Links User Guide Reference Apache Tomcat Development | | Tomcat 5.5.27 (fhanik) |
| General |
 |
44463: War file upload in manager webapp fails due to missing
commons-io dependency. Added commons-io 1.4. (rjung)
|
|
| Catalina |
|
44021, 43013: Add support for # to signify multi-level contexts for directories and wars.
|
|
44494: Backport from 6.0 (rjung)
|
|
Add additional checks for URI normalization. (remm)
|
|
Don't throw an ArrayIndexOutOfBoundsException when empty URL is
requested. Patch provided by Charles R Caldarale. (markt)
|
|
29936: Don't use parser from a webapp to parse web.xml and possibly
context.xml files. (markt)
|
|
43079: Correct pattern verification for suspicious URLs.
Patch provided by John Kew. (markt)
|
|
43080: Log suspicious URL pattern warnings to the correct
web application. (markt)
|
|
43117: Setting an empty workDIR could delete all of
CATALINA_HOME. Patch provided by Takayuki Kaneko. (markt)
|
|
44282: Prevent security exception in trace level logging for
web application class loader when running under a security manager.
(markt)
|
|
44529: No roles specified (deny all) should take precedence
over no auth-constraint specified (allow-all). (markt)
|
|
43578: Enable start on Linux if $CATALINA_HOME contains a
space. Original patch provided by Ray Sauers with improvements by Ian
Ward Comfort. (markt)
|
|
44673: Throw IOE if ServletInputStream is closed and a call
is made to any read(), ready(), mark(), reset(), or skip() method as per
javadocs for Reader. (markt)
|
|
Enable the CGIServlet to work with Windows Vista. (markt)
|
|
Add additional permission required to read JDK logging configuration
when running with a security manager. (markt)
|
|
44943: Reduce copy/paste issues caused by different engine
names in server.xml. (markt)
|
|
45195: Prevent NPE when calling
Session.getAttribute(null) and
Session.removeAttribute(null). The spec is unclear but this
is a regression from 5.0.x. (markt)
|
|
45293: Update name of commons-logging jar in security policy.
(markt)
|
|
45453: Fix race condition in JDBC Realm. Based on a patch
provided by Santtu Hyrkk. (markt)
|
|
JAAS Realm did not read role information for users. (markt)
|
|
| Connectors |
 |
Log errors for AJP signoffs at DEBUG level, since it is harmless if
mod_jk has hung up the phone. (billbarker)
|
|
42727: Handle request lines that are exact multiples of 4096
in length. Patch provided by Will Pugh. (markt)
|
|
43191: Compression could not be disabled for some file types.
Based on a patch by Len Popp. (markt)
|
|
45591: Fix NPE on shutdown failure in some cases. Based on a
patch by Matt Passell. (markt)
|
|
| Jasper |
|
31257: Quote endorsed dirs if they contain a space. (markt)
|
|
42943: Make sure nested element is inside <jsp:text>
element before throwing exception. (markt)
|
|
44877: Prevent collisions in tag pool names. (markt)
|
|
45015: Enfore JSP spec rules on quoting in attrbutes. This is
configurable using the system property
org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING.
(markt)
|
|
| Webapps |
|
42899: When saving config from admin app, correctly handle
case where the old config file does not exist. (markt)
|
|
44541: Document packetSize attribute for AJP connector.
(markt)
|
|
44715: Document use of secret for AJP connector. (markt)
|
|
45323: Add note that context.xml files can only contain a
single Context element. (markt)
|
|
Update JNDI datasource docs since maxActive setting for unlimited
changed in commons-pool > 1.2. (markt)
|
|
| Specification |
|
Use a localised error message if a user tries to write a negative length
byte array during default processing of a HEAD request. (markt)
|
|
44562: HEAD requests cannot use includes. Patch provided by
David Jencks. (markt)
|
|
|
| Tomcat 5.5.26 (fhanik) |
| General |
|
Use Eclipse JDT 3.3.1. (pero)
|
|
Use new commons download location. (markt)
|
|
Use commons-launcher 1.1. (markt)
|
|
Use commons-digester 1.8. (markt)
|
|
Use Xerces 2.9.1. (markt)
|
|
Remove usused commons-httpclient. (funkman)
|
|
Use commons-collections 3.2. (markt)
|
|
Use commons-fileupload 1.2. (markt)
|
|
Use MX4J 3.0.2. (markt)
|
|
Use JUnit 3.8.2. (markt)
|
|
Use NSIS 2.34. (markt)
|
|
Use Struts 1.2.9. (markt)
|
|
Use JAF 1.1.1. (markt)
|
|
Use JTA 1.1. (markt)
|
|
Use JavaMail 1.4.1. (markt)
|
|
Use PureTLS 0.9b5. (markt)
|
|
Use commons-pool 1.4. (markt)
|
|
43594: Use setenv from CATALINA_BASE (if set) in preference
to the one in CATALINA_HOME. Patch provided by Shaddy Baddah. (markt)
|
|
Fix CVE-2007-5342 by limiting permissions granted to JULI. (markt)
|
|
| Catalina |
| 38131: WatchedResource doesn't work if app is outside host appbase webapps.
Patch provided by Peter Lynch (pero)
|
|
Set correct sessionCounter at StandardManager after reload sessions. (pero)
|
|
Fix NPE situation at AccessLogValve (pero)
|
|
30949: Improve previous fix. Ensure requests are recycled
on cross-context includes and forwards when an exception occurs in the
target page. (markt)
|
|
43216: Set correct StandardSession#accessCount as system property STRICT_SERVLET_COMPLIANCE is true after application restart with SESSION.ser file.
