Links User Guide Reference Apache Tomcat Development | Apache Tomcat 6.0ChangelogTomcat 6.0.20 (remm) |
Catalina |
|
42579: Handle both relative and absolute search results in
the JNDIRealm. Patch provided by Brandon DuRette. (markt)
|
|
46562: Close shtml files after processing to allow other
processes to modify the files. (markt)
|
|
46815: Make the MemoryUserDatabase read-only by default.
(markt)
|
|
46816: Align session manager mbean descriptor with
implementation. (markt)
|
|
Fix a typo in the OPTIONS response from the default servlet. (markt)
|
|
46822: Remove unnecessary object creation from
StandardContext. Patch provided by Anthony Whitford. (markt)
|
|
46866: Better initialisation of Random objects. (markt)
|
|
46875: Catch and handle possible IllegalStateExceptions
in CometConnectionManagerValve related to session expiration. (markt)
|
|
Correct some errors reported when testing the WebDAV servlet with the
Litmus test suite. (markt)
|
|
46933: Update StringManager to use Java 5 features. Patch
provided by Jens Kapitza. (markt)
|
|
46990: Fix synchronization issues reported by FindBugs. Patch
provided by Sebb. (markt)
|
|
Coyote |
|
Allow huge request body packets for AJP13. (rjung)
|
|
45026: Never return an empty HTTP status reason phrase.
mod_jk and httpd 2.x do not like that. (rjung)
|
|
Set remote port for AJP connectors from the optional request
attribute AJP_REMOTE_PORT. (rjung)
|
|
Update tc-native to 1.1.16 (markt)
|
|
46982: Correct reporting of DST offset in access logs.
(markt)
|
|
46984: Invalid characters in HTTP request method now result
in a 400 response. (markt)
|
|
46991: Fix AJP connector always reporting bytes received as
zero. (markt)
|
|
Jasper |
|
37929: Fix invalidated session causing pageContext methods to
fail. (markt)
|
|
41606: Prevent double initialisation of JSPs. Patch provided
by Chris Halstead. (markt)
|
|
46354: ArrayIndexOutOfBoundsException when using
org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true
Patch provided by Konstantin Kolinko. (markt)
|
|
46909: Only include semi-colon in type attribute for
<jsp:plugin> when it is required. (markt)
|
|
47013: Use system property rather than hard-coded string for
pre-compilation flag. (markt)
|
|
Cluster |
|
A node should ignore its own heartbeat messages. (rjung)
|
|
Webapps |
|
46509: Use correct link on error page in JSP security
example. Patch provided by Michael Moody. (markt)
|
|
46599: Document known DAEMON issue. (markt)
|
|
46807: Correct docs for configuration of tag pooling. (markt)
|
|
46924: Clarify behaviour when auto deployment is enabled and
a WAR, directory or context file is deleted or updated. (markt)
|
|
46958: All xml manager status output to work regardless of
context path. (markt)
|
|
Other |
|
46351: Refactor the build script. Patch provided by Marc
Guillemot. (markt)
|
|
46910: Properties files corrupted by build process. (remm)
|
|
46915: When resolving ResourceBundle properties, don't claim
to have resolved the property unless we really have resolved it. (markt)
|
|
Fix .pdf and .exe corruption in -src.tar.gz distribution. (markt)
|
|
Enable running Tomcat directly from the build directory on linux
systems. (markt)
|
|
|
Tomcat 6.0.19 (remm) |
Catalina |
|
Manager application prints FAIL if application was deployed but failed to start (fhanik)
|
|
When shutdown port is disabled, print user friendly message and not a stack trace. (fhanik)
|
|
37458: Correct sync issue that leads to NPE in rare
circumstances. Patch provided by Konstantin Kolinko. (markt)
|
|
38553: Return 401 rather than 400 if client does not present
a certificate CLIENT-CERT authentication. (markt)
|
|
38570: When checking docBase against appBase, make sure we
check for an exact match against the appBase. (markt)
|
|
39013: When testing for invalid docBase, test for an exact
match with the appBase dir. (markt)
|
|
39396: Don't include TRACEE in OPTIONS response unless we
know it hasn't been disabled in the connector. (markt)
|
|
42747: Ensure context.xml takes effect on first deployment
for WAR and DIR deployments. context.xml is now copied to
CATALINA_BASE/<engine name>/<host name> for DIR as well as
WAR deployments. (markt)
|
| 43071Start poller before acceptor (r719267) |
|
Fix read/write timeout of async comet operations
(r719264)
|
|
Implement async close behaviour for Comet/NIO.
No-op for APR (same behavior as before)
(r719262)
|
|
Default thread count for HTTP connectors is 200. (r713186)
|
|
Comet should always invoke END and properly invoke READ (r713174)
|
|
Fix class cast exception when shutting down a replicated context but no cluster has been configured in server.xml (r713177)
|
|
Dererence socket when its no longer used. Frees up socket buffers and memory. No functional change. (r713175)
|
|
Correct wrong "No role found" debug message,
logged in RealmBase even if a role was found. (rjung)
|
| 44809Improve AprLifecycleListener Error Messages. (jfclere) |
|
Log AccessControlException for context specific logging.properties
during startup with security manager. (rjung)
|
|
41407: Add CLIENT-CERT support to the JAAS Realm. (markt)
|
|
42409: Make custom and standard error page handling
consistent by using resetBuffer() which will not alter previously set
headers. (markt)
|
|
42673: Fix SSI virtual includes for multi-level contexts.
Patch provided by Peter Jodeleit. (markt)
|
|
42707: Make adding a host alias via JMX take effect
immediately. (markt)
|
|
43656: Correct regression in previous fix for this bug. Patch
provided by Nils Eckert. (markt)
|
|
45419: Set Accept-Ranges for static resources served by
DefaultServlet. (markt)
|
|
45441: Correctly map filters for FORWARD and INCLUDE. (markt)
|
|
45447: Convert Spanish resource files to use UTF-8 and provide
translations where previously missing. Patch provided by Jesus Marin.
(markt)
|
|
45453: Remove potential race condition in JDBC Realm.
Based on a patch by Santtu Hyrkk. (markt)
|
|
45576: Add DIGEST support to the JAAS Realm. (markt)
|
|
45585: Allow Tomcat to start if using
$CATALINA_BASE but not JULI. Patch based on a suggestion by
Ian Ward Comfort. (markt)
|
|
The JAAS Realm did not assign roles to authenticated users. (markt)
|
|
Provide full stacktrace and message when the ErrorReportValveClass can't
be instantiated. (funkman)
|
|
45608: Make allocated servlet count synchronized to ensure
the correct allocated servlet count is available during shutdown.
(markt)
|
|
45628: When checking MANIFEST dependancies, JARs without
dependencies should allows be considered to be full-filled. (markt)
|
|
45735: Improve ETag handling. (remm)
|
|
45785: Ignore directories named xxx.jar in WEB-INF/lib.
(markt)
|
|
45823: Log missing request headers as '-' not 'null'. Based
on a patch by Per Landberg. (markt)
|
|
45825: Correctly handle annotations in parent classes. Based
on a patch by Florent Benoit. (markt)
|
|
45906: Further ETag handling improvements. Patch provided by
Chris Hubick. (markt)
|
|
Add the CombinedRealm that enables authentication to be attempted
against multiple realms. (markt)
|
|
Add the LockOutRealm that enables a standard Realm to be wrapped with
the functionality to lock out a user after too many failed logins.
