - <bug>56658</bug>: Fix regression that a context was inaccessible after - reload. (kkolinko) - </fix> - <fix> - <bug>56710</bug>: Do not map requests to servlets when context is - being reloaded. (kkolinko) - </fix> - <fix> - <bug>56712</bug>: Fix session idle time calculations in - <code>PersistenceManager</code>. (kkolinko) - </fix> - <fix> - <bug>56717</bug>: Fix duplicate registration of - <code>MapperListener</code> during repeated starts of embedded Tomcat. - (kkolinko) - </fix> - <add> - <bug>56724</bug>: Write an error message to Tomcat logs if container - background thread is aborted unexpectedly. (kkolinko) - </add> - <fix> - When scanning class files (e.g. for annotations) and reading the number - of parameters in a <code>MethodParameters</code> structure only read a - single byte (rather than two bytes) as per the JVM specification. Patch - provided by Francesco Komauli. (markt) - </fix> - <fix> - Allow the JNDI Realm to start even if the directory is not available. - The directory not being available is not fatal once the Realm is started - and it need not be fatal when the Realm starts. Based on a patch by - Cédric Couralet. (markt) - </fix> - <fix> - <bug>56736</bug>: Avoid an incorrect <code>IllegalStateException</code> - if the async timeout fires after a non-container thread has called - <code>AsyncContext.dispatch()</code> but before a container thread - starts processing the dispatch. (markt) - </fix> - <fix> - <bug>56739</bug>: If an application handles an error on an application - thread during asynchronous processing by calling - <code>HttpServletResponse.sendError()</code>, then ensure that the - application is given an opportunity to report that error via an - appropriate application defined error page if one is configured. (markt) - </fix> - <fix> - <bug>56784</bug>: Fix a couple of rare but theoretically possible - atomicity bugs. (markt) - </fix> - <fix> - <bug>56785</bug>: Avoid <code>NullPointerException</code> if directory - exists on the class path that is not readable by the Tomcat user. - (markt) - </fix> - <fix> - <bug>56796</bug>: Remove unnecessary sleep when stopping a web - application. (markt) - </fix> - <fix> - <bug>56801</bug>: Improve performance of - <code>org.apache.tomcat.util.file.Matcher</code> which is to filter JARs - for scanning during web application start. Based on a patch by Sheldon - Shao. (markt) - </fix> - <fix> - <bug>56815</bug>: When the <code>gzip</code> option is enabled for the - <code>DefaultServlet</code> ensure that a suitable <code>Vary</code> - header is returned for resources that might be returned directly in - compressed form. (markt) - </fix> - <fix> - Do not mark threads from the container thread pool as container threads - when being used to process <code>AsyncContext.start(Runnable)</code> so - processing is correctly transferred back to a genuine container thread - when necessary. (markt) - </fix> - <add> - Add simple caching for calls to <code>StandardRoot.getResources()</code> - in the new (for 8.0.x) resources implementation. (markt) - </add> - <fix> - <bug>56825</bug>: Enable pre-emptive authentication to work with the - SSL authenticator. Based on a patch by jlmonteiro. (markt) - </fix> - <fix> - <bug>56840</bug>: Avoid NPE when the rewrite valve is mapped to - a context. (remm) - </fix> - <fix> - Correctly handle multiple <code>accept-language</code> headers rather - than just using the first header to determine the user's preferred - Locale. (markt) - </fix> - <fix> - <bug>56848</bug>: Improve handling of <code>accept-language</code> - headers. (markt) - </fix> - <fix> - <bug>56857</bug>: Fix thread safety issue when calling ServletContext - methods while running under a security manager. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - Fix NIO2 sendfile state tracking and error handling to fix - various corruption issues. (remm) - </fix> - <fix> - Missing timeout for NIO2 sendfile writes. (remm) - </fix> - <fix> - Allow inline processing for NIO2 sendfile and optimize keepalive - behavior. (remm) - </fix> - <fix> - Fix excessive NIO2 sendfile direct memory use in some cases, sendfile - will now instead use the regular socket write buffer as configured. - (remm) - </fix> - <fix> - <bug>56661</bug>: Fix <code>getLocalAddr()</code> for AJP connectors. - The complete fix is only available with a recent AJP forwarder like - the forthcoming mod_jk 1.2.41. (rjung) - </fix> - <fix> - Use default ciphers defined as - <code>HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5</code> so - that no weak ciphers are enabled by default. (remm) - </fix> - <fix> - <bug>56780</bug>: Enable Tomcat to start when using SSL with an IBM JRE - in strict SP800-131a mode. (markt) - </fix> - <fix> - <bug>56810</bug>: Remove use of Java 8 specific API calls in unit tests - for OpenSSL to JSSE cipher conversion. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>56709</bug>: Fix system property name in a log message. Submitted - by Robert Kish. (remm) - </fix> - <fix> - <bug>56797</bug>: When matching a method in an EL expression, do not - treat bridge methods as duplicates of the method they bridge to. In this - case always call the target of the bridge method. (markt) - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <fix> - <bug>56746</bug>: Allow secure WebSocket client threads to use the - current context class loader rather than explicitly setting it to the - class loader that loaded the WebSocket implementation. This allows - WebSocket client connections from within web applications to access, - amongst other things, the JNDI resources associated with the web - application. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - Correct the label in the list of sessions by idle time for the bin that - represents the idle time immediately below the maximum permitted idle - time when using the expire command of the Manager application. (markt) - </fix> - </changelog> - </subsection> - <subsection name="jdbc-pool"> - <changelog> - <fix> - <bug>53088</bug>: More identifiable thread name. (fhanik) - </fix> - <fix> - <bug>53200</bug>: Selective logging for slow versus failed queries. - (fhanik) - </fix> - <fix> - <bug>53853</bug>: More flexible classloading. (fhanik) - </fix> - <fix> - <bug>54225</bug>: Disallow empty init SQL. (fhanik) - </fix> - <fix> - <bug>54227</bug>: Evaluate max age upon borrow. (fhanik) - </fix> - <fix> - <bug>54235</bug>: Disallow nested pools exploitating using data source. - (fhanik) - </fix> - <fix> - <bug>54395</bug>: Fix JDBC interceptor parsing bug. (fhanik) - </fix> - <fix> - <bug>54537</bug>: Performance improvement in - <code>StatementFinalizer</code>. (fhanik) - </fix> - <fix> - <bug>54978</bug>: Make sure proper connection validation always happens, - regardless of config. (fhanik) - </fix> - <fix> - <bug>56318</bug>: Ability to trace statement creation in - <code>StatementFinalizer</code>. (fhanik) - </fix> - <fix> - <bug>56789</bug>: getPool() returns the actual pool, always. (fhanik) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <add> - <bug>56788</bug>: Display the full version in the list of installed - applications when installed via the Windows installer package. Patch - provided by Alexandre Garnier. (markt) - </add> - <add> - <bug>56829</bug>: Add the ability for users to define their own values - for <code>_RUNJAVA</code> and <code>_RUNJDB</code> environment - variables. Be more strict with executable filename on Windows - (s/java/java.exe/). Based on a patch by Neeme Praks. (markt/kkolinko) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.10 (markt)" rtext="not released"> - <subsection name="Catalina"> - <changelog> - <fix> - <bug>44312</bug>: Log an error if there is a conflict between Host and - Alias names. Improve host management methods in <code>Mapper</code> - to avoid occasionally removing a wrong host. Check that host management - operations are performed on the host and not on an alias. (kkolinko) - </fix> - <scode> - <bug>56611</bug>: Refactor code to remove inefficient calls to - <code>Method.isAnnotationPresent()</code>. Based on a patch by Jian Mou. - (markt/kkolinko) - </scode> - <fix> - Fix regression in - <code>StandardContext.removeApplicationListener()</code>, introduced by - the fix for bug <bug>56588</bug>. (kkolinko) - </fix> - <fix> - <bug>56653</bug>: Fix concurrency issue with lists of contexts in - <code>Mapper</code> when stopping Contexts. (kkolinko) - </fix> - <fix> - <bug>56657</bug>: When using parallel deployment, if the same session id - matches different versions of a web application, prefer the latest - version. Ensure that remapping selects the version that we expect. - (kkolinko) - </fix> - <fix> - Assert that mapping result object is empty before performing mapping - work in <code>Mapper</code>. (kkolinko) - </fix> - <scode> - Remove <code>context</code> and <code>wrapper</code> fields in - <code>Request</code> class and deprecate their setters. (kkolinko) - </scode> - <fix> - <bug>56658</bug>: Avoid delay between registrations of mappings for - context and for its servlets. (kkolinko) - </fix> - <fix> - <bug>56665</bug>: Correct the generation of the effective web.xml when - elements contain an empty string as value. (violetagg) - </fix> - <fix> - Fix storeconfig exception routing issues, so that a major problem - should avoid configuration overwrite. (remm) - </fix> - <fix> - Add configuration fields for header names in SSLValve. (remm) - </fix> - <fix> - <bug>56666</bug>: When clearing the SSO cookie use the same values for - domain, path, httpOnly and secure as were used to set the SSO cookie. - (markt) - </fix> - <fix> - <bug>56677</bug>: Ensure that - <code>HttpServletRequest.getServletContext()</code> returns the correct - value during a cross-context dispatch. (markt) - </fix> - <fix> - <bug>56684</bug>: Ensure that Tomcat does not shut down if the socket - waiting for the shutdown command experiences a - <code>SocketTimeoutException</code>. (markt) - </fix> - <fix> - <bug>56693</bug>: Fix various issues in the static resource cache - implementation where the cache retained a stale entry after the - successful completion of an operation that always invalidates the cache - entry such as a delete operation. - (markt) - </fix> - <fix> - When the current PathInfo is modified as a result of dispatching a - request, ensure that a call to - <code>HttpServletRequest.getPathTranslated()</code> returns a value that - is based on the modified PathInfo. (markt) - </fix> - <fix> - <bug>56698</bug>: When persisting idle sessions, only persist newly idle - sessions. Patch provided by Felix Schumacher. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - <bug>56663</bug>: Fix edge cases demonstrated by ByteCounter relating - to data available, remaining and extra write events, mostly occurring - with non blocking Servlet 3.1. (remm) - </fix> - <fix> - Avoid possible NPE stopping endpoints that are not started (stop - shouldn't do anything in that case). (remm) - </fix> - <add> - <bug>56704</bug>: Add support for OpenSSL syntax for ciphers when - using JSSE SSL connectors. Submitted by Emmanuel Hugonnet. (remm) - </add> - <update> - Allow to configure <code>maxSwallowSize</code> attribute of an HTTP - connector via JMX. (kkolinko) - </update> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>56543</bug>: Update to the Eclipse JDT Compiler 4.4. (violetagg) - </fix> - <fix> - <bug>56652</bug>: Add support for method parameters that use arrays and - varargs to <code>ELProcessor.defineFunction()</code>.(markt) - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <add> - Add support for the <code>permessage-deflate</code> extension. This is - currently limited to decompressing incoming messages on the server side. - It is expected that support will be extended to outgoing messages and to - the client side shortly. (markt) - </add> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - Attempt to obfuscate session cookie values associated with other web - applications when viewing HTTP request headers with the Cookies example - from the examples web application. This reduces the opportunity to use - this example for malicious purposes should the advice to remove the - examples web application from security sensitive systems be ignored. - (markt) - </fix> - <fix> - <bug>56694</bug>: Remove references to <code>Manager</code> attribute - <code>checkInterval</code> from documentation and Javadoc since it no - longer exists. Based on a patch by Felix Schumacher. Also remove other - references to <code>checkInterval</code> that are no longer valid. - (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <update> - Update the API stability section of the release notes now that Tomcat 8 - has had its first stable release. (markt) - </update> - <update> - Improve <code>build.xml</code> so that when Eclipse JDT Compiler is - updated, it will delete the old JAR from <code>build/lib</code> - directory. (kkolinko) - </update> - <scode> - Simplify implementation of "setproxy" target in <code>build.xml</code>. - (kkolinko) - </scode> - <update> - Update optional Checkstyle library to 5.7. (kkolinko) - </update> - <update> - <bug>56596</bug>: Update to Tomcat Native Library version 1.1.31 to - pick up the Windows binaries that are based on OpenSSL 1.0.1h. (markt) - </update> - <fix> - <bug>56685</bug>: Add quotes necessary for <code>daemon.sh</code> to - work correctly on Solaris. Based on a suggesiton by lfuka. (markt) - </fix> - <update> - Update package renamed Apache Commons Pool2 to r1609323 to pick various - bug fixes. (markt) - </update> - <update> - Update package renamed Apache Commons DBCP2 to r1609329 to pick up a - minor bug fix. (markt) - </update> - <update> - Update package renamed Apache Commons FileUpload to r1596086 to pick - various bug fixes. (markt) - </update> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.9 (markt)" rtext="2014-06-24"> - <subsection name="Catalina"> - <changelog> - <fix> - <bug>55282</bug>: Ensure that one and the same application listener is - added only once when starting the web application. (violetagg) - </fix> - <fix> - <bug>55975</bug>: Apply consistent escaping for double quote and - backslash characters when escaping cookie values. (markt) - </fix> - <scode> - <bug>56387</bug>: Improve the code that handles an attempt to load a - class after a web application has been stopped. Use common code to handle - this case regardless of the access path and don't throw an exception - purely to log a stack trace. (markt) - </scode> - <scode> - <bug>56399</bug>: Improve implementation of CoyoteAdapter.checkRecycled() - to do not use an exception for flow control. (kkolinko) - </scode> - <add> - <bug>56461</bug>: New <code>failCtxIfServletStartFails</code> attribute - on Context and Host configuration to force the context startup to fail - if a load-on-startup servlet fails its startup. (slaurent) - </add> - <add> - <bug>56526</bug>: Improved the <code>StuckThreadDetectionValve</code> to - optionally interrupt stuck threads to attempt to unblock them. - (slaurent) - </add> - <fix> - <bug>56545</bug>: Pre-load two additional classes, the loading of which - may otherwise be triggered by a web application which in turn would - trigger an exception when running under a security manager. (markt) - </fix> - <update> - <bug>56546</bug>: Reduce logging level for stack traces of stuck web - application threads printed by WebappClassLoader.clearReferencesThreads() - from error to info. (kkolinko) - </update> - <scode> - Refactor and simplify common code in object factories in - <code>org.apache.catalina.naming</code> package, found thanks to Simian - (Similarity Analyser) tool. Improve handling of Throwable. - (markt/kkolinko) - </scode> - <fix> - Relax cookie naming restrictions. Cookie attribute names used in the - <code>Set-Cookie</code> header may be used unambiguously as cookie - names. The restriction that prevented such usage has been removed. - (jboynes/markt) - </fix> - <fix> - Further relax cookie naming restrictions. Version 0 (a.k.a Netscape - format) cookies may now use names that start with the <code>$</code> - character. (jboynes/markt) - </fix> - <fix> - Restrict cookie naming so that the <code>=</code> character is no longer - permitted in a version 0 (a.k.a. Netscape format) cookie name. While - Tomcat allowed this, browsers always truncated the name at the - <code>=</code> character leading to a mis-match between the cookie the - server set and the cookie returned by the browser. (jboynes/markt) - </fix> - <add> - Add a simple <code>ServiceLoader</code> based discovery mechanism to the - JULI <code>LogFactory</code> to make it easier to use JULI and Tomcat - components that depend on JULI (such as Jasper) independently from - Tomcat. Patch provided by Greg Wilkins. (markt) - </add> - <fix> - <bug>56578</bug>: Correct regression in the fix for <bug>56339</bug> - that prevented sessions from expiring when using clustering. (markt) - </fix> - <fix> - <bug>56588</bug>: Remove code previously added to enforce the - requirements of section 4.4 of the Servlet 3.1 specification. The code - is no longer required now that Jasper initialization has been refactored - and TLD defined listeners are added via a different code path that - already enforces the specification requirements. (markt) - </fix> - <fix> - <bug>56600</bug>: In WebdavServlet: Do not waste time generating - response for broken PROPFIND request. (kkolinko) - </fix> - <fix> - Provide a better error message when asynchronous operations are not - supported by a filter or servlet. Patch provided by Romain Manni-Bucau. - (violetagg) - </fix> - <fix> - <bug>56606</bug>: User entries in <code>tomcat-users.xml</code> file - are recommended to use "username" attribute rather than legacy "name" - attribute. Fix inconsistencies in Windows installer, examples. Update - digester rules and documentation for <code>MemoryRealm</code>. - (markt/kkolinko) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - <bug>56518</bug>: When using NIO, do not attempt to write to the socket - if the thread is marked interrupted as this will lead to a connection - limit leak. This fix was based on analysis of the issue by hanyong. - (markt) - </fix> - <fix> - <bug>56521</bug>: Re-use the asynchronous write buffer between writes to - reduce allocation and GC overhead. Based on a patch by leonzhx. Also - make the buffer size configurable and remove copying of data within - buffer when the buffer is only partially written on a subsequent write. - (markt) - </fix> - <fix> - Ensure that a request without a body is correctly handled during Comet - processing. This fixes the Comet chat example. (markt) - </fix> - <fix> - Fix input concurrency issue in NIO2 upgrade. (remm) - </fix> - <fix> - Correct a copy/paste error and return a 500 response rather than a 400 - response when an internal server error occurs on early stages of - request processing. (markt) - </fix> - <scode> - <bug>56582</bug>: Use switch(actionCode) in processors instead of a - chain of "elseif"s. (kkolinko) - </scode> - <fix> - <bug>56582#c1</bug>: Implement DISPATCH_EXECUTE action for AJP - connectors. (kkolinko) - </fix> - <fix> - If request contains an unrecognized Expect header, respond with error - 417 (Expectation Failed), according to RFC2616 chapter 14.20. (markt) - </fix> - <fix> - When an error occurs after the response has been