Links User Guide Reference Apache Tomcat Development | | Tomcat 5.5.25 (fhanik) |
| General |
 |
Correct j.u.l log levels in JULI docs. (rjung)
|
 |
Update to Commons Modeler 2.0.1, fix embed release starting issue. (pero)
|
|
| Catalina |
 |
Handle special case of ROOT when re-loading webapp after ROOT.xml has
been modified. In some circumstances the reloaded ROOT webapp had no
associated resources. (markt)
|
|
Fix WebDAV Servlet so it works correctly with MS clients. (markt)
|
|
Remove invalid attribute "encoding" of MBean MemoryUserDatabase,
which lead to errors in the manager webapp JMXProxy output. (rjung)
|
|
Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host
Manager. Reported by Daiki Fukumori. (markt)
|
 |
39055: Add JMXAdaptorLifecycleListener to start JMX Connector with fix naming and data port.
This feature is needed to have stable remote access as your local firewall is activ. The adaptor read all
standard JMX system properties (-Dcom.sun.management.jmxremote.XXX). Currently only included at src release (used JDK 1.5 classes)
Feature provided by George Lindholm and Juergen Herrman (pero)
|
|
41722: Make the role-link element optional (as required by
the spec) when using a security-role-ref element. (markt)
|
|
42547: Fix NPE when a ResourceLink in context.xml tries to
override an env-entry in web.xml. (markt)
|
|
42944: Correctly handle servlet mappings that use a '+'
character as part of the url pattern. (markt)
|
|
Improve large-file support (more then 4 Gb) at all AccessLogValves. (pero)
|
|
43129: Support logging of response headers at AccessLogValve (ex. add %{Set-Cookie}o to your pattern). (pero)
|
|
| Jasper |
|
2500: FileNotFoundException within a JSP pages resulted in a
404 rather than a 500. (markt)
|
|
37326: No error reported when an included page does not
exist. (markt)
|
|
42643: Prevent creation of duplicate JSP function mapper
variables. (markt)
|
|
42314: Provide compilation error details in cases where the
error can't be mapped back to a source file. (markt)
|
|
| Webapps |
|
Don't write error on System.out, use log() instead. (rjung)
|
|
Fix XSS security vulnerabilities (CVE-2007-2449) in the examples.
Reported by Toshiharu Sugiyama. (markt)
|
|
39212: Fix possible NPE in DummyCart example and remove
redundant code. (markt)
|
|
42979: Update sample.war to include recent security fixes
in the source code. (markt)
|
|
| Coyote |
|
Separate sequence increment from getter in ThreadPool to avoid
misleading increments during monitoring via JMX. (rjung)
|
|
| Cluster |
|
40042: Recovery membership heartbeat after interface down. (pero)
|
|
42691: Don't set access time after session sync. Fix that sessions
after node restart better expire. Requested by Casey Lucas (pero)
|
|
Backport Tomcat 6 cluster socket parameter. (pero)
|
|
Fix typo in new MBean attribute which lead to errors in the manager webapp JMXProxy output. (rjung)
|
|
42689: No way to timeout new connect attempts for replication sockets.
Patch by Casey Lucas (pero)
|
|
Fix timeout setting on a replicated DeltaSession.
Patch by Alexander Maas (fhanik,pero)
|
|
42720: Don't send a message if no cluster member exists.
Patch by Keiichi Fujino (pero)
|
|
|
| Tomcat 5.5.24 (fhanik) |
| General |
|
Update to Commons DBCP src 1.2.2 (pero)
|
|
Update to Commons Pool src 1.3 (pero)
|
|
| Catalina |
|
33774 Retry JNDI authentiction on ServiceUnavailableException
as at least one provider throws this after an idle connection has been
closed. (markt)
|
|
40593 Cleanup that Listener stop after Manager stop
at StandardContext.stop(). Patch by Suzuki Yuichiro (pero)
|
|
41747 Correct example ant script for deploy task. (markt)
|
|
41752 Correct error message on exception in MemoryRealm.
(markt)
|
|
39875 Minor cleanup in RealmBase.init, as requested by Takayoshi Kimura. (yoavs)
|
|
41477 Add commons-el.jar to bin/catalina-tasks.xml, required for jasper2 tasks
using EL. Patch by Daniel Santos. (yoavs)
|
|
40150 Ensure user and roll classnames are validated on startup. Patch by
Tom. (yoavs)
|
|
42039 Log a stack trace if a servlet throws an
UnavailableException. Patch provided by Kawasima Kazuh. (markt)
|
|
41990 Add some additional mime-type mappings. (markt)
|
|
41655 Fix message translations. Japanese translations
provided by Suzuki Yuichiro. (markt)
|
|
41939 Add configuration option to disable nulling of static
and final fields of loaded classes when stopping a web application
classloader. Setting the system property
org.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES to
false will stop these fields being set to null on context stop. (markt)
|
|
Fix a logging related memory leak in ManagerBase and
ApplicationDispatcher. (markt)
|
|
42354: Ensure JARs in webapps are scanned for TLDs when the
Tomcat installation path contains spaces. (markt)
|
|
42361: Handle multi-part forms when saving requests during
FORM authentication process. Patch provided by Peter Runge. (markt)
|
|
42401: Update RUNNING.txt with better JRE/JDK information.
(markt)
|
|
42497: Ensure ETag header is present in a 304 response.
