Commit graph

2 commits

Author SHA1 Message Date
ryoon
9d71d01aea Update to 8.5.15
Changelog:
Tomcat 8.5.15 (markt)
General

    Add: Allow to exclude JUnit test classes using the build property test.exclude and document the property in BUILDING.txt. (rjung)

Catalina

    Fix: Review those places where Tomcat re-encodes a URI or URI component and ensure that that correct encoding (path differs from query string) is applied and that the encoding is applied consistently. (markt)
    Fix: Avoid a NullPointerException when reading attributes for a initialised HTTP connector where TLS is enabled. (markt)
    Fix: Always quote the hostName of an SSLHostConfig element when using it as part of the JMX object name to avoid errors that prevent the associated TLS connector from starting if a wild card hostName is configured (because * is a reserved character for JMX object names). (markt)
    Code: Start to switch to using Charset rather than String to store encoding configuration settings to reduce the number of places the associated Charset needs to be looked up. (markt)
    Fix: Use a more reliable mechanism for the DefaultServlet when determining if the current request is for custom error page or not. (markt)
    Fix: Ensure that when the Default or WebDAV servlets process an error dispatch that the error resource is processed via the doGet() method irrespective of the method used for the original request that triggered the error. (markt)
    Fix: If a static custom error page is specified that does not exist or cannot be read, ensure that the intended error status is returned rather than a 404 or 403. (markt)
    Fix: When the WebDAV servlet is configured and an error dispatch is made to a custom error page located below WEB-INF, ensure that the target error page is displayed rather than a 404 response. (markt)
    Add: 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch provided by Justin Williamson. (violetagg)
    Fix: Correct the logic that selects the encoding to use to decode the query string in the SSIServletExternalResolver so that the useBodyEncodingForURI attribute of the Connector is correctly taken into account. (markt)
    Fix: Within the Expires filter, make the content type value specified with the ExpiresByType parameter, case insensitive. (markt)

Coyote

    Fix: When a TrustManager is configured that does not support certificateVerificationDepth only log a warning about that lack of support when certificateVerificationDepth has been explicitly set. (markt)
    Fix: 60970: Extend the fix for large headers to push requests. (markt)
    Fix: Do not include a Date header in HTTP/2 responses with status codes less than 200. (markt)

Jasper

    Fix: When no BOM is present and an encoding is detected, do not skip the bytes used to detect the encoding since they are not part of a BOM. (markt)
    Update: 61057: Update to Eclipse JDT Compiler 4.6.3. (violetagg)
    Fix: 61065: Ensure that once the class is resolved by javax.el.ImportHandler#resolveClass it will be cached with the proper name. (violetagg)

WebSocket

    Fix: 61003: Ensure the flags for reading/writing in o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some exceptions occurred during processing. (markt/violetagg)

Web Applications

    Add: Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)

Other

    Add: Modify the Ant build script used to publish to a Maven repository so that it no longer requires artifacts to be GPG signed. This is make it possible for the CI system to upload snapshot builds to the ASF Maven repository. (markt)
    Code: Review i18n property files, remove unnecessary escaping and consistently use [...] to delimit inserted values. (markt)

release in progress Tomcat 8.5.14 (markt)
Catalina

    Fix: 59825: Log a message that lists the components in the processing chain that do not support async processing when a call to ServletRequest.startAsync() fails. (markt)
    Fix: 60926: Ensure o.a.c.core.ApplicationContextFacade#setSessionTimeout will invoke the correct method when running Tomcat with security manager. (markt)
    Update: Update the early access Servlet 4.0 API implementation to reflect the change in method name from getPushBuilder() to newPushBuilder(). (markt)
    Fix: Correct a regression in the X to comma refactoring that broke JMX operations that take parameters. (markt)
    Fix: Avoid a NullPointerException when reading attributes for a running HTTP connector where TLS is not enabled. (markt)
    Fix: 60940: Improve the handling of the META-INF/ and META-INF/MANIFEST.MF entries for Jar files located in /WEB-INF/lib when running a web application from a packed WAR file. (markt)
    Fix: Pre-load the ExceptionUtils class. Since the class is used extensively in error handling, it is prudent to pre-load it to avoid any failure to load this class masking the true problem during error handling. (markt)
    Fix: Avoid potential NullPointerExceptions related to access logging during shutdown, some of which have been observed when running the unit tests. (markt)
    Fix: When there is no javax.servlet.WriteListener registered then a call to javax.servlet.ServletOutputStream#isReady will return false instead of throwing IllegalStateException. (violetagg)
    Fix: When there is no javax.servlet.ReadListener registered then a call to javax.servlet.ServletInputStream#isReady will return false instead of throwing IllegalStateException. (violetagg)

Coyote

    Fix: Align cipher configuration parsing with current OpenSSL master. (markt)
    Fix: 60970: Fix infinite loop if application tries to write a large header to the response when using HTTP/2. (markt)

Jasper

    Fix: 60925: Improve the handling of access to properties defined by interfaces when a BeanELResolver is used under a SecurityManager. (markt)

jdbc-pool

    Code: Refactor the creating a constructor for a proxy class to reduce duplicate code. (kfujino)
    Fix: In StatementFacade, the method call on the statements that have been closed throw SQLException rather than NullPointerException. (kfujino)

Other

    Fix: Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers via Github. (violetagg)
    Fix: 60932: Correctly escape single quotes when used in i18n messages. Based on a patch by Michael Osipov. (markt)
    Fix: Update the custom Ant task that integrates with the Symantec code signing service to use the now mandatory 2-factor authentication. (markt)
2017-05-20 23:45:02 +00:00
ryoon
d09dfde3de Import apache-tomcat-8.5.13 as www/apache-tomcat85.
Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages
technologies. The Java Servlet and JavaServer Pages specifications are
developed under the Java Community Process.

Apache Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Apache Tomcat is intended to
be a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project.

Apache Tomcat powers numerous large-scale, mission-critical web applications
across a diverse range of industries and organizations.

This package tracks 8.5.x release branch.
2017-04-10 10:43:22 +00:00