kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/apache-tomcat6/PLIST

486 lines
26 KiB
Text
Raw Normal View History

update to apache-tomcat 6.0.36. Upstream changelog: Tomcat 6.0.36 (jfclere) Catalina ++++++++ update 48692: Provide option to parse application/x-www-form-urlencoded PUT requests. (schultz) add 50306: New StuckThreadDetectionValve to detect requests that take a long time to process, which might indicate that their processing threads are stuck. Based on a patch provided by TomLu. (kkolinko) fix 50570: Enable FIPS mode to be set in AprLifecycleListener. Based upon a patch from Chris Beckey. Note that this mode requires tomcat-native 1.1.23 or later linked to a FIPS-capable OpenSSL library, which one has to build by themselves. (schultz/kkolinko) fix Improve synchronization and error handling in AprLifecycleListener. Do not allow to change SSL options if SSL has already been initialized. (schultz/kkolinko) fix 52225: Fix ClassCastException when adding an alias for an existing host via JMX. (kkolinko) fix 52293: Correctly handle the case when antiResourceLocking is enabled at the Context level when unpackWARs is disabled at the Host level. Correctly handle multi-level contexts when antiResourceLocking is enabled. Patch by Justin Miller. (kkolinko) fix Do not throw IllegalArgumentException from parseParameters() call when chunked POST request is too large, but treat it like an IO error. The FailedRequestFilter filter can be used to detect this condition. (kkolinko) fix 52384: Do not fail with parameter parsing when debug logging is enabled. (kkolinko) fix Do not flag extra '&' characters in parameters as parse errors. (kkolinko) fix 52488: Correct typos: exipre -> expire. Based on a patch by prockter. (markt) fix Reduce log level for the message about hitting maxParameterCount limit from WARN to INFO. Fix limit comparison to allow exactly maxParameterCount parameters, as documentation says, instead of (maxParameterCount-1). (kkolinko) fix Slightly improve performance of UDecoder.convert(). Align %2f handling between implementations. (kkolinko) add Add denyStatus attribute to RequestFilterValve (RemoteAddrValve, RemoteHostValve valves). It allows to use different HTTP response code when rejecting denied request. E.g. 404 instead of 403. (kkolinko) add Add SetCharacterEncodingFilter (similar to the one contained in the examples web application) to the org.apache.catalina.filters package so that it is available for all web applications. (kkolinko) add 52500: Added configurable mechanism to retrieve user names from X509 client certificates. Based on a patch provided by Michael Furman. (schultz/kkolinko) fix 52719: Fix a theoretical resource leak in the JAR validation that checks for non-permitted classes in web application JARs. (markt) fix 52830: Correct JNDI lookups when using javax.naming.Name to identify the resource rather than a java.lang.String. (markt) add 52850: Extend memory leak prevention and detection code to work with IBM as well as Oracle JVMs. Based on a patch provided by Rohit Kelapure. (kkolinko) add 52996: In StandardThreadExecutor: Add the ability to configure a job queue size (maxQueueSize attribute). Add a variant of execute method that allows to specify a timeout for how long we want to try to add something to the queue. Based on a patch by Rüdiger Plüm. (kkolinko) fix 53047: If a JDBCRealm or DataSourceRealm is configured for an all roles mode that only requires authorization (and no roles) and no role table or column is defined, don't populate the Principal's roles. (markt/kkolinko) fix 53050: Fix handling of entropy value when initializing session id generator in session manager. Based on proposal by Andras Rozsa. (kkolinko) fix 53056: Add APR version number to tcnative version INFO log message. (schultz) fix 53057: Add OpenSSL version number INFO log message when initializing. (schultz) fix 53071: Use the message from the Throwable for the error report generated by the ErrorReportValve if none was specified via sendError(). Use the standard text for HTTP error codes. (markt/rjung) update 53230: Change session managers to throw TooManyActiveSessionsException instead of IllegalStateException when the maximum number of sessions has been exceeded and a new session will not be created. (schultz/kkolinko) fix 53267: Ensure that using the GC Daemon Protection feature of the JreMemoryLeakPreventionListener does not trigger a full GC every hour. (markt/kkolinko) fix 53531: Fix ExpandWar.expand to check the return value of File.mkdir and File.mkdirs. (schultz) fix Make the CSRF nonce cache in CsrfPreventionFilter serializable so that it can be replicated across a cluster and/or persisted across Tomcat restarts. (markt) fix 53584: Ignore path parameters when comparing URIs for FORM authentication. This prevents users being prompted twice for passwords when logging in when session IDs are being encoded as path parameters. (markt) fix Various improvements to the DIGEST authenticator including 52954, the disabling caching of an authenticated user in the session by default, tracking server rather than client nonces and better handling of stale nonce values. (markt) fix Remove unneeded handling of FORM authentication in RealmBase. (kkolinko) fix 53800: FileDirContext.list() did not provide correct paths for subdirectories. Patch provided by Kevin Wooten. (kkolinko) fix 53830: Better handling of Manager.randomFile default value on Windows. (kkolinko) fix Improve session management in CsrfPreventionFilter. (kkolinko) Coyote ++++++ fix 42181: Better handling of edge conditions in chunk header processing. (kkolinko) update 51477: Support all SSL protocol combinations in the APR/native connector. This only works when using the native library version 1.1.21 or later. (rjung) fix 52055 (comment 14): Correctly reset ChunkedInputFilter.needCRLFParse flag when the filter is recycled. (kkolinko) fix 52606: Ensure replayed POST bodies are available when using AJP. (markt) fix 52858: Fix high CPU load with SSL, NIO and sendfile when client breaks the connection before reading all the requested data. (fhanik/kkolinko) fix 53119: Prevent buffer overflow errors being reported when a client disconnects before the response has been fully written from an AJP connection using the APR/native connector. (kkolinko) fix Improve InternalNioInputBuffer.parseHeaders(). (kkolinko) add Implement maxHeaderCount attribute on Connector. It is equivalent of LimitRequestFields directive of Apache HTTPD. Default value is 100. (kkolinko) fix In JkCoyoteHandler connector for AJP/1.3 protocol (in JkMain.setProperty()): Fix setting of properties when connector has already started for properties that have aliases. E.g. it now allows to change maxHeaderCount attribute on Connector MBean via JMX. (kkolinko) fix 53725: Fix possible corruption of GZIP'd output. (kkolinko) Jasper ++++++ fix 48097 (comment 7), 53366 (comment 1): If JSP page unexpectedly fails to initialize PageContext instance, write exception to the logs instead of silent swallowing. (kkolinko) fix 52335: Only handle <\% and not \% as escaped in template text. (markt) fix 52666: Correct coercion order in EL when processing the equality and inequality operators. (markt) fix 53001: Revert the fix for 46915 since the use case described in the bug is invalid since it breaks the EL specification. (markt) fix 53032: Modify JspC so it extends org.apache.tools.ant.Task enabling it to work with features such as namespaces within build.xml files. (markt) Cluster +++++++ fix Replicate principal in ClusterSingleSignOn. (kfujino) fix 53513: Fix race condition between the processing of session sync message and transfer complete message. (kfujino) fix 53606: Fix potential NPE in TcpPingInterceptor. Based on a patch by F. Arnoud. (markt) fix 53607: To avoid NPE, set TCP PING data to ChannelMessage. Patch provided by F.Arnoud (kfujino) fix Fix a behavior of TcpPingInterceptor#useThread. Do not start a ping thread when useThread is set to false. (kfujino) Web applications ++++++++++++++++ fix 52243: Improve windows service documentation to clarify how to include # and/or ; in the value of an environment variable that is passed to the service. (markt) fix 52515: Make it clear in the Realm how-to in the documentation web application that digested password storage when using DIGEST authentication requires that MD5 digests are used. (markt) fix 52641: Remove mentioning of ldap.jar from docs. Patch provided by Felix Schumacher. (rjung) fix Remove obsolete bug warning from windows service documentation page. (rjung) fix 52983: Remove unnecessary code that makes switching to other authentication methods difficult. (markt) fix 53158: Fix documented defaults for DBCP. Patch provided by ph.dezanneau at gmail.com. (rjung) update Update JavaSE documentation links to point to the current docs.oracle.com site, instead of obsolete ones (download.oracle.com, java.sun.com). (kkolinko) update 53289: Clarify ResourceLink example that uses DataSource.getConnection(username, password) method. Not all data source implementations support it. (kkolinko) fix Prevent the custom error pages for the Manager and Host Manager applications from being accessed directly. Configure custom pages for error codes 401 and 403 in Host Manager application. (markt/kkolinko) fix Correct documentation for enableLookups attribute of a Connector. By default DNS lookups are disabled. (kkolinko) fix Fix several HTML markup errors in servlets of examples web application. (kkolinko) update Change the index page of ROOT webapp to mention "manager-gui" role instead of "manager" one. (kkolinko) fix 53473: Correct the allowed values for the SSI option isVirtualWebappRelative which are true or false. (markt) fix 53664: Minor JNDI Howto document enhancement concerning mail properties. Patch provided by Mark Eggers. (schultz) fix 53601: Clarify that to build Apache Tomcat 6 from sources a Java 5 JDK is recommended. (kkolinko) fix 53793: Change links on the list of applications in the Manager to point to /appname/ instead of /appname. (kkolinko) Other +++++ fix 49402, 52124: Fix Maven publishing script: make sure it finds tomcat-juli.jar and use later version of wagon-ssh. (jfclere) fix Update Apache Commons Daemon to 1.0.10. It resolves 52548 which meant that services created with service.bat did not set the catalina.home and catalina.base system properties. (markt, kkolinko) update Update Apache Commons Pool to 1.5.7. (kkolinko) update 52579: Add a note about Sun's Charset.decode() bug to the RELEASE-NOTES file. (kkolinko) update 52805: Update to Eclipse JDT Compiler 3.7.2. (kkolinko) update Update the native component of the APR/native connectors to 1.1.23 and take advantage of the simplified distribution. (kkolinko) fix When building a Windows installer do not copy whole "res" folder to output/dist, but only the files that we need. Apply fixcrlf filter only after the files are copied, so that INSTALLLICENSE file had correct line ends. (kkolinko) update Remove res/License.rtf. The file that is actually shown by the Windows installer is res/INSTALLLICENSE. (kkolinko) update Improve RUNNING.txt. (kkolinko) update Align the script that deploys Maven jars for Tomcat (res/maven/mvn-pub.xml) with the Tomcat 7 version, making full use of Nexus. (markt) add 53034: Add project.url and project.licenses sections to the POMs for the Maven artifacts. (kkolinko) fix 53454: Return correct content-length header for HEAD requests when content length is greater than 2GB. (markt)
2012-12-02 12:31:17 +01:00
@comment $NetBSD: PLIST,v 1.7 2012/12/02 11:31:17 spz Exp $
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/doc/tomcat/LICENSE
Update from .18->.20 In brief: 46933: Update StringManager to use Java 5 features. Patch provided by Jens Kapitza. (markt) 46990: Fix synchronization issues reported by FindBugs. Patch provided by Sebb. (markt) Allow huge request body packets for AJP13. (rjung) Manager application prints FAIL if application was deployed but failed to start (fhanik) When shutdown port is disabled, print user friendly message and not a stack trace. (fhanik) The invoker servlet has been deprecated and will be removed in Tomcat 7 onwards. (markt) 45154 Implement SEND_FILE behavior for SSL connections using NIO (fhanik) For full details see: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
2009-06-06 19:34:08 +02:00
share/doc/tomcat/NOTICE
Update of apache-tomcat to version 6.0.29 (and a little Makefile cosmetics) fixes two of the currently known security issues Upstream changelog: Tomcat 6.0.29 (jfclere) released 2010-07-22 Catalina add 48960: Add a new option to the SSI Servlet and SSI Filter to allow the disabling of the exec command. This is now disabled by default. Based on a patch by Yair Lenga. (markt) fix 49551: Allow default context.xml location to be specified using an absolute path. (markt) fix 49598: When session is changed and the session cookie is replaced, ensure that the new Set-Cookie header overwrites the old Set-Cookie header. (markt) fix Fix order when listing Webapp loader search URLs. (rjung) add Add support for *.jar pattern in VirtualWebappLoader. (kkolinko) Tomcat 6.0.28 (jfclere) released 2010-07-09 Catalina fix Arrange filter logic. (jfclere) fix 49230: Enhance JRE leak prevention listener with protection for the keep-alive thread started by sun.net.www.http.HttpClient. Patch provided by Rob Kooper. (markt) fix 49351: Fix possible NPe when embedding and no name is specified for the Service. (markt) fix 49424: Avoid NPE if client provides no data with a chunked POST request. (markt) fix 49414: Differentiate between request threads and application created threads when warning about still running threads when an application stops. (markt) fix 49443: Use remoteIpHeader rather than remoteIPHeader consistently. (markt) add Add property searchExternalFirst to WebappLoader. If set, the external repositories will be searched before the WEB-INF ones. (rjung) Cluster fix 49445: When session ID is changed after authentication, ensure the DeltaManager replicates the change in ID to the other nodes in the cluster. (kfujino) Webapps fix 49213: Grant permissions required by manager application when running under a security manager. (markt/kkolinko) fix 49436: Correct documented default for readonly attribute of the UserDatabase component. (markt) Tomcat 6.0.27 (jfclere) not released General update Update DBCP to 1.3. (markt) Catalina fix Fix CVE-2010-1157. Prevent possible disclosure of host name or IP address via the HTTP WWW-Authenticate header when using BASIC or DIGEST authentication. (markt) add Include context name when reporting memory leaks to aid root cause identification. (markt) fix Improve exception handling on session de-serialization to assist in identifying the root cause of 48007. (kkolinko) add 48379: Make session cookie name, domain and path configurable per context. (markt) fix 48589: Make JNDIRealm easier to extend. Based on a patch by Candid Dauth. (markt/kkolinko) fix 48629: Allow user names as well as DNs to be used with the nested role search. Add roleNested to the documentation. Patch provided by Felix Schumacher. (markt) fix 48661: Make error page behavior consistent, regardless of how the error page is defined. If a response has been committed, always include the error page. (markt) fix 48729: Return roles defined by both userRoleName and roleName mechanisms. Patch provided by 'eric'. Also make user's role list immutable.