Modified: tomcat/site/trunk/docs/tomcat-6.0-doc/changelog.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/tomcat-6.0-doc/changelog.html?rev=1678914&r1=1678913&r2=1678914&view=diff ============================================================================== --- tomcat/site/trunk/docs/tomcat-6.0-doc/changelog.html (original) +++ tomcat/site/trunk/docs/tomcat-6.0-doc/changelog.html Tue May 12 11:21:02 2015 @@ -1,9 +1,164 @@ -<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 6.0 (6.0.43) - Changelog</title><meta name="author" content="Remy Maucherat"><meta name="author" content="Yoav Shapira"><meta name="author" content="Filip Hanik"><meta name="author" content="Rainer Jung"><meta name="author" content="Peter Rossbach"><meta name="author" content="Konstantin Kolinko"><meta name="author" content="Jean-Frederic Clere"><meta name="author" content="Keiichi Fujino"><meta name="author" content="Mladen Turk"><meta name="author" content="Tim Whittington"><meta name="author" content="Sylvain Laurent"><meta name="author" content="Christopher Schultz"><style type="text/css" media="print"> +<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 6.0 (6.0.44) - Changelog</title><meta name="author" content="Remy Maucherat"><meta name="author" content="Yoav Shapira"><meta name="author" content="Filip Hanik"><meta name="author" content="Rainer Jung"><meta name="author" content="Peter Rossbach"><meta name="author" content="Konstantin Kolinko"><meta name="author" content="Jean-Frederic Clere"><meta name="author" content="Keiichi Fujino"><meta name="author" content="Mladen Turk"><meta name="author" content="Tim Whittington"><meta name="author" content="Sylvain Laurent"><meta name="author" content="Christopher Schultz"><style type="text/css" media="print"> .noPrint {display: none;} td#mainBody {width: 100%;} </style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="./images/tomcat.gif" align="right" alt=" The Apache Tomcat Servlet/JSP Container - " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 6.0</font></h1><font face="arial,helvetica,sanserif">Version 6.0.43, Nov 14 2014</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="./images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap="nowrap" class="noPrint"><p><strong>Links</strong></p><ul><li><a href="index.html">Docs Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li></ul><p><strong>User Guide</strong></p><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="manager-howto.html">5) Manager</a></li><li> <a href="realm-howto.html">6) Realms and AAA</a></li><li><a href="security-manager-howto.html">7) Security Manager</a></li><li><a href="jndi-resources-howto.html">8) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">9) JDBC DataSources</a></li><li><a href="class-loader-howto.html">10) Classloading</a></li><li><a href="jasper-howto.html">11) JSPs</a></li><li><a href="ssl-howto.html">12) SSL</a></li><li><a href="ssi-howto.html">13) SSI</a></li><li><a href="cgi-howto.html">14) CGI</a></li><li><a href="proxy-howto.html">15) Proxy Support</a></li><li><a href="mbeans-descriptor-howto.html">16) MBean Descriptor</a></li><li><a href="default-servlet.html">17) Default Servlet</a></li><li><a href="cluster-howto.html">18) Clustering</a></li><li><a href="balancer-howto.html">19) Load Balancer</a></li><li><a href="connectors.html">20) Connectors</a></li><li><a href="monitoring.html">21) Monitoring and Management</a></li><li><a href="logging.html">22) Logging</a></li><li><a href="apr.html">23) APR/Native</a></li><li><a href="virtual-hosting-howto.html">24) Virtual Hosting</a></li><li><a href="aio.html">25) Advanced IO</a></li><li><a href="extras.html">26) Additional Components</a></li><li><a href="maven-jars.html">27) Mavenized</a></li></ul><p><strong>Reference</strong></p><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Javadocs</a></li><li><a href="http://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul><p><strong>Apache Tomcat Development</strong></p><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="http://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="funcspecs/index.html">Functional Specs.</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" vali gn="top" align="left" id="mainBody"><h1>Apache Tomcat 6.0</h1><h2>Changelog</h2><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.43 (markt)"><!--()--></a><a name="Tomcat_6.0.43_(markt)"><strong>Tomcat 6.0.43 (markt)</strong></a></font></td></tr><tr><td><blockquote> + " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 6.0</font></h1><font face="arial,helvetica,sanserif">Version 6.0.44, May 8 2015</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="./images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap="nowrap" class="noPrint"><p><strong>Links</strong></p><ul><li><a href="index.html">Docs Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li></ul><p><strong>User Guide</strong></p><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="manager-howto.html">5) Manager</a></li><li>< a href="realm-howto.html">6) Realms and AAA</a></li><li><a href="security-manager-howto.html">7) Security Manager</a></li><li><a href="jndi-resources-howto.html">8) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">9) JDBC DataSources</a></li><li><a href="class-loader-howto.html">10) Classloading</a></li><li><a href="jasper-howto.html">11) JSPs</a></li><li><a href="ssl-howto.html">12) SSL</a></li><li><a href="ssi-howto.html">13) SSI</a></li><li><a href="cgi-howto.html">14) CGI</a></li><li><a href="proxy-howto.html">15) Proxy Support</a></li><li><a href="mbeans-descriptor-howto.html">16) MBean Descriptor</a></li><li><a href="default-servlet.html">17) Default Servlet</a></li><li><a href="cluster-howto.html">18) Clustering</a></li><li><a href="balancer-howto.html">19) Load Balancer</a></li><li><a href="connectors.html">20) Connectors</a></li><li><a href="monitoring.html">21) Monitoring and Management</a></li><li><a href="logging.html">22) Logging</a></li><li><a h ref="apr.html">23) APR/Native</a></li><li><a href="virtual-hosting-howto.html">24) Virtual Hosting</a></li><li><a href="aio.html">25) Advanced IO</a></li><li><a href="extras.html">26) Additional Components</a></li><li><a href="maven-jars.html">27) Mavenized</a></li></ul><p><strong>Reference</strong></p><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Javadocs</a></li><li><a href="http://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul><p><strong>Apache Tomcat Development</strong></p><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="http://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="funcspecs/index.html">Functional Specs.</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valig n="top" align="left" id="mainBody"><h1>Apache Tomcat 6.0</h1><h2>Changelog</h2><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.44 (jfclere)"><!--()--></a><a name="Tomcat_6.0.44_(jfclere)"><strong>Tomcat 6.0.44 (jfclere)</strong></a></font></td></tr><tr><td><blockquote> + <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.44 (jfclere)/Catalina"><!--()--></a><a name="Tomcat_6.0.44_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote> + <table border="0" cellpadding="2" cellspacing="2"> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + Correct typo in the message shown by HttpServlet for unexpected + HTTP method. (kkolinko) + </td></tr> + <tr><td><img alt="add" class="icon" src="./images/add.gif"></td><td> + Allow to configure RemoteAddrValve and RemoteHostValve to + adopt behavior depending on the connector port. Implemented + by optionally adding the connector port to the string compared + with the patterns <code>allow</code> and <code>deny</code>. Configured + using <code>addConnectorPort</code> attribute on valve. (rjung) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56608">56608</a>: Fix IllegalStateException for JavaScript files when + switching from Writer to OutputStream. The special handling of this case + in the DefaultServlet was broken due to a MIME type change for + JavaScript. (markt) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57675">57675</a>: Correctly quote strings when using the extended + access log. (markt) + </td></tr> + </table> + </blockquote></td></tr></table> + <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.44 (jfclere)/Coyote"><!