kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/apache-tomcat7
History
zafer 4f32309eeb Update to 7.0.90 
Changelog:
Tomcat 7.0.90 (violetagg)
Catalina
	fix	62498: Correct a regression in the fix for CVE-2017-12617 that caused request failures for some requests when using the VirtualDirContext. (markt)
	fix	Delete reference to removed class that prevented Tomcat from starting when running under a security manager. (markt)

Tomcat 7.0.89 (violetagg)	not released
Catalina
	fix	JNDI resources that are defined with injection targets but no value are now treated as if the resource is not defined. (markt)
	fix	Ensure that JNDI names used for <lookup-name> entries in web.xml and for lookup elements of @Resource annotations specify a name with an explicit java: namespace. (markt)
	add	51953: Add the RemoteCIDRFilter and RemoteCIDRValve that can be used to allow/deny requests based on IPv4 and/or IPv6 client address where the IP ranges are defined using CIDR notation. Based on a patch by Francis Galiegue. (markt)
	fix	62343: Make CORS filter defaults more secure. This is the fix for CVE-2018-8014. (markt)
	fix	Make all loggers associated with Tomcat provided Filters non-static to ensure that log messages are not lost when a web application is reloaded. (markt)
	fix	Correct the manifest for the annotations-api.jar. The JAR implements the Common Annotations API 1.1 and the manifest should reflect that. (markt)
	fix	Switch to non-static loggers where there is a possibility of a logger becoming associated with a web application class loader causing log messages to be lost if the web application is stopped. (markt)
	add	62389: Add the IPv6 loopback address to the default internalProxies regular expression. Patch by Craig Andrews. (markt)
	fix	In the RemoteIpValve and RemoteIpFilter, correctly handle the case when the request passes through one or more trustedProxies but no internalProxies. Based on a patch by zhanhb. (markt)
	fix	Correct the logic in MBeanFactory.removeConnector() to ensure that the correct Connector is removed when there are multiple Connectors using different addresses but the same port. (markt)
	fix	Make JAASRealm mis-configuration more obvious by requiring the authenticated Subject to include at least one Principal of a type specified by userClassNames. (markt)
	fix	62476: Use GMT timezone for the value of Expires header as required by HTTP specification (RFC 7231, 7234). (kkolinko)
2018-07-25 22:03:30 +00:00
..
files Remove the stability entity, it has no meaning outside of an official context. 2016-06-08 10:16:50 +00:00
DESCR
distinfo Update to 7.0.90 2018-07-25 22:03:30 +00:00
INSTALL
Makefile Update to 7.0.90 2018-07-25 22:03:30 +00:00
MESSAGE
PLIST Update to 7.0.85 2018-03-23 13:00:17 +00:00