This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new d538c04 First pass at updating versions from 10.0.x to 10.1.x
d538c04 is described below
commit d538c049b2420d6b194c333b7f4b3556b8803fb3
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon May 24 10:00:48 2021 +0100
First pass at updating versions from 10.0.x to 10.1.x
---
README.md | 2 +-
TOMCAT-NEXT.txt | 2 +-
build.properties.default | 6 +-
build.xml | 2 +-
java/org/apache/catalina/ant/jmx/package.html | 4 +-
java/org/apache/catalina/ant/package.html | 4 +-
java/org/apache/catalina/util/ServerInfo.java | 4 +-
res/ide-support/eclipse/eclipse.project | 2 +-
res/ide-support/eclipse/start-tomcat.launch | 6 +-
res/ide-support/eclipse/stop-tomcat.launch | 6 +-
res/maven/mvn-pub.xml | 4 +-
res/maven/mvn.properties.default | 2 +-
webapps/docs/changelog.xml | 2312 +------------------------
webapps/docs/config/http.xml | 2 +-
webapps/docs/tomcat-docs.xsl | 6 +-
15 files changed, 35 insertions(+), 2329 deletions(-)
diff --git a/README.md b/README.md
index ec1353d..ab9b9c2 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,7 @@ The documentation available as of the date of this release is
included in the docs webapp which ships with tomcat. You can access that webapp
by starting tomcat and visiting <http://localhost:8080/docs/> in your browser.
The most up-to-date documentation for each version can be found at:
-- [Tomcat 10](https://tomcat.apache.org/tomcat-10.0-doc/)
+- [Tomcat 10](https://tomcat.apache.org/tomcat-10.1-doc/)
- [Tomcat 9](https://tomcat.apache.org/tomcat-9.0-doc/)
- [Tomcat 8](https://tomcat.apache.org/tomcat-8.5-doc/)
- [Tomcat 7](https://tomcat.apache.org/tomcat-7.0-doc/)
diff --git a/TOMCAT-NEXT.txt b/TOMCAT-NEXT.txt
index ea596b1..f5329f6 100644
--- a/TOMCAT-NEXT.txt
+++ b/TOMCAT-NEXT.txt
@@ -15,7 +15,7 @@
limitations under the License.
================================================================================
-Notes of things to consider for the next major Tomcat release (10.0.x)
+Notes of things to consider for the next major Tomcat release (10.1.x)
Items carried over from the 9.0.x list:
diff --git a/build.properties.default b/build.properties.default
index f1bd57b..3437d88 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -24,10 +24,10 @@
# ----- Version Control Flags -----
version.major=10
-version.minor=0
-version.build=7
+version.minor=1
+version.build=0
version.patch=0
-version.suffix=-dev
+version.suffix=-M1-dev
# ----- Reproducible builds -----
# Uncomment and set to current time for reproducible builds
diff --git a/build.xml b/build.xml
index d53c4c3..e7fcaad 100644
--- a/build.xml
+++ b/build.xml
@@ -15,7 +15,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<project name="Tomcat 10.0" default="deploy" basedir="."
+<project name="Tomcat 10.1" default="deploy" basedir="."
xmlns:if="ant:if" xmlns:unless="ant:unless">
<!-- ===================== Initialize Property Values ====================
-->
diff --git a/java/org/apache/catalina/ant/jmx/package.html
b/java/org/apache/catalina/ant/jmx/package.html
index 2bfaa85..e05ece3 100644
--- a/java/org/apache/catalina/ant/jmx/package.html
+++ b/java/org/apache/catalina/ant/jmx/package.html
@@ -20,8 +20,8 @@
<em>Ant (version 1.6 or later)</em> that can be used to interact with the
Remote JMX JSR 160 RMI Adaptor to get/set attributes, invoke MBean operations
and query for Mbeans inside a running instance of Tomcat. For more
information, see
-<a href="https://tomcat.apache.org/tomcat-10.0-doc/monitoring.html";>
-https://tomcat.apache.org/tomcat-10.0-doc/monitoring.html</a>.</p>
+<a href="https://tomcat.apache.org/tomcat-10.1-doc/monitoring.html";>
+https://tomcat.apache.org/tomcat-10.1-doc/monitoring.html</a>.</p>
<p>Each task element can open a new jmx connection or reference an
existing one. The following attribute are exists in every tasks:</p>
diff --git a/java/org/apache/catalina/ant/package.html
b/java/org/apache/catalina/ant/package.html
index ba06ae0..830afc8 100644
--- a/java/org/apache/catalina/ant/package.html
+++ b/java/org/apache/catalina/ant/package.html
@@ -20,8 +20,8 @@
<em>Ant (version 1.6.x or later)</em> that can be used to interact with the
Manager application to deploy, undeploy, list, reload, start and stop web
applications
from a running instance of Tomcat. For more information, see
-<a href="https://tomcat.apache.org/tomcat-10.0-doc/manager-howto.html";>
-https://tomcat.apache.org/tomcat-10.0-doc/manager-howto.html</a>.</p>
+<a href="https://tomcat.apache.org/tomcat-10.1-doc/manager-howto.html";>
+https://tomcat.apache.org/tomcat-10.1-doc/manager-howto.html</a>.</p>
<p>The attributes of each task element correspond
exactly to the request parameters that are included with an HTTP request
diff --git a/java/org/apache/catalina/util/ServerInfo.java
b/java/org/apache/catalina/util/ServerInfo.java
index c480b35..b02c7bb 100644
--- a/java/org/apache/catalina/util/ServerInfo.java
+++ b/java/org/apache/catalina/util/ServerInfo.java
@@ -69,11 +69,11 @@ public class ServerInfo {
ExceptionUtils.handleThrowable(t);
}
if (info == null || info.equals("Apache Tomcat/@VERSION@"))
- info = "Apache Tomcat/10.0.x-dev";
+ info = "Apache Tomcat/10.1.x-dev";
if (built == null || built.equals("@VERSION_BUILT@"))
built = "unknown";
if (number == null || number.equals("@VERSION_NUMBER@"))
- number = "10.0.x";
+ number = "10.1.x";
serverInfo = info;
serverBuilt = built;
diff --git a/res/ide-support/eclipse/eclipse.project
b/res/ide-support/eclipse/eclipse.project
index 75504fb..8139e41 100644
--- a/res/ide-support/eclipse/eclipse.project
+++ b/res/ide-support/eclipse/eclipse.project
@@ -16,7 +16,7 @@
limitations under the License.
-->
<projectDescription>
- <name>tomcat-9.0.x</name>
+ <name>tomcat-10.1.x</name>
<comment></comment>
<projects>
</projects>
diff --git a/res/ide-support/eclipse/start-tomcat.launch
b/res/ide-support/eclipse/start-tomcat.launch
index 49cf8bf..b0f3eb5 100644
--- a/res/ide-support/eclipse/start-tomcat.launch
+++ b/res/ide-support/eclipse/start-tomcat.launch
@@ -17,13 +17,13 @@
-->
<launchConfiguration type="org.eclipse.jdt.launching.localJavaApplication">
<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_PATHS">
-<listEntry
value="/tomcat-9.0.x/java/org/apache/catalina/startup/Bootstrap.java"/>
+<listEntry
value="/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java"/>
</listAttribute>
<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_TYPES">
<listEntry value="1"/>
</listAttribute>
<stringAttribute key="org.eclipse.jdt.launching.MAIN_TYPE"
value="org.apache.catalina.startup.Bootstrap"/>
<stringAttribute key="org.eclipse.jdt.launching.PROGRAM_ARGUMENTS"
value="start"/>
-<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR"
value="tomcat-9.0.x"/>
-<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS"
value="-Dcatalina.home=${project_loc:/tomcat-9.0.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/>
+<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR"
value="tomcat-10.1.x"/>
+<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS"
value="-Dcatalina.home=${project_loc:/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/>
</launchConfiguration>
diff --git a/res/ide-support/eclipse/stop-tomcat.launch
b/res/ide-support/eclipse/stop-tomcat.launch
index 5d4ee25..1c7bcd3 100644
--- a/res/ide-support/eclipse/stop-tomcat.launch
+++ b/res/ide-support/eclipse/stop-tomcat.launch
@@ -17,13 +17,13 @@
-->
<launchConfiguration type="org.eclipse.jdt.launching.localJavaApplication">
<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_PATHS">
-<listEntry
value="/tomcat-9.0.x/java/org/apache/catalina/startup/Bootstrap.java"/>
+<listEntry
value="/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java"/>
</listAttribute>
<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_TYPES">
<listEntry value="1"/>
</listAttribute>
<stringAttribute key="org.eclipse.jdt.launching.MAIN_TYPE"
value="org.apache.catalina.startup.Bootstrap"/>
<stringAttribute key="org.eclipse.jdt.launching.PROGRAM_ARGUMENTS"
value="stop"/>
-<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR"
value="tomcat-9.0.x"/>
-<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS"
value="-Dcatalina.home=${project_loc:/tomcat-9.0.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/>
+<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR"
value="tomcat-10.1.x"/>
+<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS"
value="-Dcatalina.home=${project_loc:/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/>
</launchConfiguration>
diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml
index 10b3978..22c8ddf 100644
--- a/res/maven/mvn-pub.xml
+++ b/res/maven/mvn-pub.xml
@@ -15,7 +15,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<project name="Tomcat 10.0 Maven Deployment" default="" basedir="."
+<project name="Tomcat 10.1 Maven Deployment" default="" basedir="."
xmlns:resolver="antlib:org.apache.maven.resolver.ant"
xmlns:if="ant:if"
xmlns:unless="ant:unless">
@@ -495,7 +495,7 @@
<param name="maven.repo.repositoryId"
value="${maven.snapshot.repo.repositoryId}"/>
<param name="maven.repo.url" value="${maven.snapshot.repo.url}"/>
- <param name="maven.deploy.version" value="10.0-SNAPSHOT"/>
+ <param name="maven.deploy.version" value="10.1.0-SNAPSHOT"/>
<param name="maven.deploy.binary.version"
value="${maven.asf.release.deploy.version}-dev"/>
</antcall>
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 8a1a666..cd72824 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
maven.asf.release.repo.repositoryId=apache.releases.https
# Release version info
-maven.asf.release.deploy.version=10.0.7
+maven.asf.release.deploy.version=10.1.0-M1
#Where do we load the libraries from
tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ea8d6df..0a7fa14 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,15 @@
They eventually become mixed with the numbered issues (i.e., numbered
issues do not "pop up" wrt. others).