--()--></a><a name="Tomcat_6.0.44_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote> + <table border="0" cellpadding="2" cellspacing="2"> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57234">57234</a>: Make SSL protocol filtering to remove insecure + protocols case insensitive. Correct spelling of + filterInsecureProtocols method. (kkolinko/schultz) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + When applying the <code>maxSwallowSize</code> limit to a connection read + that many bytes first before closing the connection to give the client a + chance to read the response. (markt) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57544">57544</a>: Fix a potential infinite loop when preparing a kept + alive HTTP connection for the next request. (markt) + </td></tr> + <tr><td><img alt="add" class="icon" src="./images/add.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57570">57570</a>: Make the processing of chunked encoding trailing + headers optional and disabled by default. (markt) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57581">57581</a>: Change statistics byte counter in coyote Request + object to be long to allow values above 2Gb. (kkolinko) + </td></tr> + <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> + Update the minimum recommended version of the Tomcat Native library (if + used) to 1.1.33. (markt) + </td></tr> + </table> + </blockquote></td></tr></table> + <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.44 (jfclere)/Jasper"><!--()--></a><a name="Tomcat_6.0.44_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote> + <table border="0" cellpadding="2" cellspacing="2"> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + Fix potential issue with BeanELResolver when running under a security + manager. Some classes may not be accessible but may have accessible + interfaces. (markt) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + Simplify code in <code>ProtectedFunctionMapper</code> class of + Jasper runtime. (kkolinko) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57801">57801</a>: Improve the error message in the start script in case + the PID read from the PID file is already owned by a process. (rjung) + </td></tr> + </table> + </blockquote></td></tr></table> + <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.44 (jfclere)/Web applications"><!--()--></a><a name="Tomcat_6.0.44_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote> + <table border="0" cellpadding="2" cellspacing="2"> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + Update documentation for CGI servlet. Recommend to copy the servlet + declaration into web application instead of enabling it globally. + Correct documentation for cgiPathPrefix. (kkolinko) + </td></tr> + <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> + Improve Tomcat Manager documentation. Rearrange, add section on + HTML GUI, document /expire command and Server Status page. (kkolinko) + </td></tr> + <tr><td><img alt="add" class="icon" src="./images/add.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54143">54143</a>: Add display of the memory pools usage (including + PermGen) to the Status page of the Manager web application. (kkolinko) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + Fix several issues with <code>status.xsd</code> schema in Manager web + application, testing it against actual output of StatusTransformer + class. (kkolinko) + </td></tr> + <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> + Align algorithm that generates anchor names in Tomcat documentation + with Tomcat 7/8/9. No visible changes, but may help with future + updates to the documentation. (kkolinko) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56058">56058</a>: Add links to the AccessLogValve documentation for + configuring reverse proxies and/or Tomcat to ensure that the desired + information is used entered in the access log when Tomcat is running + behind a reverse proxy. (markt) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57503">57503</a>: Make clear that the JULI integration for log4j only + works with log4j 1.2.x. (markt) + </td></tr> + <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57644">57644</a>: Update examples to use Apache Standard Taglib 1.2.5. + (jboynes/kkolinko) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57706">57706</a>: Clarify the documentation for the AJP connector to + make clearer that when using + <code>tomcatAuthentication="false"</code> the user provided by + the reverse proxy will not be associated with any roles. (markt) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + Correct the documentation for deployOnStartup to make clear that if a + WAR file is updated while Tomcat is stopped and unpackWARs is true, + Tomcat will not detect the changed WAR file when it starts and will not + replace the unpacked WAR file with the contents of the updated WAR. + (markt) + </td></tr> + <tr><td><img alt="add" class="icon" src="./images/add.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57759">57759</a>: Add information to the keyAlias documentation to make + it clear that the order keys are read from the keystore is + implementation dependent. (markt) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57864">57864</a>: Update the documentation web application to make it + clearer that hex values are not valid for cluster send options. Based on + a patch by Kyohei Nakamura. (markt) + </td></tr> + </table> + </blockquote></td></tr></table> + <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.44 (jfclere)/Other"><!--()--></a><a name="Tomcat_6.0.44_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote> + <table border="0" cellpadding="2" cellspacing="2"> + <tr><td><img alt="add" class="icon" src="./images/add.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57344">57344</a>: Provide sha1 checksum files for Tomcat downloads. + (kkolinko) + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57558">57558</a>: Change <code>catalina-tasks.xml</code> to use all + jars in <code>${catalina.home}/lib</code> to define Tomcat Ant + tasks. This fixes a NoClassDefFoundError with <code>validate</code> + task. (kkolinko) + </td></tr> + <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> + Update to Tomcat Native Library version 1.1.33 to pick up the Windows + binaries that are based on OpenSSL 1.0.1m and APR 1.5.1. (markt) + </td></tr> + </table> + </blockquote></td></tr></table> +</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.43 (markt)"><!--()--></a><a name="Tomcat_6.0.43_(markt)"><strong>Tomcat 6.0.43 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2014-11-22</strong></font></td></tr><tr><td colspan="2"><blockquote> <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.43 (markt)/Catalina"><!--()--></a><a name="Tomcat_6.0.43_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> @@ -15,15 +170,15 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.43 (markt)/Coyote"><!