Author: rjung
Date: Tue Oct 28 14:44:08 2008
New Revision: 708686
URL: http://svn.apache.org/viewvc?rev=708686&view=rev
Log:
Add news page for 2008 and update front page
for 1.2.27.
Added:
tomcat/connectors/trunk/jk/xdocs/news/20081001.xml (with props)
Modified:
tomcat/connectors/trunk/jk/xdocs/index.xml
Modified: tomcat/connectors/trunk/jk/xdocs/index.xml
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/index.xml?rev=708686&r1=708685&r2=708686&view=diff
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/index.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/index.xml Tue Oct 28 14:44:08 2008
@@ -45,6 +45,16 @@
<section name="Headlines">
<br />
<ul>
+<li><a href="news/20081001.html#28 October - JK-1.2.27 released">28 October
2008 - <b>JK-1.2.27 released</b></a>
+<p>The Apache Tomcat team is proud to announce the immediate availability
+of Tomcat Connectors 1.2.27 Stable. This release contains interesting <a
href="news/20081001.html#28 October - JK-1.2.27 released">improvements</a>.
+</p>
+<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.27/tomcat-connectors-1.2.27-src.tar.gz";>JK
1.2.27 release sources</a>
+ | <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.27/tomcat-connectors-1.2.27-src.tar.gz.asc";>PGP
signature</a>
+</p>
+<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/";>binaries</a>
for selected platforms.
+</p>
+</li>
<li><a href="news/20070301.html#20071221.1">21 December 2007 - <b>JK-1.2.26
released</b></a>
<p>The Apache Tomcat team is proud to announce the immediate availability
of Tomcat Connectors 1.2.26 Stable.
@@ -65,106 +75,6 @@
<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/";>binaries</a>
for selected platforms.
</p>
</li>
-<li><a href="news/20070301.html#20070727.1">27 July 2007 - <b>JK-1.2.24
released</b></a>
-<p><b>This release has been withdrawn.</b>
-</p>
-</li>
-<li><a href="news/20070301.html#20070518.1">18 May 2007 - <b>JK-1.2.23
released</b></a>
-<p>The Apache Tomcat team is proud to announce the immediate availability
-of Tomcat Connectors 1.2.23 Stable.
-</p>
-<p>This version addresses the security flaw:
-<br />
-<a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860";><b>CVE-2007-1860</b></a>
-A double encoded ".." in a URL can be used to access URLs on the AJP backend,
-for which no mod_jk forwarding rule exists (patch for CVE-2007-0450 was
insufficient).
-</p><p>
-This version fixes the problem by using ForwardURICompatUnparsed
-as the default for the forwarding JkOption.
-You can similarly fix the problem for all previous versions of mod_jk by
setting
-"JkOption ForwardURICompatUnparsed".
-If you upgrade to version 1.2.23 please ensure, that you do not have
-a different forwarding option in your existing configuration.
-We highly recommend, that you are consulting the
-<a href="reference/apache.html#Forwarding">forwarding documentation</a>,
-especially concerning the implications for interaction with mod_rewrite.
-</p><p>
-Please note that this issue only affects configurations,
-which use a prefix forwarding rule like "/myapp/*" or "/myapp/*.jsp"
-to restrict access to the context "/myapp". The issue will allow
-malicious URLs to reach "/otherapp" or "/otherapp/*.jsp" as well.
-</p><p>
-The Tomcat Project thanks Kazu Nambo for his responsible reporting of this
-vulnerability.
-</p>
-<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.23/tomcat-connectors-1.2.23-src.tar.gz";>JK
1.2.23 release sources</a>
- | <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.23/tomcat-connectors-1.2.23-src.tar.gz.asc";>PGP
signature</a>
-</p>
-<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/";>binaries</a>
for selected platforms.
-</p>
-</li>
-<li><a href="news/20070301.html#20070417.1">17 April 2007 - <b>JK-1.2.22
released</b></a>
-<p>The Apache Tomcat team is proud to announce the immediate availability
-of Tomcat Connectors 1.2.22 Stable.
-</p>
-<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.22/tomcat-connectors-1.2.22-src.tar.gz";>JK
1.2.22 release sources</a>
- | <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.22/tomcat-connectors-1.2.22-src.tar.gz.asc";>PGP
signature</a>
-</p>
-<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/";>binaries</a>
for selected platforms.
-</p>
-</li>
-<li><a href="news/20070301.html#20070301.1">1 March 2007 - <b>JK-1.2.21
released</b></a>
-<p>The Apache Tomcat team is proud to announce the immediate availability
-of Tomcat Connectors 1.2.21 Stable.
-</p>
-<p>This version addresses the security flaw:
-<br />
-<a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774";><b>CVE-2007-0774</b></a>
-A Long URL Stack Overflow Vulnerability exists in the URI handler for the
mod_jk library.
