f779e840dc
Huge number of fixes listed at http://tomcat.apache.org/tomcat-8.0-doc/changelog.html Highlights of fixes: * Fix: RMI Target related memory leaks are avoidable which makes them an application bug that needs to be fixed rather than a JRE bug to work around. Therefore, start logging RMI Target related memory leaks on web application stop. Add an option that controls if the check for these leaks is made. Log a warning if running on Java 9 with this check enabled but without the command line option it requires. (markt) * Fix: Ensure NPE will not be thrown during deployment when scanning jar files without MANIFEST.MF file. (violetagg) * Fix: 59604: Correct the assumption made in the URL decoding that the default platform encoding is always compatible with ISO-8859-1. This assumption is not always valid, e.g. on z/OS. (markt) * Fix: 59608: Skip over any invalid Class-Path attribute from JAR manifests. Log errors at debug level due to many bad libraries. (remm) * Fix: Ensure that requests with HTTP method names that are not tokens (as required by RFC 7231) are rejected with a 400 response. (markt) * Fix: When an asynchronous request is processed by the AJP connector, ensure that request processing has fully completed before starting the next request. (markt) * Fix: If an async dispatch results in the completion of request processing, ensure that any remaining request body is swallowed before starting the processing of the next request else the remaining body may be read as the start of the next request leading to a 400 response. (markt) * Fix: Fix a memory leak in the expression language implementation that caused the class loader of the first web application to use expressions to be pinned in memory. (markt) * Fix: Correctly configure the base path for a resources directory provided by an expanded JAR file. Patch provided by hengyunabc. (markt) * Fix: 59317: Ensure that HttpServletRequest.getRequestURI() returns an encoded URI rather than a decoded URI after a dispatch. (markt) Highlights of non-fixes: * Update: Update the internal fork of Commons DBCP 2 to r1743696 (2.1.1 plus additional fixes). (markt) * Update: Update the internal fork of Commons Pool 2 to r1743697 (2.4.2 plus additional fixes). (markt) * Update: Update the internal fork of Commons File Upload to r1743698 (1.3.1 plus additional fixes). (markt) * Update: Update the option code coverage tool Cobertura to 2.1.1 so it is easier to compare the change in lines of code between 8.0.x and 9.0.x. (markt) * Add: Add a new environment variable JSSE_OPTS that is intended to be used to pass JVM wide configuration to the JSSE implementation. The default value is -Djdk.tls.ephemeralDHKeySize=2048 which protects against weak Diffie-Hellman keys with Java 8. (markt) * Update: Exclude ciphers that use RSA keys from the default cipher list since they do not support forward secrecy. (markt) * Update: Update the packaged version of the Tomcat Native Library to 1.2.7 to pick up the Windows binaries that are based on OpenSSL 1.0.2h and APR 1.5.2. (markt) |
||
---|---|---|
.. | ||
files | ||
DESCR | ||
distinfo | ||
INSTALL | ||
Makefile | ||
MESSAGE | ||
PLIST |