Patch provided by Takayuki Kaneko (pero)
|
 |
Made session createTime accessible for all SessionManager via JMX (pero)
|
|
Support logging of all response header values at ExtendedAccessLogValve (ex. add x-O(Set-Cookie) to your pattern). (pero)
|
|
Support logging of current thread name at AccessLogValve (ex. add %I to your pattern).
Usefull to compare access logging entry later with a stacktraces. (pero)
|
|
o.a.juli.ClassLoaderLogManager handle more then one system property replacement at file logging.properties. (pero)
|
|
43236: Reset usingWriter and associated flags when response
is reset. (markt)
|
|
43241: ServletContext.getResourceAsStream() not spec
compliant. Patch provided by John Kew. (markt)
|
|
43675: Fix a possible logging related class loader leak.
(markt)
|
|
43687: Remove conditional headers on Form Auth replay, since the UA (esp. FireFox) isn't expecting it. (billbarker)
|
|
Fix bug in CGI Servlet that caused it to fail when a CGI resource was
included in another resource. (markt)
|
|
Cookie handling/parsing changes!
The following behavior has been changed with regards to Tomcat's cookie
handling:
a) Cookies containing control characters, except 0x09(HT), are rejected
using an InvalidArgumentException.
b) If cookies are not quoted, they will be quoted if they contain
tspecials(ver0) or tspecials2(ver1)
characters.
c) Escape character '\\' is allowed and respected as a escape character,
and will be unescaped during parsing.
|
|
43839: URL based session tracking fails when session cookie
from parent context is present. Based on a patch by Yuan Qingyun.
(markt)
|
|
43887: Include exception in the log message. (markt)
|
|
43914: Location headers must be encoded. Patch provided by
Ivan Todoroski. (markt)
|
|
43957: Service.bat didn't configure logging correctly.
Patch provided by Richard Fearn. (markt)
|
|
44041: Fix duplicate class definition error under load.
(markt)
|
|
44084: JASSRealm is broken for application provided
Principals. Patch provided by Noah Levitt. (markt)
|
|
| Jasper |
|
43702: Reduce length of unnecessarily long class names for
the inner helper class when using simple tags. (markt)
|
|
43757: Rather than use string matching to work out the line
in the JSP with the error, use the SMAP info and the knowledge that for
a scriptlet there is a one to one line mapping. (markt)
|
|
| Cluster |
|
Fix FarmWarDeployer can be only configured at host subelement (pero)
|
|
Fix wrong && at ReplicationValve (pero)
|
|
DeltaManager sessionCounter must be also increment at relicated sessions. (pero)
|
|
Made attribute createTime accessible for all DataSenders. (pero)
|
|
| Webapps |
|
Fix CVE-2007-5461, an important information disclosure vulnerability in
the WebDAV Servlet. (markt)
|
|
43611: Provide an error message when trying to upload a WAR
for a context that has been defined in server.xml. (markt)
|
|
44094: Add note to docs about side-effects of setting
privileged on a context. (markt)
|
|
| Coyote |
|
43479: Fix memory leak cleaning up sendfile connections.
(markt)
|
|
43622: Don't always overwrite min compression size with
default. (markt)
|
|
43995: No timeout for sendfile (TODO item had been
forgotten). (markt)
|
|
|
| Tomcat 5.5.25 (fhanik) |
| General |
 |
Correct j.u.l log levels in JULI docs. (rjung)
|
|
Update to Commons Modeler 2.0.1, fix embed release starting issue. (pero)
|
|
| Catalina |
|
Handle special case of ROOT when re-loading webapp after ROOT.xml has
been modified. In some circumstances the reloaded ROOT webapp had no
associated resources. (markt)
|
|
Fix WebDAV Servlet so it works correctly with MS clients. (markt)
|
|
Remove invalid attribute "encoding" of MBean MemoryUserDatabase,
which lead to errors in the manager webapp JMXProxy output. (rjung)
|
|
Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host
Manager. Reported by Daiki Fukumori. (markt)
|
|
39055: Add JMXAdaptorLifecycleListener to start JMX Connector
with fixed naming and data ports. This feature is needed to have stable
remote access when a firewall is active. The adaptor reads all standard
JMX system properties (-Dcom.sun.management.jmxremote.XXX). Currently
only included at src release (uses JDK 1.5 classes).
Feature provided by George Lindholm and Juergen Herrman (pero)
|
|
41722: Make the role-link element optional (as required by
the spec) when using a security-role-ref element. (markt)
|
|
42547: Fix NPE when a ResourceLink in context.xml tries to
override an env-entry in web.xml. (markt)
|
|
42944: Correctly handle servlet mappings that use a '+'
character as part of the url pattern. (markt)
|
|
Improve large-file support (more then 4 Gb) at all AccessLogValves. (pero)
|
|
43129: Support logging of response headers at AccessLogValve (ex. add %{Set-Cookie}o to your pattern). (pero)
|
|
| Jasper |
|
2500: FileNotFoundException within a JSP pages resulted in a
404 rather than a 500. (markt)
|
|
37326: No error reported when an included page does not
exist. (markt)
|
|
42643: Prevent creation of duplicate JSP function mapper
variables. (markt)
|
|
42314: Provide compilation error details in cases where the
error can't be mapped back to a source file. (markt)
|
|
| Webapps |
|
Don't write error on System.out, use log() instead. (rjung)
|
|
Fix XSS security vulnerabilities (CVE-2007-2449) in the examples.
