Blame - tomcat-uidm/webapps/docs/changelog.html - UniIdentify/tomcat

Hongqing Liu

2014-10-15 13:31:32 +0800

<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 6.0 (6.0.41) - Changelog</title><meta name="author" content="Remy Maucherat"><meta name="author" content="Yoav Shapira"><meta name="author" content="Filip Hanik"><meta name="author" content="Rainer Jung"><meta name="author" content="Peter Rossbach"><meta name="author" content="Konstantin Kolinko"><meta name="author" content="Jean-Frederic Clere"><meta name="author" content="Keiichi Fujino"><meta name="author" content="Mladen Turk"><meta name="author" content="Tim Whittington"><meta name="author" content="Sylvain Laurent"><meta name="author" content="Christopher Schultz"><style type="text/css" media="print">

Hongqing Liu

fd5ee81

2014-05-10 16:32:51 +0800

[diff] [blame]

2

.noPrint {display: none;}

3

td#mainBody {width: 100%;}

4

</style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><tr><td><a href="http://tomcat.apache.org/"><img src="./images/tomcat.gif" align="right" alt="

5

The Apache Tomcat Servlet/JSP Container

Hongqing Liu

7189829

2014-10-15 13:31:32 +0800

[diff] [blame^]

6

" border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 6.0</font></h1><font face="arial,helvetica,sanserif">Version 6.0.41, May 19 2014</font></td><td><a href="http://www.apache.org/"><img src="./images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><td width="20%" valign="top" nowrap="nowrap" class="noPrint"><p><strong>Links</strong></p><ul><li><a href="index.html">Docs Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li></ul><p><strong>User Guide</strong></p><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="manager-howto.html">5) Manager</a></li><li><a href="realm-howto.html">6) Realms and AAA</a></li><li><a href="security-manager-howto.html">7) Security Manager</a></li><li><a href="jndi-resources-howto.html">8) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">9) JDBC DataSources</a></li><li><a href="class-loader-howto.html">10) Classloading</a></li><li><a href="jasper-howto.html">11) JSPs</a></li><li><a href="ssl-howto.html">12) SSL</a></li><li><a href="ssi-howto.html">13) SSI</a></li><li><a href="cgi-howto.html">14) CGI</a></li><li><a href="proxy-howto.html">15) Proxy Support</a></li><li><a href="mbeans-descriptor-howto.html">16) MBean Descriptor</a></li><li><a href="default-servlet.html">17) Default Servlet</a></li><li><a href="cluster-howto.html">18) Clustering</a></li><li><a href="balancer-howto.html">19) Load Balancer</a></li><li><a href="connectors.html">20) Connectors</a></li><li><a href="monitoring.html">21) Monitoring and Management</a></li><li><a href="logging.html">22) Logging</a></li><li><a href="apr.html">23) APR/Native</a></li><li><a href="virtual-hosting-howto.html">24) Virtual Hosting</a></li><li><a href="aio.html">25) Advanced IO</a></li><li><a href="extras.html">26) Additional Components</a></li><li><a href="maven-jars.html">27) Mavenized</a></li></ul><p><strong>Reference</strong></p><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Javadocs</a></li><li><a href="http://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul><p><strong>Apache Tomcat Development</strong></p><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="http://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="funcspecs/index.html">Functional Specs.</a></li></ul></td><td width="80%" valign="top" align="left" id="mainBody"><h1>Apache Tomcat 6.0</h1><h2>Changelog</h2><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.41"></a><a name="Tomcat_6.0.41"><strong>Tomcat 6.0.41</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong></strong></font></td></tr><tr><td colspan="2"><blockquote>

7

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.41/Jasper"></a><a name="Tomcat_6.0.41/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

8

9

10

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56529">56529</a>: Avoid <code>NoSuchElementException</code> while handling

11

attributes with empty string value in custom tags. Based on a patch

12

provided by Hariprasad Manchi. (violetagg/kkolinko)

13

</td></tr>

14

</table>

15

</blockquote></td></tr></table>

16

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.40"></a><a name="Tomcat_6.0.40"><strong>Tomcat 6.0.40</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

17

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.40/Catalina"></a><a name="Tomcat_6.0.40/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

18

19

20

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56027">56027</a>: Add more options for managing FIPS mode in the

21

AprLifecycleListener. (schultz/kkolinko)

22

</td></tr>

23

24

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56082">56082</a>: Fix a concurrency bug in JULI's LogManager

25

implementation. (markt)

26

</td></tr>

27

28

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56236">56236</a>: Enable Tomcat to work with alternative Servlet and

29

JSP API JARs that package the XML schemas in such as way as to require

30

a dependency on the JSP API before enabling validation for web.xml.

31

Tomcat has no such dependency. (markt)

32

</td></tr>

33

34

Change the default value of the <code>xmlBlockExternal</code> attribute

35

of Context elements. It is now <code>true</code>. (kkolinko)

36

</td></tr>

37

38

Don't log to standard out in SSLValve. (kkolinko/markt)

39

</td></tr>

40

41

Use StringBuilder in DefaultServlet. (kkolinko)

42

</td></tr>

43

44

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56275">56275</a>: Allow web applications to be stopped cleanly even if

45

filters throw exceptions when their destroy() method is called.

(markt/kkolinko)

</td></tr>

Redefine the <code>globalXsltFile</code> initialisation parameter of the

50

DefaultServlet as relative to CATALINA_BASE/conf or CATALINA_HOME/conf.

51

Prevent user supplied XSLTs used by the DefaultServlet from defining

52

external entities. (markt)

53

</td></tr>

54

55

Add a work around for validating XML documents (often TLDs) that use

56

just the file name to refer to refer to the JavaEE schema on which they

57

are based. (kkolinko)

58

</td></tr>

59

60

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56369">56369</a>: Ensure that removing an MBean notification listener

61

reverts all the operations performed when adding an MBean notification

listener. (markt)

</td></tr>

Only create XML parsing objects if required and fix associated potential

66

memory leak in the default Servlet. (markt)

67

</td></tr>

68

69

Ensure that a TLD parser obtained from the cache has the correct value

70

of <code>blockExternal</code>. (markt/kkolinko)

71

</td></tr>

72

73

Extend XML factory, parser etc. memory leak protection to cover some

74

additional locations where, theoretically, a memory leak could occur.

(markt)

</td></tr>

Add the <code>org.apache.naming</code> package to the packages requiring

79

code to have the <code>defineClassInPackage</code> permission when

80

running under a security manager. (markt)

81

</td></tr>

82

83

Add the <code>org.apache.naming.resources</code> package to the packages

84

requiring code to have the <code>accessClassInPackage</code> permission

85

when running under a security manager. (markt)

86

</td></tr>

87

88

Make the naming context tokens for containers more robust. Require

89

RuntimePermission when introducing a new token. (markt/kkolinko)

90

</td></tr>

91

</table>

92

</blockquote></td></tr></table>

93

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.40/Coyote"></a><a name="Tomcat_6.0.40/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

94

95

96

Improve processing of chuck size from chunked headers. Avoid overflow

97

and use a bit shift instead of a multiplication as it is marginally

98

faster. (markt/kkolinko)

99

</td></tr>

100

101

Fix possible overflow when parsing long values from a byte array.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56363">56363</a>: Update to version 1.1.30 of Tomcat Native library.

106

The minimum required version of this library for APR connector is now

1.1.30. (kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

111

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.40/Jasper"></a><a name="Tomcat_6.0.40/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

112

113

114

Change the default behaviour of JspC to block XML external entities by

default. (kkolinko)

</td></tr>

Restore the validateXml option to Jasper that was previously renamed

119

validateTld. Both options are now supported. validateXml controls the

120

validation of web.xml files when Jasper parses them and validateTld

121

controls the validation of *.tld files when Jasper parses them. (markt)

122

</td></tr>

123

124

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54475">54475</a>: Add Java 8 support to SMAP generation for JSPs. Patch

125

by Robbie Gibson. (markt)

126

</td></tr>

127

128

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56010">56010</a>: Don't throw an

129

<code>IllegalArgumentException</code> when

130

<code>JspFactory.getPageContext</code> is used with

131

<code>JspWriter.DEFAULT_BUFFER</code>. Based on a patch by Eugene Chung.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56265">56265</a>: Do not escape values of dynamic tag attributes

136

containing EL expressions. (kkolinko)

137

</td></tr>

138

139

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56283">56283</a>: Add support for running Tomcat 6 with

140

ecj-P20140317-1600.jar (as drop-in replacement for ecj-4.3.1.jar). Add

141

support for value "1.8" for the <code>compilerSourceVM</code> and

142

<code>compilerTargetVM</code> options. Note that ecj-P20140317-1600.jar

143

can only be used when running with Java 6 or later. The "1.8" options

144

make sense only when running with Java 8 (or later). (kkolinko)

145

</td></tr>

146

147

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56334">56334</a>: Fix a regression in the handling of back-slash

148

escaping introduced by the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55735">55735</a>. (markt/kkolinko)

149

</td></tr>

150

151

Correct the handling of back-slash escaping in the EL parser and no

152

longer require that <code>\$</code> or <code>\#</code> must be followed

153

by <code>{</code> in order for the back-slash escaping to take effect.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

158

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.40/Cluster"></a><a name="Tomcat_6.0.40/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

159

160

161

Refactor <code>AbstractReplicatedMap</code> and related classes to

162

enable Tomcat 6 to be compiled using Java 8. (markt)

163

</td></tr>

164

</table>

165

</blockquote></td></tr></table>

166

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.40/Web applications"></a><a name="Tomcat_6.0.40/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

167

168

169

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56093">56093</a>: Documentation for SSLValve. (markt/kkolinko)

170

</td></tr>

171

172

Correct documentation on Windows service options, aligning it with

173

Apache Commons Daemon documentation. (kkolinko)

174

</td></tr>

175

176

Add support for <code>version-major</code>,

177

<code>version-major-minor</code> tags in documentation XSLT, to simplify

178

documentation backports. (kkolinko)

179

</td></tr>

180

181

Fix target and rel attributes on links in documentation. They were

182

lost during XSLT transformation. (kkolinko)

183

</td></tr>

184

</table>

185

</blockquote></td></tr></table>

186

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.40/Other"></a><a name="Tomcat_6.0.40/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

187

188

189

Remove svn keywords (such as $Id) from source files and documentation.

(kkolinko)

</td></tr>

Improvements to the Windows installer, to align it with installing

194

the sevice with <code>service.bat</code>. Use explicit memory sizes

195

(--JvmMs 128 Mb and --JvmMx 256 Mb). Specify log directory path

196

when ininstalling, so that the log file is written to the Tomcat logs

197

directory, instead of "%SystemRoot%\System32\LogFiles\Apache".

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49993">49993</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56143">56143</a>: Improve <code>service.bat</code>

202

script. Allow it to be launched from non-UAC console. The UAC prompt

203

will be shown only once. Now there is no need to run the command shell

204

with elevated privileges. Improve check for <code>JAVA_HOME</code>

205

and add support for <code>JRE_HOME</code>. Warn if neither "client"

206

nor "server" JVM is found. Align classpath, display name and other

207

options with the <code>exe</code> installer. Make command names

208

case-insensitive. Update documentation. (kkolinko)

209

</td></tr>

210

</table>

211

</blockquote></td></tr></table>

212

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)"></a><a name="Tomcat_6.0.39_(markt)"><strong>Tomcat 6.0.39 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2014-01-31</strong></font></td></tr><tr><td colspan="2"><blockquote>

Hongqing Liu

fd5ee81

2014-05-10 16:32:51 +0800

[diff] [blame]

213

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Catalina"></a><a name="Tomcat_6.0.39_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

214

215

216

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55166">55166</a>: Fix regression that broke XML validation when running

217

on some Java 5 JVMs. (kkolinko)

218

</td></tr>

219

</table>

220

</blockquote></td></tr></table>

221

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Coyote"></a><a name="Tomcat_6.0.39_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

222

223

224

Make the HTTP NIO connector tolerant of whitespace in the individual

225

values used for the ciphers attribute. (markt)

226

</td></tr>

227

228

Remove dependency introduced on the jsp-api.jar as part of the XML

229

validation changes introduced in 6.0.38. (markt)

230

</td></tr>

231

</table>

232

</blockquote></td></tr></table>

233

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Jasper"></a><a name="Tomcat_6.0.39_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

234

235

236

Correct several errors in jspxml Schema and DTD. (kkolinko)

237

</td></tr>

238

</table>

239

</blockquote></td></tr></table>

240

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Cluster"></a><a name="Tomcat_6.0.39_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

241

242

243

Remove an empty TestTwoPhaseCommit test from Tribes. (kkolinko)

244

</td></tr>

245

</table>

246

</blockquote></td></tr></table>

247

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Web applications"></a><a name="Tomcat_6.0.39_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

248

249

250

Fix broken link in Jasper How-To documentation. (markt)

251

</td></tr>

252

253

Align index.html and index.jsp in ROOT web application. Correct links

254

to specifications and to the Tomcat mailing lists. (kkolinko)

255

</td></tr>

256

257

Remove second copy of RUNNING.txt from the full-docs distribution. Some

258

unpacking utilities can't handle multiple copies of a file with the same

259

name in a directory. (kkolinko)

260

</td></tr>

261

</table>

262

</blockquote></td></tr></table>

263

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Other"></a><a name="Tomcat_6.0.39_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

264

265

266

Update sample Eclipse IDE project: use JUnit 4 library and prefer a

267

Java 5 JDK when several JDKs are configured. Cleanup the Ant build

files. (kkolinko)

</td></tr>

Correct Maven dependencies for individual JAR files. (markt)

272

</td></tr>

273

</table>

274

</blockquote></td></tr></table>

275

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)"></a><a name="Tomcat_6.0.38_(markt)"><strong>Tomcat 6.0.38 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

276

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)/Catalina"></a><a name="Tomcat_6.0.38_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

277

278

279

Ensure that when Tomcat's anti-resource locking features are used

280

that the temporary copy of the web application and not the original is

281

removed when the web application stops. (markt/kkolinko)

282

</td></tr>

283

284

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55019">55019</a>: Fix a potential exception when accessing JSPs while

285

running under a SecurityManager. (jfclere)

286

</td></tr>

287

288

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55052">55052</a>: Make JULI's LogManager to additionally look for

289

logging properties without prefixes if the property cannot be found with

a prefix. (kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55266">55266</a>: Ensure that the session ID is parsed from the request

294

before any redirect as the session ID may need to be encoded as part of

295

the redirect URL. (markt)

296

</td></tr>

297

298

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55404">55404</a>: Log warnings about using security roles in web.xml as

warnings. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55268">55268</a>: Added optional --service-start-wait-time

303

command-line option to change service start wait time from default

304

of 10 seconds. (schultz)

305

</td></tr>

306

307

Correctly associate the default resource bundle with the English locale

308

so that requests that specify an Accept-Language of English ahead of

309

French, Spanish or Japanese get the English messages they asked for.

(markt)

</td></tr>

Add missing JavaEE 5 XML schema definitions. (markt)

314

</td></tr>

315

316

When Catalina parses TLD files, always use a namespace aware parser to

317

be consistent with how Jasper parses TLD files. The

318

<code>tldNamespaceAware</code> attribute of the Context is now ignored.

(markt)

</td></tr>

As per section SRV.14.4.3 of the Servlet 2.5 specification, a namespace

323

aware, validating parser will be used when processing <code>*.tld</code>

324

and <code>web.xml</code> files if the system property

325

<code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> is set to

Hongqing Liu

7189829

2014-10-15 13:31:32 +0800

[diff] [blame^]

326

<code>true</code>. (markt)

Hongqing Liu

fd5ee81

2014-05-10 16:32:51 +0800

[diff] [blame]

327

</td></tr>

328

Hongqing Liu

7189829

2014-10-15 13:31:32 +0800

[diff] [blame^]

329

Fix CVE-2014-0033:

Hongqing Liu

fd5ee81

2014-05-10 16:32:51 +0800

[diff] [blame]

330

Ensure that sessions IDs are not parsed from URLs for Contexts where

331

<code>disableURLRewriting</code> is <code>true</code>. (markt)

332

</td></tr>

333

Hongqing Liu

7189829

2014-10-15 13:31:32 +0800

[diff] [blame^]

334

Fix CVE-2013-4590:

Hongqing Liu

fd5ee81

2014-05-10 16:32:51 +0800

[diff] [blame]

335

Add an option to the Context to control the blocking of XML external

336

entities when parsing XML configuration files and enable this blocking

337

by default when a security manager is used. The block is implemented via

338

a custom resolver to enable the logging of any blocked entities. (markt)

339

</td></tr>

340

341

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56016">56016</a>: When loading resources for XML schema validation, take

342

account of the possibility that servlet-api.jar and jsp-api.jar may not

343

be loaded by the same class loader. Patch by Juan Carlos Estibariz.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

348

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)/Coyote"></a><a name="Tomcat_6.0.38_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

349

350

351

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52811">52811</a>: Fix parsing of Content-Type header in

352

<code>HttpServletResponse.setContentType()</code>. Introduces a new HTTP

353

header parser that follows RFC2616. (markt)

354

</td></tr>

355

356

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54691">54691</a>: Add configuration attribute "sslEnabledProtocols"

357

to HTTP connector and document it. (Internally this attribute has

358

been already implemented but not documented, under names "protocols"

359

and "sslProtocols". Those names of this attribute are now deprecated).

(schultz)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54947">54947</a>: Fix the HTTP NIO connector that incorrectly rejected a

364

request if the CRLF terminating the request line was split across

365

multiple packets. Patch by Konstantin Preißer. (markt)

366

</td></tr>

367

368

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55228">55228</a>: Allow web applications to set a HTTP Date header.

(markt)

</td></tr>

Hongqing Liu

2014-10-15 13:31:32 +0800

[diff] [blame^]

372

Fix CVE-2013-4286:

Hongqing Liu

fd5ee81

2014-05-10 16:32:51 +0800

[diff] [blame]

373

Better adherence to RFC2616 for content-length headers. (markt)

374

</td></tr>

375

Hongqing Liu

7189829

2014-10-15 13:31:32 +0800

[diff] [blame^]

376

Fix CVE-2013-4322: Add support for limiting the size of chunk extensions

377

when using chunked encoding. (markt)

Hongqing Liu

fd5ee81

2014-05-10 16:32:51 +0800

[diff] [blame]

378

</td></tr>

379

380

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55749">55749</a>: Improve the error message when SSLEngine is disabled

381

in the AprLifecycleListener and SSL is configured for an APR/native

connector. (markt)

</td></tr>

Avoid possible NPE if a content type is specified without a character set.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

390

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)/Jasper"></a><a name="Tomcat_6.0.38_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

391

392

393

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55198">55198</a>: Ensure attribute values in tagx files that include EL

394

and quoted XML characters are correctly quoted in the output. (markt)

395

</td></tr>

396

397

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55671">55671</a>: Consistently use the configuration option name

398

<code>genStringAsCharArray</code> rather than a mixture of

399

<code>genStrAsCharArray</code> and <code>genStringAsCharArray</code> but

400

retain support for <code>genStrAsCharArray</code> as in initialisation

401

parameter for the JSP servlet to retain backwards compatibility with

402

existing configurations. (markt)

403

</td></tr>

404

405

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55691">55691</a>: Fix <code>javax.el.ArrayELResolver</code> to correctly

406

handle the case where the base object is an array of primitives. (markt)

407

</td></tr>

408

409

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55973">55973</a>: Fix processing of XML schemas when validation is

410

enabled in Jasper. (kkolinko)

411

</td></tr>

412

</table>

413

</blockquote></td></tr></table>

414

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)/Web applications"></a><a name="Tomcat_6.0.38_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

415

416

417

Add documentation for

418

<code>o.a.c.tribes.group.interceptors.TcpFailureDetector</code>.

(kfujino)

</td></tr>

Complete the documentation for

423

<code>MessageDispatch15Interceptor</code>. (kfujino)

424

</td></tr>

425

426

Add to cluster document a description of

427

<code>notifyLifecycleListenerOnFailure</code> and

428

<code>heartbeatBackgroundEnabled</code>. (kfujino)

429

</td></tr>

430

431

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55746">55746</a>: Add documentation on the <code>allRolesMode</code> to

432

the <code>CombinedRealm</code> and <code>LockOutRealm</code>. Patch by

433

Cédric Couralet. (markt)

434

</td></tr>

435

436

Fix the sample configuration of <code>StaticMembershipInterceptor</code>

437

in order to prevent warning log. uniqueId must be 16 bytes. (kfujino)

438

</td></tr>

439

440

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55119">55119</a>: Avoid CVE-2013-1571 when generating Javadoc. (markt)

441

</td></tr>

442

</table>

443

</blockquote></td></tr></table>

444

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)/Other"></a><a name="Tomcat_6.0.38_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

445

446

447

Update Maven Central location used to download dependencies at build

448

time to be <code>repo.maven.apache.org</code>. (kkolinko)

449

</td></tr>

450

451

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55663">55663</a>: Minor correction to the wording of the NOTICE files to

452

align them with the

453

<a href="http://www.apache.org/legal/src-headers.html#notice">requirements

454

for NOTICE files</a>. (violetagg)

455

</td></tr>

456

457

Add <code>@since</code> markers to the common annotations classes and

458

fix a few specification compliance issues. (markt)

459

</td></tr>

460

461

Update to Eclipse JDT Compiler 4.3.1. (markt)

462

</td></tr>

463

464

Update the Apache Jakarta JSTL implementation used by the exmaples web

465

application to 1.1.2. (markt)

466

</td></tr>

467

</table>

468

</blockquote></td></tr></table>

469

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)"></a><a name="Tomcat_6.0.37_(jfclere)"><strong>Tomcat 6.0.37 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2013-05-03</strong></font></td></tr><tr><td colspan="2"><blockquote>

470

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Catalina"></a><a name="Tomcat_6.0.37_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

471

472

473

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52055">52055</a>: Ensure that filters are recycled. (markt/kkolinko)

474

</td></tr>

475

476

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52184">52184</a>: Reduce log level for invalid cookies. (markt)

477

</td></tr>

478

479

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53481">53481</a>: Added support for SSLHonorCipherOrder to allow

480

the server to impose its cipher order on the client. Based on a patch

481

provided by Marcel Šebek. (schultz)

482

</td></tr>

483

484

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54044">54044</a>: Correct bug in timestamp cache used by logging

485

(including the access log valve) that meant entries could be made with

486

an earlier timestamp than the true timestamp. (markt)

487

</td></tr>

488

Hongqing Liu

7189829

2014-10-15 13:31:32 +0800

[diff] [blame^]

489

Fix CVE-2013-2067:

Hongqing Liu

fd5ee81

2014-05-10 16:32:51 +0800

[diff] [blame]

490

In FormAuthenticator: If it is configured to change Session IDs,

491

do the change before displaying the login form. (kkolinko)

492

</td></tr>

493

494

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54054">54054</a>: Do not share shell environment variables between

495

multiple instances of the CGI servlet. (markt)

496

</td></tr>

497

498

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54087">54087</a>: Correctly handle (ignore) invalid If-Modified-Since

499

header rather than throwing an exception. (markt/kkolinko)

500

</td></tr>

501

502

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54220">54220</a>: Ensure the ErrorReportValve only generates an error

503

report if the error flag on the response has been set. (markt)

504

</td></tr>

505

506

Fix memory leak of servlet instances when running with a

507

SecurityManager and either init() or destroy() methods fail

508

or the servlet is a SingleThreadModel one, and of filter instances

509

if their destroy() method fails with an Error. (kkolinko)

510

</td></tr>

511

512

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54382">54382</a>: Fix NPE when SSI processing is enabled and an empty

513

SSI directive is present. (markt)

514

</td></tr>

515

516

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54483">54483</a>: Correct one of the Spanish translations. Based on a

517

suggestion from adinamita. (kkolinko)

518

</td></tr>

519

520

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54527">54527</a>: Synchronize conf/web.xml mime mapping with Tomcat 7.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

525

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Coyote"></a><a name="Tomcat_6.0.37_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

526

527

528

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54248">54248</a>: Ensure that byte order marks are swallowed when using

529

a Reader to read a request body with a BOM for those encodings that

530

require byte order marks. (markt)

531

</td></tr>

532

533

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54324">54324</a>: Allow APR connector to disable TLS compression

534

if OpenSSL supports it. (schultz)

535

</td></tr>

536

537

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54456">54456</a>: Ensure that if a client aborts a request when sending

538

a chunked request body that this is communicated correctly to the client

539

reading the request body. (markt)

540

</td></tr>

541

542

Update the native component of the APR/native connector to 1.1.27 and

543

make that version the recommended minimum version. (kkolinko)

544

</td></tr>

545

</table>

546

</blockquote></td></tr></table>

547

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Jasper"></a><a name="Tomcat_6.0.37_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

548

549

550

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54615">54615</a>: Tomcat 6 doesn't build against ecj 4.x (kkolinko)

551

</td></tr>

552

</table>

553

</blockquote></td></tr></table>

554

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Cluster"></a><a name="Tomcat_6.0.37_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

555

556

557

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54045">54045</a>: Make sure getMembers() returns available member when

558

TcpFailureDetector works in static cluster. (kfujino)

559

</td></tr>

560

</table>

561

</blockquote></td></tr></table>

562

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Web applications"></a><a name="Tomcat_6.0.37_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

563

564

565

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=22278">22278</a>: Add a commented out sample configuration of

566

<code>RemoteAddrValve</code> to <code>META-INF/context.xml</code>

567

files of the Manager and Host Manager applications. (kkolinko)

568

</td></tr>

569

570

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54080">54080</a>: Clarify documentation for initial value of

571

<code>internalProxies</code> attribute of <code>RemoteIpValve</code>.

(schultz/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54198">54198</a>: Clarify that

576

<code>HttpServletResponse.sendError(int)</code> results in an HTML

577

response by default. (markt)

578

</td></tr>

579

580

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54207">54207</a>: Correct JNDI factory package name in Javadoc for

581

<code>org.apache.naming.java.javaURLContextFactory</code>. (markt)

582

</td></tr>

583

</table>

584

</blockquote></td></tr></table>

585

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Other"></a><a name="Tomcat_6.0.37_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

586

587

588

Add sample Apache Commons Daemon JSVC wrapper script bin/daemon.sh that

589

can be used with /etc/init.d. (kkolinko)

590

</td></tr>

591

592

In the build configuration: introduce property "tomcat.output" that is

593

used to specify location of the build output directory. This simplifies

594

configuration if someone wants to move the <code>output</code> directory

595

elsewhere (e.g. out of the source tree). (kkolinko)

596

</td></tr>

597

598

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54390">54390</a>: Use 'java_home' on Mac OS X to auto-detect JAVA_HOME.

(schultz)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54601">54601</a>: Change catalina.sh to consistently use LOGGING_MANAGER

603

variable to configure logging, instead of modifying JAVA_OPTS one.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54890">54890</a>: Update to Apache Commons Daemon 1.0.15. (mturk)

608

</td></tr>

609

</table>

610

</blockquote></td></tr></table>

611

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)"></a><a name="Tomcat_6.0.36_(jfclere)"><strong>Tomcat 6.0.36 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2012-10-19</strong></font></td></tr><tr><td colspan="2"><blockquote>

612

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Catalina"></a><a name="Tomcat_6.0.36_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

613

614

615

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48692">48692</a>: Provide option to parse

616

<code>application/x-www-form-urlencoded</code> PUT requests. (schultz)

617

</td></tr>

618

619

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50306">50306</a>: New StuckThreadDetectionValve to detect requests that

620

take a long time to process, which might indicate that their processing

621

threads are stuck. Based on a patch provided by TomLu. (kkolinko)

622

</td></tr>

623

624

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50570">50570</a>: Enable FIPS mode to be set in AprLifecycleListener.

625

Based upon a patch from Chris Beckey. Note that this mode requires

626

tomcat-native 1.1.23 or later linked to a FIPS-capable OpenSSL library,

627

which one has to build by themselves. (schultz/kkolinko)

628

</td></tr>

629

630

Improve synchronization and error handling in AprLifecycleListener.

631

Do not allow to change SSL options if SSL has already been initialized.

(schultz/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52225">52225</a>: Fix ClassCastException when adding an alias for an

636

existing host via JMX. (kkolinko)

637

</td></tr>

638

639

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52293">52293</a>: Correctly handle the case when

640

<code>antiResourceLocking</code> is enabled at the Context level when

641

<code>unpackWARs</code> is disabled at the Host level. Correctly

642

handle multi-level contexts when <code>antiResourceLocking</code>

643

is enabled. Patch by Justin Miller. (kkolinko)

644

</td></tr>

645

646

Do not throw IllegalArgumentException from parseParameters() call

647

when chunked POST request is too large, but treat it like an IO error.

648

The <code>FailedRequestFilter</code> filter can be used to detect this

649

condition. (kkolinko)

650

</td></tr>

651

652

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52384">52384</a>: Do not fail with parameter parsing when debug logging

653

is enabled. (kkolinko)

654

</td></tr>

655

656

Do not flag extra '&' characters in parameters as parse errors.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52488">52488</a>: Correct typos: exipre -> expire. Based on a patch by

prockter. (markt)

</td></tr>

Reduce log level for the message about hitting

665

<code>maxParameterCount</code> limit from WARN to INFO.