-->
-<section name="Tomcat 10.0.7 (markt)" rtext="in development">
+<section name="Tomcat 10.1.0-M1 (markt)" rtext="in development">
+ <subsection name="General">
+ <changelog>
+ <scode>
+ This release contains all of the changes upto and including those in
+ Apache Tomcat 10.0.6 plus the additional changes listed below. (markt)
+ </scode>
+ </changelog>
+ </subsection>
<subsection name="Catalina">
<changelog>
<fix>
@@ -183,2307 +191,5 @@
</changelog>
</subsection>
</section>
-<section name="Tomcat 10.0.6 (markt)" rtext="2021-05-12">
- <subsection name="Catalina">
- <changelog>
- <scode>
- Expand coverage of unit tests for JNDIRealm using the UnboundID LDAP
SDK
- for Java. (markt)
- </scode>
- <fix>
- <bug>65224</bug>: Ensure the correct escaping of attribute values and
- search filters in the JNDIRealm. (markt)
- </fix>
- <fix>
- <bug>65235</bug>: Add missing attributes to the MBean descriptor file
- for the <code>RemoteIpValve</code>. (markt)
- </fix>
- <fix>
- <bug>65244</bug>: HandlesTypes should include classes that use
- the specified annotation types on fields or methods. (remm)
- </fix>
- <fix>
- <bug>65251</bug>: Correct a regression introduced in 10.0.3 that meant
- that the auto-deployment process may attempt a second, concurrent
- deployment of a web application that is being deployed by the Manager
- resulting in one of the deployments failing and errors being reported.
- (markt)
- </fix>
- <fix>
- Improve the <code>SSLValve</code> so it is able to handle escaped
- client certificate headers from Nginx. Based on a patch by Florent
- Guillaume. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Ensure that all HTTP requests that contain an invalid character in the
- protocol component of the request line are rejected with a 400 response
- rather than some requests being rejected with a 505 response. (markt)
- </fix>
- <fix>
- When generating the error message for an HTTP request with an invalid
- request line, ensure that all the available data is included in the
- error message. (markt)
- </fix>
- <fix>
- <bug>65272</bug>: Restore the optional HTTP feature that allows
- <code>LF</code> to be treated as a line terminator for the request line
- and/or HTTP headers lines as well as the standard <code>CRLF</code>.
- This behaviour was previously removed as a side-effect of the fix for
- CVE-2020-1935. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <scode>
- Review code used to generate Java source from JSPs and tags and remove
- code found to be unnecessary. (markt)
- </scode>
- <update>
- <code><servlet></code> entries in web.xml that include a
- <code><jsp-file></code> element and a negative
- <code><load-no-startup></code> element that is not the default
- value of <code>-1</code> will no longer be loaded at start-up. This
- makes it possible to define a <code><jsp-file></code> that will
- not be loaded at start-up. (markt)
- </update>
- <fix>
- Allow the JSP configuration option
- <code>useInstanceManagerForTags</code> to be used with Tags that are
- implemented as inner classes. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <scode>
- Refactor the way Tomcat passes path parameters to POJO end points to
- simplify the code. (markt)
- </scode>
- <fix>
- <bug>65262</bug>: Refactor the creation of WebSocket end point, decoder
- and encoder instances to be more IoC friendly. Instances are now
created
- via the <code>InstanceManager</code> where possible. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>65235</bug>: Correct name of <code>changeLocalName</code> in the
- documentation for the <code>RemoteIpValve</code>. (markt)
- </fix>
- <fix>
- <bug>65265</bug>: Avoid getting the boot classpath when it is not
- available in the Manager diagnostics. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Create OSGi <code>Require-Capability</code> sections in manifests for
- Jakarta API JARs manually rather than via the
- <code>aQute.bnd.annotation.spi.ServiceConsumer</code> annotation as
this
- triggers TCK failures for downstream consumers of the API JARs. (markt)
- </fix>
- <update>
- Update the packaged version of the Tomcat Native Library to 1.2.28.
- (markt)
- </update>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.22. (remm)
- </update>
- <update>
- Update the CXF module to Apache CXF 3.4.3. (remm)
- </update>
- <fix>
- <bug>65218</bug>: Update the version number shown on the left-hand
- banner of the Tomcat installer for Windows to Apache Tomcat 10. (markt)
- </fix>
- <fix>
- Move <code>SystemPropertySource</code> to be a regular class to allow
- more precise configuration if needed. The system property source will
- still always be enabled. (remm)
- </fix>
- <add>
- Improvements to Chinese translations. Provided by bytesgo. (mark)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <update>
- Update the version of the Tomcat Migration Tool for Jakarta EE used to
- provide automatic deployment for Java EE applications to 1.0.0. (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.5 (markt)" rtext="2021-04-06">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Avoid NPE when a JNDI reference cannot be resolved in favor of a
- NamingException. (remm)
- </fix>
- <fix>
- Avoid using reflection for setting properties on the webapp
- classloader. Based on a patch submitted by Romain Manni-Bucau. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Improve consistency of OpenSSL error stack handling in the TLS engine,
- and log all errors found as debug. (remm)
- </fix>
- <fix>
- Ensure that HTTP/2 streams are only recycled once as multiple attempts
- to recycle an HTTP/2 stream may result in
- <code>NullPointerException</code>s. (markt)
- </fix>
- <scode>
- Simplify the closing on an HTTP/2 stream when an error condition is
- present. (markt)
- </scode>
- <fix>
- <bug>64771</bug>: Prevent concurrent calls to
- <code>ServletInputStream.isReady()</code> corrupting the input buffer.
- (markt)
- </fix>
- <fix>
- <bug>65179</bug>: Ensure that the connection level flow control window
- from the client to the server is updated when handling DATA frames
- received for completed streams else the flow control window may become
- exhausted. (markt)
- </fix>
- <fix>
- <bug>65203</bug>: Fix a regression introduced in 10.0.4 that meant that
- an error during an asynchronous read broke all future asynchronous
reads
- associated with the same request instance. (markt)
- </fix>
- <fix>
- Disable keep-alive when inconsistent content delimitation is present in
- a request. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- Include the new <code>org.apache.jasper.optimizations</code> package in
- the list of OSGi exported packages for the Jasper embedded JAR. Patch
- provided by Sokratis Zappis. (markt)
- </fix>
- <add>
- Add a new option for the <code>trimSpaces</code> configuration.
- <code>extended</code> will attempt to remove leading and trailing
- whitespace from template text and collapse sequences of whitespace and
- newlines within template text into a single new line. Based on a pull
- request by kamnani. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Implement the first phase of reproducible builds. Sequential builds on
- the same machine now produce identical output provided that the Ant
- property <code>ant.tstamp.now.iso</code> is set. The minimum required
- Ant version is now 1.9.10. (markt)
- </add>
- <add>
- Improvements to Chinese translations. Provided by Ruan Wenjun. (mark)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations. Provided by kfujino and
- Shirayuking. (markt)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <update>
- Update the packaged version of the Tomcat Native Library to 1.2.27.
- (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.4 (markt)" rtext="2021-03-10">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Fix rename operation throwing an exception during the webapp migration
- process. (remm)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.3 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Revert an incorrect fix for a potential resource leak that broke
- deployment via the Ant deploy task. (markt)
- </fix>
- <fix>
- Improve error message for failed ConfigurationSource lookups in the
- Catalina implementation. (remm)
- </fix>
- <fix>
- <bug>65135</bug>: Rename Context method
- <code>isParallelAnnotationScanning</code> to
- <code>getParallelAnnotationScanning</code> for consistency and ease
- of use in JMX descriptors. (remm)
- </fix>
- <update>
- Allow the loader to directly use the Tomcat Migration Tool for
JakartaEE
- as a <code>ClassFileTransformer</code> using the
- <code>jakartaConverter</code> attribute. This only supports javax to
- jakarta conversion for classes, not for classloader resources or
- static files. (remm)
- </update>
- <add>
- Integrate the Tomcat Migration Tool for JakartaEE at deployment time.
- Java EE web applications placed in the <code>webapps-javaee</code>
- directory will be migrated to Jakarta EE 9 and placed in the
- <code>webapps</code> where it will be deployed (or not) based on the
- current settings for automatic deployment. (markt)
- </add>
- <fix>
- <bug>64938</bug>: Align the behaviour when <code>null</code> is passed
- to the <code>ServletResponse</code> methods
- <code>setCharacterEncoding()</code>, <code>setContentType()</code> and
- <code>setLocale()</code> with the recent clarification from the Jakarta
- Servlet project of the expected behaviour in these cases. (markt)
- </fix>
- <fix>
- Ensure that the <code>AsyncListener.onError()</code> event is triggered
- when a I/O error occurs during non-blocking I/O. There were some cases
- discovered where this was not happening. (markt)
- </fix>
- <add>
- Make the non-blocking I/O error handling more robust by handling the
- case where the application code swallows an <code>IOException</code> in
- <code>WriteListener.onWritePossible()</code> and
- <code>ReadListener.onDataAvailable()</code>. (markt)
- </add>
- <fix>
- Correct syntax error in output of <code>JsonErrorReportValve</code>.
