a04fbeb2ad
Changelog: Tomcat 8.5.20 (markt) Catalina Fix: Revert the fix for 49464 since it continued to trigger regressions. (markt) Fix: Correct a bug in the PushBuilder implementation that meant push URLs containing %nn sequences were not correctly decoded. Identified by FindBugs. (markt) Add: 61164: Add support for the %X pattern in the AccessLogValve that reports the connection status at the end of the request. Patch provided by Zemian Deng. (markt) Fix: 61351: Correctly handle %nn decoding of URL patterns in web.xml and similar locations that may legitimately contain characters that are not permitted by RFC 3986. (markt) Add: 61366: Add a new attribute, localDataSource, to the JDBCStore that allows the Store to be configured to use a DataSource defined by the web application rather than the default of using a globally defined DataSource. Patch provided by Jonathan Horowitz. (markt) Coyote Fix: 61086: Ensure to explicitly signal an empty request body for HTTP 205 responses. Additional fix to r1795278. Based on a patch provided by Alexandr Saperov. (violetagg) Update: 61345: Add a server listener that can be used to do system property replacement from the property source configured in the digester. (remm) Add: Add additional logging to record problems that occur while waiting for the NIO pollers to stop during the Connector stop process. (markt) Jasper Fix: 61364: Ensure that files are closed after detecting encoding of JSPs so that files do not remain locked by the file system. (markt) WebSocket Add: 57767: Add support to the WebSocket client for following redirects when attempting to establish a WebSocket connection. Patch provided by J Fernandez. (markt) 2017-07-28 Tomcat 8.5.19 (markt) Catalina Fix: Performance improvements for service loader look-ups (and look-ups of other class loader resources) when the web application is deployed in a packed WAR file. (markt) Fix: 61253: Add warn message when Digester.updateAttributes throws an exception instead of ignoring it. (csutherl) Fix: Correct a further regression in the fix for 49464 that could cause an byte order mark character to appear at the start of content included by the DefaultServlet. (markt) Fix: 61313: Make the read timeout configurable in the JNDIRealm and ensure that a read timeout will result in an attempt to fail over to the alternateURL. Based on patches by Peter Maloney and Felix Schumacher. (markt) Web applications Fix: Correct the documentation for how StandardRoot is configured. (markt) Other Fix: 61316: Fix corruption of UTF-16 encoded source files in released source distributions. (markt) Tomcat 8.5.18 (markt) Catalina Fix: 61232: When log rotation is disabled only one separator will be used when generating the log file name. For example if the prefix is catalina. and the suffix is .log then the log file name will be catalina.log instead of catalina..log. Patch provided by Katya Stoycheva. (violetagg) Fix: 61264: Correct a regression in the refactoring to use Charset rather than String to store request character encoding that prevented getReader() throwing an UnsupportedEncodingException if the user agent specifies an unsupported character encoding. (markt) Fix: Correct a regression in the fix for 49464 that could cause an incorrect Content-Length header to be sent by the DefaultServlet if the encoding of a static is not consistent with the encoding of the response. (markt) Coyote Fix: Enable TLS connectors to use Java key stores that contain multiple keys where each key has a separate password. Based on a patch by Frank Taffelt. (markt) Fix: Improve the handling of HTTP/2 stream resets due to excessive headers when a continuation frame is used. (markt) Jasper Add: 53031: Add support for the fork option when compiling JSPs with the Jasper Ant task and javac. (markt) Other Add: 52791: Add the ability to set the defaults used by the Windows installer from a configuration file. Patch provided by Sandra Madden. (markt) Tomcat 8.5.17 (markt) Catalina Fix: 49464: Improve the Default Servlet's handling of static files when the file encoding is not compatible with the required response encoding. (markt) Fix: 61214: Remove deleted attribute servlets from the Context MBean description. Patch provided by Alexis Hassler. (markt) Fix: 61215: Correctly define addConnectorPort and invalidAuthenticationWhenDeny in the mbean-descriptors.xml file for the org.apache.catalina.valves package so that the attributes are accessible via JMX. (markt) Fix: Make asynchronous error handling more robust. In particular ensure that onError() is called for any registered AsyncListeners after an I/O error on a non-container thread. (markt) Fix: Additional permission for deleting files is granted to JULI as it is required by FileHandler when running under a Security Manager. The thread that cleans the log files is marked as daemon thread. (violetagg) Fix: 61229: Correct a regression in 8.5.15 that broke WebDAV handling for resources with names that included a & character. (markt) Coyote Fix: Restore the ability to configure support for SSLv3. Enabling this protocol will trigger a warning in the logs since it is known to be insecure. (markt) Fix: Do not log a warning when a null session is returned for an OpenSSL based TLS session since this is expected when session tickets are enabled. (markt) Fix: When the access log valve logs a TLS related request attribute and the NIO2 connector is used with OpenSSL, ensure that the TLS attric SSL session access for the APR connector. (remm) Add: To ease migration from 8.0.x to 8.5.x, if the HTTP or AJP BIO connector is explicitly configured, rather than failing to start the connector because BIO has been removed, automatically switch to tribute searchExternalFirst from the documentation since the attribute is no longer supported. (markt) 2017-06-26 Tomcat 8.5.16 (markt) Catalina Fix: 61072: Respect the documentation statements that allow using the platform default secure random for session id generation. (remm) Fix: Correct the javadoc for o.a.c.connector.CoyoteAdapter#parseSessionCookiesId. Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg) Fix: 61101: CORS filter should set Vary header in response. Submitted by Rick Riemer. (remm) Add: 61105: Add a new JULI FileHandler configuration for specifying the maximum number of days to keep the log files. (violetagg) Fix: 61125: Ensure that WarURLConnection returns the correct value for calls to getLastModified() as this is required for the correct detection of JSP modifications when the JSP is packaged in a WAR file. (markt) Fix: Improve the SSLValve so it is able to handle client certificate headers from Nginx. Based on a patch by Lucas Ventura Carro. (markt) Fix: 61134: Do not use '[' and ']' symbols around substituted text fragments when generating the default error pages. Patch provided by Katya Todorova. (violetagg) Fix: 61154: Allow the Manager and Host Manager web applications to start by default when running under a security manager. This was accomplished by adding a custom permission, org.apache.catalina.security.DeployXmlPermission, that permits an application to use a META-INF/context.xml file and then granting that permission to the Manager and Host Manager. (markt) Fix: 61173: Polish the javadoc for o.a.catalina.startup.Tomcat. Patch provided by peterhansson_se. (violetagg) Add: A new configuration property crawlerIps is added to the o.a.catalina.valves.CrawlerSessionManagerValve. Using this property one can specify a regular expression that will be used to identify crawlers based on their IP address. Based on a patch provided by Tetradeus. (violetagg) Fix: 61180: Log a warning message rather than an information message if it takes more than 100ms to initialised a SecureRandom instance for a web application to use to generate session identifiers. Patch provided by Piotr Chlebda. (markt) Fix: 61185: When an asynchronous request is dispatched via AsyncContext.dispatch() ensure that getRequestURI() for the dispatched request matches that of the original request. (markt) Fix: 61197: Ensure that the charset name used in the Content-Type header has exactly the same form as that provided by the application. This reverts a behavioural change in 8.5.15 that caused problems for some clients. (markt) Fix: 61201: Ensure that the SCRIPT_NAME environment variable for CGI executables is populated in a consistent way regardless of how the CGI servlet is mapped to a request. (markt) Coyote Fix: 61086: Explicitly signal an empty request body for HTTP 205 responses. (markt) Fix: 61120: Do not ignore path parameters when processing HTTP/2 requests. (markt) Fix: Revert a change introduced in the fix for bug 60718 that changed the status code recorded in the access log when the client dropped the connection from 200 to 500. (markt) Fix: Add additional syncs to the SSL session object provided by the OpenSSL engine so that a concurrent destruction cannot cause a JVM crash. (remm) Fix: 61195: Backport, with deprecation where appropriate, the endpoint and protocol property changes from 9.0.x to ease migration from 8.5.x to 9.0.x. (markt) Jasper Fix: 44787: Improve error message when JSP compiler configuration options are not valid. (markt) Fix: 61137: j.s.jsp.tagext.TagLibraryInfo#uri and j.s.jsp.tagext.TagLibraryInfo#prefix fields should not be final. Patch provided by Katya Todorova. (violetagg) WebSocket Fix: Correct the log message when a MessageHandler for PongMessage does not implement MessageHandler.Whole. (rjung) Add: Introduce new API o.a.tomcat.websocket.WsSession#suspend/ o.a.tomcat.websocket.WsSession#resume that can be used to suspend/resume reading of the incoming messages. (violetagg) Fix: Improve thread-safety of Futures used to report the result of sending WebSocket messages. (markt) Fix: 61183: Correct a regression in the previous fix for 58624 that could trigger a deadlock depending on the locking strategy employed by the client code. (markt) Web applications Fix: Better document the meaning of the trimSpaces option for Jasper. (markt) Fix: 61150: Configure the Manager and Host-Manager web applications to permit serialization and deserialization of CRSFPreventionFilter related session objects to avoid warning messages and/or stack traces on web application stop and/or start when running under a security manager. (markt) Fix: Correct the TLS configuration documentation to remove SSLv2 and SSLv3 from the list of supported protocols. (markt) Tribes Add: Add JMX support for Tribes components. (kfujino) Other Add: 45832: Add HTTP DIGEST authentication support to the Catalina Ant tasks used to communicate with the Manager application. (markt) Fix: 45879: Add the RELEASE-NOTES file to the root of the installation created by the Tomcat installer for Windows to make it easier for users to identify the installed Tomcat version. (markt) Fix: 61055: Clarify the code comments in the rewrite valve to make clear that there are no plans to provide proxy support for this valve since Tomcat does not have proxy capabilities. (markt) Fix: 61076: Document the altDDName attribute for the Context element. (markt) Fix: Correct typo in Jar Scan Filter Configuration Reference. Issue reported via comments.apache.org. (violetagg) Fix: 61145: Add missing @Documented annotation to annotations in the annotations API. Patch provided by Katya Todorova. (markt) Fix: 61146: Add missing lookup() method to @EJB annotation in the annotations API. Patch provided by Katya Todorova. (markt) Fix: Correct typo in Context Container Configuration Reference. Patch provided by Katya Todorova. (violetagg) |
||
---|---|---|
.. | ||
files | ||
DESCR | ||
distinfo | ||
INSTALL | ||
Makefile | ||
MESSAGE | ||
PLIST |