666

Fix limit comparison to allow exactly <code>maxParameterCount</code>

667

parameters, as documentation says, instead of

668

<code>(maxParameterCount-1)</code>. (kkolinko)

669

</td></tr>

670

671

Slightly improve performance of UDecoder.convert(). Align

672

<code>%2f</code> handling between implementations. (kkolinko)

673

</td></tr>

674

675

Add <code>denyStatus</code> attribute to <code>RequestFilterValve</code>

676

(<code>RemoteAddrValve</code>, <code>RemoteHostValve</code> valves).

677

It allows to use different HTTP response code when rejecting denied

678

request. E.g. 404 instead of 403. (kkolinko)

679

</td></tr>

680

681

Add <code>SetCharacterEncodingFilter</code> (similar to the one

682

contained in the examples web application) to the

683

<code>org.apache.catalina.filters</code> package so that it is

684

available for all web applications. (kkolinko)

685

</td></tr>

686

687

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52500">52500</a>: Added configurable mechanism to retrieve user names

688

from X509 client certificates. Based on a patch provided by

689

Michael Furman. (schultz/kkolinko)

690

</td></tr>

691

692

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52719">52719</a>: Fix a theoretical resource leak in the JAR validation

693

that checks for non-permitted classes in web application JARs. (markt)

694

</td></tr>

695

696

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52830">52830</a>: Correct JNDI lookups when using

697

<code>javax.naming.Name</code> to identify the resource rather than a

698

<code>java.lang.String</code>. (markt)

699

</td></tr>

700

701

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52850">52850</a>: Extend memory leak prevention and detection code to

702

work with IBM as well as Oracle JVMs. Based on a patch provided by

703

Rohit Kelapure. (kkolinko)

704

</td></tr>

705

706

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52996">52996</a>: In <code>StandardThreadExecutor</code>:

707

Add the ability to configure a job queue size

708

(<code>maxQueueSize</code> attribute).

709

Add a variant of execute method that allows to specify a timeout for

710

how long we want to try to add something to the queue.

711

Based on a patch by Rüdiger Plüm. (kkolinko)

712

</td></tr>

713

714

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53047">53047</a>: If a JDBCRealm or DataSourceRealm is configured for

715

an all roles mode that only requires authorization (and no roles) and no

716

role table or column is defined, don't populate the Principal's roles.

(markt/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53050">53050</a>: Fix handling of entropy value when initializing

721

session id generator in session manager. Based on proposal by

722

Andras Rozsa. (kkolinko)

723

</td></tr>

724

725

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53056">53056</a>: Add APR version number to tcnative version INFO log

message. (schultz)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53057">53057</a>: Add OpenSSL version number INFO log message when

730

initializing. (schultz)

731

</td></tr>

732

733

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53071">53071</a>: Use the message from the Throwable for the error

734

report generated by the <code>ErrorReportValve</code> if none was

735

specified via <code>sendError()</code>. Use the standard text for HTTP

736

error codes. (markt/rjung)

737

</td></tr>

738

739

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53230">53230</a>: Change session managers to throw

740

TooManyActiveSessionsException instead of IllegalStateException

741

when the maximum number of sessions has been exceeded and a new

742

session will not be created. (schultz/kkolinko)

743

</td></tr>

744

745

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53267">53267</a>: Ensure that using the GC Daemon Protection feature of

746

the <code>JreMemoryLeakPreventionListener</code> does not trigger a

747

full GC every hour. (markt/kkolinko)

748

</td></tr>

749

750

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53531">53531</a>: Fix ExpandWar.expand to check the return value of

751

File.mkdir and File.mkdirs. (schultz)

752

</td></tr>

753

754

Make the CSRF nonce cache in <code>CsrfPreventionFilter</code>

755

serializable so that it can be replicated across a cluster and/or

756

persisted across Tomcat restarts. (markt)

757

</td></tr>

758

759

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53584">53584</a>: Ignore path parameters when comparing URIs for FORM

760

authentication. This prevents users being prompted twice for passwords

761

when logging in when session IDs are being encoded as path parameters.

(markt)

</td></tr>

Hongqing Liu

2014-10-15 13:31:32 +0800

[diff] [blame^]

765

CVE-2012-3439:

Hongqing Liu

fd5ee81

2014-05-10 16:32:51 +0800

[diff] [blame]

766

Various improvements to the DIGEST authenticator including

767

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52954">52954</a>, the disabling caching of an authenticated user in the

768

session by default, tracking server rather than client nonces and better

769

handling of stale nonce values. (markt)

770

</td></tr>

771

772

CVE-2012-3546: Fix bypass of security constraint checks with FORM

773

authentication. Remove unneeded processing in <code>RealmBase</code>.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53800">53800</a>: <code>FileDirContext.list()</code> did not provide

778

correct paths for subdirectories. Patch provided by Kevin Wooten.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53830">53830</a>: Better handling of <code>Manager.randomFile</code>

783

default value on Windows. (kkolinko)

784

</td></tr>

785

786

CVE-2012-4431: Fix bypass of <code>CsrfPreventionFilter</code> when

787

there is no session. Improve session management in the filter.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

792

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Coyote"></a><a name="Tomcat_6.0.36_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

793

794

795

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42181">42181</a>: Better handling of edge conditions in chunk header

796

processing. (kkolinko)

797

</td></tr>

798

799

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51477">51477</a>: Support all SSL protocol combinations in the APR/native

800

connector. This only works when using the native library version 1.1.21

or later. (rjung)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52055">52055</a> (comment 14): Correctly reset

805

<code>ChunkedInputFilter.needCRLFParse</code> flag when the filter

806

is recycled. (kkolinko)

807

</td></tr>

808

809

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52606">52606</a>: Ensure replayed POST bodies are available when using

AJP. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52858">52858</a>, CVE-2012-4534: Fix high CPU load with SSL, NIO and

814

sendfile when client breaks the connection before reading all the

requested data.

(fhanik/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53119">53119</a>: Prevent buffer overflow errors being reported when a

820

client disconnects before the response has been fully written from an

821

AJP connection using the APR/native connector. (kkolinko)

822

</td></tr>

823

Hongqing Liu

7189829

2014-10-15 13:31:32 +0800

[diff] [blame^]

824

CVE-2012-2733:

Hongqing Liu

fd5ee81

2014-05-10 16:32:51 +0800

[diff] [blame]

825

Improve <code>InternalNioInputBuffer.parseHeaders()</code>. (kkolinko)

826

</td></tr>

827

828

Implement <code>maxHeaderCount</code> attribute on Connector.

829

It is equivalent of LimitRequestFields directive of

830

<a href="http://httpd.apache.org/">Apache HTTPD</a>.

831

Default value is 100. (kkolinko)

832

</td></tr>

833

834

In JkCoyoteHandler connector for AJP/1.3 protocol

835

(in <code>JkMain.setProperty()</code>):

836

Fix setting of properties when connector has already started for

837

properties that have aliases. E.g. it now allows to change

838

<code>maxHeaderCount</code> attribute on Connector MBean via JMX.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53725">53725</a>: Fix possible corruption of GZIP'd output. (kkolinko)

843

</td></tr>

844

</table>

845

</blockquote></td></tr></table>

846

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Jasper"></a><a name="Tomcat_6.0.36_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

847

848

849

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48097">48097</a> (comment 7), <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53366">53366</a> (comment 1):

850

If JSP page unexpectedly fails to initialize PageContext instance,

851

write exception to the logs instead of silent swallowing. (kkolinko)

852

</td></tr>

853

854

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52335">52335</a>: Only handle <code><\%</code> and not

855

<code>\%</code> as escaped in template text. (markt)

856

</td></tr>

857

858

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52666">52666</a>: Correct coercion order in EL when processing the

859

equality and inequality operators. (markt)

860

</td></tr>

861

862

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53001">53001</a>: Revert the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46915">46915</a> since the use case

863

described in the bug is invalid since it breaks the EL specification.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53032">53032</a>: Modify <code>JspC</code> so it extends

868

<code>org.apache.tools.ant.Task</code> enabling it to work with features

869

such as namespaces within build.xml files. (markt)

870

</td></tr>

871

</table>

872

</blockquote></td></tr></table>

873

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Cluster"></a><a name="Tomcat_6.0.36_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

874

875

876

Replicate principal in ClusterSingleSignOn. (kfujino)

877

</td></tr>

878

879

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53513">53513</a>: Fix race condition between the processing of session

880

sync message and transfer complete message. (kfujino)

881

</td></tr>

882

883

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53606">53606</a>: Fix potential NPE in <code>TcpPingInterceptor</code>.

884

Based on a patch by F. Arnoud. (markt)

885

</td></tr>

886

887

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53607">53607</a>: To avoid NPE, set TCP PING data to ChannelMessage.

888

Patch provided by F.Arnoud (kfujino)

889

</td></tr>

890

891

Fix a behavior of TcpPingInterceptor#useThread.

892

Do not start a ping thread when useThread is set to false. (kfujino)

893

</td></tr>

894

</table>

895

</blockquote></td></tr></table>

896

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Web applications"></a><a name="Tomcat_6.0.36_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

897

898

899

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52243">52243</a>: Improve windows service documentation to clarify how

900

to include <code>#</code> and/or <code>;</code> in the value of an

901

environment variable that is passed to the service. (markt)

902

</td></tr>

903

904

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52515">52515</a>: Make it clear in the Realm how-to in the documentation

905

web application that digested password storage when using DIGEST

906

authentication requires that MD5 digests are used. (markt)

907

</td></tr>

908

909

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52641">52641</a>: Remove mentioning of ldap.jar from docs.

910

Patch provided by Felix Schumacher. (rjung)

911

</td></tr>

912

913

Remove obsolete bug warning from windows service

914

documentation page. (rjung)

915

</td></tr>

916

917

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52983">52983</a>: Remove unnecessary code that makes switching to

918

other authentication methods difficult. (markt)

919

</td></tr>

920

921

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53158">53158</a>: Fix documented defaults for DBCP.

922

Patch provided by ph.dezanneau at gmail.com. (rjung)

923

</td></tr>

924

925

Update JavaSE documentation links to point to the current

926

docs.oracle.com site, instead of obsolete ones (download.oracle.com,

927

java.sun.com). (kkolinko)

928

</td></tr>

929

930

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53289">53289</a>: Clarify <code>ResourceLink</code> example that

931

uses DataSource.getConnection(username, password) method. Not all

932

data source implementations support it. (kkolinko)

933

</td></tr>

934

935

Prevent the custom error pages for the Manager and Host Manager

936

applications from being accessed directly. Configure custom

937

pages for error codes 401 and 403 in Host Manager application.

(markt/kkolinko)

</td></tr>

Correct documentation for <code>enableLookups</code> attribute

942

of a Connector. By default DNS lookups are disabled. (kkolinko)

943

</td></tr>

944

945

Fix several HTML markup errors in servlets of examples web application.

(kkolinko)

</td></tr>

Change the index page of ROOT webapp to mention "manager-gui" role

950

instead of "manager" one. (kkolinko)

951

</td></tr>

952

953

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53473">53473</a>: Correct the allowed values for the SSI option

954

<code>isVirtualWebappRelative</code> which are <code>true</code> or

955

<code>false</code>. (markt)

956

</td></tr>

957

958

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53664">53664</a>: Minor JNDI Howto document enhancement concerning mail

959

properties. Patch provided by Mark Eggers. (schultz)

960

</td></tr>

961

962

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53601">53601</a>: Clarify that to build Apache Tomcat 6 from sources

963

a Java 5 JDK is recommended. (kkolinko)

964

</td></tr>

965

966

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53793">53793</a>: Change links on the list of applications in the

967

Manager to point to <code>/appname/</code> instead of

968

<code>/appname</code>. (kkolinko)

969

</td></tr>

970

</table>

971

</blockquote></td></tr></table>

972

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Other"></a><a name="Tomcat_6.0.36_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

973

974

975

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49402">49402</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52124">52124</a>: Fix Maven publishing script:

976

make sure it finds tomcat-juli.jar and use later version of

wagon-ssh. (jfclere)

</td></tr>

Update Apache Commons Daemon to 1.0.10. It resolves <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52548">52548</a>

981

which meant that services created with service.bat did not set the

982

<code>catalina.home</code> and <code>catalina.base</code> system

983

properties. (markt, kkolinko)

984

</td></tr>

985

986

Update Apache Commons Pool to 1.5.7. (kkolinko)

987

</td></tr>

988

989

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52579">52579</a>: Add a note about Sun's Charset.decode() bug to the

990

RELEASE-NOTES file. (kkolinko)

991

</td></tr>

992

993

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52805">52805</a>: Update to Eclipse JDT Compiler 3.7.2. (kkolinko)

994

</td></tr>

995

996

Update the native component of the APR/native connectors to 1.1.23

997

and take advantage of the simplified distribution. (kkolinko)

998

</td></tr>

999

1000

When building a Windows installer do not copy whole "res" folder to

1001

output/dist, but only the files that we need. Apply fixcrlf filter

1002

only after the files are copied, so that <code>INSTALLLICENSE</code>

1003

file had correct line ends. (kkolinko)

1004

</td></tr>

1005

1006

Remove <code>res/License.rtf</code>. The file that is actually shown

1007

by the Windows installer is <code>res/INSTALLLICENSE</code>.

(kkolinko)

</td></tr>

Improve <code>RUNNING.txt</code>. (kkolinko)

1012

</td></tr>

1013

1014

Align the script that deploys Maven jars for Tomcat

1015

(<code>res/maven/mvn-pub.xml</code>) with the Tomcat 7 version,

1016

making full use of Nexus. (markt)

1017

</td></tr>

1018

1019

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53034">53034</a>: Add <code>project.url</code> and

1020

<code>project.licenses</code> sections to the POMs for the Maven

1021

artifacts. (kkolinko)

1022

</td></tr>

1023

1024

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53454">53454</a>: Return correct content-length header for HEAD requests

1025

when content length is greater than 2GB. (markt)

1026

</td></tr>

1027

</table>

1028

</blockquote></td></tr></table>

1029

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.35 (jfclere)"></a><a name="Tomcat_6.0.35_(jfclere)"><strong>Tomcat 6.0.35 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-12-05</strong></font></td></tr><tr><td colspan="2"><blockquote>

1030

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.35 (jfclere)/Catalina"></a><a name="Tomcat_6.0.35_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1031

1032

1033

Fix regression in decoding of parameters that contain spaces.

1034

Patch by Willem Fibbe. (kkolinko)

1035

</td></tr>

1036

</table>

1037

</blockquote></td></tr></table>

1038

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)"></a><a name="Tomcat_6.0.34_(jfclere)"><strong>Tomcat 6.0.34 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

1039

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)/Catalina"></a><a name="Tomcat_6.0.34_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1040

1041

1042

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51550">51550</a>: Display an error page rather than an empty response

1043

for an IllegalStateException caused by too many active sessions. (markt)

1044

</td></tr>

1045

1046

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51640">51640</a>: Improve the memory leak prevention for leaks

1047

triggered by java.sql.DriverManager. (markt/kkolinko)

1048

</td></tr>

1049

1050

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51688">51688</a>: JreMemoryLeakPreventionListener now protects against

1051

AWT thread creation. (schultz)

1052

</td></tr>

1053

1054

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51758">51758</a>: The digester (used for processing XML files) used the

1055

logger name <code>org.apache.commons.digester.Digester</code> rather

1056

than the expected <code>org.apache.tomcat.util.digester.Digester</code>.

1057

The digester has been changed to use the expected logger name.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51862">51862</a>: Added a <code>classesToInitialize</code> attribute to

1062

<code>JreMemoryLeakPreventionListener</code> to allow pre-loading of configurable

1063

classes to avoid some classloader leaks. (slaurent)

1064

</td></tr>

1065

1066

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51872">51872</a>: Ensure that the access log always uses the correct

1067

value for the remote IP address associated with the request and that

1068

requests with multiple errors do not result in multiple entries in

1069

the access log. (markt)

1070

</td></tr>

1071

1072

Allow to overwrite the check for distributability

1073

of session attributes by session implementations. (rjung)

1074

</td></tr>

1075

1076

Provide the log format "OneLineFormatter" for JULI that provides the same

1077

information as the default plus thread name but on a single line.

(markt/rjung)

</td></tr>

Ensure the the memory leak protection for the HttpClient keep-alive

1082

always operates even if the thread has already stopped. (markt)

1083

</td></tr>

1084

1085

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51940">51940</a>: Do not limit saving of request bodies during FORM

1086

authentication to POST requests since any HTTP method may include a

1087

request body. Based on a patch by Nicholas Sushkin. (kkolinko)

1088

</td></tr>

1089

1090

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52091">52091</a>: Address performance issues related to lock contention

1091

in StandardWrapper. Based on patch provided by Taiki Sugawara.

(kkolinko)

</td></tr>

In GenericPrincipal, SerializablePrincipal: Do not sort lists of roles

1096

that have only one element. (kkolinko)

1097

</td></tr>

1098

1099

Make configuration issue for CsrfPreventionFilter result in the

1100

failure of the filter rather than just a warning message. (kkolinko)

1101

</td></tr>

1102

1103

Ensure changes to the configuration of RemoteAddrValve and

1104

RemoteHostValve via JMX are thread-safe. (kkolinko)

1105

</td></tr>

1106

1107

Make configuration issue for RemoteAddrValve and

1108

RemoteHostValve result in the failure of the valve rather than

1109

just a warning message. (kkolinko)

1110

</td></tr>

1111

1112

In <code>RequestFilterValve</code> (<code>RemoteAddrValve</code>,

1113

<code>RemoteHostValve</code>): refactor value matching logic into

1114

separate method and expose this new method <code>isAllowed</code>

1115

through JMX. (kkolinko)

1116

</td></tr>

1117

1118

Improve performance of parameter processing for GET and POST requests.

1119

Also add an option to limit the maximum number of parameters processed

1120

per request. This defaults to 10000. Excessive parameters are ignored.

1121

Note that <code>FailedRequestFilter</code> can be used to reject the

1122

request if some parameters were ignored. (markt/kkolinko)

1123

</td></tr>

1124

1125

New filter <code>FailedRequestFilter</code> that will reject a request

1126

if there were errors during HTTP parameter parsing. (kkolinko)

1127

</td></tr>

1128

</table>

1129

</blockquote></td></tr></table>

1130

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)/Coyote"></a><a name="Tomcat_6.0.34_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1131

1132

1133

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50394">50394</a>: Return -1 from read operation instead of throwing an

1134

exception when encountering an EOF with the HTTP APR connector.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51698">51698</a>: Fix CVE-2011-3190. Prevent AJP message injection.

(markt)

</td></tr>

Detect incomplete AJP messages and reject the associated request if one

is found. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51794">51794</a>: Fix race condition in NioEndpoint selector. Patch

1147

provided by dlord. (fhanik)

1148

</td></tr>

1149

1150

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51905">51905</a>: Fix infinite loop in AprEndpoint shutdown if

1151

acceptor unlock fails. Reduce timeout before forcefully closing

1152

the socket from 30s to 10s. (kkolinko)

1153

</td></tr>

1154

1155

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52121">52121</a>: Fix possible output corruption when compression is

1156

enabled for a connector and the response is flushed. Test

1157

case provided by David Marcks. (kkolinko)

1158

</td></tr>

1159

1160

Replace unneeded call that iterated events queue in NioEndpoint.Poller.

(kkolinko)

</td></tr>

Improve MimeHeaders.toString(). (kkolinko)

1165

</td></tr>

1166

1167

Allow the BIO HTTP connector to be used with SSL when running under Java

7. (markt)

</td></tr>

Improve multi-byte character handling in all connectors. (rjung)

1172

</td></tr>

1173

</table>

1174

</blockquote></td></tr></table>

1175

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)/Jasper"></a><a name="Tomcat_6.0.34_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

1176

1177

1178

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51220">51220</a>: Correct copy/paste error in original commit for this

issue. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52091">52091</a>: Address performance issues related to log creation

1183

in TagHandlerPool. Patch provided by Taiki Sugawara. (markt)

1184

</td></tr>

1185

</table>

1186

</blockquote></td></tr></table>

1187

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)/Cluster"></a><a name="Tomcat_6.0.34_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

1188

1189

1190

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51736">51736</a>: Make rpcTimeout configurable in BackupManager.

(kfujino)

</td></tr>

New cluster manager attribute <code>sessionAttributeFilter</code>

1195

allows to filter which session attributes are replicated using a

1196

regular expression applied to the attribute name. (rjung)

1197

</td></tr>

1198

1199

Avoid an unnecessary session ID change notice.

1200

Notice of changed session ID by JvmRouteBinderValve is unnecessary to

1201

BackupManager. In BackupManager, change of session ID is replicated by

1202

the call of a setId() method. (kfujino)

1203

</td></tr>

1204

1205

Fix unneeded duplicate <code>resetDeltaRequest()</code> call in

1206

<code>DeltaSession.setId(String)</code>. (kkolinko)

1207

</td></tr>

1208

1209

When Context manager does not exist, no context manager message is

1210

replied in order to avoid timeout (default 60 sec) of

1211

GET_ALL_SESSIONS sync phase. (kfujino)

1212

</td></tr>

1213

</table>

1214

</blockquote></td></tr></table>

1215

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)/Web applications"></a><a name="Tomcat_6.0.34_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

1216

1217

1218

Correct the documentation for the connectionLinger attribute of the HTTP

connector. (markt)

</td></tr>

Show build date and version in the header on every documentation

page. (kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52049">52049</a>: Improve setup instructions for running as a Windows

1227

service: correct information on how a JRE is identified and selected.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52172">52172</a>: Clarify Tomcat build instructions. Patch provided

1232

by bmargulies. (kkolinko)

1233

</td></tr>

1234

</table>

1235

</blockquote></td></tr></table>

1236

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)/Other"></a><a name="Tomcat_6.0.34_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

1237

1238

1239

Update the native component of the APR/native connectors to 1.1.22.

(markt)

</td></tr>

Update the recommended version of the native component of the APR/native

1244

connectors to 1.1.22. (kkolinko)

1245

</td></tr>

1246

1247

Update the Eclipse compiler (used for JSPs) to 3.7. (markt)

1248

</td></tr>

1249

1250

Correct two typos in the Windows installer. (kkolinko)

1251

</td></tr>

1252

1253

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52059">52059</a>: In Windows uninstaller: Do not forget to remove

1254

Tomcat keys from 32-bit registry on deinstallation. (kkolinko)

1255

</td></tr>

1256

</table>

1257

</blockquote></td></tr></table>

1258

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)"></a><a name="Tomcat_6.0.33_(jfclere)"><strong>Tomcat 6.0.33 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-08-18</strong></font></td></tr><tr><td colspan="2"><blockquote>

1259

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)/Catalina"></a><a name="Tomcat_6.0.33_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1260

1261

1262

Allow to search the virtual paths before the webapp or after it. (rjung)

1263

</td></tr>

1264

1265

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=27988">27988</a>: Improve reporting of missing files. (markt)

1266

</td></tr>

1267

1268

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=28852">28852</a>: Add URL encoding where missing to parameters in URLs

1269

presented by Ant tasks to the Manager application. Based on a patch by

1270

Stephane Bailliez. (markt)

1271

</td></tr>

1272

1273

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46252">46252</a>: Allow to specify character set to be used to write

1274

the access log in AccessLogValve. (kkolinko)

1275

</td></tr>

1276

1277

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48863">48863</a>: Provide an warning if there is a problem with a class

1278

path entry but use debug level logging if it is expected due to catalina

1279

home/base split. (kkolinko)

1280

</td></tr>

1281

1282

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49180">49180</a>: Add an option to disable file rotation in JULI

1283

FileHandler. (kkolinko)

1284

</td></tr>

1285

1286

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50189">50189</a>: Once the application has finished writing to the

1287

response, prevent further reads from the request since this causes

1288

various problems in the connectors which do not expect this. (markt)

1289

</td></tr>

1290

1291

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50700">50700</a>: Ensure that the override attribute of context

1292

parameters is correctly followed. (markt)

1293

</td></tr>

1294

1295

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50734">50734</a>: Return 404 rather than 400 for requests to the ROOT

1296

context when no ROOT context is deployed. Patch provided by Violeta

Georgieva. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50751">50751</a>: When authenticating with the JNDI Realm, only attempt

1301

to read user attributes from the directory if attributes are required.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50752">50752</a>: Fix typo in debug message in

1306

<code>org.apache.catalina.startup.Embedded</code>. (markt)

1307

</td></tr>

1308

1309

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50855">50855</a>: Fix NPE on AuthenticatorBase.register() when debug

1310

logging is enabled. (markt)

1311

</td></tr>

1312

1313

Correctly format the timestamp reported by version.[sh|bat]. (markt)

1314

</td></tr>

1315

1316

Remove unnecessary whitespace from MIME mapping entries in global

1317

web.xml file. (markt)

1318

</td></tr>

1319

1320

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51042">51042</a>: Don't trigger session creation listeners when a

1321

session ID is changed as part of the authentication process. (markt)

1322

</td></tr>

1323

1324

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51119">51119</a>: Add JAAS authentication support to the

1325

JMXRemoteLifecycleListener. Patch provided by Neil Laurance. (markt)

1326

</td></tr>

1327

1328

Implement display of multiple request headers in AccessLogValve:

1329

print not just the value of the first header, but of the all of them,

1330

separated by commas. (kkolinko)

1331

</td></tr>

1332

1333

Correct the SSLValve so it returns the SSL key size as an Integer rather

1334

than as a String. (markt)

1335

</td></tr>

1336

1337

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51162">51162</a>: Prevent possible NPE when removing a web application.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51249">51249</a>: Improve system property replacement code

1342

in ClassLoaderLogManager of Tomcat JULI to cover some corner cases.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51315">51315</a>: Fix IAE when removing an authenticator valve from a

1347

container. Patch provided by Violeta Georgieva. (markt)

1348

</td></tr>

1349

1350

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51324">51324</a>: Improve handling of exceptions when flushing the

1351

response buffer to ensure that the doFlush flag does not get stuck in

1352

the enabled state. Patch provided by Jeremy Norris. (kkolinko)

1353

</td></tr>

1354

1355

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51348">51348</a>: Fix possible NPE when processing WebDAV locks. (markt)

1356

</td></tr>

1357

1358

Add a container event that is fired when a session's ID is changed,

1359

e.g. on authentication. (markt)

1360

</td></tr>

1361

1362

Fix CVE-2011-2204. Prevent user passwords appearing in log files if a

1363

runtime exception (e.g. OOME) occurs while creating a new user for a

1364

MemoryUserDatabase via JMX. (markt)

1365

</td></tr>

1366

1367

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51400">51400</a>: Avoid jvm bottleneck on String/byte[] conversion

1368

triggered by a JVM bug. Based on patches by Dave Engberg and Konstantin

Preißer. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51403">51403</a>: Avoid NPE in JULI FileHandler if formatter is

1373

misconfigured. (kkolinko)

1374

</td></tr>

1375

1376

Create a directory for access log or error log (in AccessLogValve and

1377

in JULI FileHandler) automatically when it is specified as a part of

1378

the file name, e.g. in the <code>prefix</code> attribute. Earlier this

1379

happened only if it was specified with the <code>directory</code>

1380

attribute. (kkolinko)

1381

</td></tr>

1382

1383

Log a failure if access log file cannot be opened. Improve i18n

1384

of messages. (kkolinko)

1385

</td></tr>

1386

1387

Improve handling of URLs with path parameters and prevent incorrect 404

1388

responses that could occur when path parameters were present. (kkolinko)

1389

</td></tr>

1390

1391

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51473">51473</a>: Fix concatenation of values in

1392

<code>SecurityConfig.setSecurityProperty()</code>. (kkolinko)

1393

</td></tr>

1394

1395

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51509">51509</a>: Fix potential concurrency issue in CSRF prevention

1396

filter that may lead to some requests failing that should not. (markt)

1397

</td></tr>

1398

1399

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51588">51588</a>: Make it easier to extend the AccessLogValve to add

1400

support for custom elements. (markt)

1401

</td></tr>

1402

1403

Unregister DataSource MBeans when web application stops. (kfujino)

1404

</td></tr>

1405

1406

CVE-2011-1184: Add additional configuration options to the DIGEST

1407

authenticator. (markt)

1408

</td></tr>

1409

</table>

1410

</blockquote></td></tr></table>

1411

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)/Coyote"></a><a name="Tomcat_6.0.33_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1412

1413

1414

Reduce level of log message for invalid URL parameters from WARNING to

INFO. (kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48208">48208</a>: Provide an option to specify a custom trust manager

1419

for BIO and NIO HTTP connectors using SSL. Based on a patch by Luciana

Moreira. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49595">49595</a>: Protect against crashes when using the APR/native

connector. (jfclere)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49929">49929</a>: Make sure flush packet is not send after END_RESPONSE

1428

packet. (mturk/markt)

1429

</td></tr>

1430

1431

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50887">50887</a>: Enable the provider to be configured when generating

1432

SSL certs. Based on a patch by pknopp. (markt)

1433

</td></tr>

1434

1435

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51073">51073</a>: Throw an exception and do not start the APR connector

1436

if it is configured for SSL and an invalid value is provided for

SSLProtocol. (markt)

</td></tr>

Fix CVE 2011-2526. Protect against infinite loops (HTTP NIO) and crashes

1441

(HTTP APR) if sendfile is configured to send more data than is available

in the file. (markt)

</td></tr>

Prevent NPEs when a socket is closed in non-error conditions after

1446

sendfile processing when using the HTTP NIO connector. (markt)

1447

</td></tr>

1448

1449

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51515">51515</a>: Prevent immediate socket close when comet is used over

HTTPS. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

1454

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)/Jasper"></a><a name="Tomcat_6.0.33_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

1455

1456

1457

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=36362">36362</a>: Handle the case where tag file attributes (which can

1458

use any valid XML name) have a name which is not a Java identifier.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47371">47371</a>: Correctly coerce the empty string to zero when used as

1463

an operand in EL arithmetic. Patch provided by gbt. (markt)

1464

</td></tr>

1465

1466

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50726">50726</a>: Ensure that the use of the genStringAsCharArray does

1467

not result in String constants that are too long for valid Java code.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50895">50895</a>: Don't initialize classes created during the

1472

compilation stage. (markt)

1473

</td></tr>

1474

1475

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51124">51124</a>: Make Tomcat more robust if an OOME occurs. Usually

1476

after an OOME all bets are off but this change appears to help some

1477

users and the description of a 'recoverable' OOME in the bug

1478

is a plausible one. Based on a patch by Ramiro. (markt)

1479

</td></tr>

1480

1481

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51177">51177</a>: Ensure Tomcat's MapELResolver and ListELResolver

1482

always return <code>Object.class</code> for <code>getType()</code> as

1483

required by the EL specification. (markt)

1484

</td></tr>

1485

1486

Correct possible threading issue in JSP compilation when development

1487

mode is used. (markt)

1488

</td></tr>

1489

1490

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51220">51220</a>: Add a system property to enable tag pooling with JSPs

1491

that use a custom base class. Based on a patch by Dan Mikusa. (markt)

1492

</td></tr>

1493

1494

Broaden the exception handling in the EL Parser so that more failures to

1495

parse an expression include the failed expression in the exception

1496

message. Hopefully, this will help track down the cause of

1497

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51088">51088</a>. (markt)

1498

</td></tr>

1499

1500

Improve error reporting of Jasper compilation. (schultz)

1501

</td></tr>

1502

</table>

1503

</blockquote></td></tr></table>

1504

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)/Cluster"></a><a name="Tomcat_6.0.33_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

1505

1506

1507

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50646">50646</a>: Fix cluster message data corruption if message size

1508

exceeds the underlying buffer size. Patch provided by Olivier Costet.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50771">50771</a>: Ensure HttpServletRequest#getAuthType() returns the

1513

name of the authentication scheme if request has already been

1514

authenticated. (kfujino)

1515

</td></tr>

1516

1517

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50950">50950</a>: Correct possible NotSerializableException for an

1518

authenticated session when running with a security manager. (markt)

1519

</td></tr>

1520

1521

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51306">51306</a>: Avoid NPE when handleSESSION_EXPIRED is processed

1522

while handleSESSION_CREATED is being processed. (kfujino)

1523

</td></tr>

1524

1525

The change in session ID is notified to the container event listener on

1526

the backup node in cluster. This notification is controlled by

1527

notifyContainerListenersOnReplication. (kfujino)

1528

</td></tr>

1529

</table>

1530

</blockquote></td></tr></table>

1531

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)/Web applications"></a><a name="Tomcat_6.0.33_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

1532

1533

1534

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41498">41498</a>: Add the allRolesMode attribute to the Realm

1535

configuration page in the documentation web application. (markt)

1536

</td></tr>

1537

1538

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48997">48997</a>: Fixed some typos and improve cross-referencing to the

1539

HTTP Connector and APR documentation with the SSL How-To page of the

1540

documentation web application. (markt)

1541

</td></tr>

1542

1543

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50804">50804</a>: Update links for Servlet 2.5 and JSP 2.1 Javadoc.