Reported by Toshiharu Sugiyama. (markt)
|
|
39212: Fix possible NPE in DummyCart example and remove
redundant code. (markt)
|
|
42979: Update sample.war to include recent security fixes
in the source code. (markt)
|
|
| Coyote |
|
Separate sequence increment from getter in ThreadPool to avoid
misleading increments during monitoring via JMX. (rjung)
|
|
| Cluster |
|
40042: Recovery membership heartbeat after interface down. (pero)
|
|
42691: Don't set access time after session sync. Fix that sessions
after node restart better expire. Requested by Casey Lucas (pero)
|
|
Backport Tomcat 6 cluster socket parameter. (pero)
|
|
Fix typo in new MBean attribute which lead to errors in the manager webapp JMXProxy output. (rjung)
|
|
42689: No way to timeout new connect attempts for replication sockets.
Patch by Casey Lucas (pero)
|
|
Fix timeout setting on a replicated DeltaSession.
Patch by Alexander Maas (fhanik,pero)
|
|
42720: Don't send a message if no cluster member exists.
Patch by Keiichi Fujino (pero)
|
|
|
| Tomcat 5.5.24 (fhanik) |
| General |
|
Update to Commons DBCP src 1.2.2 (pero)
|
|
Update to Commons Pool src 1.3 (pero)
|
|
| Catalina |
|
33774 Retry JNDI authentiction on ServiceUnavailableException
as at least one provider throws this after an idle connection has been
closed. (markt)
|
|
40593 Cleanup that Listener stop after Manager stop
at StandardContext.stop(). Patch by Suzuki Yuichiro (pero)
|
|
41747 Correct example ant script for deploy task. (markt)
|
|
41752 Correct error message on exception in MemoryRealm.
(markt)
|
|
39875 Minor cleanup in RealmBase.init, as requested by Takayoshi Kimura. (yoavs)
|
|
41477 Add commons-el.jar to bin/catalina-tasks.xml, required for jasper2 tasks
using EL. Patch by Daniel Santos. (yoavs)
|
|
40150 Ensure user and role classnames are validated on startup. Patch by
Tom. (yoavs)
|
|
42039 Log a stack trace if a servlet throws an
UnavailableException. Patch provided by Kawasima Kazuh. (markt)
|
|
41990 Add some additional mime-type mappings. (markt)
|
|
41655 Fix message translations. Japanese translations
provided by Suzuki Yuichiro. (markt)
|
|
41939 Add configuration option to disable nulling of static
and final fields of loaded classes when stopping a web application
classloader. Setting the system property
org.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES to
false will stop these fields being set to null on context stop. (markt)
|
|
Fix a logging related memory leak in ManagerBase and
ApplicationDispatcher. (markt)
|
|
42354: Ensure JARs in webapps are scanned for TLDs when the
Tomcat installation path contains spaces. (markt)
|
|
42361: Handle multi-part forms when saving requests during
FORM authentication process. Patch provided by Peter Runge. (markt)
|
|
42401: Update RUNNING.txt with better JRE/JDK information.
(markt)
|
|
42497: Ensure ETag header is present in a 304 response.
Patch provided by Len Popp. (markt)
|
|
Allow for a forward/include to call getAttributeNames on the Request in a sandbox. (billbarker)
|
|
And getSession() operation to StandardManager and DeltaManager JMX Interface (pero)
|
|
| Webapps |
|
Update host configuration document for new behaviour for directories
in appBase. (markt)
|
|
39883 Add note to context configuration document about using
antiResourceLocking on a webapp outside the Host's appBase directory. (yoavs)
|
|
39540 Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)
|
|
41289: Create configBase, since it is no longer created elsewhere.
Submitted by Shiva Kumar H R. (pero)
|
|
42103: Use correct names for truststoreFile, truststoreType and
truststorePass when saving server.xml in Admin webapp. Patch provided by
Matheus Bastos. (markt)
|
|
42025: Update valve documentation to refer to correct regular
expression implementation. (markt)
|
|
41956: Don't skip the connector address attribute when
persisting server.xml changes via the admin webapp. (markt)
|
|
| Coyote |
|
40960 Inconsistent exception type thrown on socket timeout in
InternalAprInputBuffer. Patch by Christophe Pierret. (yoavs)
|
|
41675 Add a couple of DEBUG-level logging statements to Http11Processors
when sending error responses. Patch by Ralf Hauser. (yoavs)
|
|
42119 Fix return value for request.getCharacterEncoding() when
Content-Type headers contain parameters other than charset. Patch by
Leigh L Klotz Jr. (markt)
|
|
36155 Always reset the MB when doing getBytes in the JK Connector (billbarker)
|
|
Improve large-file support in the AJP Connectors (billbarker)
|
|
| Cluster |
|
Receiver can also use tcpListenAddress with a hostname. (rjung, pero)
|
|
DeltaRequest synchronized getSize() and show log message as
readExternal() failure. (rjung, pero)
|
|
Add DeltaManager expireTolerance attribute to quicker auto expire long backup sessions. (rjung, pero)
|
|
Add DeltaManager updateActiveIntervall attribute to send every 60 sec a session access message. (rjung, pero)
|
|
39866 Duplicate names appended to cluster manager name. (yoavs)
|
|
| Jasper |
|
39425 Add additional system property permission to
catalina.policy for pre-compiled JSPs. (markt)
|
|
41227 Add a bit of DEBUG-level logging to JspC so users know
which file is being compiled. (yoavs)
|
|
41869 TagData.getAttribute() should return
TagData.REQUEST_TIME_VALUE when the attribute value is an EL expression.