Patch provided by Len Popp. (markt)
|
|
Allow for a forward/include to call getAttributeNames on the Request in a sandbox. (billbarker)
|
|
And getSession() operation to StandardManager and DeltaManager JMX Interface (pero)
|
|
| Webapps |
|
Update host configuration document for new behaviour for directories
in appBase. (markt)
|
|
39883 Add note to context configuration document about using
antiResourceLocking on a webapp outside the Host's appBase directory. (yoavs)
|
|
39540 Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)
|
|
41289: Create configBase, since it is no longer created elsewhere.
Submitted by Shiva Kumar H R. (pero)
|
|
42103: Use correct names for truststoreFile, truststoreType and
truststorePass when saving server.xml in Admin webapp. Patch provided by
Matheus Bastos. (markt)
|
|
42025: Update valve documentation to refer to correct regular
expression implementation. (markt)
|
|
41956: Don't skip the connector address attribute when
persisting server.xml changes via the admin webapp. (markt)
|
|
| Coyote |
|
40960 Inconsistent exception type thrown on socket timeout in
InternalAprInputBuffer. Patch by Christophe Pierret. (yoavs)
|
|
41675 Add a couple of DEBUG-level logging statements to Http11Processors
when sending error responses. Patch by Ralf Hauser. (yoavs)
|
|
42119 Fix return value for request.getCharacterEncoding() when
Content-Type headers contain parameters other than charset. Patch by
Leigh L Klotz Jr. (markt)
|
|
36155 Always reset the MB when doing getBytes in the JK Connector (billbarker)
|
|
Improve large-file support in the AJP Connectors (billbarker)
|
|
| Cluster |
|
Receiver can also use tcpListenAddress with a hostname. (rjung, pero)
|
|
DeltaRequest synchronized getSize() and show log message as
readExternal() failure. (rjung, pero)
|
|
Add DeltaManager expireTolerance attribute to quicker auto expire long backup sessions. (rjung, pero)
|
|
Add DeltaManager updateActiveIntervall attribute to send every 60 sec a session access message. (rjung, pero)
|
|
39866 Duplicate names appended to cluster manager name. (yoavs)
|
|
| Jasper |
|
39425 Add additional system property permission to
catalina.policy for pre-compiled JSPs. (markt)
|
|
41227 Add a bit of DEBUG-level logging to JspC so users know
which file is being compiled. (yoavs)
|
|
41869 TagData.getAttribute() should return
TagData.REQUEST_TIME_VALUE when the attribute value is an EL expression.
(markt)
|
|
42071 Fix IllegalStateException on multiple requests to
an unavailable JSP. Patch provided by Kawasima Kazuh. (markt)
|
|
After a JSP throws an UnavailableException allow it to be accessed once
the unavailable period has expired. (markt)
|
|
42072 Don't call destroy() if the associated init() fails.
Patch provided by Kawasima Kazuh. (markt)
|
|
Fix a logging related memory leak in PageContextImpl. (markt)
|
|
42438 Duplicate temporary variables were created when
jsp:attribute was used in conjunction with custom tags. Patch provided
by Brian Lenz. (markt)
|
|
|
| Tomcat 5.5.23 (fhanik) |
| Catalina |
|
41608 Make log levels consistent when Servlet.service()
throws an exception. (markt)
|
|
41666 Correct handling of boundary conditions for
If-Unmodified-Since and If-Modified-Since headers. Patch provided by
Suzuki Yuichiro. (markt)
|
|
41674 Fix error messages when parsing context.xml that
incorrectly referred to web.xml. (markt)
|
|
41739 Correct handling of servlets with a load-on-startup
value of zero. These are now the first servlets to be started. (markt)
|
|
| Coyote |
|
Requests with multiple content-length headers are now rejected. (markt)
|
|
|
| Tomcat 5.5.21 (fhanik) |
| Catalina |
|
41401: StandardService.getConnectorNames() return array of
Connector JMX objectnames. (pero)
|
|
29727: If env-entry values in web.xml are changed then
ensure new values are applied when context is reloaded. (markt)
|
|
34956: Ensure request and response objects passed to a
RequestDispatcher meet the requirements of SRV.8.2 and
SRV.14.2.5.1. This is disabled by default. The Java option
-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
is required to enable this test. (markt)
|
|
36274: When including static content with the
DefaultServlet also treat content types ending in xml as text.
(markt)
|
|
36976: Don't use CATALINA_OPTS when stopping Tomcat. This
allows options for starting and stopping to be set on JAVA_OPTS and
options for starting only to be set on CATALINA_OPTS. Without this
fix, some startup options (eg the port for remote JMX) would cause
stop to fail. Based on a fix suggested by Michael Vorburger. (markt)
|
|
37070: Update mbean name documentation to include the
StandardWrapper. (markt)
|
|
37356: Ensure sessions time out correctly. This has been
fixed by removing the accessCount feature by default. This feature
prevents the session from timing out whilst requests that last
longer than the session time out are being processed. This feature
is enabled by setting the Java option
-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
The feature is now implemented with synchronization which addresses
the thread safety issues associated with the original bug report.