(markt)

</td></tr>

Improve class loading documentation and logging documentation.

(kkolinko)

</td></tr>

Configure Security Manager How-To to include a copy of the actual

1552

conf/catalina.policy file when the documentation is built, rather

1553

than maintaining a copy of its content. (kkolinko)

1554

</td></tr>

1555

1556

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51147">51147</a>: Fix deployment via HTML Manager that was broken by

1557

addition of CRSF protection. Patch provided by Alexis Hassler. (markt)

1558

</td></tr>

1559

1560

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51156">51156</a>: Ensure session expiration option is available in

1561

Manager application was running web applications that were defined in

server.xml. (markt)

</td></tr>

Correct the log4j configuration settings when defining conversion

1566

patterns in the documentation web application. (markt)

1567

</td></tr>

1568

1569

Update Maven repository information in the documentation to reflect

1570

current usage. (markt)

1571

</td></tr>

1572

1573

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51346">51346</a>: Update the documentation web application to make clear

1574

the circumstances in which the RequestDumperValve will consume the

1575

request's InputStream. Based on a patch by pid. (markt)

1576

</td></tr>

1577

1578

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51443">51443</a>: Document the notifySessionListenersOnReplication

1579

attribute for the DeltaManager. (markt)

1580

</td></tr>

1581

1582

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51516">51516</a>: Correct documentation web application to show correct

1583

system property name for changing the name of the SSO session cookie.

(markt)

</td></tr>

Update documentation to be even more explicit about the implications

1588

of setting the <code>path</code> attribute on a <code>Context</code>

1589

element in <code>server.xml</code>. (markt/kkolinko)

1590

</td></tr>

1591

</table>

1592

</blockquote></td></tr></table>

1593

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)/Other"></a><a name="Tomcat_6.0.33_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

1594

1595

1596

Clarify error messages in *.sh files to mention that if a script is

1597

not found it might be because execute permission is needed. (kkolinko)

1598

</td></tr>

1599

1600

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=33262">33262</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40510">40510</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50949">50949</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51135">51135</a>:

1601

Various improvements to the Windows installer to be able to install

1602

several copies of Tomcat 6 side by side. Allow to configure service

1603

name, connector and shutdown ports. Allow to choose whether to install

1604

Start menu shortcuts and Apache Tomcat monitor application for all

1605

users or for the current one only. Improve auto-detection of JAVA_HOME

1606

for 64-bit Windows platforms: autoselect 32-bit JRE if it exists and

1607

64-bit one is not available. Improve server.xml file handling.

1608

Fix uninstallation icon. (markt/kkolinko)

1609

</td></tr>

1610

1611

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50854">50854</a>: Add additional entries to the default catalina.policy

1612

file to support running the manager web application from CATALINA_HOME

1613

or CATALINA_BASE. (markt)

1614

</td></tr>

1615

1616

Update default download sources to use the central Apache Maven 2

1617

repository as some libraries have been removed from the central Apache

1618

Maven 1 repository. (kkolinko)

1619

</td></tr>

1620

1621

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51155">51155</a>: Add comments to @deprecated tags that have none. Patch

1622

provided by sebb. (kkolinko)

1623

</td></tr>

1624

1625

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51309">51309</a>: Correct logic in catalina.sh stop when using a PID

1626

file to ensure the correct message is shown. Patch provided by Caio

Cezar. (markt)

</td></tr>

Update Apache Commons Pool to 1.5.6. (kkolinko)

1631

</td></tr>

1632

1633

Update Apache Commons Daemon to 1.0.7. (kkolinko)

1634

</td></tr>

1635

1636

At build time use two alternative download locations for components

1637

downloaded from apache.org. (kkolinko)

1638

</td></tr>

1639

</table>

1640

</blockquote></td></tr></table>

1641

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.32 (jfclere)"></a><a name="Tomcat_6.0.32_(jfclere)"><strong>Tomcat 6.0.32 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-02-03</strong></font></td></tr><tr><td colspan="2"><blockquote>

1642

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.32 (jfclere)/Catalina"></a><a name="Tomcat_6.0.32_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1643

1644

1645

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48822">48822</a>: Include context name in reload and stop log statements.

1646

Based on the patch provided by Marc Guillemot. (kkolinko)

1647

</td></tr>

1648

1649

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50673">50673</a>: Improve Catalina shutdown when running as a service.

1650

Do not call System.exit(). (kkolinko)

1651

</td></tr>

1652

1653

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50689">50689</a>: Provide 100 Continue responses at appropriate points

1654

during FORM authentication if client indicates that they are expected.

(kkolinko)

</td></tr>

Improve HTTP specification compliance in support of

1659

<code>Accept-Language</code> header. This protects from known exploit

1660

of the Oracle JVM bug that triggers a DoS, CVE-2010-4476. (kkolinko)

1661

</td></tr>

1662

</table>

1663

</blockquote></td></tr></table>

1664

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.32 (jfclere)/Coyote"></a><a name="Tomcat_6.0.32_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1665

1666

1667

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49795">49795</a>: Backport AprEndpoint shutdown improvements, to make

1668

it more robust. (mturk/kkolinko)

1669

</td></tr>

1670

1671

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50325">50325</a>: When the JVM indicates support for RFC 5746, disable

1672

Tomcat's <code>allowUnsafeLegacyRenegotiation</code> configuration

1673

attribute and use the JVM configuration to control renegotiation.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50631">50631</a>: InternalNioInputBuffer should honor

1678

<code>maxHttpHeadSize</code>. (kkolinko)

1679

</td></tr>

1680

1681

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50651">50651</a>: Fix NPE in InternalNioOutputBuffer.recycle().

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

1686

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.32 (jfclere)/Cluster"></a><a name="Tomcat_6.0.32_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

1687

1688

1689

Be consistent with locks on sessionCreationTiming,

1690

sessionExpirationTiming in DeltaManager.resetStatistics(). (kkolinko)

1691

</td></tr>

1692

</table>

1693

</blockquote></td></tr></table>

1694

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.31 (jfclere)"></a><a name="Tomcat_6.0.31_(jfclere)"><strong>Tomcat 6.0.31 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

1695

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.31 (jfclere)/Catalina"></a><a name="Tomcat_6.0.31_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1696

1697

1698

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49543">49543</a>: Allow Tomcat to use shared data sources with per

1699

application credentials. (fhanik)

1700

</td></tr>

1701

1702

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50205">50205</a>: Add the deployIgnorePaths attribute to the Host

1703

element. Based on a patch by Jim Riggs. (markt/kkolinko)

1704

</td></tr>

1705

1706

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50413">50413</a>: Additional fix that ensures the error page is served

1707

regardless of any Range headers in the original request. (kkolinko)

1708

</td></tr>

1709

1710

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50550">50550</a>: When a new directory is created (e.g. via WebDAV)

1711

ensure that a subsequent request for that directory does not result in a

1712

404 response. (markt/kkolinko)

1713

</td></tr>

1714

1715

Provide session creation and destruction rate metrics in the session

managers. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50606">50606</a>: Improve CGIServlet: Provide support for specifying

1720

empty value for the <code>executable</code> init-param. Provide support

1721

for explicit additional arguments for the executable. Those were

1722

broken when implementing fix for bug <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49657">49657</a>. (kkolinko)

1723

</td></tr>

1724

1725

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50620">50620</a>: Stop exceptions that occur during

1726

<code>Session.endAccess()</code> from preventing the normal completion

1727

of <code>Request.recycle()</code>. (markt)

1728

</td></tr>

1729

</table>

1730

</blockquote></td></tr></table>

1731

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.31 (jfclere)/Coyote"></a><a name="Tomcat_6.0.31_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1732

1733

1734

Remove a huge memory leak in the NIO connector introduced by the fix

1735

for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49884">49884</a>. (markt)

1736

</td></tr>

1737

</table>

1738

</blockquote></td></tr></table>

1739

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.31 (jfclere)/Cluster"></a><a name="Tomcat_6.0.31_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

1740

1741

1742

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50600">50600</a>: Prevent a <code>ConcurrentModificationException</code>

1743

when removing a WAR file via the FarmWarDeployer. (markt)

1744

</td></tr>

1745

</table>

1746

</blockquote></td></tr></table>

1747

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)"></a><a name="Tomcat_6.0.30_(jfclere)"><strong>Tomcat 6.0.30 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-01-13</strong></font></td></tr><tr><td colspan="2"><blockquote>

1748

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/General"></a><a name="Tomcat_6.0.30_(jfclere)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

1749

1750

1751

Filter input of manager app servlets. (kkolinko)

1752

</td></tr>

1753

1754

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43960">43960</a>: Expose available property of StandardWrapper via JMX.

(markt)

</td></tr>

Update to Commons Daemon 1.0.5. (mturk)

1759

</td></tr>

1760

1761

Switch to using the Eclipse compiler JAR directly rather than creating

1762

it from the larger JDT download. (markt)

1763

</td></tr>

1764

1765

Allow the off-line building of the extras package. (markt)

1766

</td></tr>

1767

1768

Update to Commons Pool 1.5.5. (markt)

1769

</td></tr>

1770

1771

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49728">49728</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50084">50084</a>: Improve PID file handling when

1772

another process is managing the PID file and Tomcat does not have write

access. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49909">49909</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50201">50201</a>: Provide a mechanism to log requests

1777

rejected before they reach the AccessLogValve to appear in the access

1778

log. (markt/kkolinko)

1779

</td></tr>

1780

</table>

1781

</blockquote></td></tr></table>

1782

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/Catalina"></a><a name="Tomcat_6.0.30_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1783

1784

1785

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38113">38113</a>: Provide a system property that enables a strict

1786

interpretation of the specification for <code>getQueryString()</code>

1787

when an empty query string is provided by the user agent. (markt)

1788

</td></tr>

1789

1790

Return a copy of the current URLs for the <code>WebappClassLoader</code>

1791

to prevent modification. This facilitated, although it wasn't the root

1792

cause, CVE-2010-1622. (markt)

1793

</td></tr>

1794

1795

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48837">48837</a>: Extend thread local memory leak detection to include

1796

classes loaded by subordinate class loaders to the web

1797

application's class loader such as the Jasper class loader.

1798

Patch provided by Sylvain Laurent. (kkolinko)

1799

</td></tr>

1800

1801

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48973">48973</a>: Avoid creating a SESSIONS.ser file when stopping an

1802

application if there's no session. Patch provided by Marc Guillemot.

(slaurent)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49030">49030</a>: Failure during start of one connector should not leave

1807

some connectors started and some ignored. (kkolinko)

1808

</td></tr>

1809

1810

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49195">49195</a>: Don't report an error when shutting down a Windows

1811

service for a Tomcat instance that has a disabled shutdown port. (markt)

1812

</td></tr>

1813

1814

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49209">49209</a>: Fix problem with JDBC driver memory leak prevention

1815

when running under a security manager. Patch provided by Sylvain

Laurent. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49613">49613</a>: Improve performance when using SSL for applications

1820

that make multiple class to <code>Request.getAttributeNames()</code>.

1821

Patch provided by Sampo Savolainen. (markt)

1822

</td></tr>

1823

1824

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49657">49657</a>: Handle CGI executables with spaces in the path.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49667">49667</a>: Ensure that using the JDBC driver memory leak

1829

prevention code does not cause a one of the memory leaks it is meant to

avoid. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49749">49749</a>: Respect <code>httpOnly</code> setting of Context

1834

when creating SSO cookie. (markt)

1835

</td></tr>

1836

1837

Provide better web application state information via JMX. (markt)

1838

</td></tr>

1839

1840

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49811">49811</a>: Add an option to disable URL rewriting on a per

1841

Context basis. The option name is <code>disableURLRewriting</code>.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49856">49856</a>: Expose the executor name for the connector via JMX.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49915">49915</a>: Make error more obvious, particularly when accessed

1850

via JConsole, if StandardServer.storeConfig() is called when there is

1851

no StoreConfig implementation present. (markt)

1852

</td></tr>

1853

1854

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49965">49965</a>: Use correct i18n resources for StringManager in

1855

JAASRealm. (kkolinko)

1856

</td></tr>

1857

1858

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49987">49987</a>: Fix potential data race in the population of the

1859

Servlet Context initialisation parameters. (markt)

1860

</td></tr>

1861

1862

Code clean-up. Avoid some casts in StandardContext. (markt)

1863

</td></tr>

1864

1865

Add security policy and token poller protection to the JRE memory leak

1866

protection provided in Tomcat 6. (markt/kkolinko)

1867

</td></tr>

1868

1869

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50026">50026</a>: Add support for mapping the default servlet to URLs

other than /. (timw)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50128">50128</a>: Improve exception handling in PersistentManagerBase

1874

when running with a security manager. (kkolinko)

1875

</td></tr>

1876

1877

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50131">50131</a>: Avoid possible NPE in debug output in PersistentValve.

1878

Patch provided by sebb. (kkolinko)

1879

</td></tr>

1880

1881

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50138">50138</a>: Fix threading issues in

1882

<code>org.apache.catalina.security.SecurityUtil</code>. (markt)

1883

</td></tr>

1884

1885

Add a new filter, <code>org.apache.catalina.filters.CsrfPreventionFilter</code>,

1886

to provide generic cross-site request forgery (CSRF)

1887

protection for web applications. (markt)

1888

</td></tr>

1889

1890

Make sure Contexts defined in server.xml pick up any <code>configClass</code>

1891

setting from the parent Host. (markt)

1892

</td></tr>

1893

1894

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50222">50222</a>: Modify memory leak prevention code so it pins the

1895

system class loader in memory rather than than the common class loader,

1896

which is better for embedded systems. (schultz)

1897

</td></tr>

1898

1899

Make memory leak prevention code that clears ThreadLocal instances more

1900

robust against objects with <code>toString()</code> methods that throw

exceptions. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50282">50282</a>: Load <code>javax.security.auth.login.Configuration</code>

1905

with <code>JreMemoryLeakPreventionListener</code> to avoid memory leak

1906

when stopping a webapp that would use JAAS.

(slaurent)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50413">50413</a>: Ensure 304s are not returned when using static files

1911

as error pages. (markt)

1912

</td></tr>

1913

1914

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50453">50453</a>: Correctly handle multiple <code>X-Forwarded-For</code>

1915

headers in the RemoteIpValve. Patch provided by Jim Riggs. (markt)

1916

</td></tr>

1917

1918

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50459">50459</a>: Fix thread/classloader binding issues in

1919

StandardContext. (slaurent)

1920

</td></tr>

1921

1922

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50527">50527</a>: Improve an error message shown by HttpServlet. (markt)

1923

</td></tr>

1924

1925

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50556">50556</a>: Improve JreMemoryLeakPreventionListener to prevent

1926

a potential class loader leak caused by a thread spawned when the class

1927

<code>com.sun.jndi.ldap.LdapPoolManager</code> is initialized and the

1928

system property <code>com.sun.jndi.ldap.connect.pool.timeout</code> is

1929

set to a value greater than 0. (slaurent)

1930

</td></tr>

1931

1932

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50642">50642</a>: Move the <code>sun.net.www.http.HttpClient</code>

1933

keep-alive thread memory leak protection from the

1934

JreMemoryLeakPreventionListener to the WebappClassLoader since the

1935

thread that triggers the memory leak is created on demand. (markt)

1936

</td></tr>

1937

</table>

1938

</blockquote></td></tr></table>

1939

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/Coyote"></a><a name="Tomcat_6.0.30_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1940

1941

1942

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47913">47913</a>: Return the IP address rather than null for

1943

<code>getRemoteHost()</code> with the APR connector if the IP address

1944

does not resolve. (markt)

1945

</td></tr>

1946

1947

Avoid a NPE for APR connector unlockAccept with default soTimeout.

(mturk)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48545">48545</a>: Allow JSSE trust stores to be used without providing

1952

a password. Based on a patch by smmwpf54. (kkolinko)

1953

</td></tr>

1954

1955

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48738">48738</a>: Add support for flushing gzipped output. Based on a

1956

patch by Jiong Wang. (markt)

1957

</td></tr>

1958

1959

Avoid a NPE in the DeltaManager when a parallel request invalidates the

1960

session before the current request has a chance to send the replication

message. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48925">48925</a>: <code>request.getLocalAddr()</code> returns

1965

<code>null</code> when using the default Jk AJP/1.3 connector. (rjung)

1966

</td></tr>

1967

1968

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49497">49497</a>: Stop accepting new requests (inc keep-alive) once the

1969

BIO connector is paused and the current request has finished processing.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49521">49521</a>: Disable scanning for a free port in Jk AJP/1.3

1974

connector by default. Do not change <code>maxPort</code> field value of ChannelSocket

1975

in its <code>setPort()</code> and <code>init()</code> methods. Add

1976

support for <code>maxPort</code> attribute on a <code>Connector</code>

1977

element as a synonym for <code>channelSocket.maxPort</code>. (kkolinko)

1978

</td></tr>

1979

1980

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49625">49625</a>: Ensure Vary header is set if response may be

1981

compressed rather than only setting it if it is compressed. (markt)

1982

</td></tr>

1983

1984

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49730">49730</a>: Fix race condition in StandardThreadExecutor that can

1985

lead to long delays in processing requests. Patch provided by Sylvain

Laurent. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49860">49860</a>: Add support for trailing headers in chunked HTTP

1990

requests. The header length is limited to 8192 by default and the limit

1991

can be changed via a system property. (markt/kkolinko)

1992

</td></tr>

1993

1994

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49972">49972</a>: Fix potential thread safe issue when formatting dates

1995

for use in HTTP headers. (markt)

1996

</td></tr>

1997

1998

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50072">50072</a>: NIO connector can mis-read request line if not sent in

1999

a single packet. (markt/kkolinko)

2000

</td></tr>

2001

2002

Improve recycling of processors in Http11NioProtocol. (kkolinko)

2003

</td></tr>

2004

2005

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50273">50273</a>: Provide a workaround for an HP-UX issue that can

2006

result in large numbers of SEVERE log messages appearing in the logs as

2007

a result of normal operation. (markt)

2008

</td></tr>

2009

2010

Make SSL certificate encoding algorithm consistent between connectors by

2011

using the JVM default for all connectors. This also fixes an issue with

2012

the NIO connector on IBM JVMs. (markt)

2013

</td></tr>

2014

2015

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50467">50467</a>: Protected against NPE triggered by a race condition

2016

that causes the NIO poller to fail, preventing the processing of further

requests. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

2021

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/Jasper"></a><a name="Tomcat_6.0.30_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2022

2023

2024

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49217">49217</a>: Ensure that identifiers used in EL meet the

2025

requirements of the Java Language Specification. This check is off by

2026

default and can be enabled by setting a system property. (markt)

2027

</td></tr>

2028

2029

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49555">49555</a>: Correctly handled Tag Libraries where functions are

2030

defined in static inner classes. (markt)

2031

</td></tr>

2032

2033

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49665">49665</a>: Provide better information including JSP file name and

2034

location when a missing file is detected during TLD handling. Patch

2035

provided by Ted Leung. (markt)

2036

</td></tr>

2037

2038

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49985">49985</a>: Fix thread safety issue in EL parser. (markt)

2039

</td></tr>

2040

2041

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49986">49986</a>: Fix thread safety issue in JSP reloading. (timw))

2042

</td></tr>

2043

2044

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49998">49998</a>: Make jsp:root detection work with single quoted

2045

attributes as well. (timw)

2046

</td></tr>

2047

2048

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50066">50066</a>: Compile a recursive tag file if it depends on a JAR.

2049

Patch provided by Sylvain Laurent. (markt)

2050

</td></tr>

2051

2052

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50078">50078</a>: Fix threading issues in EL caches and make cache sizes

2053

configurable. Threading patch provided by Takayoshi Kimura. (markt)

2054

</td></tr>

2055

2056

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50105">50105</a>: When processing composite EL expressions use

2057

<code>Enum.name()</code> rather than <code>Enum.toString()</code> as

2058

required by the EL specification. (markt)

2059

</td></tr>

2060

2061

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50228">50228</a>: Improve recycling of <code>BodyContentImpl</code>.

2062

This avoids keeping a cached reference to a webapp-provided Writer

2063

used in JspFragment.invoke() calls. (kkolinko)

2064

</td></tr>

2065

2066

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50460">50460</a>: Fix memory leak in JspDocumentParser triggered by

2067

first access to a jspx page. (kkolinko)

2068

</td></tr>

2069

2070

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50500">50500</a>: Use correct coercions (as per the EL spec) for

2071

arithmetic operations involving string values containing '.',

2072

'e' or 'E'. Based on a patch by Brian Weisleder.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

2077

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/Cluster"></a><a name="Tomcat_6.0.30_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

2078

2079

2080

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49343">49343</a>: When ChannelException is thrown, remove listener from

channel. (kfujino)

</td></tr>

Add Null check when CHANGE_SESSION_ID message received. (kfujino)

2085

</td></tr>

2086

2087

When a cluster node disappears when using the backup manager, handle the

2088

failed ping message rather than propagating the exception (which just

2089

logs the stack trace but doesn't do anything to deal with the failure).

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49905">49905</a>: Fix potential memory leak when using asynchronous

2094

session replication. (markt)

2095

</td></tr>

2096

2097

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49924">49924</a>: When non-primary node changes into a primary node,

2098

make sure isPrimarySession is changed to true. (kfujino)

2099

</td></tr>

2100

2101

Add support for <code>maxActiveSessions</code> attribute to

2102

BackupManager. (kfujino)

2103

</td></tr>

2104

2105

Improve sending an access message in DeltaManager.

2106

Use <code>maxInactiveInterval</code> not of the Manager, but of the session.

2107

If <code>maxInactiveInterval</code> is negative, the access message is not

2108

being sent. (kfujino)

2109

</td></tr>

2110

2111

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50547">50547</a>: Add time stamp for CHANGE_SESSION_ID message and

2112

SESSION_EXPIRED message. (kfujino)

2113

</td></tr>

2114

</table>

2115

</blockquote></td></tr></table>

2116

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/Web applications"></a><a name="Tomcat_6.0.30_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2117

2118

2119

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49585">49585</a>: Update JSVC documentation to reflect new packaging

2120

of Commons Daemon. (markt)

2121

</td></tr>

2122

2123

Configure the Manager web application to use the new CSRF protection. To

2124

take advantage of this protection, the <code>manager</code> role must be

2125

removed from all users and the new <code>manager-gui</code> and

2126

<code>manager-script</code> roles used instead. (markt)

2127

</td></tr>

2128

2129

Configure the Host Manager web application to use the new CSRF

2130

protection. To take advantage of this protection, the <code>admin</code> role

2131

must be removed from all users and the new <code>admin-gui</code> and

2132

<code>admin-script</code> roles used instead. (markt)

2133

</td></tr>

2134

2135

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50303">50303</a>: Update JNDI how-to to reflect new JavaMail and JAF

2136

download locations and that JAF is now included in Java SE 6. (markt)

2137

</td></tr>

2138

2139

CVE-2010-4172: Multiple XSS in Manager application. (markt/kkolinko)

2140

</td></tr>

2141

2142

Improve Tomcat Logging documentation. (kkolinko)

2143

</td></tr>

2144

2145

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50242">50242</a>: Provide a sample log4j configuration that more

2146

closely matches the default JULI configuration. Patch provided by

2147

Christopher Schultz. (kkolinko)

2148

</td></tr>

2149

2150

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50294">50294</a>: Add more information to documentation regarding format

2151

of configuration files. Patch provided by Luke Meyer. (markt)

2152

</td></tr>

2153

2154

Configure the Manager and Host-Manager web applications to use HttpOnly

2155

flag for their session cookies. (kkolinko)

2156

</td></tr>

2157

2158

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50316">50316</a>: Fix display of negative values in the Manager web

2159

application. (kkolinko)

2160

</td></tr>

2161

2162

Improve documentation of database connection factory. (rjung)

2163

</td></tr>

2164

</table>

2165

</blockquote></td></tr></table>

2166

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/Other"></a><a name="Tomcat_6.0.30_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2167

2168

2169

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48716">48716</a>: Do not call reset if the default LogManager is in use.

(markt)

</td></tr>

Use native line endings for example Eclipse configuration files in

2174

source distribution. (markt)

2175

</td></tr>

2176

2177

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49428">49428</a>: Add a work-around for the known namespace issues for

2178

some Microsoft WebDAV clients. Based on the patch provided by

2179

Panagiotis Astithas. (kkolinko)

2180

</td></tr>

2181

2182

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49861">49861</a>: Fix formatting of log messages in JXM remote listener.

2183

Do not use commas when printing RMI port numbers. (markt)

2184

</td></tr>

2185

2186

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50140">50140</a>: Don't ignore a user specified install directory

2187

on 64-bit platforms when using the Windows installer. (markt)

2188

</td></tr>

2189

2190

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50552">50552</a>: Avoid NPE that hides error message when using Ant

tasks. (schultz)

</td></tr>

Numerous improvements to the Windows installer: update install/uninstall

2195

icons, create an installation log, allow 32-bit JVMs to be selected when

2196

installing on a 64-bit platform, replace the .ini files with the script

2197

equivalents, use the new manager and host-manager roles, provide the

2198

ability to edit the roles for the added user, add support for the

2199

<code>/?</code> command line switch, clean up fully after installation,

2200

add DetailPrint statements for operations that may take time and

2201

improve the descriptions of the components. (kkolinko, mturk, markt)

2202

</td></tr>

2203

</table>

2204

</blockquote></td></tr></table>

2205

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.29 (jfclere)"></a><a name="Tomcat_6.0.29_(jfclere)"><strong>Tomcat 6.0.29 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2010-07-22</strong></font></td></tr><tr><td colspan="2"><blockquote>

2206

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.29 (jfclere)/Catalina"></a><a name="Tomcat_6.0.29_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2207

2208

2209

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48960">48960</a>: Add a new option to the SSI Servlet and SSI Filter to

2210

allow the disabling of the <code>exec</code> command. This is now

2211

disabled by default. Based on a patch by Yair Lenga. (markt)

2212

</td></tr>

2213

2214

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49551">49551</a>: Allow default context.xml location to be specified

2215

using an absolute path. (markt)

2216

</td></tr>

2217

2218

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49598">49598</a>: When session is changed and the session cookie is

2219

replaced, ensure that the new Set-Cookie header overwrites the old

2220

Set-Cookie header. (markt)

2221

</td></tr>

2222

2223

Fix order when listing Webapp loader search URLs. (rjung)

2224

</td></tr>

2225

2226

Add support for <code>*.jar</code> pattern in VirtualWebappLoader.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2231

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.28 (jfclere)"></a><a name="Tomcat_6.0.28_(jfclere)"><strong>Tomcat 6.0.28 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2010-07-09</strong></font></td></tr><tr><td colspan="2"><blockquote>

2232

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.28 (jfclere)/Catalina"></a><a name="Tomcat_6.0.28_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2233

2234

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td>Arrange filter logic. (jfclere)

2235

</td></tr>

2236

2237

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49230">49230</a>: Enhance JRE leak prevention listener with protection

2238

for the keep-alive thread started by

2239

<code>sun.net.www.http.HttpClient</code>. Patch provided by Rob Kooper.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49351">49351</a>: Fix possible NPE when embedding and no name is

2244

specified for the Service. (markt)

2245

</td></tr>

2246

2247

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49424">49424</a>: Avoid NPE if client provides no data with a chunked

2248

POST request. (markt)

2249

</td></tr>

2250

2251

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49414">49414</a>: Improve diagnostic of memory leaks.