(markt)
|
|
Make the upper size limit of the static resource cache configurable
since the default of cacheMaxSize/20 gave too high a value
for large caches. (markt)
|
|
Fix HTML decoding error in SSI processing. (markt)
|
|
Fix cast error in JULI log factory. (markt)
|
|
Fix some thread safety issues in date formatting. (markt)
|
|
Fix a String comparison bug in the digester property replacement that
resulted in non-optimal operation. (markt)
|
|
Correct handle multi-level contexts defined using context.xml files.
(markt)
|
|
45933: Don't use xml parser from web-app to process tld
files. (markt)
|
|
45951: Support changing of JSESSIONID cookie name and
jsessionid path parameter name. Based on a patch by Jean-frederic Clere.
(markt)
|
|
46011: Make Principal accessible (if set) via
Subject.getSubject(AccessController.getContext()) when
processing filters. Based on a patch by tsveg1. (markt)
|
|
46075: When uploading files, don't create buffers at the
maximum configured size. Use the default size and let the buffers grow
to the maximum size if necessary. (markt)
|
|
46085: Fix a rare thread safety issue with session
expiration. (markt)
|
|
46096: Support annotation processing whilst running under a
security manager. (markt)
|
|
The invoker servlet has been deprecated and will be removed in Tomcat 7
onwards. (markt)
|
|
46105: Correctly set URI encoding when replaying a request
after FORM authentication. (markt)
|
|
Remove unnecessary reference to commons-logging from the bootstrap JAR
manifest. (markt)
|
|
46232: Enabled the XMl parser to be over-ridden using the
standard endorsed mechanism. (markt)
|
|
46261: Treat %2F in a context name literally rather than
converting it (inconsistently) to '/' - that is what '#' is for. (markt)
|
|
46298: Throw an SQLException with a useful message rather
than a NPE if the URL for the JDBCRealm is invalid. Based on a patch by
Owen Jacobson. (markt)
|
|
46304: Further fixes to make Principal accessible (if set)
via Subject.getSubject(AccessController.getContext()) when
processing filters. (markt)
|
|
46403: Provide a workaround for an IE and Safari bug that
means the Max-Age attribute of a cookie is ignored. (markt)
|
|
46408: Fix invalid cast in security utility package. (markt)
|
|
Remove duplicate normalisation implementations and make normalise
behaviour consistent throughout code base. (markt)
|
|
46683: Fix typo in French localisation file name for the
org.apache.catalina.loader package. (markt)
|
|
46606: Make the max DEPTH for a WebDAV request configurable.
The default is still 3. (markt)
|
|
44382: Add support for using httpOnly for session cookies.
This is disabled by default. (markt/fhanik)
|
|
Fix possible NCDFE when using FORM authentication. (jfclere)
|
|
Fix possible synchronisation bottleneck in cookie creation. (markt)
|
|
Fix various spelling errors reported on the mailing lists. (markt)
|
|
Make the logging manager and properties file configurable via
environment variables. (fhanik)
|
|
Coyote |
| 45154
Implement SEND_FILE behavior for SSL connections using NIO (fhanik)
|
|
Fix file descriptor leak during NIO send file behavior. (fhanik)
|
|
Implement usage of keyAlias attribute for NIO, previously attribute was ignored. (fhanik)
|
|
Prevent server from calling close on an already closed NIO socket. One that had timed out. (fhanik)
|
|
Fix bug with SEND_FILE behavior in NIO. Send file would delay until selector timed out, even though socket was ready to be written. (fhanik)
|
|
Fix possible NPE in NioEndpoint.java (fhanik)
|
|
Update tc-native to 1.1.15 in build.properties.default (jfclere)
|
|
43327: Socket bind fails when using APR on a system with IPv6
enabled but no explicit IPv6 address configured. (markt/jfclere)
|
|
44285: Make the SSL session cache size and timeout
configurable. (markt)
|
|
45074: Add configuration parameters to enable the tuning
of sendfile and poller thread count in the APR HTTP connector. Patch
provided by Alex Barclay. (jfclere/markt)
|
|
45528: Add detection for invalid SSL configuration to prevent
infinite logging loop on start-up. (markt)
|
|
45591: NPE on start-up failure in some cases. Based on a
patch by Matt Passell. (markt)
|
|
46077: Expose deferAccept for configuration. Patch provided
by Michael Leinartas. (markt)
|
|
Don't swallow input if we know the connection is going to be closed. (billbarker)
|
|
46125: Return a status code of 400 if the request headers are
too large. (markt)
|
|
Make certain that classes are first loaded by trusted code when working in a sandbox. (billbarker)
|
|
Log a message if we reach maxThreads in a connector thread pool. (markt)
|
|
Enable the thread pool limits to be modified via JMX. (markt)
|
|
Fix HTTP/1.0 redirects handling with APR AJP connector. (remm)
|
|
46666: keepAliveTimeout should be used regardless of setting
of disableUploadTimeout. (markt)
|
|
Jasper |
|
36923: Treat EL expressions as template text is EL
expressions are disabled. (markt)
|
|
37515: Support 1.6 and 1.7 as source and target for
compilation. (markt)
|
|
ClassCastException in EL ExpressionBuilder. (rjung)
|
|
Use more generics in EL to improve type safety. (rjung)
|
|
Use a lookahead to remove potential ambiguity in EL parsing. (markt)
|
|
Correct typo in JSP EL examples. (markt)
|
|
38197: Take account of jsp:attribute elements when pooling
tags. (markt)
|
|
42077: Ensure the iterator returned by
javax.el.CompositeELResolver#getFeatureDescriptor() skips any null
FeatureDescriptors. Patch provided by Mathias Broekelmann. (markt)
|
|
42693: Fix JSP generation error with recursive tag file
structure. (markt)
|
|
45427: Correctly handle unmatched quotes in EL expressions.
(markt)
|
|
45511: The failure of the empty keyword was a
regression caused by the previous fix for 42565. The original
fix for 42565 has been reverted and a new fix applied.
(markt)
|
|
45648: Don't trim the last character when parsing the EL
namespace. (markt)
|
|
45666: Prevent infinite loop on include. (markt)
|
|
45691: Prevent generation of duplicate variable names when
generating code for JSPs. (markt)
|
|
Correct signed/unsigned conversion error in ASCII parsing. (markt)
|
|
Fix various edge-cases when parsing EL, particularly inside attribute
values. Note the the Expert Group has confirmed that JSP.1.6 takes
precedence over JSP.1.3.10. Therefore EL in attributes must be escaped
twice. (markt)
|
|
46047: Include the path to the JAR when recording
dependencies that are located inside a JAR file. Patch provided by
Cédric Mailleux. (markt)
|
|
46381: Composite expressions used for attribute values must
be coerced to Strings. (markt)
|
|
46397: Don't pool tag instances that implement JspIdConsumer.
(markt)
|
|
46462: Limit package test to just the o.a.jsp package to
allow use of packages such as o.a.jspwiki. (markt)
|
|
46471: Fix naming clash when tags in different libraries have
the same name. (markt)
|
|
46564: Make page encoding check for tagx compilation
case-insensitive. (markt)
|
|
Cluster |
|
Prevent NPE for ReplicationValve (pero)
|
|
Provide TCP only start-up option when using static membership. (fhanik)
|
|
Document the multicast recovery options. (fhanik)
|
|
45261: Add a new SimpleCoordinator for tribes provided by
Robert Newson. (markt)
|
|
45618: Make sure NIO selector is closed when no longer used.
Unlikely to be an issue in normal usage. (markt)
|
|
45851: Fix out of order message processing issues with the
FarmWarDeployer. (markt)
|
|
Fix small memory leak in FarmWarDeployer. (markt)
|
|
46357: Corrected test for host's parent must be an engine.
