Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages
technologies. The Java Servlet and JavaServer Pages specifications are
developed under the Java Community Process.
Apache Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Apache Tomcat is intended to
be a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project.
Apache Tomcat powers numerous large-scale, mission-critical web applications
across a diverse range of industries and organizations.
I have tested some war apps and they works. But not fully tested.
*Rails 3.0.11 (unreleased)*
* Fix XSS security vulnerability in the `translate` helper method. When using
interpolation in combination with HTML-safe translations, the interpolated
input would not get HTML escaped. *GH 3664*
Before:
translate('foo_html', :something => '<script>') # => "...<script>..."
After:
translate('foo_html', :something => '<script>') # => "...<script>..."
*Sergey Nartimov*
* Implement a workaround for a bug in ruby-1.9.3p0 where an error would be
raised while attempting to convert a template from one encoding to another.
Please see http://redmine.ruby-lang.org/issues/5564 for details of the bug.
The workaround is to load all conversions into memory ahead of time, and will
only happen if the ruby version is exactly 1.9.3p0. The hope is obviously
that the underlying problem will be resolved in the next patchlevel release
of 1.9.3.
* Fix assert_select_email to work on multipart and non-multipart emails as the
method stopped working correctly in Rails 3.x due to changes in the new mail
gem.
* Fix url_for when passed a hash to prevent additional options (eg. :host,
:protocol) from being added to the hash after calling it.
Changes from previous:
0.25 Sun Jul 3 00:28:10 CEST 2011
[ENHANCEMENTS]
- new Engine: HTTP::Proxy::Engine::Threaded, by Angelos Karageorgiou
[FIXES]
- Correctly call eod() when the response has no body
(closed RT ticket #48310)
Changes from previous:
0.09005 2011-09-06
- bump version of prereq CGI to 3.37 to make all tests pass
0.09004 2011-08-26
- skip aggregate.t on Win32
- no functional changes to HTML::FormFu
0.09003_02 2011-08-25
- disable Test::Aggregate on Win32
0.09003_01 2011-05-11
- using Test::Aggregate for the test suite if installed
tests finish now in seconds instead of minutes
0.09003 2011-05-10
- fixed regression in Model::HashRef introduced in 0.09000
0.09002 2011-03-21
- Hopefully fix IO::Interactive dependency properly
0.09001 2011-03-31
- Fix IO::Interactive dependency
0.09000 2011-03-29
- Codebase changed to use Moose - massive internal changes - any custom
Elements, Constraints, etc will require changes.
See advice on mailing list:
http://www.mail-archive.com/html-formfu@lists.scsys.co.uk/msg02325.html
Or ask for help on the mailing list:
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
- Bug fix: was a fatal error when a value was submitted for Label element
(code called delete_nested_hash_value instead of deleted_nested_hash_key).
- Bug fix: RT#65728 Filter::Split shouldn't return a value if no value was
submitted.
- Bug fix: Element::Date now uses default() in preference to
default_natural(). RT#65727
- DateTime elements, minutes and seconds have new 'interval' option.
- Now only delete submitted value if there's no other field on the form with
the same name.
- load_config_file(stem) now honours the include path order, to mimic TT
behaviour.
o add -P <pidfile> option, from jmmv@netbsd.org
o avoid crashes with http basic auth, from pooka@netbsd.org
o add support for REDIRECT_STATUS variable, from tls@netbsd.org
o support .mp4 files in the default map
o directory indexes with files with : are now displayed properly, from
reed@netbsd.org
o allow -I option to be useful in non-inetd mode as well
Changes from previous:
Version 1.5 (released 2011.09.17)
* Fix PSGI docroot
* Documentation improvements
Version 1.4 (released 2011.03.20)
* Make PSGI adapter be non-blocking
* Also make it use the psgi.streaming interface
* Add yield to Adapt::HttpDaemon's print (I thought it was there before?)
* Add Coro thread descriptions for better debugging
Version 1.3 (released 2010.11.22)
* Stupid version number issue
Version 1.2.0 (released 2010.11.22)
* Refactor PSGI adaptor (scrottie)
* Random documentation updates
Changes from previous:
0.16 2011-01-05 19:28:00 GMT
- Fix bug accidentally introduced in the last version with response
3xx statuses.
0.15 2011-01-04 14:19:36 CET
- Don't delegate to a view if the response body is set to `undef'.
- Make sure a Test::More with done_testing support is available.