2252

Differentiate between request threads and application

2253

created threads when warning about still running threads when an

2254

application stops. (markt)

2255

</td></tr>

2256

2257

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49443">49443</a>: Fix RemoteIpValve documentation. Use remoteIpHeader

2258

rather than remoteIPHeader consistently. (markt)

2259

</td></tr>

2260

2261

Add property <code>searchExternalFirst</code> to WebappLoader.

2262

If set, the external repositories will be searched before

2263

the WEB-INF ones. (rjung)

2264

</td></tr>

2265

</table>

2266

</blockquote></td></tr></table>

2267

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.28 (jfclere)/Cluster"></a><a name="Tomcat_6.0.28_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

2268

2269

2270

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49445">49445</a>: When session ID is changed after authentication,

2271

ensure the DeltaManager replicates the change in ID to the other nodes

2272

in the cluster. (kfujino)

2273

</td></tr>

2274

</table>

2275

</blockquote></td></tr></table>

2276

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.28 (jfclere)/Web applications"></a><a name="Tomcat_6.0.28_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2277

2278

2279

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49213">49213</a>: Grant permissions required by manager application when

2280

running under a security manager. (markt/kkolinko)

2281

</td></tr>

2282

2283

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49436">49436</a>: Correct documented default for <code>readonly</code>

2284

attribute of the UserDatabase component. (markt)

2285

</td></tr>

2286

</table>

2287

</blockquote></td></tr></table>

2288

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)"></a><a name="Tomcat_6.0.27_(jfclere)"><strong>Tomcat 6.0.27 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

2289

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/General"></a><a name="Tomcat_6.0.27_(jfclere)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

2290

2291

2292

Update DBCP to 1.3. (markt)

2293

</td></tr>

2294

</table>

2295

</blockquote></td></tr></table>

2296

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/Catalina"></a><a name="Tomcat_6.0.27_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2297

2298

2299

Fix CVE-2010-1157. Prevent possible disclosure of host name or IP

2300

address via the HTTP WWW-Authenticate header when using BASIC or DIGEST

2301

authentication. (markt)

2302

</td></tr>

2303

2304

Include context name when reporting memory leaks to aid root cause

2305

identification. (markt)

2306

</td></tr>

2307

2308

Improve exception handling on session de-serialization to assist in

2309

identifying the root cause of <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48007">48007</a>. (kkolinko)

2310

</td></tr>

2311

2312

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48379">48379</a>: Make session cookie name, domain and path configurable

per context. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48589">48589</a>: Make JNDIRealm easier to extend. Based on a patch by

2317

Candid Dauth. (markt/kkolinko)

2318

</td></tr>

2319

2320

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48629">48629</a>: Allow user names as well as DNs to be used with the

2321

nested role search. Add roleNested to the documentation. Patch provided

2322

by Felix Schumacher. (markt)

2323

</td></tr>

2324

2325

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48661">48661</a>: Make error page behavior consistent, regardless of how

2326

the error page is defined. If a response has been committed, always

2327

include the error page. (markt)

2328

</td></tr>

2329

2330

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48729">48729</a>: Return roles defined by both userRoleName and roleName

2331

mechanisms. Patch provided by 'eric'. Also make user's role list

immutable.(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48760">48760</a>: Fix potential multi-threading issue in static resource

2336

serving where multiple threads could try to use the the same

InputStream. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48790">48790</a>: Fix thread safety issue in the count of the maximum

2341

number of active session. (markt/kkolinko)

2342

</td></tr>

2343

2344

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48793">48793</a>: Make catalina.sh more robust to different return

2345

values on different platforms. Patch provided by Thomas GL. (markt)

2346

</td></tr>

2347

2348

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48840">48840</a>: Swallow output (if any) from use of cd when determining

2349

$CATALINA_HOME in catalina.sh and tool-wrapper.sh scripts. Based on patch

2350

provided by mdietze. (markt/kkolinko)

2351

</td></tr>

2352

2353

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48895">48895</a>: Make clearing of ThreadLocals that are causing memory

2354

leaks on web application stop, reload or undeploy configurable since the

2355

process of clearing them is not thread-safe. (markt)

2356

</td></tr>

2357

2358

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48903">48903</a>: Fix deadlock in webapp class loader. (rjung)

2359

</td></tr>

2360

2361

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48971">48971</a>: Make stopping of leaking Timer threads optional and

2362

disabled by default. (markt)

2363

</td></tr>

2364

2365

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48976">48976</a>: Document JAVA_ENDORSED_DIRS in start-up scripts. Patch

2366

provided by Laurent Vaills. (markt)

2367

</td></tr>

2368

2369

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48983">48983</a>: Improve debug logging for situations when

2370

<code>RemoteIpValve</code> is bypassed. Patch provided by Cyrille Le

Clerc. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49018">49018</a>: Fix processing of time argument in the Expire sessions

2375

action in the Manager web application. (kkolinko)

2376

</td></tr>

2377

2378

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49116">49116</a>: If session is already invalid, expire session to

2379

prevent memory leak. (kfujino)

2380

</td></tr>

2381

2382

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49158">49158</a>: Ensure only one session cookie is returned for a

2383

single request. (markt/fhanik)

2384

</td></tr>

2385

2386

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49245">49245</a>: Fix session expiration check in cross-context

requests. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49398">49398</a>: ByteChunk.indexOf(String, int, int, int) could not

2391

find a string of length 1. (kkolinko)

2392

</td></tr>

2393

2394

Fix possible overflows when calculating session statistics. (kkolinko)

2395

</td></tr>

2396

2397

Log unexpected exceptions when providing access to web application

2398

resources in ApplicationContext. (kkolinko)

2399

</td></tr>

2400

2401

Improve exception handling in CatalinaShutdownHook. (kkolinko)

2402

</td></tr>

2403

2404

Expose properties of VirtualWebappLoader and WebappClassLoader via JMX.

(rjung)

</td></tr>

</table>

</blockquote></td></tr></table>

2409

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/Coyote"></a><a name="Tomcat_6.0.27_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2410

2411

2412

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48839">48839</a>: Correctly handle HTTP header folding in the NIO

2413

connector. Patch suggested by Richa Baronia. (markt)

2414

</td></tr>

2415

2416

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48843">48843</a>: Prevent possible deadlock for worker allocation in

2417

connectors. (kkolinko)

2418

</td></tr>

2419

2420

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48843">48843</a>: Fix handling of add queues in AprEndpoint.Poller and

2421

AprEndpoint.Sendfile. Do not miss wakeups. (kkolinko)

2422

</td></tr>

2423

2424

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48862">48862</a>: Add support for the backlog parameter to the AJP

2425

connector. (pero/markt)

2426

</td></tr>

2427

2428

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48917">48917</a>: Correct name of mod_jk module in ApacheConfig. Patch

2429

provided by Todd Hicks. (markt)

2430

</td></tr>

2431

2432

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49095">49095</a>: AprEndpoint did not wakeup acceptors during shutdown

2433

when deferAccept option was enabled. Based on a patch provided by

2434

Ruediger Pluem. (kkolinko)

2435

</td></tr>

2436

2437

Use chunked encoding for http 1.1 requests with no content-length

2438

(regardless of keep-alive) so client can differentiate between complete

2439

and partial responses. (markt)

2440

</td></tr>

2441

2442

Correct the SSL session timeout attribute name so the code agrees with

2443

the documentation. (markt)

2444

</td></tr>

2445

2446

CoyotePrincipal now implements Serializable. (fhanik)

2447

</td></tr>

2448

2449

Enable the BIO AJP connector to run under a security manager. (markt)

2450

</td></tr>

2451

</table>

2452

</blockquote></td></tr></table>

2453

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/Jasper"></a><a name="Tomcat_6.0.27_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2454

2455

2456

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45015">45015</a>: Correct a regression in quote handling caused by the

2457

re-factoring of attribute parsing. (markt)

2458

</td></tr>

2459

2460

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48701">48701</a>: Add a system property to allow disabling enforcement

2461

of JSP.5.3. The specification recommends, but does not require, this

2462

enforcement. (kkolinko)

2463

</td></tr>

2464

2465

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48737">48737</a>: Don't assume paths that start with /META-INF/... are

2466

always in JARs. This is not true for some IDEs. Patch provided by

2467

Fabrizio Giustina. (markt)

2468

</td></tr>

2469

2470

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49081">49081</a>: Correctly handle EL expressions of the form #${...}.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49196">49196</a>: Avoid NullPointerException in PageContext.getErrorData()

2475

if an error-handling JSP page is called directly. (markt)

2476

</td></tr>

2477

</table>

2478

</blockquote></td></tr></table>

2479

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/Cluster"></a><a name="Tomcat_6.0.27_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

2480

2481

2482

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48717">48717</a>: When a node joins a cluster and it receives all the

2483

current sessions, ensure the sessionCreated event is fired if the

2484

Manager is configured to replicate session events. (markt)

2485

</td></tr>

2486

2487

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48934">48934</a>: Previous fix to handle dropped connections incorrectly

2488

permanently disabled session replication. (fhanik)

2489

</td></tr>

2490

2491

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49051">49051</a>: memberAlive is not called if member has not already

2492

existed in membership. (kfujino)

2493

</td></tr>

2494

2495

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49151">49151</a>: Avoid ClassCastException in BackupManager#stop.

(kfujino)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49170">49170</a>: Do not send duplicated session. (kfujino)

2500

</td></tr>

2501

2502

Add missing messages and ensure cluster listeners log messages to

2503

correct logger. (markt)

2504

</td></tr>

2505

</table>

2506

</blockquote></td></tr></table>

2507

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/Web applications"></a><a name="Tomcat_6.0.27_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2508

2509

2510

Use underscores instead of spaces in anchor names in Tomcat

2511

documentation. (kkolinko)

2512

</td></tr>

2513

2514

Add support for displaying the Spring Security user name (if present) in

2515

the Manager application. (markt)

2516

</td></tr>

2517

2518

Improve the ChatServlet <a href="aio.html">Comet</a> example

2519

(/examples/jsp/chat/). (kkolinko)

2520

</td></tr>

2521

</table>

2522

</blockquote></td></tr></table>

2523

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/Other"></a><a name="Tomcat_6.0.27_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2524

2525

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Update to Commons Daemon 1.0.2. Use service launcher (procrun)

2526

from the Commons Daemon release. Do not keep a copy of it in our source

2527

tree. (mturk/kkolinko)</td></tr>

2528

2529

Update to NSIS 2.46. (kkolinko)

2530

</td></tr>

2531

2532

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48990">48990</a>: Fix the <code>skip.installer</code> build property

2533

so if set, only the Windows installer is skipped. (markt)

2534

</td></tr>

2535

2536

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49178">49178</a>: Provide in catalina.policy an example of additional

2537

permissions that might be needed for code located in

2538

<code>$CATALINA_BASE/lib</code>. (markt)

2539

</td></tr>

2540

2541

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49236">49236</a>: Do not use indexing when packing Tomcat JARs.

(kkolinko)

</td></tr>

Remove unused code from org.apache.tomcat.util.buf classes. (kkolinko)

2546

</td></tr>

2547

2548

Rearrange tomcat-juli.jar permissions and wrap long lines in the

2549

<code>conf/catalina.policy</code> file, to make the text more readable

2550

when cited in documentation. (kkolinko)

2551

</td></tr>

2552

2553

Do not evaluate the <code>execute.installer</code> property when building

2554

a release. The <code>skip.installer</code> property is used instead.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2559

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.26 (jfclere)"></a><a name="Tomcat_6.0.26_(jfclere)"><strong>Tomcat 6.0.26 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2010-03-11</strong></font></td></tr><tr><td colspan="2"><blockquote>

2560

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.26 (jfclere)/Catalina"></a><a name="Tomcat_6.0.26_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2561

2562

2563

Close security hole in unreleased 6.0.25 by ensuring new find leaks

2564

functionality is protected by a security constraint. (kkolinko)

2565

</td></tr>

2566

2567

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48831">48831</a>: Improve logging shutdown behaviour. Use Catalina's

2568

shutdown hook to shutdown JULI. This enables them to be shutdown in the

2569

correct order. Do not shutdown global handlers several times.

(markt/kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2574

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.26 (jfclere)/Coyote"></a><a name="Tomcat_6.0.26_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2575

2576

2577

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48584">48584</a>: Prevent the APR connector logging an error if the

2578

acceptor fails during shutdown since this is expected. (mturk)

2579

</td></tr>

2580

2581

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48660">48660</a>: Using compression should not overwrite any Vary header

2582

set by a web application. (markt)

2583

</td></tr>

2584

</table>

2585

</blockquote></td></tr></table>

2586

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.26 (jfclere)/Jasper"></a><a name="Tomcat_6.0.26_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2587

2588

2589

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48371">48371</a>: Ensure generated servlet mappings are inserted at the

2590

correct location when using JspC and allow the option that controls this

2591

to be configured on the command line. Also allow the encoding of web.xml

2592

to be configured when using JspC and deprecate some unused JspC methods.

(markt/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48498">48498</a>: Avoid ArrayIndexOutOfBoundsException triggered by a

2597

Java 6/7 XML parser bug. (markt/kkolinko)

2598

</td></tr>

2599

2600

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48668">48668</a>: Additional fixes to ensure deferred syntax is handled

2601

correctly. (kkolinko)

2602

</td></tr>

2603

2604

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48827">48827</a>: Correct a regression in the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47977">47977</a>

2605

that caused an incorrect non-empty body error to be reported for valid

2606

JSP documents. (markt)

2607

</td></tr>

2608

</table>

2609

</blockquote></td></tr></table>

2610

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.26 (jfclere)/Web applications"></a><a name="Tomcat_6.0.26_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2611

2612

2613

Make changelog.xml be directly rendered as HTML by certain browsers.

(kkolinko)

</td></tr>

Add support for automated generation of TOC tables and for links to svn

2618

revisions to tomcat-docs.xsl in documentation. (kkolinko/fhanik)

2619

</td></tr>

2620

2621

Move Manager application JSPs that are not intended to be accessed

2622

directly under the WEB-INF directory. (kkolinko)

2623

</td></tr>

2624

2625

Improve the messages displayed by the find leaks diagnostic in the

2626

Manager application. (kkolinko)

2627

</td></tr>

2628

</table>

2629

</blockquote></td></tr></table>

2630

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.26 (jfclere)/Other"></a><a name="Tomcat_6.0.26_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2631

2632

2633

Encode all property files using ascii escaped UTF-8. Also fixes

2634

deployment problem when using French locale. (jfclere/rjung)

2635

</td></tr>

2636

</table>

2637

</blockquote></td></tr></table>

2638

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)"></a><a name="Tomcat_6.0.25_(jfclere)"><strong>Tomcat 6.0.25 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

2639

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)/Catalina"></a><a name="Tomcat_6.0.25_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2640

2641

2642

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48039">48039</a>: Return immediately if start() is called on an already

2643

started StandardService. (markt)

2644

</td></tr>

2645

2646

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48109">48109</a>: Ensure InputStream is closed on error condition in web

2647

application class loader. (markt)

2648

</td></tr>

2649

2650

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48179">48179</a>: Clean up dead code that was used to read tldCache

file. (kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48318">48318</a>: Handle case where WebDAV resource is in directory

2655

listing but is not accessible. (markt)

2656

</td></tr>

2657

2658

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48384">48384</a>: Add a per context xslt option for directory listings.

2659

Make the fallback options work as described in the documentation.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48577">48577</a>: Filter URL when displaying missing included page.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48612">48612</a>: Prevent exception on shutdown if the address attribute

2668

is specified for a connector. (markt)

2669

</td></tr>

2670

2671

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48613">48613</a>: Further fixes to ensure APRLifecycleListener is only

2672

used if defined in server.xml. (fhanik)

2673

</td></tr>

2674

2675

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48614">48614</a>: Correct JULI log file buffering so default behaviour

2676

is no buffering. (fhanik)

2677

</td></tr>

2678

2679

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48625">48625</a>: Provide an option to exit if an error occurs during

2680

the initialization phase. (fhanik)

2681

</td></tr>

2682

2683

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48645">48645</a>: Use specified encoding rather than null in calls to

2684

<code>RequestUtil.URLDecode(byte[] bytes, String enc)</code> (markt)

2685

</td></tr>

2686

2687

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48653">48653</a>: Force request.secure and request.scheme to

2688

<code>false</code> and <code>http</code> if the X-Forwarded-Proto header

2689

has the value http. Patch provided by Cyrille Le Clerc. (markt)

2690

</td></tr>

2691

2692

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48678">48678</a>: Remove duplicate server field from

2693

<code>org.apache.catalina.startup.Catalina</code>. (markt)

2694

</td></tr>

2695

2696

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48694">48694</a>: Remove potential deadlock in web application class

loader. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48716">48716</a>: Provide additional configuration options for JULI.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48726">48726</a>: Prevent OOME when uploading large WAR files with the

2705

deployer. Patch provided by adam. (markt)

2706

</td></tr>

2707

2708

Improve memory leak protection by safely stopping threads started via

2709

<code>java.util.Timer</code> that an application starts but fails to

2710

stop and by clearing references retained due to the use of

2711

<code>java.util.ResourceBundle</code>. (markt)

2712

</td></tr>

2713

2714

Modify ThreadLocal memory leak detection to not report false positives

2715

and to simplify implementation. (markt/kkolinko)

2716

</td></tr>

2717

2718

Basic memory leak detection was added to the standard Host

2719

implementation and exposed via JMX to detect memory leaks on web

2720

application reload. (markt/kkolinko)

2721

</td></tr>

2722

</table>

2723

</blockquote></td></tr></table>

2724

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)/Coyote"></a><a name="Tomcat_6.0.25_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2725

2726

2727

Update the native/APR library version bundled with Tomcat to 1.1.20.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2732

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)/Jasper"></a><a name="Tomcat_6.0.25_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2733

2734

2735

Add some debug logging to the compiler where exceptions were previously

swallowed. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48170">48170</a>: Remove unnecessary synchronization that is causing

2740

issues under load. (markt)

2741

</td></tr>

2742

2743

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48580">48580</a>: Prevent AccessControlException if first access is to a

2744

JSP that uses a FunctionMapper. (markt)

2745

</td></tr>

2746

2747

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48582">48582</a>: Avoid NPE on background compilation failure. (markt)

2748

</td></tr>

2749

2750

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48616">48616</a>: Don't declare or synchronize scripting variables for

2751

JSP fragments since they are scriptless. This is an alternative fix for

2752

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42390">42390</a> that avoids both the original problem and the

2753

regression in the first fix. (kkolinko)

2754

</td></tr>

2755

2756

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48627">48627</a>: Fix regression in re-factored EL parsing. Keep

2757

literals as literals and handle deferredSyntaxAllowedAsLiteral.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48668">48668</a>: When parsing JSPs only parse EL as EL if EL is enabled

2762

else strings such as ${ will be silently dropped. (markt)

2763

</td></tr>

2764

2765

Various EL TCK failures. (markt)

2766

</td></tr>

2767

</table>

2768

</blockquote></td></tr></table>

2769

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)/Cluster"></a><a name="Tomcat_6.0.25_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

2770

2771

2772

Force a disconnect if an error occurs during replication such as

2773

a firewall dropping the connection. (fhanik)

2774

</td></tr>

2775

</table>

2776

</blockquote></td></tr></table>

2777

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)/Web applications"></a><a name="Tomcat_6.0.25_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2778

2779

2780

Add new "Find leaks" command to the Manager application. It allows to

2781

detect web applications that have caused memory leaks on stop,

2782

reload or undeploy. (markt/kkolinko)

2783

</td></tr>

2784

</table>

2785

</blockquote></td></tr></table>

2786

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)/Other"></a><a name="Tomcat_6.0.25_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2787

2788

2789

Ensure files in conf directory have CRLF line endings when using the

2790

Windows installer. (kkolinko)

2791

</td></tr>

2792

2793

Allow special characters recognized by the Windows command-line shell to

2794

be present in the names of CATALINA_HOME/_BASE and the current directory

2795

used to call the Tomcat scripts. (kkolinko)

2796

</td></tr>

2797

2798

Don't use @Deprecated annotations in

2799

<code>javax.servlet.jsp.JspContext</code> since the specification does

2800

not include them in the API definition. (markt)

2801

</td></tr>

2802

2803

Improve the information in the JAR manifest files. (markt)

2804

</td></tr>

2805

</table>

2806

</blockquote></td></tr></table>

2807

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.24 (jfclere)"></a><a name="Tomcat_6.0.24_(jfclere)"><strong>Tomcat 6.0.24 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2010-01-21</strong></font></td></tr><tr><td colspan="2"><blockquote>

2808

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.24 (jfclere)/Catalina"></a><a name="Tomcat_6.0.24_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2809

2810

2811

Correct TCK failures with security manager caused by the original fix

2812

for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47774">47774</a>. (markt)

2813

</td></tr>

2814

</table>

2815

</blockquote></td></tr></table>

2816

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.24 (jfclere)/Other"></a><a name="Tomcat_6.0.24_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2817

2818

2819

Remove broken link in README.html. (jfclere)

2820

</td></tr>

2821

2822

Add <code>.notice</code> files to the set of files that have their line

2823

endings changed. (markt)

2824

</td></tr>

2825

2826

<code>.zip</code> distributions should have windows line endings.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

2831

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.23 (jfclere)"></a><a name="Tomcat_6.0.23_(jfclere)"><strong>Tomcat 6.0.23 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

2832

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.23 (jfclere)/Catalina"></a><a name="Tomcat_6.0.23_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2833

2834

2835

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47774">47774</a>: Ensure web application class loader is used when

2836

calling session listeners. (markt)

2837

</td></tr>

2838

2839

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48006">48006</a>: Add additional information to the optional

2840

X-Powered-By header to align with the content suggested in the Servlet

2841

specification. (markt)

2842

</td></tr>

2843

2844

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48345">48345</a>: Sessions timed out too early when using

2845

PersistentManager. Patch provided by Keiichi Fujino. (markt)

2846

</td></tr>

2847

2848

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48398">48398</a>: Make objects used as locks final to ensure correct

2849

operation. Patch provided by sebb. (markt)

2850

</td></tr>

2851

2852

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48417">48417</a>: Update French translations. Patch provided by André

2853

Warnier. (markt/kkolinko)

2854

</td></tr>

2855

2856

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48421">48421</a>: Fix file descriptor and potential memory leak when a

2857

web application uses a local logging.properties file. Allow a web

2858

application's log files to be deleted once the web application has been

stopped. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48454">48454</a>: Ensure stderr is completely read before terminating

2863

the CGI process. Patch provided by Markus Grieder. (markt)

2864

</td></tr>

2865

2866

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48516">48516</a>: Prevent NPE in JNDIRealm if requested user does not

2867

exist. Patch provided by Kevin Conaway. (markt)

2868

</td></tr>

2869

2870

Fix implementation of log buffer size and provide a cleaner interface.

(fhanik/kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2875

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.23 (jfclere)/Coyote"></a><a name="Tomcat_6.0.23_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2876

2877

2878

Update version of native bundled in Windows installer to 1.1.19. (mturk)

2879

</td></tr>

2880

2881

Update recommended version for native to 1.1.19. (rjung)

2882

</td></tr>

2883

2884

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48004">48004</a>: All web applications to set the http

2885

<code>Server</code> header. (markt)

2886

</td></tr>

2887

2888

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48470">48470</a>: Ensure Tomcat does not lock up if shut down under

load. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

2893

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.23 (jfclere)/Jasper"></a><a name="Tomcat_6.0.23_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2894

2895

2896

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47977">47977</a>: Using a body with a tag that has an empty body should

2897

cause an error. (markt)

2898

</td></tr>

2899

2900

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48112">48112</a>: Correct handling of } character in literals when parsing

2901

expressions. This also improves the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47413">47413</a>. (markt)

2902

</td></tr>

2903

</table>

2904

</blockquote></td></tr></table>

2905

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.23 (jfclere)/Web applications"></a><a name="Tomcat_6.0.23_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2906

2907

2908

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48530">48530</a>: Add information on the Manager Server Status page to

2909

the Manager How-To in the documentation webapp. Based on a patch by

Arnaud Espy. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48532">48532</a>: Add information to the BIO/NIO SSL configuration page

2914

in the documentation web application to specify how the defaults for the

2915

various trust store attributes are determined. (markt)

2916

</td></tr>

2917

</table>

2918

</blockquote></td></tr></table>

2919

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.23 (jfclere)/Other"></a><a name="Tomcat_6.0.23_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2920

2921

2922

Remove hard coded version numbers and instead apply version filter

2923

already defined in ant scripts. (rjung)

2924

</td></tr>

2925

2926

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47609">47609</a>: Correct regression in previous fix. (markt)

2927

</td></tr>

2928

2929

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48464">48464</a>: Provide an option to specify the command window title

2930

in catalina.bat on Windows. Patch provided by LiuYan. (markt)

2931

</td></tr>

2932

2933

Add some missing deprecation markers for

2934

<code>javax.servlet.jsp.JspContext</code>. (markt/kkolinko)

2935

</td></tr>

2936

</table>

2937

</blockquote></td></tr></table>

2938

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.22 (jfclere)"></a><a name="Tomcat_6.0.22_(jfclere)"><strong>Tomcat 6.0.22 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

2939

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.22 (jfclere)/Catalina"></a><a name="Tomcat_6.0.22_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2940

2941

2942

Log errors if a web application starts a thread but fails to stop the

2943

thread when the web application stops or is reloaded. Failure to stop a

2944

thread is very likely to result in a memory leak. (markt)

2945

</td></tr>

2946

2947

Provide an option to stop any threads a web application starts but fails

2948

to stop when the web application stops or is reloaded. Using this option

2949

is very likely to result in instability and should be viewed as a last

2950

resort in development and is not recommended at all in production.

(markt)

</td></tr>

Log errors if a web application creates a ThreadLocal but fails to clear

2955

it when the web application stops or is reloaded. Failure to clear a

2956

ThreadLocal is very likely to result in a memory leak. (markt)

2957

</td></tr>

2958

2959

Clear any unintentional references remaining in

2960

<code>sun.rmi.transport.Target</code> when the web application stops or

2961

is reloaded. Failure to clear these is very likely to result in a memory

leak. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

2966

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.22 (jfclere)/Coyote"></a><a name="Tomcat_6.0.22_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2967

2968

2969

Remove unneeded line from the method that normalizes decodedURI.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2974

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.22 (jfclere)/Other"></a><a name="Tomcat_6.0.22_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2975

2976

2977

Correct MD5 generation in the build process. (jfclere/kkolinko)

2978

</td></tr>

2979

2980

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47609">47609</a>: Provide fail-safe EOL conversion for build process.

2981

Based on patches by sebb/kkolinko. (markt)

2982

</td></tr>

2983

</table>

2984

</blockquote></td></tr></table>

2985

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)"></a><a name="Tomcat_6.0.21_(jfclere)"><strong>Tomcat 6.0.21 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

2986

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)/Catalina"></a><a name="Tomcat_6.0.21_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2987

2988

2989

Fix issues with expression language when running under a

2990

SecurityManager. (markt)

2991

</td></tr>

2992

2993

Remove duplicate mime-mapping entries in web.xml. Re-order entries

2994

alphabetically to make it easier to identify duplicates. (markt)

2995

</td></tr>

2996

2997

Use a more sensible default (webapps) for a Host's appBase.