(markt)
|
|
Fix so that JvmrouteBinderValve can rewrite session suffix with parallel
requests from same client. (pero)
|
|
Webapps |
|
45940: Correct name of username attribute for JDBC resources
in JNDI how to. (markt)
|
|
46035: Fix multiple typos in monitoring how to. (markt)
|
|
46067: Fix typos in Advanced IO how to. (markt)
|
|
46115: Correct Manager UI to show that path is required when
using the deploy command. (markt)
|
|
46121: Add note to manager documentation regarding possible
naming clash with new Ant 1.7 resources datatype and how to avoid it.
(markt)
|
|
Remove unsed parameters from Native/APR example connector configuration
in docs. (markt)
|
|
Use CSS based solution for printer-friendly docs. Patch provided by
vitezslav.smid as part of GSoc with additional work by Tim Funk. (markt)
|
|
Update the FAQ linsk in the docs to refer to the wiki. Use xlst task
rather than style task to generate docs. (funkman/markt)
|
|
Document the LifecycleListeners. (markt)
|
|
Fix broken URL mapping in the examples. (markt)
|
|
46563: Update doc for correct default for pollerThreadCount.
(markt)
|
|
46600: Document maxKeepAliveRequests for the NIO connector.
(markt)
|
|
Fix CVE-2009-0781. XSS in calendar example. (markt)
|
|
Other |
|
41861: Update service name to Apache Tomcat 6 to prevent
conflicts with previous major Tomcat versions. (markt/rjung)
|
|
45852: Add special handling for cp932 (aka ms932) when
creating tomcat-users.xml with Windows installer. (markt)
|
|
45878: Restore manifest, licence and notice files to the jsp
and servlet jars. (markt)
|
|
45879: Move NOTICE file from documentation webapp to the
installation directory. (markt)
|
|
Add a workaround for DBCP-191. Tomcat will now build without error on a
1.6 JDK but because it does this by skipping DBCP, release builds must
be generated with a 1.5 JDK. (costin/markt)
|
|
46366: Correct information in RUNNING.txt regarding use of
CATALINA_HOME and CATALINA_BASE. (markt)
|
|
Use more useful JPDA defaults in catalina.bat. (markt)
|
|
Correct error in 2.5 web-app XSD.
|
|
|
Tomcat 6.0.18 (remm) |
Catalina |
|
42727: Correctly handle request lines that are exact
multiples of 4096 in length. Patch provided by Will Pugh. (markt)
|
|
42678: Only ignore docBase if it really is a subdir of
appBase. Patch provided by juergen. (markt)
|
|
42722: Possible NPE in CGI Servlet. (markt)
|
|
45285: Look for annotations in class hierarchy. (markt)
|
|
Add additional checks for URI normalization. (remm)
|
|
Jasper |
|
42565: Make EL ternary expression without space before colon
work. Patch provided by Lucas Galfaso. (markt)
|
|
Webapps |
|
45323: Add note that context.xml files can only contain a
single Context element. (markt)
|
|
Cluster |
|
45317: Properly document and log the value of the state transfer timeout flag (fhanik)
|
|
Other |
|
45332: Specify the correct encoding (the current Windows code
page) rather than assuming UTF-8 when creating tomcat-users.xml with the
Windows installer. (markt)
|
|
|
Tomcat 6.0.17 (remm) |
Catalina |
| 45272: Put in work around for Internet Explorer not accepting a quoted Path: value using the Set-Cookie header (fhanik) |
|
APR connector now adds connection to poller after using send file.
(remm)
|
|
Add ManagerBase session getLastAccessedTimestamp and
getCreationTimestamp for better remote JMX access. (pero)
|
|
Expose alwaysSend flag for message dispatch interceptor. (fhanik)
|
|
29936: Create digesters and parsers earlier so we aren't
using the webapp class loader when we create them. (markt)
|
|
42662: Properly resolve reflection proxies during session
replication. (fhanik)
|
|
42750: Request line should be tolerant of multiple
whitespaces. (markt/fhanik)
|
|
42934: Change the order of events on context start so
contextInitialized() event is fired before
sessionDidActivate() . The spec isn't 100% clear on the
required order but this seems more logical than the current behaviour.
(markt)
|
|
43079: Fix identification of suspicious URL patterns. Patch
provided by John Kew. (markt)
|
|
43080: Log suspicious URL patterns to the correct web app.
(markt)
|
|
43117: Setting an empty workDir could result in all of
CATALINA_HOME being deleted. Patch provided by Takayuki Kaneko. (markt)
|
|
43142: Don't assume a directory named xxx.war is a war file.
(markt)
|
|
43150: Allow Tomcat to start correctly when installed on a
path that contains a # character. (markt)
|
|
The fix for 43285 had the side-effct of coercing
null values to zero. This side-effect has been made
configurable with a system property,
org.apache.el.parser.COERCE_TO_ZERO which defaults to
true . Patch provided by Nils Eckert. (markt)
|
|
43343: Correctly handle requesting a session we are in the
middle of persisting. Based on a suggestion by Wade Chandler. (markt)
|
|
43425: Make annotations spec compliant. Patch provided by
Dain Sundstrom. (markt)
|
|
43470: Fix various class cast exceptions. Based on a patch
by Lucas Galfaso. (markt)
|
|
43578: Fix startup when installation path contains a space.
Patch provided by Ray Sauers. (markt)
|
|
43683: Fix 404 that could occur if a Servlet is accessed
while the context is reloading. (markt)
|
| ExtendedAccessLogValve cs-uri not print empty querystring. (pero)
|
|
ServletContext.getResource("noslash/resource") only requires forward
slash if STRICT_SERVLET_COMPLIANCE flag is set to true. This mimics the
behavior of 6.0.15 and earlier. (fhanik)
|
|
44021: Add support for using the # character to define
multi-level contexts in WARs and directories in the appBase. (markt)
|
|
44282: Fix TRACE level class loader logging message when a
security manager is used. (markt)
|
|
44337: Dir listing crashes if no readme-file present.
(funkman)
|
|
If listener declared in web.xml, only add it once. (funkman)
|
|
Fix NPE when iterating through sessions for expiration. (fhanik/jim)
|
|
44380: Don't scan non-file URLs for TLDs. Patch provided by
Florent Benoit. (markt)
|
|
44389: Fix memory leak that occurred if using a
RequestDispatcher. Patch provided by Arto Huusko. (markt)
|
|
44529: Correct handling of resource constraints so no roles
(deny all) overrides no aoth-constraint (allow all). (markt)
|
|
44562: HEAD requests cannot use includes. Patch provided by
David Jencks. (markt)
|
|
44595: Add possibility to request the QueueSize of an
executor via JMX. (jfclere)
|
|
Fix CGI Servlet so it correctly reads the environment variables on
Vista. (markt)
|
|
44611: DirContextURLConnection didn't implement
getHeaderFields(), getHeaderField(String name) was case sensitive and
returned "" rather than null for header values that did not exist. Patch
provided by Chris Hubick. (markt)
|
|
44633: Provide a more helpful error message if a class can't
be loaded due to a version error. (rjung/markt)
|
|
44646: Correct various issues, including an ISE, in
CometConnectionManagerValve. (markt)
|
|
44673: ServletInputStream is no longer readable once closed.
(markt)
|
|
Better handling of lack of permission for context specific logging.