(markt)
|
|
37439: Update documentation for Engine component to add
the requirement that the name must be unique. (markt)
|
|
37458: Add syncs to the WebappClassloader to address
rare issues when multiple threads attempt to load the same class
concurrently. (markt)
|
|
37509: Do not remove whitespace from the end of values
defined in logging.properties files. (markt)
|
|
38198: Add reference to Context documentation from Host
documentation that explains how Context name is obtained from the
Context filename. (markt)
|
|
39088: Prevent infinte loops when an exception is thrown
that returns itself for getRootCause(). Based on a patch by Wouter
Zelle. (markt)
|
|
39436: Correct MIME type for SVG. (markt)
|
|
39627: JULI no longer ignores a ".level=XXX" directive
in logging.properties. Patch provided by Roger Keays and Richard
Fearn. (markt)
|
|
39724: Removing the last valve from a pipeline did not
return the pipeline to the original state. Patch provided by
David Gagon. (markt)
|
|
40367: Update JK auto configuration documentation to clarify
that workers.properties must also exist. (markt)
|
|
40524: HttpServletRequest.getAuthType() now returns
CLIENT_CERT rather than CLIENT-CERT for certificate authentication
as per the spec. Note that web.xml continues to use CLIENT-CERT to
specify the certificate authentication should be used. (markt)
|
|
40526: Add support for JPDA_OPTS to catalina.bat and add a
JPDA_SUSPEND environment variable to both startup scripts. Patch
provided by Kurt Roy. (markt)
|
|
40528: Add missing message localisations as provided by
Ben Clifford. (markt)
|
|
40585: Fix parameterised constructor for o.a.juli.FileHandler
so parameters have an effect. (markt)
|
|
40625: Stop CGIServlet swallowing the root cause of an
exception. Patch provided by Takayoshi Kimura. (markt)
|
|
40723: Correct table creation example in JavaDoc for
JDBCAccessLogValve. (markt)
|
|
40802: Add jsp-api.jar to fileset in catalina-tasks.xml as provided by
Daniel Santos. (pero)
|
|
40817: Correct problem where CGI scripts in the root of the
ROOT context threw a StringIndexOutOfBoundsException.
(markt)
|
|
Set the SCRIPT_FILENAME environment variable required
by PHP when using the CGIServlet to execute PHP. (markt)
|
|
40823: Update context doc to clarify use of ROOT.xml,
multi-level context paths and to further discourage use of server.xml
(markt)
|
|
40844: Add additional syncs to JDBCRealm to resolve NPE when
two users try to authenticate using DIGEST authentication at the same
time. (markt)
|
|
40860: Log exceptions and other problems during parameter
processing. (markt)
|
|
40901: Encode directory listing output. Based on a patch
provided by Chris Halstead. (markt)
|
|
40929: Correct JavaDoc for StandardCalssLoader. (markt)
|
|
41008: Allow POST to be used for indexed queries with CGI
Servlet. Patch provided by Chris Halstead. (markt)
|
|
41020: Improve error message when custom error report Valve
fails to load. Also remove requirement that custom error report Valves
extend ValveBase. (markt)
|
|
41217: Set secure attribute on SSO cookie when cookie is
created during a secure request. Patch provided by Chris Halstead.
(markt)
|
|
Ensure Accept-Language headers conform to RFC 2616. Ignore them if
they do not. (markt)
|
|
Make provided instances of RequestDispatcher thread safe. (markt)
|
|
Fix formatting of CGI variable SCRIPT_NAME. (markt)
|
|
34643: Improved documentation for per-user / per-session clientAuth
usage in SSL Authenticator. Docs provided by jack and Ralf Hauser. (yoavs)
|
|
40668: Update release notes and readme files specific to v5.5.20 to
notify users of missing MailSessionFactory in distribution, suggest workarounds,
and link to relevant Bugzilla issue. (yoavs)
|
|
37977: adapt BUILDING.txt and net build.xml for SVN. Patch by
Christopher Sahnwaldt. (yoavs)
|
|
39055: Link to sample workaround code for using JSR160 JMX monitoring
with a local firewall. Thanks to George Lindholm for the patch. (yoavs)
|
|
39476: add xml declaration to most build.xml files, as suggested by
Gregory S. Hoerner Sr. (yoavs)
|
|
40326: stop using File#deleteOnExit in DefaultServlet to avoid
JVM memory leak, as suggested by quartz. (yoavs)
|
|
40192: update setup.html notes regarding Windows tray icon. (yoavs)
|
|
40177: add more warnings to documentation about RequestDumperValve
character encoding. (yoavs)
|
|
39255: NPE in AuthenticatorBase when logging level is set to DEBUG
and no prinicpal found. (yoavs)
|
|
41437: Make log messages and loglevel consistent during Context
start. Patch provided by Suzuki Yuichiro. (markt)
|
|
| Coyote |
|
38332: Add backlog attribute to ChannelSocket as provided by
Takayoshi Kimura. (pero)
|
|
Backport packetSize feature from Tomcat 6.0.x at standard coyote AJP Jk handler. (pero)
|
|
40771: Fix implementation of
SavedRequestInputFilter.doRead() so POST data may be read using a
Valve or Filter. Patch provided by Michael Dufel. (markt)
|
|
41017: Restore behaviour of MessageBytes.setString(null).
(remm/markt)
|
|
41057: Modify StringCache to add a configurable upper bound
to the length of cached strings. (remm/markt)
|
|
38774: Check javax.net.ssl.keyStorePassword system property as a secondary
source for keystore password in JSSESocketFactory, as suggested by Ted X. Toth. (yoavs)
|
|
39402: Modify existing Vary HTTP header, rather than overwrite it, if it
exists when using GZip compression. Patch by Matthew Cooke. (yoavs)
|
|
40241: Catch Exceptions instead of Throwables in Default and SSI servlets.
Also improve relevant logging while we're at it. (yoavs)
|
|
40133: Better error message when context name is not available on startup,
as suggested by Andreas Plesner Jacobsen. (yoavs)
|
|
| Jasper |
|
39975: don't have static Log references to prevent
classloader leaks. (yoavs)
|
|
40104: When displaying JSP source after an exception, handle
included files. (markt)
|
|
40797: This was a regression as a result of the fix for
33407. TLD validation was failing as a result of the use
of the escape character (0x1b) as a temporary replacement for \$.