(markt/idarwin)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37794">37794</a>: Support the parsing of parameters from chunked POSTs.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37984">37984</a>: Strip {MD5} as well as {SHA} if present in digest

3006

passwords in LDAP directories. (markt)

3007

</td></tr>

3008

3009

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38352">38352</a>: Allow JSPs to write to the directory defined by

3010

<code>javax.servlet.context.tempdir</code> when running under a security

manager. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39231">39231</a>: Call LoginContext.logout() when using JAAS realm and

3015

session expires. (markt/kkolinko)

3016

</td></tr>

3017

3018

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40380">40380</a>: Fix potential synchronization issue in

3019

StandardSession.expire(). (markt)

3020

</td></tr>

3021

3022

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41059">41059</a>: Reduce chances of errors when ENABLE_CLEAR_REFERENCES

3023

is used. Patch provided by Curt Arnold. (markt)

3024

</td></tr>

3025

3026

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43343">43343</a>: Fix additional concurrency issues identified with the

3027

persistent session manager. (markt)

3028

</td></tr>

3029

3030

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44041">44041</a>: Fix threading issue in WebappClassLoader that can lead

3031

to duplicate class definition under high load. (markt/fhanik)

3032

</td></tr>

3033

3034

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44943">44943</a>: Use the same engine name in server.xml comments to

3035

reduce copy and pastes issues. (markt/kkolinko)

3036

</td></tr>

3037

3038

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45255">45255</a>: Provide protection against session fixation by

3039

changing session ID automatically on authentication. (markt/kkolinko)

3040

</td></tr>

3041

3042

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45403">45403</a>: Add additional checks on web application deployment

3043

and do not swallow IO errors. (kkolinko)

3044

</td></tr>

3045

3046

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45785">45785</a>: Additional fix required for the extension validator.

3047

Based on a patch by Rolf Wojtech. (markt)

3048

</td></tr>

3049

3050

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46908">46908</a>: Try and support java encoding names when using an xml

3051

parser provided via the endorsed mechanism. (markt)

3052

</td></tr>

3053

3054

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46967">46967</a>: Better handling of errors when trying to use

3055

Manager.randomFile. Based on a patch by Kirk Wolf. (markt)

3056

</td></tr>

3057

3058

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47046">47046</a>: Unregister all MBeans, including when non-default

3059

engine names are used. (markt)

3060

</td></tr>

3061

3062

Use native2ascii to ensure non-ASCII characters in property files are

3063

handled correctly in all circumstances. (markt)

3064

</td></tr>

3065

3066

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47050">47050</a>: Remove unnecessary filtering of error messages.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47080">47080</a>: Fix NPE in RealmBase when uri is null. (markt)

3071

</td></tr>

3072

3073

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47158">47158</a>: Fix some thread safety issues in the AccessLogValve.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47228">47228</a>: Correct French translations. Patch provided by sebb.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47299">47299</a>: Simplify code and make embedding easier. (markt)

3082

</td></tr>

3083

3084

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47316">47316</a>: Allow different values for Service name and Engine

3085

name. This corrects a regression introduced by the fix for

3086

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42707">42707</a>. (markt)

3087

</td></tr>

3088

3089

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47343">47343</a>: Editing context.xml for a directory should not delete

3090

the directory. This was a regression caused by the fix for

3091

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42747">42747</a>. (markt)

3092

</td></tr>

3093

3094

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47364">47364</a>: Improve Javadoc for

3095

org.apache.catalina.connector.Request.getAttributeNames() to include

3096

information on the handling of Tomcat's internal request attributes.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47451">47451</a>: Don't throw an NPE if the various response.setHeader()

3101

methods are called with null header name, zero length header name or

3102

null value. Silently ignore the calls in the same way they are ignored

3103

if the response has already been committed. (markt)

3104

</td></tr>

3105

3106

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47462">47462</a>: Allow individual web applications to override metadata

3107

complete if set in the global web.xml. Patch provided by Keiichi Fujino.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47495">47495</a>: Provide a more meaningful error message is server.xml

3112

is not readable and exit immediately if a server cannot be created.

(funkman/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47518">47518</a>: Correct reference in Valve Javadoc that referred to an

3117

old method. Patch provided by Christopher Schultz. (markt)

3118

</td></tr>

3119

3120

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47537">47537</a>: Return an error page rather than a zero length 200

3121

response if the forward to the login or error page fails during FORM

3122

authentication. (markt)

3123

</td></tr>

3124

3125

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47718">47718</a>: Fix file descriptor leak on context stop/reload. Patch

3126

provided by George Sexton. (markt)

3127

</td></tr>

3128

3129

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47796">47796</a>: Fix OpenEJB integration. Reset annotation processor on

3130

context stop. (markt)

3131

</td></tr>

3132

3133

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47826">47826</a>: Correct error in debug message in

3134

org.apache.catalina.Bootstrap (markt)

3135

</td></tr>

3136

3137

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47836">47836</a>: Clear cached TLD information on context reload.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47841">47841</a>: When using the CombinedRealm, if one of the nested

3142

Realms fails to start, skip that Realm rather than preventing the

3143

CombinedRealm from starting. (markt)

3144

</td></tr>

3145

3146

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47881">47881</a>: Fix processing of startd and stopd arguments. Patch

3147

provided by Qingyang Xu. (kkolinko)

3148

</td></tr>

3149

3150

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47918">47918</a>: Correct mbean descriptors for the host deployer. Patch

3151

provided by Uwe Günther. (markt)

3152

</td></tr>

3153

3154

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47930">47930</a>: Fix thread safety issues on session swap-in in the

3155

persistent session manager. (markt/kkolinko)

3156

</td></tr>

3157

3158

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47976">47976</a>: Correct usage message and Javadoc for

3159

<code>org.apache.catalina.startup.Catalina</code>. (markt)

3160

</td></tr>

3161

3162

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47997">47997</a>: Ensure the NamingContextListener applies to all naming

3163

contexts, not just the global one. Patch provided by Michael Allman.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48049">48049</a>: Fix copy and paste error so

3168

<code>NamingContext.destroySubContext()</code> works correctly.

3169

Patch provided by gingyang.xu (markt)

3170

</td></tr>

3171

3172

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48097">48097</a>: Make WebappClassLoader to do not swallow

3173

AccessControlException. (kkolinko)

3174

</td></tr>

3175

3176

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48097">48097</a>: Avoid throwing an AccessControlException which can

3177

lead to a NoClassDefFoundError on first access of first jsp.

(kkolinko/markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48257">48257</a>: Correct error in Spanish translations. Patch provided

3182

by Guillermo Gutiérrez. (markt)

3183

</td></tr>

3184

3185

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48306">48306</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48307">48307</a>: Correct French translations. Patches

3186

provided by Marc Paquette. (markt)

3187

</td></tr>

3188

3189

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48322">48322</a>: Single quote characters are not HTTP separators and

3190

should not be treated as such in the cookie handling. (markt)

3191

</td></tr>

3192

3193

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48413">48413</a>: Correct some French translations. Patch provided by

3194

André Warnier. (markt)

3195

</td></tr>

3196

3197

Deprecate the <code>caseSensitive</code> option on the

3198

<code>StandardContext</code> which will be removed in Tomcat 7 onwards.

(markt)

</td></tr>

Log deployments consistently for WAR, directory and descriptor

deployments. (markt)

</td></tr>

Better logging for parameter decoding issues to help identify broken

requests. (markt)

</td></tr>

Update Apache Commons Pool from 1.4 to 1.5.4. This update includes

3211

various fixes to prevent deadlocks, reduces synchronization and makes

3212

object allocation occur fairly - i.e. objects are allocated to threads

3213

in the order that the threads request them. This update fixes a number

3214

of issues in Tomcat's built-in copy of DBCP. (markt)

3215

</td></tr>

3216

3217

Allow log file encoding to be configured for JULI FileHandler. (kkolinko)

3218

</td></tr>

3219

3220

Provide debug logging for JNDI lookups. (markt)

3221

</td></tr>

3222

3223

Correct JDBC driver de-registration on web application stop and fix NPE

3224

that is exposed by the fix. (markt)

3225

</td></tr>

3226

3227

Ensure JDBC driver de-registration works with a security manager.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48214">48214</a>: Ensure JDBC driver de-registration is not too zealous.

(markt)

</td></tr>

Various JNDI realm improvements for Active Directory. These include the

3236

ability to specify a default role, optional handling for nested roles

3237

and an option to ignore PartialResultExceptions (markt).

3238

</td></tr>

3239

3240

Expose Servlet Filters via JMX. Based on a patch by Xie Xiaodong as part

of GSOC2009. (markt)

</td></tr>

Tomcat now uses the Platform MBean server by default so all MBeans

3245

registered by Tomcat will be exposed via JMX (eg via JConsole) without

3246

requiring any additional configuration. (markt)

3247

</td></tr>

3248

3249

The JMX Remote Lifecycle Listener allows the ports used by JMX to be

3250

fixed, making it easier to configure firewalls to all JMX traffic to

3251

pass through. Part of the extras package. (markt)

3252

</td></tr>

3253

3254

Make context deployment error message for fixDocBase() more meaningful.

(markt)

</td></tr>

Add an additional permission required by JULI when running under newer

3259

JDKs and a security manager. (markt)

3260

</td></tr>

3261

3262

Remove unnecessary reference to tomcat-coyote.jar from the bootstrap JAR

manifest. (kkolinko)

</td></tr>

Use correct method to create URLs in VirtualWebappLoader. (kkolinko)

3267

</td></tr>

3268

3269

Provide a new listener to protect against a memory leak caused by a

3270

change in the Sun JRE from version 1.6.0_15 onwards. Also include

3271

protection against locked JAR files, memory leaks triggered by

3272

XML parsing and the GC Daemon. (markt)

3273

</td></tr>

3274

3275

Don't swallow exceptions in ApplicationContextFacade.doPrivileged()

(kkolinko)

</td></tr>

Close resource stream in WebappClassLoader after read error. (pero)

3280

</td></tr>

3281

3282

Include attribute name into the text of Non-serializable exception

3283

that might be thrown by Session.setAttribute() in distributable

3284

applications. (mturk)

3285

</td></tr>

3286

3287

Add RemoteIpValve, a port of mod_remoteip. Patch provided by Cyrille Le

Clerc. (markt)

</td></tr>

Allow per instance configuration of JULI or log4j for core Tomcat

3292

logging when using CATALINA_BASE. (markt/kkolinko)

3293

</td></tr>

3294

3295

Prevent NPE in JULI during shutdown when resources try to log messages

3296

after JULI has been shutdown. (fhanik/kkolinko)

3297

</td></tr>

3298

3299

Make the JULI FileHandler easier to extend. (fhanik)

3300

</td></tr>

3301

3302

Make buffer size for FileHandler configurable. (fhanik)

3303

</td></tr>

3304

3305

Make JULI FileHandler thread safe. (fhanik)

3306

</td></tr>

3307

3308

Provide an option to disable buffering in the JULI FileHandler.

(kkolinko)

</td></tr>

Ensure log messages are not lost on shutdown. (markt)

3313

</td></tr>

3314

3315

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44679">44679</a>: Provide an option to allow the equals character in

3316

unquoted cookie values. (markt)

3317

</td></tr>

3318

3319

Add support for a connectionTimeout parameter to the JNDIRealm. (markt)

3320

</td></tr>

3321

3322

Various (un)deployment related improvements including better handling of

3323

failed (un)deployment, additional checking for valid zip entries that

3324

don't make sense in a WAR and improved validation of WAR file names.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

3329

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)/Coyote"></a><a name="Tomcat_6.0.21_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

3330

3331

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Implement <code>socket.unlockTimeout</code> attribute for NIO connector.</td></tr>

3332

3333

Update version of native bundled in Windows installer

3334

to 1.1.18. (kkolinko)

3335

</td></tr>

3336

3337

Update minimum required version for native to 1.1.17. (rjung)

3338

</td></tr>

3339

3340

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46950">46950</a>: Fix doing SSL renegotiation when a resource with CLIENT-CERT

3341

auth is requested. (markt)

3342

</td></tr>

3343

3344

Align tcnative native and Java method names. (rjung)

3345

</td></tr>

3346

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Dont report thread count from connector if an external executor is used.</td></tr>

3347

3348

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39637">39637</a>: Enable the AJP connectors to correctly handle client

3349

certificate chains. Patch by Patrik Schnellmann. (markt)

3350

</td></tr>

3351

3352

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46985">46985</a>: Clean up code and remove impossible condition.

(markt/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47225">47225</a>: Fix error in calculation of a buffer length in the

mapper. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47320">47320</a>: Don't rely on the platform default encoding being

3361

suitable to parse the session ID. (markt)

3362

</td></tr>

3363

3364

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47499">47499</a>: Don't swallow bind exceptions. (markt)

3365

</td></tr>

3366

3367

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47744">47744</a>: Prevent a medium term memory leak if using SSL with

3368

the JSSE provider and also using a security manager. Based on a patch by

Greg Vanore. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47963">47963</a>: Ensure that any HTTP status messages are compliant

3373

with RFC2616. (markt/kkolinko)

3374

</td></tr>

3375

3376

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47987">47987</a>: Limit size of not found resources cache. (markt)

3377

</td></tr>

3378

3379

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48009">48009</a>: Protect against the situation where editing a

3380

context.xml file may result in the file disappearing for a very short

time. (markt)

</td></tr>

Use correct connector attribute (SSLEnabled) rather than secure to

3385

determine if SSL should be used. (fhanik)

3386

</td></tr>

3387

3388

Provide a workaround for CVE-2009-3555, the TLS renegotiation issue, for

3389

the default Blocking IO Java connector.

3390

</td></tr>

3391

3392

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48252">48252</a>: Fix stack overflow exception when setting jkHome on

3393

NIO connector. (fhanik)

3394

</td></tr>

3395

3396

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48311">48311</a>: Only the APR lifecycle listener should try and

3397

initialise APR. (markt)

3398

</td></tr>

3399

</table>

3400

</blockquote></td></tr></table>

3401

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)/Jasper"></a><a name="Tomcat_6.0.21_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

3402

3403

3404

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38797">38797</a>: Fix a regression in the previous patch for

3405

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37933">37933</a>. (markt)

3406

</td></tr>

3407

3408

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38897">38897</a>: Add uri of broken TLD to error message to aid

debugging. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41661">41661</a>: Fix thread safety issue with JspConfig.init() (markt)

3413

</td></tr>

3414

3415

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41824">41824</a>: Need to use canonical rather than binary form when

3416

writing code. (markt)

3417

</td></tr>

3418

3419

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42390">42390</a>: Fix compilation issue with some nested tag files and

3420

simple tags. (kkolinko/markt)

3421

</td></tr>

3422

3423

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43656">43656</a>: Correctly coerce <code>null</code> to zero when the

3424

target type is <code>Number</code>. (markt)

3425

</td></tr>

3426

3427

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46907">46907</a>: Don't swallow input stream when debug logging is

enabled. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47318">47318</a>: Process directives found in include preludes and

codas. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47331">47331</a>: Treat uninterpreted tags as template text for JSP.2.2.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47413">47413</a>: Ensure expressions of the form "${a}${b}"

3440

are correctly coerced to String. (kkolinko)

3441

</td></tr>

3442

3443

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47453">47453</a>: Handle void return types for deferred methods.

(funkman)

</td></tr>

Remove the code that auto-detects the value for compilerSourceVM,

3448

compilerTargetVM options of Jasper, because we know that this version

3449

of Tomcat cannot run on JDK 1.4 and thus the value is always "1.5".

(kkolinko)

</td></tr>

Change default values for JDK version compliance options of JspC

3454

(-source and -target when running from command line)

3455

to be "1.5", to be the same as the ones used by Jasper servlet.

(kkolinko)

</td></tr>

Make constants in the TagHandlerPool really constant. (markt)

3460

</td></tr>

3461

3462

When development mode is enabled and a JSP is deleted, ensure next

3463

request for that JSP is consistent with the JSP having been removed.

(markt/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48019">48019</a>: Be more careful about skipping content that does not

3468

need to be parsed. (markt)

3469

</td></tr>

3470

3471

Better handling of exception in JSP if parsed JSP source is not

available. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

3476

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)/Cluster"></a><a name="Tomcat_6.0.21_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

3477

3478

3479

DeltaSession needs endAccess so that CrossContext replication works. (pero)

3480

</td></tr>

3481

3482

DeltaManager needs to replicate changed attributes even if session

3483

gets invalidated. Otherwise session listeners will not see the right

3484

data on the secondary nodes. (rjung)

3485

</td></tr>

3486

3487

Spurious startup errors during session transfer.

3488

Sessions get transferred, but node still waits until timeout. (rjung)

3489

</td></tr>

3490

3491

Perform deserializtion events with context class loader. (fhanik)

3492

</td></tr>

3493

3494

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47515">47515</a>: Correctly replicate timestamp during startup. (fhanik)

3495

</td></tr>

3496

3497

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47478">47478</a>: Call replication listeners when using BackupManager. (fhanik)

3498

</td></tr>

3499

3500

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47369">47369</a>: Reset data diff after replication. (fhanik)

3501

</td></tr>

3502

3503

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40551">40551</a>: Enable the JvmRouteBinderValve to work with

3504

PersistentManagers as well as clustering. Based on a patch by Chris

Chandler. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47342">47342</a>: Fix potential NPE on replicated context start. Patch

3509

provided by Keiichi Fujino. (markt)

3510

</td></tr>

3511

3512

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47389">47389</a>: DeltaManager doesn't do session replication if

3513

notifySessionListenersOnReplication=false.

3514

Patch by Keiichi Fujino. (fhanik)

3515

</td></tr>

3516

3517

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47502">47502</a>: Don't replicate session attributes known not to be

3518

serializable. (funkman)

3519

</td></tr>

3520

3521

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47554">47554</a>: Include httpOnly attribute when re-writing session

3522

cookie after fail over. (markt)

3523

</td></tr>

3524

3525

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47799">47799</a>: Enable the domain to be configured for Membership and

3526

DomainFilterInterceptor. Patch provided by Keiichi Fujino. (markt)

3527

</td></tr>

3528

3529

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48113">48113</a>: Display IP addresses using 0 to 255 rather than -128

3530

to +127. Based on a patch by Quintin Beukes. (fhanik/kkolinko)

3531

</td></tr>

3532

</table>

3533

</blockquote></td></tr></table>

3534

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)/Web applications"></a><a name="Tomcat_6.0.21_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

3535

3536

3537

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41564">41564</a>: Add some documentation on installing Tomcat as a

3538

service on operating systems with User Account Control, e.g. Vista.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47161">47161</a>: Report thread count correctly in Manager when exectors

3543

are used and return -1 when it can not easily be determined. (markt)

3544

</td></tr>

3545

3546

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47235">47235</a>: Remove use of autoReconnect from MySQL examples.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47324">47324</a>: Fix submit URL for session list page so it works

3551

behind a reverse proxy. Patch provided by Maik Jablonski. (markt)

3552

</td></tr>

3553

3554

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47425">47425</a>: Add crlFile attribute to the SSL configuration

3555

documentation. (markt)

3556

</td></tr>

3557

3558

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47444">47444</a>: Remove Jakarta references from the documentation.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47656">47656</a>: Add information to documentation on system property

3563

replacement in configuration files. (markt)

3564

</td></tr>

3565

3566

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47705">47705</a>: Fix division by zero error in the manager when trying

3567

to expire sessions when the session timeout is set to infinite.

(funkman)

</td></tr>

Fix display of session information pages of Manager application

3572

in Internet Explorer. (kkolinko)

3573

</td></tr>

3574

3575

Do not reuse windows (tabs) for session detail pages in Manager

3576

application. (kkolinko)

3577

</td></tr>

3578

3579

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47769">47769</a>: Clarify the JNDI docs with repect to use of

3580

<resource-ref> and related elements, specifically when they are

3581

required and when they may be omitted. (markt)

3582

</td></tr>

3583

3584

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48381">48381</a>: Add information on how Tomcat treats host names to the

3585

host configuration documentation. (markt)

3586

</td></tr>

3587

</table>

3588

</blockquote></td></tr></table>

3589

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)/Other"></a><a name="Tomcat_6.0.21_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

3590

3591

3592

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37847">37847</a>: Make location and filename of catalina.out configurable

3593

in catalina.sh. (fhanik)

3594

</td></tr>

3595

3596

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37848">37848</a>: Re-fix not outputting info messages when there is no

terminal. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39194">39194</a>: Make classpath configuration consistent in the startup

3601

scripts. (markt/kkolinko)

3602

</td></tr>

3603

3604

Update Tomcat Windows service application (procrun) to version 2.0.5.

3605

It contains a fix for issue <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41538">41538</a> (mturk)

3606

</td></tr>

3607

3608

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40786">40786</a>: Include 64-bit Windows service wrapper in

3609

distributions. Update the Windows installer to automatically use the

3610

correct binary on 64-bit machines. (markt)

3611

</td></tr>

3612

3613

Update Windows Installer to use NSIS 2.45. They say that this version

3614

provides support for the upcoming Microsoft Windows 7. (kkolinko)

3615

</td></tr>

3616

3617

Don't add blank lines to end of files when fixing line-endings for

3618

tar.gz distribution. (markt)

3619

</td></tr>

3620

3621

Use explicit encoding during filtering operations when building Tomcat

3622

for distribution. (kkolinko)

3623

</td></tr>

3624

3625

Remove references to unused commons-collections from the build scripts.

(markt)

</td></tr>

Fix download task check for commons-pool and commons-dbcp in the

3630

build scripts. (kkolinko)

3631

</td></tr>

3632

3633

Include deployer-howto.html into the deployer distributive. (kkolinko)

3634

</td></tr>

3635

3636

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47149">47149</a>: Build scripts: Explicitly specify encoding when

3637

compiling. (kkolinko)

3638

</td></tr>

3639

3640

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47267">47267</a>: Ensure release notes displayed by Windows installer

3641

have CRLF line-endings regardless of which OS the install package is

3642

built on. (markt/kkolinko)

3643

</td></tr>

3644

3645

Include NOTICE, LICENSE and manifest files in all Tomcat JARs and add a

3646

mechanism to the build process to enable these files to be customised

3647

per JAR as required. (markt)

3648

</td></tr>

3649

3650

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47699">47699</a>: Provide better handling of PID files. (markt)

3651

</td></tr>

3652

3653

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47824">47824</a>: Make Servlet API an optional dependency for JULI when

using Maven. (markt)

</td></tr>

Add support for per instance (using $CATALINA_BASE) log4j.properties

3658

files, JDBC drivers etc by adding ${catalina.base}/lib and

3659

${catalina.base}/lib/*.jar to the start of the common loader class

path. (markt)

</td></tr>

Correct CVE-2009-3548. When installed via the Windows installer and

3664

using defaults, don't create an administrative user with a blank

3665

password. Additionally, the administrative user is only created if the

3666

manager or host-manager web applications are selected for installation.

(markt)

</td></tr>

Further improvements to the administrative user name and password

3671

handling in the Windows installer. (kkolinko)

3672

</td></tr>

3673

</table>

3674

</blockquote></td></tr></table>

3675

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)"></a><a name="Tomcat_6.0.20_(remm)"><strong>Tomcat 6.0.20 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2009-06-03</strong></font></td></tr><tr><td colspan="2"><blockquote>

3676

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)/Catalina"></a><a name="Tomcat_6.0.20_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

3677

3678

3679

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42579">42579</a>: Handle both relative and absolute search results in

3680

the JNDIRealm. Patch provided by Brandon DuRette. (markt)

3681

</td></tr>

3682

3683

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46562">46562</a>: Close shtml files after processing to allow other

3684

processes to modify the files. (markt)

3685

</td></tr>

3686

3687

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46815">46815</a>: Make the MemoryUserDatabase read-only by default.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46816">46816</a>: Align session manager mbean descriptor with

3692

implementation. (markt)

3693

</td></tr>

3694

3695

Fix a typo in the OPTIONS response from the default servlet. (markt)

3696

</td></tr>

3697

3698

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46822">46822</a>: Remove unnecessary object creation from

3699

StandardContext. Patch provided by Anthony Whitford. (markt)

3700

</td></tr>

3701

3702

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46866">46866</a>: Better initialisation of Random objects. (markt)

3703

</td></tr>

3704

3705

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46875">46875</a>: Catch and handle possible IllegalStateExceptions

3706

in CometConnectionManagerValve related to session expiration. (markt)

3707

</td></tr>

3708

3709

Correct some errors reported when testing the WebDAV servlet with the

3710

Litmus test suite. (markt)

3711

</td></tr>

3712

3713

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46933">46933</a>: Update StringManager to use Java 5 features. Patch

3714

provided by Jens Kapitza. (markt)

3715

</td></tr>

3716

3717

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46990">46990</a>: Fix synchronization issues reported by FindBugs. Patch

3718

provided by Sebb. (markt)

3719

</td></tr>

3720

</table>

3721

</blockquote></td></tr></table>

3722

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)/Coyote"></a><a name="Tomcat_6.0.20_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

3723

3724

3725

Allow huge request body packets for AJP13. (rjung)

3726

</td></tr>

3727

3728

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45026">45026</a>: Never return an empty HTTP status reason phrase.

3729

mod_jk and httpd 2.x do not like that. (rjung)

3730

</td></tr>

3731

3732

Set remote port for AJP connectors from the optional request

3733

attribute AJP_REMOTE_PORT. (rjung)

3734

</td></tr>

3735

3736

Update tc-native to 1.1.16 (markt)

3737

</td></tr>

3738

3739

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46982">46982</a>: Correct reporting of DST offset in access logs.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46984">46984</a>: Invalid characters in HTTP request method now result

3744

in a 400 response. (markt)

3745

</td></tr>

3746

3747

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46991">46991</a>: Fix AJP connector always reporting bytes received as

zero. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

3752

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)/Jasper"></a><a name="Tomcat_6.0.20_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

3753

3754

3755

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37929">37929</a>: Fix invalidated session causing pageContext methods to

fail. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41606">41606</a>: Prevent double initialisation of JSPs. Patch provided

3760

by Chris Halstead. (markt)

3761

</td></tr>

3762

3763

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46354">46354</a>: ArrayIndexOutOfBoundsException when using

3764

org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true

3765

Patch provided by Konstantin Kolinko. (markt)

3766

</td></tr>

3767

3768

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46909">46909</a>: Only include semi-colon in type attribute for

3769

<jsp:plugin> when it is required. (markt)

3770

</td></tr>

3771

3772

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47013">47013</a>: Use system property rather than hard-coded string for

3773

pre-compilation flag. (markt)

3774

</td></tr>

3775

</table>

3776

</blockquote></td></tr></table>

3777

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)/Cluster"></a><a name="Tomcat_6.0.20_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

3778

3779

3780

A node should ignore its own heartbeat messages. (rjung)

3781

</td></tr>

3782

</table>

3783

</blockquote></td></tr></table>

3784

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)/Web applications"></a><a name="Tomcat_6.0.20_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

3785

3786

3787

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46509">46509</a>: Use correct link on error page in JSP security

3788

example. Patch provided by Michael Moody. (markt)

3789

</td></tr>

3790

3791

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46599">46599</a>: Document known DAEMON issue. (markt)

3792

</td></tr>

3793

3794

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46807">46807</a>: Correct docs for configuration of tag pooling. (markt)

3795

</td></tr>

3796

3797

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46924">46924</a>: Clarify behaviour when auto deployment is enabled and

3798

a WAR, directory or context file is deleted or updated. (markt)

3799

</td></tr>

3800

3801

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46958">46958</a>: All xml manager status output to work regardless of

3802

context path. (markt)

3803

</td></tr>

3804

</table>

3805

</blockquote></td></tr></table>

3806

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)/Other"></a><a name="Tomcat_6.0.20_(remm)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

3807

3808

3809

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46351">46351</a>: Refactor the build script. Patch provided by Marc

Guillemot. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46910">46910</a>: Properties files corrupted by build process. (remm)

3814

</td></tr>

3815

3816

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46915">46915</a>: When resolving ResourceBundle properties, don't claim

3817

to have resolved the property unless we really have resolved it. (markt)

3818

</td></tr>

3819

3820

Fix .pdf and .exe corruption in -src.tar.gz distribution. (markt)

3821

</td></tr>

3822

3823

Enable running Tomcat directly from the build directory on linux

systems. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

3828

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)"></a><a name="Tomcat_6.0.19_(remm)"><strong>Tomcat 6.0.19 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

3829

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)/Catalina"></a><a name="Tomcat_6.0.19_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

3830

3831

3832

Manager application prints FAIL if application was deployed but failed to start (fhanik)

3833

</td></tr>

3834

3835

When shutdown port is disabled, print user friendly message and not a stack trace. (fhanik)

3836

</td></tr>

3837

3838

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37458">37458</a>: Correct sync issue that leads to NPE in rare

3839

circumstances. Patch provided by Konstantin Kolinko. (markt)

3840

</td></tr>

3841

3842

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38553">38553</a>: Return 401 rather than 400 if client does not present

3843

a certificate CLIENT-CERT authentication. (markt)

3844

</td></tr>

3845

3846

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38570">38570</a>: When checking docBase against appBase, make sure we

3847

check for an exact match against the appBase. (markt)

3848

</td></tr>

3849

3850

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39013">39013</a>: When testing for invalid docBase, test for an exact

3851

match with the appBase dir. (markt)

3852

</td></tr>

3853

3854

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39396">39396</a>: Don't include TRACE in OPTIONS response unless we

3855

know it hasn't been disabled in the connector. (markt)

3856

</td></tr>

3857

3858

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42747">42747</a>: Ensure context.xml takes effect on first deployment

3859

for WAR and DIR deployments. context.xml is now copied to

3860

CATALINA_BASE/<engine name>/<host name> for DIR as well as

3861

WAR deployments. (markt)

3862

</td></tr>

3863

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43071">43071</a>: Start poller before acceptor (r719267)</td></tr>

3864

3865

Fix read/write timeout of async comet operations

(r719264)

</td></tr>

Implement async close behaviour for Comet/NIO.

