We are not advancing to the 3.3 or 4.0 branches at the moment, as neither
will work with our native JDK without a lot more work.
Changes since Tomcat 3.2.3 (the last pkgsrc version):
7.1 Fixes and Enhancements in Release 3.2.4
This section highlights the bugs fixed in this release.
- Cookie name expires is a reserved token (#1114)
- Thread initialization problem in thread pool (#1745)
- AJP12 returned invalid HTTP headers when redirecting to very
long URLS (#2333)
- Fixed casting problem in JspFactoryImpl.getPageContext(). (#4260)
- Setting sesstion-timeout in web.xml did not prevent sessions from
timing out. (#4412)
- Fixed race condition in ServerSocketFactory.getDefault(). (#4418)
- Removed the restrictions on encoded spcecial characters in URLs
that was added as a security precaution in 3.2.3. The encoded
special characters are not decoded and remain the URL and
path info returned to servlets.
- Jk_nt_service now supports the ability to be restarted automatically
by the Windows 2000 service control manager if Tomcat terminates
abnormally.
- Fixed invalid servlet mapping in web.xml generated by JspC (#3474, #3499)
- Added findResource() and findResources() to AdaptiveClassLoader12
- A Date: HTTP header is now sent in responses when running stand
alone. (#345)
- Simple held on to a reference to removed objects preventing
garbage collection.
- Tomcat 3.2.4 now ships with JAXP 1.1. Prior releases used
JAXP 1.0.1. Tomcat 3.2.4 remains completely compatible with
the older version of JAXP and there is no requirement for users
to upgrade to JAXP 1.1 unless their applications require the new
version.
- Fixed NullPointerException in HttpConnectionHandler. (#4577)
7.2 Security Vulnerabilities fixed in Tomcat 3.2.4
The randomness of generated session ids has been enhanced to prevent the
generation of guessable ids.
of jakarta-tomcat-3.2.1.
This package installs the servlet.jar archive, which is used to develop
both servlets themselves and servlet container applications such as tomcat.