(markt) fix 48760: Fix potential multi-threading issue in static resource serving where multiple threads could try to use the the same InputStream. (markt) fix 48790: Fix thread safety issue in the count of the maximum number of active session. (markt/kkolinko) fix 48793: Make catalina.sh more robust to different return values on different platforms. Patch provided by Thomas GL. (markt) fix 48840: Swallow output (if any) from use of cd when determining $CATALINA_HOME in catalina.sh and tool-wrapper.sh scripts. Based on patch provided by mdietze. (markt/kkolinko) fix 48895: Make clearing of ThreadLocals that are causing memory leaks on web application stop, reload or undeploy configurable since the process of clearing them is not thread-safe. (markt) fix 48903: Fix deadlock in webapp class loader. (rjung) fix 48971: Make stopping of leaking Timer threads optional and disabled by default. (markt) fix 48976: Document JAVA_ENDORSED_DIRS in start-up scripts. Patch provided by Laurent Vaills. (markt) fix 48983: Improve debug logging for situations when RemoteIpValve is bypassed. Patch provided by Cyrille Le Clerc. (markt) fix 49018: Fix processing of time argument in the Expire sessions action in the Manager web application. (kkolinko) fix 49116: If session is already invalid, expire session to prevent memory leak. (kfujino) fix 49158: Ensure only one session cookie is returned for a single request. (markt/fhanik) fix 49245: Fix session expiration check in cross-context requests. (markt) fix 49398: ByteChunk.indexOf(String, int, int, int) could not find a string of length 1. (kkolinko) fix Fix possible overflows when calculating session statistics. (kkolinko) add Log unexpected exceptions when providing access to web application resources in ApplicationContext. (kkolinko) fix Improve exception handling in CatalinaShutdownHook. (kkolinko) add Expose properties of VirtualWebappLoader and WebappClassLoader via JMX. (rjung) Coyote fix 48839: Correctly handle HTTP header folding in the NIO connector. Patch suggested by Richa Baronia. (markt) fix 48843: Prevent possible deadlock for worker allocation in connectors. (kkolinko) fix 48843: Fix handling of add queues in AprEndpoint.Poller and AprEndpoint.Sendfile. Do not miss wakeups. (kkolinko) add 48862: Add support for the backlog parameter to the AJP connector. (pero/markt) fix 48917: Correct name of mod_jk module in ApacheConfig. Patch provided by Todd Hicks. (markt) fix 49095: AprEndpoint did not wakeup acceptors during shutdown when deferAccept option was enabled. Based on a patch provided by Ruediger Pluem. (kkolinko) add Use chunked encoding for http 1.1 requests with no content-length (regardless of keep-alive) so client can differentiate between complete and partial responses. (markt) fix Correct the SSL session timeout attribute name so the code agrees with the documentation. (markt) add CoyotePrincipal now implements Serializable. (fhanik) fix Enable the BIO AJP connector to run under a security manager. (markt) Jasper fix 45015: Correct a regression in quote handling caused by the re-factoring of attribute parsing. (markt) fix 48701: Add a system property to allow disabling enforcement of JSP.5.3. The specification recommends, but does not require, this enforcement. (kkolinko) fix 48737: Don't assume paths that start with /META-INF/... are always in JARs. This is not true for some IDEs. Patch provided by Fabrizio Giustina. (markt) fix 49081: Correctly handle EL expressions of the form #${...}. (markt) fix 49196: Avoid NullPointerException in PageContext.getErrorData() if an error-handling JSP page is called directly. (markt) Cluster fix 48717: When a node joins a cluster and it receives all the current sessions, ensure the sessionCreated event is fired if the Manager is configured to replicate session events. (markt) fix 48934: Previous fix to handle dropped connections incorrectly permanently disabled session replication. (fhanik) fix 49051: memberAlive is not called if member has not already existed in membership. (kfujino) fix 49151: Avoid ClassCastException in BackupManager#stop. (kfujino) fix 49170: Do not send duplicated session. (kfujino) fix Add missing messages and ensure cluster listeners log messages to correct logger. (markt) Webapps add Use underscores instead of spaces in anchor names in Tomcat documentation. (kkolinko) add Add support for displaying the Spring Security user name (if present) in the Manager application. (markt) update Improve the ChatServlet Comet example (/examples/jsp/chat/). (kkolinko) Other update Update to Commons Daemon 1.0.2. Use service launcher (procrun) from the Commons Daemon release. Do not keep a copy of it in our source tree. (mturk/kkolinko) update Update to NSIS 2.46. (kkolinko) fix 48990: Fix the skip.installer build property so if set, only the Windows installer is skipped. (markt) fix 49178: Provide in catalina.policy an example of additional permissions that might be needed for code located in $CATALINA_BASE/lib. (markt) fix 49236: Do not use indexing when packing Tomcat JARs. (kkolinko) fix Remove unused code from org.apache.tomcat.util.buf classes. (kkolinko) update Rearrange tomcat-juli.jar permissions and wrap long lines in the conf/catalina.policy file, to make the text more readable when cited in documentation. (kkolinko) fix Do not evaluate the execute.installer property when building a release. The skip.installer property is used instead. (kkolinko) Tomcat 6.0.26 (jfclere) released 2010-03-11 Catalina fix Close security hole in unreleased 6.0.25 by ensuring new find leaks functionality is protected by a security constraint. (kkolinko) fix 48831: Improve logging shutdown behaviour. Use Catalina's shutdown hook to shutdown JULI. This enables them to be shutdown in the correct order. Do not shutdown global handlers several times. (markt/kkolinko) Coyote fix 48584: Prevent the APR connector logging an error if the acceptor fails during shutdown since this is expected. (mturk) fix 48660: Using compression should not overwrite any Vary header set by a web application. (markt) Jasper fix 48371: Ensure generated servlet mappings are inserted at the correct location when using JspC and allow the option that controls this to be configured on the command line. Also allow the encoding of web.xml to be configured when using JspC and deprecate some unused JspC methods. (markt/kkolinko) fix 48498: Avoid ArrayIndexOutOfBoundsException triggered by a Java 6/7 XML parser bug. (markt/kkolinko) fix 48668: Additional fixes to ensure deferred syntax is handled correctly. (kkolinko) fix 48827: Correct a regression in the fix for 47977 that caused an incorrect non-empty body error to be reported for valid JSP documents. (markt) Webapps add Make changelog.xml be directly rendered as HTML by certain browsers. (kkolinko) add Add support for automated generation of TOC tables and for links to svn revisions to tomcat-docs.xsl in documentation. (kkolinko/fhanik) add Move Manager application JSPs that are not intended to be accessed directly under the WEB-INF directory. (kkolinko) fix Improve the messages displayed by the find leaks diagnostic in the Manager application. (kkolinko) Other fix Encode all property files using ascii escaped UTF-8. Also fixes deployment problem when using French locale. (jfclere/rjung) Tomcat 6.0.25 (jfclere) not released Catalina fix 48039: Return immediately if start() is called on an already started StandardService. (markt) fix 48109: Ensure InputStream is closed on error condition in web application class loader. (markt) fix 48179: Clean up dead code that was used to read tldCache file. (kkolinko) fix 48318: Handle case where WebDAV resource is in directory listing but is not accessible. (markt) add 48384: Add a per context xslt option for directory listings. Make the fallback options work as described in the documentation. (markt) fix 48577: Filter URL when displaying missing included page. (markt) fix 48612: Prevent exception on shutdown if the address attribute is specified for a connector. (markt) fix 48613: Further fixes to ensure APRLifecycleListener is only used if defined in server.xml. (fhanik) fix 48614: Correct JULI log file buffering so default behaviour is no buffering. (fhanik) fix 48625: Provide an option to exit if an error occurs during the initialization phase. (fhanik) fix 48645: Use specified encoding rather than null in calls to RequestUtil.URLDecode(byte[] bytes, String enc) (markt) fix 48653: Force request.secure and request.scheme to false and http if the X-Forwarded-Proto header has the value http. Patch provided by Cyrille Le Clerc. (markt) fix 48678: Remove duplicate server field from org.apache.catalina.startup.Catalina. (markt) fix 48694: Remove potential deadlock in web application class loader. (markt) add 48716: Provide additional configuration options for JULI. (markt) fix 48726: Prevent OOME when uploading large WAR files with the deployer. Patch provided by adam. (markt) add Improve memory leak protection by safely stopping threads started via java.util.Timer that an application starts but fails to stop and by clearing references retained due to the use of java.util.ResourceBundle. (markt) update Modify ThreadLocal memory leak detection to not report false positives and to simplify implementation. (markt/kkolinko) add Basic memory leak detection was added to the standard Host implementation and exposed via JMX to detect memory leaks on web application reload. (markt/kkolinko) Coyote update Update the native/APR library version bundled with Tomcat to 1.1.20. (kkolinko) Jasper add Add some debug logging to the compiler where exceptions were previously swallowed. (markt) fix 48170: Remove unnecessary synchronization that is causing issues under load. (markt) fix 48580: Prevent AccessControlException if first access is to a JSP that uses a FunctionMapper. (markt) fix 48582: Avoid NPE on background compilation failure. (markt) fix 48616: Don't declare or synchronize scripting variables for JSP fragments since they are scriptless. This is an alternative fix for 42390 that avoids both the original problem and the regression in the first fix. (kkolinko) fix 48627: Fix regression in re-factored EL parsing. Keep literals as literals and handle deferredSyntaxAllowedAsLiteral. (kkolinko) fix 48668: When parsing JSPs only parse EL as EL if EL is enabled else strings such as ${ will be silently dropped. (markt) fix Various EL TCK failures. (markt) Cluster fix Force a disconnect if an error occurs during replication such as a firewall dropping the connection. (fhanik) Webapps add Add new "Find leaks" command to the Manager application. It allows to detect web applications that have caused memory leaks on stop, reload or undeploy. (markt/kkolinko) Other fix Ensure files in conf directory have CRLF line endings when using the Windows installer. (kkolinko) fix Allow special characters recognized by the Windows command-line shell to be present in the names of CATALINA_HOME/_BASE and the current directory used to call the Tomcat scripts. (kkolinko) fix Don't use @Deprecated annotations in javax.servlet.jsp.JspContext since the specification does not include them in the API definition. (markt) add Improve the information in the JAR manifest files. (markt)
2010-09-19 16:32:04 +02:00
share/doc/tomcat/RELEASE-NOTES
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/doc/tomcat/RUNNING.txt
share/examples/rc.d/tomcat
share/examples/tomcat/catalina.policy
share/examples/tomcat/catalina.properties
share/examples/tomcat/context.xml
share/examples/tomcat/logging.properties
share/examples/tomcat/server.xml
share/examples/tomcat/tomcat-users.xml
share/examples/tomcat/web.xml
share/tomcat/bin/bootstrap.jar
share/tomcat/bin/catalina-tasks.xml
share/tomcat/bin/catalina.sh
Update of apache-tomcat to version 6.0.29 (and a little Makefile cosmetics) fixes two of the currently known security issues Upstream changelog: Tomcat 6.0.29 (jfclere) released 2010-07-22 Catalina add 48960: Add a new option to the SSI Servlet and SSI Filter to allow the disabling of the exec command. This is now disabled by default. Based on a patch by Yair Lenga. (markt) fix 49551: Allow default context.xml location to be specified using an absolute path. (markt) fix 49598: When session is changed and the session cookie is replaced, ensure that the new Set-Cookie header overwrites the old Set-Cookie header. (markt) fix Fix order when listing Webapp loader search URLs. (rjung) add Add support for *.jar pattern in VirtualWebappLoader. (kkolinko) Tomcat 6.0.28 (jfclere) released 2010-07-09 Catalina fix Arrange filter logic. (jfclere) fix 49230: Enhance JRE leak prevention listener with protection for the keep-alive thread started by sun.net.www.http.HttpClient. Patch provided by Rob Kooper. (markt) fix 49351: Fix possible NPe when embedding and no name is specified for the Service. (markt) fix 49424: Avoid NPE if client provides no data with a chunked POST request. (markt) fix 49414: Differentiate between request threads and application created threads when warning about still running threads when an application stops. (markt) fix 49443: Use remoteIpHeader rather than remoteIPHeader consistently. (markt) add Add property searchExternalFirst to WebappLoader. If set, the external repositories will be searched before the WEB-INF ones. (rjung) Cluster fix 49445: When session ID is changed after authentication, ensure the DeltaManager replicates the change in ID to the other nodes in the cluster. (kfujino) Webapps fix 49213: Grant permissions required by manager application when running under a security manager. (markt/kkolinko) fix 49436: Correct documented default for readonly attribute of the UserDatabase component. (markt) Tomcat 6.0.27 (jfclere) not released General update Update DBCP to 1.3. (markt) Catalina fix Fix CVE-2010-1157. Prevent possible disclosure of host name or IP address via the HTTP WWW-Authenticate header when using BASIC or DIGEST authentication. (markt) add Include context name when reporting memory leaks to aid root cause identification. (markt) fix Improve exception handling on session de-serialization to assist in identifying the root cause of 48007. (kkolinko) add 48379: Make session cookie name, domain and path configurable per context. (markt) fix 48589: Make JNDIRealm easier to extend. Based on a patch by Candid Dauth. (markt/kkolinko) fix 48629: Allow user names as well as DNs to be used with the nested role search. Add roleNested to the documentation. Patch provided by Felix Schumacher. (markt) fix 48661: Make error page behavior consistent, regardless of how the error page is defined. If a response has been committed, always include the error page. (markt) fix 48729: Return roles defined by both userRoleName and roleName mechanisms. Patch provided by 'eric'. Also make user's role list immutable.(markt) fix 48760: Fix potential multi-threading issue in static resource serving where multiple threads could try to use the the same InputStream. (markt) fix 48790: Fix thread safety issue in the count of the maximum number of active session. (markt/kkolinko) fix 48793: Make catalina.sh more robust to different return values on different platforms. Patch provided by Thomas GL. (markt) fix 48840: Swallow output (if any) from use of cd when determining $CATALINA_HOME in catalina.sh and tool-wrapper.sh scripts. Based on patch provided by mdietze. (markt/kkolinko) fix 48895: Make clearing of ThreadLocals that are causing memory leaks on web application stop, reload or undeploy configurable since the process of clearing them is not thread-safe. (markt) fix 48903: Fix deadlock in webapp class loader. (rjung) fix 48971: Make stopping of leaking Timer threads optional and disabled by default. (markt) fix 48976: Document JAVA_ENDORSED_DIRS in start-up scripts. Patch provided by Laurent Vaills. (markt) fix 48983: Improve debug logging for situations when RemoteIpValve is bypassed. Patch provided by Cyrille Le Clerc. (markt) fix 49018: Fix processing of time argument in the Expire sessions action in the Manager web application. (kkolinko) fix 49116: If session is already invalid, expire session to prevent memory leak. (kfujino) fix 49158: Ensure only one session cookie is returned for a single request. (markt/fhanik) fix 49245: Fix session expiration check in cross-context requests. (markt) fix 49398: ByteChunk.indexOf(String, int, int, int) could not find a string of length 1. (kkolinko) fix Fix possible overflows when calculating session statistics. (kkolinko) add Log unexpected exceptions when providing access to web application resources in ApplicationContext. (kkolinko) fix Improve exception handling in CatalinaShutdownHook. (kkolinko) add Expose properties of VirtualWebappLoader and WebappClassLoader via JMX. (rjung) Coyote fix 48839: Correctly handle HTTP header folding in the NIO connector. Patch suggested by Richa Baronia. (markt) fix 48843: Prevent possible deadlock for worker allocation in connectors. (kkolinko) fix 48843: Fix handling of add queues in AprEndpoint.Poller and AprEndpoint.Sendfile. Do not miss wakeups. (kkolinko) add 48862: Add support for the backlog parameter to the AJP connector. (pero/markt) fix 48917: Correct name of mod_jk module in ApacheConfig. Patch provided by Todd Hicks. (markt) fix 49095: AprEndpoint did not wakeup acceptors during shutdown when deferAccept option was enabled. Based on a patch provided by Ruediger Pluem. (kkolinko) add Use chunked encoding for http 1.1 requests with no content-length (regardless of keep-alive) so client can differentiate between complete and partial responses. (markt) fix Correct the SSL session timeout attribute name so the code agrees with the documentation. (markt) add CoyotePrincipal now implements Serializable. (fhanik) fix Enable the BIO AJP connector to run under a security manager. (markt) Jasper fix 45015: Correct a regression in quote handling caused by the re-factoring of attribute parsing. (markt) fix 48701: Add a system property to allow disabling enforcement of JSP.5.3. The specification recommends, but does not require, this enforcement. (kkolinko) fix 48737: Don't assume paths that start with /META-INF/... are always in JARs. This is not true for some IDEs. Patch provided by Fabrizio Giustina. (markt) fix 49081: Correctly handle EL expressions of the form #${...