- Pull request provided by Viraj Kanwade. (markt)
- </fix>
- <scode>
- Make the <code>StandardContext.postWorkDirectory()</code> protected
- rather than private to help users wishing to customise the default
- work directory behaviour. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- <bug>64943</bug>: Add support for Unix Domain Sockets to
- <code>org.apache.coyote.http11.Http11AprProtocol</code>. Depends on
- <code>tomcat-native</code> 1.2.26 and up. (minfrin)
- </add>
- <fix>
- <bug>65118</bug>: Fix a potential <code>NullPointerException</code>
when
- pruning closed HTTP/2 streams from the connection. (markt)
- </fix>
- <fix>
- Avoid NullPointerException when a secure channel is closed before the
- SSL engine was initialized. (remm)
- </fix>
- <fix>
- Ensure that the <code>ReadListener</code>'s <code>onError()</code>
event
- is triggered if the client closes the connection before sending the
- entire request body and the server is ready the request body using
- non-blocking I/O. (markt)
- </fix>
- <fix>
- <bug>65137</bug>: Ensure that a response is not corrupted as well as
- incomplete if the connection is closed before the response is fully
- written due to a write timeout. (markt)
- </fix>
- <fix>
- Related to bug <bug>65131</bug>, make sure all errors from OpenSSL are
- fully cleared, as there could be more than one error present after
- an operation (confirmed in the OpenSSL API documentation). (remm)
- </fix>
- <fix>
- Make handling of OpenSSL read errors more robust when plain text data
is
- reported to be available to read. (markt)
- </fix>
- <fix>
- Correct handling of write errors during non-blocking I/O to ensure that
- the associated <code>AsyncContext</code> was closed down correctly.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Remove the restriction that prevented the Manager web application
- deploying different web applications in parallel. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.21. (remm)
- </update>
- <update>
- Update the CXF module to Apache CXF 3.4.2. (remm)
- </update>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <add>
- Improvements to Brazilian Portuguese translations. Provided by Thiago.
- (mark)
- </add>
- <add>
- Improvements to Russian translations. Provided by Azat. (mark)
- </add>
- <add>
- Improvements to Chinese translations. Provided by shawn. (mark)
- </add>
- <update>
- Update to bnd 5.3.0. (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.2 (markt)" rtext="2021-02-02">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>65106</bug>: Fix the ConfigFileLoader handling of file URIs when
- running under a security manager on some JREs. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Ensure that SNI provided host names are matched to SSL virtual host
- configurations in a case insensitive manner. (markt)
- </fix>
- <fix>
- <bug>65111</bug>: Free direct memory buffers in the APR connector.
- (remm)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.1 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>60781</bug>: Escape elements in the access log that need to be
- escaped for the access log to be parsed unambiguously.
- (fschumacher/markt)
- </fix>
- <add>
- <bug>64110</bug>: Add support for additional TLS related request
- attributes that provide details of the protocols and ciphers requested
- by a client in the initial TLS handshake. (markt)
- </add>
- <add>
- Let the <code>RemoteCIDRValve</code> inherit from
- <code>RequestFilterValve</code> and support all of its features.
- Especially add support for connector specific configuration
- using <code>addConnectorPort</code>. (rjung)
- </add>
- <add>
- Add <code>peerAddress</code> to coyote request, which contains
- the IP address of the direct connection peer. If a reverse proxy
- sits in front of Tomcat and the protocol used is AJP or HTTP
- in combination with the <code>RemoteIp(Valve|Filter)</code>,
- the peer address might differ from the <code>remoteAddress</code>.
- The latter then contains the address of the client in front of the
- reverse proxy, not the address of the proxy itself.
- Support for the peer address has been added to the
- RemoteAddrValve and RemoteCIDRValve with the new attribute
- <code>usePeerAddress</code>. This can be used to restrict access
- to Tomcat based on the reverse proxy IP address, which is especially
- useful to harden access to AJP connectors. The peer address can also
- be logged in the access log using the new <code>%{peer}a</code>
- syntax. (rjung)
- </add>
- <fix>
- Avoid uncaught InaccessibleObjectException on Java 16 trying to clear
- references threads. (remm)
- </fix>
- <fix>
- <bug>65033</bug>: Fix JNDI realm error handling when connecting to a
- failed server when pooling was not enabled. (remm)
- </fix>
- <fix>
- <bug>65047</bug>: If the <code>AccessLogValve</code> is unable to open
- the access log file, include information on the current user in the
- associated log message (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Additional fix for <bug>64830</bug> to address an edge case that could
- trigger request corruption with h2c connections. (markt)
- </fix>
- <fix>
- <bug>64974</bug>: Improve handling of pipelined HTTP requests in
- combination with the Servlet non-blocking IO API. It was possible that
- some requests could get dropped. (markt)
- </fix>
- <add>
- Add support for using Unix domain sockets for NIO when running
- on Java 16 or later. This uses NIO specific
- <code>unixDomainSocketPath</code> and
- <code>unixDomainSocketPathPermissions</code> attributes.
- Based on a PR submitted by Graham Leggett. (remm)
- </add>
- <fix>
- <bug>65001</bug>: Fix error handling for exceptions thrown from calls
- to <code>ReadListener</code> and <code>WriteListener</code>. (markt)
- </fix>
- <fix>
- Avoid possible infinite loop in <code>OpenSSLEngine.unwrap</code>
- when the destination buffers state is changed concurrently. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <add>
- Add a new <code>StringInterpreter</code> interface that allows
- applications to provide customised string attribute value to type
- conversion within JSPs. This allows applications to provide a
conversion
- implementation that is optimised for the application. (markt)
- </add>
- <fix>
- <bug>64965</bug>: <code>JspContextWrapper.findAttribute</code> should
- ignore expired sessions rather than throw an
- <code>IllegalStateException</code>. (remm)
- </fix>
- <update>
- Update to the Eclipse JDT compiler 4.18. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>65007</bug>: Clarify that the commands shown in the TLS
- documentation for importing a signed TLS certificate from a certificate
- authority are typical examples that may need to be adjusted in some
- cases. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Tribes">
- <changelog>
- <fix>
- Work around DNS caching for the DNS provider of the cloud membership.
- (jfclere)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Improvements to Chinese translations. Provided by leeyazhou and Yi
Shen.
- (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <update>
- Update the packaged version of the Tomcat Native Library to 1.2.26.
- (markt)
- </update>
- <add>
- Update the internal fork of Apache Commons Pool to 2.9.1-SNAPSHOT
- (2021-01-15). (markt)
- </add>
- <add>
- Update the internal fork of Apache Commons DBCP to 2.9.0-SNAPSHOT
- (2021-01-15). (markt)
- </add>
- <update>
- Migrate to new code signing service. (markt)
- </update>
- <scode>
- Use <code>java.nio.file.Path</code> to test for one directory being a
- sub-directory of another in a consistent way. (markt)
- </scode>
- <update>
- Update to Commons Daemon 1.2.4. (markt)
- </update>
- <add>
- Improvements to Brazilian Portuguese translations. Provided by Rual
- Zaninetti Rosa and Lucas. (markt)
- </add>
- <add>
- Improvements to Russian translations. Provided by Polina and Azat.
- (markt)
- </add>
- <update>
- Update the NSIS Installer used to build the Windows installer to
version
- 3.06.1. (kkolinko)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.0 (markt)" rtext="2020-12-08">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>56181</bug>: Update the RemoteIpValve and RemoteIpFilter so that
- calls to <code>ServletRequest.getRemoteHost()</code> are consistent
with
- the return value of <code>ServletRequest.getRemoteAddr()</code> rather
- than always returning a value for the proxy. (markt)
- </fix>
- <fix>
- <bug>56890</bug>: Align the behaviour of
- <code>ServletContext.getRealPath(String path)</code> with the recent
- clarification from the Servlet specification project. If the path
- parameter does not start with <code>/</code> then Tomcat processes the
- call as if <code>/</code> is appended to the beginning of the
- provided path. (markt)
- </fix>
- <add>
- <bug>64080</bug>: Enhance the graceful shutdown feature. Includes a new
- option for <code>StandardService</code>,
- <code>gracefulStopAwaitMillis</code>, that allows a time to be
- specified to wait for client connections to complete and close before
- the Container hierarchy is stopped. (markt)
- </add>
- <fix>
- <bug>64921</bug>: Ensure that the
<code>LoadBalancerDrainingValve</code>
- uses the correct setting for the secure attribute for any session
- cookies it creates. Based on a pull request by Andreas Kurth. (markt)
- </fix>
- <fix>
- <bug>64947</bug>: Don't assume that the <code>Upgrade</code> header has
- been set on the <code>HttpServletResponse</code> before any call is
made
- to <code>HttpServletRequest.upgrade()</code>. (markt)
- </fix>
- <fix>
- Ensure that values are not duplicated when manipulating the vary
header.
- Based on a pull request by Fredrik Fall. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <update>
- The APR/Native Connectors for both HTTP and AJP have been deprecated
and
- will be removed in Apache Tomcat 10.1.x onwards. (markt)
- </update>
- <fix>
- <bug>64944</bug>: Ensure that the bytesSent metric is correctly updated
- when compression is enabled. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- <bug>64951</bug>: Fix a potential file descriptor leak when WebSocket
- connections are attempted and fail. Patch provided by Maurizio Adami.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Correct a regression in the addition of the HTTP header security filter
- to the examples web application that prevented the Servlet examples
that
- depend on the asynchronous API from functioning correctly.
- (kkolinko/markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Tribes">
- <changelog>
- <scode>
- Start all core threads when starting the receiver and dispatch
- interceptor. (kfujino)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.20. (remm)
- </update>
- <update>
- Update the CXF module to Apache CXF 3.4.1. (remm)
- </update>
- <add>
- <bug>64931</bug>: Implement validation of <code>changelog.xml</code>
- file at build time. (kkolinko)
- </add>
- <update>
- Update to Maven Ant Resolver Tasks 1.3.0. (markt)
- </update>
- <fix>
- <bug>62695</bug>: Provide SHA-256 and SHA-512 checksums for files
- published via Maven. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.0-M10 (markt)" rtext="2020-11-19">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>55559</bug>: Add a new attribute, <code>localJndiResource</code>,
- that allows a UserDatabaseRealm to obtain a UserDatabase instance from
- the local (web application) JNDI context rather than the global JNDI
- context. This option is only useful when the Realm is defined on the
- Context. (markt)
- </fix>
- <fix>
- <bug>64805</bug>: Correct imports used by <code>JMXProxyServlet</code>.
- (markt)
- </fix>
- <fix>
- Fix JNDIRealm pooling problems retrying on another bad connection. Any
- retries are made on a new connection, just like with the single
- connection scenario. Also remove all connections from the pool after
- an error. (remm)
- </fix>
- <fix>
- Remove the entry for
- <code>org.apache.tomcat.util.descriptor.tld.LocalStrings</code>
- from tomcat-embed-core's GraalVM tomcat-resource.json. It no more part
- of the jar since
- <a
href="https://github.com/apache/tomcat/commit/3815b4951eb3acd30a0b77aafa75fbdb928d5782";>
- Fix unwanted JPMS dependency of embed-core on embed-jasper</a>.