(markt)
|
|
Add permission required to read JDK logging config. (markt)
|
|
Update web.xml to reflect packaging of SSI and CGI. (markt)
|
|
Add missing access check for ThreadWithAttributes. (markt)
|
|
44833: Correctly override StandardSession methods from
DeltaSession. (fhanik)
|
|
44943: Use the same engine name in server.xml comments to
reduce copy and pastes issues. (markt)
|
|
44988: Use Java5 syntax for debug options. Patch provided
by Cedrik Lime. (markt)
|
|
45101: Format header dates obtained from
DirContextURLConnection as per the HTTP spec. Patch
provided by Chris Hubick. (markt)
|
|
A new valve, org.apache.catalina.valves.WebdavFixValve ,
that forces MS clients connecting to the WebDAV Servlet on port 80 to
use a client that works rather than the default broken one. (markt)
|
|
45195: Passing in null into setAttribute or removeAttribute
cause NPE. (markt)
|
|
Coyote |
|
NIO: Fix bug in NIO sendfile, symptoms during heavy traffic is that
connection don't get closed. For previous versions, one can disable
sendfile to work around the problem. (fhanik)
|
|
APR: Allow to specify the "random device" to use to collect the entropy.
(jfclere)
|
|
Fix NIO/SSL live lock during client disconnect. (fhanik)
|
|
Fix possible ArrayIndexOutOfBoundsException. Patch provided by Charles R
Caldarale. (markt/jim)
|
|
Add support for keystore types that do not need a file. Based on a patch
by Bruno Harbulot. (markt)
|
|
43094: Allow specification of keystore providers. Based on a
patch by Bruno Harbulot. (markt)
|
|
43191: Make it possible to override the defaults with the
compressableMimeType attribute. Based on a patch by Len Popp. (markt)
|
|
44391: Correct handling of escaped values in SSI processing.
(markt)
|
|
44392: HTML entities now handled correctly in SSI processing.
(markt)
|
|
44558: Improve error message so address is included if
binding fails. (markt)
|
|
44494: Character input limited to 8KB. (remm)
|
|
44620: Infinite loop in NIO connector. (markt)
|
|
44785: Correctly document default maxThreads for AJP
connector. (markt)
|
|
Log errors for AJP signoffs at DEBUG level,
since it is harmless if mod_jk has hung up the phone. (billbarker)
|
|
44968: Provide more information when the load of a keystore
fails. (markt)
|
|
Jasper |
|
31257: Quote endorsed dirs if they contain a space. (markt)
|
|
42943: Make sure nested element is inside <jsp:text>
element before throwing exception. (markt)
|
|
43617: Correctly escape attribute values in tag files.
Based on a patch by Lucas Galfaso. (markt)
|
|
43656: Fix various numeric coercion bugs. Includes a patch by
Nils Eckert and fixes related issues identified in a test case provided
by Konstantin Kolinko. (markt)
|
|
43741: Correctly handle dependencies for tag files in JARs.
(markt)
|
|
44408: Reduce synchronisation when evaluating EL expressions.
Patch provided by Robert Andersson. (markt)
|
|
44428: Fix possible NPE during serialization. (markt)
|
|
44766: EL doesn't coerce custom Number subclasses. (markt)
|
|
44877: Prevent collisions on tag pool names. (markt)
|
|
44986: Make page encoding consistency checks
case-insensitive. (markt)
|
|
44994: Enable nested conditional expressions in JSP EL. Patch
provided by James Manger. (markt)
|
|
45015: You can't use an unescaped quote if you quote the
value with that character. (markt/fhanik)
|
|
Add HTML filtering of error messages for included resources in case the
app has tried to include an unsafe URL that does not exist. This is
really an app responsibility but the filtering has been added for XSS
safety. (markt)
|
|
Webapps |
|
Update documentation to use correct version number, correct file paths
and to use $CATALINA_BASE rather than $CATALINA_HOME where applicable.
(markt/jim)
|
|
Add a section on available system property configuration options.
(markt)
|
|
Amend the JNDI datasource doc to reflect new value for no limit used by
updated commons-pool and commons-DBCP. (markt)
|
|
43333: Fix errors in sendfile documentation. (markt)
|
|
43366: Provide backwards compatibility for manager sessions
command. (markt)
|
|
44541: Document packetSize attribute for AJP connector.
(markt)
|
|
44715: Document secret attribute for AJP connector. (markt)
|
|
Fix some links in the ROOT application that are broken if ROOT is
renamed. (markt)
|
|
Align the Realm documentation so that both the configuration and the
how-to are consistent. (markt)
|
|
45277: Fix typo in logging docs. (markt)
|
|
Cluster |
|
45212: AbstractReplicatedMap.entrySet() now returns entries
rather than vaules. (markt)
|
| 45279Properly close multicast socket. |
|
Fix session replication dead lock during non sticky load balancing.
(fhanik)
|
|
Other |
|
Improve the Tests for unit tests for the cookie issues. (jfclere)
|
|
Fix build for JavaDoc. Patch provided by Stephen Bannasch. (markt)
|
|
44955: Use correct location for endorsed directory in Windows
installer. (markt)
|
|
|
Tomcat 6.0.16 (remm) |
General |
|
Update commons-logging to version 1.1.1 and the NSIS installer to 2.34.
(markt)
|
|
Update to commons-pool version 1.4, native version 1.1.12 and update
the download location for the commons libraries. (markt)
|
|
Change chunked input parsing, always parse CRLF directly after a chunk has been
received, except if data is not available. If data is not available for CRLF
parsing, we run into BZ 11117, and must defer the parsing of CRLF to the next read event.
This fixes the incorrect blocking when using CometProcessor and the draining data during the READ event
where it before would block incorrectly waiting for the next chunk (fhanik)
|
|
The CometProcessor interface now extends the javax.servlet.Servlet interface(fhanik)
|
|
Fix CVE-2007-5342 by limiting permissions granted to JULI. (markt)
|
|
Fix handling of CometEvent.close when called during BEGIN event (fhanik)
|
|
43594: Use setenv from CATALINA_BASE (if set) in preference
to the one in CATALINA_HOME. Patch provided by Shaddy Baddah.
(markt/jim)
|
|
43692: Clean up unused entires from build scripts. Patch
provided by Paul Shemansky. (markt)
|
|
43775: Don't try to change line endings of binary files in
the source distribution. (markt)
|
| 43846:
Fix block simulated read and writes causing timeouts.
Add non blocking parsing of HTTP request headers.
Perf improvements(fhanik)
|
|
43957: Service.bat doesn't configure logging correctly. Patch
provided by Richard Fearn. (markt/jim)
|
|
Cookie handling/parsing changes!
The following behavior has been changed with regards to Tomcat's cookie handling
a) Cookies containing control characters, except 0x09(HT), are rejected using an InvalidArgumentException
b) If cookies are not quoted, they will be quoted if they contain tspecials(ver0), tspecials2(ver1) characters
c) Escape character '\\' is allowed and respected as a escape character, will be unescaped during parsing
|
|
Cookie parsing of $Version regression from 6.0.15 has been fixed
|
|
The script that builds the windows installer was including additional
files due to the way it processes recurrsive file selectors. The
selectors have been modified to only include the intended files. (markt)
|
|
Catalina |
|
Fix ManagerServlet.expireSessions throws Exceptions as iterate longer
session lists at production servers. (pero)
|
| 38131: WatchedResource doesn't work if app is outside host appbase webapps.