(markt)
|
|
42071 Fix IllegalStateException on multiple requests to
an unavailable JSP. Patch provided by Kawasima Kazuh. (markt)
|
|
After a JSP throws an UnavailableException allow it to be accessed once
the unavailable period has expired. (markt)
|
|
42072 Don't call destroy() if the associated init() fails.
Patch provided by Kawasima Kazuh. (markt)
|
|
Fix a logging related memory leak in PageContextImpl. (markt)
|
|
42438 Duplicate temporary variables were created when
jsp:attribute was used in conjunction with custom tags. Patch provided
by Brian Lenz. (markt)
|
|
|
| Tomcat 5.5.23 (fhanik) |
| Catalina |
|
41608 Make log levels consistent when Servlet.service()
throws an exception. (markt)
|
|
41666 Correct handling of boundary conditions for
If-Unmodified-Since and If-Modified-Since headers. Patch provided by
Suzuki Yuichiro. (markt)
|
|
41674 Fix error messages when parsing context.xml that
incorrectly referred to web.xml. (markt)
|
|
41739 Correct handling of servlets with a load-on-startup
value of zero. These are now the first servlets to be started. (markt)
|
|
| Coyote |
|
Requests with multiple content-length headers are now rejected. (markt)
|
|
|
| Tomcat 5.5.21 (fhanik) |
| Catalina |
|
41401: StandardService.getConnectorNames() return array of
Connector JMX objectnames. (pero)
|
|
29727: If env-entry values in web.xml are changed then
ensure new values are applied when context is reloaded. (markt)
|
|
34956: Ensure request and response objects passed to a
RequestDispatcher meet the requirements of SRV.8.2 and
SRV.14.2.5.1. This is disabled by default. The Java option
-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
is required to enable this test. (markt)
|
|
36274: When including static content with the
DefaultServlet also treat content types ending in xml as text.
(markt)
|
|
36976: Don't use CATALINA_OPTS when stopping Tomcat. This
allows options for starting and stopping to be set on JAVA_OPTS and
options for starting only to be set on CATALINA_OPTS. Without this
fix, some startup options (eg the port for remote JMX) would cause
stop to fail. Based on a fix suggested by Michael Vorburger. (markt)
|
|
37070: Update mbean name documentation to include the
StandardWrapper. (markt)
|
|
37356: Ensure sessions time out correctly. This has been
fixed by removing the accessCount feature by default. This feature
prevents the session from timing out whilst requests that last
longer than the session time out are being processed. This feature
is enabled by setting the Java option
-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
The feature is now implemented with synchronization which addresses
the thread safety issues associated with the original bug report.
(markt)
|
|
37439: Update documentation for Engine component to add
the requirement that the name must be unique. (markt)
|
|
37458: Add syncs to the WebappClassloader to address
rare issues when multiple threads attempt to load the same class
concurrently. (markt)
|
|
37509: Do not remove whitespace from the end of values
defined in logging.properties files. (markt)
|
|
38198: Add reference to Context documentation from Host
documentation that explains how Context name is obtained from the
Context filename. (markt)
|
|
39088: Prevent infinte loops when an exception is thrown
that returns itself for getRootCause(). Based on a patch by Wouter
Zelle. (markt)
|
|
39436: Correct MIME type for SVG. (markt)
|
|
39627: JULI no longer ignores a ".level=XXX" directive
in logging.properties. Patch provided by Roger Keays and Richard
Fearn. (markt)
|
|
39724: Removing the last valve from a pipeline did not
return the pipeline to the original state. Patch provided by
David Gagon. (markt)
|
|
40367: Update JK auto configuration documentation to clarify
that workers.properties must also exist. (markt)
|
|
40524: HttpServletRequest.getAuthType() now returns
CLIENT_CERT rather than CLIENT-CERT for certificate authentication
as per the spec. Note that web.xml continues to use CLIENT-CERT to
specify the certificate authentication should be used. (markt)
|
|
40526: Add support for JPDA_OPTS to catalina.bat and add a
JPDA_SUSPEND environment variable to both startup scripts. Patch
provided by Kurt Roy. (markt)
|
|
40528: Add missing message localisations as provided by
Ben Clifford. (markt)
|
|
40585: Fix parameterised constructor for o.a.juli.FileHandler
so parameters have an effect. (markt)
|
|
40625: Stop CGIServlet swallowing the root cause of an
exception. Patch provided by Takayoshi Kimura. (markt)
|
|
40723: Correct table creation example in JavaDoc for
JDBCAccessLogValve. (markt)
|
|
40802: Add jsp-api.jar to fileset in catalina-tasks.xml as provided by
Daniel Santos. (pero)
|
|
40817: Correct problem where CGI scripts in the root of the
ROOT context threw a StringIndexOutOfBoundsException.
(markt)
|
|
Set the SCRIPT_FILENAME environment variable required
by PHP when using the CGIServlet to execute PHP. (markt)
|
|
40823: Update context doc to clarify use of ROOT.xml,
multi-level context paths and to further discourage use of server.xml
(markt)
|
|
40844: Add additional syncs to JDBCRealm to resolve NPE when
two users try to authenticate using DIGEST authentication at the same
time. (markt)
|
|
40860: Log exceptions and other problems during parameter
processing. (markt)
|
|
40901: Encode directory listing output. Based on a patch
provided by Chris Halstead. (markt)
|
|
40929: Correct JavaDoc for StandardCalssLoader. (markt)
|
|
41008: Allow POST to be used for indexed queries with CGI
Servlet. Patch provided by Chris Halstead. (markt)
|
|
41020: Improve error message when custom error report Valve
fails to load. Also remove requirement that custom error report Valves
extend ValveBase. (markt)
|
|
41217: Set secure attribute on SSO cookie when cookie is
created during a secure request. Patch provided by Chris Halstead.
