craigmcc 01/03/30 12:31:53
Modified: . RELEASE-NOTES-4.0-B2.txt
Log:
Update beta-2 release notes to reflect changes made to date.
Need to verify behavior of several of the new features (running Jasper using
Xerces 1.3, compression filter, and server-side includes) before including
them in the beta 2 release.
Revision Changes Path
1.3 +87 -8 jakarta-tomcat-4.0/RELEASE-NOTES-4.0-B2.txt
Index: RELEASE-NOTES-4.0-B2.txt
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/RELEASE-NOTES-4.0-B2.txt,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- RELEASE-NOTES-4.0-B2.txt 2001/03/24 01:23:21 1.2
+++ RELEASE-NOTES-4.0-B2.txt 2001/03/30 20:31:52 1.3
@@ -3,7 +3,7 @@
Release Notes
=============
-$Id: RELEASE-NOTES-4.0-B2.txt,v 1.2 2001/03/24 01:23:21 craigmcc Exp $
+$Id: RELEASE-NOTES-4.0-B2.txt,v 1.3 2001/03/30 20:31:52 craigmcc Exp $
============
@@ -24,6 +24,8 @@
IMPORTANT SECURITY NOTE: This release includes a fix to a "cross site
scripting vulnerability" caused by a request URI such as:
http://localhost:8080/<SCRIPT>alert(document.cookie)</SCRIPT>.xyz
+and the "may expose JSP source code" vulnerability caused by:
+ http://localhost:8080/examples/jsp/snp/snoop.js%70
============
@@ -61,7 +63,12 @@
approved by the JSR-053 Expert Group, and will appear in the next release
of the specification.
+Resource Factory for javax.mail.Session Objects: You can now use the
+<resource-ref> element in a web.xml file (and the corresponding resource
+configuration in server.xml) to create javax.mail.Session objects automatically
+without having to specify your own factory.
+
-------------------
Jasper New Features:
-------------------
@@ -81,6 +88,33 @@
when a web application wishes to use Xerces. See the "KNOWN ISSUES" section
for more information on this topic.
+Run From WAR File: Jasper has been modified so that it should be possible to
+run web applications using JSP pages directly from an unpacked WAR file (or
+any other repository that provides appropriate URL stream handlers).
+
+JSP API Changes: Implement the JSP API changes that have been approved by
+the JSR-053 Expert Group, and will appear in the next release of the
+specification.
+
+
+--------------------
+Webapps New Features:
+--------------------
+
+CompressionFilter: A new example Filter implementation that performs
+on-the-fly GZIP compression (if the client supports it, and if the response
+is larger than a configurable size). See the source file
+"/WEB-INF/classes/compressionFilters/CompressionFilter.java" in the example
+application.
+
+Manager Application: The manager application has been enhanced to return the
+status of each web application (running or stopped) and the number of current
+active sessions, in the list command. You can also request a list of the
+session information for all active sessions.
+
+Server Side Includes: Initial implementation of a pre-installed servlet that
+performs server-side include processing on *.shtml files (except for #exec).
+
==========================
BUG FIXES AND IMPROVEMENTS:
@@ -211,7 +245,47 @@
DefaultServlet: Make most methods protected instead of private, to ease
subclassing.
+EjbFactory: Correct lookups of object factories for <ejb-link>.
+
+Configuration Documentation: Added configuration documentation details for the
+<Logger>, <Realm>, and <Valve> elements.
+
+DirContextURLStreamHandler: Fix NullPointerExceptions that occurred during
+openStream() operations under some circumstances.
+
+ApplicationContext: Add support for immutable servlet context attributes
+(i.e. you cannot remove or replace them), and apply this to the class loader
+and class path passed to Jasper.
+
+DefaultServlet: Add query parameters before sending a redirect.
+
+JDBCRealm: Correct password digest encoding so that it is compatible with the
+techniques used in Tomcat 3.x.
+
+StandardContext: Create JNDI entries for EJB references, resource references,
+and resource environment references in the "java:comp/env" context (as the
+J2EE spec requires), rather than "java:comp".
+
+Deployer: Deployment semantics have been modified so that directories unpacked
+as part of deployment will not be arbitrarily removed at undeployment time.
+HttpRequestBase: Correct implementation of isUserInRole() so that it properly
+respects role name aliases defined with <security-role-ref> elements.
+
+Bootstrap: Rearrange the order in which repositories are added when Catalina
+classloaders are created so that the "classes" directory (for a given class
+loader) always overrides any JAR files in the corresponding "lib" directory.
+This is consistent with the way web application class loaders are defined.
+
+HttpResponseBase: Fix NullPointerException thrown when establishing a new
+session when the client has disabled cookies.
+
+ResponseBase: Fix problems that surfaced with IE5.5 when there is an error
+in a JSP file that was included with <jsp:include ... flush="true"/>.
+
+RequestUtil: Fix a compilation problem with Jikes.
+
+
----------------
Jasper Bug Fixes:
----------------
@@ -232,7 +306,16 @@
SimplePool: Fix a race condition.
+JspCompiler: Avoid generating NullPointerExceptions when the resource
+does not exist.
+
+JspEngineContext: Correct bad classpaths generated from non-file: URLs.
+
+JspParseEventListener: Handle the empty element case. Among other things,
+this allows Jasper to run correctly when using Xerces 1.3.0 instead of the
+JAXP 1.1 reference implementation, if this is desired.
+
============================
KNOWN ISSUES IN THIS RELEASE:
============================
@@ -270,13 +353,9 @@
* If you wish to make another XML parser that is JAXP/1.1-compatible
available to all web applications, install that parser into the
"$TOMCAT_HOME/lib" directory and remove "jaxp.jar" and "crimson.jar"
- from the "$TOMCAT_HOME/jasper" directory.
-
- WARNING: No current version of Xerces, including 2.0.0 alpha releases,
- fully implements the JAXP/1.1 specification. As a result, you will not
- be able to utilize JSP pages in XML syntax (which requires a parser that
- is compatible with JAXP/1.1) until Xerces completely implements this
- specification.
+ from the "$TOMCAT_HOME/jasper" directory. It has been reported that
+ Xerces 1.3.0 can be used in this fashion, but 2.x alpha releases
+ can not be.
* If you wish to use an XML parser (such as Xerces) in the WEB-INF/lib
directory of your web application, this should now be possible, because