Patch provided by Peter Lynch (pero)
|
| Add -Dorg.apache.catalina.tribes.dns_lookups=false as default. The ability to turn off reverse DNS lookups for membership.(fhanik) |
|
Set correct StandardManager.sessionCounter after reload/restart. (pero)
|
|
42503: ServletContext.getResourceAsStream() could return
stale data. Patch provided by Arvind Srinivasan. (funkman/jim)
|
|
43236: When resetting the response, also reset the flags
associated with using a writer or an output stream to allow the user to
change character set after the reset. (markt)
|
|
43241: Make ServletContext.getResourceAsStream() conform to
the specification. Patch provided by John Kew. (markt)
|
|
43530 : doc link fixes provided by Paul Shemansky (funkman)
|
|
43675: Fix a possible logging related classloader leak.
(markt)
|
| 43687 Remove conditional headers on Form Auth replay,
since the UA (esp. FireFox) isn't expecting it.
|
|
43706: WebDAV copy/move now returns 201 on success. Based on
a patch by Panagiotis Astithas. (markt)
|
|
43840: Include user principal if possible when serializing /
de-serializing sessions. (markt)
|
|
43868: MBean methods getInvoke and getSetter were broken.
(markt)
|
|
43887: Make error messages much more helpful when illegal
Servlet names are used. Based on a patch provided by Mike Baranczak.
(markt)
|
|
Fix a bug that causes CGI Servlet to fail when it is included. (markt)
|
|
Improve the webDAV Servlet Javadocs to make clear that the WebDAV
Servlet can not be used as the default servlet. (markt)
|
|
43993: mime mapping for WS-Policy. Patch by Fabian Ritzmann (funkman)
|
|
44041: Fix duplicate class definition under load. (markt)
|
|
44084: JASSRealm was broken for application provided
Principals. Patch provided by Noah Levitt. (markt)
|
|
44223: Use the javax.net.ssl.trustStoreType setting if no
explicit connector configuration is provided and the property is set.
(markt/jim)
|
|
44268: Log a warning if a duplicate listener configuration is
ignored. (markt/jim)
|
|
Coyote |
|
43622: Don't overwrite the min compression size set by the
compression attribute with the default. (markt/jim)
|
|
43839: URL based session tracking failed when a session
cookie from a parent context was present. Based on a patch by Yuan
Qingyun. (markt)
|
|
43914: URLs in location headers should be encoded. Patch
provided by Ivan Todoroski. (markt)
|
|
Jasper |
|
43285: Missing EL Coercion causes argument type mismatch.
Patch provided by Bernhard Huemer. (funkman/jim)
|
|
43675: Fix a possible logging related classloader leak.
(markt)
|
|
43702: Inner class files have unnecessarily long names.
(markt)
|
|
43743: Fix NPE when compiling nest tag files packaged in a
JAR. (markt)
|
|
43757: Rather than use string matching to work out the line
in the JSP with the error, use the SMAP info and the knowledge that for
a scriptlet there is a one to one line mapping. (markt/jim)
|
|
43758: Fix NPE when scripting elements are empty. (markt)
|
|
43909: Make sure locale maps to wrapped ELContext. Patch
provided by Tuomas Kiviaho. (markt)
|
|
43944: Fix a missing resource exception. (markt)
|
|
Improve docs for Jasper configuration. Put options in alphabetcial
order, add some missing options, deprecate an unused one and address
feedback about the page provided on the users list.
|
|
Webapps |
|
43173: Fix typo in logging documentation regarding location
of logging.properties. (markt)
|
|
43344: Fix typo in if.jsp example. Patch provided by Tim
Nowaczyk. (markt)
|
|
43468: Fix possible NPE when listing contexts in the Manager
application. (markt)
|
|
43515: Fix bug in Manager application that may have caused
problems when listing contexts. Patch provided by Lucas Galfaso. (markt)
|
|
43611: Provide an error message if user tries to upload a war
for a context defined in server.xml rather than failing silently.
(markt/jim)
|
|
43800: Make relationship between APR and the native connector
clearer. (markt)
|
|
44088: Fix expire session button in manager. (markt)
|
|
44094: Add a note about the side effects of configuring a
context as privileged. (markt)
|
|
Update JNDI documentation to refer to configuring contexts via
context.xml rather than server.xml. (markt/jim)
|
|
Cluster |
|
Fix FarmWarDeployer can be only configured as host subelement (pero)
|
|
Fix wrong && at ReplicationValve (pero)
|
|
Add get/set methods for properties in the Tcp Failure detector.
(fhanik/jim)
|
|
|
Tomcat 6.0.15 (remm) |
General |
| Fix the MD5 file contents in distribution |
|
Add ANT script to be able to publish signed Tomcat JAR's to ASF Maven repo (fhanik)
|
|
Use Eclipse JDT 3.3.1. (pero)
|
|
Catalina |
| Guess java location from the PATH environment and improve fix for 37284 |
| Add NIO connector to server.xml parsing warning, remove Connector as exception case |
| 43653: Fix SSL buffer mixup when response is unable to write more than socket buffer can handle |
| 43643: If connector doesn't support external executor, display warning |
| 43641: Property bind multicast address for cluster membership |
| 42693: Fix JSP compiler bug |
| Add mbean descriptor for virtual webapp loader |
| 43487:
Fix request processing stats
|
|
43435: Don't iterate and relocate sessions if they are not part of the map.
|
|
43356: Keystore parameter is relative to CATALINA_BASE,
Truststore is either defined as parameter, javax.net.ssl.trustStore or if empty
defaults to the keystore.
SSL Client cert authentication changed from boolean to "true|false|want" (fhanik)
|
|
30949: Improve previous fix. Ensure requests are re-cycled
on cross-context includes and forwards when an exception occurs in the
target page. (markt)
|
|
42944: Correctly handle servlet mappings that use a '+'
character as part of the url pattern. (markt)
|
|
42951: Don't use CATALINA_OPTS when stopping Tomcat. This
allows options for starting and stopping to be set on JAVA_OPTS and
options for starting only to be set on CATALINA_OPTS. Without this
fix, some startup options (eg the port for remote JMX) would cause
stop to fail. Based on a fix suggested by Michael Vorburger.
Port of r454193 (36976) from Tomcat 5.5.x. (markt,rjung)
|
|
Validation of attributes and elements used in server.xml. (remm)
|
|
43175: Fix typos in servlet XSD files. Patch provided by
Takayuki Kaneko. (markt)
|
|
43216: Set correct StandardSession#accessCount as StandardSession.ACTIVITY_CHECK is true.
Patch provided by Takayuki Kaneko (pero)
|
|
Made session createTime accessible for all SessionManager via JMX (pero)
|
|
43129: Support logging of all response header values at AccessLogValve (ex. add %{Set-Cookie}o to your pattern). (pero)
|
|
Support logging of all response header values at ExtendedAccessLogValve (ex. add x-O(Set-Cookie) to your pattern). (pero)
|
|
Support logging of current thread name at AccessLogValve (ex. add %I to your pattern).
Usefull to compare access logging entry later with a stacktraces. (pero)
|
|
Improve large-file support (more then 4 Gb) at all AccessLogValves, backport from 5.5.25. (pero)
|
|
Optimized JDBCAccessLogValve combined pattern request attribute access. (pero)
|
|
o.a.juli.ClassLoaderLogManager handle more then one system property replacement at file logging.properties. (pero)
|
|
43338: Support '*' servlet-name mapping at filter-mapping.