- (mgrigorov)
- </fix>
- <fix>
- Add <code>org.apache.coyote.http11.Http11Nio2Protocol</code> to the
list
- of classes which could be instantiated via reflection in GraalVM.
- (mgrigorov)
- </fix>
- <add>
- Add <code>JsonErrorReportValve</code> that extends the
- <code>ErrorReportValve</code> that returns response as JSON instead of
- HTML. (kfujino)
- </add>
- <add>
- Add GraalVM config for Tomcat JNI related classes. This makes it
- possible to use the APR protocol in GraalVM native images.
- To use it add the following to the native-image arguments:
-
<code>-H:JNIConfigurationResources=META-INF/native-image/org.apache.tomcat.embed/tomcat-embed-core/tomcat-jni.json</code>
- (mgrigorov)
- </add>
- <fix>
- JNDIRealm connections should only be created with the container
- classloader as the thread context classloader, just like for the JAAS
- realm. (remm)
- </fix>
- <add>
- <bug>64871</bug>: Log a warning if Tomcat blocks access to a file
- because it uses symlinks. (markt)
- </add>
- <update>
- Rename <code>JDBCStore</code> to <code>DataSourceStore</code>
- and remove bottlenecks for database backed session store. Legacy JDBC
- driver configuration is no longer supported. Patch submitted by
- Philippe Mouawad. (remm)
- </update>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Refactor the HTTP/2 window update handling for padding in data frames
to
- ensure that the connection window is correctly updated after a data
- frame with zero length padding is received. (markt)
- </fix>
- <fix>
- Fix processing of URIs with %nn encoded solidus characters when
- <code>encodedSolidusHandling</code> was set to <code>passthrough</code>
- and the encoded solidus was preceded by other %nn encoded characters.
- Based on a pull request by willmeck. (markt)
- </fix>
- <fix>
- <bug>63362</bug>: Add collection of statistics for HTTP/2, WebSocket
and
- connections upgraded via the HTTP upgrade mechanism. (markt)
- </fix>
- <fix>
- Restore exception catch around Poller.events, as it would cause
- the NIO poller thread to exit. This is a regression caused when
- the Poller.events method was refactored. (remm)
- </fix>
- <add>
- Provide messages for some <code>SocketTimeoutException</code> instances
- that did not have one. (markt)
- </add>
- <fix>
- Avoid most of the thread pool use during NIO2 socket accept. Patch
- submitted by Anil Gursel. (remm)
- </fix>
- <add>
- Add additional debug logging for I/O issues when communicating with the
- user agent. (markt)
- </add>
- <fix>
- <bug>64830</bug>: Fix concurrency issue in HPACK decoder. (markt)
- </fix>
- <fix>
- Fix a concurrency issue in the NIO connector that could cause newly
- created connections to be removed from the poller. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>64784</bug>: Don't include the time the Java file was generated as
- a comment when generating Java files for JSPs and/or tags if the Java
- file was created during pre-compilation. This is to aid repeatable
- builds. (markt)
- </fix>
- <fix>
- <bug>64794</bug>: Security exception reading system property on
- JspRuntimeLibrary use. (remm)
- </fix>
- <add>
- Add support for specifying Java 16 (with the value <code>16</code>) as
- the compiler source and/or compiler target for JSP compilation. If used
- with an ECJ version that does not support these values, a warning will
- be logged and the latest supported version will used. (markt)
- </add>
- <update>
- Update to the Eclipse JDT compiler 4.17. (markt)
- </update>
- <fix>
- <bug>64849</bug>: Correct JPMS metadata for the Jakarta Expression
- Language JARs to provide missing ServiceLoader information. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- <bug>64848</bug>: Fix a variation of this memory leak when a write I/O
- error occurs on a non-container thread. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>64799</bug>: Added missing resources to host-manager web app.
(isapir)
- </fix>
- <fix>
- <bug>64797</bug>: Align manager.xml template file in Host-Manager with
- context.xml of real Manager web application. (isapir)
- </fix>
- <add>
- Configure the examples web applications to set
- <code>SameSite=strict</code> for all cookies, including session
cookies,
- created by the application. (markt)
- </add>
- <add>
- Configure the examples, Manager and Host Manager to use the HTTP header
- security filter with default settings apart from no HSTS header. Based
- on a suggestion by Debangshu Kundu. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <add>
- Improvements to Russian translations. Provided by Azat. (markt)
- </add>
- <fix>
- <bug>64870</bug>: Update to bnd 5.3.0-SNAPSHOT to work around a
- <a href="https://bugs.openjdk.java.net/browse/JDK-8255854";>JRE bug</a>.
- (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.0-M9 (markt)" rtext="2020-10-09">
- <subsection name="Catalina">
- <changelog>
- <update>
- The health check valve will now check the state of its associated
- containers to report availability. (remm)
- </update>
- <fix>
- Fix race condition when saving and recycling session in
- <code>PersistentValve</code>. (kfujino)
- </fix>
- <update>
- Remove the JDBCRealm. (markt)
- </update>
- <fix>
- Correct numerous spellings throughout the code base. Based on a pull
- request from John Bampton. (markt)
- </fix>
- <fix>
- <bug>64715</bug>: Add PasswordValidationCallback to the Jakarta
- Authentication implementation. Patch provided by Robert Rodewald.
- (markt)
- </fix>
- <update>
- Allow using the utility executor for annotation scanning. Patch
- provided by Jatin Kamnani. (remm)
- </update>
- <fix>
- <bug>64751</bug>: Correct the JPMS module descriptor so the embedded
- JARs may be used with JPMS. (markt)
- </fix>
- <fix>
- When performing an incremental build, ensure bnd does not create
- unwanted JPMS dependencies between embedded JARs. (markt)
- </fix>
- <update>
- Add a bloom filter to speed up archive lookup and improve deployment
- speed of applications with a large number of JARs. Patch
- provided by Jatin Kamnani. (remm)
- </update>
- <fix>
- Throw <code>SQLException</code> instead of
- <code>NullPointerException</code> when failing to connect to the
- database. (kfujino)
- </fix>
- <fix>
- <bug>64735</bug>: Ensure that none of the methods on a
- <code>ServletContext</code> instance always fail when running under a
- SecurityManager. Pull request provided by Kyle Stiemann. (markt)
- </fix>
- <fix>
- <bug>64765</bug>: Ensure that the number of currently processing
threads
- is tracked correctly when a web application is undeployed, long running
- requests are being processed and
- <code>renewThreadsWhenStoppingContext</code> is enabled for the web
- application. (markt)
- </fix>
- <add>
- Improve the error messages when running under JPMS without the
necessary
- options to enable reflection required by the memory leak prevention /
- detection code. (markt)
- </add>
- <fix>
- When estimating the size of a resource in the static resource cache,
- include a specific allowance for the path to the resource. Based on a
- pull request by blueSky1825821. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Do not send an HTTP/2 PING frame to measure round-trip time when it is
- known that the HTTP/2 connection is not in a good state. (markt)
- </fix>
- <fix>
- Ensure HTTP/2 timeouts are processed for idle connections. (markt)
- </fix>
- <fix>
- <bug>64743</bug>: Correct a regression introduced in 10.0.0-M7 that
- caused a <code>Connection: close</code> header to be added to the
- response if the Connector was configured with
- <code>maxSwallowSize=-1</code>. (markt)
- </fix>
- <fix>
- When logging HTTP/2 debug messages, use consistent formatting for
stream
- identifiers. (markt)
- </fix>
- <fix>
- Correct some double counting in the code that tracks the number of
- in-flight asynchronous requests. The tracking enables Tomcat to
shutdown
- gracefully when asynchronous processing is in use. (markt)
- </fix>
- <fix>
- Improve the error handling for the HTTP/2 connection preface when the
- Connector is configured with <code>useAsyncIO="true"</code>.
- (markt)
- </fix>
- <fix>
- Refactor the handling of closed HTTP/2 streams to reduce the heap usage
- associated with used streams and to retain information for more streams
- in the priority tree. (markt)
- </fix>
- <fix>
- Don't send the Keep-Alive response header if the connection has been
- explicitly closed. (markt)
- </fix>
- <fix>
- <bug>64710</bug>: Avoid a <code>BufferOverflowException</code> if an
- HTTP/2 connection is closed while the parser still has a partial HTTP/2
- frame in the input buffer. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- Use lazy instantiation to improve the performance when working with
- listeners added to the <code>ELContext</code>. Pull request provided by
- Thomas Andraschko. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <add>
- Configure the Manager and Host Manager web applications to set
- <code>SameSite=strict</code> for all cookies, including session
cookies,
- created by the application. (markt)
- </add>
- <fix>
- Update the Manager How-To in the documentation web application to
- clarify when a user may wish to deploy additional instances of the
- Manager web application. (markt)
- </fix>
- <fix>
- <bug>64774</bug>: Review references to Tomcat 9 in the documentation
- web application and remove them or update them to refer to Tomcat 10 as
- appropriate. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update to Commons Daemon 1.2.3. This adds support to jsvc for
- <code>--enable-preview</code> and native memory tracking (Procrun
- already supported these features), adds some additional debug logging
and
- adds a new feature to Procrun that outputs the command to
(re-)configure
- the service with the current settings. (markt)
- </update>
- <add>
- When building, only rebuild JAR files (including OSGi and JPMS
metadata)
- if the contents has changed. (markt)
- </add>
- <add>
- Improvements to Chinese translations. Pull request provided by Yang
- Yang. (markt)
- </add>
- <add>
- Expand coverage of Russian translations. Pull request provided by
- Nikolay Gribanov. (markt)
- </add>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.18. (remm)
- </update>
- <update>
- Update the CXF module to Apache CXF 3.4.0. (remm)
- </update>
- <fix>
- Fix running service.bat when called from <code>$CATALINA_HOME</code>.
- (markt)
- </fix>
- <fix>
- Complete the fix for <bug>63815</bug>. Users wishing to use system
- properties that require quoting with <code>catalina.sh</code> and the
- <code>debug</code> option must use a JRE that includes the fix for <a
-
href="https://bugs.openjdk.java.net/browse/JDK-8234808";>JDK-8234808</a>.