3870

No-op for APR (same behavior as before)

(r719262)

</td></tr>

Default thread count for HTTP connectors is 200. (r713186)

3875

</td></tr>

3876

3877

Comet should always invoke END and properly invoke READ (r713174)

3878

</td></tr>

3879

3880

Fix class cast exception when shutting down a replicated context but no cluster has been configured in server.xml (r713177)

3881

</td></tr>

3882

3883

Dererence socket when its no longer used. Frees up socket buffers and memory. No functional change. (r713175)

3884

</td></tr>

3885

3886

Correct wrong "No role found" debug message,

3887

logged in RealmBase even if a role was found. (rjung)

3888

</td></tr>

3889

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44809">44809</a>: Improve AprLifecycleListener Error Messages. (jfclere)</td></tr>

3890

3891

Log AccessControlException for context specific logging.properties

3892

during startup with security manager. (rjung)

3893

</td></tr>

3894

3895

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41407">41407</a>: Add CLIENT-CERT support to the JAAS Realm. (markt)

3896

</td></tr>

3897

3898

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42409">42409</a>: Make custom and standard error page handling

3899

consistent by using resetBuffer() which will not alter previously set

headers. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42673">42673</a>: Fix SSI virtual includes for multi-level contexts.

3904

Patch provided by Peter Jodeleit. (markt)

3905

</td></tr>

3906

3907

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42707">42707</a>: Make adding a host alias via JMX take effect

immediately. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43656">43656</a>: Correct regression in previous fix for this bug. Patch

3912

provided by Nils Eckert. (markt)

3913

</td></tr>

3914

3915

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45419">45419</a>: Set Accept-Ranges for static resources served by

3916

DefaultServlet. (markt)

3917

</td></tr>

3918

3919

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45441">45441</a>: Correctly map filters for FORWARD and INCLUDE. (markt)

3920

</td></tr>

3921

3922

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45447">45447</a>: Convert Spanish resource files to use UTF-8 and provide

3923

translations where previously missing. Patch provided by Jesus Marin.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45453">45453</a>: Remove potential race condition in JDBC Realm.

3928

Based on a patch by Santtu Hyrkk. (markt)

3929

</td></tr>

3930

3931

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45576">45576</a>: Add DIGEST support to the JAAS Realm. (markt)

3932

</td></tr>

3933

3934

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45585">45585</a>: Allow Tomcat to start if using

3935

<code>$CATALINA_BASE</code> but not JULI. Patch based on a suggestion by

3936

Ian Ward Comfort. (markt)

3937

</td></tr>

3938

3939

The JAAS Realm did not assign roles to authenticated users. (markt)

3940

</td></tr>

3941

3942

Provide full stacktrace and message when the ErrorReportValveClass can't

3943

be instantiated. (funkman)

3944

</td></tr>

3945

3946

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45608">45608</a>: Make allocated servlet count synchronized to ensure

3947

the correct allocated servlet count is available during shutdown.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45628">45628</a>: When checking MANIFEST dependancies, JARs without

3952

dependencies should allows be considered to be full-filled. (markt)

3953

</td></tr>

3954

3955

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45735">45735</a>: Improve ETag handling. (remm)

3956

</td></tr>

3957

3958

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45785">45785</a>: Ignore directories named xxx.jar in WEB-INF/lib.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45823">45823</a>: Log missing request headers as '-' not 'null'. Based

3963

on a patch by Per Landberg. (markt)

3964

</td></tr>

3965

3966

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45825">45825</a>: Correctly handle annotations in parent classes. Based

3967

on a patch by Florent Benoit. (markt)

3968

</td></tr>

3969

3970

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45906">45906</a>: Further ETag handling improvements. Patch provided by

3971

Chris Hubick. (markt)

3972

</td></tr>

3973

3974

Add the CombinedRealm that enables authentication to be attempted

3975

against multiple realms. (markt)

3976

</td></tr>

3977

3978

Add the LockOutRealm that enables a standard Realm to be wrapped with

3979

the functionality to lock out a user after too many failed logins.

(markt)

</td></tr>

Make the upper size limit of the static resource cache configurable

3984

since the default of <code>cacheMaxSize/20</code> gave too high a value

3985

for large caches. (markt)

3986

</td></tr>

3987

3988

Fix HTML decoding error in SSI processing. (markt)

3989

</td></tr>

3990

3991

Fix cast error in JULI log factory. (markt)

3992

</td></tr>

3993

3994

Fix some thread safety issues in date formatting. (markt)

3995

</td></tr>

3996

3997

Fix a String comparison bug in the digester property replacement that

3998

resulted in non-optimal operation. (markt)

3999

</td></tr>

4000

4001

Correct handle multi-level contexts defined using context.xml files.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45933">45933</a>: Don't use xml parser from web-app to process tld

files. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45951">45951</a>: Support changing of JSESSIONID cookie name and

4010

jsessionid path parameter name. Based on a patch by Jean-frederic Clere.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46011">46011</a>: Make Principal accessible (if set) via

4015

<code>Subject.getSubject(AccessController.getContext())</code> when

4016

processing filters. Based on a patch by tsveg1. (markt)

4017

</td></tr>

4018

4019

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46075">46075</a>: When uploading files, don't create buffers at the

4020

maximum configured size. Use the default size and let the buffers grow

4021

to the maximum size if necessary. (markt)

4022

</td></tr>

4023

4024

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46085">46085</a>: Fix a rare thread safety issue with session

expiration. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46096">46096</a>: Support annotation processing whilst running under a

4029

security manager. (markt)

4030

</td></tr>

4031

4032

The invoker servlet has been deprecated and will be removed in Tomcat 7

onwards. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46105">46105</a>: Correctly set URI encoding when replaying a request

4037

after FORM authentication. (markt)

4038

</td></tr>

4039

4040

Remove unnecessary reference to commons-logging from the bootstrap JAR

manifest. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46232">46232</a>: Enabled the XMl parser to be over-ridden using the

4045

standard endorsed mechanism. (markt)

4046

</td></tr>

4047

4048

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46261">46261</a>: Treat %2F in a context name literally rather than

4049

converting it (inconsistently) to '/' - that is what '#' is for. (markt)

4050

</td></tr>

4051

4052

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46298">46298</a>: Throw an SQLException with a useful message rather

4053

than a NPE if the URL for the JDBCRealm is invalid. Based on a patch by

4054

Owen Jacobson. (markt)

4055

</td></tr>

4056

4057

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46304">46304</a>: Further fixes to make Principal accessible (if set)

4058

via <code>Subject.getSubject(AccessController.getContext())</code> when

4059

processing filters. (markt)

4060

</td></tr>

4061

4062

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46403">46403</a>: Provide a workaround for an IE and Safari bug that

4063

means the Max-Age attribute of a cookie is ignored. (markt)

4064

</td></tr>

4065

4066

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46408">46408</a>: Fix invalid cast in security utility package. (markt)

4067

</td></tr>

4068

4069

Remove duplicate normalisation implementations and make normalise

4070

behaviour consistent throughout code base. (markt)

4071

</td></tr>

4072

4073

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46683">46683</a>: Fix typo in French localisation file name for the

4074

org.apache.catalina.loader package. (markt)

4075

</td></tr>

4076

4077

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46606">46606</a>: Make the max DEPTH for a WebDAV request configurable.

4078

The default is still 3. (markt)

4079

</td></tr>

4080

4081

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44382">44382</a>: Add support for using httpOnly for session cookies.

4082

This is disabled by default. (markt/fhanik)

4083

</td></tr>

4084

4085

Fix possible NCDFE when using FORM authentication. (jfclere)

4086

</td></tr>

4087

4088

Fix possible synchronisation bottleneck in cookie creation. (markt)

4089

</td></tr>

4090

4091

Fix various spelling errors reported on the mailing lists. (markt)

4092

</td></tr>

4093

4094

Make the logging manager and properties file configurable via

4095

environment variables. (fhanik)

4096

</td></tr>

4097

</table>

4098

</blockquote></td></tr></table>

4099

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)/Coyote"></a><a name="Tomcat_6.0.19_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

4100

4101

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45154">45154</a>:

4102

Implement SEND_FILE behavior for SSL connections using NIO (fhanik)

4103

</td></tr>

4104

4105

Fix file descriptor leak during NIO send file behavior. (fhanik)

4106

</td></tr>

4107

4108

Implement usage of keyAlias attribute for NIO, previously attribute was ignored. (fhanik)

4109

</td></tr>

4110

4111

Prevent server from calling close on an already closed NIO socket. One that had timed out. (fhanik)

4112

</td></tr>

4113

4114

Fix bug with SEND_FILE behavior in NIO. Send file would delay until selector timed out, even though socket was ready to be written. (fhanik)

4115

</td></tr>

4116

4117

Fix possible NPE in NioEndpoint.java (fhanik)

4118

</td></tr>

4119

4120

Update tc-native to 1.1.15 in build.properties.default (jfclere)

4121

</td></tr>

4122

4123

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43327">43327</a>: Socket bind fails when using APR on a system with IPv6

4124

enabled but no explicit IPv6 address configured. (markt/jfclere)

4125

</td></tr>

4126

4127

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44285">44285</a>: Make the SSL session cache size and timeout

4128

configurable. (markt)

4129

</td></tr>

4130

4131

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45074">45074</a>: Add configuration parameters to enable the tuning

4132

of sendfile and poller thread count in the APR HTTP connector. Patch

4133

provided by Alex Barclay. (jfclere/markt)

4134

</td></tr>

4135

4136

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45528">45528</a>: Add detection for invalid SSL configuration to prevent

4137

infinite logging loop on start-up. (markt)

4138

</td></tr>

4139

4140

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45591">45591</a>: NPE on start-up failure in some cases. Based on a

4141

patch by Matt Passell. (markt)

4142

</td></tr>

4143

4144

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46077">46077</a>: Expose deferAccept for configuration. Patch provided

4145

by Michael Leinartas. (markt)

4146

</td></tr>

4147

4148

Don't swallow input if we know the connection is going to be closed. (billbarker)

4149

</td></tr>

4150

4151

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46125">46125</a>: Return a status code of 400 if the request headers are

too large. (markt)

</td></tr>

Make certain that classes are first loaded by trusted code when working in a sandbox. (billbarker)

4156

</td></tr>

4157

4158

Log a message if we reach maxThreads in a connector thread pool. (markt)

4159

</td></tr>

4160

4161

Enable the thread pool limits to be modified via JMX. (markt)

4162

</td></tr>

4163

4164

Fix HTTP/1.0 redirects handling with APR AJP connector. (remm)

4165

</td></tr>

4166

4167

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46666">46666</a>: keepAliveTimeout should be used regardless of setting

4168

of disableUploadTimeout. (markt)

4169

</td></tr>

4170

</table>

4171

</blockquote></td></tr></table>

4172

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)/Jasper"></a><a name="Tomcat_6.0.19_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

4173

4174

4175

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=36923">36923</a>: Treat EL expressions as template text if EL

4176

expressions are disabled. (markt)

4177

</td></tr>

4178

4179

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37515">37515</a>: Support 1.6 and 1.7 as source and target for

compilation. (markt)

</td></tr>

ClassCastException in EL ExpressionBuilder. (rjung)

4184

</td></tr>

4185

4186

Use more generics in EL to improve type safety. (rjung)

4187

</td></tr>

4188

4189

Use a lookahead to remove potential ambiguity in EL parsing. (markt)

4190

</td></tr>

4191

4192

Correct typo in JSP EL examples. (markt)

4193

</td></tr>

4194

4195

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38197">38197</a>: Take account of jsp:attribute elements when pooling

tags. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42077">42077</a>: Ensure the iterator returned by

4200

javax.el.CompositeELResolver#getFeatureDescriptor() skips any null

4201

FeatureDescriptors. Patch provided by Mathias Broekelmann. (markt)

4202

</td></tr>

4203

4204

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42693">42693</a>: Fix JSP generation error with recursive tag file

structure. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45427">45427</a>: Correctly handle unmatched quotes in EL expressions.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45511">45511</a>: The failure of the <code>empty</code> keyword was a

4213

regression caused by the previous fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42565">42565</a>. The original

4214

fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42565">42565</a> has been reverted and a new fix applied.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45648">45648</a>: Don't trim the last character when parsing the EL

namespace. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45666">45666</a>: Prevent infinite loop on include. (markt)

4223

</td></tr>

4224

4225

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45691">45691</a>: Prevent generation of duplicate variable names when

4226

generating code for JSPs. (markt)

4227

</td></tr>

4228

4229

Correct signed/unsigned conversion error in ASCII parsing. (markt)

4230

</td></tr>

4231

4232

Fix various edge-cases when parsing EL, particularly inside attribute

4233

values. Note the the Expert Group has confirmed that JSP.1.6 takes

4234

precedence over JSP.1.3.10. Therefore EL in attributes must be escaped

twice. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46047">46047</a>: Include the path to the JAR when recording

4239

dependencies that are located inside a JAR file. Patch provided by

4240

Cédric Mailleux. (markt)

4241

</td></tr>

4242

4243

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46381">46381</a>: Composite expressions used for attribute values must

4244

be coerced to Strings. (markt)

4245

</td></tr>

4246

4247

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46397">46397</a>: Don't pool tag instances that implement JspIdConsumer.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46462">46462</a>: Limit package test to just the o.a.jsp package to

4252

allow use of packages such as o.a.jspwiki. (markt)

4253

</td></tr>

4254

4255

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46471">46471</a>: Fix naming clash when tags in different libraries have

4256

the same name. (markt)

4257

</td></tr>

4258

4259

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46564">46564</a>: Make page encoding check for tagx compilation

4260

case-insensitive. (markt)

4261

</td></tr>

4262

</table>

4263

</blockquote></td></tr></table>

4264

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)/Cluster"></a><a name="Tomcat_6.0.19_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

4265

4266

4267

Prevent NPE for ReplicationValve (pero)

4268

</td></tr>

4269

4270

Provide TCP only start-up option when using static membership. (fhanik)

4271

</td></tr>

4272

4273

Document the multicast recovery options. (fhanik)

4274

</td></tr>

4275

4276

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45261">45261</a>: Add a new SimpleCoordinator for tribes provided by

4277

Robert Newson. (markt)

4278

</td></tr>

4279

4280

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45618">45618</a>: Make sure NIO selector is closed when no longer used.

4281

Unlikely to be an issue in normal usage. (markt)

4282

</td></tr>

4283

4284

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45851">45851</a>: Fix out of order message processing issues with the

4285

FarmWarDeployer. (markt)

4286

</td></tr>

4287

4288

Fix small memory leak in FarmWarDeployer. (markt)

4289

</td></tr>

4290

4291

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46357">46357</a>: Corrected test for host's parent must be an engine.

(markt)

</td></tr>

Fix so that JvmrouteBinderValve can rewrite session suffix with parallel

4296

requests from same client. (pero)

4297

</td></tr>

4298

</table>

4299

</blockquote></td></tr></table>

4300

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)/Web applications"></a><a name="Tomcat_6.0.19_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

4301

4302

4303

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45940">45940</a>: Correct name of username attribute for JDBC resources

4304

in JNDI how to. (markt)

4305

</td></tr>

4306

4307

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46035">46035</a>: Fix multiple typos in monitoring how to. (markt)

4308

</td></tr>

4309

4310

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46067">46067</a>: Fix typos in Advanced IO how to. (markt)

4311

</td></tr>

4312

4313

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46115">46115</a>: Correct Manager UI to show that path is required when

4314

using the deploy command. (markt)

4315

</td></tr>

4316

4317

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46121">46121</a>: Add note to manager documentation regarding possible

4318

naming clash with new Ant 1.7 resources datatype and how to avoid it.

(markt)

</td></tr>

Remove unsed parameters from Native/APR example connector configuration

in docs. (markt)

</td></tr>

Use CSS based solution for printer-friendly docs. Patch provided by

4327

vitezslav.smid as part of GSoc with additional work by Tim Funk. (markt)

4328

</td></tr>

4329

4330

Update the FAQ linsk in the docs to refer to the wiki. Use xlst task

4331

rather than style task to generate docs. (funkman/markt)

4332

</td></tr>

4333

4334

Document the LifecycleListeners. (markt)

4335

</td></tr>

4336

4337

Fix broken URL mapping in the examples. (markt)

4338

</td></tr>

4339

4340

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46563">46563</a>: Update doc for correct default for pollerThreadCount.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46600">46600</a>: Document maxKeepAliveRequests for the NIO connector.

(markt)

</td></tr>

Fix CVE-2009-0781. XSS in calendar example. (markt)

4349

</td></tr>

4350

</table>

4351

</blockquote></td></tr></table>

4352

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)/Other"></a><a name="Tomcat_6.0.19_(remm)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

4353

4354

4355

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41861">41861</a>: Update service name to Apache Tomcat 6 to prevent

4356

conflicts with previous major Tomcat versions. (markt/rjung)

4357

</td></tr>

4358

4359

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45852">45852</a>: Add special handling for cp932 (aka ms932) when

4360

creating tomcat-users.xml with Windows installer. (markt)

4361

</td></tr>

4362

4363

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45878">45878</a>: Restore manifest, licence and notice files to the jsp

4364

and servlet jars. (markt)

4365

</td></tr>

4366

4367

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45879">45879</a>: Move NOTICE file from documentation webapp to the

4368

installation directory. (markt)

4369

</td></tr>

4370

4371

Add a workaround for DBCP-191. Tomcat will now build without error on a

4372

1.6 JDK but because it does this by skipping DBCP, release builds must

4373

be generated with a 1.5 JDK. (costin/markt)

4374

</td></tr>

4375

4376

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46366">46366</a>: Correct information in RUNNING.txt regarding use of

4377

CATALINA_HOME and CATALINA_BASE. (markt)

4378

</td></tr>

4379

4380

Use more useful JPDA defaults in catalina.bat. (markt)

4381

</td></tr>

4382

4383

Correct error in 2.5 web-app XSD.

4384

</td></tr>

4385

</table>

4386

</blockquote></td></tr></table>

4387

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.18 (remm)"></a><a name="Tomcat_6.0.18_(remm)"><strong>Tomcat 6.0.18 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2008-07-31</strong></font></td></tr><tr><td colspan="2"><blockquote>

4388

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.18 (remm)/Catalina"></a><a name="Tomcat_6.0.18_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4389

4390

4391

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42727">42727</a>: Correctly handle request lines that are exact

4392

multiples of 4096 in length. Patch provided by Will Pugh. (markt)

4393

</td></tr>

4394

4395

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42678">42678</a>: Only ignore docBase if it really is a subdir of

4396

appBase. Patch provided by juergen. (markt)

4397

</td></tr>

4398

4399

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42722">42722</a>: Possible NPE in CGI Servlet. (markt)

4400

</td></tr>

4401

4402

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45285">45285</a>: Look for annotations in class hierarchy. (markt)

4403

</td></tr>

4404

4405

Add additional checks for URI normalization. (remm)

4406

</td></tr>

4407

</table>

4408

</blockquote></td></tr></table>

4409

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.18 (remm)/Jasper"></a><a name="Tomcat_6.0.18_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

4410

4411

4412

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42565">42565</a>: Make EL ternary expression without space before colon

4413

work. Patch provided by Lucas Galfaso. (markt)

4414

</td></tr>

4415

</table>

4416

</blockquote></td></tr></table>

4417

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.18 (remm)/Web applications"></a><a name="Tomcat_6.0.18_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

4418

4419

4420

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45323">45323</a>: Add note that context.xml files can only contain a

4421

single Context element. (markt)

4422

</td></tr>

4423

</table>

4424

</blockquote></td></tr></table>

4425

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.18 (remm)/Cluster"></a><a name="Tomcat_6.0.18_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

4426

4427

4428

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45317">45317</a>: Properly document and log the value of the state transfer timeout flag (fhanik)

4429

</td></tr>

4430

</table>

4431

</blockquote></td></tr></table>

4432

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.18 (remm)/Other"></a><a name="Tomcat_6.0.18_(remm)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

4433

4434

4435

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45332">45332</a>: Specify the correct encoding (the current Windows code

4436

page) rather than assuming UTF-8 when creating tomcat-users.xml with the

4437

Windows installer. (markt)

4438

</td></tr>

4439

</table>

4440

</blockquote></td></tr></table>

4441

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)"></a><a name="Tomcat_6.0.17_(remm)"><strong>Tomcat 6.0.17 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

4442

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/General"></a><a name="Tomcat_6.0.17_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

4443

4444

4445

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45315">45315</a>: Add Unix support for NSIS. (remm)

4446

</td></tr>

4447

</table>

4448

</blockquote></td></tr></table>

4449

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/Catalina"></a><a name="Tomcat_6.0.17_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4450

4451

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45272">45272</a>: Put in work around for Internet Explorer not accepting a quoted Path: value using the Set-Cookie header (fhanik)</td></tr>

4452

4453

APR connector now adds connection to poller after using send file.

(remm)

</td></tr>

Add ManagerBase session getLastAccessedTimestamp and

4458

getCreationTimestamp for better remote JMX access. (pero)

4459

</td></tr>

4460

4461

Expose alwaysSend flag for message dispatch interceptor. (fhanik)

4462

</td></tr>

4463

4464

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=29936">29936</a>: Create digesters and parsers earlier so we aren't

4465

using the webapp class loader when we create them. (markt)

4466

</td></tr>

4467

4468

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42662">42662</a>: Properly resolve reflection proxies during session

4469

replication. (fhanik)

4470

</td></tr>

4471

4472

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42750">42750</a>: Request line should be tolerant of multiple

4473

whitespaces. (markt/fhanik)

4474

</td></tr>

4475

4476

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42934">42934</a>: Change the order of events on context start so

4477

<code>contextInitialized()</code> event is fired before

4478

<code>sessionDidActivate()</code>. The spec isn't 100% clear on the

4479

required order but this seems more logical than the current behaviour.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43079">43079</a>: Fix identification of suspicious URL patterns. Patch

4484

provided by John Kew. (markt)

4485

</td></tr>

4486

4487

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43080">43080</a>: Log suspicious URL patterns to the correct web app.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43117">43117</a>: Setting an empty workDir could result in all of

4492

CATALINA_HOME being deleted. Patch provided by Takayuki Kaneko. (markt)

4493

</td></tr>

4494

4495

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43142">43142</a>: Don't assume a directory named xxx.war is a war file.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43150">43150</a>: Allow Tomcat to start correctly when installed on a

4500

path that contains a # character. (markt)

4501

</td></tr>

4502

4503

The fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43285">43285</a> had the side-effect of coercing

4504

<code>null</code> values to zero. This side-effect has been made

4505

configurable with a system property,

4506

<code>org.apache.el.parser.COERCE_TO_ZERO</code> which defaults to

4507

<code>true</code>. Patch provided by Nils Eckert. (markt)

4508

</td></tr>

4509

4510

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43343">43343</a>: Correctly handle requesting a session we are in the

4511

middle of persisting. Based on a suggestion by Wade Chandler. (markt)

4512

</td></tr>

4513

4514

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43425">43425</a>: Make annotations spec compliant. Patch provided by

4515

Dain Sundstrom. (markt)

4516

</td></tr>

4517

4518

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43470">43470</a>: Fix various class cast exceptions. Based on a patch

4519

by Lucas Galfaso. (markt)

4520

</td></tr>

4521

4522

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43578">43578</a>: Fix startup when installation path contains a space.

4523

Patch provided by Ray Sauers. (markt)

4524

</td></tr>

4525

4526

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43683">43683</a>: Fix 404 that could occur if a Servlet is accessed

4527

while the context is reloading. (markt)

4528

</td></tr>

4529

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td>ExtendedAccessLogValve cs-uri not print empty querystring. (pero)

4530

</td></tr>

4531

4532

ServletContext.getResource("noslash/resource") only requires forward

4533

slash if STRICT_SERVLET_COMPLIANCE flag is set to true. This mimics the

4534

behavior of 6.0.15 and earlier. (fhanik)

4535

</td></tr>

4536

4537

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44021">44021</a>: Add support for using the # character to define

4538

multi-level contexts in WARs and directories in the appBase. (markt)

4539

</td></tr>

4540

4541

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44282">44282</a>: Fix TRACE level class loader logging message when a

4542

security manager is used. (markt)

4543

</td></tr>

4544

4545

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44337">44337</a>: Dir listing crashes if no readme-file present.

(funkman)

</td></tr>

If listener declared in web.xml, only add it once. (funkman)

4550

</td></tr>

4551

4552

Fix NPE when iterating through sessions for expiration. (fhanik/jim)

4553

</td></tr>

4554

4555

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44380">44380</a>: Don't scan non-file URLs for TLDs. Patch provided by

4556

Florent Benoit. (markt)

4557

</td></tr>

4558

4559

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44389">44389</a>: Fix memory leak that occurred if using a

4560

RequestDispatcher. Patch provided by Arto Huusko. (markt)

4561

</td></tr>

4562

4563

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44529">44529</a>: Correct handling of resource constraints so no roles

4564

(deny all) overrides no aoth-constraint (allow all). (markt)

4565

</td></tr>

4566

4567

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44562">44562</a>: HEAD requests cannot use includes. Patch provided by

4568

David Jencks. (markt)

4569

</td></tr>

4570

4571

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44595">44595</a>: Add possibility to request the QueueSize of an

4572

executor via JMX. (jfclere)

4573

</td></tr>

4574

4575

Fix CGI Servlet so it correctly reads the environment variables on

Vista. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44611">44611</a>: DirContextURLConnection didn't implement

4580

getHeaderFields(), getHeaderField(String name) was case sensitive and

4581

returned "" rather than null for header values that did not exist. Patch

4582

provided by Chris Hubick. (markt)

4583

</td></tr>

4584

4585

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44633">44633</a>: Provide a more helpful error message if a class can't

4586

be loaded due to a version error. (rjung/markt)

4587

</td></tr>

4588

4589

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44646">44646</a>: Correct various issues, including an ISE, in

4590

CometConnectionManagerValve. (markt)

4591

</td></tr>

4592

4593

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44673">44673</a>: ServletInputStream is no longer readable once closed.

(markt)

</td></tr>

Better handling of lack of permission for context specific logging.

(markt)

</td></tr>

Add permission required to read JDK logging config. (markt)

4602

</td></tr>

4603

4604

Update web.xml to reflect packaging of SSI and CGI. (markt)

4605

</td></tr>

4606

4607

Add missing access check for ThreadWithAttributes. (markt)

4608

</td></tr>

4609

4610

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44833">44833</a>: Correctly override StandardSession methods from

4611

DeltaSession. (fhanik)

4612

</td></tr>

4613

4614

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44943">44943</a>: Use the same engine name in server.xml comments to

4615

reduce copy and pastes issues. (markt)

4616

</td></tr>

4617

4618

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44988">44988</a>: Use Java5 syntax for debug options. Patch provided

4619

by Cédrik Lime. (markt)

4620

</td></tr>

4621

4622

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45101">45101</a>: Format header dates obtained from

4623

<code>DirContextURLConnection</code> as per the HTTP spec. Patch

4624

provided by Chris Hubick. (markt)

4625

</td></tr>

4626

4627

A new valve, <code>org.apache.catalina.valves.WebdavFixValve</code>,

4628

that forces MS clients connecting to the WebDAV Servlet on port 80 to

4629

use a client that works rather than the default broken one. (markt)

4630

</td></tr>

4631

4632

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45195">45195</a>: Passing in null into setAttribute or removeAttribute

cause NPE. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4637

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/Coyote"></a><a name="Tomcat_6.0.17_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

4638

4639

4640

NIO: Fix bug in NIO sendfile, symptoms during heavy traffic is that

4641

connection don't get closed. For previous versions, one can disable

4642

sendfile to work around the problem. (fhanik)

4643

</td></tr>

4644

4645

APR: Allow to specify the "random device" to use to collect the entropy.

(jfclere)

</td></tr>

Fix NIO/SSL live lock during client disconnect. (fhanik)

4650

</td></tr>

4651

4652

Fix possible ArrayIndexOutOfBoundsException. Patch provided by Charles R

4653

Caldarale. (markt/jim)

4654

</td></tr>

4655

4656

Add support for keystore types that do not need a file. Based on a patch

4657

by Bruno Harbulot. (markt)

4658

</td></tr>

4659

4660

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43094">43094</a>: Allow specification of keystore providers. Based on a

4661

patch by Bruno Harbulot. (markt)

4662

</td></tr>

4663

4664

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43191">43191</a>: Make it possible to override the defaults with the

4665

compressableMimeType attribute. Based on a patch by Len Popp. (markt)

4666

</td></tr>

4667

4668

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44391">44391</a>: Correct handling of escaped values in SSI processing.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44392">44392</a>: HTML entities now handled correctly in SSI processing.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44558">44558</a>: Improve error message so address is included if

4677

binding fails. (markt)

4678

</td></tr>

4679

4680

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44494">44494</a>: Character input limited to 8KB. (remm)

4681

</td></tr>

4682

4683

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44620">44620</a>: Infinite loop in NIO connector. (markt)

4684

</td></tr>

4685

4686

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44785">44785</a>: Correctly document default maxThreads for AJP

connector. (markt)

</td></tr>

Log errors for AJP signoffs at DEBUG level,

4691

since it is harmless if mod_jk has hung up the phone. (billbarker)

4692

</td></tr>

4693

4694

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44968">44968</a>: Provide more information when the load of a keystore

fails. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4699

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/Jasper"></a><a name="Tomcat_6.0.17_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

4700

4701

4702

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=31257">31257</a>: Quote endorsed dirs if they contain a space. (markt)

4703

</td></tr>

4704

4705

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42943">42943</a>: Make sure nested element is inside <jsp:text>

4706

element before throwing exception. (markt)

4707

</td></tr>

4708

4709

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43617">43617</a>: Correctly escape attribute values in tag files.