}. (markt) fix 49196: Avoid NullPointerException in PageContext.getErrorData() if an error-handling JSP page is called directly. (markt) Cluster fix 48717: When a node joins a cluster and it receives all the current sessions, ensure the sessionCreated event is fired if the Manager is configured to replicate session events. (markt) fix 48934: Previous fix to handle dropped connections incorrectly permanently disabled session replication. (fhanik) fix 49051: memberAlive is not called if member has not already existed in membership. (kfujino) fix 49151: Avoid ClassCastException in BackupManager#stop. (kfujino) fix 49170: Do not send duplicated session. (kfujino) fix Add missing messages and ensure cluster listeners log messages to correct logger. (markt) Webapps add Use underscores instead of spaces in anchor names in Tomcat documentation. (kkolinko) add Add support for displaying the Spring Security user name (if present) in the Manager application. (markt) update Improve the ChatServlet Comet example (/examples/jsp/chat/). (kkolinko) Other update Update to Commons Daemon 1.0.2. Use service launcher (procrun) from the Commons Daemon release. Do not keep a copy of it in our source tree. (mturk/kkolinko) update Update to NSIS 2.46. (kkolinko) fix 48990: Fix the skip.installer build property so if set, only the Windows installer is skipped. (markt) fix 49178: Provide in catalina.policy an example of additional permissions that might be needed for code located in $CATALINA_BASE/lib. (markt) fix 49236: Do not use indexing when packing Tomcat JARs. (kkolinko) fix Remove unused code from org.apache.tomcat.util.buf classes. (kkolinko) update Rearrange tomcat-juli.jar permissions and wrap long lines in the conf/catalina.policy file, to make the text more readable when cited in documentation. (kkolinko) fix Do not evaluate the execute.installer property when building a release. The skip.installer property is used instead. (kkolinko) Tomcat 6.0.26 (jfclere) released 2010-03-11 Catalina fix Close security hole in unreleased 6.0.25 by ensuring new find leaks functionality is protected by a security constraint. (kkolinko) fix 48831: Improve logging shutdown behaviour. Use Catalina's shutdown hook to shutdown JULI. This enables them to be shutdown in the correct order. Do not shutdown global handlers several times. (markt/kkolinko) Coyote fix 48584: Prevent the APR connector logging an error if the acceptor fails during shutdown since this is expected. (mturk) fix 48660: Using compression should not overwrite any Vary header set by a web application. (markt) Jasper fix 48371: Ensure generated servlet mappings are inserted at the correct location when using JspC and allow the option that controls this to be configured on the command line. Also allow the encoding of web.xml to be configured when using JspC and deprecate some unused JspC methods. (markt/kkolinko) fix 48498: Avoid ArrayIndexOutOfBoundsException triggered by a Java 6/7 XML parser bug. (markt/kkolinko) fix 48668: Additional fixes to ensure deferred syntax is handled correctly. (kkolinko) fix 48827: Correct a regression in the fix for 47977 that caused an incorrect non-empty body error to be reported for valid JSP documents. (markt) Webapps add Make changelog.xml be directly rendered as HTML by certain browsers. (kkolinko) add Add support for automated generation of TOC tables and for links to svn revisions to tomcat-docs.xsl in documentation. (kkolinko/fhanik) add Move Manager application JSPs that are not intended to be accessed directly under the WEB-INF directory. (kkolinko) fix Improve the messages displayed by the find leaks diagnostic in the Manager application. (kkolinko) Other fix Encode all property files using ascii escaped UTF-8. Also fixes deployment problem when using French locale. (jfclere/rjung) Tomcat 6.0.25 (jfclere) not released Catalina fix 48039: Return immediately if start() is called on an already started StandardService. (markt) fix 48109: Ensure InputStream is closed on error condition in web application class loader. (markt) fix 48179: Clean up dead code that was used to read tldCache file. (kkolinko) fix 48318: Handle case where WebDAV resource is in directory listing but is not accessible. (markt) add 48384: Add a per context xslt option for directory listings. Make the fallback options work as described in the documentation. (markt) fix 48577: Filter URL when displaying missing included page. (markt) fix 48612: Prevent exception on shutdown if the address attribute is specified for a connector. (markt) fix 48613: Further fixes to ensure APRLifecycleListener is only used if defined in server.xml. (fhanik) fix 48614: Correct JULI log file buffering so default behaviour is no buffering. (fhanik) fix 48625: Provide an option to exit if an error occurs during the initialization phase. (fhanik) fix 48645: Use specified encoding rather than null in calls to RequestUtil.URLDecode(byte[] bytes, String enc) (markt) fix 48653: Force request.secure and request.scheme to false and http if the X-Forwarded-Proto header has the value http. Patch provided by Cyrille Le Clerc. (markt) fix 48678: Remove duplicate server field from org.apache.catalina.startup.Catalina. (markt) fix 48694: Remove potential deadlock in web application class loader. (markt) add 48716: Provide additional configuration options for JULI. (markt) fix 48726: Prevent OOME when uploading large WAR files with the deployer. Patch provided by adam. (markt) add Improve memory leak protection by safely stopping threads started via java.util.Timer that an application starts but fails to stop and by clearing references retained due to the use of java.util.ResourceBundle. (markt) update Modify ThreadLocal memory leak detection to not report false positives and to simplify implementation. (markt/kkolinko) add Basic memory leak detection was added to the standard Host implementation and exposed via JMX to detect memory leaks on web application reload. (markt/kkolinko) Coyote update Update the native/APR library version bundled with Tomcat to 1.1.20. (kkolinko) Jasper add Add some debug logging to the compiler where exceptions were previously swallowed. (markt) fix 48170: Remove unnecessary synchronization that is causing issues under load. (markt) fix 48580: Prevent AccessControlException if first access is to a JSP that uses a FunctionMapper. (markt) fix 48582: Avoid NPE on background compilation failure. (markt) fix 48616: Don't declare or synchronize scripting variables for JSP fragments since they are scriptless. This is an alternative fix for 42390 that avoids both the original problem and the regression in the first fix. (kkolinko) fix 48627: Fix regression in re-factored EL parsing. Keep literals as literals and handle deferredSyntaxAllowedAsLiteral. (kkolinko) fix 48668: When parsing JSPs only parse EL as EL if EL is enabled else strings such as ${ will be silently dropped. (markt) fix Various EL TCK failures. (markt) Cluster fix Force a disconnect if an error occurs during replication such as a firewall dropping the connection. (fhanik) Webapps add Add new "Find leaks" command to the Manager application. It allows to detect web applications that have caused memory leaks on stop, reload or undeploy. (markt/kkolinko) Other fix Ensure files in conf directory have CRLF line endings when using the Windows installer. (kkolinko) fix Allow special characters recognized by the Windows command-line shell to be present in the names of CATALINA_HOME/_BASE and the current directory used to call the Tomcat scripts. (kkolinko) fix Don't use @Deprecated annotations in javax.servlet.jsp.JspContext since the specification does not include them in the API definition. (markt) add Improve the information in the JAR manifest files. (markt)
2010-09-19 16:32:04 +02:00
share/tomcat/bin/commons-daemon-native.tar.gz
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/tomcat/bin/commons-daemon.jar
share/tomcat/bin/digest.sh
share/tomcat/bin/setclasspath.sh
share/tomcat/bin/shutdown.sh
share/tomcat/bin/startup.sh
share/tomcat/bin/tomcat-juli.jar
share/tomcat/bin/tomcat-native.tar.gz
share/tomcat/bin/tool-wrapper.sh
share/tomcat/bin/version.sh
share/tomcat/lib/annotations-api.jar
share/tomcat/lib/catalina-ant.jar
share/tomcat/lib/catalina-ha.jar
share/tomcat/lib/catalina-tribes.jar
share/tomcat/lib/catalina.jar
update to apache-tomcat 6.0.36. Upstream changelog: Tomcat 6.0.36 (jfclere) Catalina ++++++++ update 48692: Provide option to parse application/x-www-form-urlencoded PUT requests. (schultz) add 50306: New StuckThreadDetectionValve to detect requests that take a long time to process, which might indicate that their processing threads are stuck. Based on a patch provided by TomLu. (kkolinko) fix 50570: Enable FIPS mode to be set in AprLifecycleListener. Based upon a patch from Chris Beckey. Note that this mode requires tomcat-native 1.1.23 or later linked to a FIPS-capable OpenSSL library, which one has to build by themselves. (schultz/kkolinko) fix Improve synchronization and error handling in AprLifecycleListener. Do not allow to change SSL options if SSL has already been initialized. (schultz/kkolinko) fix 52225: Fix ClassCastException when adding an alias for an existing host via JMX. (kkolinko) fix 52293: Correctly handle the case when antiResourceLocking is enabled at the Context level when unpackWARs is disabled at the Host level. Correctly handle multi-level contexts when antiResourceLocking is enabled. Patch by Justin Miller. (kkolinko) fix Do not throw IllegalArgumentException from parseParameters() call when chunked POST request is too large, but treat it like an IO error. The FailedRequestFilter filter can be used to detect this condition. (kkolinko) fix 52384: Do not fail with parameter parsing when debug logging is enabled. (kkolinko) fix Do not flag extra '&' characters in parameters as parse errors. (kkolinko) fix 52488: Correct typos: exipre -> expire. Based on a patch by prockter. (markt) fix Reduce log level for the message about hitting maxParameterCount limit from WARN to INFO. Fix limit comparison to allow exactly maxParameterCount parameters, as documentation says, instead of (maxParameterCount-1). (kkolinko) fix Slightly improve performance of UDecoder.convert(). Align %2f handling between implementations. (kkolinko) add Add denyStatus attribute to RequestFilterValve (RemoteAddrValve, RemoteHostValve valves). It allows to use different HTTP response code when rejecting denied request. E.g. 404 instead of 403. (kkolinko) add Add SetCharacterEncodingFilter (similar to the one contained in the examples web application) to the org.apache.catalina.filters package so that it is available for all web applications. (kkolinko) add 52500: Added configurable mechanism to retrieve user names from X509 client certificates. Based on a patch provided by Michael Furman. (schultz/kkolinko) fix 52719: Fix a theoretical resource leak in the JAR validation that checks for non-permitted classes in web application JARs. (markt) fix 52830: Correct JNDI lookups when using javax.naming.Name to identify the resource rather than a java.lang.String. (markt) add 52850: Extend memory leak prevention and detection code to work with IBM as well as Oracle JVMs. Based on a patch provided by Rohit Kelapure. (kkolinko) add 52996: In StandardThreadExecutor: Add the ability to configure a job queue size (maxQueueSize attribute). Add a variant of execute method that allows to specify a timeout for how long we want to try to add something to the queue. Based on a patch by Rüdiger Plüm. (kkolinko) fix 53047: If a JDBCRealm or DataSourceRealm is configured for an all roles mode that only requires authorization (and no roles) and no role table or column is defined, don't populate the Principal's roles. (markt/kkolinko) fix 53050: Fix handling of entropy value when initializing session id generator in session manager. Based on proposal by Andras Rozsa. (kkolinko) fix 53056: Add APR version number to tcnative version INFO log message. (schultz) fix 53057: Add OpenSSL version number INFO log message when initializing. (schultz) fix 53071: Use the message from the Throwable for the error report generated by the ErrorReportValve if none was specified via sendError(). Use the standard text for HTTP error codes. (markt/rjung) update 53230: Change session managers to throw TooManyActiveSessionsException instead of IllegalStateException when the maximum number of sessions has been exceeded and a new session will not be created. (schultz/kkolinko) fix 53267: Ensure that using the GC Daemon Protection feature of the JreMemoryLeakPreventionListener does not trigger a full GC every hour. (markt/kkolinko) fix 53531: Fix ExpandWar.expand to check the return value of File.mkdir and File.mkdirs. (schultz) fix Make the CSRF nonce cache in CsrfPreventionFilter serializable so that it can be replicated across a cluster and/or persisted across Tomcat restarts. (markt) fix 53584: Ignore path parameters when comparing URIs for FORM authentication. This prevents users being prompted twice for passwords when logging in when session IDs are being encoded as path parameters. (markt) fix Various improvements to the DIGEST authenticator including 52954, the disabling caching of an authenticated user in the session by default, tracking server rather than client nonces and better handling of stale nonce values. (markt) fix Remove unneeded handling of FORM authentication in RealmBase. (kkolinko) fix 53800: FileDirContext.list() did not provide correct paths for subdirectories. Patch provided by Kevin Wooten. (kkolinko) fix 53830: Better handling of Manager.randomFile default value on Windows. (kkolinko) fix Improve session management in CsrfPreventionFilter. (kkolinko) Coyote ++++++ fix 42181: Better handling of edge conditions in chunk header processing. (kkolinko) update 51477: Support all SSL protocol combinations in the APR/native connector. This only works when using the native library version 1.1.21 or later. (rjung) fix 52055 (comment 14): Correctly reset ChunkedInputFilter.needCRLFParse flag when the filter is recycled. (kkolinko) fix 52606: Ensure replayed POST bodies are available when using AJP. (markt) fix 52858: Fix high CPU load with SSL, NIO and sendfile when client breaks the connection before reading all the requested data. (fhanik/kkolinko) fix 53119: Prevent buffer overflow errors being reported when a client disconnects before the response has been fully written from an AJP connection using the APR/native connector. (kkolinko) fix Improve InternalNioInputBuffer.parseHeaders(). (kkolinko) add Implement maxHeaderCount attribute on Connector. It is equivalent of LimitRequestFields directive of Apache HTTPD. Default value is 100. (kkolinko) fix In JkCoyoteHandler connector for AJP/1.3 protocol (in JkMain.setProperty()): Fix setting of properties when connector has already started for properties that have aliases. E.g. it now allows to change maxHeaderCount attribute on Connector MBean via JMX. (kkolinko) fix 53725: Fix possible corruption of GZIP'd output. (kkolinko) Jasper ++++++ fix 48097 (comment 7), 53366 (comment 1): If JSP page unexpectedly fails to initialize PageContext instance, write exception to the logs instead of silent swallowing. (kkolinko) fix 52335: Only handle <\% and not \% as escaped in template text. (markt) fix 52666: Correct coercion order in EL when processing the equality and inequality operators. (markt) fix 53001: Revert the fix for 46915 since the use case described in the bug is invalid since it breaks the EL specification. (markt) fix 53032: Modify JspC so it extends org.apache.tools.ant.Task enabling it to work with features such as namespaces within build.xml files. (markt) Cluster +++++++ fix Replicate principal in ClusterSingleSignOn. (kfujino) fix 53513: Fix race condition between the processing of session sync message and transfer complete message. (kfujino) fix 53606: Fix potential NPE in TcpPingInterceptor. Based on a patch by F. Arnoud. (markt) fix 53607: To avoid NPE, set TCP PING data to ChannelMessage. Patch provided by F.Arnoud (kfujino) fix Fix a behavior of TcpPingInterceptor#useThread. Do not start a ping thread when useThread is set to false. (kfujino) Web applications ++++++++++++++++ fix 52243: Improve windows service documentation to clarify how to include # and/or ; in the value of an environment variable that is passed to the service. (markt) fix 52515: Make it clear in the Realm how-to in the documentation web application that digested password storage when using DIGEST authentication requires that MD5 digests are used. (markt) fix 52641: Remove mentioning of ldap.jar from docs. Patch provided by Felix Schumacher. (rjung) fix Remove