Patch provided by Keiichi Fujino. (pero)
|
|
41797: CNFE/NPE thrown from function mapper when externalizing
Patch by Tuomas Kiviaho- tuomas.kiviahos at ikis fi (funkman)
|
|
43453: ClassCastException at
org.apache.catalina.core.StandardContext.findStatusPage(int)
(funkman)
|
|
Fix important vulnerability when webdav is enabled for write. (markt)
|
|
Call stopAwait in StandardServer.stop if port == -1. (pero)
|
|
43668 Fix NPE when the outer most wrapper is a ServletRequest/ResponseWrapper, but not a HttpServletRequest/ResponseWrapper on a Forward. (billbarker)
|
|
Coyote |
|
Harmonize with HTTP java.io code. Otherwise the socket is not closed.
|
|
In the APR connector, start accepting connections after fully starting
the connector, to prevent possible exceptions due to non initialized fields. (remm)
|
|
Cookie parser refactoring, submitted by John Kew. (remm)
|
|
Make cookie escaping / unescaping consistent. (markt)
|
|
43479: Memory leak cleaning up sendfile connections, submitted by Chris Elving. (remm)
|
|
42925: Add maintain for sendfile. (remm)
|
|
Fix explicit flush before response commit in the org.apache.jk AJP connector. (pero)
|
|
43621 Fix possible Dos condition when using the experimental NIO/AJP Connector (billbarker)
|
|
Jasper |
|
37326: No error reported when an included page does not
exist. (markt)
|
|
Webapps |
|
Fix WebDAV Servlet so it works correctly with MS clients. (markt)
|
|
Fix CVE-2007-5461, an important information disclosure vulnerability in
the WebDAV Servlet. Based on a patch by Marc Schoenefeld. (markt)
|
|
42979: Update sample.war to include recent security fixes
in the source code. (markt)
|
|
Minor connector doc fix. (jfclere)
|
|
Cluster |
|
Set correct BioReceiver transfer buffer size. (pero)
|
|
Other |
|
Tests for unit tests for the cookie issues. (jfclere)
|
|
|
Tomcat 6.0.14 (remm) |
General |
|
Correct j.u.l log levels in JULI docs. (rjung)
|
|
Catalina |
|
Handle special case of ROOT when re-loading webapp after ROOT.xml has
been modified. In some circumstances the reloaded ROOT webapp had no
associated resources. (markt)
|
|
Remove invalid attribute "encoding" of MBean MemoryUserDatabase,
which lead to errors in the manager webapp JMXProxy output. (rjung)
|
|
33774 Retry JNDI authentiction on ServiceUnavailableException
as at least one provider throws this after an idle connection has been
closed. (markt)
|
|
39875: Fix BPE in RealmBase.init(). Port of yoavs's fix from
Tomcat 5. (markt)
|
|
41722: Make the role-link element optional (as required by
the spec) when using a security-role-ref element. (markt)
|
|
42361: Handle multi-part forms when saving requests during
FORM authentication process. Patch provided by Peter Runge. (markt)
|
|
42401: Update RUNNING.txt with better JRE/JDK information.
(markt)
|
|
42444: prevent NPE for AccessLogValve
Patch provided by Nils Hammar (funkman)
|
|
42449:
JNDIRealm does not catch NullPointerException for Sun's
LDAP provider (See bug for details) (funkman)
|
|
42497: Ensure ETag header is present in a 304 response.
Patch provided by Len Popp. (markt)
|
|
Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host
Manager. Reported by Daiki Fukumori. (markt)
|
|
42547: Fix NPE when a ResourceLink in context.xml tries to
override an env-entry in web.xml. (markt)
|
|
Avoid some casting in ErrorReportValve (remm)
|
|
Fix persistence API annotation, submitted by Bill Burke (remm)
|
|
In Comet mode, if bytes are not read, send an error event (otherwise,
fields referring to the connection could remain) (remm)
|
|
Fix Comet when running Tomcat with the security manager (remm)
|
|
Jasper |
|
39425 Add additional system property permission to
catalina.policy for pre-compiled JSPs. (markt)
|
|
42438 Duplicate temporary variables were created when
jsp:attribute was used in conjunction with custom tags. Patch provided
by Brian Lenz. (markt)
|
|
42643 Prevent creation of duplicate JSP function mapper
variables. (markt)
|
|
Coyote |
|
Separate sequence increment from getter in ThreadPool to avoid
misleading increments during monitoring via JMX. (rjung)
|
|
Add back missing socketBuffer attribute in the java.io HTTP connector (remm)
|
|
Webapps |
|
Don't write error on System.out, use log() instead. (rjung)
|
|
39813: Correct handling of new line characters in JMX
attributes. Patch provided by R Bramley. Ported from tc5.5.x r415029. (markt,rjung)
|
|
42459: Fix Tomcat Web Application Manager table error. (rjung)
|
|
Fix XSS security vulnerabilities (CVE-2007-2449) in the examples.
Reported by Toshiharu Sugiyama. (markt)
|
|
|
Tomcat 6.0.13 (remm) |
Catalina |
|
More accurate available() method. (remm)
|
|
Add recycle check in the event object, since it is a facade like the others. (remm)
|
|
When processing a read event, enforce that the servlet consumes all available bytes. (remm)
|
|
Add a flag in ContainerBase which could be used in embedded scenarios to avoid a double start
of contexts (this problem generally occurs when adding contexts to a started host). (remm)
|
|
42309: Ability to create a connector using a custom protocol specification for embedded.
(fhanik)
|
|
Add SSL engine flag to AprLifecycleListener. (fhanik)
|
|
Improve event processing, so that an END event is generated when encountering EOF, and an
ERROR is always generated on client disconnects. (remm)
|
|
Add declarations for the new XSD files. (remm)
|
|
Coyote |
|
Add heartbeatBackgroundEnabled flag to SimpleTcpCluster.
Enable this flag don't forget to disable the channel heartbeat thread (pero)
|
|
Possible memory leak when using comet, caused by adding the socket to the poller before
cleaning up the connection tracking structure. (remm)
|
|
42308: nextRequest recycles the request, which caused issues with statistics. (remm)
|
|
Fix non recycled comet flag in the APR connector. (remm)
|
|
Cluster |
|
Add heartbeatBackgroundEnabled flag to SimpleTcpCluster.
Enable this flag don't forget to disable the channel heartbeat thread (pero)
|
|
Method name cleanup. (fhanik)
|
|
Webapps |
|
Some examples webapp fixes. Submitted by Frank McCown. (remm)
|
|
|
Tomcat 6.0.12 (remm) |
General |
|
License source headers. Submitted by Niall Pemberton. (remm)
|
|
Catalina |
|
42039 Log a stack trace if a servlet throws an
UnavailableException. Patch provided by Kawasima Kazuh. (markt)
|
|
41990 Add some additional mime-type mappings. (markt)
|
|
41655 Fix message translations. Japanese translations
provided by Suzuki Yuichiro. (markt)
|
|
Add enabled attribute to AccessLogValve (pero)
|
|
42085: Avoid adding handlers for the root logger twice when they are explicitly
specified. (remm)
|
|
Reduce thread local manipulation in the request dispatcher. Submitted by
Arvind Srinivasan. (remm)
|
|
Avoid keeping references to loggers tied to the webapp classloaders after a reload in
a couple more places. (remm)
|
|
42202: Fix container parsing of TLDs in webapps when Tomcat is installed in
a URL encodable path. (remm)
|
|
Coyote |
|
42119 Fix return value for request.getCharacterEncoding() when
Content-Type headers contain parameters other than charset. Patch by
Leigh L Klotz Jr. (markt)
|
|
Move away from using a thread local processor for the APR and java.io
connectors, as this does not work well when using an executor. (remm)
|
|
Remove Comet timeout hack in the APR connector. Comet connections will now
use the regular timeout or the keepalive timeout if specified. (remm)
|
|
Webapps |
|
42025: Update valve documentation to refer to correct regular
expression implementation. (markt)
|
|
Fix various paths in the manager webapps (remm)
|
|
Session viewer and editor for the HTML manager. Submitted by Cédrik Lime. (remm)
|
|
Session handling tools for the manager. Submitted by Rainer Jung. (remm)
|
|
Jasper |
|
41869 TagData.getAttribute() should return
TagData.REQUEST_TIME_VALUE when the attribute value is an EL expression.