-When parsing a long URL request, the URI worker map routine performs an
-unsafe memory copy. This results in a stack overflow condition which can
-be leveraged execute arbitrary code.
-</p><p>
-Please note this issue only affected versions 1.2.19 and 1.2.20 of the
-JK Apache Tomcat Connector and not previous versions.
-Tomcat 5.5.20 and Tomcat 4.1.34
-included a vulnerable version in their source packages.
-<strong>No </strong>other source code releases <strong> and no binary
packages</strong>
-of Tomcat were affected.
-</p><p>
-The Apache Tomcat project recommends that all users who have built mod_jk from
source apply the patch or upgrade to the latest level and rebuild. Providers of
mod_jk-based modules in pre-compiled form will be able to determine if this
vulnerability applies to their builds. That determination has no bearing on any
other builds of mod_jk, and mod_jk users are urged to exercise caution and
apply patches or upgrade unless they have specific instructions from the
provider of their module.
-</p><p>
-The Tomcat Project thanks an anonymous researcher working with
-TippingPoint (www.tippingpoint.com) and the Zero Day Initiative
-(www.zerodayintiative.com) for their responsible reporting of this
-vulnerability.
-</p>
-<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.21/tomcat-connectors-1.2.21-src.tar.gz";>JK
1.2.21 release sources</a>
- | <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.21/tomcat-connectors-1.2.21-src.tar.gz.asc";>PGP
signature</a>
-</p>
-<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/";>binaries</a>
for selected platforms.
-</p>
-</li>
-<li><a href="news/20060101.html#20061210.1">10 December 2006 - <b>JK-1.2.20
released</b></a>
-<p>The Apache Tomcat team is proud to announce the immediate availability
-of Tomcat Connectors 1.2.20 Stable.
-</p>
-<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.20/tomcat-connectors-1.2.20-src.tar.gz";>JK
1.2.20 release sources</a>
- | <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.20/tomcat-connectors-1.2.20-src.tar.gz.asc";>PGP
signature</a>
-</p>
-<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/";>binaries</a>
for selected platforms.
-</p>
-</li>
-<li><a href="news/20060101.html#20060917.1">17 September 2006 - <b>JK-1.2.19
released</b></a>
-<p>The Apache Tomcat team is proud to announce the immediate availability
-of Tomcat Connectors 1.2.19 Stable.
-</p>
-<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.19/tomcat-connectors-1.2.19-src.tar.gz";>JK
1.2.19 release sources</a>
- | <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.19/tomcat-connectors-1.2.19-src.tar.gz.asc";>PGP
signature</a>
-</p>
-<p>Download the <a
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/";>binaries</a>
for selected platforms.
-</p>
-</li>
</ul>
</section>
Added: tomcat/connectors/trunk/jk/xdocs/news/20081001.xml
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/news/20081001.xml?rev=708686&view=auto
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/news/20081001.xml (added)
+++ tomcat/connectors/trunk/jk/xdocs/news/20081001.xml Tue Oct 28 14:44:08 2008
@@ -0,0 +1,188 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE document [
+ <!ENTITY project SYSTEM "project.xml">
+]>
+<document url="20081001.html">
+
+ &project;
+
+ <properties>
+ <author email="dev.AT.tomcat.DOT.apache.DOT.org">Apache Tomcat Connectors
Project</author>
+ <title>2008 News and Status</title>
+ </properties>
+
+<body>
+
+<section name="2008 News & Status">
+<br />
+<subsection name="28 October - JK-1.2.27 released">
+<a name="20081028.1"></a>
+<br />
+<p>The Apache Tomcat team is proud to announce the immediate availability
+of Tomcat Connectors 1.2.27. This is a stable release adding lots of new
features
+and some bug fixes.
+</p><p>
+ Please see the <a href="../miscellaneous/changelog.html">ChangeLog</a> for a
full list of changes.
+</p>
+<p>If you find any bugs while using this release, please fill in the
+<a
href="https://issues.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%20Connectors";>Bugzilla</a>
+Bug Report.
+</p>
+<p>
+The most important new features in this version are:
+</p>
+<h3>Watchdog Thread for Periodic Tasks</h3>
+<p>
+The connector has to run some periodic tasks independant of
+request processing. Examples are probing or closing down idle backend
+connections, adjusting load numbers and recovering workers from error state.
+</p>
+<p>
+Before version 1.2.27 these tasks were done inside the request processing loop.
+When a new request came in and the task was due, the thread handling the
+request first executed the internal task and then handled the request.
+If there were no requests coming in, the tasks would not run. If any of
+the tasks took unexpectedly long, the response time of the request waiting
+for the finishing of the task went up.
+</p>
+<p>
+Starting with this release you can configure a separate watchdog thread inside
+the web server to run all those tasks independantly of request processing.
+This new feature is avaliable for the connector when used with Apache httpd 2.x
+or with Microsoft IIS. To keep the behaviour of the new version consistent
+with previous releases, this feature is turned off by default.
