Tomcat 6.0.41
=============
Jasper
------
fix 56529: Avoid NoSuchElementException while handling attributes
with empty string value in custom tags. Based on a patch
provided by Hariprasad Manchi. (violetagg/kkolinko)
Tomcat 6.0.40 not released
============================
Catalina
--------
fix 56027: Add more options for managing FIPS mode in the
AprLifecycleListener. (schultz/kkolinko)
fix 56082: Fix a concurrency bug in JULI's LogManager
implementation. (markt)
fix 56236: Enable Tomcat to work with alternative Servlet and
JSP API JARs that package the XML schemas in such as way as
to require a dependency on the JSP API before enabling
validation for web.xml. Tomcat has no such dependency. (markt)
fix Change the default value of the xmlBlockExternal attribute
of Context elements. It is now true. (kkolinko)
fix Don't log to standard out in SSLValve. (kkolinko/markt)
code Use StringBuilder in DefaultServlet. (kkolinko)
fix 56275: Allow web applications to be stopped cleanly even
if filters throw exceptions when their destroy() method is
called. (markt/kkolinko)
fix Redefine the globalXsltFile initialisation parameter of the
DefaultServlet as relative to CATALINA_BASE/conf or
CATALINA_HOME/conf. Prevent user supplied XSLTs used by the
DefaultServlet from defining external entities. (markt)
fix Add a work around for validating XML documents (often TLDs)
that use just the file name to refer to refer to the JavaEE
schema on which they are based. (kkolinko)
fix 56369: Ensure that removing an MBean notification listener
reverts all the operations performed when adding an MBean
notification listener. (markt)
fix Only create XML parsing objects if required and fix associated
potential memory leak in the default Servlet. (markt)
fix Ensure that a TLD parser obtained from the cache has the
correct value of blockExternal. (markt/kkolinko)
add Extend XML factory, parser etc. memory leak protection to
cover some additional locations where, theoretically, a
memory leak could occur. (markt)
add Add the org.apache.naming package to the packages requiring
code to have the defineClassInPackage permission when running
under a security manager. (markt)
add Add the org.apache.naming.resources package to the packages
requiring code to have the accessClassInPackage permission
when running under a security manager. (markt)
fix Make the naming context tokens for containers more robust.
Require RuntimePermission when introducing a new token.
(markt/kkolinko)
Coyote
------
fix Improve processing of chuck size from chunked headers.
Avoid overflow and use a bit shift instead of a multiplication
as it is marginally faster. (markt/kkolinko)
fix Fix possible overflow when parsing long values from a byte
array. (markt)
update 56363: Update to version 1.1.30 of Tomcat Native library.
The minimum required version of this library for APR connector
is now 1.1.30. (kkolinko)
Jasper
------
fix Change the default behaviour of JspC to block XML external
entities by default. (kkolinko)
fix Restore the validateXml option to Jasper that was previously
renamed validateTld. Both options are now supported.
validateXml controls the validation of web.xml files when
Jasper parses them and validateTld controls the validation
of *.tld files when Jasper parses them. (markt)
fix 54475: Add Java 8 support to SMAP generation for JSPs.
Patch by Robbie Gibson. (markt)
fix 56010: Don't throw an IllegalArgumentException when
JspFactory.getPageContext is used with JspWriter.DEFAULT_BUFFER.
Based on a patch by Eugene Chung. (markt)
fix 56265: Do not escape values of dynamic tag attributes
ontaining EL expressions. (kkolinko)
fix 56283: Add support for running Tomcat 6 with ecj-P20140317-1600.jar
(as drop-in replacement for ecj-4.3.1.jar). Add support for
value "1.8" for the compilerSourceVM and compilerTargetVM
options. Note that ecj-P20140317-1600.jar can only be used
when running with Java 6 or later. The "1.8" options make
sense only when running with Java 8 (or later). (kkolinko)
fix 56334: Fix a regression in the handling of back-slash escaping
introduced by the fix for 55735. (markt/kkolinko)
fix Correct the handling of back-slash escaping in the EL parser
and no longer require that \$ or \# must be followed by { in
order for the back-slash escaping to take effect. (markt)
Cluster
-------
code Refactor AbstractReplicatedMap and related classes to enable
Tomcat 6 to be compiled using Java 8. (markt)
Web applications
----------------
add 56093: Documentation for SSLValve. (markt/kkolinko)
fix Correct documentation on Windows service options, aligning
it with Apache Commons Daemon documentation. (kkolinko)
add Add support for version-major, version-major-minor tags in
documentation XSLT, to simplify documentation backports. (kkolinko)
fix Fix target and rel attributes on links in documentation.
They were lost during XSLT transformation. (kkolinko)
Other
-----
code Remove svn keywords (such as $Id) from source files and
documentation. (kkolinko)
update Improvements to the Windows installer, to align it with
installing the sevice with service.bat. Use explicit memory
sizes (--JvmMs 128 Mb and --JvmMx 256 Mb). Specify log
directory path when ininstalling, so that the log file is
written to the Tomcat logs directory, instead of
"%SystemRoot%\System32\LogFiles\Apache". (kkolinko)
update 49993, 56143: Improve service.bat script. Allow it to be
launched from non-UAC console. The UAC prompt will be shown
only once. Now there is no need to run the command shell
with elevated privileges. Improve check for JAVA_HOME and
add support for JRE_HOME. Warn if neither "client" nor
"server" JVM is found. Align classpath, display name and
other options with the exe installer. Make command names
case-insensitive. Update documentation. (kkolinko)
3e7585f7ce