Changes from previous:
0.11 Sun Oct 23 21:45:00 GMT 2011
- Add test to MANIFEST so it also ships
0.10 Sun Oct 23 21:10:53 GMT 2011
- Identifiers are now parsed closer to the CSS3 spec
- Certain invalid attribute selectors now raise an exception
0.09 Sun Oct 16 13:07:09 GMT 2011
- Fix bug in attribute-value-substring selectors where
the CSS attributes were wrongly assumed to be
specified with @href (Aaron Crane)
- Make test suite less verbose (Aaron Crane)
0.08 Sun Sep 18 12:31:31 PDT 2011
- Fix bug when combining selectors (p , q). Whitespace created invalid
XPath expressions there. (Corion)
- Fix bug when combining :root selectors as the second selector.
The first selector was modified. (Corion)
- :root now acts relative to the given "root" option,
not the document root (Corion)
- More css3 selectors support (Corion)
0.07 Mon Mar 7 17:07:39 PST 2011
- Added a COPYRIGHT section
0.06 Thu Feb 17 13:54:45 PST 2011
- Add CSS3 "=$" operator (Corion)
- Add CSS3 "=^" operator (Corion)
- Add complex subexpressions for :not() (Corion)
- Add :empty selector (Corion)
- Support 'root' parameters to to_xpath (JZOBEL, David Wheeler, Corion)
0.05 Thu Feb 17 09:08:06 PST 2011
- Add CSS3 "=*" operator for real substring matching (Corion)
- Add CSS3 ":first-of-type" and ":nth-of-type()" pseudo-attributes (Corion)
(but if you're using them, you're likely better off using XPath already)
- Add CSS3 "~" operator (Corion)
- Adopt tests for "~" operator from RT #61990, by Aaron Crane (Corion)
- Add :contains() selector (only immediate child nodes) (Corion)
- Support implicit selectors like "> em" (translated to "* > em") (Corion)
Fixes RT #50131 (Reported by David Wheeler)
- Fix more implicit universal selectors (fixes RT #49982)
:lang(c) as a bare selector works now (Corion, Aaron Crane)
Changes from previous:
0.03 Sun Feb 13 19:40:10 PST 2011
- Use 'sass' gem executable if installed.
0.02 Fri Feb 11 19:01:42 PST 2011
- Supported SCSS with the new option 'syntax'
Changes from previous:
0.14
- do not include '#' and the following characters in URI in PATH_INFO or QUERY_STRING
0.13
- fix compile error on GCC < 3 (RT #63074)
0.12
- fix undeclared dependency on URI::Escape (RT #62716)
- fix parsing of protocol version in the pure perl impl to exactly match that of XS
0.11
- fix build error due to the use of Module::Install::ReadmeMarkdownFromPod (RT #62589)
0.10
- support for HTTP response parsing (by gfx,mala,tokuhirom)
Changes from previous:
0.13 2011-02-12
- No functional changes in this release
- Added eg/runfcgi.pl, contributed by Paul Evans (LeoNerd)
- Added eg/server.pl
changes:
-bookmark dialog crashes are fixed
-faster, base64-based CSS support
-Speed dial received a makeover
-Cookies are stored in an sqlite3 database
-more of subtle tweaks and improvements
Changes from previous:
1.14 Tue 26 Oct 2011 19:42:00 CET
- removed benchmark test data and benchmark script for release (Torsten Raudssus [GETTY])
1.12 Sat 19 Mar 2011 19:05:17 CET
- Fixed the t/08 test
1.11 Tue 26 Oct 2010 14:10:00 UTC
- Added param_order capability (Torsten Raudssus [GETTY])
1.10 Fri 8 Oct 2010 15:50:55 UTC
- Patch for test failure ( thanks KENTNL/MITHALDU! )
Changes from previous:
0.19
- Add pluggable backends, since AnyEvent seems to be flaky on
some systems. (doy)
0.18 02/17/2010
- Fixes for RewriteLocation when used on a mounted proxy
(hiratara, rbuels)
- Ignore $ENV{http_proxy}
- Include reason for failure in 502 response
- Disabled persistent HTTP connection option in AnyEvent::HTTP
0.17 01/19/2010
- Bump version to fix some CPAN issues
0.16 01/12/2010
- Rewrite proxy code to use AnyEvent::HTTP's on_body callback.
This gets chunked and gzipped responses working.
the Perl programming language with a simple http client as dependency of
scheduled import of MetaCPAN::API (dependency of scheduled update of
Git::CPAN::Patch).
This is a very simple HTTP/1.1 client, designed for doing simple GET
requests without the overhead of a large framework like LWP::UserAgent.
It is more correct and more complete than HTTP::Lite. It supports proxies
(currently only non-authenticating ones) and redirection. It also correctly
resumes after EINTR.
Changes from previous:
2.11 Tue Aug 23 16:01:04 EDT 2011
- added parsing context, override for eof() and parse() for
memory clear on new docs or post-eof()
- fixed some long standing test warnings
Asynchronous HTTP server using EV event loop.