--()--></a><a name="Tomcat_6.0.43_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53952">53952</a>: Add support for TLSv1.1 and TLSv1.2 for APR connector. + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53952">53952</a>: Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a patch by Marcel Šebek. (schultz/jfclere) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56780">56780</a>: Enable Tomcat to start when using SSL with an IBM JRE + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56780">56780</a>: Enable Tomcat to start when using SSL with an IBM JRE in strict SP800-131a mode. (markt/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=57102">57102</a>: Fix bug that meant sslEnabledProtocols setting was not + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57102">57102</a>: Fix bug that meant sslEnabledProtocols setting was not recognised for the HTTPS NIO connector. (markt) </td></tr> <tr><td><img alt="add" class="icon" src="./images/add.gif"></td><td> @@ -40,7 +195,7 @@ (CVE-2014-3566). (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=57116">57116</a>: Do not fallback to default protocol list for HTTPS BIO + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57116">57116</a>: Do not fallback to default protocol list for HTTPS BIO connector if <code>sslEnabledProtocols</code> has no matches. (markt) </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> @@ -48,6 +203,11 @@ HTTPS connectors with Tomcat 7 which allows for per connector defaults based on the choice of <code>sslProtocol</code>. (markt/kkolinko) </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=57703">57703</a>: Update the <code>http-method</code> definition for + web applications using a Servlet 2.5 descriptor as per Servlet 2.5 MR 6. + (markt) + </td></tr> </table> </blockquote></td></tr></table> <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.43 (markt)/Web applications"><!--()--></a><a name="Tomcat_6.0.43_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote> @@ -65,12 +225,12 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.43 (markt)/Other"><!--()--></a><a name="Tomcat_6.0.43_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56079">56079</a>: The Apache Tomcat Windows service and the Apache + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56079">56079</a>: The Apache Tomcat Windows service and the Apache Tomcat Windows service monitor application are now digitally signed. (markt/kkolinko) </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56988">56988</a>: Allow to use relative path in <code>base.path</code> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56988">56988</a>: Allow to use relative path in <code>base.path</code> setting when building Tomcat. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> @@ -78,7 +238,7 @@ build Tomcat is 1.8.0. (kkolinko) </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56596">56596</a>: Update to Tomcat Native Library version 1.1.32 to + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56596">56596</a>: Update to Tomcat Native Library version 1.1.32 to pick up the Windows binaries that are based on OpenSSL 1.0.1j and APR 1.5.1. (markt) </td></tr> @@ -92,16 +252,16 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.42 (jfclere)/Catalina"><!--()--></a><a name="Tomcat_6.0.42_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56600">56600</a>: In WebdavServlet: Do not waste time generating + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56600">56600</a>: In WebdavServlet: Do not waste time generating response for broken PROPFIND request. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56648">56648</a>: Reduce scope of synchronization when adding children to + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56648">56648</a>: Reduce scope of synchronization when adding children to a container (e.g. adding a Context to a Host) to prevent blocking requests to other children while the new child starts. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56684">56684</a>: Ensure that Tomcat does not shut down if the socket + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56684">56684</a>: Ensure that Tomcat does not shut down if the socket waiting for the shutdown command experiences a <code>SocketTimeoutException</code>. (markt) </td></tr> @@ -110,12 +270,13 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.42 (jfclere)/Coyote"><!--()--></a><a name="Tomcat_6.0.42_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + Fix CVE-2014-0227: Various improvements to ChunkedInputFilter including clean-up, i18n for error messages and adding an error flag to allow subsequent attempts at reading after an error to fail fast. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56661">56661</a>: Support using AJP request attribute + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56661">56661</a>: Support using AJP request attribute <code>AJP_LOCAL_ADDR</code> to fix <code>getLocalAddr()</code>. (rjung) </td></tr> </table> @@ -123,24 +284,24 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.42 (jfclere)/Jasper"><!--()--></a><a name="Tomcat_6.0.42_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43001">43001</a>: Enable the JspC Ant task to set the JspC option + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=43001">43001</a>: Enable the JspC Ant task to set the JspC option <code>mappedFile</code>. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56334">56334</a>: Fix a regression in EL parsing when quoted string + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56334">56334</a>: Fix a regression in EL parsing when quoted string follows a whitespace. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56560">56560</a>: Fix NoClassDefFoundError when using Jasper Ant task + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56560">56560</a>: Fix NoClassDefFoundError when using Jasper Ant task defined by <code>catalina-tasks.xml</code> file. Patch provided by M Gemmell. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56561">56561</a>: Avoid <code>NoSuchElementException</code> while + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56561">56561</a>: Avoid <code>NoSuchElementException</code> while handling attributes with empty string value. (violetagg) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56612">56612</a>: Correctly parse consecutive escaped single quotes when + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56612">56612</a>: Correctly parse consecutive escaped single quotes when used in an EL expression. (markt) </td></tr> <tr><td><img alt="code" class="icon" src="./images/code.gif"></td><td> @@ -149,7 +310,7 @@ (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - Fix a potential resource leak in JDTCompiler when checking wether + Fix a potential resource leak in JDTCompiler when checking whether a resource is a package. Reported by Coverity Scan. (fschumacher) </td></tr> </table> @@ -157,23 +318,33 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.42 (jfclere)/Other"><!--()--></a><a name="Tomcat_6.0.42_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56606">56606</a>: When creating <code>tomcat-users.xml</code> in the + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56606">56606</a>: When creating <code>tomcat-users.xml</code> in the Windows Installer, use the new attribute name for the name of the user. (markt) </td></tr> <tr><td><img alt="add" class="icon" src="./images/add.