(markt)
|
|
Ensure Accept-Language headers conform to RFC 2616. Ignore them if
they do not. (markt)
|
|
Make provided instances of RequestDispatcher thread safe. (markt)
|
|
Fix formatting of CGI variable SCRIPT_NAME. (markt)
|
|
34643: Improved documentation for per-user / per-session clientAuth
usage in SSL Authenticator. Docs provided by jack and Ralf Hauser. (yoavs)
|
|
40668: Update release notes and readme files specific to v5.5.20 to
notify users of missing MailSessionFactory in distribution, suggest workarounds,
and link to relevant Bugzilla issue. (yoavs)
|
|
37977: adapt BUILDING.txt and net build.xml for SVN. Patch by
Christopher Sahnwaldt. (yoavs)
|
|
39055: Link to sample workaround code for using JSR160 JMX monitoring
with a local firewall. Thanks to George Lindholm for the patch. (yoavs)
|
|
39476: add xml declaration to most build.xml files, as suggested by
Gregory S. Hoerner Sr. (yoavs)
|
|
40326: stop using File#deleteOnExit in DefaultServlet to avoid
JVM memory leak, as suggested by quartz. (yoavs)
|
|
40192: update setup.html notes regarding Windows tray icon. (yoavs)
|
|
40177: add more warnings to documentation about RequestDumperValve
character encoding. (yoavs)
|
|
39255: NPE in AuthenticatorBase when logging level is set to DEBUG
and no prinicpal found. (yoavs)
|
|
41437: Make log messages and loglevel consistent during Context
start. Patch provided by Suzuki Yuichiro. (markt)
|
|
| Coyote |
|
38332: Add backlog attribute to ChannelSocket as provided by
Takayoshi Kimura. (pero)
|
|
Backport packetSize feature from Tomcat 6.0.x at standard coyote AJP Jk handler. (pero)
|
|
40771: Fix implementation of
SavedRequestInputFilter.doRead() so POST data may be read using a
Valve or Filter. Patch provided by Michael Dufel. (markt)
|
|
41017: Restore behaviour of MessageBytes.setString(null).
(remm/markt)
|
|
41057: Modify StringCache to add a configurable upper bound
to the length of cached strings. (remm/markt)
|
|
38774: Check javax.net.ssl.keyStorePassword system property as a secondary
source for keystore password in JSSESocketFactory, as suggested by Ted X. Toth. (yoavs)
|
|
39402: Modify existing Vary HTTP header, rather than overwrite it, if it
exists when using GZip compression. Patch by Matthew Cooke. (yoavs)
|
|
40241: Catch Exceptions instead of Throwables in Default and SSI servlets.
Also improve relevant logging while we're at it. (yoavs)
|
|
40133: Better error message when context name is not available on startup,
as suggested by Andreas Plesner Jacobsen. (yoavs)
|
|
| Jasper |
|
39975: don't have static Log references to prevent
classloader leaks. (yoavs)
|
|
40104: When displaying JSP source after an exception, handle
included files. (markt)
|
|
40797: This was a regression as a result of the fix for
33407. TLD validation was failing as a result of the use
of the escape character (0x1b) as a temporary replacement for \$.
An alternative character (0xe000) from the unicode private use range
is now used. (markt)
|
|
41057: Make jsp:plugin output XHTML compliant. (markt)
|
|
41327: Show full URI for a 404. Patch provided by Vijay.
(markt)
|
|
41265: Allow JspServlet checkInterval init parameter to be
explicitly set to the stated default value of zero by removing the
code that resets it to 300 if explicitly specified as zero. (markt)
|
|
Display the JSP source when a compilation error occurs and display
the correct line number rather than start of a scriptlet block. (markt)
|
|
| Webapps |
|
34952: Clarify that the Windows Installer always installs
a Windows service. (markt)
|
|
35968: Make environment entry properties input a text area.
Patch provided by Tristan Marly. (markt)
|
|
37588: Fix creation of JNDI Realm in admin application. Patch
provided by Terry Zhou. (markt)
|
|
38048: Fix memory leak assoaciated with use of expression
language in JSPs. Patch provided by Taras Tielkes. (markt)
|
|
39572: Improvements to CompressionFilter example provided by
Eric Hedström. (markt)
|
|
40507: Update host-manager and servlet-examples web-apps to
use the servlet 2.4 xsd. Patch provided by Chris Halstead. (markt)
|
|
40581: Add information on the use of a symbloic link as the
docBase for a Context to the Context documentation. (markt)
|
|
40633: Remove references to the DefaultContext from the
documentation. (markt)
|
|
40677: Update SSL documentation to indicate that PKCS11
keystores may be used. (markt)
|
|
40714: Admin webapp no longer requires a username for a
DataSource since it is not required in all cases. (markt)
|
|
40720: Fix exception in admin webapp when adding a group to
a user. (markt)
|
|
40874: Correct log4j configuration in documentation webapp.
Patch provided by Franck Borel. (markt)
|
|
40999: Add trust store configuration for SSL connectors to
the admin webapp. (markt)
|
|
41051: Add information on keystore aliases and case
sensitivity to SSL HOW-TO. (markt)
|
|
41182: Update the Jasper documentation for the classpath
attribute. (markt)
|
|
41493: Fix handling of APR connectors in Admin webapp.