obsolete bug warning from windows service documentation page. (rjung) fix 52983: Remove unnecessary code that makes switching to other authentication methods difficult. (markt) fix 53158: Fix documented defaults for DBCP. Patch provided by ph.dezanneau at gmail.com. (rjung) update Update JavaSE documentation links to point to the current docs.oracle.com site, instead of obsolete ones (download.oracle.com, java.sun.com). (kkolinko) update 53289: Clarify ResourceLink example that uses DataSource.getConnection(username, password) method. Not all data source implementations support it. (kkolinko) fix Prevent the custom error pages for the Manager and Host Manager applications from being accessed directly. Configure custom pages for error codes 401 and 403 in Host Manager application. (markt/kkolinko) fix Correct documentation for enableLookups attribute of a Connector. By default DNS lookups are disabled. (kkolinko) fix Fix several HTML markup errors in servlets of examples web application. (kkolinko) update Change the index page of ROOT webapp to mention "manager-gui" role instead of "manager" one. (kkolinko) fix 53473: Correct the allowed values for the SSI option isVirtualWebappRelative which are true or false. (markt) fix 53664: Minor JNDI Howto document enhancement concerning mail properties. Patch provided by Mark Eggers. (schultz) fix 53601: Clarify that to build Apache Tomcat 6 from sources a Java 5 JDK is recommended. (kkolinko) fix 53793: Change links on the list of applications in the Manager to point to /appname/ instead of /appname. (kkolinko) Other +++++ fix 49402, 52124: Fix Maven publishing script: make sure it finds tomcat-juli.jar and use later version of wagon-ssh. (jfclere) fix Update Apache Commons Daemon to 1.0.10. It resolves 52548 which meant that services created with service.bat did not set the catalina.home and catalina.base system properties. (markt, kkolinko) update Update Apache Commons Pool to 1.5.7. (kkolinko) update 52579: Add a note about Sun's Charset.decode() bug to the RELEASE-NOTES file. (kkolinko) update 52805: Update to Eclipse JDT Compiler 3.7.2. (kkolinko) update Update the native component of the APR/native connectors to 1.1.23 and take advantage of the simplified distribution. (kkolinko) fix When building a Windows installer do not copy whole "res" folder to output/dist, but only the files that we need. Apply fixcrlf filter only after the files are copied, so that INSTALLLICENSE file had correct line ends. (kkolinko) update Remove res/License.rtf. The file that is actually shown by the Windows installer is res/INSTALLLICENSE. (kkolinko) update Improve RUNNING.txt. (kkolinko) update Align the script that deploys Maven jars for Tomcat (res/maven/mvn-pub.xml) with the Tomcat 7 version, making full use of Nexus. (markt) add 53034: Add project.url and project.licenses sections to the POMs for the Maven artifacts. (kkolinko) fix 53454: Return correct content-length header for HEAD requests when content length is greater than 2GB. (markt)
2012-12-02 12:31:17 +01:00
share/tomcat/lib/ecj-3.7.2.jar
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/tomcat/lib/el-api.jar
share/tomcat/lib/jasper-el.jar
share/tomcat/lib/jasper.jar
share/tomcat/lib/jsp-api.jar
share/tomcat/lib/servlet-api.jar
share/tomcat/lib/tomcat-coyote.jar
share/tomcat/lib/tomcat-dbcp.jar
share/tomcat/lib/tomcat-i18n-es.jar
share/tomcat/lib/tomcat-i18n-fr.jar
share/tomcat/lib/tomcat-i18n-ja.jar
share/tomcat/webapps/ROOT/RELEASE-NOTES.txt
share/tomcat/webapps/ROOT/WEB-INF/web.xml
share/tomcat/webapps/ROOT/asf-logo-wide.gif
share/tomcat/webapps/ROOT/build.xml
share/tomcat/webapps/ROOT/favicon.ico
share/tomcat/webapps/ROOT/index.html
share/tomcat/webapps/ROOT/index.jsp
share/tomcat/webapps/ROOT/tomcat-power.gif
share/tomcat/webapps/ROOT/tomcat.gif
share/tomcat/webapps/ROOT/tomcat.svg
share/tomcat/webapps/docs/BUILDING.txt
share/tomcat/webapps/docs/RELEASE-NOTES.txt
share/tomcat/webapps/docs/RUNNING.txt
share/tomcat/webapps/docs/WEB-INF/web.xml
share/tomcat/webapps/docs/aio.html
share/tomcat/webapps/docs/api/index.html
share/tomcat/webapps/docs/appdev/build.xml.txt
share/tomcat/webapps/docs/appdev/deployment.html
share/tomcat/webapps/docs/appdev/index.html
share/tomcat/webapps/docs/appdev/installation.html
share/tomcat/webapps/docs/appdev/introduction.html
share/tomcat/webapps/docs/appdev/processes.html
share/tomcat/webapps/docs/appdev/sample/build.xml
share/tomcat/webapps/docs/appdev/sample/docs/README.txt
share/tomcat/webapps/docs/appdev/sample/index.html
share/tomcat/webapps/docs/appdev/sample/sample.war
share/tomcat/webapps/docs/appdev/sample/src/mypackage/Hello.java
share/tomcat/webapps/docs/appdev/sample/web/WEB-INF/web.xml
share/tomcat/webapps/docs/appdev/sample/web/hello.jsp
share/tomcat/webapps/docs/appdev/sample/web/images/tomcat.gif
share/tomcat/webapps/docs/appdev/sample/web/index.html
share/tomcat/webapps/docs/appdev/source.html
share/tomcat/webapps/docs/appdev/web.xml.txt
share/tomcat/webapps/docs/apr.html
share/tomcat/webapps/docs/architecture/index.html
share/tomcat/webapps/docs/architecture/overview.html
share/tomcat/webapps/docs/architecture/requestProcess.html
share/tomcat/webapps/docs/architecture/requestProcess/requestProcess.pdf
share/tomcat/webapps/docs/architecture/requestProcess/roseModel.mdl
share/tomcat/webapps/docs/architecture/startup.html
share/tomcat/webapps/docs/architecture/startup/serverStartup.pdf
share/tomcat/webapps/docs/architecture/startup/serverStartup.txt
share/tomcat/webapps/docs/balancer-howto.html
share/tomcat/webapps/docs/building.html
share/tomcat/webapps/docs/cgi-howto.html
share/tomcat/webapps/docs/changelog.html
share/tomcat/webapps/docs/class-loader-howto.html
share/tomcat/webapps/docs/cluster-howto.html
share/tomcat/webapps/docs/config/ajp.html
share/tomcat/webapps/docs/config/cluster-channel.html
share/tomcat/webapps/docs/config/cluster-deployer.html
share/tomcat/webapps/docs/config/cluster-interceptor.html
share/tomcat/webapps/docs/config/cluster-listener.html
share/tomcat/webapps/docs/config/cluster-manager.html
share/tomcat/webapps/docs/config/cluster-membership.html
share/tomcat/webapps/docs/config/cluster-receiver.html
share/tomcat/webapps/docs/config/cluster-sender.html
share/tomcat/webapps/docs/config/cluster-valve.html
share/tomcat/webapps/docs/config/cluster.html
share/tomcat/webapps/docs/config/context.html
share/tomcat/webapps/docs/config/engine.html
share/tomcat/webapps/docs/config/executor.html
Update to the latest version; the full changelog is at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security relevant fixes: CVE-2011-0534 - remote denial of service CVE-2011-0013 - cross site scripting CVE-2010-4172 - cross site scripting CVE-2010-3718 - SecurityManager file permission bypass
2011-02-15 08:03:11 +01:00
share/tomcat/webapps/docs/config/filter.html
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/tomcat/webapps/docs/config/globalresources.html
share/tomcat/webapps/docs/config/host.html
share/tomcat/webapps/docs/config/http.html
share/tomcat/webapps/docs/config/index.html
Update from .18->.20 In brief: 46933: Update StringManager to use Java 5 features. Patch provided by Jens Kapitza. (markt) 46990: Fix synchronization issues reported by FindBugs. Patch provided by Sebb. (markt) Allow huge request body packets for AJP13. (rjung) Manager application prints FAIL if application was deployed but failed to start (fhanik) When shutdown port is disabled, print user friendly message and not a stack trace. (fhanik) The invoker servlet has been deprecated and will be removed in Tomcat 7 onwards. (markt) 45154 Implement SEND_FILE behavior for SSL connections using NIO (fhanik) For full details see: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
2009-06-06 19:34:08 +02:00
share/tomcat/webapps/docs/config/listeners.html
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/tomcat/webapps/docs/config/loader.html
share/tomcat/webapps/docs/config/manager.html
share/tomcat/webapps/docs/config/realm.html
share/tomcat/webapps/docs/config/resources.html
share/tomcat/webapps/docs/config/server.html
share/tomcat/webapps/docs/config/service.html
share/tomcat/webapps/docs/config/systemprops.html
share/tomcat/webapps/docs/config/valve.html
share/tomcat/webapps/docs/connectors.html
share/tomcat/webapps/docs/default-servlet.html
share/tomcat/webapps/docs/deployer-howto.html
share/tomcat/webapps/docs/developers.html
share/tomcat/webapps/docs/extras.html
share/tomcat/webapps/docs/funcspecs/fs-admin-apps.html
share/tomcat/webapps/docs/funcspecs/fs-admin-objects.html
share/tomcat/webapps/docs/funcspecs/fs-admin-opers.html
share/tomcat/webapps/docs/funcspecs/fs-default.html
share/tomcat/webapps/docs/funcspecs/fs-invoker.html
share/tomcat/webapps/docs/funcspecs/fs-jdbc-realm.html
share/tomcat/webapps/docs/funcspecs/fs-jndi-realm.html
share/tomcat/webapps/docs/funcspecs/fs-memory-realm.html
share/tomcat/webapps/docs/funcspecs/index.html
share/tomcat/webapps/docs/funcspecs/mbean-names.html
share/tomcat/webapps/docs/html-manager-howto.html
share/tomcat/webapps/docs/images/add.gif
share/tomcat/webapps/docs/images/asf-logo.gif
share/tomcat/webapps/docs/images/code.gif
share/tomcat/webapps/docs/images/design.gif
share/tomcat/webapps/docs/images/docs.gif
share/tomcat/webapps/docs/images/fix.gif
share/tomcat/webapps/docs/images/printer.gif
share/tomcat/webapps/docs/images/tomcat.gif
share/tomcat/webapps/docs/images/tomcat.svg
share/tomcat/webapps/docs/images/update.gif
share/tomcat/webapps/docs/images/void.gif
share/tomcat/webapps/docs/index.html
share/tomcat/webapps/docs/introduction.html
share/tomcat/webapps/docs/jasper-howto.html
share/tomcat/webapps/docs/jndi-datasource-examples-howto.html
share/tomcat/webapps/docs/jndi-resources-howto.html
share/tomcat/webapps/docs/logging.html
share/tomcat/webapps/docs/manager-howto.html
share/tomcat/webapps/docs/maven-jars.html
share/tomcat/webapps/docs/mbeans-descriptor-howto.html
share/tomcat/webapps/docs/monitoring.html
share/tomcat/webapps/docs/proxy-howto.html
share/tomcat/webapps/docs/realm-howto.html
share/tomcat/webapps/docs/security-manager-howto.html
share/tomcat/webapps/docs/setup.html
share/tomcat/webapps/docs/ssi-howto.html
share/tomcat/webapps/docs/ssl-howto.html
Update to the latest version; the full changelog is at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security relevant fixes: CVE-2011-0534 - remote denial of service CVE-2011-0013 - cross site scripting CVE-2010-4172 - cross site scripting CVE-2010-3718 - SecurityManager file permission bypass
2011-02-15 08:03:11 +01:00
share/tomcat/webapps/docs/tribes/developers.html
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/tomcat/webapps/docs/tribes/faq.html
Update to the latest version; the full changelog is at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security relevant fixes: CVE-2011-0534 - remote denial of service CVE-2011-0013 - cross site scripting CVE-2010-4172 - cross site scripting CVE-2010-3718 - SecurityManager file permission bypass
2011-02-15 08:03:11 +01:00
share/tomcat/webapps/docs/tribes/interceptors.html
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/tomcat/webapps/docs/tribes/introduction.html
Update to the latest version; the full changelog is at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security relevant fixes: CVE-2011-0534 - remote denial of service CVE-2011-0013 - cross site scripting CVE-2010-4172 - cross site scripting CVE-2010-3718 - SecurityManager file permission bypass
2011-02-15 08:03:11 +01:00
share/tomcat/webapps/docs/tribes/membership.html
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/tomcat/webapps/docs/tribes/setup.html
Update to the latest version; the full changelog is at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security relevant fixes: CVE-2011-0534 - remote denial of service CVE-2011-0013 - cross site scripting CVE-2010-4172 - cross site scripting CVE-2010-3718 - SecurityManager file permission bypass
2011-02-15 08:03:11 +01:00
share/tomcat/webapps/docs/tribes/status.html
share/tomcat/webapps/docs/tribes/transport.html
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/tomcat/webapps/docs/virtual-hosting-howto.html
share/tomcat/webapps/docs/windows-service-howto.html
share/tomcat/webapps/examples/WEB-INF/classes/CookieExample.class
share/tomcat/webapps/examples/WEB-INF/classes/CookieExample.java
share/tomcat/webapps/examples/WEB-INF/classes/HelloWorldExample.class
share/tomcat/webapps/examples/WEB-INF/classes/HelloWorldExample.java
share/tomcat/webapps/examples/WEB-INF/classes/LocalStrings.properties
share/tomcat/webapps/examples/WEB-INF/classes/LocalStrings_en.properties
share/tomcat/webapps/examples/WEB-INF/classes/LocalStrings_es.properties
share/tomcat/webapps/examples/WEB-INF/classes/LocalStrings_fr.properties
share/tomcat/webapps/examples/WEB-INF/classes/LocalStrings_pt.properties
share/tomcat/webapps/examples/WEB-INF/classes/RequestHeaderExample.class
share/tomcat/webapps/examples/WEB-INF/classes/RequestHeaderExample.java
share/tomcat/webapps/examples/WEB-INF/classes/RequestInfoExample.class
share/tomcat/webapps/examples/WEB-INF/classes/RequestInfoExample.java
share/tomcat/webapps/examples/WEB-INF/classes/RequestParamExample.class
share/tomcat/webapps/examples/WEB-INF/classes/RequestParamExample.java
share/tomcat/webapps/examples/WEB-INF/classes/SessionExample.class
share/tomcat/webapps/examples/WEB-INF/classes/SessionExample.java
share/tomcat/webapps/examples/WEB-INF/classes/cal/Entries.class
share/tomcat/webapps/examples/WEB-INF/classes/cal/Entries.java
share/tomcat/webapps/examples/WEB-INF/classes/cal/Entry.class
share/tomcat/webapps/examples/WEB-INF/classes/cal/Entry.java
share/tomcat/webapps/examples/WEB-INF/classes/cal/JspCalendar.class
share/tomcat/webapps/examples/WEB-INF/classes/cal/JspCalendar.java
share/tomcat/webapps/examples/WEB-INF/classes/cal/TableBean.class
share/tomcat/webapps/examples/WEB-INF/classes/cal/TableBean.java
share/tomcat/webapps/examples/WEB-INF/classes/chat/ChatServlet$MessageSender.class
share/tomcat/webapps/examples/WEB-INF/classes/chat/ChatServlet.class
share/tomcat/webapps/examples/WEB-INF/classes/chat/ChatServlet.java
share/tomcat/webapps/examples/WEB-INF/classes/checkbox/CheckTest.class
share/tomcat/webapps/examples/WEB-INF/classes/checkbox/CheckTest.java
share/tomcat/webapps/examples/WEB-INF/classes/colors/ColorGameBean.class
share/tomcat/webapps/examples/WEB-INF/classes/colors/ColorGameBean.java
share/tomcat/webapps/examples/WEB-INF/classes/compressionFilters/CompressionFilter.class
share/tomcat/webapps/examples/WEB-INF/classes/compressionFilters/CompressionFilter.java
share/tomcat/webapps/examples/WEB-INF/classes/compressionFilters/CompressionFilterTestServlet.class
share/tomcat/webapps/examples/WEB-INF/classes/compressionFilters/CompressionFilterTestServlet.java
share/tomcat/webapps/examples/WEB-INF/classes/compressionFilters/CompressionResponseStream.class
share/tomcat/webapps/examples/WEB-INF/classes/compressionFilters/CompressionResponseStream.java
share/tomcat/webapps/examples/WEB-INF/classes/compressionFilters/CompressionServletResponseWrapper.class
share/tomcat/webapps/examples/WEB-INF/classes/compressionFilters/CompressionServletResponseWrapper.java
share/tomcat/webapps/examples/WEB-INF/classes/dates/JspCalendar.class
share/tomcat/webapps/examples/WEB-INF/classes/dates/JspCalendar.java
share/tomcat/webapps/examples/WEB-INF/classes/error/Smart.class
share/tomcat/webapps/examples/WEB-INF/classes/error/Smart.java
share/tomcat/webapps/examples/WEB-INF/classes/examples/ExampleTagBase.class
share/tomcat/webapps/examples/WEB-INF/classes/examples/ExampleTagBase.java
share/tomcat/webapps/examples/WEB-INF/classes/examples/FooTag.class
share/tomcat/webapps/examples/WEB-INF/classes/examples/FooTag.java
share/tomcat/webapps/examples/WEB-INF/classes/examples/FooTagExtraInfo.class
share/tomcat/webapps/examples/WEB-INF/classes/examples/FooTagExtraInfo.java
share/tomcat/webapps/examples/WEB-INF/classes/examples/LogTag.class
share/tomcat/webapps/examples/WEB-INF/classes/examples/LogTag.java
share/tomcat/webapps/examples/WEB-INF/classes/examples/ShowSource.class
share/tomcat/webapps/examples/WEB-INF/classes/examples/ShowSource.java
share/tomcat/webapps/examples/WEB-INF/classes/filters/ExampleFilter.class
share/tomcat/webapps/examples/WEB-INF/classes/filters/ExampleFilter.java
share/tomcat/webapps/examples/WEB-INF/classes/filters/RequestDumperFilter.class
share/tomcat/webapps/examples/WEB-INF/classes/filters/RequestDumperFilter.java
share/tomcat/webapps/examples/WEB-INF/classes/filters/SetCharacterEncodingFilter.class
share/tomcat/webapps/examples/WEB-INF/classes/filters/SetCharacterEncodingFilter.java
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/BookBean.class
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/BookBean.java
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/FooBean.class