It doesn't load files received in the POST request in memory as most
of CGI modules does, but stores them directly to tmp files, so it's
useful for handling large files without using a lot of memory.
apache22 >= 2.2.10, and we're now on 2.2.21.
Ideally this would instead accept apache22 older than 2.2.10, but
given how old (and insecure) that is there's not much point. I guess
if anyone really really wants to do that they can revert this change
locally... but I can't say I recommend it.
Changes from previous:
0.9505 Fri Jul 1 13:27:10 EEST 2011
- bugfix in perl wrapper: fix in WrapAssociate.pm
thanks to Viktor Bukhtoyarov
0.9506 Tue Oct 4 22:55:35 EEST 2011
- file name in logs
Changes from previous:
0.05 Wed Jun 22 23:28:32 JST 2011
- No code changes
- Added Test::Requires to build_requires
- Fixed pod
0.04 Mon May 16 12:58:30 JST 2011
- Added content_type and vary_user_agent options (kazeburo)
- Added psgix.no-compress and psgix.compress-only-text/html enviroment
value like Apache mod_deflate (kazeburo)
Oct 9, 2011 (1.8.1)
-----------
- Fixed exact match censoring option (bug #0001392) [Tom]
- Fixed adding elements to empty Configuration arrays (bug #0001396) [Tom]
- Blank out OAuth consumer key and secret in rootdebug dumps [Dirk]
- Fixed deleting elements from Configuration arrays (bug #0001394, patch
provided by dengen)
- Avoid censoring in What's Related block (bug #0001393) [Tom, Dirk]
- Fixed error message display in admin's user editor when renaming the
userphoto failed [Dirk]
- Don't display details of a failed MS SQL query by default [Dirk]
- Updated Japanese language file, provided by the Geeklog.jp group
Changes from previous:
0.37 2011-07-17 09:20:00
- Allow setting of TT class rather than forcing 'Template'
0.36 2010-10-19 15:00:00
- Fixed subclassing when using expose_methods
Changes from previous:
0.025 23 Oct 2010
* change field.description.length to .defined to appease TT.
* add Create Related links. Patch from Adam Mackler.
* fix some XHTML compliance bugs (reported by Adam Mackler).
* change 'use Class::C3' to 'use MRO::Compat' in test libs.
* add m2m example to MyDBIC test app
There are VCL-incompatible changes between 2.x and 3.x.
Some release highlights (https://www.varnish-cache.org/):
Introduction of VMODs
Add streaming on pass and miss. This is controlled by the beresp.do_stream boolean. This includes support for compression/uncompression.
Add support for ESI and gzip.
Handle objects larger than 2G.
HTTP Range support is now enabled by default
The ban lurker is enabled by default
if there is a backend or director with the name default, use that as the default backend, otherwise use the first one listed.
Add many more stats counters. Amongst those, add per storage backend stats and per-backend statistics.
Syslog the platform we are running on
The -l (shared memory log file) argument has been changed, please see the varnishd manual for the new syntax.
The -S and -T arguments are now stored in the shmlog
Make it possible to name storage backends. The names have to be unique.
The max_esi_includes parameter has been renamed to max_esi_depth.
The err_ttl parameter has been removed and is replaced by a setting in default.vcl.
Add panic.show and panic.clear CLI commands.
VCL now has vcl_init and vcl_fini functions that are called when a given VCL has been loaded and unloaded.
Varnish is now stricter in enforcing no duplication of probes, backends and ACLs.
The ABI of vmods are now checked. This will require a rebuild of all vmods against the new version of Varnish.
XXX Set MAKE_JOBS_SAFE=no for now. Should investigate why it fails
without it as it prolongs build time significantly.
Upstream changes:
Add-ons installed by third party programs are now disabled by default
Added a one-time add-on selection dialog to manage previously installed add-ons
Added Twitter to the search bar for select locales. Additional locale support
will be added in the future
Added a preference to load tabs on demand, improving start-up time when
windows are restored
Improved performance and memory handling when using <audio> and <video>
elements
Added CORS support for cross-domain textures in WebGL
Added support for HTML5 context menus
Added support for insertAdjacentHTML
Improved CSS hyphen support for many languages
Improved WebSocket support
Fixed several stability issues
Fixed several security issues
Changes from previous:
0.14 Mon Oct 31 10:37:49 PDT 2011
- Fixed a bug where croak was not imported from Carp (ctfliblime)
0.13 Sun Sep 18 12:10:56 PDT 2011
- Set the status header to 302 if there's Location header but no Status in the resonse (ASP)
0.12 Thu Jun 9 23:58:10 PDT 2011
- Fixed the PSGI header generation to prevent invalid PSGI response headers
such as newlines in the value and "Status" key
0.11 Fri Feb 18 21:35:29 PST 2011
- Filter psgix.* environment too (mkanat)