+You can activate the watchdog thread via
+<a href="../reference/apache.html"><code>JkWatchdogInterval</code></a>
+for Apache or
+<a href="../reference/iis.html"><code>watchdog_interval</code></a>
+for IIS.
+</p>
+<h3>Connection Probing</h3>
+<p>
+In previous releases connection probing (checking whether connections still
work)
+could only be done immediately after a new connection was established and
+directly before sending each request. Since we now have the watchdog
+thread available, we also added a periodic probing option, which you
+can activate with the worker attribute
+<a href="../reference/workers.html"><code>ping_mode</code></a>.
+This will also be useful as a protection against the infamous firewall
+idle connection drop.
+</p>
+<p>
+The older attributes <code>connect_timeout</code> and
<code>prepost_timeout</code>
+still exist and work the same way they did in previous releases.
+Since there are now three different probing options, we recommend to migrate
+your configuration to the newer attributes <code>ping_mode</code>,
+<code>ping_timeout</code> and <code>connection_ping_interval</code>.
+</p>
+<h3>Mount Extensions</h3>
+<p>
+Usually one defines workers and mounts for the connector.
+A worker defines a backend we want to talk to and the configuration parameters
of the
+communication, connection pools etc. The mounts define which URIs we want to
forward to
+which worker (so we also call a mount an URI map rule).
+In version 1.2.27 you can overwrite certain worker parameter per mount.
+</p>
+<p>
+One easy to understand example is reply timeouts. Until this release you had
to specify
+a reply timeout for the whole worker. But reply times depend a lot on the type
of
+request. So normally you want to define a general reply timeout and
+for some special URLs you need to relax the reply timeout, because you know
those
+URLs take much longer to process (like e.g. reporting or other compute
intensive tasks).
+</p>
+<p>
+Another possible case is the activation status. You might use a load balancer
worker to
+forward requests to certain webapps in a farm of Tomcat nodes. If you wanted
+to update some webapp on one node, you previously had to stop forwarding
requests for
+all webapps on this Tomcat node. What was not possible until now, was stopping
forwarding
+requests restricted to the webapp and the node you wanted to update.
+</p>
+<p>
+Starting with this release, you can add so-called
+<a href="../reference/uriworkermap.html#Rule extensions">rule extensions</a>
+to your uriworkermap file to influence worker parameters per mount. This will
+work for all Apache versions and for IIS. Remember, that
+the uriworkermap file automatically gets reloaded after changes without web
server
+restart.
+</p>
+<h3>Improved IIS support</h3>
+<p>
+We improved IIS support im various ways. It is now possible to use
+multiple IIS 6 application pools with the ISAPI redirector.
+</p>
+<p>
+Furthermore some improvements were added as compile time features.
+The most notable one is chunked encoding support, which was a major
+refactoring and is therefore still considered experimental. You can
+download binaries with and without chunked encoding support. In future
+versions, chunked encoding will likely be availabe in all builds.
+</p>
+<p>
+Another new feature is an elegant way of configuring error page redirects.
+All new features are documented on the documentation page about
+<a href="../reference/iis.html">configuring IIS</a>.
+</p>
+<h3>Enhanced Status Worker</h3>
+<p>
+The
+<a href="../reference/status.html">status worker</a>
+now can also manage and show statistics for AJP workers that
+are not part of a load balancer. Other improvements are the new
<code>dump</code>
+action, the integration of the new configuration attributes, showing average
+request and transfer rates since the last statistics reset and the ability to
+display only a single member of a load balancer.
+</p>
+<p>
+Unfortunately we had to change
+<a href="../reference/status.html#Data Parameters for the standard Update
Action">some request parameters</a>
+used for the <code>update</code> action of the status worker.
+</p>
+<h3>Miscellaneous Improvements</h3>
+<p>
+Further enhancements are:
+<ul>
+<li>
+Configurable session stickyness indicator: cookie name and URL path
+parameter name can be freely chosen instead of the servlet spec compliant
+<code>JSESSIONID</code> and <code>;jsessionid</code>.
+</li>
+<li>
+Automatically determining the size of the shared memory segment needed
+to accommodate all workers.
+</li>
+<li>
+New connection establishment timeout <code>socket_connect_timeout</code>.
+</li>
+<li>
+New timeout <code>connection_acquire_timeout</code> for acquiring a free
connection from
+the pool.
+</li>
+<li>
+Improved retry handling by adjusting the meaning of the attribute
<code>retries</code> for
+AJP workers and for load balancers and by adding the new
<code>retry_interval</code>.
+</li>
+<li>
+Allowing the web server to provide error pages instead of Tomcat.
+</li>
+</ul>
+</p>
+</subsection>
+</section>
+</body>
+</document>
Propchange: tomcat/connectors/trunk/jk/xdocs/news/20081001.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: tomcat/connectors/trunk/jk/xdocs/news/20081001.xml
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