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/FooBean.java
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/el/Functions.class
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/el/Functions.java
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/EchoAttributesTag.class
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/EchoAttributesTag.java
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/FindBookSimpleTag.class
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/FindBookSimpleTag.java
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/HelloWorldSimpleTag.class
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/HelloWorldSimpleTag.java
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/RepeatSimpleTag.class
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/RepeatSimpleTag.java
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/ShuffleSimpleTag.class
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/ShuffleSimpleTag.java
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/TileSimpleTag.class
share/tomcat/webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/TileSimpleTag.java
share/tomcat/webapps/examples/WEB-INF/classes/listeners/ContextListener.class
share/tomcat/webapps/examples/WEB-INF/classes/listeners/ContextListener.java
share/tomcat/webapps/examples/WEB-INF/classes/listeners/SessionListener.class
share/tomcat/webapps/examples/WEB-INF/classes/listeners/SessionListener.java
share/tomcat/webapps/examples/WEB-INF/classes/num/NumberGuessBean.class
share/tomcat/webapps/examples/WEB-INF/classes/num/NumberGuessBean.java
share/tomcat/webapps/examples/WEB-INF/classes/servletToJsp.class
share/tomcat/webapps/examples/WEB-INF/classes/servletToJsp.java
share/tomcat/webapps/examples/WEB-INF/classes/sessions/DummyCart.class
share/tomcat/webapps/examples/WEB-INF/classes/sessions/DummyCart.java
share/tomcat/webapps/examples/WEB-INF/classes/util/HTMLFilter.class
share/tomcat/webapps/examples/WEB-INF/classes/util/HTMLFilter.java
share/tomcat/webapps/examples/WEB-INF/classes/validators/DebugValidator.class
share/tomcat/webapps/examples/WEB-INF/classes/validators/DebugValidator.java
share/tomcat/webapps/examples/WEB-INF/jsp/applet/Clock2.java
share/tomcat/webapps/examples/WEB-INF/jsp/debug-taglib.tld
share/tomcat/webapps/examples/WEB-INF/jsp/example-taglib.tld
share/tomcat/webapps/examples/WEB-INF/jsp2/jsp2-example-taglib.tld
share/tomcat/webapps/examples/WEB-INF/lib/jstl.jar
share/tomcat/webapps/examples/WEB-INF/lib/standard.jar
share/tomcat/webapps/examples/WEB-INF/tags/displayProducts.tag
share/tomcat/webapps/examples/WEB-INF/tags/helloWorld.tag
share/tomcat/webapps/examples/WEB-INF/tags/panel.tag
share/tomcat/webapps/examples/WEB-INF/tags/xhtmlbasic.tag
share/tomcat/webapps/examples/WEB-INF/web.xml
share/tomcat/webapps/examples/index.html
share/tomcat/webapps/examples/jsp/cal/Entries.java.html
share/tomcat/webapps/examples/jsp/cal/Entry.java.html
share/tomcat/webapps/examples/jsp/cal/JspCalendar.java.html
share/tomcat/webapps/examples/jsp/cal/TableBean.java.html
share/tomcat/webapps/examples/jsp/cal/cal1.jsp
share/tomcat/webapps/examples/jsp/cal/cal1.jsp.html
share/tomcat/webapps/examples/jsp/cal/cal2.jsp
share/tomcat/webapps/examples/jsp/cal/cal2.jsp.html
share/tomcat/webapps/examples/jsp/cal/calendar.html
share/tomcat/webapps/examples/jsp/cal/login.html
Update of apache-tomcat to version 6.0.29 (and a little Makefile cosmetics) fixes two of the currently known security issues Upstream changelog: Tomcat 6.0.29 (jfclere) released 2010-07-22 Catalina add 48960: Add a new option to the SSI Servlet and SSI Filter to allow the disabling of the exec command. This is now disabled by default. Based on a patch by Yair Lenga. (markt) fix 49551: Allow default context.xml location to be specified using an absolute path. (markt) fix 49598: When session is changed and the session cookie is replaced, ensure that the new Set-Cookie header overwrites the old Set-Cookie header. (markt) fix Fix order when listing Webapp loader search URLs. (rjung) add Add support for *.jar pattern in VirtualWebappLoader. (kkolinko) Tomcat 6.0.28 (jfclere) released 2010-07-09 Catalina fix Arrange filter logic. (jfclere) fix 49230: Enhance JRE leak prevention listener with protection for the keep-alive thread started by sun.net.www.http.HttpClient. Patch provided by Rob Kooper. (markt) fix 49351: Fix possible NPe when embedding and no name is specified for the Service. (markt) fix 49424: Avoid NPE if client provides no data with a chunked POST request. (markt) fix 49414: Differentiate between request threads and application created threads when warning about still running threads when an application stops. (markt) fix 49443: Use remoteIpHeader rather than remoteIPHeader consistently. (markt) add Add property searchExternalFirst to WebappLoader. If set, the external repositories will be searched before the WEB-INF ones. (rjung) Cluster fix 49445: When session ID is changed after authentication, ensure the DeltaManager replicates the change in ID to the other nodes in the cluster. (kfujino) Webapps fix 49213: Grant permissions required by manager application when running under a security manager. (markt/kkolinko) fix 49436: Correct documented default for readonly attribute of the UserDatabase component. (markt) Tomcat 6.0.27 (jfclere) not released General update Update DBCP to 1.3. (markt) Catalina fix Fix CVE-2010-1157. Prevent possible disclosure of host name or IP address via the HTTP WWW-Authenticate header when using BASIC or DIGEST authentication. (markt) add Include context name when reporting memory leaks to aid root cause identification. (markt) fix Improve exception handling on session de-serialization to assist in identifying the root cause of 48007. (kkolinko) add 48379: Make session cookie name, domain and path configurable per context. (markt) fix 48589: Make JNDIRealm easier to extend. Based on a patch by Candid Dauth. (markt/kkolinko) fix 48629: Allow user names as well as DNs to be used with the nested role search. Add roleNested to the documentation. Patch provided by Felix Schumacher. (markt) fix 48661: Make error page behavior consistent, regardless of how the error page is defined. If a response has been committed, always include the error page. (markt) fix 48729: Return roles defined by both userRoleName and roleName mechanisms. Patch provided by 'eric'. Also make user's role list immutable.(markt) fix 48760: Fix potential multi-threading issue in static resource serving where multiple threads could try to use the the same InputStream. (markt) fix 48790: Fix thread safety issue in the count of the maximum number of active session. (markt/kkolinko) fix 48793: Make catalina.sh more robust to different return values on different platforms. Patch provided by Thomas GL. (markt) fix 48840: Swallow output (if any) from use of cd when determining $CATALINA_HOME in catalina.sh and tool-wrapper.sh scripts. Based on patch provided by mdietze. (markt/kkolinko) fix 48895: Make clearing of ThreadLocals that are causing memory leaks on web application stop, reload or undeploy configurable since the process of clearing them is not thread-safe. (markt) fix 48903: Fix deadlock in webapp class loader. (rjung) fix 48971: Make stopping of leaking Timer threads optional and disabled by default. (markt) fix 48976: Document JAVA_ENDORSED_DIRS in start-up scripts. Patch provided by Laurent Vaills. (markt) fix 48983: Improve debug logging for situations when RemoteIpValve is bypassed. Patch provided by Cyrille Le Clerc. (markt) fix 49018: Fix processing of time argument in the Expire sessions action in the Manager web application. (kkolinko) fix 49116: If session is already invalid, expire session to prevent memory leak. (kfujino) fix 49158: Ensure only one session cookie is returned for a single request. (markt/fhanik) fix 49245: Fix session expiration check in cross-context requests. (markt) fix 49398: ByteChunk.indexOf(String, int, int, int) could not find a string of length 1. (kkolinko) fix Fix possible overflows when calculating session statistics. (kkolinko) add Log unexpected exceptions when providing access to web application resources in ApplicationContext. (kkolinko) fix Improve exception handling in CatalinaShutdownHook. (kkolinko) add Expose properties of VirtualWebappLoader and WebappClassLoader via JMX. (rjung) Coyote fix 48839: Correctly handle HTTP header folding in the NIO connector. Patch suggested by Richa Baronia. (markt) fix 48843: Prevent possible deadlock for worker allocation in connectors. (kkolinko) fix 48843: Fix handling of add queues in AprEndpoint.Poller and AprEndpoint.Sendfile. Do not miss wakeups. (kkolinko) add 48862: Add support for the backlog parameter to the AJP connector. (pero/markt) fix 48917: Correct name of mod_jk module in ApacheConfig. Patch provided by Todd Hicks. (markt) fix 49095: AprEndpoint did not wakeup acceptors during shutdown when deferAccept option was enabled. Based on a patch provided by Ruediger Pluem. (kkolinko) add Use chunked encoding for http 1.1 requests with no content-length (regardless of keep-alive) so client can differentiate between complete and partial responses. (markt) fix Correct the SSL session timeout attribute name so the code agrees with the documentation. (markt) add CoyotePrincipal now implements Serializable. (fhanik) fix Enable the BIO AJP connector to run under a security manager. (markt) Jasper fix 45015: Correct a regression in quote handling caused by the re-factoring of attribute parsing. (markt) fix 48701: Add a system property to allow disabling enforcement of JSP.5.3. The specification recommends, but does not require, this enforcement. (kkolinko) fix 48737: Don't assume paths that start with /META-INF/... are always in JARs. This is not true for some IDEs. Patch provided by Fabrizio Giustina. (markt) fix 49081: Correctly handle EL expressions of the form #${...}. (markt) fix 49196: Avoid NullPointerException in PageContext.getErrorData() if an error-handling JSP page is called directly. (markt) Cluster fix 48717: When a node joins a cluster and it receives all the current sessions, ensure the sessionCreated event is fired if the Manager is configured to replicate session events. (markt) fix 48934: Previous fix to handle dropped connections incorrectly permanently disabled session replication. (fhanik) fix 49051: memberAlive is not called if member has not already existed in membership. (kfujino) fix 49151: Avoid ClassCastException in BackupManager#stop. (kfujino) fix 49170: Do not send duplicated session. (kfujino) fix Add missing messages and ensure cluster listeners log messages to correct logger. (markt) Webapps add Use underscores instead of spaces in anchor names in Tomcat documentation. (kkolinko) add Add support for displaying the Spring Security user name (if present) in the Manager application. (markt) update Improve the ChatServlet Comet example (/examples/jsp/chat/). (kkolinko) Other update Update to Commons Daemon 1.0.2. Use service launcher (procrun) from the Commons Daemon release. Do not keep a copy of it in our source tree. (mturk/kkolinko) update Update to NSIS 2.46. (kkolinko) fix 48990: Fix the skip.installer build property so if set, only the Windows installer is skipped. (markt) fix 49178: Provide in catalina.policy an example of additional permissions that might be needed for code located in $CATALINA_BASE/lib. (markt) fix 49236: Do not use indexing when packing Tomcat JARs. (kkolinko) fix Remove unused code from org.apache.tomcat.util.buf classes. (kkolinko) update Rearrange tomcat-juli.jar permissions and wrap long lines in the conf/catalina.policy file, to make the text more readable when cited in documentation. (kkolinko) fix Do not evaluate the execute.installer property when building a release. The skip.installer property is used instead. (kkolinko) Tomcat 6.0.26 (jfclere) released 2010-03-11 Catalina fix Close security hole in unreleased 6.0.25 by ensuring new find leaks functionality is protected by a security constraint. (kkolinko) fix 48831: Improve logging shutdown behaviour. Use Catalina's shutdown hook to shutdown JULI. This enables them to be shutdown in the correct order. Do not shutdown global handlers several times. (markt/kkolinko) Coyote fix 48584: Prevent the APR connector logging an error if the acceptor fails during shutdown since this is expected. (mturk) fix 48660: Using compression should not overwrite any Vary header set by a web application. (markt) Jasper fix 48371: Ensure generated servlet mappings are inserted at the correct location when using JspC and allow the option that controls this to be configured on the command line. Also allow the encoding of web.xml to be configured when using JspC and deprecate some unused JspC methods. (markt/kkolinko) fix 48498: Avoid ArrayIndexOutOfBoundsException triggered by a Java 6/7 XML parser bug. (markt/kkolinko) fix 48668: Additional fixes to ensure deferred syntax is handled correctly. (kkolinko) fix 48827: Correct a regression in the fix for 47977 that caused an incorrect non-empty body error to be reported for valid JSP documents. (markt) Webapps add Make changelog.xml be directly rendered as HTML by certain browsers. (kkolinko) add Add support for automated generation of TOC tables and for links to svn revisions to tomcat-docs.xsl in documentation. (kkolinko/fhanik) add Move Manager application JSPs that are not intended to be accessed directly under the WEB-INF directory. (kkolinko) fix Improve the messages displayed by the find leaks diagnostic in the Manager application. (kkolinko) Other fix Encode all property files using ascii escaped UTF-8. Also fixes deployment problem when using French locale. (jfclere/rjung) Tomcat 6.0.25 (jfclere) not released Catalina fix 48039: Return immediately if start() is called on an already started StandardService. (markt) fix 48109: Ensure InputStream is closed on error condition in web application class loader. (markt) fix 48179: Clean up dead code that was used to read tldCache file. (kkolinko) fix 48318: Handle case where WebDAV resource is in directory listing but is not accessible. (markt) add 48384: Add a per context xslt option for directory listings. Make the fallback options work as described in the documentation. (markt) fix 48577: Filter URL when displaying missing included page. (markt) fix 48612: Prevent exception on shutdown if the address attribute is specified for a connector. (markt) fix 48613: Further fixes to ensure APRLifecycleListener is only used if defined in server.xml. (fhanik) fix 48614: Correct JULI log file buffering so default behaviour is no buffering. (fhanik) fix 48625: Provide an option to exit if an error occurs during the initialization phase. (fhanik) fix 48645: Use specified encoding rather than null in calls to RequestUtil.URLDecode(byte[] bytes, String enc) (markt) fix 48653: Force request.secure and request.scheme to false and http if the X-Forwarded-Proto header has the value http. Patch provided by Cyrille Le Clerc. (markt) fix 48678: Remove duplicate server field from org.apache.catalina.startup.Catalina. (markt) fix 48694: Remove potential deadlock in web application class loader. (markt) add 48716: Provide additional configuration options for JULI. (markt) fix 48726: Prevent OOME when uploading large WAR files with the deployer. Patch provided by adam. (markt) add Improve memory leak protection by safely stopping threads started via java.util.Timer that an application starts but fails to stop and by clearing references retained due to the use of java.util.ResourceBundle. (markt) update Modify ThreadLocal memory leak detection to not report false positives and to simplify implementation. (markt/kkolinko) add Basic memory leak detection was added to the standard Host implementation and exposed via JMX to detect memory leaks on web application reload. (markt/kkolinko) Coyote update Update the native/APR library version bundled with Tomcat to 1.1.20. (kkolinko) Jasper add Add some debug logging to the compiler where exceptions were previously swallowed. (markt) fix 48170: Remove unnecessary synchronization that is causing issues under load. (markt) fix 48580: Prevent AccessControlException if first access is to a JSP that uses a FunctionMapper. (markt) fix 48582: Avoid NPE on background compilation failure. (markt) fix 48616: Don't declare or synchronize scripting variables for JSP fragments since they are scriptless. This is an alternative fix for 42390 that avoids both the original problem and the regression in the first fix. (kkolinko) fix 48627: Fix regression in re-factored EL parsing. Keep literals as literals and handle deferredSyntaxAllowedAsLiteral. (kkolinko) fix 48668: When parsing JSPs only parse EL as EL if EL is enabled else strings such as ${ will be silently dropped. (markt) fix Various EL TCK failures. (markt) Cluster fix Force a disconnect if an error occurs during replication such as a firewall dropping the connection. (fhanik) Webapps add Add new "Find leaks" command to the Manager application. It allows to detect web applications that have caused memory leaks on stop, reload or undeploy. (markt/kkolinko) Other fix Ensure files in conf directory have CRLF line endings when using the Windows installer. (kkolinko) fix Allow special characters recognized by the Windows command-line shell to be present in the names of CATALINA_HOME/_BASE and the current directory used to call the Tomcat scripts. (kkolinko) fix Don't use @Deprecated annotations in javax.servlet.jsp.JspContext since the specification does not include them in the API definition. (markt) add Improve the information in the JAR manifest files. (markt)