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56829">56829</a>: Add the ability for users to define their own values + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56829">56829</a>: Add the ability for users to define their own values for <code>_RUNJAVA</code> and <code>_RUNJDB</code> environment variables. Be more strict with executable filename on Windows (s/java/java.exe/). Based on a patch by Neeme Praks. (markt/kkolinko) </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56608">56608</a>: When deploying an external WAR, add watched resources + in the expanded directory based on whether the expanded directory is + expected to exist rather than if it does exist. + </td></tr> + <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> + When triggering a reload due to a modified watched resource, ensure + that multiple changed watched resources only trigger one reload rather + than a series of reloads. + </td></tr> </table> </blockquote></td></tr></table> </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.41 (markt)"><!--()--></a><a name="Tomcat_6.0.41_(markt)"><strong>Tomcat 6.0.41 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2014-05-23</strong></font></td></tr><tr><td colspan="2"><blockquote> <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.41 (markt)/Jasper"><!--()--></a><a name="Tomcat_6.0.41_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56529">56529</a>: Avoid <code>NoSuchElementException</code> while handling + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56529">56529</a>: Avoid <code>NoSuchElementException</code> while handling attributes with empty string value in custom tags. Based on a patch provided by Hariprasad Manchi. (violetagg/kkolinko) </td></tr> @@ -183,15 +354,15 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.40 (markt)/Catalina"><!--()--></a><a name="Tomcat_6.0.40_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56027">56027</a>: Add more options for managing FIPS mode in the + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56027">56027</a>: Add more options for managing FIPS mode in the AprLifecycleListener. (schultz/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56082">56082</a>: Fix a concurrency bug in JULI's LogManager + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56082">56082</a>: Fix a concurrency bug in JULI's LogManager implementation. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56236">56236</a>: Enable Tomcat to work with alternative Servlet and + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56236">56236</a>: Enable Tomcat to work with alternative Servlet and JSP API JARs that package the XML schemas in such as way as to require a dependency on the JSP API before enabling validation for web.xml. Tomcat has no such dependency. (markt) @@ -207,7 +378,7 @@ Use StringBuilder in DefaultServlet. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56275">56275</a>: Allow web applications to be stopped cleanly even if + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56275">56275</a>: Allow web applications to be stopped cleanly even if filters throw exceptions when their destroy() method is called. (markt/kkolinko) </td></tr> @@ -224,7 +395,7 @@ are based. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56369">56369</a>: Ensure that removing an MBean notification listener + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56369">56369</a>: Ensure that removing an MBean notification listener reverts all the operations performed when adding an MBean notification listener. (markt) </td></tr> @@ -268,7 +439,7 @@ (markt) </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56363">56363</a>: Update to version 1.1.30 of Tomcat Native library. + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56363">56363</a>: Update to version 1.1.30 of Tomcat Native library. The minimum required version of this library for APR connector is now 1.1.30. (kkolinko) </td></tr> @@ -287,22 +458,22 @@ controls the validation of *.tld files when Jasper parses them. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54475">54475</a>: Add Java 8 support to SMAP generation for JSPs. Patch + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54475">54475</a>: Add Java 8 support to SMAP generation for JSPs. Patch by Robbie Gibson. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56010">56010</a>: Don't throw an + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56010">56010</a>: Don't throw an <code>IllegalArgumentException</code> when <code>JspFactory.getPageContext</code> is used with <code>JspWriter.DEFAULT_BUFFER</code>. Based on a patch by Eugene Chung. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56265">56265</a>: Do not escape values of dynamic tag attributes + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56265">56265</a>: Do not escape values of dynamic tag attributes containing EL expressions. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56283">56283</a>: Add support for running Tomcat 6 with + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56283">56283</a>: Add support for running Tomcat 6 with ecj-P20140317-1600.jar (as drop-in replacement for ecj-4.3.1.jar). Add support for value "1.8" for the <code>compilerSourceVM</code> and <code>compilerTargetVM</code> options. Note that ecj-P20140317-1600.jar @@ -310,8 +481,8 @@ make sense only when running with Java 8 (or later). (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56334">56334</a>: Fix a regression in the handling of back-slash - escaping introduced by the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55735">55735</a>. (markt/kkolinko) + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56334">56334</a>: Fix a regression in the handling of back-slash + escaping introduced by the fix for <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55735">55735</a>. (markt/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> Correct the handling of back-slash escaping in the EL parser and no @@ -332,7 +503,7 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.40 (markt)/Web applications"><!--()--></a><a name="Tomcat_6.0.40_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="add" class="icon" src="./images/add.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56093">56093</a>: Documentation for SSLValve. (markt/kkolinko) + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56093">56093</a>: Documentation for SSLValve. (markt/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> Correct documentation on Windows service options, aligning it with @@ -357,14 +528,14 @@ </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> Improvements to the Windows installer, to align it with installing - the sevice with <code>service.bat</code>. Use explicit memory sizes + the service with <code>service.bat</code>. Use explicit memory sizes (--JvmMs 128 Mb and --JvmMx 256 Mb). Specify log directory path when ininstalling, so that the log file is written to the Tomcat logs directory, instead of "%SystemRoot%\System32\LogFiles\Apache". (kkolinko) </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49993">49993</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56143">56143</a>: Improve <code>service.bat</code> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=49993">49993</a>, <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56143">56143</a>: Improve <code>service.bat</code> script. Allow it to be launched from non-UAC console. The UAC prompt will be shown only once. Now there is no need to run the command shell with elevated privileges. Improve check for <code>JAVA_HOME</code> @@ -379,7 +550,7 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Catalina"><!