(markt)
|
|
41512: Version number was not inserted in release notes.
(markt)
|
|
40257: Update Manager webapp howto on remote deployment to reflect
need for explicit path in one specific use-case. Thanks to Venkatesh Jayaraman. (yoavs)
|
|
40160: add reference to the Filter proposed in this Bugzilla item to the WebdavServlet.
While at it, give the WebdavServlet some long-overdue TLC by cleaning up some of the old data
structures in favor of modern (but still JDK 1.4-compliant) interfaces. (yoavs)
|
|
Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)
|
|
| Cluster |
|
Add clustered SSO code and backport feature from Tomcat 6.0.x,
submitted by Fabien Carrion (pero)
|
|
Add better recovery at FastAsyncQueueSender. Made the startegy more robust for temporary connection problems (pero)
|
|
|
| Tomcat 5.5.20 (fhanik) |
| Catalina |
|
Fix logic error in UserDatbaseRealm.getprincipal() that caused user
roles assigned via groups to be ignored. (markt)
|
|
40518: Use correct message when a RuntimeException is
thrown from the requestInitialized or requestDestroyed method of
a listener that implements ServletRequestListener. (markt)
|
|
| Jasper |
|
31804: Unnested tags within a tag file are now configured
with the Tag represented by the containing tag file as their parent
tag. (markt)
|
|
33356: Tag attributes that contained $ followed by 1 or
more non-special characters and then a { character caused an
exception. (markt)
|
|
33407: The string \$ in template text was reduced to $
when the isELIgnored page directive was set to true. (markt)
|
|
34509: Tag names may now use the full range of
characters permitted by xsd:nmtoken. (markt)
|
|
| Webapps |
|
34399: Disable undeploy for applications that have not
been deployed such as those defined in server.xml (markt)
|
|
|
| Tomcat 5.5.19 (fhanik) |
| General |
|
Add multi attribute setting to jmx:set JMX remote ant task.
Patch contributed by Didier Donsez (pero)
|
|
| Catalina |
|
30762: Re-fix this bug that was re-introduced by the fix
to 37264. (markt)
|
|
37588: Fix JNDI realm creation through JMX. Patch contributed by TerryZhou (fhanik)
|
|
39704: The use of custom classloaders failed when the context
was specified in server.xml. Correction of the fault will require setting
the new loader attribute useSystemClassLoaderAsParent to false. (markt)
|
|
| Webapps |
|
31339: Admin app threw exceptions if a name other than Catalina
was configured for the Engine. Patch based on a suggestion from Amila
Suriarachchi. (markt)
|
|
|
| Tomcat 5.5.18 (yoavs) |
| Catalina |
|
Fix that ManagerBase increment expireSessions counter at background task two times. (pero)
|
|
39406: Fix that StandardSession#getLastAccessedTime() uses correct exception message,
suggested by Takayoshi Kimura. (pero)
|
|
39661: Add documentation on JULI FileHandler properties. (yoavs)
|
|
39657: Warn (and don't load jar) if JSP API is in webapp classloader repository, as suggested by
David Sanchez Crespillo. (yoavs)
|
|
39674: Support JRockit JVM in service.bat script, as suggested by lizongbo. (yoavs)
|
|
39711: Update Loader configuration documentation, as suggested by Stephane Bailliez. (yoavs)
|
|
39865: Add Open Office mime types to conf/web.xml. (markt)
|
|
38814: Align CGI handling of indexed queries, parameters and
POST content with other CGI providers. The changes: only provide
parameters on the command line for indexed queries; always provide the
query string via the QUERY_STRING environment variable; provide POST
content unmodified to stdin; and never call getParameters(). (markt)
|
|
34801: Partial fix that adds handling of IOExceptions during
long running CGI requests. Based on a patch by Chris Davey. (markt)
|
|
39689: Allow single quotes (') and backticks (`) as well as
double quotes (") to be used to delimit SSI attribute values. (markt)
|
|
40053: Correct application deployment documentation so it
agrees with the classloader documentation regarding shared lib and
CATALINA_BASE. (markt)
|
|
39592: Stop HEAD requests for resources handled by SSI
servlet or filter generating stack traces in the logs. (markt)
|
|
Improve handling of the ';' character in the URL so that it is now
allowed if properly %xx encoded. (remm)
|
|
| Coyote |
|
Fix APR endpoint so that the acceptor thread now only processes socket
accepts. (remm)
|
|
| Webapps |
|
39813: Correct handling of new line characters in JMX
attributes. Patch provided by R Bramley. (markt)
|
|
37781: Make sure that StoreConfig save external referenced war files at context.xml correct. (pero)
|
|
39791: Use correct default for useNaming within a Context. (markt)
|
|
Correctly generate re-direct for admin app index.jsp to prevent login page
being displayed twice when cookies are disabled. (markt)
|
|
| Cluster |
|
39473: Session timeout much shorter than setting
at web.xml at cluster environment, suggested by Jin Jiang. (pero)
|
|
|
| Tomcat 5.5.17 (yoavs) |
| General |
|
Update to Xerces 2.8.0 (remm)
|
|
Update to tcnative 1.1.3 (remm)
|
|
| Catalina |
|
Fix SingleSignOn Valve and add Session.getLastAccessTimeInternal() without session invalidation test. (pero)
|
|
38814: CGIServlet correctly handles Shift_JIS output. (markt)
|
|
Add missing REQUEST_URI environment variable to CGI environment. (markt)
|
|
27617: Sync existing mime types with httpd. (keith)
|
|