- (markt)
- </fix>
- <add>
- Improvements to Chinese translations. Provided by leeyazhou. (markt)
- </add>
- <add>
- Improvements to Czech translations. Provided by Dušan Hlaváč and Arnošt
- Havelka. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <add>
- Improvements to Spanish translations. Provided by Andrewlanecarr.
- (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.0-M8 (markt)" rtext="2020-09-14">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>64582</bug>: Pre-load the <code>CoyoteOutputStream</code> class to
- prevent a potential exception when running under a security manager.
- Patch provided by Johnathan Gilday. (markt)
- </fix>
- <fix>
- <bug>64593</bug>: If a request is not matched to a Context, delay
- issuing the 404 response to give the rewrite valve, if configured, an
- opportunity to rewrite the request. (remm/markt)
- </fix>
- <fix>
- Change top package name for generated embedded classes to avoid
- conflict with default host name on case insensitive filesystems.
- (remm)
- </fix>
- <fix>
- Add missing code generation for remaining digester rules. (remm)
- </fix>
- <update>
- Add a dedicated loader for generated code to avoid dynamic class
- loading. (remm)
- </update>
- <add>
- Refactor the Default servlet to provide a single method that can be
- overridden (<code>generateETag()</code>) should a custom entity tag
- format be required. (markt)
- </add>
- <fix>
- Improve the validation of entity tags provided with conditional
- requests. Requests with headers that contain invalid entity tags will
be
- rejected with a 400 response code. Improve the matching algorithm used
- to compare entity tags in conditional requests with the entity tag for
- the requested resource. Based on a pull request by Sergey Ponomarev.
- (markt)
- </fix>
- <fix>
- Correct the description of the storage format for salted hashes in the
- Javadoc for <code>MessageDigestCredentialHandler</code> and refactor
the
- associated code for clarity.
- Based on a patch provided by Milo van der Zee. (markt)
- </fix>
- <fix>
- Correct the path validation to allow the use of the file system root
for
- the <code>docBase</code> attribute of a <code>Context</code>. Note that
- such a configuration should be used with caution. (markt)
- </fix>
- <add>
- Added filtering expression for requests that are not supposed to use
- session in <code>PersistentValve</code>. (kfujino)
- </add>
- <fix>
- Use the correct method to calculate session idle time in
- <code>PersistentValve</code>. (kfujino)
- </fix>
- <fix>
- Fix path used by the health check valve when it is not associated with
- a <code>Context</code>. (remm)
- </fix>
- <fix>
- <bug>64712</bug>: The JASPIC authenticator now checks the
- <code>ServerAuthModule</code> for
- <code>jakarta.servlet.http.authType</code> and, if present, uses the
- value provided. Based on a patch by Robert Rodewald. (markt)
- </fix>
- <fix>
- <bug>64713</bug>: The JASPIC authenticator now checks the value of
- <code>jakarta.servlet.http.registerSession</code> set by the
- <code>ServerAuthModule</code> when deciding whether or nor to register
- the session. Based on a patch by Robert Rodewald. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- <bug>57661</bug>: For requests containing the
- <code>Expect: 100-continue</code> header, add optional support to delay
- sending an intermediate 100 status response until the servlet reads the
- request body, allowing the servlet the opportunity to respond without
- asking for the request body. Based on a pull request by malaysf.
(markt)
- </add>
- <fix>
- Remove deprecated <code>CookieProcessor.generateHeader</code> method.
- (remm)
- </fix>
- <fix>
- Refactor the implementation of
- <code>ServletInputStream.available()</code> to provide a more accurate
- return value, particularly when end of stream has been reached. (markt)
- </fix>
- <fix>
- Refactor the stopping of the acceptor to ensure that the acceptor
thread
- stops when a connector is started immediately after it is stopped.
- (markt)
- </fix>
- <fix>
- <bug>64614</bug>: Improve compatibility with FIPS keystores. When a
FIPS
- keystore is configured and the keystore contains multiple keys, the
- alias attribute will be ignored and the key used will be implementation
- dependent. (jfclere)
- </fix>
- <fix>
- <bug>64621</bug>: Improve handling HTTP/2 stream reset frames received
- from clients. (markt)
- </fix>
- <fix>
- <bug>64660</bug>: Avoid a potential NPE in the AprEndpoint if a socket
- is closed in one thread at the same time as the poller is processing an
- event for that socket in another. (markt)
- </fix>
- <fix>
- <bug>64671</bug>: Avoid several potential NPEs introduced in the
changes
- in the previous release to reduce the memory footprint of closed HTTP/2
- streams. (markt)
- </fix>
- <fix>
- Refactor the HTTP/2 implementation to more consistently return a stream
- closed error if errors occur after a stream has been reset by the
- client. (markt)
- </fix>
- <fix>
- Improve handling of HTTP/2 stream level flow control errors and notify
- the stream immediately if it is waiting for an allocation when the flow
- control error occurs. (markt)
- </fix>
- <fix>
- Ensure that window update frames are sent for HTTP/2 connections to
- account for DATA frames containing padding including when the
associated
- stream has been closed. (markt)
- </fix>
- <fix>
- Ensure that window update frames are sent for HTTP/2 connections and
- streams to account for DATA frames containing zero-length padding.
- (markt)
- </fix>
- <fix>
- <bug>64710</bug>: Revert the changes to reduce the memory footprint of
- closed HTTP/2 streams as they triggered multiple regressions in the
form
- of <code>NullPointerException</code>s. (markt)
- </fix>
- <fix>
- Ensure that the HTTP/2 overhead protection check is performed after
- each HTTP/2 frame is processed. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- Requests received via proxies may be marked as using the
<code>ws</code>
- or <code>wss</code> protocol rather than <code>http</code> or
- <code>https</code>. Ensure that such requests are not rejected. PR
- provided by Ronny Perinke. (markt)
- </fix>
- <fix>
- <bug>64848</bug>: Fix a potential issue where the write lock for a
- WebSocket connection may not be released if an exception occurs during
- the write. (markt)
- </fix>
- <add>
- <bug>64644</bug>: Add support for a read idle timeout and a write idle
- timeout to the WebSocket session via custom properties in the user
- properties instance associated with the session. Based on a pull
request
- by sakshamverma. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Remove the localization of the text output of the Manager application
- list of contexts and the Host Manager application list of hosts so that
- the output is more consistent. PR provided by Holomark. (markt)
- </fix>
- <fix>
- Clean-up / standardize the XSL files used to generate the
documentation.
- PR provided by John Bampton. (markt)
- </fix>
- <fix>
- <bug>62723</bug>: Clarify the effects of some options for cluster
- <code>channelSendOptions</code>. Patch provided by Mitch Claborn.
- (schultz)
- </fix>
- <fix>
- Remove the out of date functional specification section from the
- documentation web application. (markt)
- </fix>
- <fix>
- Extracted CSS styles from the Manager we application for better code
- maintenance and replaced the GIF logo with SVG. (isapir)
- </fix>
- <add>
- Add document for <code>PersistentValve</code>. (kfujino)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Correct a regression in the fix for <bug>64540</bug> and include
- <code>org.apache.tomcat.util.modeler.modules</code> and
- <code>org.apache.tomcat.util.net.jsse</code> in the list of exported
- packages. (markt)
- </fix>
- <fix>
- Remove the local copy of the <code>javax.transaction.xa</code> package
- which is only used during compilation. The package is provided by the
- JRE from Java 1.4 onwards so the local copy should be unnecessary.
- (markt)
- </fix>
- <fix>
- Rename the local copy of the <code>javax.xml.ws</code> package to
- <code>jakarta.xml.ws</code>. (markt)
- </fix>
- <add>
- Improve the quality of the Japanese translations provided with Apache
- Tomcat. Includes contributions from Yuki Shira. (markt)
- </add>
- <fix>
- <bug>64645</bug>: Use a non-zero exit code if the
- <code>service.bat</code> does not complete normally. (markt)
- </fix>
- <add>
- Update the internal fork of Apache Commons BCEL to 6.5.0. Code clean-up
- only. (markt)
- </add>
- <add>
- Update the internal fork of Apache Commons Codec to 53c93d0
(2020-08-18,
- 1.15-SNAPSHOT). Code clean-up. (markt)
- </add>
- <add>
- Update the internal fork of Apache Commons FileUpload to c25a4e3
- (2020-08-26, 2.0-SNAPSHOT). Code clean-up and RFC 2231 support. (markt)
- </add>
- <add>
- Update the internal fork of Apache Commons Pool to 2.8.1. Code clean-up
- and improved abandoned pool handling. (markt)
- </add>
- <add>
- Update the internal fork of Apache Commons DBCP to 6d232e5 (2020-08-11,
- 2.8.0-SNAPSHOT). Code clean-up various bug fixes. (markt)
- </add>
- <update>
- Update the packaged version of the Tomcat Native Library to 1.2.25.
- (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.0-M7 (markt)" rtext="2020-07-05">
- <subsection name="Catalina">
- <changelog>
- <add>
- Remove the error message on start if <code>java.io.tmpdir</code> is
- missing and add an explicit error message on application deployment
when
- the sole feature that depends on it (anti-resource locking) is
- configured and can't be used. (markt)
- </add>
- <update>
- Implement a significant portion of the TLS environment variables for
- the rewrite valve. (remm)
- </update>
- <add>
- Add the Jakarta EE 9 schema. (markt)
- </add>
- <fix>
- <bug>64506</bug>: Correct a potential race condition in the resource
- cache implementation that could lead to
- <code>NullPointerException</code>s during class loading. (markt)
- </fix>
- <add>
- Add <code>application/wasm</code> to the media types recognised by
- Tomcat. Based on a PR by Thiago Henrique Hüpner. (markt)
- </add>
- <fix>
- Fix a bug in <code>HttpServlet</code> so that a <code>405</code>
- response is returned for an HTTP/2 request if the mapped servlet does
- implement the requested method rather than the more general
- <code>400</code> response. (markt)
- </fix>
- <add>
- Add generated classes using Tomcat embedded as an optional replacement
- for the Catalina configuration files. (remm)
- </add>
- <fix>
- <bug>64541</bug>: Refactor the DTD used to validate
- <code>mbeans-descriptors.xml</code> files to avoid issues when XML
- entity expansion is limited or disabled. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- Include a <code>Connection: close</code> HTTP header when committing a
- response and it is known that the <code>maxSwallowSize</code> limit is
- going to be exceeded. (markt)
- </add>
- <fix>
- <bug>64509</bug>: Correctly parse RFC 2109 version 1 cookies that use a
- comma as a separator between cookies when using the RFC 6265 cookie
- processor. Based on a patch by W J Carpenter. (markt)
- </fix>
- <fix>
- Fix the utility code that converted IPv6 addresses to a canonical form
- to correctly handle input addresses that ended with a pair of colons.