An alternative character (0xe000) from the unicode private use range
is now used. (markt)
|
|
41057: Make jsp:plugin output XHTML compliant. (markt)
|
|
41327: Show full URI for a 404. Patch provided by Vijay.
(markt)
|
|
41265: Allow JspServlet checkInterval init parameter to be
explicitly set to the stated default value of zero by removing the
code that resets it to 300 if explicitly specified as zero. (markt)
|
|
Display the JSP source when a compilation error occurs and display
the correct line number rather than start of a scriptlet block. (markt)
|
|
| Webapps |
|
34952: Clarify that the Windows Installer always installs
a Windows service. (markt)
|
|
35968: Make environment entry properties input a text area.
Patch provided by Tristan Marly. (markt)
|
|
37588: Fix creation of JNDI Realm in admin application. Patch
provided by Terry Zhou. (markt)
|
|
38048: Fix memory leak assoaciated with use of expression
language in JSPs. Patch provided by Taras Tielkes. (markt)
|
|
39572: Improvements to CompressionFilter example provided by
Eric Hedström. (markt)
|
|
40507: Update host-manager and servlet-examples web-apps to
use the servlet 2.4 xsd. Patch provided by Chris Halstead. (markt)
|
|
40581: Add information on the use of a symbloic link as the
docBase for a Context to the Context documentation. (markt)
|
|
40633: Remove references to the DefaultContext from the
documentation. (markt)
|
|
40677: Update SSL documentation to indicate that PKCS11
keystores may be used. (markt)
|
|
40714: Admin webapp no longer requires a username for a
DataSource since it is not required in all cases. (markt)
|
|
40720: Fix exception in admin webapp when adding a group to
a user. (markt)
|
|
40874: Correct log4j configuration in documentation webapp.
Patch provided by Franck Borel. (markt)
|
|
40999: Add trust store configuration for SSL connectors to
the admin webapp. (markt)
|
|
41051: Add information on keystore aliases and case
sensitivity to SSL HOW-TO. (markt)
|
|
41182: Update the Jasper documentation for the classpath
attribute. (markt)
|
|
41493: Fix handling of APR connectors in Admin webapp.
(markt)
|
|
41512: Version number was not inserted in release notes.
(markt)
|
|
40257: Update Manager webapp howto on remote deployment to reflect
need for explicit path in one specific use-case. Thanks to Venkatesh Jayaraman. (yoavs)
|
|
40160: add reference to the Filter proposed in this Bugzilla item to the WebdavServlet.
While at it, give the WebdavServlet some long-overdue TLC by cleaning up some of the old data
structures in favor of modern (but still JDK 1.4-compliant) interfaces. (yoavs)
|
|
Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)
|
|
| Cluster |
|
Add clustered SSO code and backport feature from Tomcat 6.0.x,
submitted by Fabien Carrion (pero)
|
|
Add better recovery at FastAsyncQueueSender. Made the startegy more robust for temporary connection problems (pero)
|
|
|
| Tomcat 5.5.20 (fhanik) |
| Catalina |
|
Fix logic error in UserDatbaseRealm.getprincipal() that caused user
roles assigned via groups to be ignored. (markt)
|
|
40518: Use correct message when a RuntimeException is
thrown from the requestInitialized or requestDestroyed method of
a listener that implements ServletRequestListener. (markt)
|
|
| Jasper |
|
31804: Unnested tags within a tag file are now configured
with the Tag represented by the containing tag file as their parent
tag. (markt)
|
|
33356: Tag attributes that contained $ followed by 1 or
more non-special characters and then a { character caused an
exception. (markt)
|
|
33407: The string \$ in template text was reduced to $
when the isELIgnored page directive was set to true. (markt)
|
|
34509: Tag names may now use the full range of
characters permitted by xsd:nmtoken. (markt)
|
|
| Webapps |
|
34399: Disable undeploy for applications that have not
been deployed such as those defined in server.xml (markt)
|
|
|
| Tomcat 5.5.19 (fhanik) |
| General |
|
Add multi attribute setting to jmx:set JMX remote ant task.