2010-09-19 16:32:04 +02:00
share/tomcat/webapps/examples/jsp/chat/index.jsp
share/tomcat/webapps/examples/jsp/chat/index.jsp.html
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/tomcat/webapps/examples/jsp/chat/login.jsp
share/tomcat/webapps/examples/jsp/chat/login.jsp.html
share/tomcat/webapps/examples/jsp/chat/post.jsp
share/tomcat/webapps/examples/jsp/chat/post.jsp.html
share/tomcat/webapps/examples/jsp/checkbox/CheckTest.html
share/tomcat/webapps/examples/jsp/checkbox/check.html
share/tomcat/webapps/examples/jsp/checkbox/checkresult.jsp
share/tomcat/webapps/examples/jsp/checkbox/checkresult.jsp.html
share/tomcat/webapps/examples/jsp/checkbox/cresult.html
share/tomcat/webapps/examples/jsp/colors/ColorGameBean.html
share/tomcat/webapps/examples/jsp/colors/clr.html
share/tomcat/webapps/examples/jsp/colors/colors.html
share/tomcat/webapps/examples/jsp/colors/colrs.jsp
share/tomcat/webapps/examples/jsp/colors/colrs.jsp.html
share/tomcat/webapps/examples/jsp/dates/date.html
share/tomcat/webapps/examples/jsp/dates/date.jsp
share/tomcat/webapps/examples/jsp/dates/date.jsp.html
share/tomcat/webapps/examples/jsp/error/er.html
share/tomcat/webapps/examples/jsp/error/err.jsp
share/tomcat/webapps/examples/jsp/error/err.jsp.html
share/tomcat/webapps/examples/jsp/error/error.html
share/tomcat/webapps/examples/jsp/error/errorpge.jsp
share/tomcat/webapps/examples/jsp/error/errorpge.jsp.html
share/tomcat/webapps/examples/jsp/forward/forward.jsp
share/tomcat/webapps/examples/jsp/forward/forward.jsp.html
share/tomcat/webapps/examples/jsp/forward/fwd.html
share/tomcat/webapps/examples/jsp/forward/one.jsp
share/tomcat/webapps/examples/jsp/forward/one.jsp.html
share/tomcat/webapps/examples/jsp/forward/two.html
share/tomcat/webapps/examples/jsp/images/code.gif
share/tomcat/webapps/examples/jsp/images/execute.gif
share/tomcat/webapps/examples/jsp/images/read.gif
share/tomcat/webapps/examples/jsp/images/return.gif
share/tomcat/webapps/examples/jsp/include/foo.html
share/tomcat/webapps/examples/jsp/include/foo.jsp
share/tomcat/webapps/examples/jsp/include/foo.jsp.html
share/tomcat/webapps/examples/jsp/include/inc.html
share/tomcat/webapps/examples/jsp/include/include.jsp
share/tomcat/webapps/examples/jsp/include/include.jsp.html
share/tomcat/webapps/examples/jsp/index.html
share/tomcat/webapps/examples/jsp/jsp2/el/Functions.java.html
share/tomcat/webapps/examples/jsp/jsp2/el/basic-arithmetic.html
share/tomcat/webapps/examples/jsp/jsp2/el/basic-arithmetic.jsp
share/tomcat/webapps/examples/jsp/jsp2/el/basic-arithmetic.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/el/basic-comparisons.html
share/tomcat/webapps/examples/jsp/jsp2/el/basic-comparisons.jsp
share/tomcat/webapps/examples/jsp/jsp2/el/basic-comparisons.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/el/functions.html
share/tomcat/webapps/examples/jsp/jsp2/el/functions.jsp
share/tomcat/webapps/examples/jsp/jsp2/el/functions.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/el/implicit-objects.html
share/tomcat/webapps/examples/jsp/jsp2/el/implicit-objects.jsp
share/tomcat/webapps/examples/jsp/jsp2/el/implicit-objects.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/jspattribute/FooBean.java.html
share/tomcat/webapps/examples/jsp/jsp2/jspattribute/HelloWorldSimpleTag.java.html
share/tomcat/webapps/examples/jsp/jsp2/jspattribute/ShuffleSimpleTag.java.html
share/tomcat/webapps/examples/jsp/jsp2/jspattribute/TileSimpleTag.java.html
share/tomcat/webapps/examples/jsp/jsp2/jspattribute/jspattribute.html
share/tomcat/webapps/examples/jsp/jsp2/jspattribute/jspattribute.jsp
share/tomcat/webapps/examples/jsp/jsp2/jspattribute/jspattribute.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/jspattribute/shuffle.html
share/tomcat/webapps/examples/jsp/jsp2/jspattribute/shuffle.jsp
share/tomcat/webapps/examples/jsp/jsp2/jspattribute/shuffle.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/jspx/basic.html
share/tomcat/webapps/examples/jsp/jsp2/jspx/basic.jspx
share/tomcat/webapps/examples/jsp/jsp2/jspx/basic.jspx.html
share/tomcat/webapps/examples/jsp/jsp2/jspx/svgexample.html
share/tomcat/webapps/examples/jsp/jsp2/jspx/textRotate.html
share/tomcat/webapps/examples/jsp/jsp2/jspx/textRotate.jpg
share/tomcat/webapps/examples/jsp/jsp2/jspx/textRotate.jspx
share/tomcat/webapps/examples/jsp/jsp2/jspx/textRotate.jspx.html
share/tomcat/webapps/examples/jsp/jsp2/misc/EchoAttributesTag.java.html
share/tomcat/webapps/examples/jsp/jsp2/misc/coda.jspf
share/tomcat/webapps/examples/jsp/jsp2/misc/coda.jspf.html
share/tomcat/webapps/examples/jsp/jsp2/misc/config.html
share/tomcat/webapps/examples/jsp/jsp2/misc/config.jsp
share/tomcat/webapps/examples/jsp/jsp2/misc/config.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/misc/dynamicattrs.html
share/tomcat/webapps/examples/jsp/jsp2/misc/dynamicattrs.jsp
share/tomcat/webapps/examples/jsp/jsp2/misc/dynamicattrs.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/misc/prelude.jspf
share/tomcat/webapps/examples/jsp/jsp2/misc/prelude.jspf.html
share/tomcat/webapps/examples/jsp/jsp2/simpletag/BookBean.java.html
share/tomcat/webapps/examples/jsp/jsp2/simpletag/FindBookSimpleTag.java.html
share/tomcat/webapps/examples/jsp/jsp2/simpletag/Functions.java.html
share/tomcat/webapps/examples/jsp/jsp2/simpletag/HelloWorldSimpleTag.java.html
share/tomcat/webapps/examples/jsp/jsp2/simpletag/RepeatSimpleTag.java.html
share/tomcat/webapps/examples/jsp/jsp2/simpletag/book.html
share/tomcat/webapps/examples/jsp/jsp2/simpletag/book.jsp
share/tomcat/webapps/examples/jsp/jsp2/simpletag/book.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/simpletag/hello.html
share/tomcat/webapps/examples/jsp/jsp2/simpletag/hello.jsp
share/tomcat/webapps/examples/jsp/jsp2/simpletag/hello.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/simpletag/repeat.html
share/tomcat/webapps/examples/jsp/jsp2/simpletag/repeat.jsp
share/tomcat/webapps/examples/jsp/jsp2/simpletag/repeat.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/displayProducts.tag.html
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/hello.html
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/hello.jsp
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/hello.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/helloWorld.tag.html
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/panel.html
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/panel.jsp
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/panel.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/panel.tag.html
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/products.html
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/products.jsp
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/products.jsp.html
share/tomcat/webapps/examples/jsp/jsp2/tagfiles/xhtmlbasic.tag.html
share/tomcat/webapps/examples/jsp/jsptoserv/hello.jsp
share/tomcat/webapps/examples/jsp/jsptoserv/hello.jsp.html
share/tomcat/webapps/examples/jsp/jsptoserv/jsptoservlet.jsp
share/tomcat/webapps/examples/jsp/jsptoserv/jsptoservlet.jsp.html
share/tomcat/webapps/examples/jsp/jsptoserv/jts.html
share/tomcat/webapps/examples/jsp/jsptoserv/servletToJsp.java.html
share/tomcat/webapps/examples/jsp/num/numguess.html
share/tomcat/webapps/examples/jsp/num/numguess.jsp
share/tomcat/webapps/examples/jsp/num/numguess.jsp.html
share/tomcat/webapps/examples/jsp/plugin/applet/Clock2.class
share/tomcat/webapps/examples/jsp/plugin/applet/Clock2.java
share/tomcat/webapps/examples/jsp/plugin/plugin.html
share/tomcat/webapps/examples/jsp/plugin/plugin.jsp
share/tomcat/webapps/examples/jsp/plugin/plugin.jsp.html
share/tomcat/webapps/examples/jsp/security/protected/error.jsp
share/tomcat/webapps/examples/jsp/security/protected/error.jsp.html
share/tomcat/webapps/examples/jsp/security/protected/index.jsp
share/tomcat/webapps/examples/jsp/security/protected/index.jsp.html
share/tomcat/webapps/examples/jsp/security/protected/login.jsp
share/tomcat/webapps/examples/jsp/security/protected/login.jsp.html
share/tomcat/webapps/examples/jsp/sessions/DummyCart.html
share/tomcat/webapps/examples/jsp/sessions/carts.html
share/tomcat/webapps/examples/jsp/sessions/carts.jsp
share/tomcat/webapps/examples/jsp/sessions/carts.jsp.html
share/tomcat/webapps/examples/jsp/sessions/crt.html
share/tomcat/webapps/examples/jsp/simpletag/foo.html
share/tomcat/webapps/examples/jsp/simpletag/foo.jsp
share/tomcat/webapps/examples/jsp/simpletag/foo.jsp.html
share/tomcat/webapps/examples/jsp/snp/snoop.html
share/tomcat/webapps/examples/jsp/snp/snoop.jsp
share/tomcat/webapps/examples/jsp/snp/snoop.jsp.html
share/tomcat/webapps/examples/jsp/source.jsp
share/tomcat/webapps/examples/jsp/source.jsp.html
share/tomcat/webapps/examples/jsp/tagplugin/choose.html
share/tomcat/webapps/examples/jsp/tagplugin/choose.jsp
share/tomcat/webapps/examples/jsp/tagplugin/choose.jsp.html
share/tomcat/webapps/examples/jsp/tagplugin/foreach.html
share/tomcat/webapps/examples/jsp/tagplugin/foreach.jsp
share/tomcat/webapps/examples/jsp/tagplugin/foreach.jsp.html
share/tomcat/webapps/examples/jsp/tagplugin/howto.html
share/tomcat/webapps/examples/jsp/tagplugin/if.html
share/tomcat/webapps/examples/jsp/tagplugin/if.jsp
share/tomcat/webapps/examples/jsp/tagplugin/if.jsp.html
share/tomcat/webapps/examples/jsp/tagplugin/notes.html
share/tomcat/webapps/examples/jsp/xml/xml.html
share/tomcat/webapps/examples/jsp/xml/xml.jsp
share/tomcat/webapps/examples/jsp/xml/xml.jsp.html
share/tomcat/webapps/examples/servlets/cookies.html
share/tomcat/webapps/examples/servlets/helloworld.html
share/tomcat/webapps/examples/servlets/images/code.gif
share/tomcat/webapps/examples/servlets/images/execute.gif
share/tomcat/webapps/examples/servlets/images/return.gif
share/tomcat/webapps/examples/servlets/index.html
share/tomcat/webapps/examples/servlets/reqheaders.html
share/tomcat/webapps/examples/servlets/reqinfo.html
share/tomcat/webapps/examples/servlets/reqparams.html
share/tomcat/webapps/examples/servlets/sessions.html
share/tomcat/webapps/host-manager/META-INF/context.xml
update to apache-tomcat 6.0.36. Upstream changelog: Tomcat 6.0.36 (jfclere) Catalina ++++++++ update 48692: Provide option to parse application/x-www-form-urlencoded PUT requests. (schultz) add 50306: New StuckThreadDetectionValve to detect requests that take a long time to process, which might indicate that their processing threads are stuck. Based on a patch provided by TomLu. (kkolinko) fix 50570: Enable FIPS mode to be set in AprLifecycleListener. Based upon a patch from Chris Beckey. Note that this mode requires tomcat-native 1.1.23 or later linked to a FIPS-capable OpenSSL library, which one has to build by themselves. (schultz/kkolinko) fix Improve synchronization and error handling in AprLifecycleListener. Do not allow to change SSL options if SSL has already been initialized. (schultz/kkolinko) fix 52225: Fix ClassCastException when adding an alias for an existing host via JMX. (kkolinko) fix 52293: Correctly handle the case when antiResourceLocking is enabled at the Context level when unpackWARs is disabled at the Host level. Correctly handle multi-level contexts when antiResourceLocking is enabled. Patch by Justin Miller. (kkolinko) fix Do not throw IllegalArgumentException from parseParameters() call when chunked POST request is too large, but treat it like an IO error. The FailedRequestFilter filter can be used to detect this condition. (kkolinko) fix 52384: Do not fail with parameter parsing when debug logging is enabled. (kkolinko) fix Do not flag extra '&' characters in parameters as parse errors. (kkolinko) fix 52488: Correct typos: exipre -> expire. Based on a patch by prockter. (markt) fix Reduce log level for the message about hitting maxParameterCount limit from WARN to INFO. Fix limit comparison to allow exactly maxParameterCount parameters, as documentation says, instead of (maxParameterCount-1). (kkolinko) fix Slightly improve performance of UDecoder.convert(). Align %2f handling between implementations. (kkolinko) add Add denyStatus attribute to RequestFilterValve (RemoteAddrValve, RemoteHostValve valves). It allows to use different HTTP response code when rejecting denied request. E.g. 404 instead of 403. (kkolinko) add Add SetCharacterEncodingFilter (similar to the one contained in the examples web application) to the org.apache.catalina.filters package so that it is available for all web applications. (kkolinko) add 52500: Added configurable mechanism to retrieve user names from X509 client certificates. Based on a patch provided by Michael Furman. (schultz/kkolinko) fix 52719: Fix a theoretical resource leak in the JAR validation that checks for non-permitted classes in web application JARs. (markt) fix 52830: Correct JNDI lookups when using javax.naming.Name to identify the resource rather than a java.lang.String. (markt) add 52850: Extend memory leak prevention and detection code to work with IBM as well as Oracle JVMs. Based on a patch provided by Rohit Kelapure. (kkolinko) add 52996: In StandardThreadExecutor: Add the ability to configure a job queue size (maxQueueSize attribute). Add a variant of execute method that allows to specify a timeout for how long we want to try to add something to the queue. Based on a patch by Rüdiger Plüm. (kkolinko) fix 53047: If a JDBCRealm or DataSourceRealm is configured for an all roles mode that only requires authorization (and no roles) and no role table or column is defined, don't populate the Principal's roles. (markt/kkolinko) fix 53050: Fix handling of entropy value when initializing session id generator in session manager. Based on proposal by Andras Rozsa. (kkolinko) fix 53056: Add APR version number to tcnative version INFO log message. (schultz) fix 53057: Add OpenSSL version number INFO log message when initializing. (schultz) fix 53071: Use the message from the Throwable for the error report generated by the ErrorReportValve if none was specified via sendError(). Use the standard text for HTTP error codes. (markt/rjung) update 53230: Change session managers to throw TooManyActiveSessionsException instead of IllegalStateException when the maximum number of sessions has been exceeded and a new session will not be created. (schultz/kkolinko) fix 53267: Ensure that using the GC Daemon Protection feature of the JreMemoryLeakPreventionListener does not trigger a full GC every hour. (markt/kkolinko) fix 53531: Fix ExpandWar.expand to check the return value of File.mkdir and File.mkdirs. (schultz) fix Make the CSRF nonce cache in CsrfPreventionFilter serializable so that it can be replicated across a cluster and/or persisted across Tomcat restarts. (markt) fix 53584: Ignore path parameters when comparing URIs for FORM authentication. This prevents users being prompted twice for passwords when logging in when session IDs are being encoded as path parameters. (markt) fix Various improvements to the DIGEST authenticator including 52954, the disabling caching of an authenticated user in the session by default, tracking server rather than client nonces and better handling of stale nonce values. (markt) fix Remove unneeded handling of FORM authentication in RealmBase. (kkolinko) fix 53800: FileDirContext.list() did not provide correct paths for subdirectories. Patch provided by Kevin Wooten. (kkolinko) fix 53830: Better handling of Manager.randomFile default value on Windows. (kkolinko) fix Improve session management in CsrfPreventionFilter. (kkolinko) Coyote ++++++ fix 42181: Better handling of edge conditions in chunk header processing. (kkolinko) update 51477: Support all SSL protocol combinations in the APR/native connector. This only works when using the native library version 1.1.21 or later. (rjung) fix 52055 (comment 14): Correctly reset ChunkedInputFilter.needCRLFParse flag when the filter is recycled. (kkolinko) fix 52606: Ensure replayed POST bodies are available when using AJP. (markt) fix 52858: Fix high CPU load with SSL, NIO and sendfile when client breaks the connection before reading all the requested