38761: Handle relative symlinks to shell scripts as suggested by Adam Murray (keith)
|
|
38795: Associate more closely bind with a finally unbind in StandardContext start and
stop, based on a patch by Darryl Miles (remm)
|
|
Improve undeployment robustness (remm)
|
|
Expand the semaphore valve (remm)
|
|
39021: Add back support for authentication only, submitted by Scott Stark (remm)
|
|
Revert fix for 38113, which does not seem a legitimate problem, and causes
regressions (remm)
|
|
Correctly reset listeners when reloading a webapp (remm)
|
|
38194: Don't fail silently if -force is used without CATALINA_PID, submitted by Matthew Buckett. (yoavs)
|
|
38154: Avoid NPE in FileDirContext after webapp undeploy, reported by Jamie Maher. (yoavs)
|
|
38217: Added cautionary note about keystore password to SSL HowTo, as suggested by Ralf Hauser. (yoavs)
|
|
38262: Cleared ambiguity in host documentation, as suggested by Jeffrey Bennett. (yoavs)
|
|
38476: Modified check for null TLD stream, as suggested by Fabrizio Giustina. (yoavs)
|
|
38052: Use userName as userField default. User is at many databases a
reserved keyword, as suggested by rik. (pero)
|
|
Fix handling of non matching if-range header (remm)
|
|
37848: Only output catalina.sh diagnostic messages if we have a TTY, submitted by
David Shaw. (yoavs)
|
|
38596: Minor performance optimization in DataSourceRealm, suggested by Sandy
McArthur. (yoavs)
|
|
| Coyote |
|
Make the default cipher suites available for SSL the same as the set of cipher
suites enabled by default rather than the set of all cipher suites. This prevents
ciphers suites that do not provide confidentiality protection and/or server
authentication being used by default. (markt)
|
|
Move AprEndpoint.getWorkerThread inside the try/catch for the main accept loop, to guard
about an OOM (which would most likely doom the server anyway) (remm)
|
|
As exhibited in the ASF's JIRA installation, it seems EINTR is a status code that should
be ignored as a result to a poll call (remm)
|
|
New APR connectors defaults (remm)
|
|
Add multiple threads for APR pollers, to work around Windows limitations (performance degrades
very rapidly if poller sizes over 1024 are allowed when compiling APR) (remm)
|
|
New modes for firstReadTimeout (-1 being the new default) (remm)
|
|
Replace java.util.Stack usage with a simple array in the APR endpoint (remm)
|
|
tcnative jnilib.c now report correct compile flags for runtime
Library.java checks like sendfile support default true/false (pero)
|
|
| Jasper |
|
38015: Remove misleading warnings logged in TagLibraryInfoImpl, as suggested by Andrew Houghton. (yoavs)
|
|
38376: Make sure body content stack is always properly aligned, as submitted by Tony Deigh. (yoavs)
|
|
Compatibility with JDT 3.2 (remm)
|
|
| Webapps |
|
39292: Update catalina.policy at demo balancer app. Fix provided by Kerry Sainsbury (pero)
|
|
36847: Fixed the manager app copy function to not overwrite fileA with fileB when fileA==fileB.
Fix provided by Haroon Rafique (fhanik)
|
|
38508: Several enhancements to Host Manager application, including configurable
manager app support and dialog box enhancements. Thanks to George Sexton for the patch. (yoavs)
|
|
37781: Make sure context config file is writeable, suggested by George Sexton. (yoavs,pero)
|
|
| Cluster |
|
Add at PooledSocketSender the jmx attributes inPoolSize and inUsePoolSize. (pero)
|
|
DeltaManager set session creationTime at backup node. (pero)
|
|
Add JvmRouteBinderValve documentation at cluster-howto.xml. (pero)
|
|
JvmRouteBinderValve now supports now sessionid's from request and cookies.
Thanks to Brian Stansberry for reporting it. (pero)
|
|
38779 Fix wrong jmx message arg at SimpleTcpCluster
at o.a.c.cluster.tcp.mbeans-descriptors.xml, submitted by Pawel Tucholski (pero)
|
|
Fix that not after every "Keep Alive Socket close" a log warning is generated at TcpReplicationThread (pero)
|
|
39178: Now ROOT.war deployment with FarmWarDeployer is possible (pero)
|
|
ReplicationValve not set primarySession flag when all backup nodes gone (pero)
|
|
Add DeltaSession.getLastAccessTimeInternal() without session invalidation test. (pero)
|
|
|
| Tomcat 5.5.16 (yoavs) |
| General |
|
Updated / enhanced docs to remove old FIXME references. (yoavs)
|
|
Required tcnative library version upgraded to 1.1.2 (remm)
|
|
Update to Eclipse JDT 3.1.2 (remm)
|
|
| Catalina |
|
23950: Context.listBindings() should return objects not
references. (markt)
|
|
38124: Add support for Windows 20xx when reading environment
variables in CGIServlet. (markt)
|
|
29214: response.containsHeader() now returns the correct
value for Content-Type and Content-Length headers. (markt)
|
|
Allow using a custom ContextConfig when using JMX embedding of Tomcat, as
is done by the regular deployer. (remm)
|
|
Add JMX serverInfo attribute to Server MBean, that we can identify
the tomcat release remotely. (pero)
|
|
Fix the JMX MBeanFactory.createStandardHost signature at mbean-descriptors.xml (pero)
|
|
Fix some cases (for example with realm usage) where the container logger for a context
would be retrieved using the wrong classloader (remm)
|
|
HttpSession.getId will no longer throw an ISE when the session is invalid (remm)
|
|
More detailed errors for naming issues (remm)
|
|
Add documentation for the Transaction element (remm)