Patch contributed by Didier Donsez (pero)
|
|
| Catalina |
|
30762: Re-fix this bug that was re-introduced by the fix
to 37264. (markt)
|
|
37588: Fix JNDI realm creation through JMX. Patch contributed by TerryZhou (fhanik)
|
|
39704: The use of custom classloaders failed when the context
was specified in server.xml. Correction of the fault will require setting
the new loader attribute useSystemClassLoaderAsParent to false. (markt)
|
|
| Webapps |
|
31339: Admin app threw exceptions if a name other than Catalina
was configured for the Engine. Patch based on a suggestion from Amila
Suriarachchi. (markt)
|
|
|
| Tomcat 5.5.18 (yoavs) |
| Catalina |
|
Fix that ManagerBase increment expireSessions counter at background task two times. (pero)
|
|
39406: Fix that StandardSession#getLastAccessedTime() uses correct exception message,
suggested by Takayoshi Kimura. (pero)
|
|
39661: Add documentation on JULI FileHandler properties. (yoavs)
|
|
39657: Warn (and don't load jar) if JSP API is in webapp classloader repository, as suggested by
David Sanchez Crespillo. (yoavs)
|
|
39674: Support JRockit JVM in service.bat script, as suggested by lizongbo. (yoavs)
|
|
39711: Update Loader configuration documentation, as suggested by Stephane Bailliez. (yoavs)
|
|
39865: Add Open Office mime types to conf/web.xml. (markt)
|
|
38814: Align CGI handling of indexed queries, parameters and
POST content with other CGI providers. The changes: only provide
parameters on the command line for indexed queries; always provide the
query string via the QUERY_STRING environment variable; provide POST
content unmodified to stdin; and never call getParameters(). (markt)
|
|
34801: Partial fix that adds handling of IOExceptions during
long running CGI requests. Based on a patch by Chris Davey. (markt)
|
|
39689: Allow single quotes (') and backticks (`) as well as
double quotes (") to be used to delimit SSI attribute values. (markt)
|
|
40053: Correct application deployment documentation so it
agrees with the classloader documentation regarding shared lib and
CATALINA_BASE. (markt)
|
|
39592: Stop HEAD requests for resources handled by SSI
servlet or filter generating stack traces in the logs. (markt)
|
|
Improve handling of the ';' character in the URL so that it is now
allowed if properly %xx encoded. (remm)
|
|
| Coyote |
|
Fix APR endpoint so that the acceptor thread now only processes socket
accepts. (remm)
|
|
| Webapps |
|
39813: Correct handling of new line characters in JMX
attributes. Patch provided by R Bramley. (markt)
|
|
37781: Make sure that StoreConfig save external referenced war files at context.xml correct. (pero)
|
|
39791: Use correct default for useNaming within a Context. (markt)
|
|
Correctly generate re-direct for admin app index.jsp to prevent login page
being displayed twice when cookies are disabled. (markt)
|
|
| Cluster |
|
39473: Session timeout much shorter than setting
at web.xml at cluster environment, suggested by Jin Jiang. (pero)
|
|
|
| Tomcat 5.5.17 (yoavs) |
| General |
|
Update to Xerces 2.8.0 (remm)
|
|
Update to tcnative 1.1.3 (remm)
|
|
| Catalina |
|
Fix SingleSignOn Valve and add Session.getLastAccessTimeInternal() without session invalidation test. (pero)
|
|
38814: CGIServlet correctly handles Shift_JIS output. (markt)
|
|
Add missing REQUEST_URI environment variable to CGI environment. (markt)
|
|
27617: Sync existing mime types with httpd. (keith)
|
|
38761: Handle relative symlinks to shell scripts as suggested by Adam Murray (keith)
|
|
38795: Associate more closely bind with a finally unbind in StandardContext start and
stop, based on a patch by Darryl Miles (remm)
|
|
Improve undeployment robustness (remm)
|
|
Expand the semaphore valve (remm)
|
|
39021: Add back support for authentication only, submitted by Scott Stark (remm)
|
|
Revert fix for 38113, which does not seem a legitimate problem, and causes
regressions (remm)
|
|
Correctly reset listeners when reloading a webapp (remm)
|
|
38194: Don't fail silently if -force is used without CATALINA_PID, submitted by Matthew Buckett. (yoavs)
|
|
38154: Avoid NPE in FileDirContext after webapp undeploy, reported by Jamie Maher. (yoavs)
|
|
38217: Added cautionary note about keystore password to SSL HowTo, as suggested by Ralf Hauser. (yoavs)
|
|
38262: Cleared ambiguity in host documentation, as suggested by Jeffrey Bennett. (yoavs)
|
|
38476: Modified check for null TLD stream, as suggested by Fabrizio Giustina. (yoavs)
|
|
38052: Use userName as userField default. User is at many databases a
reserved keyword, as suggested by rik. (pero)
|
|
Fix handling of non matching if-range header (remm)
|
|
37848: Only output catalina.sh diagnostic messages if we have a TTY, submitted by
David Shaw. (yoavs)
|
|
38596: Minor performance optimization in DataSourceRealm, suggested by Sandy
McArthur. (yoavs)
|
|
| Coyote |
|
Make the default cipher suites available for SSL the same as the set of cipher
suites enabled by default rather than the set of all cipher suites. This prevents
ciphers suites that do not provide confidentiality protection and/or server
authentication being used by default. (markt)
|
|
Move AprEndpoint.getWorkerThread inside the try/catch for the main accept loop, to guard
about an OOM (which would most likely doom the server anyway) (remm)
|
|
As exhibited in the ASF's JIRA installation, it seems EINTR is a status code that should
be ignored as a result to a poll call (remm)
|
|
New APR connectors defaults (remm)
|
|
Add multiple threads for APR pollers, to work around Windows limitations (performance degrades
very rapidly if poller sizes over 1024 are allowed when compiling APR) (remm)
|
|
New modes for firstReadTimeout (-1 being the new default) (remm)
|
|
Replace java.util.Stack usage with a simple array in the APR endpoint (remm)
|
|
tcnative jnilib.c now report correct compile flags for runtime
Library.java checks like sendfile support default true/false (pero)
|
|
| Jasper |
|
38015: Remove misleading warnings logged in TagLibraryInfoImpl, as suggested by Andrew Houghton. (yoavs)
|
|
38376: Make sure body content stack is always properly aligned, as submitted by Tony Deigh. (yoavs)
|
|
Compatibility with JDT 3.2 (remm)
|
|
| Webapps |
|
39292: Update catalina.policy at demo balancer app. Fix provided by Kerry Sainsbury (pero)
|
|
36847: Fixed the manager app copy function to not overwrite fileA with fileB when fileA==fileB.