committed close the - connection immediately rather than attempting to finish the response to - make it easier for the client to differentiate between a complete - response and one that failed part way though. (markt) - </fix> - <scode> - Remove the beta tag from the NIO2 connectors. (remm) - </scode> - <fix> - <bug>56620</bug>: Avoid bogus access log entries when pausing the NIO - HTTP connector and ensure that access log entries generated by error - conditions use the correct request start time. (markt) - </fix> - <fix> - Improve configuration of cache sizes in the endpoint. (markt) - </fix> - <add> - Add a new limit, defaulting to 2MB, for the amount of data Tomcat will - swallow for an aborted upload. The limit is configurable by - <code>maxSwallowSize</code> attribute of an HTTP connector. (markt) - </add> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>56334#c15</bug>: Fix a regression in EL parsing when quoted string - follows a whitespace. (kkolinko/markt) - </fix> - <update> - <bug>56543</bug>: Update to the Eclipse JDT Compiler 4.4RC4 to pick up - some fixes for Java 8 support. (markt/kkolinko) - </update> - <fix> - <bug>56561</bug>: Avoid <code>NoSuchElementException</code> while - handling attributes with empty string value. (violetagg) - </fix> - <scode> - Do not configure a <code>JspFactory</code> in the - <code>JasperInitializer</code> if one has already been set as might be - the case in some embedding scenarios. (markt) - </scode> - <add> - Add a simple implementation of <code>InstanceManager</code> and have - Jasper use it if no other <code>InstanceManager</code> is provided. This - makes it easier to use Jasper independently from Tomcat. Patch provided - by Greg Wilkins. (markt) - </add> - <fix> - <bug>56568</bug>: Allow any HTTP method when a JSP is being used as an - error page. (markt) - </fix> - <update> - <bug>56581</bug>: If an error on a JSP page occurs when response has - already been committed, do not clear the buffer of JspWriter, but flush - it. It will make more clear where the error occurred. (kkolinko) - </update> - <fix> - <bug>56612</bug>: Correctly parse two consecutive escaped single quotes - when used in UEL expression in a JSP. (markt) - </fix> - <update> - Move code that parses EL expressions within JSP template text from - <code>Parser</code> to <code>JspReader</code> class for better - performance. (kkolinko) - </update> - <fix> - <bug>56636</bug>: Correctly identify the required method when specified - via <code>ELProcessor.defineFunction(String,String,String,String)</code> - when using Expression Language. (markt) - </fix> - <fix> - <bug>56638</bug>: When using - <code>ELProcessor.defineFunction(String,String,String,String)</code> and - no function name is specified, use the method name as the function name - as required by the specification. (markt) - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <scode> - <bug>56446</bug>: Clearer handling of exceptions when calling a method - on a POJO based WebSocket endpoint. Based on a suggestion by Eugene - Chung. (markt) - </scode> - <fix> - When a WebSocket client attempts to write to a closed connection, handle - the resulting <code>IllegalStateException</code> in a manner consistent - with the handling of an <code>IOException</code>. (markt) - </fix> - <fix> - Add more varied endpoints for echo testing. (remm) - </fix> - <fix> - <bug>56577</bug>: Improve the executor configuration used for the - callbacks associated with asynchronous writes. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - Set the path for cookies created by the examples web application so they - only returned to the examples application. This reduces the opportunity - for using such cookies for malicious purposes should the advice to - remove the examples web application from security sensitive systems be - ignored. (markt/kkolinko) - </fix> - <fix> - Attempt to obfuscate session cookie values associated with other web - applications when viewing HTTP request headers with the Request Header - example from the examples web application. This reduces the opportunity - to use this example for malicious purposes should the advice to remove - the examples web application from security sensitive systems be ignored. - (markt) - </fix> - <add> - Add options for all of the WebSocket echo endpoints to the WebSocket - echo example in the examples web application. (markt) - </add> - <fix> - Ensure that the asynchronous WebSocket echo endpoint in the examples - web application always waits for the previous message to complete before - it sends the next. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <update> - Update package renamed Apache Commons DBCP2 to r1596858. (markt) - </update> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.8 (markt)" rtext="beta, 2014-05-21"> - <subsection name="Catalina"> - <changelog> - <fix> - <bug>56536</bug>: Ensure that - <code>HttpSessionBindingListener.valueUnbound()</code> uses the correct - class loader when the <code>SingleSignOn</code> valve is used. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>56529</bug>: Avoid <code>NoSuchElementException</code> while handling - attributes with empty string value in custom tags. Patch provided by - Hariprasad Manchi. (violetagg) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.7 (markt)" rtext="not released"> - <subsection name="Catalina"> - <changelog> - <fix> - <bug>56523</bug>: When using SPNEGO authentication, log the exceptions - associated with failed user logins at debug level rather than error - level. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <add> - <bug>56399</bug>: Assert that both Coyote and Catalina request objects - have been properly recycled. (kkolinko) - </add> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>56522</bug>: When setting a value for a - <code>ValueExpression</code>, ensure that the expected coercions take - place such as a <code>null</code> string being coerced to an empty - string. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <fix> - Copy missing resources file from Apache Commons DBCP 2 to packaged - renamed copy of DBCP 2. (markt) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.6 (markt)" rtext="not released"> - <subsection name="Catalina"> - <changelog> - <fix> - Fix extension validation which was broken by refactoring for new - resources implementation. (markt) - </fix> - <fix> - Fix custom UTF-8 decoder so that a byte of value 0xC1 is always rejected - immediately as it is never valid in a UTF-8 byte sequence. Update UTF-8 - decoder tests to account for UTF-8 decoding improvements in Java 8. - The custom UTF-8 decoder is still required due to bugs in the UTF-8 - decoder provided by Java. Java 8's decoder is better than Java - 7's but it is still buggy. (markt) - </fix> - <fix> - <bug>56027</bug>: Add more options for managing FIPS mode in the - AprLifecycleListener. (schultz/kkolinko) - </fix> - <fix> - <bug>56320</bug>: Fix a file descriptor leak in the default servlet when - sendfile is used. (markt) - </fix> - <fix> - <bug>56321</bug>: When a WAR is modified, undeploy the web application - before deleting any expanded directory as the undeploy process may - refer to classes that need to be loaded from the expanded directory. If - the expanded directory is deleted first, any attempt to load a new class - during undeploy will fail. (markt) - </fix> - <fix> - <bug>56327</bug>: Enable AJP as well as HTTP connectors to be created - via JMX. Patch by kiran. (markt) - </fix> - <fix> - <bug>56339</bug>: Avoid an infinite loop if an application calls - <code>session.invalidate()</code> from the session destroyed event for - that session. (markt) - </fix> - <scode> - <bug>56365</bug>: Simplify file name pattern matching code in - <code>StandardJarScanner</code>. Improve documentation. (kkolinko) - </scode> - <fix> - Ensure that the static resource cache is able to detect when a cache - entry is invalidated by being overridden by a new resource in a - different <code>WebResourceSet</code>. (markt) - </fix> - <fix> - <bug>56369</bug>: Ensure that removing an MBean notification listener - reverts all the operations performed when adding an MBean notification - listener. (markt) - </fix> - <scode> - Improve implementation of <code>Lifecycle</code> for - <code>WebappClassLoader</code>. State is now correctly reported rather - than always reporting as <code>NEW</code>. (markt) - </scode> - <add> - <bug>56382</bug>: Information about finished deployment and its execution - time is added to the log files. Patch is provided by Danila Galimov. - (violetagg) - </add> - <add> - <bug>56383</bug>: Properties for disabling server information and error - report are added to the <code>org.apache.catalina.valves.ErrorReportValve</code>. - Based on the patch provided by Nick Bunn. (violetagg/kkolinko) - </add> - <fix> - <bug>56390</bug>: Fix JAR locking issue with JARs containing TLDs and - the TLD cache that prevented the undeployment of web applications when - the WAR was deleted. (markt) - </fix> - <fix> - Fix CVE-2014-0119: - Only create XML parsing objects if required and fix associated potential - memory leak in the default Servlet. - Extend XML factory, parser etc. memory leak protection to cover some - additional locations where, theoretically, a memory leak could occur. - (markt) - </fix> - <fix> - Modify generic exception handling so that - <code>StackOverflowError</code> is not treated as a fatal error and can - handled and/or logged as required. (markt) - </fix> - <fix> - <bug>56409</bug>: Avoid <code>StackOverflowError</code> on non-Windows - systems if a file named <code>\</code> is encountered when scanning for - TLDs. (markt) - </fix> - <add> - <bug>56430</bug>: Extend checks for suspicious URL patterns to include - patterns of the form <code>*.a.b</code> which are not valid patterns for - extension mappings. (markt) - </add> - <fix> - <bug>56441</bug>: Raise the visibility of exceptions thrown when a - problem is encountered calling a getter or setter on a component - attribute. The logging level is raised from debug to warning. (markt) - </fix> - <add> - <bug>56463</bug>: Property for disabling server information is added to - the <code>DefaultServlet</code>. Server information is presented in the - response sent to the client when directory listings is enabled. - (violetagg) - </add> - <fix> - <bug>56472</bug>: Allow NamingContextListener to clean up on stop if its - start failed. (kkolinko) - </fix> - <fix> - <bug>56481</bug>: Work around case insensitivity issue in - <code>URLClassLoader</code> exposed by some recent refactoring. (markt) - </fix> - <add> - <bug>56492</bug>: Avoid eclipse debugger pausing on uncaught exceptions - when tomcat renews its threads. (slaurent) - </add> - <add> - Add the <code>org.apache.naming</code> package to the packages requiring - code to have the <code>defineClassInPackage</code> permission when - running under a security manager. (markt) - </add> - <fix> - Make the naming context tokens for containers more robust by using a - separate object. Require RuntimePermission when introducing a new token. - (markt/kkolinko) - </fix> - <fix> - <bug>56501</bug>: <code>HttpServletRequest.getContextPath()</code> - should return the undecoded context path used by the user agent. (markt) - </fix> - <fix> - Minor fixes to <code>ThreadLocalLeakPreventionListener</code>. Do not - trigger threads renewal for failed contexts. Do not ignore - <code>threadRenewalDelay</code> setting. Improve documentation. (kkolinko) - </fix> - <fix> - Correct regression introduced in <rev>1239520</rev> that broke loading - of users from <code>tomcat-users.xml</code> when using the - <code>JAASMemoryLoginModule</code>. (markt) - </fix> - <fix> - Correct regression introduced in <rev>797162</rev> that broke - authentication of users when using the - <code>JAASMemoryLoginModule</code>. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - More cleanup of NIO2 endpoint shutdown. (remm) - </fix> - <fix> - <bug>56336</bug>: AJP output corruption and errors. (remm) - </fix> - <fix> - Handle various cases of incomplete writes in NIO2. (remm) - </fix> - <scode> - Code cleanups and i18n in NIO2. (remm) - </scode> - <fix> - Fix extra onDataAvailable calls in the NIO2 connector. (remm) - </fix> - <fix> - Fix gather writes in NIO2 SSL. (remm) - </fix> - <scode> - Upgrade the NIO2 connectors to beta, but still not ready for production. (remm) - </scode> - <scode> - Fix code duplication between NIO and NIO2. (remm) - </scode> - <fix> - <bug>56348</bug>: Fix slow asynchronous read when read was performed on - a non-container thread. (markt) - </fix> - <fix> - <bug>56416</bug>: Correct documentation for default value of socket - linger for the AJP and HTTP connectors. (markt) - </fix> - <fix> - Fix possible corruption if doing keepalive after a comet request. (remm) - </fix> - <fix> - <bug>56518</bug>: Fix connection limit latch leak when a non-container - thread is interrupted during asynchronous processing. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>56334</bug>: Fix a regression in the handling of back-slash - escaping introduced by the fix for <bug>55735</bug>. (markt/kkolinko) - </fix> - <fix> - <bug>56425</bug>: Improve method matching for EL expressions. When - looking for matching methods, an exact match between parameter types is - preferred followed by an assignable match followed by a coercible match. - (markt) - </fix> - <fix> - Correct the handling of back-slash escaping in the EL parser and no - longer require that <code>\$</code> or <code>\#</code> must be followed - by <code>{</code> in order for the back-slash escaping to take effect. - (markt) - </fix> - </changelog> - </subsection> - <subsection name="Cluster"> - <changelog> - <scode> - Remove the implementation of - <code>org.apache.catalina.LifecycleListener</code> from - <code>org.apache.catalina.ha.tcp.SimpleTcpCluster</code>. - <code>SimpleTcpCluster</code> does not work as - <code>LifecycleListener</code>, it works as nested components of Host or - Engine. (kfujino) - </scode> - <fix> - Remove cluster and replicationValve from cluster manager template. These - instance are not necessary to template. (kfujino) - </fix> - <fix> - Add support for cross context session replication to - <code>org.apache.catalina.ha.session.BackupManager</code>. (kfujino) - </fix> - <fix> - Remove the unnecessary cross context check. It does not matter whether - the context that is referenced by other context is set to - <code>crossContext</code>=true. The context that refers to the different - context must be set to <code>crossContext</code>=true. (kfujino) - </fix> - <scode> - Move to <code>org.apache.catalina.ha.session.ClusterManagerBase</code> - common logics of - <code>org.apache.catalina.ha.session.BackupManager</code> and - <code>org.apache.catalina.ha.session.DeltaManager</code>. (kfujino) - </scode> - <scode> - Simplify the code of <code>o.a.c.ha.tcp.SimpleTcpCluster</code>. In - order to add or remove cluster valve to Container, use pipeline instead - of <code>IntrospectionUtils</code>. (kfujino) - </scode> - <fix> - There is no need to set cluster instance when - <code>SimpleTcpCluster.unregisterClusterValve</code> is called. - Set null than cluster instance for cleanup. (kfujino) - </fix> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <fix> - <bug>56343</bug>: Avoid a NPE if Tomcat's Java WebSocket 1.0 - implementation is used with the Java WebSocket 1.0 API JAR from the - reference implementation. (markt) - </fix> - <fix> - Increase the default maximum size of the executor used by the WebSocket - implementation for call backs associated with asynchronous writes from - 10 to 200. (markt) - </fix> - <add> - Add a warning if the thread group created for WebSocket asynchronous - write call backs can not be destroyed when the web application is - stopped. (markt) - </add> - <fix> - Ensure that threads created to support WebSocket clients are stopped - when no longer required. This will happen automatically for WebSocket - client connections initiated by web applications but stand alone clients - must call <code>WsWebSocketContainer.destroy()</code>. (markt) - </fix> - <fix> - <bug>56449</bug>: When creating a new session, add the message handlers - to the session before calling <code>Endpoint.onOpen()</code> so the - message handlers are in place should the <code>onOpen()</code> method - trigger the sending of any messages. (markt) - </fix> - <fix> - <bug>56458</bug>: Report WebSocket sessions that are created over secure - connections as secure rather than as not secure. (markt) - </fix> - <fix> - Stop threads used for secure WebSocket client connections when they are - no longer required and give them better names for easier debugging while - they are running. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - Add Support for <code>copyXML</code> attribute of Host to Host Manager. - (kfujino) - </fix> - <fix> - Ensure that "name" request parameter is used as a application base of - host if "webapps" request parameter is not set when adding host in - HostManager Application. (kfujino) - </fix> - <fix> - Correct documentation on Windows service options, aligning it with - Apache Commons Daemon documentation. (kkolinko) - </fix> - <fix> - <bug>56418</bug>: Ensure that the Manager web application does not - report success for a web application deployment that fails. (slaurent) - </fix> - <update> - Improve valves documentation. Split valves into groups. (kkolinko) - </update> - <fix> - <bug>56513</bug>: Make the documentation crystal clear that using - sendfile will disable any compression that Tomcat may otherwise have - applied to the response. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <scode> - Review source code and take advantage of Java 7's - try-with-resources syntax where possible. (markt) - </scode> - <fix> - Align DisplayName of Tomcat installed by <code>service.bat</code> with - one installed by the *.exe installer. Print a warning in case if neither - server nor client jvm is found by <code>service.bat</code>. (kkolinko) - </fix> - <update> - <bug>56363</bug>: Update to version 1.1.30 of Tomcat Native library. - (schultz) - </update> - <update> - Update package renamed Apache Commons BCEL to r1593495 to pick up some - additional changes for Java 7 support and some code clean up. (markt) - </update> - <update> - Update package renamed Apache Commons FileUpload to r1569132 to pick up - some small improvements (e.g. better <code>null</code> protection) and - some code clean up. (markt) - </update> - <update> - Update package renamed Apache Commons Codec to r1586336 to pick up some - Javadoc fixes and some code clean up. (markt) - </update> - <scode> - Switch to including Apache Commons DBCP via a package renamed svn copy - rather than building from a source release for consistency with other - Commons packages and to allow faster releases to fix DBCP related - issues. (markt) - </scode> - <update> - Update package renamed Apache Commons Pool2 and DBCP2 to r1593563 to - pick various bug fixes. (markt) - </update> - <add> - In tests: allow to configure directory where JUnit reports and access - log are written to. (kkolinko) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.5 (markt)" rtext="beta, 2014-03-27"> - <subsection name="Catalina"> - <changelog> - <fix> - Rework the fix for <bug>56190</bug> as the previous fix did not recycle - the request in all cases leading to mis-routing of requests. (markt) - </fix> - <fix> - Allow web applications to package tomcat-jdbc.jar and their JDBC driver - of choice in the web application. (markt) - </fix> - <fix> - <bug>56293</bug>: Cache resources loaded by the class loader from - <code>/META-INF/services/</code> for better performance for repeated - look ups. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - Fix possibly incomplete final flush with NIO2 when using non blocking - mode. (remm) - </fix> - <fix> - Cleanup NIO2 endpoint shutdown. (remm) - </fix> - <fix> - Fix rare race condition notifying onWritePossible in the NIO2 - HTTP/1.1 connector. (remm) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - <bug>54475</bug>: Add Java 8 support to SMAP generation for JSPs. Patch - by Robbie Gibson. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Web applications"> - <changelog> - <fix> - <bug>56273</bug>: If the Manager web application does not perform an - operation because the web application is already being serviced, report - an error rather than reporting success. (markt) - </fix> - <fix> - <bug>56304</bug>: Add a note to the documentation about not using - WebSocket with BIO HTTP in production. (markt) - </fix> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.4 (markt)" rtext="not released"> - <subsection name="Catalina"> - <changelog> - <fix> - Restore the ability to use the <code>addURL()</code> method of the - web application class loader to add external resources to the web - application. (markt) - </fix> - <fix> - Improve the robustness of web application undeployment based on some - code analysis triggered by the report for <bug>54315</bug>. (markt) - </fix> - <fix> - <bug>56125</bug>: Correctly construct the URL for a resource that - represents the root of a JAR file. (markt) - </fix> - <fix> - Generate a valid root element for the effective web.xml for a web - application for all supported versions of web.xml. (markt) - </fix> - <add> - Make it easier for applications embedding and/or extending Tomcat to - modify the <code>javaseClassLoader</code> attribute of the - <code>WebappClassLoader</code>. (markt) - </add> - <fix> - Add missing support for <code><deny-uncovered-http-methods></code> - element when merging web.xml files. (markt) - </fix> - <fix> - Improve merging process for web.xml files to take account of the - elements and attributes supported by the Servlet version of the merged - file. (markt) - </fix> - <fix> - Avoid <code>NullPointerException</code> in resource cache when making an - invalid request for a resource outside of the web application. (markt) - </fix> - <fix> - Remove an unnecessary null check identified by FindBugs. (markt) - </fix> - <add> - In WebappClassLoader, when reporting threads that are still running - while web application is being stopped, print their stack traces to - the log. (kkolinko) - </add> - <fix> - <bug>56190</bug>: The response should be closed (i.e. no further output - is permitted) when a call to <code>AsyncContext.complete()</code> takes - effect. (markt) - </fix> - <fix> - <bug>56236</bug>: Enable Tomcat to work with alternative Servlet and - JSP API JARs that package the XML schemas in such as way as to require - a dependency on the JSP API before enabling validation for web.xml. - Tomcat has no such dependency. (markt) - </fix> - <fix> - <bug>56244</bug>: Fix MBeans descriptor for WebappClassLoader MBean. - (kkolinko) - </fix> - <add> - Add a work around for validating XML documents (often TLDs) that use - just the file name to refer to refer to the JavaEE schema on which they - are based. (markt) - </add> - <add> - Add methods of get the idle time from last client access time to - <code>org.apache.catalina.Session</code>. (kfujino) - </add> - <fix> - <bug>56246</bug>: Fix NullPointerException in MemoryRealm when - authenticating an unknown user. (markt) - </fix> - <fix> - <bug>56248</bug>: Allow the deployer to update an existing WAR file - without undeploying the existing application if the update flag is set. - This allows any existing custom context.xml for the application to be - retained. To update an application and remove any existing context.xml - simply undeploy the old version of the application before deploying the - new version. (markt) - </fix> - <fix> - <bug>56253</bug>: When listing resources that are provided by a JAR, fix - possible <code>StringIndexOutOfBoundsException</code>s. Add some unit - tests for this and similar scenarios and fix the additional issues those - unit tests identified. Based on a patch by Larry Isaacs. (markt) - </fix> - <fix> - Fix CVE-2014-0096: - Redefine the <code>globalXsltFile</code> initialisation parameter of the - DefaultServlet as relative to CATALINA_BASE/conf or CATALINA_HOME/conf. - Prevent user supplied XSLTs used by the DefaultServlet from defining - external entities. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog> - <fix> - In some circumstances asynchronous requests could time out too soon. - (markt) - </fix> - <fix> - <bug>56172</bug>: Avoid possible request corruption when using the AJP - NIO connector and a request is sent using more than one AJP message. - Patch provided by Amund Elstad. (markt) - </fix> - <add> - Add experimental NIO2 connector. Based on code developed by - Nabil Benothman. (remm) - </add> - <fix> - Fix CVE-2014-0075: - Improve processing of chuck size from chunked headers. Avoid overflow - and use a bit shift instead of a multiplication as it is marginally - faster. (markt/kkolinko) - </fix> - <fix> - Fix CVE-2014-0095: - Correct regression introduced in 8.0.0-RC2 as part of the Servlet 3.1 - non-blocking IO support that broke handling of requests with an explicit - content length of zero. (markt/kkolinko) - </fix> - <fix> - Fix CVE-2014-0099: - Fix possible overflow when parsing long values from a byte array. - (markt) - </fix> - </changelog> - </subsection> - <subsection name="Jasper"> - <changelog> - <fix> - Change the default compiler source and compiler target versions to 1.7 - since Tomcat 8 requires a minimum of Java 7. (markt) - </fix> - <fix> - <bug>56179</bug>: Fix parsing of EL expressions that contain unnecessary - parentheses. (markt) - </fix> - <fix> - <bug>56177</bug>: Handle dependency tracking for TLDs when using JspC - with a tag library JAR that is located outside of the web application. - (markt) - </fix> - <fix> - Remove an unnecessary null check identified