- Based on a patch by syarramsetty-skyhook. (markt)
- </fix>
- <fix>
- Correctly parse RFC 2109 version 1 cookies that have additional linear
- white space around cookie attribute names and values when using the RFC
- 6265 cookie processor. (markt)
- </fix>
- <fix>
- Once an HTTP/2 stream has been closed, ensure that the code that cleans
- up references that are no longer required is called. (markt)
- </fix>
- <fix>
- Reduce the memory footprint of closed HTTP/2 streams. (markt)
- </fix>
- <fix>
- Ensure that the HTTP/1.1 processor is correctly recycled when a direct
- connection to h2c is made. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <update>
- Update the JSP document validation to permit <code>3.0</code> as a
valid
- version attribute for the <code><jsp-root></code> element.
(markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- <bug>64560</bug>: Refactor the replication of a changed session ID for
a
- replicated session so that the list of changes associated with the
- session is not reset when the session ID changes. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- <bug>64563</bug>: Add additional validation of payload length for
- WebSocket messages. (markt)
- </fix>
- <fix>
- Correct the calculation of payload length when four or more bytes are
- required to represent the payload length. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web Applications">
- <changelog>
- <update>
- Update all web applications to use the Jakarta EE 9 schema for web.xml.
- (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Fix incorrect version format in OSGi manifests. Patch provided by
- Raymond Augé. (markt)
- </fix>
- <fix>
- <bug>64513</bug>: Remove bndlib from dependencies as it is not
required.
- Pull request provided by Raymond Augé. (markt)
- </fix>
- <fix>
- <bug>64515</bug>: Bnd files don't need to be filtered (save some work).
- Pull request provided by Raymond Augé. (markt)
- </fix>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.17. (remm)
- </update>
- <fix>
- <bug>64514</bug>: Fixes some missing class dependency issues in
bootstrap
- to address packaging/dependency concerns for JPMS and OSGi. Pull
request
- provided by Raymond Augé. (markt)
- </fix>
- <fix>
- <bug>64521</bug>: Avoid moving i18n translations into classes dir since
- they are packaged into separate jars. Pull request provided by Raymond
- Augé. (markt)
- </fix>
- <fix>
- <bug>64522</bug>: Package jars in effective dependency order. Pull
- request provided by Raymond Augé. (markt)
- </fix>
- <fix>
- Store common build details in a shared build-defaults.bnd. Pull
- request provided by Raymond Augé. (markt)
- </fix>
- <fix>
- <bug>64532</bug>: Update to bnd 5.1.1. Pull request provided by Raymond
- Augé. (markt)
- </fix>
- <fix>
- <bug>64540</bug>: Switch from bndwrap task to bnd task, begin
generating
- a better manifest and make sure the resulting jar contents are correct.
- Pull request provided by Raymond Augé. (markt)
- </fix>
- <fix>
- <bug>64544</bug>: Add built libs to the bnd classpath for
introspection.
- Pull request provided by Raymond Augé. (markt)
- </fix>
- <add>
- Improve the quality and expand the coverage of the French translations
- provided with Apache Tomcat. (remm)
- </add>
- <fix>
- <bug>64548</bug>: Generate JPMS metadata. (rotty3000)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.0-M6 (markt)" rtext="2020-06-07">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>64432</bug>: Correct a refactoring regression that broke handling
- of multi-line configuration in the RewriteValve. Patch provided by Jj.
- (markt)
- </fix>
- <fix>
- Fix use of multiple parameters when defining RewriteMaps.
- (remm/fschumacher)
- </fix>
- <update>
- Add the special internal rewrite maps for case modification and
- escaping. (remm/fschumacher)
- </update>
- <fix>
- Correct a regression in an earlier fix that broke the loading of
- configuration files such as keystores via URIs on Windows. (markt)
- </fix>
- <fix>
- Implement a few rewrite SSL env that correspond to Servlet request
- attributes. (remm)
- </fix>
- <update>
- <bug>64442</bug>: Be more flexible with respect to the ordering of
- groups, roles and users in the <code>tomcat-users.xml</code> file.
- (fschumacher)
- </update>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <update>
- Add support for ALPN on recent OpenJDK 8 releases. (remm)
- </update>
- <fix>
- <bug>64467</bug>: Improve performance of closing idle HTTP/2 streams.
- (markt)
- </fix>
- <update>
- Expose server certificate through the <code>SSLSupport</code>
- interface. (remm)
- </update>
- <add>
- <bug>64483</bug>: Log a warning if an AJP request is rejected because
it
- contains an unexpected request attribute. (markt)
- </add>
- <fix>
- <bug>64485</bug>: Fix possible resource leak getting last modified from
- <code>ConfigurationSource.Resource</code>. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <update>
- Update the Jakarta Server Pages API implementation to align with
- specification updates to use generics and add missing
- <code>@Deprecated</code> annotations. (markt)
- </update>
- <fix>
- <bug>64488</bug>: Ensure that the ImportHandler from the Expression
- Language API is able to load classes from the Java runtime when running
- under a SecurityManager. Based on a patch by Volodymyr Siedleck.
(markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <add>
- Add default implementations for <code>init()</code> and
- <code>destroy()</code> to the <code>Encoder</code> and
- <code>Decoder</code> interfaces. (markt)
- </add>
- <fix>
- Consistently throw a <code>DeploymentException</code> when an invalid
- endpoint path is specified and catch invalid endpoint paths earlier.
- (markt)
- </fix>
- <add>
- Include the target URL in the log message when a WebSocket connection
- fails. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update the list of known <code>Charset</code>s in the
- <code>CharsetCache</code> to include <code>ISO-8859-16</code>, added in
- OpenJDK 15. (markt)
- </update>
- <add>
- Improve the quality and expand the coverage of the French translations
- provided with Apache Tomcat. (remm)
- </add>
- <add>
- <bug>64430</bug>: Add support for the <code>CATALINA_OUT_CMD</code>
- environment variable that defines a command to which captured stdout
and
- stderr will be redirected. Patch provided by Harald Dunkel. (markt)
- </add>
- <update>
- Switch from the unsupported Maven Ant Tasks to the supported Maven
- Resolver Ant Tasks to upload artifacts to the ASF Maven repository (and
- from there to Maven Central). (markt)
- </update>
- <update>
- Update dependency on bnd to 5.1.0. (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.0-M5 (markt)" rtext="2020-05-11">
- <subsection name="Catalina">
- <changelog>
- <update>
- Remove <code>useAprConnector</code> flag from
- <code>AprLifecycleListener</code> so that the only way to use the APR
- connectors is to set the full class name. (remm)
- </update>
- <add>
- <bug>59203</bug>: Before calling <code>Thread.stop()</code> (if
- configured to do so) on a web application created thread that is not
- stopped by the web application when the web application is stopped, try
- interrupting the thread first. Based on a pull request by Govinda
- Sakhare. (markt)
- </add>
- <fix>
- <bug>62912</bug>: Don't mutate an application provided content header
if
- it does not contain a charset. Also remove the outdated workaround for
- the buggy Adobe Reader 9 plug-in for IE. (markt)
- </fix>
- <scode>
- Remove the <code>reloadable</code> attribute from the
- <code>Loader</code> interface as it is duplicated on the
- <code>Context</code> interface. (markt)
- </scode>
- <fix>
- Reduce reflection use and remove AJP specific code in the Connector.
- (remm/markt/fhanik)
- </fix>
- <fix>
- Rework the fix for <bug>64021</bug> to better support web applications
- that use a custom class loader that loads resources from non-standard
- locations. (markt)
- </fix>
- <update>
- Remove redundant sole path/URI from error page message on SC_NOT_FOUND.
- (michaelo)
- </update>
- <add>
- Log a warning if a <code>CredentialHandler</code> instance is added to
- an instance of the <code>CombinedRealm</code> (or a sub-class) as the
- <code>CombinedRealm</code> doesn't use a configured
- <code>CredentialHandler</code> and it is likely that a configuration
- error has occurred. (markt)
- </add>
- <add>
- Add more descriptive error message in DefaultServlet for SC_NOT_FOUND.
- (michaelo)
- </add>
- <fix>
- <bug>64309</bug>: Improve the regular expression used to search for
- class loader repositories when bootstrapping Tomcat. Pull request
- provided by Paul Muriel Biya-Bi. (markt)
- </fix>
- <fix>
- <bug>64384</bug>: Fix multipart configuration ignoring some parameters
- in some cases. (schultz)
- </fix>
- <add>
- <bug>64386</bug>: WebdavServlet does not send "getlastmodified"
- property for resource collections. (michaelo)
- </add>
- <update>
- Remove reason phrase on WebDAV Multi-Status (207) response. (michaelo)
- </update>
- <fix>
- <bug>64398</bug>: Change default value separator for property
- replacement to <code>:-</code> due to possible conflicts. The
- syntax is now <code>${name:-default}</code>. (remm)
- </fix>
- <add>
- Improve validation of storage location when using FileStore. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Move <code>SocketProperties</code> mbean to its own type rather than
- use a subType to improve robustness with tools. (remm)
- </fix>
- <fix>
- Include the problematic data in the error message when reporting that
- the provided request line contains an invalid component. (markt)
- </fix>
- <fix>
- Improve the handling of requests that use an expectation. Do not
disable
- keep-alive where the response has a non-2xx status code but the request
- body has been fully read. (rjung/markt)
- </fix>
- <fix>
- <bug>64403</bug>: Ensure that compressed HTTP/2 responses are not sent
- with a content length header appropriate for the original, uncompressed
- response. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <update>
- Remove redundant sole path/URI from error page message on SC_NOT_FOUND.
- (michaelo)
- </update>
- <add>
- Add more descriptive error message in DefaultServlet for SC_NOT_FOUND.