Fix provided by Haroon Rafique (fhanik)
|
|
38508: Several enhancements to Host Manager application, including configurable
manager app support and dialog box enhancements. Thanks to George Sexton for the patch. (yoavs)
|
|
37781: Make sure context config file is writeable, suggested by George Sexton. (yoavs,pero)
|
|
| Cluster |
|
Add at PooledSocketSender the jmx attributes inPoolSize and inUsePoolSize. (pero)
|
|
DeltaManager set session creationTime at backup node. (pero)
|
|
Add JvmRouteBinderValve documentation at cluster-howto.xml. (pero)
|
|
JvmRouteBinderValve now supports now sessionid's from request and cookies.
Thanks to Brian Stansberry for reporting it. (pero)
|
|
38779 Fix wrong jmx message arg at SimpleTcpCluster
at o.a.c.cluster.tcp.mbeans-descriptors.xml, submitted by Pawel Tucholski (pero)
|
|
Fix that not after every "Keep Alive Socket close" a log warning is generated at TcpReplicationThread (pero)
|
|
39178: Now ROOT.war deployment with FarmWarDeployer is possible (pero)
|
|
ReplicationValve not set primarySession flag when all backup nodes gone (pero)
|
|
Add DeltaSession.getLastAccessTimeInternal() without session invalidation test. (pero)
|
|
|
| Tomcat 5.5.16 (yoavs) |
| General |
|
Updated / enhanced docs to remove old FIXME references. (yoavs)
|
|
Required tcnative library version upgraded to 1.1.2 (remm)
|
|
Update to Eclipse JDT 3.1.2 (remm)
|
|
| Catalina |
|
23950: Context.listBindings() should return objects not
references. (markt)
|
|
38124: Add support for Windows 20xx when reading environment
variables in CGIServlet. (markt)
|
|
29214: response.containsHeader() now returns the correct
value for Content-Type and Content-Length headers. (markt)
|
|
Allow using a custom ContextConfig when using JMX embedding of Tomcat, as
is done by the regular deployer. (remm)
|
|
Add JMX serverInfo attribute to Server MBean, that we can identify
the tomcat release remotely. (pero)
|
|
Fix the JMX MBeanFactory.createStandardHost signature at mbean-descriptors.xml (pero)
|
|
Fix some cases (for example with realm usage) where the container logger for a context
would be retrieved using the wrong classloader (remm)
|
|
HttpSession.getId will no longer throw an ISE when the session is invalid (remm)
|
|
More detailed errors for naming issues (remm)
|
|
Add documentation for the Transaction element (remm)
|
|
Add getContextPath to the internal servlet context implementation (remm)
|
|
Only null instances loaded by the webapp CL, submitted by Matt Jensen (remm)
|
|
Deploy folders which don't have a WEB-INF, and return an error when a context
file does not contain a Context element (remm)
|
|
38653: Fix property name (remm)
|
|
Slightly modify the timing of the manager start, so that it is not started by a
listener (remm)
|
|
Refresh loggers used by the digester (remm)
|
|
Use sendError instead of setStatus to send the 401 code. (billbarker)
|
|
Don't append the port for an SSL redirect if it is the default port. (billbarker)
|
|
| Coyote |
|
Log errors when setting socket options with debug priority rather than error. (remm)
|
|
38100: Make certain that a valid Host name is set, or none at all. (billbarker)
|
|
38485: Fix minor regression setting connection timeout (as well as linger and
no delay) where the default value was always used when using the regular
HTTP connector (remm)
|
|
Pass along more of the SSL related fields to OpenSSL (remm)
|
|
CharChunk now implements CharSequence (remm)
|
|
Fix coding error which could cause a rare crash when a poller error occurred and sockets
where pending being added to the keepalive poller (remm)
|
|
Fix potential sync issues when restarting a poller (remm)
|
|
Update APR error reports, including the error codes (remm)
|
|
38726: Remove duplicate request group field causing blank statistics for the
HTTP connector (remm)
|
|
Fix invalid length used by some AJP packets for the AJP APR connector, which could cause
corruption, submitted by Rudiger Plum (jim)
|
|
38346: Fix problems with request.getReader().readLine().
Patch by Rainer Jung (billbarker)
|
|
Local address reuse for APR Endpoints (via APR_SO_REUSEADDR) now enabled (jim)
|
|
Don't write out the shutdown secret file if shutdown is disabled (the default) (billbarker)
|
|
Fix NPE when no sink is supplied. (billbarker)
|
|
APR Endpoints now IPv6 aware (jim)
|
|
Downgrade "Response already committed" logging entry to DEBUG. (billbarker)
|
|
38113: Return the empty String for an empty query-string instead of null. (billbarker)
|
|
| Jasper |
|
38389: Set correct JDT Compiler option to java 1.5 compliance.
Patch from Olivier Thomann and Paul Hamer (pero)
|
|
Add some useful hints to jasper-howto. (pero).
|
|
38776: Fix source file attribute, submitted by Olivier Thomann (remm)
|
|
| Cluster |
|
Update DeltaManager session access stats (pero)
|
|
DeltaSession getId will no longer throw an ISE when the session is invalid (pero)
|
|
Resurrected the "suspect" property so that the logs don't fill
up with errors when member disappears or a connection is lost. Only useful for pooled mode (fhanik)
|
|
35710: Add session replication for cross context session changes.