by FindBugs. (markt) - </fix> - <fix> - <bug>56199</bug>: Restore validateXml option for JspC which determines - if web.xml will be parsed with a validating parser. (markt) - </fix> - <fix> - <bug>56223</bug>: Throw an <code>IllegalStateException</code> if a call - is made to <code>ServletContext.setInitParameter()</code> after the - ServletContext has been initialized. (markt) - </fix> - <fix> - <bug>56265</bug>: Do not escape values of dynamic tag attributes - containing EL expressions. (kkolinko) - </fix> - <fix> - Make the default compiler source and target versions for JSPs Java 7 - since Tomcat 8 requires Java 7 as a minimum. (markt) - </fix> - <update> - <bug>56283</bug>: Update to the Eclipse JDT Compiler P20140317-1600 - which adds support for Java 8 syntax to JSPs. Add support for value - "1.8" for the <code>compilerSourceVM</code> and - <code>compilerTargetVM</code> options. (markt) - </update> - </changelog> - </subsection> - <subsection name="WebSocket"> - <changelog> - <fix> - Avoid a possible deadlock when one thread is shutting down a connection - while another thread is trying to write to it. (markt) - </fix> - <fix> - Avoid NPE when flushing batched messages. (markt) - </fix> - </changelog> - </subsection> - <subsection name="Web Applications"> - <changelog> - <add> - <bug>56093</bug>: Add the SSL Valve to the documentation web - application. (markt) - </add> - <fix> - <bug>56217</bug>: Improve readability by using left alignment for the - table cell containing the request information on the Manager application - status page. (markt) - </fix> - <fix> - Fixed <code>java.lang.NegativeArraySizeException</code> when using - "Expire sessions" command in the manager web application on a - context where the session timeout is disabled. (kfujino) - </fix> - <fix> - Add support for <code>LAST_ACCESS_AT_START</code> system property to - Manager web application. (kfujino) - </fix> - </changelog> - </subsection> - <subsection name="Other"> - <changelog> - <fix> - <bug>56115</bug>: Expose the <code>httpusecaches</code> property of - Ant's <code>get</code> task as some users may need to change the - default. Based on a suggestion by Anthony. (markt) - </fix> - <fix> - <bug>56143</bug>: Improve <code>service.bat</code> so that it can be - launched from a non-UAC console. This includes using a single call to - <code>tomcat8.exe</code> to install the Windows service rather than - three calls, and using command line arguments instead of environment - variables to pass the settings. (markt/kkolinko) - </fix> - <scode> - Simplify Windows *.bat files: remove %OS% checks, as current java does - not run on ancient non-NT operating systems. (kkolinko) - </scode> - <fix> - Align options between <code>service.bat</code> and <code>exe</code> - Windows installer. For <code>service.bat</code> the changes are in - --Classpath, --DisplayName, --StartPath, --StopPath. For - <code>exe</code> installer the changes are in --JvmMs, --JvmMx options, - which are now 128 Mb and 256 Mb respectively instead of being empty. - Explicitly specify --LogPath path when uninstalling Windows service, - avoiding default value for that option. (kkolinko) - </fix> - <fix> - <bug>56137</bug>: Explicitly use NIO connector in SSL example in - server.xml so it doesn't break if APR is enabled. (markt) - </fix> - <fix> - <bug>56139</bug>: Avoid a web application class loader leak in some unit - tests when running on Windows. (markt) - </fix> - <fix> - Correct build script to avoid building JARs with empty packages. (markt) - </fix> - <add> - Allow to limit JUnit test run to a number of selected test case - methods. (kkolinko) - </add> - <update> - Update Commons Pool 2 to 2.2. (markt) - </update> - <update> - Update Commons DBCP 2 to the 2.0 release. (markt) - </update> - <fix> - <bug>56189</bug>: Remove used file cpappend.bat from the distribution. - (markt) - </fix> - <fix> - <bug>56204</bug>: Remove unnecessary dependency between tasks in the - build script. (markt) - </fix> - <fix> - Add definition of <code>org.apache.catalina.ant.FindLeaksTask</code>. - (kfujino) - </fix> - <fix> - Implement <code>org.apache.catalina.ant.VminfoTask</code>, - <code>org.apache.catalina.ant.ThreaddumpTask</code> and - <code>org.apache.catalina.ant.SslConnectorCiphersTask</code>. (kfujino) - </fix> - <add> - Add the option to the Apache Ant tasks to ignore the constraint of the - first line of the response message that must be "OK -" - (<code>ignoreResponseConstraint</code> in <code>AbstractCatalinaTask</code>). - Default is false. (kfujino) - </add> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.3 (markt)" rtext="beta, 2014-02-11"> - <subsection name="Other"> - <changelog> - <fix> - Fix build of Apache Commons DBCP2 classes. (kkolinko) - </fix> - <update> - Update Commons DBCP 2 to snapshot 170 dated 07 Feb 2014. This enables - DBCP to work with a SecurityManager such that only DBCP needs to be - granted the necessary permissions to communicate with the database. - (markt) - </update> - </changelog> - </subsection> -</section> -<section name="Tomcat 8.0.2 (markt)" rtext="not released"> - <subsection name="Catalina"> - <changelog> - <fix> - <bug>56082</bug>: Fix a concurrency bug in JULI's LogManager - implementation. (markt) - </fix> - <fix> - <bug>56085</bug>: <code>ServletContext.getRealPath(String)</code> should - return <code>null</code> for invalid input rather than throwing an - <code>IllegalArgumentException</code>. (markt) - </fix> - <fix> - Fix WebDAV support that was broken by the refactoring for the new - resources implementation. (markt) - </fix> - <scode> - Simplify Catalina.initDirs(). (kkolinko) - </scode> - <fix> - <bug>56096</bug>: When the attribute <code>rmiBindAddress</code> of the - JMX Remote Lifecycle Listener is specified it's value will be used when - constructing the address of a JMX API connector server. Patch is - provided by Jim Talbut. (violetagg) - </fix> - <fix> - When environment entry with one and the same name is defined in the web - deployment descriptor and with annotation then the one specified in the - web deployment descriptor is with priority. (violetagg) - </fix> - <fix> - Fix passing the value of false for <code>xmlBlockExternal</code> option - of Context to Jasper, as the default was changed in 8.0.1. (kkolinko) - </fix> - </changelog> - </subsection> - <subsection name="Coyote"> - <changelog>
[... 380 lines stripped ...] --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