(markt)
|
|
42071 Fix IllegalStateException on multiple requests to
an unavailable JSP. Patch provided by Kawasima Kazuh. (markt)
|
|
After a JSP throws an UnavailableException allow it to be accessed once
the unavailable period has expired. (markt)
|
|
Cluster |
|
Add toString method to better logging session replication message at tribes MESSAGES (pero)
|
|
|
Tomcat 6.0.11 (remm) |
General |
|
Update DBCP to 1.2.2, pool to 1.3, JDT to 3.2.2 and remove collections
build dependency (pero, remm)
|
|
Catalina |
|
Don't log pattern subtoken at ExtendedAccesLogValve (pero)
|
|
Add some missing JMX attributes for new AccessLogValve (pero)
|
|
41786 Incorrect reference to catalina_home in catalina.sh/bat Patch provided by Mike Hanafey (fhanik)
|
|
41703 SingleSignOnMessage invalid setter, patch provided by Nils Hammar (fhanik)
|
|
41682 ClassCastException when logging is turned on (fhanik)
|
|
41530 Don't log error messages when connector is stopped (fhanik)
|
|
41166 Invalid handling when using replicated context (fhanik)
|
|
Added SENDFILE support for the NIO connector. (fhanik)
|
|
Added support for shared thread pools by adding in the <Executor>
element as a nested element to the <Service> element. (fhanik)
|
|
41666 Correct handling of boundary conditions for
If-Unmodified-Since and If-Modified-Since headers. Patch provided by
Suzuki Yuichiro. (markt)
|
|
41739 Correct handling of servlets with a load-on-startup
value of zero. These are now the first servlets to be started. (markt)
|
|
41747 Correct example ant script for deploy task. (markt)
|
|
41752 Correct error message on exception in MemoryRealm.
(markt)
|
|
39883 Add documentation warning about using antiResourceLocking
on a webapp outside the Host's appBase. (yoavs)
|
|
40150 Ensure user and roll classnames are validated on startup. Patch by
Tom. (yoavs)
|
|
Refactor extend access log valve using the optimized access log valve. Submitted by
Takayuki Kaneko. (remm)
|
|
Possible deadlock in classloading when defining packages. (remm)
|
|
Remove excessive syncing from listener support. (remm)
|
|
Web services support. The actual factory implementations are implemented in the
extras. Submitted by Fabien Carrion. (remm)
|
|
Add logging to display APR capabilities on the platform. (remm)
|
|
Expose executors in JMX. (remm)
|
|
CRLF inside a URL pattern is always invalid. (remm)
|
|
Tweak startup time display. (remm)
|
|
Adjustments to handling exceptions with Comet. (remm)
|
|
If the event is closed asynchronously, generate an end event for cleanup on the
next event. (remm)
|
|
Cleanup hello webapp from the docs and fix a XSS issue in the JSP. (remm)
|
|
Examples webapp cleanup. Submitted by Takayuki Kaneko and Markus Schönhaber. (remm)
|
|
41289: Create configBase, since it is no longer created elsewhere.
Submitted by Shiva Kumar H R. (remm)
|
|
Coyote |
|
Fixed NIO memory leak caused by the NioChannel cache not working properly.
|
|
Added flag to enable/disable the usage of the pollers selector instead of a Selector pool
when the serviet is reading/writing from the input/output streams
The flag is -Dorg.apache.tomcat.util.net.NioSelectorShared=true
|
|
Requests with multiple content-length headers are now rejected. (markt)
|
|
41675 Add a couple of DEBUG-level logging statements to Http11Processors
when sending error responses. Patch by Ralf Hauser. (yoavs)
|
|
Reuse digester used by the modeler. (remm)
|
|
When the platform does not support deferred accept, put accepted sockets in the
poller. (remm)
|
|
Fix problem with blocking reads for keepalive when using an executor (the number
of busy threads is always 0). (remm)
|
|
The poller now has good performance, so remove firstReadTimeout. (remm)
|
|
42119 Fix return value for request.getCharacterEncoding() when
Content-Type headers contain parameters other than charset. Patch by
Leigh L Klotz Jr. (markt)
|
|
Webapps |
|
Fix previous update to servlet 2.5 xsd to use correct declaration.
(markt)
|
|
Update host configuration document for new behaviour for directories
in appBase. (markt)
|
|
39540 Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)
|
|
Jasper |
|
41227 Add a bit of DEBUG-level logging to JspC so users know
which file is being compiled. (yoavs)
|
|
Remove some dead utility code, and refactor stream capture as part of the Ant compiler. (remm)
|
|
Support the trim directive of JSP 2.1 as an equivalent of Jasper's own parameter. (remm)
|
|
41790: Close file stream used to read the Java source. (remm)
|
|
Fix reporting of errors which do not correspond to a portion of the JSP source. (remm)
|
|
Remove try/catch usage for annotation processing in classic tags. The usage
of the log method might have been questionable as well. (remm)
|
|
Cleanup of the message that is displayed for compilation errors. (remm)
|
|
Skip BOM when reading a JSP file. (remm)
|
|
|
Tomcat 6.0.10 (remm) |
Catalina |
|
Unify usage of security manager flag, submitted by Arvind Srinivasan. (remm)
|
|
Fix formatting of CGI variable SCRIPT_NAME. (markt)
|
|
41521: Support * for servlet-name, submitted by Paul McMahan. (remm)
|
|
Cache getServletContext value, submitted by Arvind Srinivasan. (remm)
|
|
Add options for handling special URL characters in paths, and disallow '\' and encoded '/'
due to possible differences in behavior between Tomcat and a front end webserver. (remm)
|
|
Fix bad comparison for FORM processing, submitted by Anil Saldhana. (remm)
|
|
41608 Make log levels consistent when Servlet.service()
throws an exception. (markt)
|
|
Coyote |
|
Reduce usage of MessageBytes.getLength(), submitted by Arvind Srinivasan. (remm)
|
|
Jasper |
|
41558: Don't call synced method on every request, submitted by Arvind Srinivasan. (remm)
|
|
Switch to a thread local page context pool. (remm)
|
|
|
Tomcat 6.0.9 (remm) |
General |
|
Use 2.5 xsd in Tomcat webapps. (markt)
|
|
Compression filter improvements, submitted by Eric Hedström. (markt)
|
|
Catalina |
|
Properly return connector names. (remm)
|
|
Remove logging of the XML validation flag. (remm)
|
|
Correct error messages for context.xml. (markt)
|
|
41217: Set secure flag correctly on SSO cookie, submitted by
Chris Halstead. (markt)
|
|
40524: request.getAuthType() now returns CLIENT_CERT rather
than CLIENT-CERT. (markt)
|
|
40526: Return support for JPDA_OPTS to catalina.bat and add
a new option JPDA_SUSPEND, submitted by by Kurt Roy. (markt)
|
|
41265: In embedded, remove the code that resets checkInterval
values of zero to 300. (markt)
|
|
Coyote |
|
37869: Fix getting client certificate, submitted by Christophe Pierret. (remm)
|
|
40960: Throw a timeout exception when getting a timeout rather than a
generic IOE, submitted by Christophe Pierret. (remm)
|
|
Jasper |
|
EL validation fixes for attributes. (remm)
|
|
41327: Show full URI for a 404. (markt)
|
|
JspException now uses getCause() as the result for getRootCause(). (markt)
|
|
Cluster |
|
41466: When using the NioChannel and SecureNioChannel its
important to use the channels buffers. (fhanik)
|
|
|
Tomcat 6.0.8 (remm) |
Catalina |
|
Make provided instances of RequestDispatcher thread safe. (markt)
|
|
Optional development oriented loader implementation. (funkman)
|
|
Optimized access log valve, submitted by Takayuki Kaneko. (remm)
|
|
Fix error messages when parsing context.xml that incorrectly referred to
web.xml. (markt)
|
|
41217: Set secure attribute on SSO cookie when cookie is
created during a secure request. Patch provided by Chris Halstead.