The portlet api need this support, see refactored ReplicationValve. (pero)
|
|
ReplicationValve reset DeltaSession when cluster node has no backup node. (pero)
|
|
DataSender close connection and throw exception also even if waitForAck is false. (pero)
|
|
Active cluster junit test again. (pero)
|
|
| Webapps |
|
Fix some XSS issues in the JSP examples. (markt)
|
|
Fix logos in the manager webapp (remm)
|
|
|
| Tomcat 5.5.15 (yoavs) |
| General |
|
32081: Remove the JDK requirement from the Win32 scripts. (keith)
|
|
| Catalina |
|
37852: Fix regression where the magic role '*' was denying all access. Patch by xrcat (billbarker)
|
|
37934: Don't ask for authentication if deny-from-all is in effect. (billbarker)
|
|
15570: auth-constraint of * was interpretted as all
authenticated users rather than as all roles defined in web.xml. (markt)
|
|
Remove leftover static logger which was used to log application level messages in
ApplicationContextFacade (remm)
|
|
38012: Where a CGI script sets a response code, use it. (markt)
|
|
37854: Extension-List checking was too strict. (markt)
|
|
| Coyote |
|
Report binding errors in the APR endpoint as strings rather than platform specific
status codes (remm)
|
|
37934: Don't ask for authentication if deny-from-all is in effect. (billbarker)
|
| 38047: Handle the case where the Servlet attempts to read
the Request body from the AJP/1.3 Connector, in the case that no
body was sent. (billbarker)
|
| 38030: Unconditionally return EOS for an attempt to read
the body of any request that doesn't send CL or TE.
(remm, billbarker).
|
|
| Jasper |
|
35351: Fix problem using an inner class for a <jsp:useBean />. (kinman).
|
|
37929: Don't stop on the generic attribute methods just because the session is invalid. Patch by Pierre Delisle. (billbarker)
|
|
Add system properties org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER and
org.apache.jasper.runtime.JspFactoryImpl.USE_POOL to allow configuring Jasper
memory usage (remm)
|
|
37933: Restrict <jsp:getAttribute /> to only look in PAGE_SCOPE. (billbarker)
|
|
| Cluster |
|
37808: Fix ArrayIndexOutOfBoundsException inside XByteBuffer. Reported by Dietmar Mueller (pero)
|
|
37896DataSender starts new Socket after IOException. (pero)
|
|
Reduce memory usage at membership service. (pero)
|
|
|
| Tomcat 5.5.14 (yoavs) |
| General |
|
Update optional native APR connector version to 1.1.1. (mturk)
|
|
Update build.properties.default to get native connector from new location. (yoavs)
|
|
| Catalina |
|
13040: Fix getContext() when used to obtain a context that is a sub-context
of the current context. Ported from TC4. (markt)
|
|
| Jasper |
|
37746: Remove extra space from StringTokenizer pattern in JspC, as suggested by
Eric Hedstrom. (yoavs)
|
|
| Coyote |
|
36863: Strip quotes when parsing Cookie values, even for v0 Cookies. (billbarker)
|
|
37803: Don't claim that we have a string value in MessageBytes until we actually do.
Patch by Doug Rand (billbarker)
|
|
|
| Tomcat 5.5.13 (yoavs) |
| General |
|
36711: Unused line of code. (yoavs)
|
|
Removed unused SAXPath, Jaxen dependencies. (yoavs)
|
|
Update log4j dependency to version 1.2.12, Struts to 1.2.7. (yoavs)
|
|
Removed JDBC 2.0 StdExt dependency (only class from there is javax.sql.XADataSource, which is
present in JDK 1.4 and later. (yoavs)
|
|
37039: typo on JK Quick configuration how-to. (yoavs)
|
|
37035: Add a placeholder file in the temp directory for WinZip tar.gz handling. (yoavs)
|
|
Update JAF dependency to 1.0.2, JTA to 1.0.1b and JavaMail to 1.3.3_01. (markt)
|
|
Added Eclipse .project, .classpath, and associated files to make building Tomcat from
Eclipse significantly easier. (markt)
|
|
37284: Guess JSE 5.0 location on Mac OS X, patch by Stepan Koltsov. (yoavs)
|
|
: Wrong class name in antlib.xml for JkStatusUpdateTask. (yoavs)
|
|
| Catalina |
|
36802: Fix problem of double-init when JMX-deploying a
Context into a started Host. (billbarker)
|
|
36840: Provide information as to which web.xml is being processed on startup to
help debug parsing errors. (yoavs)
|
|
34724: Ability to set domain for Single-Sign-On cookie. Patch by Oliver
Rossmueller. (yoavs)
|
|
37044: RealmBase.hasResourcePermission needs to access the GenericPrincipal as
set by the realm unless hasRole is overriden, which was no longer being done properly for
the JAAS realm (remm)
|
|
37264: JNDI resources were no longer available when stopping listeners,
submitted by Bogdan Calmac (remm)
|
|
37150: Turn off directory listing by default and add a warning
regarding enabling listing of directories with many entries. (markt)
|
|
Add configurability for the amount of time that the container will wait for requests
to complete when unloading servlets, using the unloadDelay property. (remm)
|
|
Add code to set to null fields in loaded classes when stopping a web application, as a
possible workaround for suspicious garbage collection behavior. (remm)
|
|
Update messages and stack traces for classloading errors which may occur when removing
a web application, and for stopped web applications. (remm)
|
|
37319: Fix catalina.bat reference to CATALINA_BASE for logging.properties. Thanks
to Pierre-Yves Benzaken. (yoavs)
|
|
36852: Custom classloaders don't honor Contet privileged attribute. Thanks to
Matt Brinkley for the analysis and patch. (yoavs)
|
| Fix for a couple of (mostly silly) edge-cases in testing auth.