data. (fhanik/kkolinko) fix 53119: Prevent buffer overflow errors being reported when a client disconnects before the response has been fully written from an AJP connection using the APR/native connector. (kkolinko) fix Improve InternalNioInputBuffer.parseHeaders(). (kkolinko) add Implement maxHeaderCount attribute on Connector. It is equivalent of LimitRequestFields directive of Apache HTTPD. Default value is 100. (kkolinko) fix In JkCoyoteHandler connector for AJP/1.3 protocol (in JkMain.setProperty()): Fix setting of properties when connector has already started for properties that have aliases. E.g. it now allows to change maxHeaderCount attribute on Connector MBean via JMX. (kkolinko) fix 53725: Fix possible corruption of GZIP'd output. (kkolinko) Jasper ++++++ fix 48097 (comment 7), 53366 (comment 1): If JSP page unexpectedly fails to initialize PageContext instance, write exception to the logs instead of silent swallowing. (kkolinko) fix 52335: Only handle <\% and not \% as escaped in template text. (markt) fix 52666: Correct coercion order in EL when processing the equality and inequality operators. (markt) fix 53001: Revert the fix for 46915 since the use case described in the bug is invalid since it breaks the EL specification. (markt) fix 53032: Modify JspC so it extends org.apache.tools.ant.Task enabling it to work with features such as namespaces within build.xml files. (markt) Cluster +++++++ fix Replicate principal in ClusterSingleSignOn. (kfujino) fix 53513: Fix race condition between the processing of session sync message and transfer complete message. (kfujino) fix 53606: Fix potential NPE in TcpPingInterceptor. Based on a patch by F. Arnoud. (markt) fix 53607: To avoid NPE, set TCP PING data to ChannelMessage. Patch provided by F.Arnoud (kfujino) fix Fix a behavior of TcpPingInterceptor#useThread. Do not start a ping thread when useThread is set to false. (kfujino) Web applications ++++++++++++++++ fix 52243: Improve windows service documentation to clarify how to include # and/or ; in the value of an environment variable that is passed to the service. (markt) fix 52515: Make it clear in the Realm how-to in the documentation web application that digested password storage when using DIGEST authentication requires that MD5 digests are used. (markt) fix 52641: Remove mentioning of ldap.jar from docs. Patch provided by Felix Schumacher. (rjung) fix Remove obsolete bug warning from windows service documentation page. (rjung) fix 52983: Remove unnecessary code that makes switching to other authentication methods difficult. (markt) fix 53158: Fix documented defaults for DBCP. Patch provided by ph.dezanneau at gmail.com. (rjung) update Update JavaSE documentation links to point to the current docs.oracle.com site, instead of obsolete ones (download.oracle.com, java.sun.com). (kkolinko) update 53289: Clarify ResourceLink example that uses DataSource.getConnection(username, password) method. Not all data source implementations support it. (kkolinko) fix Prevent the custom error pages for the Manager and Host Manager applications from being accessed directly. Configure custom pages for error codes 401 and 403 in Host Manager application. (markt/kkolinko) fix Correct documentation for enableLookups attribute of a Connector. By default DNS lookups are disabled. (kkolinko) fix Fix several HTML markup errors in servlets of examples web application. (kkolinko) update Change the index page of ROOT webapp to mention "manager-gui" role instead of "manager" one. (kkolinko) fix 53473: Correct the allowed values for the SSI option isVirtualWebappRelative which are true or false. (markt) fix 53664: Minor JNDI Howto document enhancement concerning mail properties. Patch provided by Mark Eggers. (schultz) fix 53601: Clarify that to build Apache Tomcat 6 from sources a Java 5 JDK is recommended. (kkolinko) fix 53793: Change links on the list of applications in the Manager to point to /appname/ instead of /appname. (kkolinko) Other +++++ fix 49402, 52124: Fix Maven publishing script: make sure it finds tomcat-juli.jar and use later version of wagon-ssh. (jfclere) fix Update Apache Commons Daemon to 1.0.10. It resolves 52548 which meant that services created with service.bat did not set the catalina.home and catalina.base system properties. (markt, kkolinko) update Update Apache Commons Pool to 1.5.7. (kkolinko) update 52579: Add a note about Sun's Charset.decode() bug to the RELEASE-NOTES file. (kkolinko) update 52805: Update to Eclipse JDT Compiler 3.7.2. (kkolinko) update Update the native component of the APR/native connectors to 1.1.23 and take advantage of the simplified distribution. (kkolinko) fix When building a Windows installer do not copy whole "res" folder to output/dist, but only the files that we need. Apply fixcrlf filter only after the files are copied, so that INSTALLLICENSE file had correct line ends. (kkolinko) update Remove res/License.rtf. The file that is actually shown by the Windows installer is res/INSTALLLICENSE. (kkolinko) update Improve RUNNING.txt. (kkolinko) update Align the script that deploys Maven jars for Tomcat (res/maven/mvn-pub.xml) with the Tomcat 7 version, making full use of Nexus. (markt) add 53034: Add project.url and project.licenses sections to the POMs for the Maven artifacts. (kkolinko) fix 53454: Return correct content-length header for HEAD requests when content length is greater than 2GB. (markt)
2012-12-02 12:31:17 +01:00
share/tomcat/webapps/host-manager/WEB-INF/jsp/401.jsp
share/tomcat/webapps/host-manager/WEB-INF/jsp/403.jsp
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/tomcat/webapps/host-manager/WEB-INF/web.xml
share/tomcat/webapps/host-manager/images/add.gif
share/tomcat/webapps/host-manager/images/asf-logo.gif
share/tomcat/webapps/host-manager/images/code.gif
share/tomcat/webapps/host-manager/images/design.gif
share/tomcat/webapps/host-manager/images/docs.gif
share/tomcat/webapps/host-manager/images/fix.gif
share/tomcat/webapps/host-manager/images/tomcat.gif
share/tomcat/webapps/host-manager/images/update.gif
share/tomcat/webapps/host-manager/images/void.gif
share/tomcat/webapps/host-manager/manager.xml
share/tomcat/webapps/manager/META-INF/context.xml
update to apache-tomcat 6.0.36. Upstream changelog: Tomcat 6.0.36 (jfclere) Catalina ++++++++ update 48692: Provide option to parse application/x-www-form-urlencoded PUT requests. (schultz) add 50306: New StuckThreadDetectionValve to detect requests that take a long time to process, which might indicate that their processing threads are stuck. Based on a patch provided by TomLu. (kkolinko) fix 50570: Enable FIPS mode to be set in AprLifecycleListener. Based upon a patch from Chris Beckey. Note that this mode requires tomcat-native 1.1.23 or later linked to a FIPS-capable OpenSSL library, which one has to build by themselves. (schultz/kkolinko) fix Improve synchronization and error handling in AprLifecycleListener. Do not allow to change SSL options if SSL has already been initialized. (schultz/kkolinko) fix 52225: Fix ClassCastException when adding an alias for an existing host via JMX. (kkolinko) fix 52293: Correctly handle the case when antiResourceLocking is enabled at the Context level when unpackWARs is disabled at the Host level. Correctly handle multi-level contexts when antiResourceLocking is enabled. Patch by Justin Miller. (kkolinko) fix Do not throw IllegalArgumentException from parseParameters() call when chunked POST request is too large, but treat it like an IO error. The FailedRequestFilter filter can be used to detect this condition. (kkolinko) fix 52384: Do not fail with parameter parsing when debug logging is enabled. (kkolinko) fix Do not flag extra '&' characters in parameters as parse errors. (kkolinko) fix 52488: Correct typos: exipre -> expire. Based on a patch by prockter. (markt) fix Reduce log level for the message about hitting maxParameterCount limit from WARN to INFO. Fix limit comparison to allow exactly maxParameterCount parameters, as documentation says, instead of (maxParameterCount-1). (kkolinko) fix Slightly improve performance of UDecoder.convert(). Align %2f handling between implementations. (kkolinko) add Add denyStatus attribute to RequestFilterValve (RemoteAddrValve, RemoteHostValve valves). It allows to use different HTTP response code when rejecting denied request. E.g. 404 instead of 403. (kkolinko) add Add SetCharacterEncodingFilter (similar to the one contained in the examples web application) to the org.apache.catalina.filters package so that it is available for all web applications. (kkolinko) add 52500: Added configurable mechanism to retrieve user names from X509 client certificates. Based on a patch provided by Michael Furman. (schultz/kkolinko) fix 52719: Fix a theoretical resource leak in the JAR validation that checks for non-permitted classes in web application JARs. (markt) fix 52830: Correct JNDI lookups when using javax.naming.Name to identify the resource rather than a java.lang.String. (markt) add 52850: Extend memory leak prevention and detection code to work with IBM as well as Oracle JVMs. Based on a patch provided by Rohit Kelapure. (kkolinko) add 52996: In StandardThreadExecutor: Add the ability to configure a job queue size (maxQueueSize attribute). Add a variant of execute method that allows to specify a timeout for how long we want to try to add something to the queue. Based on a patch by Rüdiger Plüm. (kkolinko) fix 53047: If a JDBCRealm or DataSourceRealm is configured for an all roles mode that only requires authorization (and no roles) and no role table or column is defined, don't populate the Principal's roles. (markt/kkolinko) fix 53050: Fix handling of entropy value when initializing session id generator in session manager. Based on proposal by Andras Rozsa. (kkolinko) fix 53056: Add APR version number to tcnative version INFO log message. (schultz) fix 53057: Add OpenSSL version number INFO log message when initializing. (schultz) fix 53071: Use the message from the Throwable for the error report generated by the ErrorReportValve if none was specified via sendError(). Use the standard text for HTTP error codes. (markt/rjung) update 53230: Change session managers to throw TooManyActiveSessionsException instead of IllegalStateException when the maximum number of sessions has been exceeded and a new session will not be created. (schultz/kkolinko) fix 53267: Ensure that using the GC Daemon Protection feature of the JreMemoryLeakPreventionListener does not trigger a full GC every hour. (markt/kkolinko) fix 53531: Fix ExpandWar.expand to check the return value of File.mkdir and File.mkdirs. (schultz) fix Make the CSRF nonce cache in CsrfPreventionFilter serializable so that it can be replicated across a cluster and/or persisted across Tomcat restarts. (markt) fix 53584: Ignore path parameters when comparing URIs for FORM authentication. This prevents users being prompted twice for passwords when logging in when session IDs are being encoded as path parameters. (markt) fix Various improvements to the DIGEST authenticator including 52954, the disabling caching of an authenticated user in the session by default, tracking server rather than client nonces and better handling of stale nonce values. (markt) fix Remove unneeded handling of FORM authentication in RealmBase. (kkolinko) fix 53800: FileDirContext.list() did not provide correct paths for subdirectories. Patch provided by Kevin Wooten. (kkolinko) fix 53830: Better handling of Manager.randomFile default value on Windows. (kkolinko) fix Improve session management in CsrfPreventionFilter. (kkolinko) Coyote ++++++ fix 42181: Better handling of edge conditions in chunk header processing. (kkolinko) update 51477: Support all SSL protocol combinations in the APR/native connector. This only works when using the native library version 1.1.21 or later. (rjung) fix 52055 (comment 14): Correctly reset ChunkedInputFilter.needCRLFParse flag when the filter is recycled. (kkolinko) fix 52606: Ensure replayed POST bodies are available when using AJP. (markt) fix 52858: Fix high CPU load with SSL, NIO and sendfile when client breaks the connection before reading all the requested data. (fhanik/kkolinko) fix 53119: Prevent buffer overflow errors being reported when a client disconnects before the response has been fully written from an AJP connection using the APR/native connector. (kkolinko) fix Improve InternalNioInputBuffer.parseHeaders(). (kkolinko) add Implement maxHeaderCount attribute on Connector. It is equivalent of LimitRequestFields directive of Apache HTTPD. Default value is 100. (kkolinko) fix In JkCoyoteHandler connector for AJP/1.3 protocol (in JkMain.setProperty()): Fix setting of properties when connector has already started for properties that have aliases. E.g. it now allows to change maxHeaderCount attribute on Connector MBean via JMX. (kkolinko) fix 53725: Fix possible corruption of GZIP'd output. (kkolinko) Jasper ++++++ fix 48097 (comment 7), 53366 (comment 1): If JSP page unexpectedly fails to initialize PageContext instance, write exception to the logs instead of silent swallowing. (kkolinko) fix 52335: Only handle <\% and not \% as escaped in template text. (markt) fix 52666: Correct coercion order in EL when processing the equality and inequality operators. (markt) fix 53001: Revert the fix for 46915 since the use case described in the bug is invalid since it breaks the EL specification. (markt) fix 53032: Modify JspC so it extends org.apache.tools.ant.Task enabling it to work with features such as namespaces within build.xml files. (markt) Cluster +++++++ fix Replicate principal in ClusterSingleSignOn. (kfujino) fix 53513: Fix race condition between the processing of session sync message and transfer complete message. (kfujino) fix 53606: Fix potential NPE in TcpPingInterceptor. Based on a patch by F. Arnoud. (markt) fix 53607: To avoid NPE, set TCP PING data to ChannelMessage. Patch provided by F.Arnoud (kfujino) fix Fix a behavior of TcpPingInterceptor#useThread. Do not start a ping thread when useThread is set to false. (kfujino) Web applications ++++++++++++++++ fix 52243: Improve windows service documentation to clarify how to include # and/or ; in the value of an environment variable that is passed to the service. (markt) fix 52515: Make it clear in the Realm how-to in the documentation web application that digested password storage when using DIGEST authentication requires that MD5 digests are used. (markt) fix 52641: Remove mentioning of ldap.jar from docs. Patch provided by Felix Schumacher. (rjung) fix Remove obsolete bug warning from windows service documentation page. (rjung) fix 52983: Remove unnecessary code that makes switching to other authentication methods difficult. (markt) fix 53158: Fix documented defaults for DBCP. Patch provided by ph.dezanneau at gmail.com. (rjung) update Update JavaSE documentation links to point to the current docs.oracle.com site, instead of obsolete ones (download.oracle.com, java.sun.com). (kkolinko) update 53289: Clarify ResourceLink example that uses DataSource.getConnection(username, password) method. Not all data source implementations support it. (kkolinko) fix Prevent the custom error pages for the Manager and Host Manager applications from being accessed directly. Configure custom pages for error codes 401 and 403 in Host Manager application. (markt/kkolinko) fix Correct documentation for enableLookups attribute of a Connector. By default DNS lookups are disabled. (kkolinko) fix Fix several HTML markup errors in servlets of examples web application. (kkolinko) update Change the index page of ROOT webapp to mention "manager-gui" role instead of "manager" one. (kkolinko) fix 53473: Correct the allowed values for the SSI option isVirtualWebappRelative which are true or false. (markt) fix 53664: Minor JNDI Howto document enhancement concerning mail properties. Patch provided by Mark Eggers. (schultz) fix 53601: Clarify that to build Apache Tomcat 6 from sources a Java 5 JDK is recommended. (kkolinko) fix 53793: Change links on the list of applications in the Manager to point to /appname/ instead of /appname. (kkolinko) Other +++++ fix 49402, 52124: Fix Maven publishing script: make sure it finds tomcat-juli.jar and use later version of wagon-ssh. (jfclere) fix Update Apache Commons Daemon to 1.0.10. It resolves 52548 which meant that services created with service.bat did not set the catalina.home and catalina.base system properties. (markt, kkolinko) update Update Apache Commons Pool to 1.5.7. (kkolinko) update 52579: Add a note about Sun's Charset.decode() bug to the RELEASE-NOTES file. (kkolinko) update 52805: Update to Eclipse JDT Compiler 3.7.2. (kkolinko) update Update the native component of the APR/native connectors to 1.1.23 and take advantage of the simplified distribution. (kkolinko) fix When building a Windows installer do not copy whole "res" folder to output/dist, but only the files that we need. Apply fixcrlf filter only after the files are copied, so that INSTALLLICENSE file had correct line ends. (kkolinko) update Remove res/License.rtf. The file that is actually shown by the Windows installer is res/INSTALLLICENSE. (kkolinko) update Improve RUNNING.txt. (kkolinko) update Align the script that deploys Maven jars for Tomcat (res/maven/mvn-pub.xml) with the Tomcat 7 version, making full use of Nexus. (markt) add 53034: Add project.url and project.licenses sections to the POMs for the Maven artifacts. (kkolinko) fix 53454: Return correct content-length header for HEAD requests when content length is greater than 2GB. (markt)