4710

Based on a patch by Lucas Galfaso. (markt)

4711

</td></tr>

4712

4713

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43656">43656</a>: Fix various numeric coercion bugs. Includes a patch by

4714

Nils Eckert and fixes related issues identified in a test case provided

4715

by Konstantin Kolinko. (markt)

4716

</td></tr>

4717

4718

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43741">43741</a>: Correctly handle dependencies for tag files in JARs.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44408">44408</a>: Reduce synchronisation when evaluating EL expressions.

4723

Patch provided by Robert Andersson. (markt)

4724

</td></tr>

4725

4726

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44428">44428</a>: Fix possible NPE during serialization. (markt)

4727

</td></tr>

4728

4729

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44766">44766</a>: EL doesn't coerce custom Number subclasses. (markt)

4730

</td></tr>

4731

4732

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44877">44877</a>: Prevent collisions on tag pool names. (markt)

4733

</td></tr>

4734

4735

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44986">44986</a>: Make page encoding consistency checks

4736

case-insensitive. (markt)

4737

</td></tr>

4738

4739

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44994">44994</a>: Enable nested conditional expressions in JSP EL. Patch

4740

provided by James Manger. (markt)

4741

</td></tr>

4742

4743

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45015">45015</a>: You can't use an unescaped quote if you quote the

4744

value with that character. (markt/fhanik)

4745

</td></tr>

4746

4747

Add HTML filtering of error messages for included resources in case the

4748

app has tried to include an unsafe URL that does not exist. This is

4749

really an app responsibility but the filtering has been added for XSS

safety. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4754

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/Web applications"></a><a name="Tomcat_6.0.17_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

4755

4756

4757

Update documentation to use correct version number, correct file paths

4758

and to use $CATALINA_BASE rather than $CATALINA_HOME where applicable.

(markt/jim)

</td></tr>

Add a section on available system property configuration options.

(markt)

</td></tr>

Amend the JNDI datasource doc to reflect new value for no limit used by

4767

updated commons-pool and commons-DBCP. (markt)

4768

</td></tr>

4769

4770

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43333">43333</a>: Fix errors in sendfile documentation. (markt)

4771

</td></tr>

4772

4773

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43366">43366</a>: Provide backwards compatibility for manager sessions

command. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44541">44541</a>: Document packetSize attribute for AJP connector.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44715">44715</a>: Document secret attribute for AJP connector. (markt)

4782

</td></tr>

4783

4784

Fix some links in the ROOT application that are broken if ROOT is

renamed. (markt)

</td></tr>

Align the Realm documentation so that both the configuration and the

4789

how-to are consistent. (markt)

4790

</td></tr>

4791

4792

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45277">45277</a>: Fix typo in logging docs. (markt)

4793

</td></tr>

4794

</table>

4795

</blockquote></td></tr></table>

4796

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/Cluster"></a><a name="Tomcat_6.0.17_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

4797

4798

4799

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45212">45212</a>: AbstractReplicatedMap.entrySet() now returns entries

4800

rather than vaules. (markt)

4801

</td></tr>

4802

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45279">45279</a>: Properly close multicast socket.</td></tr>

4803

4804

Fix session replication dead lock during non sticky load balancing.

(fhanik)

</td></tr>

</table>

</blockquote></td></tr></table>

4809

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/Other"></a><a name="Tomcat_6.0.17_(remm)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

4810

4811

4812

Improve the Tests for unit tests for the cookie issues. (jfclere)

4813

</td></tr>

4814

4815

Fix build for JavaDoc. Patch provided by Stephen Bannasch. (markt)

4816

</td></tr>

4817

4818

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44955">44955</a>: Use correct location for endorsed directory in Windows

installer. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4823

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)"></a><a name="Tomcat_6.0.16_(remm)"><strong>Tomcat 6.0.16 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2008-02-08</strong></font></td></tr><tr><td colspan="2"><blockquote>

4824

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)/General"></a><a name="Tomcat_6.0.16_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

4825

4826

4827

Update commons-logging to version 1.1.1 and the NSIS installer to 2.34.

(markt)

</td></tr>

Update to commons-pool version 1.4, native version 1.1.12 and update

4832

the download location for the commons libraries. (markt)

4833

</td></tr>

4834

4835

Change chunked input parsing, always parse CRLF directly after a chunk has been

4836

received, except if data is not available. If data is not available for CRLF

4837

parsing, we run into BZ 11117, and must defer the parsing of CRLF to the next read event.

4838

This fixes the incorrect blocking when using CometProcessor and the draining data during the READ event

4839

where it before would block incorrectly waiting for the next chunk (fhanik)

4840

</td></tr>

4841

4842

The CometProcessor interface now extends the javax.servlet.Servlet interface(fhanik)

4843

</td></tr>

4844

4845

Fix CVE-2007-5342 by limiting permissions granted to JULI. (markt)

4846

</td></tr>

4847

4848

Fix handling of CometEvent.close when called during BEGIN event (fhanik)

4849

</td></tr>

4850

4851

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43594">43594</a>: Use setenv from CATALINA_BASE (if set) in preference

4852

to the one in CATALINA_HOME. Patch provided by Shaddy Baddah.

(markt/jim)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43692">43692</a>: Clean up unused entries from build scripts. Patch

4857

provided by Paul Shemansky. (markt)

4858

</td></tr>

4859

4860

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43775">43775</a>: Don't try to change line endings of binary files in

4861

the source distribution. (markt)

4862

</td></tr>

4863

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43846">43846</a>:

4864

Fix block simulated read and writes causing timeouts.

4865

Add non blocking parsing of HTTP request headers.

4866

Perf improvements(fhanik)

4867

</td></tr>

4868

4869

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43957">43957</a>: Service.bat doesn't configure logging correctly. Patch

4870

provided by Richard Fearn. (markt/jim)

4871

</td></tr>

4872

4873

Cookie handling/parsing changes!

4874

The following behavior has been changed with regards to Tomcat's cookie handling

4875

a) Cookies containing control characters, except 0x09(HT), are rejected using an InvalidArgumentException <br>

4876

b) If cookies are not quoted, they will be quoted if they contain tspecials(ver0), tspecials2(ver1) characters<br>

4877

c) Escape character '\\' is allowed and respected as a escape character, will be unescaped during parsing

4878

</td></tr>

4879

4880

Cookie parsing of $Version regression from 6.0.15 has been fixed

4881

</td></tr>

4882

4883

The script that builds the windows installer was including additional

4884

files due to the way it processes recurrsive file selectors. The

4885

selectors have been modified to only include the intended files. (markt)

4886

</td></tr>

4887

</table>

4888

</blockquote></td></tr></table>

4889

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)/Catalina"></a><a name="Tomcat_6.0.16_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4890

4891

4892

Fix ManagerServlet.expireSessions throws Exceptions as iterate longer

4893

session lists at production servers. (pero)

4894

</td></tr>

4895

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38131">38131</a>: WatchedResource doesn't work if app is outside host appbase webapps.

4896

Patch provided by Peter Lynch (pero)

4897

</td></tr>

4898

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Add -Dorg.apache.catalina.tribes.dns_lookups=false as default. The ability to turn off reverse DNS lookups for membership.(fhanik)</td></tr>

4899

4900

Set correct StandardManager.sessionCounter after reload/restart. (pero)

4901

</td></tr>

4902

4903

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42503">42503</a>: ServletContext.getResourceAsStream() could return

4904

stale data. Patch provided by Arvind Srinivasan. (funkman/jim)

4905

</td></tr>

4906

4907

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43236">43236</a>: When resetting the response, also reset the flags

4908

associated with using a writer or an output stream to allow the user to

4909

change character set after the reset. (markt)

4910

</td></tr>

4911

4912

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43241">43241</a>: Make ServletContext.getResourceAsStream() conform to

4913

the specification. Patch provided by John Kew. (markt)

4914

</td></tr>

4915

4916

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43530">43530</a>: doc link fixes provided by Paul Shemansky (funkman)

4917

</td></tr>

4918

4919

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43675">43675</a>: Fix a possible logging related classloader leak.

4920

(markt)

4921

</td></tr>

4922

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43687">43687</a>: Remove conditional headers on Form Auth replay,

4923

since the UA (esp. FireFox) isn't expecting it.

4924

</td></tr>

4925

4926

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43706">43706</a>: WebDAV copy/move now returns 201 on success. Based on

4927

a patch by Panagiotis Astithas. (markt)

4928

</td></tr>

4929

4930

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43840">43840</a>: Include user principal if possible when serializing /

4931

de-serializing sessions. (markt)

4932

</td></tr>

4933

4934

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43868">43868</a>: MBean methods getInvoke and getSetter were broken.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43887">43887</a>: Make error messages much more helpful when illegal

4939

Servlet names are used. Based on a patch provided by Mike Baranczak.

(markt)

</td></tr>

Fix a bug that causes CGI Servlet to fail when it is included. (markt)

4944

</td></tr>

4945

4946

Improve the webDAV Servlet Javadocs to make clear that the WebDAV

4947

Servlet can not be used as the default servlet. (markt)

4948

</td></tr>

4949

4950

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43993">43993</a>: mime mapping for WS-Policy. Patch by Fabian Ritzmann (funkman)

4951

</td></tr>

4952

4953

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44041">44041</a>: Fix duplicate class definition under load. (markt)

4954

</td></tr>

4955

4956

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44084">44084</a>: JASSRealm was broken for application provided

4957

Principals. Patch provided by Noah Levitt. (markt)

4958

</td></tr>

4959

4960

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44223">44223</a>: Use the javax.net.ssl.trustStoreType setting if no

4961

explicit connector configuration is provided and the property is set.

(markt/jim)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44268">44268</a>: Log a warning if a duplicate listener configuration is

ignored. (markt/jim)

</td></tr>

</table>

</blockquote></td></tr></table>

4970

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)/Coyote"></a><a name="Tomcat_6.0.16_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

4971

4972

4973

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43622">43622</a>: Don't overwrite the min compression size set by the

4974

compression attribute with the default. (markt/jim)

4975

</td></tr>

4976

4977

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43839">43839</a>: URL based session tracking failed when a session

4978

cookie from a parent context was present. Based on a patch by Yuan

Qingyun. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43914">43914</a>: URLs in location headers should be encoded. Patch

4983

provided by Ivan Todoroski. (markt)

4984

</td></tr>

4985

</table>

4986

</blockquote></td></tr></table>

4987

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)/Jasper"></a><a name="Tomcat_6.0.16_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

4988

4989

4990

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43285">43285</a>: Missing EL Coercion causes argument type mismatch.

4991

Patch provided by Bernhard Huemer. (funkman/jim)

4992

</td></tr>

4993

4994

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43675">43675</a>: Fix a possible logging related classloader leak.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43702">43702</a>: Inner class files have unnecessarily long names.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43743">43743</a>: Fix NPE when compiling nest tag files packaged in a

JAR. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43757">43757</a>: Rather than use string matching to work out the line

5007

in the JSP with the error, use the SMAP info and the knowledge that for

5008

a scriptlet there is a one to one line mapping. (markt/jim)

5009

</td></tr>

5010

5011

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43758">43758</a>: Fix NPE when scripting elements are empty. (markt)

5012

</td></tr>

5013

5014

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43909">43909</a>: Make sure locale maps to wrapped ELContext. Patch

5015

provided by Tuomas Kiviaho. (markt)

5016

</td></tr>

5017

5018

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43944">43944</a>: Fix a missing resource exception. (markt)

5019

</td></tr>

5020

5021

Improve docs for Jasper configuration. Put options in alphabetcial

5022

order, add some missing options, deprecate an unused one and address

5023

feedback about the page provided on the users list.

5024

</td></tr>

5025

</table>

5026

</blockquote></td></tr></table>

5027

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)/Web applications"></a><a name="Tomcat_6.0.16_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5028

5029

5030

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43173">43173</a>: Fix typo in logging documentation regarding location

5031

of logging.properties. (markt)

5032

</td></tr>

5033

5034

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43344">43344</a>: Fix typo in if.jsp example. Patch provided by Tim

Nowaczyk. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43468">43468</a>: Fix possible NPE when listing contexts in the Manager

application. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43515">43515</a>: Fix bug in Manager application that may have caused

5043

problems when listing contexts. Patch provided by Lucas Galfaso. (markt)

5044

</td></tr>

5045

5046

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43611">43611</a>: Provide an error message if user tries to upload a war

5047

for a context defined in server.xml rather than failing silently.

(markt/jim)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43800">43800</a>: Make relationship between APR and the native connector

clearer. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44088">44088</a>: Fix expire session button in manager. (markt)

5056

</td></tr>

5057

5058

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44094">44094</a>: Add a note about the side effects of configuring a

5059

context as privileged. (markt)

5060

</td></tr>

5061

5062

Update JNDI documentation to refer to configuring contexts via

5063

context.xml rather than server.xml. (markt/jim)

5064

</td></tr>

5065

</table>

5066

</blockquote></td></tr></table>

5067

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)/Cluster"></a><a name="Tomcat_6.0.16_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5068

5069

5070

Fix FarmWarDeployer can be only configured as host subelement (pero)

5071

</td></tr>

5072

5073

Fix wrong && at ReplicationValve (pero)

5074

</td></tr>

5075

5076

Add get/set methods for properties in the Tcp Failure detector.

(fhanik/jim)

</td></tr>

</table>

</blockquote></td></tr></table>

5081

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)"></a><a name="Tomcat_6.0.15_(remm)"><strong>Tomcat 6.0.15 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

5082

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/General"></a><a name="Tomcat_6.0.15_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5083

5084

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Fix the MD5 file contents in distribution</td></tr>

5085

5086

Add ANT script to be able to publish signed Tomcat JAR's to ASF Maven repo (fhanik)

5087

</td></tr>

5088

5089

Use Eclipse JDT 3.3.1. (pero)

5090

</td></tr>

5091

</table>

5092

</blockquote></td></tr></table>

5093

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/Catalina"></a><a name="Tomcat_6.0.15_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5094

5095

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Guess java location from the PATH environment and improve fix for 37284</td></tr>

5096

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Add NIO connector to server.xml parsing warning, remove Connector as exception case</td></tr>

5097

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43653">43653</a>: Fix SSL buffer mixup when response is unable to write more than socket buffer can handle</td></tr>

5098

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43643">43643</a>: If connector doesn't support external executor, display warning</td></tr>

5099

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43641">43641</a>: Property bind multicast address for cluster membership</td></tr>

5100

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42693">42693</a>: Fix JSP compiler bug</td></tr>

5101

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Add mbean descriptor for virtual webapp loader</td></tr>

5102

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43487">43487</a>:

5103

Fix request processing stats

5104

</td></tr>

5105

5106

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43435">43435</a>: Don't iterate and relocate sessions if they are not part of the map.

5107

</td></tr>

5108

5109

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43356">43356</a>: Keystore parameter is relative to CATALINA_BASE,

5110

Truststore is either defined as parameter, javax.net.ssl.trustStore or if empty

5111

defaults to the keystore.

5112

SSL Client cert authentication changed from boolean to "true|false|want" (fhanik)

5113

</td></tr>

5114

5115

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=30949">30949</a>: Improve previous fix. Ensure requests are re-cycled

5116

on cross-context includes and forwards when an exception occurs in the

target page. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42944">42944</a>: Correctly handle servlet mappings that use a '+'

5121

character as part of the url pattern. (markt)

5122

</td></tr>

5123

5124

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42951">42951</a>: Don't use CATALINA_OPTS when stopping Tomcat. This

5125

allows options for starting and stopping to be set on JAVA_OPTS and

5126

options for starting only to be set on CATALINA_OPTS. Without this

5127

fix, some startup options (eg the port for remote JMX) would cause

5128

stop to fail. Based on a fix suggested by Michael Vorburger.

5129

Port of r454193 (<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=36976">36976</a>) from Tomcat 5.5.x. (markt,rjung)

5130

</td></tr>

5131

5132

Validation of attributes and elements used in server.xml. (remm)

5133

</td></tr>

5134

5135

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43175">43175</a>: Fix typos in servlet XSD files. Patch provided by

5136

Takayuki Kaneko. (markt)

5137

</td></tr>

5138

5139

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43216">43216</a>: Set correct StandardSession#accessCount as StandardSession.ACTIVITY_CHECK is true.

5140

Patch provided by Takayuki Kaneko (pero)

5141

</td></tr>

5142

5143

Made session createTime accessible for all SessionManager via JMX (pero)

5144

</td></tr>

5145

5146

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43129">43129</a>: Support logging of all response header values at AccessLogValve (ex. add %{Set-Cookie}o to your pattern). (pero)

5147

</td></tr>

5148

5149

Support logging of all response header values at ExtendedAccessLogValve (ex. add x-O(Set-Cookie) to your pattern). (pero)

5150

</td></tr>

5151

5152

Support logging of current thread name at AccessLogValve (ex. add %I to your pattern).

5153

Usefull to compare access logging entry later with a stacktraces. (pero)

5154

</td></tr>

5155

5156

Improve large-file support (more then 4 Gb) at all AccessLogValves, backport from 5.5.25. (pero)

5157

</td></tr>

5158

5159

Optimized JDBCAccessLogValve combined pattern request attribute access. (pero)

5160

</td></tr>

5161

5162

o.a.juli.ClassLoaderLogManager handle more then one system property replacement at file logging.properties. (pero)

5163

</td></tr>

5164

5165

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43338">43338</a>: Support '*' servlet-name mapping at filter-mapping.

5166

Patch provided by Keiichi Fujino. (pero)

5167

</td></tr>

5168

5169

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41797">41797</a>: CNFE/NPE thrown from function mapper when externalizing

5170

Patch by Tuomas Kiviaho- tuomas.kiviahos at ikis fi (funkman)

5171

</td></tr>

5172

5173

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43453">43453</a>: ClassCastException at

5174

org.apache.catalina.core.StandardContext.findStatusPage(int)

(funkman)

</td></tr>

Fix important vulnerability when webdav is enabled for write. (markt)

5179

</td></tr>

5180

5181

Call stopAwait in StandardServer.stop if port == -1. (pero)

5182

</td></tr>

5183

5184

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43668">43668</a>: Fix NPE when the outer most wrapper is a ServletRequest/ResponseWrapper, but not a HttpServletRequest/ResponseWrapper on a Forward. (billbarker)

5185

</td></tr>

5186

</table>

5187

</blockquote></td></tr></table>

5188

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/Coyote"></a><a name="Tomcat_6.0.15_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5189

5190

5191

Harmonize with HTTP java.io code. Otherwise the socket is not closed.

5192

</td></tr>

5193

5194

In the APR connector, start accepting connections after fully starting

5195

the connector, to prevent possible exceptions due to non initialized fields. (remm)

5196

</td></tr>

5197

5198

Cookie parser refactoring, submitted by John Kew. (remm)

5199

</td></tr>

5200

5201

Make cookie escaping / unescaping consistent. (markt)

5202

</td></tr>

5203

5204

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43479">43479</a>: Memory leak cleaning up sendfile connections, submitted by Chris Elving. (remm)

5205

</td></tr>

5206

5207

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42925">42925</a>: Add maintain for sendfile. (remm)

5208

</td></tr>

5209

5210

Fix explicit flush before response commit in the org.apache.jk AJP connector. (pero)

5211

</td></tr>

5212

5213

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43621">43621</a>: Fix possible Dos condition when using the experimental NIO/AJP Connector (billbarker)

5214

</td></tr>

5215

</table>

5216

</blockquote></td></tr></table>

5217

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/Jasper"></a><a name="Tomcat_6.0.15_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5218

5219

5220

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37326">37326</a>: No error reported when an included page does not

exist. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5225

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/Web applications"></a><a name="Tomcat_6.0.15_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5226

5227

5228

Fix WebDAV Servlet so it works correctly with MS clients. (markt)

5229

</td></tr>

5230

5231

Fix CVE-2007-5461, an important information disclosure vulnerability in

5232

the WebDAV Servlet. Based on a patch by Marc Schoenefeld. (markt)

5233

</td></tr>

5234

5235

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42979">42979</a>: Update sample.war to include recent security fixes

5236

in the source code. (markt)

5237

</td></tr>

5238

5239

Minor connector doc fix. (jfclere)

5240

</td></tr>

5241

</table>

5242

</blockquote></td></tr></table>

5243

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/Cluster"></a><a name="Tomcat_6.0.15_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5244

5245

5246

Set correct BioReceiver transfer buffer size. (pero)

5247

</td></tr>

5248

</table>

5249

</blockquote></td></tr></table>

5250

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/Other"></a><a name="Tomcat_6.0.15_(remm)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

5251

5252

5253

Tests for unit tests for the cookie issues. (jfclere)

5254

</td></tr>

5255

</table>

5256

</blockquote></td></tr></table>

5257

5258

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.14 (remm)"></a><a name="Tomcat_6.0.14_(remm)"><strong>Tomcat 6.0.14 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2007-08-13</strong></font></td></tr><tr><td colspan="2"><blockquote>

5259

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.14 (remm)/General"></a><a name="Tomcat_6.0.14_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5260

5261

5262

Correct j.u.l log levels in JULI docs. (rjung)

5263

</td></tr>

5264

</table>

5265

</blockquote></td></tr></table>

5266

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.14 (remm)/Catalina"></a><a name="Tomcat_6.0.14_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5267

5268

5269

Handle special case of ROOT when re-loading webapp after ROOT.xml has

5270

been modified. In some circumstances the reloaded ROOT webapp had no

5271

associated resources. (markt)

5272

</td></tr>

5273

5274

Remove invalid attribute "encoding" of MBean MemoryUserDatabase,

5275

which lead to errors in the manager webapp JMXProxy output. (rjung)

5276

</td></tr>

5277

5278

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=33774">33774</a>: Retry JNDI authentiction on ServiceUnavailableException

5279

as at least one provider throws this after an idle connection has been

closed. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39875">39875</a>: Fix BPE in RealmBase.init(). Port of yoavs's fix from

Tomcat 5. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41722">41722</a>: Make the role-link element optional (as required by

5288

the spec) when using a security-role-ref element. (markt)

5289

</td></tr>

5290

5291

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42361">42361</a>: Handle multi-part forms when saving requests during

5292

FORM authentication process. Patch provided by Peter Runge. (markt)

5293

</td></tr>

5294

5295

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42401">42401</a>: Update RUNNING.txt with better JRE/JDK information.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42444">42444</a>: prevent NPE for AccessLogValve

5300

Patch provided by Nils Hammar (funkman)

5301

</td></tr>

5302

5303

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42449">42449</a>:

5304

JNDIRealm does not catch NullPointerException for Sun's

5305

LDAP provider (See bug for details) (funkman)

5306

</td></tr>

5307

5308

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42497">42497</a>: Ensure ETag header is present in a 304 response.

5309

Patch provided by Len Popp. (markt)

5310

</td></tr>

5311

5312

Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host

5313

Manager. Reported by Daiki Fukumori. (markt)

5314

</td></tr>

5315

5316

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42547">42547</a>: Fix NPE when a ResourceLink in context.xml tries to

5317

override an env-entry in web.xml. (markt)

5318

</td></tr>

5319

5320

Avoid some casting in ErrorReportValve (remm)

5321

</td></tr>

5322

5323

Fix persistence API annotation, submitted by Bill Burke (remm)

5324

</td></tr>

5325

5326

In Comet mode, if bytes are not read, send an error event (otherwise,

5327

fields referring to the connection could remain) (remm)

5328

</td></tr>

5329

5330

Fix Comet when running Tomcat with the security manager (remm)

5331

</td></tr>

5332

</table>

5333

</blockquote></td></tr></table>

5334

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.14 (remm)/Jasper"></a><a name="Tomcat_6.0.14_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5335

5336

5337

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39425">39425</a>: Add additional system property permission to

5338

catalina.policy for pre-compiled JSPs. (markt)

5339

</td></tr>

5340

5341

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42438">42438</a>: Duplicate temporary variables were created when

5342

jsp:attribute was used in conjunction with custom tags. Patch provided

5343

by Brian Lenz. (markt)

5344

</td></tr>

5345

5346

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42643">42643</a>: Prevent creation of duplicate JSP function mapper

variables. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5351

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.14 (remm)/Coyote"></a><a name="Tomcat_6.0.14_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5352

5353

5354

Separate sequence increment from getter in ThreadPool to avoid

5355

misleading increments during monitoring via JMX. (rjung)

5356

</td></tr>

5357

5358

Add back missing socketBuffer attribute in the java.io HTTP connector (remm)

5359

</td></tr>

5360

</table>

5361

</blockquote></td></tr></table>

5362

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.14 (remm)/Web applications"></a><a name="Tomcat_6.0.14_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5363

5364

5365

Don't write error on System.out, use log() instead. (rjung)

5366

</td></tr>

5367

5368

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39813">39813</a>: Correct handling of new line characters in JMX

5369

attributes. Patch provided by R Bramley. Ported from tc5.5.x r415029. (markt,rjung)

5370

</td></tr>

5371

5372

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42459">42459</a>: Fix Tomcat Web Application Manager table error. (rjung)

5373

</td></tr>

5374

5375

Fix XSS security vulnerabilities (CVE-2007-2449) in the examples.

5376

Reported by Toshiharu Sugiyama. (markt)

5377

</td></tr>

5378

</table>

5379

</blockquote></td></tr></table>

5380

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.13 (remm)"></a><a name="Tomcat_6.0.13_(remm)"><strong>Tomcat 6.0.13 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2007-05-15</strong></font></td></tr><tr><td colspan="2"><blockquote>

5381

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.13 (remm)/Catalina"></a><a name="Tomcat_6.0.13_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5382

5383

5384

More accurate available() method. (remm)

5385

</td></tr>

5386

5387

Add recycle check in the event object, since it is a facade like the others. (remm)

5388

</td></tr>

5389

5390

When processing a read event, enforce that the servlet consumes all available bytes. (remm)

5391

</td></tr>

5392

5393

Add a flag in ContainerBase which could be used in embedded scenarios to avoid a double start

5394

of contexts (this problem generally occurs when adding contexts to a started host). (remm)

5395

</td></tr>

5396

5397

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42309">42309</a>: Ability to create a connector using a custom protocol specification for embedded.

(fhanik)

</td></tr>

Add SSL engine flag to AprLifecycleListener. (fhanik)

5402

</td></tr>

5403

5404

Improve event processing, so that an END event is generated when encountering EOF, and an

5405

ERROR is always generated on client disconnects. (remm)

5406

</td></tr>

5407

5408

Add declarations for the new XSD files. (remm)

5409

</td></tr>

5410

</table>

5411

</blockquote></td></tr></table>

5412

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.13 (remm)/Coyote"></a><a name="Tomcat_6.0.13_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5413

5414

5415

Add heartbeatBackgroundEnabled flag to SimpleTcpCluster.

5416

Enable this flag don't forget to disable the channel heartbeat thread (pero)

5417

</td></tr>

5418

5419

Possible memory leak when using comet, caused by adding the socket to the poller before

5420

cleaning up the connection tracking structure. (remm)

5421

</td></tr>

5422

5423

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42308">42308</a>: nextRequest recycles the request, which caused issues with statistics. (remm)

5424

</td></tr>

5425

5426

Fix non recycled comet flag in the APR connector. (remm)

5427

</td></tr>

5428

</table>

5429

</blockquote></td></tr></table>

5430

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.13 (remm)/Cluster"></a><a name="Tomcat_6.0.13_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5431

5432

5433

Add heartbeatBackgroundEnabled flag to SimpleTcpCluster.