Thanks to Nam T. Nguyen for the report. (billbarker)
|
|
37060: Actually copy the Request headers when replaying after Form auth. (billbarker)
|
|
37591: Typo in Engine configuration reference. (yoavs)
|
|
37668: Added note about JSP recompilation to Context configuration documentation. (yoavs)
|
|
37132: Have DigestAuthenticator Handle user names with commas. Thanks to
Robert Wille for the patch. (yoavs)
|
|
37212: Better error reporting in Connector.java. Thanks to Ralf Hauser for
the patch. (yoavs)
|
|
| Coyote |
|
Gracefully handle the case where some Socket options are disabled at
the OS level for the AJP/1.3 Connector. (billbarker)
|
|
36366: Use rewritten deployer-howto page by Allistair Crossley. (remm)
|
|
36630: Added extra log output for class instantiation failure. (yoavs)
|
|
37121: Sendfile always needs to be given the length of data to write,
which fixes ranged requests. (remm)
|
|
Optimized direct byte buffers association with the socket for APR connectors. (mturk)
|
|
Fix hidden NPEs when using the APR connectors and there's no host header. (pero, remm)
|
|
Http11Protocol now register RequestProcessor at JMX and show current usage inside manager app. (pero)
|
|
JkStatus Ant tasks for mod_jk 1.2.15. (pero)
|
| Connection Timeout is normal, so reduce logging to DEBUG (billbarker)
|
|
Fix crash which could occur with the HTTP APR connector when accessing request JMX objects
outside of the processing of the said request (remm)
|
|
37627: Fix buffering issue in the HTTP APR connector when a large buffer size was
used for servlets (remm)
|
|
37673: Fix implementation of getLocalPort and getLocalAddr in the HTTP APR connector
(remm)
|
|
| Jasper |
|
35252: Jasper PageDataImpl outputs malformed XML. Patch by Rahul Akolkar. (yoavs)
|
|
37062: Helpful JSP exception message containing file, line numbers. Patch by
Tim Fennell at http://www.tfenne.com/jasper/. (yoavs)
|
|
37407: File descriptor leak in JspReader. Thanks to Fred for the patch. I also
did some minor cleanup in the class. (yoavs)
|
|
37612: Add file location to JSP Validator error message. Thanks to Renaud Bruyeron
for the patch. (yoavs)
|
|
| Cluster |
|
Fix that session replace messages are logged after node recovery get all session from master node. (pero)
|
|
37896 Fix that sendMessage signature at all DataSender subclasses must be changed.
Now pooled and async modes working as expected. (pero)
|
|
Fix that socket at o.a.c.cluster.tcp.FastAsyncSocketSender can be disconnect/connect. (pero)
|
|
Fix cluster module build.xml script for new svn repository structure (pero)
|
|
Fix closed socket exceptions at normal server shutdown, reported by Olve Hansen (pero)
|
|
Fix closed socket exceptions inside async message transfer modes (pero)
|
|
34984: HttpSessionBindingEvent.getValue() get correct value (pero)
|
|
35916: send sessionCreated to SessionListener after cluster node recovery (pero)
|
|
36541: Used also Hashtable at DeltaSession (pero)
|
|
Better support cluster at engine level. (pero)
|
|
36866: Correct attribute name in conf/server.xml documentation for Cluster element. (yoavs)
|
|
37261: Allow xerces to know where the web.xml file is so that relative entities can be resolved.
|
|
37529: Fixed race condition in ReplicationLister#stopListening. Thanks to
Chris Walker for the patch. (yoavs)
|
|
| Webapps |
| Remove obsolete TagPlugin file from JSP examples (billbarker) |
|
36019: Made clear the Host-Manager HowTo is coming soon, not ready yet. (yoavs)
|
|
36336: Check WAR extension in both upper and lower case, as suggested by
A. Grasoff. (yoavs)
|
|
35982: Can't delete mail sessions in admin webapp. (yoavs)
|
|
36673: Similar to the one above, for data sources. (yoavs)
|
|
|
| Tomcat 5.5.12 (yoavs) |
| General |
|
Remove uneeded files in conf. (remm)
|
|
Change distribution file names from jakarta-* to apache-*. (remm)
|
|
| Catalina |
|
Add JMX Remote create and unregister ant tasks (pero)
|
|
36343: Only normalize out backslash on Windows platforms. (billbarker)
|
|
Allow configuring standard stream redirection. (remm)
|
|
36088: Add RUNNING.txt and RELEASE-NOTES.txt to fulldocs distro. (yoavs)
|
|
36534: fix equals for URLs returned by ServletContext.getResource() (luehe)
|
|
36558: Clear IntrospectionUtils cache when stopping a webapp, as it
could leak to keeping a reference to the classloader (remm)
|
|
36113: Session persistence for objects with primitive types could fail in
some rare cases (remm)
|
|
36541: Full synchronization for session objects attributes collections (remm)
|
|
35609: service.bat echo command when wrong arguments given [patch by Robert
Longson] (yoavs)
|
|
34749: jsessionid dropped on trailing slash (/) redirect (remm)
|
|
| Coyote |
|
Add support for secret for AJP APR (remm)
|
|
| Jasper |
|
Fix NPE with an error message when no Java compiler is available (remm)
|
|
Restrict System err stream capture to the Ant compiler, as the Eclipse compiler
does not need it (remm)
|
|
JSP compilation speed improvement using tag library information caching,
submitted by Xingbo Gao (remm)
|
|
Initial contribution of JSTL tag plugins supporting the core tag library of
JSTL, submitted by Jing Li (remm)
|
|
| Cluster |
|
36541: Sync all session attribute access (read and write) at DeltaSession (pero)
|
|
36518: Classname typos for senders, submitted by Christoph Bachhuber-Haller (remm)
|
|
35613: Added FAQ question and answer about tcpListenAddress="auto" and /etc/hosts (yoavs)
|
| | |
|
|