2012-12-02 12:31:17 +01:00
share/tomcat/webapps/manager/WEB-INF/jsp/401.jsp
share/tomcat/webapps/manager/WEB-INF/jsp/403.jsp
Update of apache-tomcat to version 6.0.29 (and a little Makefile cosmetics) fixes two of the currently known security issues Upstream changelog: Tomcat 6.0.29 (jfclere) released 2010-07-22 Catalina add 48960: Add a new option to the SSI Servlet and SSI Filter to allow the disabling of the exec command. This is now disabled by default. Based on a patch by Yair Lenga. (markt) fix 49551: Allow default context.xml location to be specified using an absolute path. (markt) fix 49598: When session is changed and the session cookie is replaced, ensure that the new Set-Cookie header overwrites the old Set-Cookie header. (markt) fix Fix order when listing Webapp loader search URLs. (rjung) add Add support for *.jar pattern in VirtualWebappLoader. (kkolinko) Tomcat 6.0.28 (jfclere) released 2010-07-09 Catalina fix Arrange filter logic. (jfclere) fix 49230: Enhance JRE leak prevention listener with protection for the keep-alive thread started by sun.net.www.http.HttpClient. Patch provided by Rob Kooper. (markt) fix 49351: Fix possible NPe when embedding and no name is specified for the Service. (markt) fix 49424: Avoid NPE if client provides no data with a chunked POST request. (markt) fix 49414: Differentiate between request threads and application created threads when warning about still running threads when an application stops. (markt) fix 49443: Use remoteIpHeader rather than remoteIPHeader consistently. (markt) add Add property searchExternalFirst to WebappLoader. If set, the external repositories will be searched before the WEB-INF ones. (rjung) Cluster fix 49445: When session ID is changed after authentication, ensure the DeltaManager replicates the change in ID to the other nodes in the cluster. (kfujino) Webapps fix 49213: Grant permissions required by manager application when running under a security manager. (markt/kkolinko) fix 49436: Correct documented default for readonly attribute of the UserDatabase component. (markt) Tomcat 6.0.27 (jfclere) not released General update Update DBCP to 1.3. (markt) Catalina fix Fix CVE-2010-1157. Prevent possible disclosure of host name or IP address via the HTTP WWW-Authenticate header when using BASIC or DIGEST authentication. (markt) add Include context name when reporting memory leaks to aid root cause identification. (markt) fix Improve exception handling on session de-serialization to assist in identifying the root cause of 48007. (kkolinko) add 48379: Make session cookie name, domain and path configurable per context. (markt) fix 48589: Make JNDIRealm easier to extend. Based on a patch by Candid Dauth. (markt/kkolinko) fix 48629: Allow user names as well as DNs to be used with the nested role search. Add roleNested to the documentation. Patch provided by Felix Schumacher. (markt) fix 48661: Make error page behavior consistent, regardless of how the error page is defined. If a response has been committed, always include the error page. (markt) fix 48729: Return roles defined by both userRoleName and roleName mechanisms. Patch provided by 'eric'. Also make user's role list immutable.(markt) fix 48760: Fix potential multi-threading issue in static resource serving where multiple threads could try to use the the same InputStream. (markt) fix 48790: Fix thread safety issue in the count of the maximum number of active session. (markt/kkolinko) fix 48793: Make catalina.sh more robust to different return values on different platforms. Patch provided by Thomas GL. (markt) fix 48840: Swallow output (if any) from use of cd when determining $CATALINA_HOME in catalina.sh and tool-wrapper.sh scripts. Based on patch provided by mdietze. (markt/kkolinko) fix 48895: Make clearing of ThreadLocals that are causing memory leaks on web application stop, reload or undeploy configurable since the process of clearing them is not thread-safe. (markt) fix 48903: Fix deadlock in webapp class loader. (rjung) fix 48971: Make stopping of leaking Timer threads optional and disabled by default. (markt) fix 48976: Document JAVA_ENDORSED_DIRS in start-up scripts. Patch provided by Laurent Vaills. (markt) fix 48983: Improve debug logging for situations when RemoteIpValve is bypassed. Patch provided by Cyrille Le Clerc. (markt) fix 49018: Fix processing of time argument in the Expire sessions action in the Manager web application. (kkolinko) fix 49116: If session is already invalid, expire session to prevent memory leak. (kfujino) fix 49158: Ensure only one session cookie is returned for a single request. (markt/fhanik) fix 49245: Fix session expiration check in cross-context requests. (markt) fix 49398: ByteChunk.indexOf(String, int, int, int) could not find a string of length 1. (kkolinko) fix Fix possible overflows when calculating session statistics. (kkolinko) add Log unexpected exceptions when providing access to web application resources in ApplicationContext. (kkolinko) fix Improve exception handling in CatalinaShutdownHook. (kkolinko) add Expose properties of VirtualWebappLoader and WebappClassLoader via JMX. (rjung) Coyote fix 48839: Correctly handle HTTP header folding in the NIO connector. Patch suggested by Richa Baronia. (markt) fix 48843: Prevent possible deadlock for worker allocation in connectors. (kkolinko) fix 48843: Fix handling of add queues in AprEndpoint.Poller and AprEndpoint.Sendfile. Do not miss wakeups. (kkolinko) add 48862: Add support for the backlog parameter to the AJP connector. (pero/markt) fix 48917: Correct name of mod_jk module in ApacheConfig. Patch provided by Todd Hicks. (markt) fix 49095: AprEndpoint did not wakeup acceptors during shutdown when deferAccept option was enabled. Based on a patch provided by Ruediger Pluem. (kkolinko) add Use chunked encoding for http 1.1 requests with no content-length (regardless of keep-alive) so client can differentiate between complete and partial responses. (markt) fix Correct the SSL session timeout attribute name so the code agrees with the documentation. (markt) add CoyotePrincipal now implements Serializable. (fhanik) fix Enable the BIO AJP connector to run under a security manager. (markt) Jasper fix 45015: Correct a regression in quote handling caused by the re-factoring of attribute parsing. (markt) fix 48701: Add a system property to allow disabling enforcement of JSP.5.3. The specification recommends, but does not require, this enforcement. (kkolinko) fix 48737: Don't assume paths that start with /META-INF/... are always in JARs. This is not true for some IDEs. Patch provided by Fabrizio Giustina. (markt) fix 49081: Correctly handle EL expressions of the form #${...}. (markt) fix 49196: Avoid NullPointerException in PageContext.getErrorData() if an error-handling JSP page is called directly. (markt) Cluster fix 48717: When a node joins a cluster and it receives all the current sessions, ensure the sessionCreated event is fired if the Manager is configured to replicate session events. (markt) fix 48934: Previous fix to handle dropped connections incorrectly permanently disabled session replication. (fhanik) fix 49051: memberAlive is not called if member has not already existed in membership. (kfujino) fix 49151: Avoid ClassCastException in BackupManager#stop. (kfujino) fix 49170: Do not send duplicated session. (kfujino) fix Add missing messages and ensure cluster listeners log messages to correct logger. (markt) Webapps add Use underscores instead of spaces in anchor names in Tomcat documentation. (kkolinko) add Add support for displaying the Spring Security user name (if present) in the Manager application. (markt) update Improve the ChatServlet Comet example (/examples/jsp/chat/). (kkolinko) Other update Update to Commons Daemon 1.0.2. Use service launcher (procrun) from the Commons Daemon release. Do not keep a copy of it in our source tree. (mturk/kkolinko) update Update to NSIS 2.46. (kkolinko) fix 48990: Fix the skip.installer build property so if set, only the Windows installer is skipped. (markt) fix 49178: Provide in catalina.policy an example of additional permissions that might be needed for code located in $CATALINA_BASE/lib. (markt) fix 49236: Do not use indexing when packing Tomcat JARs. (kkolinko) fix Remove unused code from org.apache.tomcat.util.buf classes. (kkolinko) update Rearrange tomcat-juli.jar permissions and wrap long lines in the conf/catalina.policy file, to make the text more readable when cited in documentation. (kkolinko) fix Do not evaluate the execute.installer property when building a release. The skip.installer property is used instead. (kkolinko) Tomcat 6.0.26 (jfclere) released 2010-03-11 Catalina fix Close security hole in unreleased 6.0.25 by ensuring new find leaks functionality is protected by a security constraint. (kkolinko) fix 48831: Improve logging shutdown behaviour. Use Catalina's shutdown hook to shutdown JULI. This enables them to be shutdown in the correct order. Do not shutdown global handlers several times. (markt/kkolinko) Coyote fix 48584: Prevent the APR connector logging an error if the acceptor fails during shutdown since this is expected. (mturk) fix 48660: Using compression should not overwrite any Vary header set by a web application. (markt) Jasper fix 48371: Ensure generated servlet mappings are inserted at the correct location when using JspC and allow the option that controls this to be configured on the command line. Also allow the encoding of web.xml to be configured when using JspC and deprecate some unused JspC methods. (markt/kkolinko) fix 48498: Avoid ArrayIndexOutOfBoundsException triggered by a Java 6/7 XML parser bug. (markt/kkolinko) fix 48668: Additional fixes to ensure deferred syntax is handled correctly. (kkolinko) fix 48827: Correct a regression in the fix for 47977 that caused an incorrect non-empty body error to be reported for valid JSP documents. (markt) Webapps add Make changelog.xml be directly rendered as HTML by certain browsers. (kkolinko) add Add support for automated generation of TOC tables and for links to svn revisions to tomcat-docs.xsl in documentation. (kkolinko/fhanik) add Move Manager application JSPs that are not intended to be accessed directly under the WEB-INF directory. (kkolinko) fix Improve the messages displayed by the find leaks diagnostic in the Manager application. (kkolinko) Other fix Encode all property files using ascii escaped UTF-8. Also fixes deployment problem when using French locale. (jfclere/rjung) Tomcat 6.0.25 (jfclere) not released Catalina fix 48039: Return immediately if start() is called on an already started StandardService. (markt) fix 48109: Ensure InputStream is closed on error condition in web application class loader. (markt) fix 48179: Clean up dead code that was used to read tldCache file. (kkolinko) fix 48318: Handle case where WebDAV resource is in directory listing but is not accessible. (markt) add 48384: Add a per context xslt option for directory listings. Make the fallback options work as described in the documentation. (markt) fix 48577: Filter URL when displaying missing included page. (markt) fix 48612: Prevent exception on shutdown if the address attribute is specified for a connector. (markt) fix 48613: Further fixes to ensure APRLifecycleListener is only used if defined in server.xml. (fhanik) fix 48614: Correct JULI log file buffering so default behaviour is no buffering. (fhanik) fix 48625: Provide an option to exit if an error occurs during the initialization phase. (fhanik) fix 48645: Use specified encoding rather than null in calls to RequestUtil.URLDecode(byte[] bytes, String enc) (markt) fix 48653: Force request.secure and request.scheme to false and http if the X-Forwarded-Proto header has the value http. Patch provided by Cyrille Le Clerc. (markt) fix 48678: Remove duplicate server field from org.apache.catalina.startup.Catalina. (markt) fix 48694: Remove potential deadlock in web application class loader. (markt) add 48716: Provide additional configuration options for JULI. (markt) fix 48726: Prevent OOME when uploading large WAR files with the deployer. Patch provided by adam. (markt) add Improve memory leak protection by safely stopping threads started via java.util.Timer that an application starts but fails to stop and by clearing references retained due to the use of java.util.ResourceBundle. (markt) update Modify ThreadLocal memory leak detection to not report false positives and to simplify implementation. (markt/kkolinko) add Basic memory leak detection was added to the standard Host implementation and exposed via JMX to detect memory leaks on web application reload. (markt/kkolinko) Coyote update Update the native/APR library version bundled with Tomcat to 1.1.20. (kkolinko) Jasper add Add some debug logging to the compiler where exceptions were previously swallowed. (markt) fix 48170: Remove unnecessary synchronization that is causing issues under load. (markt) fix 48580: Prevent AccessControlException if first access is to a JSP that uses a FunctionMapper. (markt) fix 48582: Avoid NPE on background compilation failure. (markt) fix 48616: Don't declare or synchronize scripting variables for JSP fragments since they are scriptless. This is an alternative fix for 42390 that avoids both the original problem and the regression in the first fix. (kkolinko) fix 48627: Fix regression in re-factored EL parsing. Keep literals as literals and handle deferredSyntaxAllowedAsLiteral. (kkolinko) fix 48668: When parsing JSPs only parse EL as EL if EL is enabled else strings such as ${ will be silently dropped. (markt) fix Various EL TCK failures. (markt) Cluster fix Force a disconnect if an error occurs during replication such as a firewall dropping the connection. (fhanik) Webapps add Add new "Find leaks" command to the Manager application. It allows to detect web applications that have caused memory leaks on stop, reload or undeploy. (markt/kkolinko) Other fix Ensure files in conf directory have CRLF line endings when using the Windows installer. (kkolinko) fix Allow special characters recognized by the Windows command-line shell to be present in the names of CATALINA_HOME/_BASE and the current directory used to call the Tomcat scripts. (kkolinko) fix Don't use @Deprecated annotations in javax.servlet.jsp.JspContext since the specification does not include them in the API definition. (markt) add Improve the information in the JAR manifest files. (markt)
2010-09-19 16:32:04 +02:00
share/tomcat/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
share/tomcat/webapps/manager/WEB-INF/jsp/sessionsList.jsp
Apache Tomcat 6.x is the current focus of development. It builds upon the improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1 specifications. In addition to that, it includes the following improvements: * Memory usage optimizations * Advanced IO capabilities * Refactored clustering While we're here make a number of improvements based on the old 5.5.x pkg: - Use MASTER_SITE_APACHE - Default to running as an unprived user - Use a more standard rc.d script - Cleaner pkg_delete operation based on standard files/dirs that change
2009-02-14 13:02:08 +01:00
share/tomcat/webapps/manager/WEB-INF/web.xml
share/tomcat/webapps/manager/images/add.gif
share/tomcat/webapps/manager/images/asf-logo.gif
share/tomcat/webapps/manager/images/code.gif
share/tomcat/webapps/manager/images/design.gif
share/tomcat/webapps/manager/images/docs.gif
share/tomcat/webapps/manager/images/fix.gif
share/tomcat/webapps/manager/images/tomcat.gif
share/tomcat/webapps/manager/images/update.gif
share/tomcat/webapps/manager/images/void.gif
share/tomcat/webapps/manager/status.xsd
share/tomcat/webapps/manager/xform.xsl
Update to the latest version; the full changelog is at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security relevant fixes: CVE-2011-0534 - remote denial of service CVE-2011-0013 - cross site scripting CVE-2010-4172 - cross site scripting CVE-2010-3718 - SecurityManager file permission bypass
2011-02-15 08:03:11 +01:00
@pkgdir share/tomcat/conf
Reference in a new issue Copy permalink