- (michaelo)
- </add>
- <fix>
- <bug>64373</bug>: When a tag file is packaged in a WAR and then that
WAR
- is unpacked in <code>/WEB-INF/classes</code> ensure that the tag file
- can still be found. Patch provided by Karl von Randow. (markt)
- </fix>
- <fix>
- Ensure that the Jasper code that interfaces with the Eclipse Compiler
- for Java (ECJ) enables Jasper to compile JSPs using ECJ 4.14 onwards
- when the JSPs have inner classes. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <update>
- Refactor Tribes BufferPool and add the
- <code>org.apache.catalina.tribes.io.BufferPool.DEFAULT_POOL_SIZE</code>
- system property to configure its size. (remm)
- </update>
- <update>
- Remove java.io based Tribes receiver and sender, in favor of NIO which
- was the default. (remm)
- </update>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Fix the saving of a Context configuration file via the scripting
- interface of the Manager web application. (markt)
- </fix>
- <add>
- Add a section to the TLS Connector documentation on different key store
- types and how to configure them. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update JUnit to version 4.13. (markt)
- </update>
- <fix>
- Add missing entries to test class path in sample NetBeans configuration
- files. Patch provided by Brian Burch. (markt)
- </fix>
- <scode>
- Refactor to use parameterized <code>Collection</code> constructors
where
- possible. Pull request provided by Lars Grefer. (markt)
- </scode>
- <scode>
- Refactor to use empty arrays with <code>Collections.toArray()</code>.
- Pull request provided by Lars Grefer. (markt)
- </scode>
- <scode>
- Refactor loops with a condition to exit as soon as the condition is
met.
- Pull request provided by Lars Grefer. (markt)
- </scode>
- <scode>
- Refactor bulk addition to collections to use <code>addAll()</code>
- rather than a loop. Pull request provided by Lars Grefer. (markt)
- </scode>
- <add>
- Expand the coverage of the Chinese translations provided with Apache
- Tomcat. Contributions provided by winsonzhao, ZhangJieWen and Lee
- Yazhou. (markt)
- </add>
- <add>
- Improve the quality and expand the coverage of the French translations
- provided with Apache Tomcat. (remm)
- </add>
- <add>
- Improve the quality of the Japanese translations provided with Apache
- Tomcat. Includes contributions from Yoshy. (markt)
- </add>
- <add>
- Improve the quality of the German translations provided with Apache
- Tomcat. (markt)
- </add>
- <update>
- Update the packaged version of the Tomcat Native Library to 1.2.24.
- (markt)
- </update>
- <scode>
- Refactor to use enhanced for loops where possible. Pull request by Lars
- Grefer. (markt)
- </scode>
- <add>
- Improve IDE support for IntelliJ IDEA. Patch provided by Lars Grefer.
- (markt)
- </add>
- <add>
- Improve the coverage and quality of the Korean translations provided
- with Apache Tomcat. (woonsan)
- </add>
- <update>
- Update dependency on bnd to 5.0.1. (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.0-M4 (markt)" rtext="2020-04-08">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Ensure all URL patterns provided via web.xml are %nn decoded
- consistently using the encoding of the web.xml file where specified and
- UTF-8 where no explicit encoding is specified. (markt)
- </fix>
- <update>
- Allow a comma separated list of class names for the
- <code>org.apache.tomcat.util.digester.PROPERTY_SOURCE</code>
- system property. (remm)
- </update>
- <fix>
- <bug>64149</bug>: Avoid NPE when using the access log valve without
- a pattern. (remm)
- </fix>
- <fix>
- <bug>64226</bug>: Reset timezone after parsing a date since the date
- format is reused. Test case submitted by Gary Thomas. (remm)
- </fix>
- <fix>
- <bug>64247</bug>: Using a wildcard for <code>jarsToSkip</code> should
- not override a possibly present <code>jarsToScan</code>. Based on code
- submitted by Iridias. (remm)
- </fix>
- <update>
- Refactor DefaultServlet to avoid using an internal Range structure that
- is duplicated from the parsing result. (remm)
- </update>
- <update>
- Remove
-
<code>org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH</code>
- system property, replaced by the <code>allowBackslash</code> attribute
- on the Connector. (remm)
- </update>
- <update>
- Remove
-
<code>org.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER</code>
- system property, replaced by the
- <code>enforceEncodingInGetWriter</code> attribute on the Connector.
- (remm)
- </update>
- <update>
- Remove
- <code>org.apache.catalina.session.StandardSession.ACTIVITY_CHECK</code>
- system property, replaced by the <code>sessionActivityCheck</code>
attribute
- on the Manager. (remm)
- </update>
- <update>
- Remove
-
<code>org.apache.catalina.session.StandardSession.LAST_ACCESS_AT_START</code>
- system property, replaced by the
- <code>sessionLastAccessAtStart</code> attribute on the Manager. (remm)
- </update>
- <update>
- Remove
- <code>org.apache.catalina.core.StandardHostValve.ACCESS_SESSION</code>
- system property, replaced by the
- <code>alwaysAccessSession</code> attribute on the Context. (remm)
- </update>
- <update>
- Remove
-
<code>org.apache.catalina.core.ApplicationContext.GET_RESOURCE_REQUIRE_SLASH</code>
- system property, replaced by the
- <code>contextGetResourceRequiresSlash</code> attribute on the Context.
(remm)
- </update>
- <update>
- Remove
-
<code>org.apache.catalina.core.ApplicationDispatcher.WRAP_SAME_OBJECT</code>
- system property, replaced by the
- <code>dispatcherWrapsSameObject</code> attribute on the Context. (remm)
- </update>
- <fix>
- <bug>64265</bug>: Fix ETag comparison performed by the default servlet.
- The default servlet always uses weak comparison. (markt)
- </fix>
- <update>
- Remove
-
<code>org.apache.catalina.authenticator.Constants.SSO_SESSION_COOKIE_NAME</code>
- system property, replaced by the
- <code>cookieName</code> attribute on the SSO valve. (remm)
- </update>
- <fix>
- Add support for default values when using <code>${...}</code> property
- replacement in configuration files. Based on a pull request provided by
- Bernd Bohmann. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- When closing a NIO channel, avoid canceling keys as a workaround for
- deadlocks when running on Java 11. Excessive internal NIO
- synchronization on channel close is resolved starting with this
- Java version. (remm)
- </fix>
- <add>
- When configuring an HTTP Connector, ensure that the encoding specified
- for <code>URIEncoding</code> is a superset of US-ASCII as required by
- RFC7230. (markt)
- </add>
- <fix>
- Avoid always retrieving the NIO poller selection key when processing
- to reduce sync. (remm)
- </fix>
- <fix>
- <bug>64240</bug>: Ensure that HTTP/0.9 requests that contain additional
- data on the request line after the URI are treated consistently. Such
- requests will now always be treated as HTTP/1.1. (markt)
- </fix>
- <add>
- Expose the HTTP/2 connection ID and stream ID to applications via the
- request attributes <code>org.apache.coyote.connectionID</code> and
- <code>org.apache.coyote.streamID</code> respectively. (markt)
- </add>
- <add>
- Replace the system property
- <code>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</code>
- with the Connector attribute <code>encodedSolidusHandling</code> that
- adds an additional option to pass the <code>%2f</code> sequence through
- to the application without decoding it in addition to rejecting such
- sequences and decoding such sequences. (markt)
- </add>
- <add>
- Expose the associated <code>HttpServletRequest</code> to the
- <code>CookieProcessor</code> when generating a cookie header so the
- header can be tailored based on the properties of the request, such as
- the user agent, if required. Based on a patch by Lazar Kirchev. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <update>
- Update to the Eclipse JDT compiler 4.15. (markt)
- </update>
- <add>
- Add support for specifying Java 14 (with the value <code>14</code>) and
- Java 15 (with the value <code>15</code>) as the compiler source and/or
- compiler target for JSP compilation. If used with an ECJ version that
- does not support these values, a warning will be logged and the latest
- supported version will used. (markt)
- </add>
- <update>
- Remove Jasper configuration using system properties and replace them
- by a new set of JSP Servlet init parameters. (remm)
- </update>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Correct the documentation web application to remove references to the
- <code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> system
- property changing the default for the <code>URIEncoding</code>
attribute
- of the Connector. (markt)
- </fix>
- <fix>
- Correct the documentation web application to remove references to the
- <code>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</code>
- system property changing how the sequence <code>%5c</code> is
- interpreted in a URI. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Tribes">
- <changelog>
- <scode>
- Remove support for the deprecated system property
- <code>org.apache.catalina.tribes.dns_lookups</code>. The default value
- of <code>false</code> will now always be used. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Improve the quality and expand the coverage of the French translations
- provided with Apache Tomcat. Contribution provided by Tom Bens. (remm)
- </add>
- <add>
- Expand the coverage of the Chinese translations provided with Apache
- Tomcat. Contribution provided by Lee Yazhou. (markt)
- </add>
- <fix>
- <bug>64270</bug>: Set the documented default umask of <code>0027</code>
- when using jsvc via <code>daemon.sh</code> and allow the umask used to
- be configured via the <code>UMASK</code> environment variable as it is
- when using <code>catalina.sh</code>. (markt)
- </fix>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.16. (remm)
- </update>
- <update>
- Update the CXF module to Apache CXF 3.3.6. (remm)
- </update>
- <fix>
- Remove the <code>LOGGING_CONFIG</code> environment variable and
- replace it with the <code>CATALINA_LOGGING_CONFIG</code> environment
- variable to avoid clashes with other components that use
- <code>LOGGING_CONFIG</code>. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.0-M3 (markt)" rtext="2020-03-16">
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>64202</bug>: Use a loop on NIO blocking reads, as it is possible
- zero bytes are produced by a network read. (markt/remm)
- </fix>
- <fix>
- <bug>64210</bug>: Correct a regression in the improvements to HTTP
- header validation that caused requests to be incorrectly treated as
- invalid if a <code>CRLF</code> sequence was split between TCP packets.
- Improve validation of request lines, including for HTTP/0.9 requests.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- <bug>64206</bug>: Correct a regression introduced in 10.0.0-M1 that
- meant that the HTTP port specified when using the Windows Installer was
- ignored and 8080 was always used. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.0-M2 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <scode>
- Refactor <code>HttpServlet.doOptions()</code> to improve performance.