|
|
Add getContextPath to the internal servlet context implementation (remm)
|
|
Only null instances loaded by the webapp CL, submitted by Matt Jensen (remm)
|
|
Deploy folders which don't have a WEB-INF, and return an error when a context
file does not contain a Context element (remm)
|
|
38653: Fix property name (remm)
|
|
Slightly modify the timing of the manager start, so that it is not started by a
listener (remm)
|
|
Refresh loggers used by the digester (remm)
|
|
Use sendError instead of setStatus to send the 401 code. (billbarker)
|
|
Don't append the port for an SSL redirect if it is the default port. (billbarker)
|
|
| Coyote |
|
Log errors when setting socket options with debug priority rather than error. (remm)
|
|
38100: Make certain that a valid Host name is set, or none at all. (billbarker)
|
|
38485: Fix minor regression setting connection timeout (as well as linger and
no delay) where the default value was always used when using the regular
HTTP connector (remm)
|
|
Pass along more of the SSL related fields to OpenSSL (remm)
|
|
CharChunk now implements CharSequence (remm)
|
|
Fix coding error which could cause a rare crash when a poller error occurred and sockets
where pending being added to the keepalive poller (remm)
|
|
Fix potential sync issues when restarting a poller (remm)
|
|
Update APR error reports, including the error codes (remm)
|
|
38726: Remove duplicate request group field causing blank statistics for the
HTTP connector (remm)
|
|
Fix invalid length used by some AJP packets for the AJP APR connector, which could cause
corruption, submitted by Rudiger Plum (jim)
|
|
38346: Fix problems with request.getReader().readLine().
Patch by Rainer Jung (billbarker)
|
|
Local address reuse for APR Endpoints (via APR_SO_REUSEADDR) now enabled (jim)
|
|
Don't write out the shutdown secret file if shutdown is disabled (the default) (billbarker)
|
|
Fix NPE when no sink is supplied. (billbarker)
|
|
APR Endpoints now IPv6 aware (jim)
|
|
Downgrade "Response already committed" logging entry to DEBUG. (billbarker)
|
|
38113: Return the empty String for an empty query-string instead of null. (billbarker)
|
|
| Jasper |
|
38389: Set correct JDT Compiler option to java 1.5 compliance.
Patch from Olivier Thomann and Paul Hamer (pero)
|
|
Add some useful hints to jasper-howto. (pero).
|
|
38776: Fix source file attribute, submitted by Olivier Thomann (remm)
|
|
| Cluster |
|
Update DeltaManager session access stats (pero)
|
|
DeltaSession getId will no longer throw an ISE when the session is invalid (pero)
|
|
Resurrected the "suspect" property so that the logs don't fill
up with errors when member disappears or a connection is lost. Only useful for pooled mode (fhanik)
|
|
35710: Add session replication for cross context session changes.
The portlet api need this support, see refactored ReplicationValve. (pero)
|
|
ReplicationValve reset DeltaSession when cluster node has no backup node. (pero)
|
|
DataSender close connection and throw exception also even if waitForAck is false. (pero)
|
|
Active cluster junit test again. (pero)
|
|
| Webapps |
|
Fix some XSS issues in the JSP examples. (markt)
|
|
Fix logos in the manager webapp (remm)
|
|
|
| Tomcat 5.5.15 (yoavs) |
| General |
|
32081: Remove the JDK requirement from the Win32 scripts. (keith)
|
|
| Catalina |
|
37852: Fix regression where the magic role '*' was denying all access. Patch by xrcat (billbarker)
|
|
37934: Don't ask for authentication if deny-from-all is in effect. (billbarker)
|
|
15570: auth-constraint of * was interpretted as all
authenticated users rather than as all roles defined in web.xml. (markt)
|
|
Remove leftover static logger which was used to log application level messages in
ApplicationContextFacade (remm)
|
|
38012: Where a CGI script sets a response code, use it. (markt)
|
|
37854: Extension-List checking was too strict. (markt)
|
|
| Coyote |
|
Report binding errors in the APR endpoint as strings rather than platform specific
status codes (remm)
|
|
37934: Don't ask for authentication if deny-from-all is in effect. (billbarker)
|
| 38047: Handle the case where the Servlet attempts to read
the Request body from the AJP/1.3 Connector, in the case that no
body was sent. (billbarker)
|
| 38030: Unconditionally return EOS for an attempt to read
the body of any request that doesn't send CL or TE.
(remm, billbarker).
|
|
| Jasper |
|
35351: Fix problem using an inner class for a <jsp:useBean />. (kinman).
|
|
37929: Don't stop on the generic attribute methods just because the session is invalid. Patch by Pierre Delisle. (billbarker)
|
|
Add system properties org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER and
org.apache.jasper.runtime.JspFactoryImpl.USE_POOL to allow configuring Jasper
memory usage (remm)
|
|
37933: Restrict <jsp:getAttribute /> to only look in PAGE_SCOPE. (billbarker)
|
|
| Cluster |
|
37808: Fix ArrayIndexOutOfBoundsException inside XByteBuffer. Reported by Dietmar Mueller (pero)
|
|
37896DataSender starts new Socket after IOException. (pero)
|
|
Reduce memory usage at membership service. (pero)
|
|
|
| Tomcat 5.5.14 (yoavs) |
| General |
|
Update optional native APR connector version to 1.1.1. (mturk)
|
|
Update build.properties.default to get native connector from new location. (yoavs)
|
|
|
|