(markt)
|
|
40524: HttpServletRequest.getAuthType() now returns
CLIENT_CERT rather than CLIENT-CERT for certificate authentication
as per the spec. Note that web.xml continues to use CLIENT-CERT to
specify the certificate authentication should be used. (markt)
|
|
41401: Add support for JPDA_OPTS to catalina.bat and add a
JPDA_SUSPEND environment variable to both startup scripts. Patch
provided by Kurt Roy. (markt)
|
|
Coyote |
|
Use the tomcat-native-1.1.10 as recommended version.
OpenSSL detection on some platforms was broken 1.1.8 will continue to work,
although on some platforms there can be JVM crash if IPV6 is enabled and
platform doesn't support IPV4 mapped addresses on IPV6 sockets.
|
|
Jasper |
|
When displaying JSP source after an exception, handle included files.
(markt)
|
|
Display the JSP source when a compilation error occurs and display
the correct line number rather than start of a scriptlet block. (markt)
|
|
Fix NPE when processing dynamic attributes. (remm)
|
|
More accurate EL usage validation. (remm)
|
|
Fix regression for implicit taglib and page data version numbers. (remm)
|
|
41265: Allow JspServlet checkInterval init parameter to be
explicitly set to the stated default value of zero by removing the
code that resets it to 300 if explicitly specified as zero. (markt)
|
|
41327: Show full URI for a 404. Patch provided by Vijay.
(markt)
|
|
Webapps |
|
Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)
|
|
Update all webapps to use the servlet 2.5 xsd. (markt)
|
|
39572: Improvements to CompressionFilter example provided by
Eric Hedström. (markt)
|
|
|
Tomcat 6.0.7 (remm) |
General |
|
Fix installer's bitmap (mturk)
|
|
Catalina |
|
Refactor logging of errors which may occur when reading a post body (remm)
|
|
Coyote |
|
37869: Also use the SSL_INFO_CLIENT_CERT field if the chain is empty,
submitted by Grzegorz Grzybek (remm)
|
|
|
Tomcat 6.0.5 (remm) |
Catalina |
|
40585: Fix parameterised constructor for o.a.juli.FileHandler
so parameters have an effect. (markt)
|
|
Escape invalid characters from request.getLocale. (markt, remm)
|
|
Update required version for native to 1.1.8. (remm)
|
|
Do not log broken pipe errors which can occur when flushing the content of an error page. (remm)
|
|
Coyote |
|
Fix firstReadTimeout behavior for the AJP connector. (remm)
|
|
Jasper |
|
41057: Make jsp:plugin output XHTML compliant. (markt)
|
|
Cluster |
|
Cluster interface cleanup. (fhanik)
|
|
Refactoring to allow usage of executors. (fhanik)
|
|
|
Tomcat 6.0.3 (remm) |
Catalina |
|
37509: Do not remove whitespace from the end of values
defined in logging.properties files. (markt)
|
|
38198: Add reference to Context documentation from Host
documentation that explains how Context name is obtained from the
Context filename. (markt)
|
|
40844 Missing syncs in JDBCRealm. (markt)
|
|
40901: Encode directory listing output. Based on a patch
provided by Chris Halstead. (markt)
|
|
40929: Correct JavaDoc for StandardClassLoader. (markt)
|
|
41008: Allow POST to be used for indexed queries with CGI
Servlet. Patch provided by Chris Halstead. (markt)
|
|
Fix usage of print on the servlet output stream if the processor never used
a writer (fhanik)
|
|
Fix logic of sameSameObjects used to determine correct wrapping of request and
response objects (fhanik)
|
|
Update TLD scan lists, and disable caching for now (remm)
|
|
Add system property to WebappClassLoader to allow disabling setting references
to null when stopping it (remm)
|
|
Add clustered SSO code, submitted by Fabien Carrion (remm)
|
|
Coyote |
|
40860: Log exceptions and other problems during parameter
processing. (markt)
|
|
Enable JMX for trust store attributes for SSL connector. (markt)
|
|
Port memory usage reduction changes to the java.io HTTP connector. (remm)
|
|
MessageBytes.setString(null) will remove the String value. (remm)
|
|
41057: Caching large strings is not useful and takes too much
memory, so don't cache these (remm)
|
|
Add keepAliveTimeout attribute to most connectors (mturk, remm)
|
|
Jasper |
|
Relax EL type validation for litterals. (remm)
|
|
Update some version numbers to 2.1. (funkman, remm)
|
|
Add xsds for JSP 2.1 (remm)
|
|
41106: Update validation checks for EL to also include
legacy 1.2 tags (remm)
|
|
Webapps |
|
40677: Update SSL documentation to indicate that PKCS11
keystores may be used. (markt)
|
|
|
Tomcat 6.0.2 (remm) |
General |
|
Various tweaks to distribution (remm, funkman)
|
|
Update Tomcat native to 1.1.7 (mturk)
|
|
Update to JDT 3.2.1 (remm)
|
|
Catalina |
|
Fix EJB annotation interface (remm)
|
|
Coyote |
|
Fix passing of the keystore password for the NIO connector (fhanik)
|
|
|
Tomcat 6.0.1 (remm) |
Catalina |
|
Refactor exception processing using Throwable.getCause to improve exception chaining (remm)
|
|
Remove dead code involving the Logger (funkman)
|
|
37458: Fix some exceptions which could happen during classloading (markt)
|
|
40817: Fix CGI path (markt)
|
|
34956: Add the possibility to enforce usage of request and response
wrapper objects (markt)
|
|
Jasper |
|
Many fixes for JSP 2.1 compliance, invloving tag files handling, deferred expressions
validation, bom encoding support (remm)
|
|
Coyote |
|
Many HTTP NIO connector fixes and refactorings (fhanik)
|
|
HTTP NIO connector performance improvements (fhanik)
|
|
Add packetSize option for the classic AJP connector (jfclere)
|
|
Implement explicit flushing in AJP (mturk)
|
|
|
Tomcat 6.0.0 (remm) |
Catalina |
|
SSLEngine attribute added to the AprLifecycleListener(fhanik)
|
|
Add API for Comet IO handling (remm, fhanik)
|
|
Servlet 2.5 support (remm)
|
|
Jasper |
|
JSP 2.1 support (jhook, remm)
|
|
Unifed EL 2.1 support (jhook)
|
|
Coyote |
|
SSLEnabled attribute required for SSL to be turned on, on all HTTP connectors (fhanik)
|
|
Memory usage reduction for the HTTP connectors, except java.io (remm)
|
|
Modeler update to use dynamic mbeans rather than model mbeans, which consume more
resources (costin)
|
|
Cluster |
|
New cluster configuration and new documentation (fhanik)
|
|
|
|