- (markt)
- </scode>
- <update>
- Disable StandardManager session persistence by default. It can be
- enabled back in <code>context.xml</code>. (remm)
- </update>
- <add>
- Add extension point to DeltaSession to improve subclassing.
- Patch provided by ThStock. (schultz)
- </add>
- <fix>
- <bug>64153</bug>: Ensure that the parent for the web application class
- loader is set consistently. (markt)
- </fix>
- <fix>
- <bug>64166</bug>: Ensure that the names returned by
- <code>HttpServletResponse.getHeaderNames()</code> are unique. (markt)
- </fix>
- <scode>
- Rename
<code>org.apache.tomcat.util.digester.Digester$EnvironmentPropertySource</code>
- to
- <code>org.apache.tomcat.util.digester.EnvironmentPropertySource</code>.
- Patch provided by Bernd Bohmann. (markt)
- </scode>
- <fix>
- <bug>63286</bug>: Resolve inconsistencies with access log valve. This
- changes the element API to use a nanosecond resolution elapsed time
- argument. (remm)
- </fix>
- <add>
- Add new attribute <code>persistAuthentication</code> to both
- <code>StandardManager</code> and <code>PersistentManager</code> to
- support authentication persistence. Patch provided by Carsten Klein.
- (markt)
- </add>
- <fix>
- <bug>64184</bug>: Avoid repeated log messages if a
- <code>MemoryUserDatabase</code> is configured but the specified
- configuration file is missing. (markt)
- </fix>
- <add>
- <bug>64189</bug>: Expose the web application version String as a
- <code>ServletContext</code> attribute named
- <code>org.apache.catalina.webappVersion</code>. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Fix support of native jakarta servlet attributes in AJP connector.
- (remm)
- </fix>
- <update>
- <bug>56966</bug>: Add use of System.nanoTime to track request
- execution time. (remm)
- </update>
- <fix>
- <bug>64141</bug>: If using a CA certificate, remove a default value
- for the truststore file when not using a JSSE configuration. (remm)
- </fix>
- <fix>
- Improve robustness of OpenSSLEngine shutdown. Based on code submitted
- by Manuel Dominguez Sarmiento. (remm)
- </fix>
- <fix>
- Add the TLS request attributes used by IIS to the attributes that an
AJP
- Connector will always accept. (markt)
- </fix>
- <fix>
- A zero length AJP secret will now behave as if it has not been
- specified. (remm)
- </fix>
- <fix>
- <bug>64188</bug>: If an error occurs while committing or flushing the
- response when using a multiplexing protocol like HTTP/2 that requires
- the channel to be closed but not the connection, just close the channel
- and allow the other channels using the connection to continue. Based on
- a suggestion from Alejandro Anadon. (markt)
- </fix>
- <fix>
- Correct the semantics of <code>getEnableSessionCreation</code> and
- <code>setEnableSessionCreation</code> for <code>OpenSSLEngine</code>.
- Pull request provided by Alexander Scheel. (markt)
- </fix>
- <fix>
- <bug>64192</bug>: Correctly handle case where unread data is returned
to
- the read buffer when the read buffer is non empty. Ensure a gathering
- TLS read stops once the provided ByteBuffers are full or no more data
is
- available. (markt)
- </fix>
- <fix>
- Allow async requests to complete cleanly when the Connector is paused
- before <code>complete()</code> is called on a container thread. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- Allow configuring the <code>DNSMembershipProvider</code> using the
- <code>dns</code> alias. Submitted by Bernd Bohmann. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <add>
- Expand the documentation for the <code>address</code> attribute of the
- AJP Connector and document that the AJP Connector also supports the
- <code>ipv6v6only</code> attribute with the APR/Native implementation.
- (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.15. (remm)
- </update>
- <update>
- Update the CXF module to Apache CXF 3.3.5. (remm)
- </update>
- <add>
- Expand the coverage of the Korean translations provided with Apache
- Tomcat. Contributions provided by B. Cansmile Cha. (markt)
- </add>
- <add>
- Expand the coverage of the French translations provided with Apache
- Tomcat. (remm)
- </add>
- <add>
- <bug>64190</bug>: Add support for specifying milliseconds (using
- <code>S</code>, <code>SS</code> or <code>SSS</code>) in the timestamp
- used by JULI's <code>OneLineFormatter</code>. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.0.0-M1 (markt)" rtext="2020-02-20">
- <subsection name="General">
- <changelog>
- <scode>
- This release contains all of the changes upto and including those in
- Apache Tomcat 9.0.31 plus the additional changes listed below. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Catalina">
- <changelog>
- <update>
- Refactor recycle facade system property into a new connector attribute
- named <code>discardFacades</code> and enable it by default. (remm)
- </update>
- <update>
- Update to Jakarta Servlet 5.0, Jakarta Server Pages 3.0. Jakarta
- Expression Language 4.0, Jakarta WebSocket 2.0, Jakarta Authentication
- 2.0 and Jakarta Annotations 2.0. (markt)
- </update>
- <update>
- Remove GenericPrincipal.getPassword. The credentials should remain
- managed by the realm. (remm)
- </update>
- <update>
- Add connection pooling to JNDI realm. (remm)
- </update>
- <update>
- Use <code><request-character-encoding></code> and
- <code><response-character-encoding></code> in
- <code>conf/web.xml</code> to set the default request and response
- character encodings to UTF-8. (markt)
- </update>
- <fix>
- Store config compatibility with HostWebXmlCacheCleaner listener. (remm)
- </fix>
- <fix>
- Modify the <code>RewriteValve</code> to use
- <code>ServletRequest.getServerName()</code> to populate the
- <code>HTTP_HOST</code> variable rather than extracting it from the
- <code>Host</code> header as this allows HTTP/2 to be supported. (markt)
- </fix>
- <fix>
- Switch Tomcat embedded to loading MIME type mappings from a property
- file generated from the default <code>web.xml</code> so the MIME type
- mappings are consistent regardless of how Tomcat is started. (markt)
- </fix>
- <fix>
- Missing store config attributes for Resources elements. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <update>
- Update endpoint cache sizes defaults. (remm)
- </update>
- <update>
- Remove unused NIO blocking selector. (remm)
- </update>
- <add>
- When using an AJP Connector, convert Java Servlet specific request
- attributes to the Jakarta Servlet equivalent. (markt)
- </add>
- <add>
- When reporting / logging invalid HTTP headers encode any non-printing
- characters using the 0xNN form. (markt)
- </add>
- <update>
- Remove duplication of HTTP/1.1 configuration on the HTTP/2
- UpgradeProtocol element. Configuration from the main Connector element
- will now be used. (remm)
- </update>
- <fix>
- When the NIO or APR/native connectors were configured with
- <code>useAsyncIO="true"</code> and a zero length read or write was
- performed, the read/write would time out rather than return
immediately.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <scode>
- Parameterize JSP version and API class names in localization messages
to
- allow simpler re-use between major versions. (markt)
- </scode>
- <fix>
- Ensure that TLD files listed in the <code>jsp-config</code> section of
- <code>web.xml</code> that are registered in the
- <code>uriTldResourcePathMap</code> with the URI specified in
- <code>web.xml</code> are also registered with the URI in the TLD file
if
- it is different. Patch provided by Markus Lottmann. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- Fix cloud environment lookup order and add a dedicated
- <code>DNS_MEMBERSHIP_SERVICE_NAME</code> environment for use with the
- DNS membership provider. Submitted by Bernd Bohmann. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- <bug>53620</bug>: JULI now only creates logging files when there is a
- log entry to write. Based on a patch by Karol Bucek. (markt)
- </fix>
- <fix>
- Update implemented specification version information in a few places
- where it has not been updated for Jakarta EE 9. (markt)
- </fix>
- <add>
- Expand the coverage of the French translations provided with Apache
- Tomcat. (remm)
- </add>
- <add>
- Expand the coverage of the Chinese translations provided with Apache
- Tomcat. Contribution provided by BoltzmannWxd. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
</body>
</document>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index b51a0d0..8c807fa 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1238,7 +1238,7 @@
<p>In addition to the standard TLS related request attributes defined in
section 3.10 of the Servlet specification, Tomcat supports a number of
additional TLS related attributes. The full list may be found in the <a
- href="http://tomcat.apache.org/tomcat-10.0-doc/api/index.html";>SSLSupport
+ href="http://tomcat.apache.org/tomcat-10.1-doc/api/index.html";>SSLSupport
Javadoc</a>.</p>
<p>For more information, see the
diff --git a/webapps/docs/tomcat-docs.xsl b/webapps/docs/tomcat-docs.xsl
index 8aa9e9d..acdb0e4 100644
--- a/webapps/docs/tomcat-docs.xsl
+++ b/webapps/docs/tomcat-docs.xsl
@@ -35,9 +35,9 @@
<xsl:param name="apache-logo" select="'/images/asf-logo.svg'"/>
<xsl:param name="subdir" select="''"/>
<xsl:param name="relative-path" select="'.'"/>
- <xsl:param name="version" select="'10.0.x'"/>
+ <xsl:param name="version" select="'10.1.x'"/>
<xsl:param name="majorversion" select="'10'"/>
- <xsl:param name="majorminorversion" select="'10.0'"/>
+ <xsl:param name="majorminorversion" select="'10.1'"/>
<xsl:param name="minjavaversion" select="'8'"/>
<xsl:param name="build-date" select="'MMM d yyyy'"/>
<xsl:param name="build-date-iso-8601" select="'yyyy-MM-dd'"/>
@@ -45,7 +45,7 @@
<xsl:param name="buglink"
select="'https://bz.apache.org/bugzilla/show_bug.cgi?id='"/>
<xsl:param name="prlink"
select="'https://github.com/apache/tomcat/pull/'"/>
<xsl:param name="revlink"
select="'https://svn.apache.org/viewvc?view=rev&rev='"/>
- <xsl:param name="doclink"
select="'https://tomcat.apache.org/tomcat-10.0-doc'"/>
+ <xsl:param name="doclink"
select="'https://tomcat.apache.org/tomcat-10.1-doc'"/>
<xsl:param name="sylink"
select="'https://tomcat.apache.org/security-10.html'"/>
<xsl:param name="dllink"
select="'https://tomcat.apache.org/download-10.cgi'"/>
<xsl:param name="sitedir" select="''"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