5434

Enable this flag don't forget to disable the channel heartbeat thread (pero)

5435

</td></tr>

5436

5437

Method name cleanup. (fhanik)

5438

</td></tr>

5439

</table>

5440

</blockquote></td></tr></table>

5441

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.13 (remm)/Web applications"></a><a name="Tomcat_6.0.13_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5442

5443

5444

Some examples webapp fixes. Submitted by Frank McCown. (remm)

5445

</td></tr>

5446

</table>

5447

</blockquote></td></tr></table>

5448

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)"></a><a name="Tomcat_6.0.12_(remm)"><strong>Tomcat 6.0.12 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

5449

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)/General"></a><a name="Tomcat_6.0.12_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5450

5451

5452

License source headers. Submitted by Niall Pemberton. (remm)

5453

</td></tr>

5454

</table>

5455

</blockquote></td></tr></table>

5456

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)/Catalina"></a><a name="Tomcat_6.0.12_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5457

5458

5459

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42039">42039</a>: Log a stack trace if a servlet throws an

5460

UnavailableException. Patch provided by Kawasima Kazuh. (markt)

5461

</td></tr>

5462

5463

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41990">41990</a>: Add some additional mime-type mappings. (markt)

5464

</td></tr>

5465

5466

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41655">41655</a>: Fix message translations. Japanese translations

5467

provided by Suzuki Yuichiro. (markt)

5468

</td></tr>

5469

5470

Add enabled attribute to AccessLogValve (pero)

5471

</td></tr>

5472

5473

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42085">42085</a>: Avoid adding handlers for the root logger twice when they are explicitly

specified. (remm)

</td></tr>

Reduce thread local manipulation in the request dispatcher. Submitted by

5478

Arvind Srinivasan. (remm)

5479

</td></tr>

5480

5481

Avoid keeping references to loggers tied to the webapp classloaders after a reload in

5482

a couple more places. (remm)

5483

</td></tr>

5484

5485

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42202">42202</a>: Fix container parsing of TLDs in webapps when Tomcat is installed in

5486

a URL encodable path. (remm)

5487

</td></tr>

5488

</table>

5489

</blockquote></td></tr></table>

5490

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)/Coyote"></a><a name="Tomcat_6.0.12_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5491

5492

5493

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42119">42119</a>: Fix return value for request.getCharacterEncoding() when

5494

Content-Type headers contain parameters other than charset. Patch by

5495

Leigh L Klotz Jr. (markt)

5496

</td></tr>

5497

5498

Move away from using a thread local processor for the APR and java.io

5499

connectors, as this does not work well when using an executor. (remm)

5500

</td></tr>

5501

5502

Remove Comet timeout hack in the APR connector. Comet connections will now

5503

use the regular timeout or the keepalive timeout if specified. (remm)

5504

</td></tr>

5505

</table>

5506

</blockquote></td></tr></table>

5507

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)/Web applications"></a><a name="Tomcat_6.0.12_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5508

5509

5510

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42025">42025</a>: Update valve documentation to refer to correct regular

5511

expression implementation. (markt)

5512

</td></tr>

5513

5514

Fix various paths in the manager webapps (remm)

5515

</td></tr>

5516

5517

Session viewer and editor for the HTML manager. Submitted by Cédrik Lime. (remm)

5518

</td></tr>

5519

5520

Session handling tools for the manager. Submitted by Rainer Jung. (remm)

5521

</td></tr>

5522

</table>

5523

</blockquote></td></tr></table>

5524

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)/Jasper"></a><a name="Tomcat_6.0.12_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5525

5526

5527

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41869">41869</a>: TagData.getAttribute() should return

5528

TagData.REQUEST_TIME_VALUE when the attribute value is an EL expression.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42071">42071</a>: Fix IllegalStateException on multiple requests to

5533

an unavailable JSP. Patch provided by Kawasima Kazuh. (markt)

5534

</td></tr>

5535

5536

After a JSP throws an UnavailableException allow it to be accessed once

5537

the unavailable period has expired. (markt)

5538

</td></tr>

5539

</table>

5540

</blockquote></td></tr></table>

5541

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)/Cluster"></a><a name="Tomcat_6.0.12_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5542

5543

5544

Add toString method to better logging session replication message at tribes MESSAGES (pero)

5545

</td></tr>

5546

</table>

5547

</blockquote></td></tr></table>

5548

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.11 (remm)"></a><a name="Tomcat_6.0.11_(remm)"><strong>Tomcat 6.0.11 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

5549

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.11 (remm)/General"></a><a name="Tomcat_6.0.11_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5550

5551

5552

Update DBCP to 1.2.2, pool to 1.3, JDT to 3.2.2 and remove collections

5553

build dependency (pero, remm)

5554

</td></tr>

5555

</table>

5556

</blockquote></td></tr></table>

5557

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.11 (remm)/Catalina"></a><a name="Tomcat_6.0.11_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5558

5559

5560

Don't log pattern subtoken at ExtendedAccesLogValve (pero)

5561

</td></tr>

5562

5563

Add some missing JMX attributes for new AccessLogValve (pero)

5564

</td></tr>

5565

5566

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41786">41786</a>: Incorrect reference to catalina_home in catalina.sh/bat Patch provided by Mike Hanafey (fhanik)

5567

</td></tr>

5568

5569

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41703">41703</a>: SingleSignOnMessage invalid setter, patch provided by Nils Hammar (fhanik)

5570

</td></tr>

5571

5572

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41682">41682</a>: ClassCastException when logging is turned on (fhanik)

5573

</td></tr>

5574

5575

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41530">41530</a>: Don't log error messages when connector is stopped (fhanik)

5576

</td></tr>

5577

5578

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41166">41166</a>: Invalid handling when using replicated context (fhanik)

5579

</td></tr>

5580

5581

Added SENDFILE support for the NIO connector. (fhanik) <br>

5582

</td></tr>

5583

5584

Added support for shared thread pools by adding in the <Executor>

5585

element as a nested element to the <Service> element. (fhanik)

5586

</td></tr>

5587

5588

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41666">41666</a>: Correct handling of boundary conditions for

5589

If-Unmodified-Since and If-Modified-Since headers. Patch provided by

5590

Suzuki Yuichiro. (markt)

5591

</td></tr>

5592

5593

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41739">41739</a>: Correct handling of servlets with a load-on-startup

5594

value of zero. These are now the first servlets to be started. (markt)

5595

</td></tr>

5596

5597

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41747">41747</a>: Correct example ant script for deploy task. (markt)

5598

</td></tr>

5599

5600

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41752">41752</a>: Correct error message on exception in MemoryRealm.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39883">39883</a>: Add documentation warning about using antiResourceLocking

5605

on a webapp outside the Host's appBase. (yoavs)

5606

</td></tr>

5607

5608

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40150">40150</a>: Ensure user and roll classnames are validated on startup. Patch by

Tom. (yoavs)

</td></tr>

Refactor extend access log valve using the optimized access log valve. Submitted by

5613

Takayuki Kaneko. (remm)

5614

</td></tr>

5615

5616

Possible deadlock in classloading when defining packages. (remm)

5617

</td></tr>

5618

5619

Remove excessive syncing from listener support. (remm)

5620

</td></tr>

5621

5622

Web services support. The actual factory implementations are implemented in the

5623

extras. Submitted by Fabien Carrion. (remm)

5624

</td></tr>

5625

5626

Add logging to display APR capabilities on the platform. (remm)

5627

</td></tr>

5628

5629

Expose executors in JMX. (remm)

5630

</td></tr>

5631

5632

CRLF inside a URL pattern is always invalid. (remm)

5633

</td></tr>

5634

5635

Tweak startup time display. (remm)

5636

</td></tr>

5637

5638

Adjustments to handling exceptions with Comet. (remm)

5639

</td></tr>

5640

5641

If the event is closed asynchronously, generate an end event for cleanup on the

next event. (remm)

</td></tr>

Cleanup hello webapp from the docs and fix a XSS issue in the JSP. (remm)

5646

</td></tr>

5647

5648

Examples webapp cleanup. Submitted by Takayuki Kaneko and Markus Schönhaber. (remm)

5649

</td></tr>

5650

5651

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41289">41289</a>: Create configBase, since it is no longer created elsewhere.

5652

Submitted by Shiva Kumar H R. (remm)

5653

</td></tr>

5654

</table>

5655

</blockquote></td></tr></table>

5656

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.11 (remm)/Coyote"></a><a name="Tomcat_6.0.11_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5657

5658

5659

Fixed NIO memory leak caused by the NioChannel cache not working properly.

5660

</td></tr>

5661

5662

Added flag to enable/disable the usage of the pollers selector instead of a Selector pool

5663

when the serviet is reading/writing from the input/output streams

5664

The flag is <code>-Dorg.apache.tomcat.util.net.NioSelectorShared=true</code>

5665

</td></tr>

5666

5667

Requests with multiple content-length headers are now rejected. (markt)

5668

</td></tr>

5669

5670

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41675">41675</a>: Add a couple of DEBUG-level logging statements to Http11Processors

5671

when sending error responses. Patch by Ralf Hauser. (yoavs)

5672

</td></tr>

5673

5674

Reuse digester used by the modeler. (remm)

5675

</td></tr>

5676

5677

When the platform does not support deferred accept, put accepted sockets in the

poller. (remm)

</td></tr>

Fix problem with blocking reads for keepalive when using an executor (the number

5682

of busy threads is always 0). (remm)

5683

</td></tr>

5684

5685

The poller now has good performance, so remove firstReadTimeout. (remm)

5686

</td></tr>

5687

5688

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42119">42119</a>: Fix return value for request.getCharacterEncoding() when

5689

Content-Type headers contain parameters other than charset. Patch by

5690

Leigh L Klotz Jr. (markt)

5691

</td></tr>

5692

</table>

5693

</blockquote></td></tr></table>

5694

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.11 (remm)/Web applications"></a><a name="Tomcat_6.0.11_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5695

5696

5697

Fix previous update to servlet 2.5 xsd to use correct declaration.

(markt)

</td></tr>

Update host configuration document for new behaviour for directories

in appBase. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39540">39540</a>: Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)

5706

</td></tr>

5707

</table>

5708

</blockquote></td></tr></table>

5709

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.11 (remm)/Jasper"></a><a name="Tomcat_6.0.11_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5710

5711

5712

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41227">41227</a>: Add a bit of DEBUG-level logging to JspC so users know

5713

which file is being compiled. (yoavs)

5714

</td></tr>

5715

5716

Remove some dead utility code, and refactor stream capture as part of the Ant compiler. (remm)

5717

</td></tr>

5718

5719

Support the trim directive of JSP 2.1 as an equivalent of Jasper's own parameter. (remm)

5720

</td></tr>

5721

5722

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41790">41790</a>: Close file stream used to read the Java source. (remm)

5723

</td></tr>

5724

5725

Fix reporting of errors which do not correspond to a portion of the JSP source. (remm)

5726

</td></tr>

5727

5728

Remove try/catch usage for annotation processing in classic tags. The usage

5729

of the log method might have been questionable as well. (remm)

5730

</td></tr>

5731

5732

Cleanup of the message that is displayed for compilation errors. (remm)

5733

</td></tr>

5734

5735

Skip BOM when reading a JSP file. (remm)

5736

</td></tr>

5737

</table>

5738

</blockquote></td></tr></table>

5739

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.10 (remm)"></a><a name="Tomcat_6.0.10_(remm)"><strong>Tomcat 6.0.10 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2007-02-28</strong></font></td></tr><tr><td colspan="2"><blockquote>

5740

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.10 (remm)/Catalina"></a><a name="Tomcat_6.0.10_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5741

5742

5743

Unify usage of security manager flag, submitted by Arvind Srinivasan. (remm)

5744

</td></tr>

5745

5746

Fix formatting of CGI variable SCRIPT_NAME. (markt)

5747

</td></tr>

5748

5749

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41521">41521</a>: Support * for servlet-name, submitted by Paul McMahan. (remm)

5750

</td></tr>

5751

5752

Cache getServletContext value, submitted by Arvind Srinivasan. (remm)

5753

</td></tr>

5754

5755

Add options for handling special URL characters in paths, and disallow '\' and encoded '/'

5756

due to possible differences in behavior between Tomcat and a front end webserver. (remm)

5757

</td></tr>

5758

5759

Fix bad comparison for FORM processing, submitted by Anil Saldhana. (remm)

5760

</td></tr>

5761

5762

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41608">41608</a>: Make log levels consistent when Servlet.service()

5763

throws an exception. (markt)

5764

</td></tr>

5765

</table>

5766

</blockquote></td></tr></table>

5767

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.10 (remm)/Coyote"></a><a name="Tomcat_6.0.10_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5768

5769

5770

Reduce usage of MessageBytes.getLength(), submitted by Arvind Srinivasan. (remm)

5771

</td></tr>

5772

</table>

5773

</blockquote></td></tr></table>

5774

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.10 (remm)/Jasper"></a><a name="Tomcat_6.0.10_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5775

5776

5777

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41558">41558</a>: Don't call synced method on every request, submitted by Arvind Srinivasan. (remm)

5778

</td></tr>

5779

5780

Switch to a thread local page context pool. (remm)

5781

</td></tr>

5782

</table>

5783

</blockquote></td></tr></table>

5784

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.9 (remm)"></a><a name="Tomcat_6.0.9_(remm)"><strong>Tomcat 6.0.9 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>beta, 2007-02-08</strong></font></td></tr><tr><td colspan="2"><blockquote>

5785

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.9 (remm)/General"></a><a name="Tomcat_6.0.9_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5786

5787

5788

Use 2.5 xsd in Tomcat webapps. (markt)

5789

</td></tr>

5790

5791

Compression filter improvements, submitted by Eric Hedström. (markt)

5792

</td></tr>

5793

</table>

5794

</blockquote></td></tr></table>

5795

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.9 (remm)/Catalina"></a><a name="Tomcat_6.0.9_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5796

5797

5798

Properly return connector names. (remm)

5799

</td></tr>

5800

5801

Remove logging of the XML validation flag. (remm)

5802

</td></tr>

5803

5804

Correct error messages for context.xml. (markt)

5805

</td></tr>

5806

5807

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41217">41217</a>: Set secure flag correctly on SSO cookie, submitted by

5808

Chris Halstead. (markt)

5809

</td></tr>

5810

5811

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40524">40524</a>: request.getAuthType() now returns CLIENT_CERT rather

5812

than CLIENT-CERT. (markt)

5813

</td></tr>

5814

5815

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40526">40526</a>: Return support for JPDA_OPTS to catalina.bat and add

5816

a new option JPDA_SUSPEND, submitted by by Kurt Roy. (markt)

5817

</td></tr>

5818

5819

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41265">41265</a>: In embedded, remove the code that resets checkInterval

5820

values of zero to 300. (markt)

5821

</td></tr>

5822

</table>

5823

</blockquote></td></tr></table>

5824

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.9 (remm)/Coyote"></a><a name="Tomcat_6.0.9_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5825

5826

5827

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37869">37869</a>: Fix getting client certificate, submitted by Christophe Pierret. (remm)

5828

</td></tr>

5829

5830

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40960">40960</a>: Throw a timeout exception when getting a timeout rather than a

5831

generic IOE, submitted by Christophe Pierret. (remm)

5832

</td></tr>

5833

</table>

5834

</blockquote></td></tr></table>

5835

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.9 (remm)/Jasper"></a><a name="Tomcat_6.0.9_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5836

5837

5838

EL validation fixes for attributes. (remm)

5839

</td></tr>

5840

5841

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41327">41327</a>: Show full URI for a 404. (markt)

5842

</td></tr>

5843

5844

JspException now uses getCause() as the result for getRootCause(). (markt)

5845

</td></tr>

5846

</table>

5847

</blockquote></td></tr></table>

5848

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.9 (remm)/Cluster"></a><a name="Tomcat_6.0.9_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5849

5850

5851

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41466">41466</a>: When using the NioChannel and SecureNioChannel its

5852

important to use the channels buffers. (fhanik)

5853

</td></tr>

5854

</table>

5855

</blockquote></td></tr></table>

5856

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.8 (remm)"></a><a name="Tomcat_6.0.8_(remm)"><strong>Tomcat 6.0.8 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>alpha</strong></font></td></tr><tr><td colspan="2"><blockquote>

5857

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.8 (remm)/Catalina"></a><a name="Tomcat_6.0.8_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5858

5859

5860

Make provided instances of RequestDispatcher thread safe. (markt)

5861

</td></tr>

5862

5863

Optional development oriented loader implementation. (funkman)

5864

</td></tr>

5865

5866

Optimized access log valve, submitted by Takayuki Kaneko. (remm)

5867

</td></tr>

5868

5869

Fix error messages when parsing context.xml that incorrectly referred to

web.xml. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41217">41217</a>: Set secure attribute on SSO cookie when cookie is

5874

created during a secure request. Patch provided by Chris Halstead.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40524">40524</a>: HttpServletRequest.getAuthType() now returns

5879

CLIENT_CERT rather than CLIENT-CERT for certificate authentication

5880

as per the spec. Note that web.xml continues to use CLIENT-CERT to

5881

specify the certificate authentication should be used. (markt)

5882

</td></tr>

5883

5884

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41401">41401</a>: Add support for JPDA_OPTS to catalina.bat and add a

5885

JPDA_SUSPEND environment variable to both startup scripts. Patch

5886

provided by Kurt Roy. (markt)

5887

</td></tr>

5888

</table>

5889

</blockquote></td></tr></table>

5890

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.8 (remm)/Coyote"></a><a name="Tomcat_6.0.8_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5891

5892

5893

Use the tomcat-native-1.1.10 as recommended version.

5894

OpenSSL detection on some platforms was broken 1.1.8 will continue to work,

5895

although on some platforms there can be JVM crash if IPV6 is enabled and

5896

platform doesn't support IPV4 mapped addresses on IPV6 sockets.

5897

</td></tr>

5898

</table>

5899

</blockquote></td></tr></table>

5900

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.8 (remm)/Jasper"></a><a name="Tomcat_6.0.8_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5901

5902

5903

When displaying JSP source after an exception, handle included files.

(markt)

</td></tr>

Display the JSP source when a compilation error occurs and display

5908

the correct line number rather than start of a scriptlet block. (markt)

5909

</td></tr>

5910

5911

Fix NPE when processing dynamic attributes. (remm)

5912

</td></tr>

5913

5914

More accurate EL usage validation. (remm)

5915

</td></tr>

5916

5917

Fix regression for implicit taglib and page data version numbers. (remm)

5918

</td></tr>

5919

5920

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41265">41265</a>: Allow JspServlet checkInterval init parameter to be

5921

explicitly set to the stated default value of zero by removing the

5922

code that resets it to 300 if explicitly specified as zero. (markt)

5923

</td></tr>

5924

5925

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41327">41327</a>: Show full URI for a 404. Patch provided by Vijay.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5930

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.8 (remm)/Web applications"></a><a name="Tomcat_6.0.8_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5931

5932

5933

Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)

5934

</td></tr>

5935

5936

Update all webapps to use the servlet 2.5 xsd. (markt)

5937

</td></tr>

5938

5939

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39572">39572</a>: Improvements to CompressionFilter example provided by

5940

Eric Hedström. (markt)

5941

</td></tr>

5942

</table>

5943

</blockquote></td></tr></table>

5944

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.7 (remm)"></a><a name="Tomcat_6.0.7_(remm)"><strong>Tomcat 6.0.7 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>beta, 2007-01-10</strong></font></td></tr><tr><td colspan="2"><blockquote>

5945

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.7 (remm)/General"></a><a name="Tomcat_6.0.7_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5946

5947

5948

Fix installer's bitmap (mturk)

5949

</td></tr>

5950

</table>

5951

</blockquote></td></tr></table>

5952

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.7 (remm)/Catalina"></a><a name="Tomcat_6.0.7_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5953

5954

5955

Refactor logging of errors which may occur when reading a post body (remm)

5956

</td></tr>

5957

</table>

5958

</blockquote></td></tr></table>

5959

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.7 (remm)/Coyote"></a><a name="Tomcat_6.0.7_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5960

5961

5962

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37869">37869</a>: Also use the SSL_INFO_CLIENT_CERT field if the chain is empty,

5963

submitted by Grzegorz Grzybek (remm)

5964

</td></tr>

5965

</table>

5966

</blockquote></td></tr></table>

5967

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.6 (remm)"></a><a name="Tomcat_6.0.6_(remm)"><strong>Tomcat 6.0.6 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>alpha</strong></font></td></tr><tr><td colspan="2"><blockquote>

5968

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.6 (remm)/General"></a><a name="Tomcat_6.0.6_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5969

5970

5971

Fix tagging which did not include 6.0.5's changelog (remm)

5972

</td></tr>

5973

</table>

5974

</blockquote></td></tr></table>

5975

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.5 (remm)"></a><a name="Tomcat_6.0.5_(remm)"><strong>Tomcat 6.0.5 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

5976

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.5 (remm)/Catalina"></a><a name="Tomcat_6.0.5_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5977

5978

5979

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40585">40585</a>: Fix parameterised constructor for o.a.juli.FileHandler

5980

so parameters have an effect. (markt)

5981

</td></tr>

5982

5983

Escape invalid characters from request.getLocale. (markt, remm)

5984

</td></tr>

5985

5986

Update required version for native to 1.1.8. (remm)

5987

</td></tr>

5988

5989

Do not log broken pipe errors which can occur when flushing the content of an error page. (remm)

5990

</td></tr>

5991

</table>

5992

</blockquote></td></tr></table>

5993

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.5 (remm)/Coyote"></a><a name="Tomcat_6.0.5_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5994

5995

5996

Fix firstReadTimeout behavior for the AJP connector. (remm)

5997

</td></tr>

5998

</table>

5999

</blockquote></td></tr></table>

6000

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.5 (remm)/Jasper"></a><a name="Tomcat_6.0.5_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

6001

6002

6003

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41057">41057</a>: Make jsp:plugin output XHTML compliant. (markt)

6004

</td></tr>

6005

</table>

6006

</blockquote></td></tr></table>

6007

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.5 (remm)/Cluster"></a><a name="Tomcat_6.0.5_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

6008

6009

6010

Cluster interface cleanup. (fhanik)

6011

</td></tr>

6012

6013

Refactoring to allow usage of executors. (fhanik)

6014

</td></tr>

6015

</table>

6016

</blockquote></td></tr></table>

6017

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.4 (remm)"></a><a name="Tomcat_6.0.4_(remm)"><strong>Tomcat 6.0.4 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>alpha</strong></font></td></tr><tr><td colspan="2"><blockquote>

6018

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.4 (remm)/General"></a><a name="Tomcat_6.0.4_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

6019

6020

6021

Update to NSIS 2.22 (remm)

6022

</td></tr>

6023

6024

Fix regression in 6.0.3 with Windows wrapper (mturk)

6025

</td></tr>

6026

</table>

6027

</blockquote></td></tr></table>

6028

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.3 (remm)"></a><a name="Tomcat_6.0.3_(remm)"><strong>Tomcat 6.0.3 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

6029

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.3 (remm)/General"></a><a name="Tomcat_6.0.3_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

6030

6031

</table>

6032

</blockquote></td></tr></table>

6033

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.3 (remm)/Catalina"></a><a name="Tomcat_6.0.3_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

6034

6035

6036

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37509">37509</a>: Do not remove whitespace from the end of values

6037

defined in logging.properties files. (markt)

6038

</td></tr>

6039

6040

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38198">38198</a>: Add reference to Context documentation from Host

6041

documentation that explains how Context name is obtained from the

6042

Context filename. (markt)

6043

</td></tr>

6044

6045

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40844">40844</a>: Missing syncs in JDBCRealm. (markt)

6046

</td></tr>

6047

6048

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40901">40901</a>: Encode directory listing output. Based on a patch

6049

provided by Chris Halstead. (markt)

6050

</td></tr>

6051

6052

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40929">40929</a>: Correct JavaDoc for StandardClassLoader. (markt)

6053

</td></tr>

6054

6055

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41008">41008</a>: Allow POST to be used for indexed queries with CGI

6056

Servlet. Patch provided by Chris Halstead. (markt)

6057

</td></tr>

6058

6059

Fix usage of print on the servlet output stream if the processor never used

a writer (fhanik)

</td></tr>

Fix logic of sameSameObjects used to determine correct wrapping of request and

6064

response objects (fhanik)

6065

</td></tr>

6066

6067

Update TLD scan lists, and disable caching for now (remm)

6068

</td></tr>

6069

6070

Add system property to WebappClassLoader to allow disabling setting references

6071

to null when stopping it (remm)

6072

</td></tr>

6073

6074

Add clustered SSO code, submitted by Fabien Carrion (remm)

6075

</td></tr>

6076

</table>

6077

</blockquote></td></tr></table>

6078

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.3 (remm)/Coyote"></a><a name="Tomcat_6.0.3_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

6079

6080

6081

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40860">40860</a>: Log exceptions and other problems during parameter

processing. (markt)

</td></tr>

Enable JMX for trust store attributes for SSL connector. (markt)

6086

</td></tr>

6087

6088

Port memory usage reduction changes to the java.io HTTP connector. (remm)

6089

</td></tr>

6090

6091

MessageBytes.setString(null) will remove the String value. (remm)

6092

</td></tr>

6093

6094

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41057">41057</a>: Caching large strings is not useful and takes too much

6095

memory, so don't cache these (remm)

6096

</td></tr>

6097

6098

Add keepAliveTimeout attribute to most connectors (mturk, remm)

6099

</td></tr>

6100

</table>

6101

</blockquote></td></tr></table>

6102

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.3 (remm)/Jasper"></a><a name="Tomcat_6.0.3_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

6103

6104

6105

Relax EL type validation for litterals. (remm)

6106

</td></tr>

6107

6108

Update some version numbers to 2.1. (funkman, remm)

6109

</td></tr>

6110

6111

Add xsds for JSP 2.1 (remm)

6112

</td></tr>

6113

6114

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41106">41106</a>: Update validation checks for EL to also include

6115

legacy 1.2 tags (remm)

6116

</td></tr>

6117

</table>

6118

</blockquote></td></tr></table>

6119

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.3 (remm)/Web applications"></a><a name="Tomcat_6.0.3_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

6120

6121

6122

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40677">40677</a>: Update SSL documentation to indicate that PKCS11

6123

keystores may be used. (markt)

6124

</td></tr>

6125

</table>

6126

</blockquote></td></tr></table>

6127

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.2 (remm)"></a><a name="Tomcat_6.0.2_(remm)"><strong>Tomcat 6.0.2 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>beta, 2006-11-23</strong></font></td></tr><tr><td colspan="2"><blockquote>

6128

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.2 (remm)/General"></a><a name="Tomcat_6.0.2_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

6129

6130

6131

Various tweaks to distribution (remm, funkman)

6132

</td></tr>

6133

6134

Update Tomcat native to 1.1.7 (mturk)

6135

</td></tr>

6136

6137

Update to JDT 3.2.1 (remm)

6138

</td></tr>

6139

</table>

6140

</blockquote></td></tr></table>

6141

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.2 (remm)/Catalina"></a><a name="Tomcat_6.0.2_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

6142

6143

6144

Fix EJB annotation interface (remm)

6145

</td></tr>

6146

</table>

6147

</blockquote></td></tr></table>

6148

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.2 (remm)/Coyote"></a><a name="Tomcat_6.0.2_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

6149

6150

6151

Fix passing of the keystore password for the NIO connector (fhanik)

6152

</td></tr>

6153

</table>

6154

</blockquote></td></tr></table>

6155

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.1 (remm)"></a><a name="Tomcat_6.0.1_(remm)"><strong>Tomcat 6.0.1 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>alpha</strong></font></td></tr><tr><td colspan="2"><blockquote>

6156

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.1 (remm)/General"></a><a name="Tomcat_6.0.1_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

6157

6158

6159

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37439">37439</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40823">40823</a>: Documentation cleanup (markt)

6160

</td></tr>

6161

</table>

6162

</blockquote></td></tr></table>

6163

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.1 (remm)/Catalina"></a><a name="Tomcat_6.0.1_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

6164

6165

6166

Refactor exception processing using Throwable.getCause to improve exception chaining (remm)

6167

</td></tr>

6168

6169

Remove dead code involving the Logger (funkman)

6170

</td></tr>

6171

6172

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37458">37458</a>: Fix some exceptions which could happen during classloading (markt)

6173

</td></tr>

6174

6175

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40817">40817</a>: Fix CGI path (markt)

6176

</td></tr>

6177

6178

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34956">34956</a>: Add the possibility to enforce usage of request and response

6179

wrapper objects (markt)

6180

</td></tr>

6181

</table>

6182

</blockquote></td></tr></table>

6183

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.1 (remm)/Jasper"></a><a name="Tomcat_6.0.1_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

6184

6185

6186

Many fixes for JSP 2.1 compliance, invloving tag files handling, deferred expressions

6187

validation, bom encoding support (remm)

6188

</td></tr>

6189

</table>

6190

</blockquote></td></tr></table>

6191

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.1 (remm)/Coyote"></a><a name="Tomcat_6.0.1_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

6192

6193

6194

Many HTTP NIO connector fixes and refactorings (fhanik)

6195

</td></tr>

6196

6197

HTTP NIO connector performance improvements (fhanik)

6198

</td></tr>

6199

6200

Add packetSize option for the classic AJP connector (jfclere)

6201

</td></tr>

6202

6203

Implement explicit flushing in AJP (mturk)

6204

</td></tr>

6205

</table>

6206

</blockquote></td></tr></table>

6207

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.0 (remm)"></a><a name="Tomcat_6.0.0_(remm)"><strong>Tomcat 6.0.0 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>alpha</strong></font></td></tr><tr><td colspan="2"><blockquote>

6208

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.0 (remm)/Catalina"></a><a name="Tomcat_6.0.0_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

6209

6210

6211

SSLEngine attribute added to the AprLifecycleListener(fhanik)

6212

</td></tr>

6213

6214

Add API for Comet IO handling (remm, fhanik)

6215

</td></tr>

6216

6217

Servlet 2.5 support (remm)

6218

</td></tr>

6219

</table>

6220

</blockquote></td></tr></table>

6221

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.0 (remm)/Jasper"></a><a name="Tomcat_6.0.0_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

6222

6223

6224

JSP 2.1 support (jhook, remm)

6225

</td></tr>

6226

6227

Unifed EL 2.1 support (jhook)

6228

</td></tr>

6229

</table>

6230

</blockquote></td></tr></table>

6231

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.0 (remm)/Coyote"></a><a name="Tomcat_6.0.0_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

6232

6233

6234

SSLEnabled attribute required for SSL to be turned on, on all HTTP connectors (fhanik)

6235

</td></tr>

6236

6237

Memory usage reduction for the HTTP connectors, except java.io (remm)

6238

</td></tr>

6239

6240

Modeler update to use dynamic mbeans rather than model mbeans, which consume more

resources (costin)

</td></tr>

</table>

</blockquote></td></tr></table>

6245

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.0 (remm)/Cluster"></a><a name="Tomcat_6.0.0_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

6246

6247

6248

New cluster configuration and new documentation (fhanik)

6249

</td></tr>

6250

</table>

6251

</blockquote></td></tr></table>

6252

</blockquote></td></tr></table></td></tr><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>

6253

6254

</em></font></div></td></tr></table></body></html>