--()--></a><a name="Tomcat_6.0.39_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55166">55166</a>: Fix regression that broke XML validation when running + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55166">55166</a>: Fix regression that broke XML validation when running on some Java 5 JVMs. (kkolinko) </td></tr> </table> @@ -447,25 +618,25 @@ removed when the web application stops. (markt/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55019">55019</a>: Fix a potential exception when accessing JSPs while + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55019">55019</a>: Fix a potential exception when accessing JSPs while running under a SecurityManager. (jfclere) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55052">55052</a>: Make JULI's LogManager to additionally look for + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55052">55052</a>: Make JULI's LogManager to additionally look for logging properties without prefixes if the property cannot be found with a prefix. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55266">55266</a>: Ensure that the session ID is parsed from the request + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55266">55266</a>: Ensure that the session ID is parsed from the request before any redirect as the session ID may need to be encoded as part of the redirect URL. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55404">55404</a>: Log warnings about using security roles in web.xml as + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55404">55404</a>: Log warnings about using security roles in web.xml as warnings. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55268">55268</a>: Added optional --service-start-wait-time + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55268">55268</a>: Added optional --service-start-wait-time command-line option to change service start wait time from default of 10 seconds. (schultz) </td></tr> @@ -504,7 +675,7 @@ a custom resolver to enable the logging of any blocked entities. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56016">56016</a>: When loading resources for XML schema validation, take + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=56016">56016</a>: When loading resources for XML schema validation, take account of the possibility that servlet-api.jar and jsp-api.jar may not be loaded by the same class loader. Patch by Juan Carlos Estibariz. (markt) @@ -514,24 +685,24 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)/Coyote"><!--()--></a><a name="Tomcat_6.0.38_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52811">52811</a>: Fix parsing of Content-Type header in + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52811">52811</a>: Fix parsing of Content-Type header in <code>HttpServletResponse.setContentType()</code>. Introduces a new HTTP header parser that follows RFC2616. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54691">54691</a>: Add configuration attribute "sslEnabledProtocols" + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54691">54691</a>: Add configuration attribute "sslEnabledProtocols" to HTTP connector and document it. (Internally this attribute has been already implemented but not documented, under names "protocols" and "sslProtocols". Those names of this attribute are now deprecated). (schultz) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54947">54947</a>: Fix the HTTP NIO connector that incorrectly rejected a + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54947">54947</a>: Fix the HTTP NIO connector that incorrectly rejected a request if the CRLF terminating the request line was split across multiple packets. Patch by Konstantin Preißer. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55228">55228</a>: Allow web applications to set a HTTP Date header. + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55228">55228</a>: Allow web applications to set a HTTP Date header. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> @@ -543,7 +714,7 @@ when using chunked encoding. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55749">55749</a>: Improve the error message when SSLEngine is disabled + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55749">55749</a>: Improve the error message when SSLEngine is disabled in the AprLifecycleListener and SSL is configured for an APR/native connector. (markt) </td></tr> @@ -556,11 +727,11 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)/Jasper"><!--()--></a><a name="Tomcat_6.0.38_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55198">55198</a>: Ensure attribute values in tagx files that include EL + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55198">55198</a>: Ensure attribute values in tagx files that include EL and quoted XML characters are correctly quoted in the output. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55671">55671</a>: Consistently use the configuration option name + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55671">55671</a>: Consistently use the configuration option name <code>genStringAsCharArray</code> rather than a mixture of <code>genStrAsCharArray</code> and <code>genStringAsCharArray</code> but retain support for <code>genStrAsCharArray</code> as in initialisation @@ -568,11 +739,11 @@ existing configurations. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55691">55691</a>: Fix <code>javax.el.ArrayELResolver</code> to correctly + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55691">55691</a>: Fix <code>javax.el.ArrayELResolver</code> to correctly handle the case where the base object is an array of primitives. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55973">55973</a>: Fix processing of XML schemas when validation is + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55973">55973</a>: Fix processing of XML schemas when validation is enabled in Jasper. (kkolinko) </td></tr> </table> @@ -594,7 +765,7 @@ <code>heartbeatBackgroundEnabled</code>. (kfujino) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55746">55746</a>: Add documentation on the <code>allRolesMode</code> to + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55746">55746</a>: Add documentation on the <code>allRolesMode</code> to the <code>CombinedRealm</code> and <code>LockOutRealm</code>. Patch by Cédric Couralet. (markt) </td></tr> @@ -603,7 +774,7 @@ in order to prevent warning log. uniqueId must be 16 bytes. (kfujino) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55119">55119</a>: Avoid CVE-2013-1571 when generating Javadoc. (markt) + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55119">55119</a>: Avoid CVE-2013-1571 when generating Javadoc. (markt) </td></tr> </table> </blockquote></td></tr></table> @@ -614,7 +785,7 @@ time to be <code>repo.maven.apache.org</code>. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55663">55663</a>: Minor correction to the wording of the NOTICE files to + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=55663">55663</a>: Minor correction to the wording of the NOTICE files to align them with the <a href="http://www.apache.org/legal/src-headers.html#notice">requirements for NOTICE files</a>. (violetagg) @@ -636,18 +807,18 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Catalina"><!--()--></a><a name="Tomcat_6.0.37_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52055">52055</a>: Ensure that filters are recycled. (markt/kkolinko) + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52055">52055</a>: Ensure that filters are recycled. (markt/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52184">52184</a>: Reduce log level for invalid cookies. (markt) + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52184">52184</a>: Reduce log level for invalid cookies. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53481">53481</a>: Added support for SSLHonorCipherOrder to allow + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53481">53481</a>: Added support for SSLHonorCipherOrder to allow the server to impose its cipher order on the client. Based on a patch provided by Marcel Šebek. (schultz) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54044">54044</a>: Correct bug in timestamp cache used by logging + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54044">54044</a>: Correct bug in timestamp cache used by logging (including the access log valve) that meant entries could be made with an earlier timestamp than the true timestamp. (markt) </td></tr> @@ -657,15 +828,15 @@ do the change before displaying the login form. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54054">54054</a>: Do not share shell environment variables between + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54054">54054</a>: Do not share shell environment variables between multiple instances of the CGI servlet. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54087">54087</a>: Correctly handle (ignore) invalid If-Modified-Since + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54087">54087</a>: Correctly handle (ignore) invalid If-Modified-Since header rather than throwing an exception. (markt/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54220">54220</a>: Ensure the ErrorReportValve only generates an error + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54220">54220</a>: Ensure the ErrorReportValve only generates an error report if the error flag on the response has been set. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> @@ -675,15 +846,15 @@ if their destroy() method fails with an Error. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54382">54382</a>: Fix NPE when SSI processing is enabled and an empty + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54382">54382</a>: Fix NPE when SSI processing is enabled and an empty SSI directive is present. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54483">54483</a>: Correct one of the Spanish translations. Based on a + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54483">54483</a>: Correct one of the Spanish translations. Based on a suggestion from adinamita. (kkolinko) </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54527">54527</a>: Synchronize conf/web.xml mime mapping with Tomcat 7. + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54527">54527</a>: Synchronize conf/web.xml mime mapping with Tomcat 7. (markt) </td></tr> </table> @@ -691,16 +862,16 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Coyote"><!--()--></a><a name="Tomcat_6.0.37_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54248">54248</a>: Ensure that byte order marks are swallowed when using + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54248">54248</a>: Ensure that byte order marks are swallowed when using a Reader to read a request body with a BOM for those encodings that require byte order marks. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54324">54324</a>: Allow APR connector to disable TLS compression + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54324">54324</a>: Allow APR connector to disable TLS compression if OpenSSL supports it. (schultz) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54456">54456</a>: Ensure that if a client aborts a request when sending + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54456">54456</a>: Ensure that if a client aborts a request when sending a chunked request body that this is communicated correctly to the client reading the request body. (markt) </td></tr> @@ -713,14 +884,14 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Jasper"><!--()--></a><a name="Tomcat_6.0.37_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54615">54615</a>: Tomcat 6 doesn't build against ecj 4.x (kkolinko) + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54615">54615</a>: Tomcat 6 doesn't build against ecj 4.x (kkolinko) </td></tr> </table> </blockquote></td></tr></table> <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Cluster"><!--()--></a><a name="Tomcat_6.0.37_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54045">54045</a>: Make sure getMembers() returns available member when + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54045">54045</a>: Make sure getMembers() returns available member when TcpFailureDetector works in static cluster. (kfujino) </td></tr> </table> @@ -728,22 +899,22 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Web applications"><!--()--></a><a name="Tomcat_6.0.37_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=22278">22278</a>: Add a commented out sample configuration of + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=22278">22278</a>: Add a commented out sample configuration of <code>RemoteAddrValve</code> to <code>META-INF/context.xml</code> files of the Manager and Host Manager applications. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54080">54080</a>: Clarify documentation for initial value of + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54080">54080</a>: Clarify documentation for initial value of <code>internalProxies</code> attribute of <code>RemoteIpValve</code>. (schultz/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54198">54198</a>: Clarify that + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54198">54198</a>: Clarify that <code>HttpServletResponse.sendError(int)</code> results in an HTML response by default. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54207">54207</a>: Correct JNDI factory package name in Javadoc for + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54207">54207</a>: Correct JNDI factory package name in Javadoc for <code>org.apache.naming.java.javaURLContextFactory</code>. (markt) </td></tr> </table> @@ -761,16 +932,16 @@ elsewhere (e.g. out of the source tree). (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54390">54390</a>: Use 'java_home' on Mac OS X to auto-detect JAVA_HOME. + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54390">54390</a>: Use 'java_home' on Mac OS X to auto-detect JAVA_HOME. (schultz) </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54601">54601</a>: Change catalina.sh to consistently use LOGGING_MANAGER + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54601">54601</a>: Change catalina.sh to consistently use LOGGING_MANAGER variable to configure logging, instead of modifying JAVA_OPTS one. (kkolinko) </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54890">54890</a>: Update to Apache Commons Daemon 1.0.15. (mturk) + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=54890">54890</a>: Update to Apache Commons Daemon 1.0.15. (mturk) </td></tr> </table> </blockquote></td></tr></table> @@ -778,16 +949,16 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Catalina"><!--()--></a><a name="Tomcat_6.0.36_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48692">48692</a>: Provide option to parse + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=48692">48692</a>: Provide option to parse <code>application/x-www-form-urlencoded</code> PUT requests. (schultz) </td></tr> <tr><td><img alt="add" class="icon" src="./images/add.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50306">50306</a>: New StuckThreadDetectionValve to detect requests that + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=50306">50306</a>: New StuckThreadDetectionValve to detect requests that take a long time to process, which might indicate that their processing threads are stuck. Based on a patch provided by TomLu. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50570">50570</a>: Enable FIPS mode to be set in AprLifecycleListener. + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=50570">50570</a>: Enable FIPS mode to be set in AprLifecycleListener. Based upon a patch from Chris Beckey. Note that this mode requires tomcat-native 1.1.23 or later linked to a FIPS-capable OpenSSL library, which one has to build by themselves. (schultz/kkolinko) @@ -798,11 +969,11 @@ (schultz/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52225">52225</a>: Fix ClassCastException when adding an alias for an + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52225">52225</a>: Fix ClassCastException when adding an alias for an existing host via JMX. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52293">52293</a>: Correctly handle the case when + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52293">52293</a>: Correctly handle the case when <code>antiResourceLocking</code> is enabled at the Context level when <code>unpackWARs</code> is disabled at the Host level. Correctly handle multi-level contexts when <code>antiResourceLocking</code> @@ -815,7 +986,7 @@ condition. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52384">52384</a>: Do not fail with parameter parsing when debug logging + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52384">52384</a>: Do not fail with parameter parsing when debug logging is enabled. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> @@ -823,7 +994,7 @@ (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52488">52488</a>: Correct typos: exipre -> expire. Based on a patch by + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52488">52488</a>: Correct typos: exipre -> expire. Based on a patch by prockter. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> @@ -850,26 +1021,26 @@ available for all web applications. (kkolinko) </td></tr> <tr><td><img alt="add" class="icon" src="./images/add.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52500">52500</a>: Added configurable mechanism to retrieve user names + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52500">52500</a>: Added configurable mechanism to retrieve user names from X509 client certificates. Based on a patch provided by Michael Furman. (schultz/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52719">52719</a>: Fix a theoretical resource leak in the JAR validation + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52719">52719</a>: Fix a theoretical resource leak in the JAR validation that checks for non-permitted classes in web application JARs. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52830">52830</a>: Correct JNDI lookups when using + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52830">52830</a>: Correct JNDI lookups when using <code>javax.naming.Name</code> to identify the resource rather than a <code>java.lang.String</code>. (markt) </td></tr> <tr><td><img alt="add" class="icon" src="./images/add.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52850">52850</a>: Extend memory leak prevention and detection code to + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52850">52850</a>: Extend memory leak prevention and detection code to work with IBM as well as Oracle JVMs. Based on a patch provided by Rohit Kelapure. (kkolinko) </td></tr> <tr><td><img alt="add" class="icon" src="./images/add.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52996">52996</a>: In <code>StandardThreadExecutor</code>: + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52996">52996</a>: In <code>StandardThreadExecutor</code>: Add the ability to configure a job queue size (<code>maxQueueSize</code> attribute). Add a variant of execute method that allows to specify a timeout for @@ -877,43 +1048,43 @@ Based on a patch by Rüdiger Plüm. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53047">53047</a>: If a JDBCRealm or DataSourceRealm is configured for + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53047">53047</a>: If a JDBCRealm or DataSourceRealm is configured for an all roles mode that only requires authorization (and no roles) and no role table or column is defined, don't populate the Principal's roles. (markt/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53050">53050</a>: Fix handling of entropy value when initializing + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53050">53050</a>: Fix handling of entropy value when initializing session id generator in session manager. Based on proposal by Andras Rozsa. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53056">53056</a>: Add APR version number to tcnative version INFO log + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53056">53056</a>: Add APR version number to tcnative version INFO log message. (schultz) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53057">53057</a>: Add OpenSSL version number INFO log message when + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53057">53057</a>: Add OpenSSL version number INFO log message when initializing. (schultz) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53071">53071</a>: Use the message from the Throwable for the error + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53071">53071</a>: Use the message from the Throwable for the error report generated by the <code>ErrorReportValve</code> if none was specified via <code>sendError()</code>. Use the standard text for HTTP error codes. (markt/rjung) </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53230">53230</a>: Change session managers to throw + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53230">53230</a>: Change session managers to throw TooManyActiveSessionsException instead of IllegalStateException when the maximum number of sessions has been exceeded and a new session will not be created. (schultz/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53267">53267</a>: Ensure that using the GC Daemon Protection feature of + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53267">53267</a>: Ensure that using the GC Daemon Protection feature of the <code>JreMemoryLeakPreventionListener</code> does not trigger a full GC every hour. (markt/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53531">53531</a>: Fix ExpandWar.expand to check the return value of + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53531">53531</a>: Fix ExpandWar.expand to check the return value of File.mkdir and File.mkdirs. (schultz) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> @@ -922,7 +1093,7 @@ persisted across Tomcat restarts. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53584">53584</a>: Ignore path parameters when comparing URIs for FORM + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53584">53584</a>: Ignore path parameters when comparing URIs for FORM authentication. This prevents users being prompted twice for passwords when logging in when session IDs are being encoded as path parameters. (markt) @@ -930,7 +1101,7 @@ <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> CVE-2012-3439: Various improvements to the DIGEST authenticator including - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52954">52954</a>, the disabling caching of an authenticated user in the + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52954">52954</a>, the disabling caching of an authenticated user in the session by default, tracking server rather than client nonces and better handling of stale nonce values. (markt) </td></tr> @@ -940,12 +1111,12 @@ (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53800">53800</a>: <code>FileDirContext.list()</code> did not provide + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53800">53800</a>: <code>FileDirContext.list()</code> did not provide correct paths for subdirectories. Patch provided by Kevin Wooten. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53830">53830</a>: Better handling of <code>Manager.randomFile</code> + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53830">53830</a>: Better handling of <code>Manager.randomFile</code> default value on Windows. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> @@ -958,31 +1129,31 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Coyote"><!--()--></a><a name="Tomcat_6.0.36_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42181">42181</a>: Better handling of edge conditions in chunk header + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=42181">42181</a>: Better handling of edge conditions in chunk header processing. (kkolinko) </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51477">51477</a>: Support all SSL protocol combinations in the APR/native + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=51477">51477</a>: Support all SSL protocol combinations in the APR/native connector. This only works when using the native library version 1.1.21 or later. (rjung) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52055">52055</a> (comment 14): Correctly reset + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52055">52055</a> (comment 14): Correctly reset <code>ChunkedInputFilter.needCRLFParse</code> flag when the filter is recycled. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52606">52606</a>: Ensure replayed POST bodies are available when using + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52606">52606</a>: Ensure replayed POST bodies are available when using AJP. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52858">52858</a>, CVE-2012-4534: Fix high CPU load with SSL, NIO and + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52858">52858</a>, CVE-2012-4534: Fix high CPU load with SSL, NIO and sendfile when client breaks the connection before reading all the requested data. (fhanik/kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53119">53119</a>: Prevent buffer overflow errors being reported when a + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53119">53119</a>: Prevent buffer overflow errors being reported when a client disconnects before the response has been fully written from an AJP connection using the APR/native connector. (kkolinko) </td></tr> @@ -1005,32 +1176,32 @@ (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53725">53725</a>: Fix possible corruption of GZIP'd output. (kkolinko) + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53725">53725</a>: Fix possible corruption of GZIP'd output. (kkolinko) </td></tr> </table> </blockquote></td></tr></table> <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Jasper"><!--()--></a><a name="Tomcat_6.0.36_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48097">48097</a> (comment 7), <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53366">53366</a> (comment 1): + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=48097">48097</a> (comment 7), <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53366">53366</a> (comment 1): If JSP page unexpectedly fails to initialize PageContext instance, write exception to the logs instead of silent swallowing. (kkolinko) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52335">52335</a>: Only handle <code><\%</code> and not + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52335">52335</a>: Only handle <code><\%</code> and not <code>\%</code> as escaped in template text. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52666">52666</a>: Correct coercion order in EL when processing the + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52666">52666</a>: Correct coercion order in EL when processing the equality and inequality operators. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53001">53001</a>: Revert the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46915">46915</a> since the use case + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53001">53001</a>: Revert the fix for <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=46915">46915</a> since the use case described in the bug is invalid since it breaks the EL specification. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53032">53032</a>: Modify <code>JspC</code> so it extends + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53032">53032</a>: Modify <code>JspC</code> so it extends <code>org.apache.tools.ant.Task</code> enabling it to work with features such as namespaces within build.xml files. (markt) </td></tr> @@ -1042,15 +1213,15 @@ Replicate principal in ClusterSingleSignOn. (kfujino) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53513">53513</a>: Fix race condition between the processing of session + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53513">53513</a>: Fix race condition between the processing of session sync message and transfer complete message. (kfujino) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53606">53606</a>: Fix potential NPE in <code>TcpPingInterceptor</code>. + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53606">53606</a>: Fix potential NPE in <code>TcpPingInterceptor</code>. Based on a patch by F. Arnoud. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53607">53607</a>: To avoid NPE, set TCP PING data to ChannelMessage. + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53607">53607</a>: To avoid NPE, set TCP PING data to ChannelMessage. Patch provided by F.Arnoud (kfujino) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> @@ -1062,17 +1233,17 @@ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Web applications"><!--()--></a><a name="Tomcat_6.0.36_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote> <table border="0" cellpadding="2" cellspacing="2"> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52243">52243</a>: Improve windows service documentation to clarify how + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52243">52243</a>: Improve windows service documentation to clarify how to include <code>#</code> and/or <code>;</code> in the value of an environment variable that is passed to the service. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52515">52515</a>: Make it clear in the Realm how-to in the documentation + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52515">52515</a>: Make it clear in the Realm how-to in the documentation web application that digested password storage when using DIGEST authentication requires that MD5 digests are used. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52641">52641</a>: Remove mentioning of ldap.jar from docs. + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52641">52641</a>: Remove mentioning of ldap.jar from docs. Patch provided by Felix Schumacher. (rjung) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> @@ -1080,11 +1251,11 @@ documentation page. (rjung) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52983">52983</a>: Remove unnecessary code that makes switching to + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=52983">52983</a>: Remove unnecessary code that makes switching to other authentication methods difficult. (markt) </td></tr> <tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53158">53158</a>: Fix documented defaults for DBCP. + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53158">53158</a>: Fix documented defaults for DBCP. Patch provided by ph.dezanneau at gmail.com. (rjung) </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> @@ -1093,7 +1264,7 @@ java.sun.com). (kkolinko) </td></tr> <tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td> - <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53289">53289</a>: Clarify <code>ResourceLink</code> example that + <a href="http://bz.apache.org/bugzilla/show_bug.cgi?id=53289">53289</a>: Clarify <code>ResourceLink</code> example that uses DataSource.getConnection(username, password) method. Not all
[... 4303 lines stripped ...] --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org